[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 4 commits: Cleanup cf3/edu.cf from LTSP5 related entry.

Sat Apr 18 23:22:36 BST 2020


WolfgangSchweer pushed to branch master at Debian Edu / debian-edu-config


Commits:
740c0a0f by Wolfgang Schweer at 2020-04-16T23:04:06+02:00
Cleanup cf3/edu.cf from LTSP5 related entry.

Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>

- - - - -
3f69cd2c by Wolfgang Schweer at 2020-04-18T23:54:46+02:00
Re-add grub-update command execution to cf3/cf.grub

This has accidently been removed in 2.11.16 during cleanup from LTSP5 content.

Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>

- - - - -
bbeaba5c by Wolfgang Schweer at 2020-04-19T00:10:37+02:00
Add share/debian-edu-config/tools/configure-edu-gateway

This script allows one to configure a system with two network interfaces and
profile 'Minimal' as a gateway and optionally as a firewall (shorewall).

Adjust Makefile.

Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>

- - - - -
0efead8b by Wolfgang Schweer at 2020-04-19T00:20:50+02:00
Add changelog entries for last commits.

Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>

- - - - -


5 changed files:

- Makefile
- cf3/cf.grub
- cf3/edu.cf
- debian/changelog
- + share/debian-edu-config/tools/configure-edu-gateway


Changes:

=====================================
Makefile
=====================================
@@ -283,6 +283,7 @@ install: install-testsuite
 		share/debian-edu-config/d-i/finish-install \
 		share/debian-edu-config/d-i/pre-pkgsel \
 		share/debian-edu-config/tools/passwd \
+		share/debian-edu-config/tools/configure-edu-gateway \
 		share/debian-edu-config/tools/create-debian-edu-certs \
 		share/debian-edu-config/tools/create-server-cert \
 		share/debian-edu-config/tools/cups-queue-autoflush \


=====================================
cf3/cf.grub
=====================================
@@ -21,6 +21,13 @@ files:
 
     "/etc/default/grub"
       edit_line => grub_conf3;
+
+commands:
+
+  debian.installation::
+
+    "/usr/sbin/update-grub"
+      contain => in_shell;
 }
 
 bundle edit_line grub_conf1


=====================================
cf3/edu.cf
=====================================
@@ -22,7 +22,6 @@ bundle common edu
     "roaming"	     expression => returnszero("/bin/grep  'Roaming-Workstation' /etc/debian-edu/config","noshell");
     "standalone"     expression => not( fileexists("/usr/bin/ntpq") );
     "minimal"	     expression => returnszero("/bin/grep 'Minimal' /etc/debian-edu/config","noshell");
-    "ltspimages"     expression => isdir("/opt/ltsp/images");
     "installation"   expression => fileexists("/sbin/start-stop-daemon.REAL");
     "testinstall"    expression => returnszero("/bin/grep 'TESTINSTALL=\"true\"' /etc/debian-edu/config","noshell");
     # Set if the internet is reachable for downloading files.


=====================================
debian/changelog
=====================================
@@ -1,3 +1,15 @@
+debian-edu-config (2.11.21) UNRELEASED; urgency=medium
+
+  * Add share/debian-edu-config/tools/configure-edu-gateway.
+    This script allows one to configure a system with two network interfaces and
+    profile 'Minimal' as a gateway and optionally as a firewall (shorewall).
+  * LTSP changes related issues:
+    - cf3/cf.grub: Re-add accidently removed grub-update command execution.
+    - cf3/edu.cf: Cleanup from LTSP5 related entry.
+  * Adjust Makefile.
+
+ -- Wolfgang Schweer <wschweer at arcor.de>  Sun, 19 Apr 2020 00:09:19 +0200
+
 debian-edu-config (2.11.20) unstable; urgency=medium
 
   [ Wolfgang Schweer ]


