fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: fatalerrors:450c74e1b1f42d87dff4c270d4f4158f0e269d10
Branches Tags
fatalerrors:master
...
compare: fatalerrors:40b4428ebc5097af3edcbb6bd8a288097da7056a
Branches Tags
fatalerrors:master

3 Commits
450c74e1b1 ... 40b4428ebc

Author SHA1 Message Date
fatalerrors
40b4428ebc first shot of Ceph rework 2025-08-11 20:04:58 +02:00
fatalerrors
bb53e99894 made user manipulation functions usable for a list of users 2025-08-11 20:03:46 +02:00
fatalerrors
7319aec087 moved user manipulation functions in lib 2025-08-11 20:02:42 +02:00
3 changed files with 98 additions and 113 deletions
Expand all files Collapse all files

78
lib/users.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Users related functions # Users related functions
# This file is part of the init.sh project # This file is part of the init.sh project
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org> # Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license. # This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at: # The complete license agreement can be obtained at:
@@ -14,21 +14,24 @@
# Users (from Ldap) # Users (from Ldap)
add_remote_user() add_remote_user()
{ {
if [[ -n $(grep "^$1:" /etc/passwd) ]]; then local users=$@
prnt W "A local user with name $1 already exists, adding anyway!" for usr in ${users[@]}; do
fi if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then prnt W "A local user with name $usr already exists, adding anyway!"
prnt W "The remote user $1 is already declared, nothing to do in passwd." fi
else if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
echo "+$1::::::" >> /etc/passwd prnt W "The remote user $usr is already declared, nothing to do in passwd."
prnt I "User $1 added to passwd..." else
fi echo "+$usr::::::" >> /etc/passwd
if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then prnt I "User $usr added to passwd..."
prnt W "The remote user $1 is already connectable, nothing to do in shadow." fi
else if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
echo "+$1::::::::" >> /etc/shadow prnt W "The remote user $usr is already connectable, nothing to do in shadow."
prnt I "User $1 added to shadow..." else
fi echo "+$usr::::::::" >> /etc/shadow
prnt I "User $usr added to shadow..."
fi
done
} }
export -f add_remote_user export -f add_remote_user
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@@ -38,15 +41,18 @@ export -f add_remote_user
# Remove users # Remove users
remove_user() remove_user()
{ {
if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then local users=$@
# Using sed is more universal than any distro commands - local case for usr in ${users[@]}; do
sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow} if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then # Using sed is more universal than any distro commands - local case
# remote case sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow} elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
else # remote case
prnt W "User $1 don't exists in auth files, nothing to do." sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
fi else
prnt W "User $usr don't exists in auth files, nothing to do."
fi
done
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@@ -55,17 +61,21 @@ remove_user()
# Create a local user # Create a local user
create_local_user() create_local_user()
{ {
if [[ $(noerror --noout id $1) != 0 ]]; then local users=$@
prnt I "Creating user $1..." for usr in ${users[@]}; do
if [[ $(directory_exists home_skell) ]]; then if [[ $(noerror --noout id $usr) != 0 ]]; then
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \ prnt I "Creating user $usr..."
--skell $(select_directory home_skell) if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL \
--user-group $usr \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
fi
else else
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 prnt W "The user $usr already exists. Nothing to do..."
fi fi
else done
prnt W "The user $1 already exists. Nothing to do..."
fi
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

51
modules/authnz.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Add local or remote users # Add local or remote users
# This file is part of the init.sh project # This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org> # Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license. # This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at: # The complete license agreement can be obtained at:
@@ -23,55 +23,6 @@
export VER_authnz="0.2.2" export VER_authnz="0.2.2"
export DEP_authnz="" export DEP_authnz=""
# Users (from Ldap)
add_remote_user()
{
if [[ -n $(grep "^$1:" /etc/passwd) ]]; then
prnt W "A local user with name $1 already exists, adding anyway!"
fi
if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then
prnt W "The remote user $1 is already declared, nothing to do in passwd."
else
echo "+$1::::::" >> /etc/passwd
prnt I "User $1 added to passwd..."
fi
if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then
prnt W "The remote user $1 is already connectable, nothing to do in shadow."
else
echo "+$1::::::::" >> /etc/shadow
prnt I "User $1 added to shadow..."
fi
}
# Remove users
remove_user()
{
if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $1 don't exists in auth files, nothing to do."
fi
}
# Create a local user
create_local_user()
{
if [[ $(noerror --noout id $1) != 0 ]]; then
prnt I "Creating user $1..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
fi
else
prnt W "The user $1 already exists. Nothing to do..."
fi
}
# Authentication # Authentication
authnz() authnz()

