fatalerrors/init.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: fatalerrors:450c74e1b1f42d87dff4c270d4f4158f0e269d10
Branches Tags
fatalerrors:master
...
compare: fatalerrors:40b4428ebc5097af3edcbb6bd8a288097da7056a
Branches Tags
fatalerrors:master

3 Commits
450c74e1b1 ... 40b4428ebc

Author SHA1 Message Date
fatalerrors
40b4428ebc first shot of Ceph rework 2025-08-11 20:04:58 +02:00
fatalerrors
bb53e99894 made user manipulation functions usable for a list of users 2025-08-11 20:03:46 +02:00
fatalerrors
7319aec087 moved user manipulation functions in lib 2025-08-11 20:02:42 +02:00
3 changed files with 98 additions and 113 deletions
Expand all files Collapse all files

52
lib/users.sh
View File

@@ -2,7 +2,7 @@
# ------------------------------------------------------------------------------
# Users related functions
# This file is part of the init.sh project
# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -14,21 +14,24 @@
# Users (from Ldap)
add_remote_user()
{
if [[ -n $(grep "^$1:" /etc/passwd) ]]; then
prnt W "A local user with name $1 already exists, adding anyway!"
local users=$@
for usr in ${users[@]}; do
if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
prnt W "A local user with name $usr already exists, adding anyway!"
fi
if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then
prnt W "The remote user $1 is already declared, nothing to do in passwd."
if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
prnt W "The remote user $usr is already declared, nothing to do in passwd."
else
echo "+$1::::::" >> /etc/passwd
prnt I "User $1 added to passwd..."
echo "+$usr::::::" >> /etc/passwd
prnt I "User $usr added to passwd..."
fi
if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then
prnt W "The remote user $1 is already connectable, nothing to do in shadow."
if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
prnt W "The remote user $usr is already connectable, nothing to do in shadow."
else
echo "+$1::::::::" >> /etc/shadow
prnt I "User $1 added to shadow..."
echo "+$usr::::::::" >> /etc/shadow
prnt I "User $usr added to shadow..."
fi
done
}
export -f add_remote_user
# ------------------------------------------------------------------------------
@@ -38,15 +41,18 @@ export -f add_remote_user
# Remove users
remove_user()
{
if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
local users=$@
for usr in ${users[@]}; do
if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $1 don't exists in auth files, nothing to do."
prnt W "User $usr don't exists in auth files, nothing to do."
fi
done
}
# ------------------------------------------------------------------------------
@@ -55,17 +61,21 @@ remove_user()
# Create a local user
create_local_user()
{
if [[ $(noerror --noout id $1) != 0 ]]; then
prnt I "Creating user $1..."
local users=$@
for usr in ${users[@]}; do
if [[ $(noerror --noout id $usr) != 0 ]]; then
prnt I "Creating user $usr..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
useradd --create-home --shell $DEFAULT_SHELL \
--user-group $usr \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
fi
else
prnt W "The user $1 already exists. Nothing to do..."
prnt W "The user $usr already exists. Nothing to do..."
fi
done
}
# ------------------------------------------------------------------------------

51
modules/authnz.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Add local or remote users
# This file is part of the init.sh project
# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -23,55 +23,6 @@
export VER_authnz="0.2.2"
export DEP_authnz=""
# Users (from Ldap)
add_remote_user()
{
if [[ -n $(grep "^$1:" /etc/passwd) ]]; then
prnt W "A local user with name $1 already exists, adding anyway!"
fi
if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then
prnt W "The remote user $1 is already declared, nothing to do in passwd."
else
echo "+$1::::::" >> /etc/passwd
prnt I "User $1 added to passwd..."
fi
if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then
prnt W "The remote user $1 is already connectable, nothing to do in shadow."
else
echo "+$1::::::::" >> /etc/shadow
prnt I "User $1 added to shadow..."
fi
}
# Remove users
remove_user()
{
if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# Using sed is more universal than any distro commands - local case
sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
# remote case
sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
else
prnt W "User $1 don't exists in auth files, nothing to do."
fi
}
# Create a local user
create_local_user()
{
if [[ $(noerror --noout id $1) != 0 ]]; then
prnt I "Creating user $1..."
if [[ $(directory_exists home_skell) ]]; then
useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
--skell $(select_directory home_skell)
else
useradd --create-home --shell $DEFAULT_SHELL --user-group $1
fi
else
prnt W "The user $1 already exists. Nothing to do..."
fi
}
# Authentication
authnz()

