diff options
3 files changed, 35 insertions, 5 deletions
diff --git a/core/modules/disk-partitions/data/opt/openslx/scripts/systemd-setup_partitions b/core/modules/disk-partitions/data/opt/openslx/scripts/systemd-setup_partitions index c4346174..571b5899 100755 --- a/core/modules/disk-partitions/data/opt/openslx/scripts/systemd-setup_partitions +++ b/core/modules/disk-partitions/data/opt/openslx/scripts/systemd-setup_partitions @@ -189,10 +189,14 @@ if ! has_hdd; then wait_for_udev --hdd 4 fi +declare -A known= shopt -s extglob for disk in /dev/disk/by-path/!(*-part*|*-usb-*); do - [ -L "$disk" ] || continue - fdisk -l "$( readlink -f "$disk" )" + disk="$( readlink -f "$disk" )" + [ -b "$disk" ] || continue + [ -z "${known["$disk"]}" ] || continue + known["$disk"]=1 + fdisk -l "$disk" done > "$PARTITION_FILE" shopt -u extglob if ! [ -s "$PARTITION_FILE" ]; then @@ -203,6 +207,7 @@ cat "$PARTITION_FILE" if [ -n "$DO_LINUX" ]; then # Put detected linux partitions (83) into /etc/fstab with "noauto" + echo "Adding existing linux partitions to fstab" for PART_DEV in $(dev_find_partitions "83"); do mkdir -p "/media/${PART_DEV#/dev/}" echo -e "${PART_DEV}\t/media/${PART_DEV#/dev/}\tauto\t\tnoauto,noexec\t 0 0" >> "/etc/fstab" @@ -211,6 +216,7 @@ fi if [ -n "$DO_SWAP" ]; then # Check for standard swap partitions and make them available to the system + echo "Enabling existing swap partitions" HAVE_SWAP=no for PART_DEV in $(dev_find_partitions "82" "0657fd6d-a4ab-43c4-84e5-0933c84b4f4f"); do if swapon -p 10 "$PART_DEV"; then @@ -229,6 +235,7 @@ if [ -n "$DO_TMP" ]; then # We use special non assigned partition type (id44) for harddisk scratch # space, thus no normal filesystem will be incidentally deleted or # corrupted + echo "Mounting ID44 temp partitions" HAVE_TEMP=no for PART_DEV in $(dev_find_partitions "44" "87f86132-ff94-4987-b250-444444444444"); do # check for supported filesystem and formatter @@ -245,6 +252,7 @@ fi if [ -n "$DO_PERSISTENT" ]; then # special partition 45 (persistent scratch) to $MOUNT_POINT_45 + echo "Mounting ID45 persistent partitions" HAVE_PARTITION_45=no get_mount_options "ext4" mopts # try all the ID45 partitions until one succeeds, from large to small @@ -323,6 +331,7 @@ fi # /persistent # finally, prepare the data subdir on persistent part if [ "$HAVE_PARTITION_45" = "yes" ]; then + echo "Fixing permissions on ID45 partition" mkdir -p "$MOUNT_POINT_45/data" chown 0:0 "${MOUNT_POINT_45}" "${MOUNT_POINT_45}/slx_lost+found" "${MOUNT_POINT_45}/data" chmod 0700 "${MOUNT_POINT_45}/slx_lost+found" @@ -342,6 +351,7 @@ mount -a # much free space as the VMs RAM; however, this requirement can be disabled with a vmx setting, # which we're now doing. if [ "$HAVE_TEMP" = "no" ]; then + # If --tmp wasn't requested HAVE_TEMP will be empty, so we don't end up here... mount_temp -t tmpfs -o size=66% none slxlog "partition-temp" "Running /tmp on tmpfs only!" "$PARTITION_FILE" fi diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config index 6fcf9655..800e3bdb 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config @@ -3,8 +3,6 @@ # Prepare pam, nss and sssd configs as appropriate -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin" - declare -a auth declare -a account declare -a session @@ -13,6 +11,7 @@ declare -a dns # Add PAM and NSS modules for sssd add_sssd_modules() { + echo "Adding sssd config to nsswitch and pam" auth+=("[success=%NUM% default=ignore] pam_sss.so use_first_pass") account+=("[success=%NUM% new_authtok_reqd=done default=ignore] pam_sss.so") nss+=("sss") @@ -23,6 +22,7 @@ add_sssd_modules() { # Write a combined sssd config from all our /opt/openslx/pam/slx-ldap.d/* files write_sssd_config() { + echo "Writing slx-managed sssd config" local file ok domains local tmpfile=$(mktemp) ok=0 @@ -44,6 +44,7 @@ write_sssd_config() { . "$file" [ -z "$LDAP_URI" ] && continue [ -z "$LDAP_BASE" ] && continue + echo "... including $file" ok=$(( ok + 1 )) domains="${domains}, dom$ok" cat >> "$tmpfile" <<-HERE @@ -60,15 +61,20 @@ write_sssd_config() { HERE [ -n "$LDAP_CACERT" ] && echo "ldap_tls_cacert = $LDAP_CACERT" >> "$tmpfile" done - [ "$ok" = 0 ] && return 1 # No config + if [ "$ok" = 0 ]; then + echo "Config is empty, aborting" + return 1 # No config + fi mkdir -p "/etc/sssd" chmod 0755 "/etc/sssd" sed "s/%DOMAIN_LIST%/${domains#, }/" "${tmpfile}" > "/etc/sssd/sssd.conf" chmod 0600 "/etc/sssd/sssd.conf" rm -f -- "${tmpfile}" + echo "Done" return 0 # OK } +echo "Generating common generic pam and nsswitch entries..." # unix auth+=("[success=%NUM% default=ignore] pam_unix.so nodelay") account+=("[success=%NUM% new_authtok_reqd=done default=ignore] pam_unix.so") @@ -85,6 +91,7 @@ fi # Insert kerberos before our auth module if [ -s "/etc/krb5.conf" ]; then + echo "Kerberos config exists, including pam module..." auth+=("optional pam_krb5.so minimum_uid=1000 use_first_pass ccache=FILE:/run/user/krb5cc_%u_XXXXXX ccname_template=FILE:/run/user/krb5cc_%U_XXXXXX") session+=("optional pam_krb5.so minimum_uid=1000") fi @@ -96,6 +103,7 @@ auth+=("[success=%NUM% default=ignore] pam_exec.so quiet expose_authtok /opt/ope if systemctl is-enabled -q sssd.service && grep -q -e '^\s*id_provider' -e '^\s*auth_provider' "/etc/sssd/sssd.conf" \ && ! grep -q -F '<slx-autogen>' "/etc/sssd/sssd.conf"; then # sssd is configured and doesn't have our marker - just add pam and nss config but leave sssd.conf alone + echo "Found existing unmanaged sssd config - leaving alone an enabling" add_sssd_modules elif ! systemctl show sssd.service | grep -q '^LoadError='; then # We have sssd available and unconfigured, or marked with our config tag, <slx-autogen> @@ -108,12 +116,14 @@ elif ! systemctl show sssd.service | grep -q '^LoadError='; then session+=("optional pam_unix.so") fi else + echo "Leaving sssd disabled" session+=("optional pam_unix.so") fi # DNS dns+=("files" "cache") if systemctl is-enabled -q systemd-resolved; then + echo "resolved is enabled, including in nsswitch" dns+=("resolve") fi dns+=("dns") @@ -126,6 +136,7 @@ tmpfile=$(mktemp) # common-auth if grep -q '<slx-autogen>' "/etc/pam.d/common-auth"; then + echo "Writing common-auth..." skip=$(( ${#auth[@]} + 1 )) echo "# <slx-autogen> Generated $(date)" > "$tmpfile" for line in "${auth[@]}"; do @@ -145,6 +156,7 @@ fi # common-account if grep -q '<slx-autogen>' "/etc/pam.d/common-account"; then + echo "Writing common-account..." skip=${#account[@]} echo "# <slx-autogen> Generated $(date)" > "$tmpfile" for line in "${account[@]}"; do @@ -161,6 +173,7 @@ fi # common-session if grep -q '<slx-autogen>' "/etc/pam.d/common-session"; then + echo "Writing common-session..." cat > "$tmpfile" <<-HERE # <slx-autogen> Generated $(date) session required pam_permit.so @@ -180,6 +193,7 @@ fi # # Write nsswitch.conf if grep -q '<slx-autogen>' "/etc/nsswitch.conf"; then + echo "Writing nsswitch.conf..." cat > "/etc/nsswitch.conf" <<-HERE # <slx-autogen> Generated $(date) passwd: ${nss[@]} diff --git a/core/modules/slx-network-configs-targets/data/opt/openslx/scripts/systemd-wait_online b/core/modules/slx-network-configs-targets/data/opt/openslx/scripts/systemd-wait_online index aaee9c32..86aa3da2 100755 --- a/core/modules/slx-network-configs-targets/data/opt/openslx/scripts/systemd-wait_online +++ b/core/modules/slx-network-configs-targets/data/opt/openslx/scripts/systemd-wait_online @@ -8,6 +8,7 @@ while ! grep -q ^nameserver /etc/resolv.conf && [ "$w" -lt 10 ]; do let w++ sleep 1 done +ns=$w # We don't consider a missing nameserver fatal, but a missing gateway, if no proxy is set . /etc/profile @@ -17,5 +18,10 @@ while [ -z "$http_proxy" ] && [ -z "$ALL_PROXY" ] && ! ip route show | grep -q ^ sleep 1 . /etc/profile done +gw=$(( w - ns )) + +if [ "$ns" -gt 2 ] || [ "$gw" -gt 2 ]; then + echo "Waited $ns seconds for DNS, $gw seconds for default gateway/proxy" +fi exit 0 |