first shot of Ceph rework

lib/users.sh

@@ -2,7 +2,7 @@
 # ------------------------------------------------------------------------------
 # Users related functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -14,21 +14,24 @@
 # Users (from Ldap)
 add_remote_user()
 {
-    if [[ -n $(grep "^$1:" /etc/passwd) ]]; then
+    local users=$@
-        prnt W "A local user with name $1 already exists, adding anyway!"
+    for usr in ${users[@]}; do
+        if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
+            prnt W "A local user with name $usr already exists, adding anyway!"
         fi
-    if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then
+        if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
-        prnt W "The remote user $1 is already declared, nothing to do in passwd."
+            prnt W "The remote user $usr is already declared, nothing to do in passwd."
         else
-        echo "+$1::::::" >> /etc/passwd
+            echo "+$usr::::::" >> /etc/passwd
-        prnt I "User $1 added to passwd..."
+            prnt I "User $usr added to passwd..."
         fi
-    if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then
+        if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
-        prnt W "The remote user $1 is already connectable, nothing to do in shadow."
+            prnt W "The remote user $usr is already connectable, nothing to do in shadow."
         else
-        echo "+$1::::::::" >> /etc/shadow
+            echo "+$usr::::::::" >> /etc/shadow
-        prnt I "User $1 added to shadow..."
+            prnt I "User $usr added to shadow..."
         fi
+    done
 }
 export -f add_remote_user
 # ------------------------------------------------------------------------------
@@ -38,15 +41,18 @@ export -f add_remote_user
 # Remove users
 remove_user()
 {
-    if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
+    local users=$@
+    for usr in ${users[@]}; do
+        if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
             # Using sed is more universal than any distro commands - local case
-        sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
+            sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
-    elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
+        elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
             # remote case
-        sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
+            sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
         else
-        prnt W "User $1 don't exists in auth files, nothing to do."
+            prnt W "User $usr don't exists in auth files, nothing to do."
         fi
+    done
 }
 # ------------------------------------------------------------------------------
 
@@ -55,17 +61,21 @@ remove_user()
 # Create a local user
 create_local_user()
 {
-    if [[ $(noerror --noout id $1) != 0 ]]; then
+    local users=$@
-        prnt I "Creating user $1..."
+    for usr in ${users[@]}; do
+        if [[ $(noerror --noout id $usr) != 0 ]]; then
+            prnt I "Creating user $usr..."
             if [[ $(directory_exists home_skell) ]]; then
-            useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
+                useradd --create-home --shell $DEFAULT_SHELL \
+                    --user-group $usr \
                     --skell $(select_directory home_skell)
             else
-            useradd --create-home --shell $DEFAULT_SHELL --user-group $1
+                useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
             fi
         else
-        prnt W "The user $1 already exists. Nothing to do..."
+            prnt W "The user $usr already exists. Nothing to do..."
         fi
+    done
 }
 # ------------------------------------------------------------------------------
 

modules/authnz.sh

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
 # Add local or remote users
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -23,55 +23,6 @@
 export VER_authnz="0.2.2"
 export DEP_authnz=""
 
-# Users (from Ldap)
-add_remote_user()
-{
-    if [[ -n $(grep "^$1:" /etc/passwd) ]]; then
-        prnt W "A local user with name $1 already exists, adding anyway!"
-    fi
-    if [[ -n $(grep "^+$1:" /etc/passwd) ]]; then
-        prnt W "The remote user $1 is already declared, nothing to do in passwd."
-    else
-        echo "+$1::::::" >> /etc/passwd
-        prnt I "User $1 added to passwd..."
-    fi
-    if [[ -n $(grep "^+$1:" /etc/shadow) ]]; then
-        prnt W "The remote user $1 is already connectable, nothing to do in shadow."
-    else
-        echo "+$1::::::::" >> /etc/shadow
-        prnt I "User $1 added to shadow..."
-    fi
-}
-
-# Remove users
-remove_user()
-{
-    if [[ -n $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
-        # Using sed is more universal than any distro commands - local case
-        sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
-    elif [[ -n $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
-        # remote case
-        sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
-    else
-        prnt W "User $1 don't exists in auth files, nothing to do."
-    fi
-}
-
-# Create a local user
-create_local_user()
-{
-    if [[ $(noerror --noout id $1) != 0 ]]; then
-        prnt I "Creating user $1..."
-        if [[ $(directory_exists home_skell) ]]; then
-            useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
-                --skell $(select_directory home_skell)
-        else
-            useradd --create-home --shell $DEFAULT_SHELL --user-group $1
-        fi
-    else
-        prnt W "The user $1 already exists. Nothing to do..."
-    fi
-}
 
 # Authentication
 authnz()

modules/conf_ceph.sh

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
-# Configure machine for ceph (or samba) mount
+# Configure machine for ceph (or samba / NFS) mount
 # This file is part of the init.sh project
-# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -10,28 +10,39 @@
 # Variable:
 #   * CEPH_SRV_NAMES: hosts names of ceph servers
 #   * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
-#   * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount
+#   * CEPH_MOUNTS: list of mounts to create
-#   * SMBSRV: Fallback samba server on unsupported architectures
+#   * CEPH_MP_mount: mount point for the given "mount"
-# Mount points are hardcoded and should bet set differently
+#   * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
+#   * SMBSRV: Fallback samba server on unsupported architectures (not doing
+#             anything if undeclared)
+#   * NFSSRV: Fallback NFS server on unsupported architectures (not doing
+#             anything if undeclared)
+# If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
+# higher priority.
 # ------------------------------------------------------------------------------
 
