[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 6 commits: Don't disable timesyncd on standalone systems.
WolfgangSchweer
gitlab at salsa.debian.org
Wed Jan 9 14:31:30 GMT 2019
WolfgangSchweer pushed to branch master at Debian Edu / debian-edu-config
Commits:
ed64020e by Wolfgang Schweer at 2019-01-09T13:20:03Z
Don't disable timesyncd on standalone systems.
- - - - -
2b45ad04 by Wolfgang Schweer at 2019-01-09T13:28:15Z
Let cf-agent output more information, useful for src:debian-edu autopkg test.
Also prevent the script from exiting if the last etckeeper call should fail when
run inside debci. Thanks to Holger Levsen for the hint.
- - - - -
10262d0c by Wolfgang Schweer at 2019-01-09T13:32:20Z
Improve menu reorder setup.
Move code for the Standalone profile from cf3/cf.homes to cf3/cf.finalize where
it is better placed.
Make sure the menus are reordered in each installation scenario case.
Adjust cf3/promises.cf to reflect the change.
- - - - -
10798a76 by Wolfgang Schweer at 2019-01-09T13:51:29Z
Rework LDAP client configuration now that nslcd preseeding is working.
Use the added share/debian-edu-config/sudo-ldap.conf file (commit 2b45ad0) to
provide the last bit of information besides those contained in nslcd.conf and
adjust cf3/cf.ldapclient accordingly. [In case /etc/sudo-ldap.conf is missing,
the sudo-ldap package creates a link pointing to the /etc/ldap/ldap.conf file.]
With this change both /etc/nslcd.conf and /etc/ldap/ldap.conf can be left
unmodified.
- - - - -
4ba7e89d by Wolfgang Schweer at 2019-01-09T14:05:03Z
Adjust Makefile.
- - - - -
eae26b39 by Wolfgang Schweer at 2019-01-09T14:30:16Z
Add menu entries for last commits.
- - - - -
9 changed files:
- Makefile
- cf3/cf.finalize
- cf3/cf.homes
- cf3/cf.ldapclient
- cf3/cf.ntp
- cf3/promises.cf
- debian/changelog
- + share/debian-edu-config/sudo-ldap.conf
- share/debian-edu-config/tools/debian-edu-bless
Changes:
=====================================
Makefile
=====================================
@@ -388,6 +388,7 @@ install: install-testsuite
share/debian-edu-config/edu-xfce4-panel.xml \
share/debian-edu-config/55xfce4-session-debian-edu \
share/debian-edu-config/lightdm-gtk-greeter.conf \
+ share/debian-edu-config/sudo-ldap.conf \
share/pam-configs/edu-group \
share/pam-configs/edu-umask \
share/perl5/Debian/Edu.pm \
=====================================
cf3/cf.finalize
=====================================
@@ -14,6 +14,13 @@ files:
link_from => ln_s("/usr/share/debian-edu-config/lightdm-gtk-greeter.conf"),
move_obstructions => "true";
+ # Make sure menu overrides are enabled in each case.
+
+ debian.installation::
+
+ "/etc/default/desktop-profiles"
+ edit_line => profile;
+
commands:
debian.server.installation::
@@ -60,3 +67,30 @@ commands:
"/usr/sbin/pam-auth-update --package"
contain => in_shell;
}
+
+bundle edit_line profile
+{
+
+replace_patterns:
+
+ "PERSONALITY=polite" replace_with => value("PERSONALITY=rude");
+}
+
+bundle agent editline_finalize
+{
+
+vars:
+
+ "menu" string => "MENUREORDER=true";
+
+files:
+
+ # Enable our menu overrides also on standalone installations
+
+ debian.standalone.installation::
+
+ "/etc/debian-edu/config"
+ create => "true",
+ edit_line => append_if_no_line("$(menu)");
+}
+
=====================================
cf3/cf.homes
=====================================
@@ -47,7 +47,6 @@ vars:
"/srv/nfs4/home0 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check)" };
"ltsp_only" slist => { "/opt/ltsp/$(default_arch) 10.0.0.0/255.0.0.0(ro,async,no_root_squash,subtree_check) 192.168.0.0/255.255.0.0(ro,async,no_root_squash,subtree_check) 127.0.0.1(ro,async,no_root_squash,subtree_check,insecure)" };
"fstab" string => "/skole/tjener/home0 /srv/nfs4/home0 none bind 0 0";
- "menu" string => "MENUREORDER=true";
"autofs" string => "LDAPURI=ldap://$(edu.ldapserver)";
files:
@@ -76,14 +75,6 @@ files:
create => "true",
edit_line => append_if_no_line("$(ltsp_only)");
- # Enable our menu overrides on standalone installations
-
- debian.standalone.installation::
-
- "/etc/debian-edu/config"
- create => "true",
- edit_line => append_if_no_line("$(menu)");
