diff options
Diffstat (limited to 'core/modules/run-virt/data/opt/openslx/vmchooser')
13 files changed, 187 insertions, 62 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf b/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf index 016ca2f3..95137377 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf @@ -6,7 +6,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template b/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template index 19731d80..201804c3 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template @@ -6,7 +6,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH index cf5dbc5d..54a30955 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH @@ -8,15 +8,15 @@ Binaries in der genutzen virtuellen Maschine enthalten sind. Folgende Programme werden benötigt: -awk, cat, chmod, chown, cut, cvt, find, grep, head, hexdump, ln, logger, -mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, sleep, su, -systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. +awk, cat, chmod, chown, cut, cvt, find, fusermount, grep, head, hexdump, +ln, logger, mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, +sleep, su, systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. -Als mitunter fehlend haben sich insbesondere mount.cifs (wenn SMB-Laufwerke -nicht eingebunden werden und xdg-user-dir (wenn keine Icons auf dem Desktop -erscheinen) erwiesen. Zur Ermittlung eventuell fehlender binaries ist -hilfreich, das Skript openslx mit root-Rechten von Hand zu starten und auf -"…not found" u.ä. zu achten. +Als mitunter fehlend haben sich insbesondere mount.cifs, mount.davfs (wenn +SMB- bzw. Webdav-Laufwerke nicht eingebunden werden) und xdg-user-dir +(wenn keine Icons auf dem Desktop erscheinen) erwiesen. Zur Ermittlung +eventuell fehlender binaries ist hilfreich, das Skript openslx mit root- +Rechten von Hand zu starten und auf "…not found" u.ä. zu achten. Logeinträge: @@ -28,14 +28,20 @@ die Einträge sind zudem wie folgt aufgeschlüsselt: 'openslx utility script': openslx-Hauptskript 'openslx sharemapper': Dienstskript zum Einhängen der Netzlaufwerke, 'openslx resolution utility': Dienstskript zur Bildschirmauflösung. +'openslx umounter': Dienstskript zum Unmounten eingehängter Netzlauf- + werke bei Shutdown. (Anmerkung: besonders bei per + Userspace über fusermount eingehängten Webdav- + laufwerken wichtig, da es sonst zu Wartezeiten + beim Shutdown der VM kommen kann.) Enthaltene Skripte: vm_installer: Dieses Skript einmalig in einer lokalen, permanenten (also nicht innerhalb des Poolsystems) Virtuellen Maschine ausführen. - Es schreibt zwei systemd-Servicedateien und verlinkt diese, - um beim Systemstart folgende Skripte zu starten: + Eine vorherige Installation sollte erkannt und korrigiert + werden. Es schreibt zwei systemd-Servicedateien und verlinkt + diese, um beim Systemstart folgende Skripte zu starten: openslx: Das Skript openslx wird von einem durch vm_installer erzeugten systemd-Dienst gestartet. Es ruft die Funktionen @@ -51,8 +57,8 @@ resolution_standalone: Einzelstehende Version des resolution-Skriptes, die Einbindung innerhalb der VM (Xsetup/Xreset) muss daher selbst gesorgt werden. - Anmerkung: Dieses Skript wird nur unstetig gewartet, die - Nutzung von openslx wird daher empfohlen. + Anmerkung: Dieses Skript wird nicht mehr bzw. nur unstetig + gewartet, die Nutzung von openslx wird daher sehr mpfohlen. Veraltet als Einzelskripte: diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README index 6a58e448..885fba7e 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README @@ -8,13 +8,14 @@ check the usual log files, of course). These programs are needed: -awk, cat, chmod, chown, cut, cvt, find, grep, head, hexdump, ln, logger, -mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, sleep, su, -systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. +awk, cat, chmod, chown, cut, cvt, find, fusermount, grep, head, hexdump, +ln, logger, mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, +sleep, su, systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm. -Two