=====================================
share/debian-edu-config/tools/configure-edu-gateway
=====================================
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# Configure a Debian Edu system with 'Minimal' profile' to act as as gateway.
+
+# The configuration below applies to a Debian Edu machine in the internal
+# backbone network with two NICs, the eth0 interface attached to an existing
+# router and the eth1 one attached to the backbone network 10.0.0.0/8.
+#
+# Author/Copyright:	Wolfgang Schweer <wschweer at arcor.de>
+# Licence:			GPL2+
+# first edited:		2020-04-17
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+set -e
+
+# usage
+if [ -z "$1" ] ; then
+	echo "Use $0 -h or $0 --help for more information"
+	exit 0
+fi
+
+if [ "$1" = "-h" ] || [ "$1" = "--help" ] ; then
+	cat <<EOF
+
+Usage information:
+
+$0 --firewall <yes|no>
+
+Turn a Debian Edu system with profile 'Minimal' into a gateway.
+
+'$0 --firewall no' configures this system as gateway.
+
+'$0 --firewall yes' installs the 'shorewall' package in addition and
+   configures this system also as a firewall.
+   See https://shorewall.org/two-interface.htm#System for detailed information.
+EOF
+	exit 0
+fi
+
+# Prevent to do this more than one time
+if [ -e /etc/network/if-up.d/wpad-proxy-update ] ; then
+    sed -i 's/auto eth0/auto eth0 eth1/' /etc/network/interfaces
+    sed -i '/eth1/ s/dhcp/static/' /etc/network/interfaces
+    sed -i '/post-up/d' /etc/network/interfaces
+    echo 'address 10.0.0.1' >> /etc/network/interfaces
+    echo 'dns-nameservers 10.0.2.2' >> /etc/network/interfaces
+    echo 'dns-domain intern' >> /etc/network/interfaces
+    hostname -b gateway
+    hostname > /etc/hostname
+    rm -f /etc/dhcp/dhclient-exit-hooks.d/hostname
+    rm -f /etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
+    rm -f /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert
+    rm -f /etc/network/if-up.d/wpad-proxy-update
+    sed -i 's/domain-name,//' /etc/dhcp/dhclient-debian-edu.conf
+    sed -i 's/domain-search,//' /etc/dhcp/dhclient-debian-edu.conf
+    service networking stop
+    service networking start
+    sed -i 's#NAT=#NAT="10.0.0.0/8"#' /etc/default/enable-nat
+    service enable-nat restart
+fi
+
+# Optionally install, configure, enable and start shorewall.
+if [ "yes" = "$2" ] && [ ! -d /etc/shorewall ] ; then
+	if grep -q / /etc/debian_version ; then
+		dist=$(cat /etc/debian_version | cut -d/ -f1)
+	else
+		dist=$(lsb_release -sc)
+	fi
+	if egrep -q '^deb cdrom:' /etc/apt/sources.list ; then
+		sed -i 's/deb cdrom/#deb cdrom/' /etc/apt/sources.list
+		echo "deb http://deb.debian.org/debian $dist main" >> /etc/apt/sources.list
+	fi
+	apt update
+	apt -yq install shorewall
+	for i in interfaces policy rules snat stoppedrules zones ; do
+		cp /usr/share/doc/shorewall/examples/two-interfaces/$i /etc/shorewall
+	done
+	echo "NET_IF=eth0" >> /etc/shorewall/params
+	echo "NET_OPTIONS=routefilter,norfc1918" >> /etc/shorewall/params
+	systemctl enable shorewall
+	systemctl start shorewall
+fi
+
+# Give feedback
+	echo ""
+echo "The system has been configured as gateway."
+	echo ""
+if [ -e /etc/shorewall/snat ] ; then
+	echo "Shorewall has been configured for this two-interfaces setup."
+	echo ""
+	echo "See https://shorewall.org/two-interface.htm#System for detailed information."
+	echo ""
+fi



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/9b6dd9341d52f262cdcdea03bc6058f40d91be61...0efead8bdcfb1d1cb69125f5cefbefd6a8703cca

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/9b6dd9341d52f262cdcdea03bc6058f40d91be61...0efead8bdcfb1d1cb69125f5cefbefd6a8703cca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20200418/52821699/attachment-0001.html>
