parent
b505ad5d5a
commit
84cb4e967b
@ -0,0 +1,32 @@ |
|||||||
|
# Contributor: Santic <email@santic-zombie.ru> |
||||||
|
# Maintainer: Santic <email@santic-zombie.ru> |
||||||
|
pkgname=opennebula-common |
||||||
|
pkgver=6.8.0 |
||||||
|
pkgrel=1 |
||||||
|
pkgdesc="Common OpenNebula package shared by various components (Community Edition)" |
||||||
|
url="https://opennebula.io/" |
||||||
|
arch="x86_64" |
||||||
|
options="!check" |
||||||
|
license="Apache" |
||||||
|
|
||||||
|
depends=" |
||||||
|
jq |
||||||
|
openssh-client" |
||||||
|
|
||||||
|
install="${pkgname}.pre-install |
||||||
|
${pkgname}.post-install |
||||||
|
${pkgname}.pre-deinstall |
||||||
|
${pkgname}.post-deinstall" |
||||||
|
|
||||||
|
source=" |
||||||
|
ssh-config" |
||||||
|
|
||||||
|
package() { |
||||||
|
cd "opennebula-common-${pkgver}" |
||||||
|
|
||||||
|
install -d -m750 "${pkgdir}/var/lock/one" |
||||||
|
install -d -m750 "${pkgdir}/var/log/one" |
||||||
|
install -d -m750 "${pkgdir}/var/run/one" |
||||||
|
|
||||||
|
install -D -m755 "${srcdir}/ssh-config" "${pkgdir}/usr/share/one/ssh/config" |
||||||
|
} |
@ -0,0 +1,61 @@ |
|||||||
|
#!/bin/sh |
||||||
|
|
||||||
|
set -e |
||||||
|
|
||||||
|
ONEHOME=/var/lib/one |
||||||
|
ONE_GROUP=cloud |
||||||
|
ONE_USER=oneadmin |
||||||
|
ONE_UID=9869 |
||||||
|
ONE_GID=9869 |
||||||
|
|
||||||
|
create_cloudgroup() { |
||||||
|
if ! getent group $ONE_GROUP > /dev/null 2>&1; then |
||||||
|
addgroup --system --gid $ONE_GID $ONE_GROUP |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
create_oneuser() { |
||||||
|
if ! getent passwd $ONE_USER > /dev/null 2>&1; then |
||||||
|
adduser --system --uid $ONE_UID --ingroup $ONE_GROUP --home $ONEHOME --shell /bin/ash $ONE_USER |
||||||
|
else |
||||||
|
ONEHOME=`getent passwd $ONE_USER | cut -f6 -d:` |
||||||
|
# Renable user (give him a shell) |
||||||
|
usermod --shell /bin/ash $ONE_USER |
||||||
|
fi |
||||||
|
|
||||||
|
if ! getent group disk | grep "\b$ONE_USER\b" &>/dev/null; then |
||||||
|
usermod -a -G disk $ONE_USER |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
create_cloudgroup |
||||||
|
create_oneuser |
||||||
|
|
||||||
|
# install ~oneadmin/.ssh/config if not present on a fresh install only |
||||||
|
if [ ! -e "${ONEHOME}/.ssh/config" ] && [ -z "$2" ]; then |
||||||
|
if [ ! -d "${ONEHOME}/.ssh" ]; then |
||||||
|
mkdir -p "${ONEHOME}/.ssh" |
||||||
|
chmod 0700 "${ONEHOME}/.ssh" |
||||||
|
chown "$ONE_USER:$ONE_GROUP" "${ONEHOME}/.ssh" |
||||||
|
fi |
||||||
|
cp /usr/share/one/ssh/config "${ONEHOME}/.ssh/config" |
||||||
|
chmod 0600 "${ONEHOME}/.ssh/config" |
||||||
|
chown "$ONE_USER:$ONE_GROUP" "${ONEHOME}/.ssh/config" |
||||||
|
fi |
||||||
|
|
||||||
|
# Fix permissions oneadmin:cloud (0640/0750) |
||||||
|
for F in /var/lock/one \ |
||||||
|
/var/log/one \ |
||||||
|
/var/run/one; |
||||||
|
do |
||||||
|
if [ -d "${F}" ]; then |
||||||
|
chmod 0750 "${F}" |
||||||
|
elif [ -f "${F}" ]; then |
||||||
|
chmod 0640 "${F}" |
||||||
|
else |
||||||
|
continue |
||||||
|
fi |
||||||
|
|
||||||
|
chown "${ONE_USER}:${ONE_GROUP}" "${F}" |
||||||
|
done |
||||||
|
fi |
@ -0,0 +1,28 @@ |
|||||||
|
# Initial default configuration placed by opennebula-common |
||||||
|
# package. Latest default configurations are located in |
||||||
|
# /usr/share/one/ssh/. |
||||||
|
|
||||||
|
############################################################################### |
||||||
|
# WARNING: This configuration file is ONLY for OpenSSH 7.6 and newer! |
||||||
|
############################################################################### |
||||||
|
|
||||||
|
Host * |
||||||
|
StrictHostKeyChecking accept-new |
||||||
|
ServerAliveInterval 10 |
||||||
|
############################################################################# |
||||||
|
# 'ControlMaster' is overriden by OpenNebula's drivers when needed |
||||||
|
ControlMaster no |
||||||
|
# The following options must be aligned with the accompanying timer/cronjob: |
||||||
|
# opennebula-ssh-socks-cleaner (if present) which implements workaround for |
||||||
|
# OpenSSH race condition during the closing of the master socket. |
||||||
|
# |
||||||
|
# 'ControlPersist' should be set to more than twice the period after which |
||||||
|
# timer or cronjob is run - to offset the delay - e.g.: timer job is run each |
||||||
|
# 30s then 'ControlPersist' should be at least one minute. It will also not |
||||||
|
# change the behavior even if it set much higher or to the infinity (0) - it |
||||||
|
# is limited by the timer/cronjob *AND* the command which is executed inside. |
||||||
|
# |
||||||
|
# (+) Add another 10s to give timer/cronjob a room for cleanup |
||||||
|
ControlPersist 70s |
||||||
|
# 'ControlPath' must be in-sync with the script run by timer/cronjob above! |
||||||
|
ControlPath /run/one/ssh-socks/ctl-M-%C.sock |
Loading…
Reference in new issue