likely candidates are in particular mount.cifs and xdg-user-dir. Do -detect missing binaries it is helpful to start the script openslx with root -permissions by hand and check for "…not found" messages. +Some likely candidates are in particular mount.cifs, mount.davfs and +xdg-user-dir. To detect missing binaries it is helpful to start the script +openslx in the virtual machine with root permissions by hand and check for +"... not found" messages. Log file entries: @@ -25,12 +26,14 @@ distinguished by a preceding 'openslx'; the entries are further itemised by: 'openslx utility script': openslx main script, 'openslx sharemapper': utility to mount network shares, 'openslx resolution utility': utility to set monitor resolution. +'openslx umounter': utility for unmounting previously script-mounted network + drives at shutdown. (Ann.: This is important at userspace + mounted (fusermount) webdav shares, as it else may lead + to waiting time at shutdown of the virtual machine.) Included scripts: -This package consists of following scripts: - vm_installer: This script is to be started once in a local, permanent (so not within the pool system environment) virtual machine. It writes two systemd service files and links them, so following @@ -44,6 +47,7 @@ openslx: The script openslx will be started via systemd service written umnt_shares: (before shutdown.target): Unmounts given network shares at virtual machine shutdown. + resolution_standalone: Standalone version of resolution sctipt. Needs no preliminary work done by systemd or vm_runtime. It has to be embedded/startedt via adequate means by hand (eg. diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc index 3cee7944..cf6592f1 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc @@ -6,7 +6,7 @@ SLXCONFIGFILE="$DISKMOUNTDIR"/openslx.ini CONFIGFILE="$DISKMOUNTDIR"/shares.dat LOGINUSER=$(grep '^username=' "$SLXCONFIGFILE" | cut -d '=' -f 2) -##### User related################# +##### User related ################# LOCALUSER=student USERHOME=/home/"$LOCALUSER" USERHOMEDIR=/home/"$LOCALUSER"/PERSISTENT @@ -34,11 +34,14 @@ MOUNTCIFSPRAE="-v -t cifs -o " MOUNTCIFSOPTS="uid=$(id --user "$LOCALUSER"),gid=$(id --group "$LOCALUSER"),forceuid,forcegid,file_mode=0700,dir_mode=0700,nobrl,noacl" MOUNTNFSPRAE="-v -t nfs4 -o " MOUNTNFSOPTS="rw,nosuid,nodev,nolock,intr,hard,sloppy" +MOUNTDAVPRAE="-t davfs -o " +MOUNTDAVOPTS="uid=$(id --user "$LOCALUSER"),gid=$(id --group "$LOCALUSER")" NATADDR=$(head -n 1 "$CONFIGFILE" | cut -f 1 -d$'\t') PORT=$(head -n 1 "$CONFIGFILE" | cut -f 2 -d$'\t') SCHLUESSEL=$(head -n 1 "$CONFIGFILE" | cut -f 4 -d$'\t') GLOBALDOMAINUSER=$(head -n 1 "$CONFIGFILE" | cut -f 5 -d$'\t') +GLOBALDOMAIN=$(echo "$GLOBALDOMAINUSER" | cut -d '\' -f 1) GLOBALUSER=$(echo "$GLOBALDOMAINUSER" | cut -d '\' -f 2) ##### Remap ####################### @@ -54,5 +57,7 @@ SCRIPTEXT=$(grep scriptExt "$DISKMOUNTDIR/openslx.ini" | cut -f 2 -d "=") MUTESOUND=$(grep muteSound "$DISKMOUNTDIR/openslx.ini" | cut -f 2 -d "=") SOUNDVOL="100%" +##### Programs interfering with resolution setting ##### +KILLRESPROGS="kscreen_backend_launcher" ### Variablen Ende ################################ diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc index 33ccf686..c7db1971 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc @@ -23,45 +23,64 @@ function already_mounted() function mounter() { + MOUNTPARAM="$1" + MOUNTOPTS="$2" + SHAREPATH="$3" + MOUNTDIR="$4" + # Ausgabe: konnte mounten: 0, konnte nicht mounten: 1, schon gemountet 2 - already_mounted "$4" + already_mounted "$MOUNTDIR" ERR=$? if [ "$ERR" -eq 0 ]; then - logger "openslx sharemapper: $3 already mounted." + logger "openslx sharemapper: $SHAREPATH already mounted." AUSGANG=2 else case "$MOUNTER" in nfs) AUSGANG=0 x=2 - while ! mount $1 $2 $3 $4 2>/dev/null 1>&2; do - logger "openslx sharemapper: could not mount ${3} to ${4}, waited another $x seconds, retrying." + while ! mount $MOUNTPARAM "${MOUNTOPTS}" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do + logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying." sleep $x if [ "$x" -gt 6 ]; then AUSGANG=1 - logger "openslx sharemapper: timeout, could not mount ${3} to ${4}. mount.nfs installed?" + logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR}. mount.nfs installed?" break fi let x=x+2 done - [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${3} mounted to ${4} (nfs)." # Todo: Schöner schreiben:) + [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${SHAREPATH} mounted to ${MOUNTDIR} (nfs)." # Todo: Schöner schreiben:) ;; cifs) AUSGANG=0 x=2 + [ -n "$GLOBALDOMAIN" ] && MOUNTOPTS="${MOUNTOPTS},domain=$GLOBALDOMAIN" for VERSION in $CIFSVERSIONS; do AUSGANG=0 - while ! mount $1 "$VERSION",${2} $3 $4 2>/dev/null 1>&2; do - logger "openslx sharemapper: could not mount ${3} to ${4}, waited another $x seconds, retrying." + while ! mount $MOUNTPARAM "${VERSION}","${MOUNTOPTS}" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do + logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying." sleep $x if [ "$x" -gt 4 ]; then AUSGANG=1 - logger "openslx sharemapper: timeout, could not mount ${3} to ${4} cifs v${VERSION}." + logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR} cifs v${VERSION}." break fi let x=x+2 done [ "$AUSGANG" -eq 0 ] && break done - [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${3} mounted to ${4} (cifs $VERSION)." + [ "$AUSGANG" -eq 0 ] && logger "openslx sharemapper: ${SHAREPATH} mounted to ${MOUNTDIR} (cifs $VERSION)." + ;; + dav) AUSGANG=0 + x=2 + while ! echo -e "${USER}\n${PASSWD}" | mount $MOUNTPARAM "$MOUNTOPTS" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do + logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying." + sleep x + if [ "$x" -gt 4 ]; then + AUSGANG=1 + logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR}. mount.davfs installed?" + break + fi + let x=x+2 + done ;; *) logger "openslx sharemapper: unknown mounter ${MOUNTER}!" ;; @@ -97,7 +116,7 @@ function mount_share() ERR=$? # ERR merken wg. Links aus USERSHAREDIR if [ "$ERR" -eq 1 ]; then logger "openslx sharemapper: Could not mount ${USERSHAREDIR} even using user credentials; giving up." - echo "Konnte Laufwerk ${SHAREPATH} nicht einhängen." >> "$USERLOGFILE" + echo "Konnte Laufwerk ${SHAREPATH} nicht einhängen. mount.cifs / mount.davfs installiert?" >> "$USERLOGFILE" fi unset USER unset PASSWD diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc index c5d37105..c6bdc8c9 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc @@ -9,7 +9,12 @@ function mount_shares() SHAREPASS=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 5 -d$'\t') # User-PW, bei Userhome nicht vorhanden # Sharetyp bestimmen: - if [ "${SHAREPATH:0:2}" == '\\' ] || [ "${SHAREPATH:0:2}" == '//' ]; then + if [ "${SHAREPATH:0:4}" == 'http' ]; then + SHAREPATH="${SHAREPATH//\\//}" # shouldn't be needed, but who knows what windows users do... + MOUNTER=dav + MOUNTPARAM="$MOUNTDAVPRAE" + MOUNTOPTS="$MOUNTDAVOPTS" + elif [ "${SHAREPATH:0:2}" == '\\' ] || [ "${SHAREPATH:0:2}" == '//' ]; then USER=$(echo "$SHAREUSER"|cut -d '\' -f 2) SHAREPATH="${SHAREPATH//\\//}" # '\' --> `/` :-) MOUNTER=cifs diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc index e161b961..dc92061a 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc @@ -1,12 +1,29 @@ -umount_home() { - umount /home/"${LOCALUSER}"/PERSISTENT && logger "openslx unmounter: umounted home (PERSISTENT)." \ - || logger "openslx unmounter: could not home (PERSISTENT)!" -} +umount_all() { + local HOME + local WEBDAV="(webdav) " + local UMOUNT + get_shares # fills array ROHSHARES; row 1+ share infos from (shares-)CONFIGFILE + + for (( CONFIGROW = 1; CONFIGROW < ${#ROHSHARES[@]}; CONFIGROW++ )); do # row 1 is homedir, 2+ shares + SHAREPATH=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 1 -d$'\t') # Could be a webdav share... + SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 3 -d$'\t' | sed 's/ /_/g') + if [ "${SHARENAME:0:5}" == "Home-" ]; then + HOME="home " + UMOUNT="${USERHOMEDIR}" + else + HOME="" + # if there's no sharename let's at least try with SHARELETTER: + [ -z "${SHARENAME}" ] && SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 2 -d$'\t' | sed 's/://g') + UMOUNT="${USERHOME}/${SHARENAME}" + fi -umount_shares() { - index=0 - for SHARE in $( mount | grep SHARE | tr -s ' ' | cut -f 3 -d " " ); do - umount "${SHARE}" && logger "openslx unmounter: umounted ${SHARE}." \ - || logger "openslx unmounter: could not umount ${SHARE}!" + if [ "${SHAREPATH:0:4}" == 'http' ]; then + fusermount -u "$UMOUNT" && logger "openslx umounter: umounted ${HOME}${WEBDAV} ${UMOUNT}." \ + || logger "openslx umounter: could not umount ${HOME}${WEBDAV} ${UMOUNT}!" + else + umount "${UMOUNT}" && logger "openslx umounter: umounted $HOME ${UMOUNT}." \ + || logger "openslx umounter: could not umount ${HOME}${UMOUNT}!" + fi done } + diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc index a3e6c746..62c2f313 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc @@ -11,11 +11,24 @@ get_xauthfile() logger "openslx resolution utility: XAUTHFILE found." } +kill_resprogs() { + for i in $KILLRESPROGS; do + if [ -n "$(ps aux|grep $i|grep -v grep)" ]; then + logger "openslx resolution utility: Interfering program $i detecting, trying to kill." + killall $i + ERR=$? + if [ $ERR -ne 0 ]; then + logger "openslx resolution utility: couldn't kill interfering program $i." + fi + fi + done +} check_resolution() { ACTRES=$(DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" xrandr|grep '*'|tr -s " "|cut -f 2 -d " ") if [ "$ACTRES" != "$RESOLUTION" ]; then logger "openslx resolution utility: resolution changed; re-changing." + kill_resprogs DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" xrandr --output ${AUSGABE} --mode ${RESOLUTION} else logger "openslx resolution utility: resolution unchanged." diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares index b028cf76..1da5c460 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares @@ -17,13 +17,11 @@ case "$REMAPMODE" in exit 0 ;; 1) logger "openslx sharemapper: umounter: remapMode 1 (native mode) detected." - umount_shares - umount_home + umount_all postliminaries_native ;; 2) logger "openslx sharemapper: umounter: remapMode 2 (fallback mode) detected." - umount_shares - umount_home + umount_all postliminaries_native exit 0 ;; diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer index 91f5b6d2..bf995a66 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer @@ -75,7 +75,6 @@ case $(${PS} --pid 1 -o comm h) in [Unit] Description=openSLX umount utility Before=shutdown.target - Requires=${SERVICEDISKMOUNT} DefaultDependencies=no [Service] @@ -88,9 +87,14 @@ case $(${PS} --pid 1 -o comm h) in [ ! -d "$SERVICEDIR"/"${TARGET}".wants ] && mkdir "$SERVICEDIR"/"${TARGET}".wants 2>/dev/null [ ! -d "$SERVICEDIR"/shutdown.target.wants ] && mkdir "$SERVICEDIR"/shutdown.target.wants 2>/dev/null - + # some distr. eg. Suse seem to want these: + # [ ! -d "$SERVICEDIR"/reboot.target.wants ] && mkdir "$SERVICEDIR"/reboot.target.wants 2>/dev/null + # [ ! -d "$SERVICEDIR"/halt.target.wants ] && mkdir "$SERVICEDIR"/halt.target.wants 2>/dev/null + ln -s "${SERVICEDIR}"/"${SERVICEUTIL}" "$SERVICEDIR"/"${TARGET}".wants/"${SERVICEUTIL}" ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/shutdown.target.wants/"${SERVICEUMOUNT}" + # ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/reboot.target.wants/"${SERVICEUMOUNT}" + # ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/halt.target.wants/"${SERVICEUMOUNT}" echo "openslx praeinstaller: doing systemd reload." systemctl daemon-reload diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall index 01c7472c..51047a99 100644 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall @@ -4,10 +4,15 @@ [ "$UID" = "0" ] || exit 1 -declare -rg RULES=$(mktemp) +declare -rg RULES="$( mktemp )" +declare -rg AUTORULES="$( mktemp )" +declare -rg REMOTERULES="$( mktemp )" +declare -rg LOGFILE="$( mktemp )" [ -n "$RULES" ] || exit 2 +trap 'rm -f -- "$RULES" "$AUTORULES" "$REMOTERULES" "$LOGFILE"' EXIT + [ -n "$1" ] || exit 3 [ "${#1}" -ge 10 ] || exit 4 @@ -31,18 +36,40 @@ for TOOL in iptables ip6tables; do if ! $TOOL -w -C FORWARD -o br0 -j runvirt-OUTPUT; then $TOOL -w -A FORWARD -o br0 -j runvirt-OUTPUT fi - $TOOL -A runvirt-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT - $TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT + $TOOL -A runvirt-INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + $TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT done -declare -rg AUTORULES=$(mktemp) + +parse_uri () { + local scheme + ip="${1,,}" + scheme="${ip%%://*}" + ip="${ip#*://}" + port="${ip##*:}" + if [[ "$port" =~ ^[0-9]+$ ]]; then + ip="${ip%:*}" + elif [ "$scheme" = "ldaps" ]; then + port=636 + else + port=389 + fi + (( port >= 0 && port <= 65535 )) || port=0 +} add_ips () { # add_ips "IN/OUT" "IP1 IP2 IPn" "PORT" "ACCEPT/REJECT" - local IP - [ -z "$1" -o -z "$2" -o -z "$3" -o -z "$4" ] && return 1 - for IP in $2; do - echo "$1 $IP $3 $4" >> "${AUTORULES}" + local ip port port_def + port_def="$3" + [ -z "$1" -o -z "$2" -o -z "$port_def" -o -z "$4" ] && return 1 + for ip in $2; do + port="${ip#*:}" + if (( port > 0 && port < 65536 )); then + ip="${ip%:*}" + else + port="$port_def" + fi + echo "$1 ${ip} ${port} $4" >> "${AUTORULES}" done } @@ -52,6 +79,24 @@ add_ips "OUT" "$SLX_DNS" 53 "ACCEPT" add_ips "OUT" "$SLX_DNBD3_SERVERS" 5003 "ACCEPT" add_ips "OUT" "$SLX_KCL_SERVERS $SLX_SERVER_IP" 0 "ACCEPT" +# sssd +sssd="$( < /etc/sssd/sssd.conf grep -P '^\s*ldap_(backup_)?uri\s*=' | sed -r 's/^[^=]*=//' )" +sssd="${sssd//,/ }" +for uri in $sssd; do + parse_uri "$uri" + add_ips "OUT" "$ip" "$port" "ACCEPT" +done + +# pam-slx-plug +for file in /opt/openslx/pam/slx-ldap.d/*; do + [ -f "$file" ] || continue + uris="$( grep -Po "(?<=LDAP_URI=')[^']*" "$file" )" + for uri in $uris; do + parse_uri "$uri" + add_ips "OUT" "$ip" "$port" "ACCEPT" + done +done + if [ -n "$SLX_VM_NFS" ]; then IP= if [ "${SLX_VM_NFS:0:2}" = '//' ]; then @@ -66,19 +111,28 @@ fi sort -u "${AUTORULES}" > "${RULES}" # determine the URL to download the netrules from -. /opt/openslx/vmchooser/config/resource_urls.conf +if [ -s /opt/openslx/vmchooser/config/resource_urls.conf ]; then + . /opt/openslx/vmchooser/config/resource_urls.conf +fi NETRULES_URL= [ -n "$url_lecture_netrules" ] && NETRULES_URL="${url_lecture_netrules//%UUID%/${1}}" [ -z "$NETRULES_URL" ] && NETRULES_URL="${SLX_VMCHOOSER_BASE_URL}/lecture/$1/netrules" -wget -T 6 -O - "${NETRULES_URL}" >> "${RULES}" 2> "${AUTORULES}" +wget -T 8 -O - "${NETRULES_URL}" > "${REMOTERULES}" 2> "${LOGFILE}" RET=$? if [ "$RET" != "0" ]; then echo "wget exit code: $RET :-(" - grep -q "ERROR 404" "${AUTORULES}" && exit 0 + grep -q "ERROR 404" "${LOGFILE}" && exit 0 # Old sat, doesn't support firewall rules + echo "WGET error output:" + cat "${LOGFILE}" + echo "------------ Downloaded content follows" + cat "${REMOTERULES}" exit 6 fi +# Download OK, append to rules +cat "${REMOTERULES}" >> "${RULES}" + declare -rg V4='^[0-9]+(\.[0-9]+)*(/[0-9]+)?$' declare -rg V6='^([0-9a-fA-F]+|:)(:+[0-9a-fA-F]*)*(/[0-9]+)?$' diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt b/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt index 8dac549d..2ba8424c 100755 --- a/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt +++ b/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt @@ -8,7 +8,7 @@ # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html # # If you have any feedback please consult https://bwlehrpool.de and -# send your feedback to bwlehrpool@hs-offenburg.de. +# send your feedback to support@bwlehrpool.de. # # General information about bwLehrpool can be found at https://bwlehrpool.de # |