diff options
| author | Jonathan Bauer | 2020-12-08 13:28:14 +0100 |
|---|---|---|
| committer | Jonathan Bauer | 2020-12-08 13:28:14 +0100 |
| commit | 6ca5257e908f0377c289bd7959f68c383512f34d (patch) | |
| tree | 6568b165e391f20c39e222442af389a65c31c958 | |
| parent | [dnbd3-rootfs] fix xloop module names (diff) | |
| download | systemd-init-6ca5257e908f0377c289bd7959f68c383512f34d.tar.gz systemd-init-6ca5257e908f0377c289bd7959f68c383512f34d.tar.xz systemd-init-6ca5257e908f0377c289bd7959f68c383512f34d.zip | |
[slx-ssl] new module for SSL sat support
| -rw-r--r-- | modules.d/slx-ssl/hooks/setup-ssl-sat.sh | 34 | ||||
| -rwxr-xr-x | modules.d/slx-ssl/module-setup.sh | 13 |
2 files changed, 47 insertions, 0 deletions
diff --git a/modules.d/slx-ssl/hooks/setup-ssl-sat.sh b/modules.d/slx-ssl/hooks/setup-ssl-sat.sh new file mode 100644 index 00000000..33e8d506 --- /dev/null +++ b/modules.d/slx-ssl/hooks/setup-ssl-sat.sh @@ -0,0 +1,34 @@ +#!/bin/ash + +# $FUTURE_ROOT - root dir of final stage 4 (config.tgz extracted to here) +# $CONFIG - current path to /opt/openslx/config (changes to this end up in stage 4) + +# dracut compat +FUTURE_ROOT="$NEWROOT" +# the slx configuration file is already copied to the newroot in an early hook, so: +CONFIG="${NEWROOT}/opt/openslx/config" +# systemd context, so need to explicitely source the config for SLX_REMOTE_SSL +. "$CONFIG" +# end dracut compat + +# Set up SSL communication with server +if [ -d "${FUTURE_ROOT}/opt/openslx/ssl" ] && ! rmdir "${FUTURE_ROOT}/opt/openslx/ssl"; then + # Copy certs and symlinks to CA path + cp -a "${FUTURE_ROOT}"/opt/openslx/ssl/* "${FUTURE_ROOT}/etc/ssl/certs/" + # Append to combined ca bundle + find "${FUTURE_ROOT}/opt/openslx/ssl" -type f -exec cat {} \; \ + >> "${FUTURE_ROOT}/etc/ssl/certs/ca-certificates.crt" + # Move certs (without symlinks), so they will be re-included if we run update-ca-certificates later + mkdir -p "${FUTURE_ROOT}/usr/local/share/ca-certificates" + find "${FUTURE_ROOT}/opt/openslx/ssl" -type f \ + -exec mv {} "${FUTURE_ROOT}/usr/local/share/ca-certificates/" \; + # Delete symlinks + find "${FUTURE_ROOT}/opt/openslx/ssl" -type l -delete + # Add entry to /etc/hosts for boot server (satellite server) + # Change all the URLs in config to use SSL + if [ -n "$SLX_REMOTE_SSL" ] && ! grep -qF 'satellite.bwlehrpool' "/etc/hosts"; then + echo "$SLX_REMOTE_SSL satellite.bwlehrpool" >> "/etc/hosts" + sed -i "s,http://${SLX_REMOTE_SSL}/,https://satellite.bwlehrpool/," "${CONFIG}" + fi +fi +true diff --git a/modules.d/slx-ssl/module-setup.sh b/modules.d/slx-ssl/module-setup.sh new file mode 100755 index 00000000..1080c6ea --- /dev/null +++ b/modules.d/slx-ssl/module-setup.sh @@ -0,0 +1,13 @@ +#!/bin/bash +check() { + # Tell dracut that this module should only be included if it is required + # explicitly. + return 255 +} +depends() { + echo dnbd3-rootfs +} +install() { + # config.tgz unpacking happens in pre-pivot/20 + inst_hook pre-pivot 30 "$moddir/hooks/setup-ssl-sat.sh" +} |