-
# Enable autofs using LDAP unless running the server,
# standalone or roaming workstations.
=====================================
cf3/cf.ldapclient
=====================================
@@ -19,38 +19,22 @@ vars:
"nss_conf" slist => { "passwd: files ldap",
"group: files ldap",
"shadow: files ldap",
- "netgroup: files ldap",
+ "netgroup: nis ldap",
"automount: files ldap" };
- "ldap_conf" slist => { "HOST $(edu.ldapserver)",
- "sudoers_base ou=sudoers,$(edu.ldapbase)",
- "BASE $(edu.ldapbase)",
- "TLS_REQCERT demand",
- "TLS_CACERT /etc/ssl/certs/debian-edu-server.crt" };
- "nslcd_conf" string => "tls_cacertfile /etc/ssl/certs/debian-edu-server.crt";
files:
debian.!standalone.!roaming.installation::
+ "/etc/sudo-ldap.conf"
+ link_from => ln_s("/usr/share/debian-edu-config/sudo-ldap.conf"),
+ move_obstructions => "true";
+
"/etc/nsswitch.conf"
edit_line => append_if_no_line( @(nss_conf) );
"/etc/nsswitch.conf"
edit_line => nsswitch_conf;
-
- # Adjust for package sudo-ldap; also use the downloaded LDAP SSL certificate
- # to verify the connection to the server.
-
- debian.!standalone.installation::
-
- "/etc/ldap/ldap.conf"
- edit_line => append_if_no_line("$(ldap_conf)");
-
- "/etc/nslcd.conf"
- edit_line => nslcd_conf;
-
- "/etc/nslcd.conf"
- edit_line => append_if_no_line("$(nslcd_conf)");
}
bundle edit_line nsswitch_conf
@@ -66,14 +50,3 @@ replace_patterns:
"^($(regexpr))$" replace_with => comment("#");
}
-bundle edit_line nslcd_conf
-{
-
-vars:
-
- "nslcd_conf" string => "tls_cacertfile /etc/ssl/certs/debian-edu-server.crt";
-
-replace_patterns:
-
- "/etc/ldap/ssl/ldap-server-pubkey.pem" replace_with => value("/etc/ssl/certs/debian-edu-server.crt");
-}
=====================================
cf3/cf.ntp
=====================================
@@ -1,11 +1,11 @@
bundle agent ntp
{
-# Disable Systemd service, use custom ntp configuration.
+# Disable Systemd service for networked systems, use custom ntp configuration.
# Respect that LTSP is prefering systemd-timesyncd.
commands:
- debian.!ltspclient.installation::
+ debian.!standalone.!ltspclient.installation::
"/bin/systemctl disable systemd-timesyncd"
contain => in_shell;
=====================================
cf3/promises.cf
=====================================
@@ -63,6 +63,7 @@ body common control
tftpd,
pxeinstall,
finalize,
+ editline_finalize,
};
inputs => {
=====================================
debian/changelog
=====================================
@@ -1,3 +1,25 @@
+debian-edu-config (2.10.54) UNRELEASED; urgency=medium
+
+ * Fix NTP setup for profile 'Standalone'.
+ - cf3/cf.ntp: Don't disable timesyncd on standalone systems.
+ * Improve the script used by the src:debian-edu autopkg test.
+ - share/debian-edu-config/tools/debian-edu-bless:
+ Add the '-I' parameter to let cf-agent output more information.
+ Prevent the script from exiting if the last etckeeper call should fail.
+ Thanks to Holger Levsen for the hint.
+ * Improve menu reorder setup.
+ - Move code for the Standalone profile from cf3/cf.homes to cf3/cf.finalize
+ as a better place.
+ - Make sure the menus are reordered in each installation scenario case.
+ - Adjust cf3/promises.cf to reflect the change.
+ * Rework LDAP client configuration now that nslcd preseeding is working.
+ - Add share/debian-edu-config/sudo-ldap.conf file to provide the last bit
+ of information for clients (besides those contained in nslcd.conf).
+ - Adjust cf3/cf.ldapclient accordingly.
+ - Adjust Makefile.
+
+ -- Wolfgang Schweer <wschweer at arcor.de> Wed, 09 Jan 2019 10:29:06 +0100
+
debian-edu-config (2.10.53) unstable; urgency=medium
[ Wolfgang Schweer ]
=====================================
share/debian-edu-config/sudo-ldap.conf
=====================================
@@ -0,0 +1,5 @@
+#
+# Debian Edu specific setting needed in addition to those in /etc/nslcd.conf
+# Providing this file allows one to leave /etc/ldap/ldap.conf untouched.
+#
+sudoers_base ou=sudoers,dc=skole,dc=skolelinux,dc=no
=====================================
share/debian-edu-config/tools/debian-edu-bless
=====================================
@@ -136,8 +136,8 @@ fi
# 4. Run 'cf-agent -D installation' to configure everything
# that could not be done using preseeding.
-cf-agent -D installation
-etckeeper commit "/etc/ state after running cf-agent -D installation."
+cf-agent -I -D installation
+etckeeper commit "/etc/ state after running cf-agent -D installation." || true
# 5. Ask for a reboot to enable all the configuration changes.
echo "It is now time to reboot. For example by running"
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/compare/ce2f38eb68a2d586933a1871e59a1e4bfac056eb...eae26b39fb2bd67ec951838c8d5dd9f899c20148
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/compare/ce2f38eb68a2d586933a1871e59a1e4bfac056eb...eae26b39fb2bd67ec951838c8d5dd9f899c20148
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20190109/9f814ee5/attachment-0001.html>
More information about the debian-edu-commits
mailing list