78
modules/conf_ceph.sh
View File

@@ -1,7 +1,7 @@
# ------------------------------------------------------------------------------
# Configure machine for ceph (or samba) mount
# Configure machine for ceph (or samba / NFS) mount
# This file is part of the init.sh project
# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
# ------------------------------------------------------------------------------
# This file is distributed under 3-clause BSD license.
# The complete license agreement can be obtained at:
@@ -10,28 +10,39 @@
# Variable:
# * CEPH_SRV_NAMES: hosts names of ceph servers
# * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount
# * SMBSRV: Fallback samba server on unsupported architectures
# Mount points are hardcoded and should bet set differently
# * CEPH_MOUNTS: list of mounts to create
# * CEPH_MP_mount: mount point for the given "mount"
# * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
# * SMBSRV: Fallback samba server on unsupported architectures (not doing
# anything if undeclared)
# * NFSSRV: Fallback NFS server on unsupported architectures (not doing
# anything if undeclared)
# If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
# higher priority.
# ------------------------------------------------------------------------------
export VER_conf_ceph="0.0.5"
export VER_conf_ceph="1.0.0"
export DEP_conf_ceph=""
conf_ceph()
{
# Create mount point directories
prnt I "Creating mount points"
mkdir -pv /srv/ceph/share
mkdir -pv /share
local success=undef
local fstabchanged=false
# Determine the type of installation
if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
export CEPH_STATUS=ceph
else
if [[ -n $SMBSRV ]]; then
export CEPH_STATUS=smb
else
if [[ -n $NFSSRV ]]; then
export CEPH_STATUS=nfs
else
export CEPH_STATUS=none
fi
fi
fi
if [[ $CEPH_STATUS == ceph ]]; then
# Install ceph package
pkginst ceph-common
@@ -54,12 +65,15 @@ conf_ceph()
backup_dist /etc/fstab
prnt I "Adding ceph entries to /etc/fstab"
fstabchanged=true
tag_file /etc/fstab
echo >> /etc/fstab
local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
if [[ -z $(grep $srvlist /etc/fstab) ]]; then
echo "# Ceph :" >> /etc/fstab
echo "$srvlist:/ /srv/ceph ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET 0 0" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do
mkdir -pv $mnt
echo "$srvlist:/ $(eval echo \$CEPH_MP_$mnt) ceph defaults,_netdev,name=admin,secret=$CEPH_SECRET,id=$mnt 0 0" >> /etc/fstab
done
else
prnt W "Ceph entry already in /etc/fstab, nothing to do"
fi
@@ -70,21 +84,31 @@ conf_ceph()
backup_dist /etc/fstab
prnt I "Adding Samba entries to /etc/fstab"
fstabchanged=true
echo >> /etc/fstab
tag_file /etc/fstab
if [[ -z $(grep $SMBSRV /etc/fstab) ]]; then
echo "# Samba:" >> /etc/fstab
echo "//$SMBSRV/share /srv/ceph/share cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
for mnt in $CEPH_MOUNTS; do
echo "//$SMBSRV/$mnt $(eval echo \$CEPH_MP_$mnt) cifs defaults,_netdev,username=root,password= 0 0" >> /etc/fstab
done
else
prnt W "Samba entry already in /etc/fstab, nothing to do"
fi
success=yes
elif [[ $CEPH_STATUS == nfs ]]; then
tag_file /etc/fstab
: # To be implemented
elif [[ $CEPH_STATUS == none ]]; then
prnt W "No alternative set for unsuported hardware, nothing will be done."
return 0
else
prnt E "Ceph status not understood, the next tasks will probably fail"
prnt E "Ceph status not understood, something is wrong."
return 1
fi
if [[ $success == yes ]]; then
# TODO: Create some mount binds for convenience
# TODO: That part should be a different module with own configuration
if [[ -z $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
fstabchanged=true
echo "/srv/ceph/share /share none defaults,_netdev,bind 0 0" >> /etc/fstab
if [[ $SHARED_HOME == 1 ]]; then
echo "/srv/ceph/share/home /home none defaults,_netdev,bind 0 0" >> /etc/fstab
@@ -94,18 +118,14 @@ conf_ceph()
prnt E "Failed creating original mount, not adding binded ones"
fi
if [[ $fstabchanged == true ]]; then
tag_file /etc/fstab
fi
unset fstabchanged
# Mount Ceph volumes if required
prnt I "Mounting ceph volumes"
[[ -z $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
[[ -z $(mount | grep "on /share") ]] && mount -v /share
if [[ $SHARED_HOME == "true" ]]; then
[[ -z $(mount | grep "on /home") ]] && mount -v /home
for mnt in $CEPH_MOUNTS; do
if [[ -z $(mount | grep "on $(eval echo "\$CEPH_MP_mnt)")" ]]; then
mount -v $(eval echo "\$CEPH_MP_mnt)")
fi
done
}
precheck_conf_ceph()
@@ -127,7 +147,11 @@ precheck_conf_ceph()
prnt I "If you don't want to put tour CEPH secret in configuration file,"
prnt m "you need to export it temporarily in your environment, using the"
prnt m "\"CEPH_SECRET\" variable."
exit 181
die 181
fi
if [[ -z $CEPH_MOUNTS ]]; then
prnt E "No CEPH mounts declared, despite reachable servers."
die 182
fi
else
prnt E "No CEPH server declared!"