-export VER_conf_ceph="0.0.5"
+export VER_conf_ceph="1.0.0"
 export DEP_conf_ceph=""
 
 conf_ceph()
 {
-    # Create mount point directories
-    prnt I "Creating mount points"
-    mkdir -pv /srv/ceph/share
-    mkdir -pv /share
-
     local success=undef
-    local fstabchanged=false
+
+    # Determine the type of installation
     if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
         export CEPH_STATUS=ceph
     else
+        if [[ -n $SMBSRV ]]; then
             export CEPH_STATUS=smb
+        else
+            if [[ -n $NFSSRV ]]; then
+                export CEPH_STATUS=nfs
+            else
+                export CEPH_STATUS=none
             fi
+        fi
+    fi
+
     if [[ $CEPH_STATUS == ceph ]]; then
         # Install ceph package
         pkginst ceph-common
@@ -54,12 +65,15 @@ conf_ceph()
 
         backup_dist /etc/fstab
         prnt I "Adding ceph entries to /etc/fstab"
-        fstabchanged=true
+        tag_file /etc/fstab
         echo >> /etc/fstab
         local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
         if [[ -z $(grep $srvlist /etc/fstab) ]]; then
             echo "# Ceph :" >> /etc/fstab
-            echo "$srvlist:/    /srv/ceph       ceph    defaults,_netdev,name=admin,secret=$CEPH_SECRET  0 0" >> /etc/fstab
+            for mnt in $CEPH_MOUNTS; do
+                mkdir -pv $mnt
+                echo "$srvlist:/    $(eval echo \$CEPH_MP_$mnt)       ceph    defaults,_netdev,name=admin,secret=$CEPH_SECRET,id=$mnt  0 0" >> /etc/fstab
+            done
         else
             prnt W "Ceph entry already in /etc/fstab, nothing to do"
         fi
@@ -70,21 +84,31 @@ conf_ceph()
 
         backup_dist /etc/fstab
         prnt I "Adding Samba entries to /etc/fstab"
-        fstabchanged=true
         echo >> /etc/fstab
+        tag_file /etc/fstab
         if [[ -z $(grep $SMBSRV /etc/fstab) ]]; then
             echo "# Samba:" >> /etc/fstab
-            echo "//$SMBSRV/share       /srv/ceph/share cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+            for mnt in $CEPH_MOUNTS; do
+                echo "//$SMBSRV/$mnt       $(eval echo \$CEPH_MP_$mnt)     cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+            done
         else
             prnt W "Samba entry already in /etc/fstab, nothing to do"
         fi
         success=yes
+    elif [[ $CEPH_STATUS == nfs ]]; then
+        tag_file /etc/fstab
+        : # To be implemented
+    elif [[ $CEPH_STATUS == none ]]; then
+        prnt W "No alternative set for unsuported hardware, nothing will be done."
+        return 0
     else
-        prnt E "Ceph status not understood, the next tasks will probably fail"
+        prnt E "Ceph status not understood, something is wrong."
+        return 1
     fi
     if [[ $success == yes ]]; then
+        # TODO: Create some mount binds for convenience
+        # TODO: That part should be a different module with own configuration
         if [[ -z $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
-            fstabchanged=true
             echo "/srv/ceph/share       /share  none    defaults,_netdev,bind   0 0" >> /etc/fstab
             if [[ $SHARED_HOME == 1 ]]; then
                 echo "/srv/ceph/share/home      /home   none    defaults,_netdev,bind   0 0" >> /etc/fstab
@@ -94,18 +118,14 @@ conf_ceph()
         prnt E "Failed creating original mount, not adding binded ones"
     fi
 
-    if [[ $fstabchanged == true ]]; then
-        tag_file /etc/fstab
-    fi
-    unset fstabchanged
 
     # Mount Ceph volumes if required
     prnt I "Mounting ceph volumes"
-    [[ -z $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
+    for mnt in $CEPH_MOUNTS; do
-    [[ -z $(mount | grep "on /share") ]] && mount -v /share
+        if [[ -z $(mount | grep "on $(eval echo "\$CEPH_MP_mnt)")" ]]; then
-    if [[ $SHARED_HOME == "true" ]]; then
+            mount -v $(eval echo "\$CEPH_MP_mnt)")
-        [[ -z $(mount | grep "on /home") ]] && mount -v /home
         fi
+    done
 }
 
 precheck_conf_ceph()
@@ -127,7 +147,11 @@ precheck_conf_ceph()
                 prnt I "If you don't want to put tour CEPH secret in configuration file,"
                 prnt m "you need to export it temporarily in your environment, using the"
                 prnt m "\"CEPH_SECRET\" variable."
-                exit 181
+                die 181
+            fi
+            if [[ -z $CEPH_MOUNTS ]]; then
+                prnt E "No CEPH mounts declared, despite reachable servers."
+                die 182
             fi
         else
             prnt E "No CEPH server declared!"