nfs-krb/entrypoint.sh

#!/bin/bash
set -xuo pipefail
trap "stop; exit 0;" SIGTERM SIGINT

stop()
{
	echo "signal caught, stopping the world..."
	exportfs -uav
	rc-service krb5kdc stop
	rc-service kadmin stop
	rc-service nfs stop
	echo "bye!"
	exit
}

DEFAULT_PERMITTED="*"
RW_MODE="rw"
UID=${NFS_UID:-0}
if [ -n "${SHARED_DIRECTORY}" ]; then
	echo "${SHARED_DIRECTORY} ${PERMITTED:-${DEFAULT_PERMITTED}}(${RW_MODE:-rw},root_squash,nohide,fsid=${UID},sync,no_subtree_check,insecure,root_squash,crossmnt,anonuid=${UID},anongid=${UID},sec=krb5p:krb5i:krb5)" \
	> /etc/exports
	chmod 777 "${SHARED_DIRECTORY}"
fi

cat > /etc/krb5.conf << EOL
[logging]
    default = FILE:/var/log/krb5libs.log:DEBUG
    kdc = FILE:/var/log/krb5kdc.log:DEBUG
    admin_server = FILE:/var/log/kadmind.log:DEBUG

[libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = ${NFS_KRB_REALM}

[realms]
    ${NFS_KRB_REALM} = {
        kdc = localhost 
        admin_server = localhost
    }
EOL
cat > /etc/idmapd.conf << EOC
[General]
Domain = ${NFS_KRB_REALM}
Verbosity = 5
EOC


touch /var/lib/krb5kdc/kadm5.acl

exportfs -rvaf


kdb5_util -r "${NFS_KRB_REALM}" create -s << EOL
${NFS_KRB_PWD}
${NFS_KRB_PWD}

EOL

echo "${NFS_KRB_REALM}" > /etc/hostname

# setup logging

syslogd 
rpcdebug -m nfsd -s all
rpcdebug -m nfs -s all
rpcdebug -m rpc -s all

kadmin.local -q "addprinc -pw ${NFS_KRB_PWD} ${NFS_KRB_PRINC}@${NFS_KRB_REALM}"
kadmin.local -q "ktadd ${NFS_KRB_PRINC}@${NFS_KRB_REALM}"
kadmin.local -q "ktadd -k /etc/krb5.keytab ${NFS_KRB_PRINC}@${NFS_KRB_REALM}"
kadmin.local -q "cpw -pw ${NFS_KRB_PWD} ${NFS_KRB_PRINC}"
rc-service krb5kdc start
rc-service krb5kadmind start
rc-service nfs start
export OPTS_RPC_MOUNTD='--debug all -t 8 -N 3'
echo "OPTS_RPC_MOUNTD=\"${OPTS_RPC_MOUNTD}\"" >> /etc/conf.d/nfs
rc-service nfs restart


cat /etc/krb5.conf

while true; do
	sleep 360
done