82
modules/conf_ceph.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configure machine for ceph (or samba) mount # Configure machine for ceph (or samba / NFS) mount
# This file is part of the init.sh project # This file is part of the init.sh project
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org> # Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license. # This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at: # The complete license agreement can be obtained at:
@@ -10,28 +10,39 @@
# Variable: # Variable:
# * CEPH_SRV_NAMES: hosts names of ceph servers # * CEPH_SRV_NAMES: hosts names of ceph servers
# * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP # * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount # * CEPH_MOUNTS: list of mounts to create
# * SMBSRV: Fallback samba server on unsupported architectures # * CEPH_MP_mount: mount point for the given "mount"
# Mount points are hardcoded and should bet set differently # * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
# * SMBSRV: Fallback samba server on unsupported architectures (not doing
# anything if undeclared)
# * NFSSRV: Fallback NFS server on unsupported architectures (not doing
# anything if undeclared)
# If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
# higher priority.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
export VER_conf_ceph="0.0.5" export VER_conf_ceph="1.0.0"
export DEP_conf_ceph="" export DEP_conf_ceph=""
conf_ceph() conf_ceph()
{ {
# Create mount point directories
prnt I "Creating mount points"
mkdir -pv /srv/ceph/share
mkdir -pv /share
local success=undef local success=undef
local fstabchanged=false
# Determine the type of installation
if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
export CEPH_STATUS=ceph export CEPH_STATUS=ceph
else else
export CEPH_STATUS=smb if [[ -n $SMBSRV ]]; then
export CEPH_STATUS=smb
else
if [[ -n $NFSSRV ]]; then
export CEPH_STATUS=nfs
else
export CEPH_STATUS=none
fi
fi
fi fi
if [[ $CEPH_STATUS == ceph ]]; then if [[ $CEPH_STATUS == ceph ]]; then
# Install ceph package # Install ceph package
pkginst ceph-common pkginst ceph-common
@@ -54,12 +65,15 @@ conf_ceph()
backup_dist /etc/fstab backup_dist /etc/fstab
prnt I "Adding ceph entries to /etc/fstab" prnt I "Adding ceph entries to /etc/fstab"
fstabchanged=true tag_file /etc/fstab
echo >> /etc/fstab echo >> /etc/fstab
local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g") local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
if [[ -z $(grep $srvlist /etc/fstab) ]]; then if [[ -z $(grep $srvlist /etc/fstab) ]]; then
echo "# Ceph :" >> /etc/fstab echo "# Ceph :" >> /etc/fstab
echo "$srvlist:/ /srv/ceph ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET 0 0" >> /etc/fstab for mnt in $CEPH_MOUNTS; do
mkdir -pv $mnt
echo "$srvlist:/ $(eval echo \$CEPH_MP_$mnt) ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET,id=$mnt 0 0" >> /etc/fstab
done
else else
prnt W "Ceph entry already in /etc/fstab, nothing to do" prnt W "Ceph entry already in /etc/fstab, nothing to do"
fi fi
@@ -70,21 +84,31 @@ conf_ceph()
backup_dist /etc/fstab backup_dist /etc/fstab
prnt I "Adding Samba entries to /etc/fstab" prnt I "Adding Samba entries to /etc/fstab"
fstabchanged=true
echo >> /etc/fstab echo >> /etc/fstab
tag_file /etc/fstab
if [[ -z $(grep $SMBSRV /etc/fstab) ]]; then if [[ -z $(grep $SMBSRV /etc/fstab) ]]; then
echo "# Samba:" >> /etc/fstab echo "# Samba:" >> /etc/fstab
echo "//$SMBSRV/share /srv/ceph/share cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab for mnt in $CEPH_MOUNTS; do
echo "//$SMBSRV/$mnt $(eval echo \$CEPH_MP_$mnt) cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
done
else else
prnt W "Samba entry already in /etc/fstab, nothing to do" prnt W "Samba entry already in /etc/fstab, nothing to do"
fi fi
success=yes success=yes
elif [[ $CEPH_STATUS == nfs ]]; then
tag_file /etc/fstab
: # To be implemented
elif [[ $CEPH_STATUS == none ]]; then
prnt W "No alternative set for unsuported hardware, nothing will be done."
return 0
else else
prnt E "Ceph status not understood, the next tasks will probably fail" prnt E "Ceph status not understood, something is wrong."
return 1
fi fi
if [[ $success == yes ]]; then if [[ $success == yes ]]; then
# TODO: Create some mount binds for convenience
# TODO: That part should be a different module with own configuration
if [[ -z $(grep "^/srv/ceph/share" /etc/fstab) ]]; then if [[ -z $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
fstabchanged=true
echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab
if [[ $SHARED_HOME == 1 ]]; then if [[ $SHARED_HOME == 1 ]]; then
echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab
@@ -94,18 +118,14 @@ conf_ceph()
prnt E "Failed creating original mount, not adding binded ones" prnt E "Failed creating original mount, not adding binded ones"
fi fi
if [[ $fstabchanged == true ]]; then
tag_file /etc/fstab
fi
unset fstabchanged
# Mount Ceph volumes if required # Mount Ceph volumes if required
prnt I "Mounting ceph volumes" prnt I "Mounting ceph volumes"
[[ -z $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share for mnt in $CEPH_MOUNTS; do
[[ -z $(mount | grep "on /share") ]] && mount -v /share if [[ -z $(mount | grep "on $(eval echo "\$CEPH_MP_mnt)")" ]]; then
if [[ $SHARED_HOME == "true" ]]; then mount -v $(eval echo "\$CEPH_MP_mnt)")
[[ -z $(mount | grep "on /home") ]] && mount -v /home fi
fi done
} }
precheck_conf_ceph() precheck_conf_ceph()
@@ -127,7 +147,11 @@ precheck_conf_ceph()
prnt I "If you don't want to put tour CEPH secret in configuration file," prnt I "If you don't want to put tour CEPH secret in configuration file,"
prnt m "you need to export it temporarily in your environment, using the" prnt m "you need to export it temporarily in your environment, using the"
prnt m "\"CEPH_SECRET\" variable." prnt m "\"CEPH_SECRET\" variable."
exit 181 die 181
fi
if [[ -z $CEPH_MOUNTS ]]; then
prnt E "No CEPH mounts declared, despite reachable servers."
die 182
fi fi
else else
prnt E "No CEPH server declared!" prnt E "No CEPH server declared!"