parent
b505ad5d5a
commit
84cb4e967b
@ -0,0 +1,32 @@ |
||||
# Contributor: Santic <email@santic-zombie.ru> |
||||
# Maintainer: Santic <email@santic-zombie.ru> |
||||
pkgname=opennebula-common |
||||
pkgver=6.8.0 |
||||
pkgrel=1 |
||||
pkgdesc="Common OpenNebula package shared by various components (Community Edition)" |
||||
url="https://opennebula.io/" |
||||
arch="x86_64" |
||||
options="!check" |
||||
license="Apache" |
||||
|
||||
depends=" |
||||
jq |
||||
openssh-client" |
||||
|
||||
install="${pkgname}.pre-install |
||||
${pkgname}.post-install |
||||
${pkgname}.pre-deinstall |
||||
${pkgname}.post-deinstall" |
||||
|
||||
source=" |
||||
ssh-config" |
||||
|
||||
package() { |
||||
cd "opennebula-common-${pkgver}" |
||||
|
||||
install -d -m750 "${pkgdir}/var/lock/one" |
||||
install -d -m750 "${pkgdir}/var/log/one" |
||||
install -d -m750 "${pkgdir}/var/run/one" |
||||
|
||||
install -D -m755 "${srcdir}/ssh-config" "${pkgdir}/usr/share/one/ssh/config" |
||||
} |
@ -0,0 +1,61 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
ONEHOME=/var/lib/one |
||||
ONE_GROUP=cloud |
||||
ONE_USER=oneadmin |
||||
ONE_UID=9869 |
||||
ONE_GID=9869 |
||||
|
||||
create_cloudgroup() { |
||||
if ! getent group $ONE_GROUP > /dev/null 2>&1; then |
||||
addgroup --system --gid $ONE_GID $ONE_GROUP |
||||
fi |
||||
} |
||||
|
||||
create_oneuser() { |
||||
if ! getent passwd $ONE_USER > /dev/null 2>&1; then |
||||
adduser --system --uid $ONE_UID --ingroup $ONE_GROUP --home $ONEHOME --shell /bin/ash $ONE_USER |
||||
else |
||||
ONEHOME=`getent passwd $ONE_USER | cut -f6 -d:` |
||||
# Renable user (give him a shell) |
||||
usermod --shell /bin/ash $ONE_USER |
||||
fi |
||||
|
||||
if ! getent group disk | grep "\b$ONE_USER\b" &>/dev/null; then |
||||
usermod -a -G disk $ONE_USER |
||||
fi |
||||
} |
||||
|
||||
create_cloudgroup |
||||
create_oneuser |
||||
|
||||
# install ~oneadmin/.ssh/config if not present on a fresh install only |
||||
if [ ! -e "${ONEHOME}/.ssh/config" ] && [ -z "$2" ]; then |
||||
if [ ! -d "${ONEHOME}/.ssh" ]; then |
||||
mkdir -p "${ONEHOME}/.ssh" |
||||
chmod 0700 "${ONEHOME}/.ssh" |
||||
chown "$ONE_USER:$ONE_GROUP" "${ONEHOME}/.ssh" |
||||
fi |
||||
cp /usr/share/one/ssh/config "${ONEHOME}/.ssh/config" |
||||
chmod 0600 "${ONEHOME}/.ssh/config" |
||||
chown "$ONE_USER:$ONE_GROUP" "${ONEHOME}/.ssh/config" |
||||
fi |
||||
|
||||
# Fix permissions oneadmin:cloud (0640/0750) |
||||
for F in /var/lock/one \ |
||||
/var/log/one \ |
||||
/var/run/one; |
||||
do |
||||
if [ -d "${F}" ]; then |
||||
chmod 0750 "${F}" |
||||
elif [ -f "${F}" ]; then |
||||
chmod 0640 "${F}" |
||||
else |
||||
continue |
||||
fi |
||||
|
||||
chown "${ONE_USER}:${ONE_GROUP}" "${F}" |
||||
done |
||||
fi |
@ -0,0 +1,28 @@ |
||||
# Initial default configuration placed by opennebula-common |
||||
# package. Latest default configurations are located in |
||||
# /usr/share/one/ssh/. |
||||
|
||||
############################################################################### |
||||
# WARNING: This configuration file is ONLY for OpenSSH 7.6 and newer! |
||||
############################################################################### |
||||
|
||||
Host * |
||||
StrictHostKeyChecking accept-new |
||||
ServerAliveInterval 10 |
||||
############################################################################# |
||||
# 'ControlMaster' is overriden by OpenNebula's drivers when needed |
||||
ControlMaster no |
||||
# The following options must be aligned with the accompanying timer/cronjob: |
||||
# opennebula-ssh-socks-cleaner (if present) which implements workaround for |
||||
# OpenSSH race condition during the closing of the master socket. |
||||
# |
||||
# 'ControlPersist' should be set to more than twice the period after which |
||||
# timer or cronjob is run - to offset the delay - e.g.: timer job is run each |
||||
# 30s then 'ControlPersist' should be at least one minute. It will also not |
||||
# change the behavior even if it set much higher or to the infinity (0) - it |
||||
# is limited by the timer/cronjob *AND* the command which is executed inside. |
||||
# |
||||
# (+) Add another 10s to give timer/cronjob a room for cleanup |
||||
ControlPersist 70s |
||||
# 'ControlPath' must be in-sync with the script run by timer/cronjob above! |
||||
ControlPath /run/one/ssh-socks/ctl-M-%C.sock |
Loading…
Reference in new issue