[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, squeeze, updated. 0.6-15-gbeab8b2
Andreas B. Mundt
andi at debian.org
Sun Sep 2 07:01:26 UTC 2012
The following commit has been merged in the squeeze branch:
commit 721f380eeef0a2714cdfe2df8135f5d0c2bee500
Author: Andreas B. Mundt <andi at debian.org>
Date: Thu Aug 30 18:07:23 2012 +0200
Allow root to login on all clients from the mainserver. Fixes.
Cherry-pick from master branch.
Create ssh key pair for root on the mainserver. Copy the public key
to the config space and install it on all clients to allow root access
without password. This feature will be used to distribute kerberos
keytabs during installation.
Restrict access to the FAI config space. Fix keytab permissions.
diff --git a/fai/config/files/usr/sbin/debian-lan/SERVER_A b/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
similarity index 98%
rename from fai/config/files/usr/sbin/debian-lan/SERVER_A
rename to fai/config/files/usr/local/sbin/debian-lan/SERVER_A
index 1768495..e15f3f4 100755
--- a/fai/config/files/usr/sbin/debian-lan/SERVER_A
+++ b/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
@@ -167,7 +167,7 @@ case $COMMAND in
;;
addmachine)
for MACHINE in $@ ; do
- scp $DATADIR/${MACHINE}.keytab root@${MACHINE}:/etc/krb5.keytab
+ scp -p $DATADIR/${MACHINE}.keytab root@${MACHINE}:/etc/krb5.keytab
MUNIN_CONFDIR='/etc/munin/munin-conf.d/'
if [ -d $MUNIN_CONFDIR ] && ! grep -sq ${MACHINE} $MUNIN_CONFDIR/nodes.conf ; then
cat >> $MUNIN_CONFDIR/nodes.conf <<EOF
diff --git a/fai/config/files/usr/sbin/nbdswapd/DISKLESS_SERVER b/fai/config/files/usr/local/sbin/nbdswapd/DISKLESS_SERVER
similarity index 100%
rename from fai/config/files/usr/sbin/nbdswapd/DISKLESS_SERVER
rename to fai/config/files/usr/local/sbin/nbdswapd/DISKLESS_SERVER
diff --git a/fai/config/scripts/CLIENT_A/20-misc b/fai/config/scripts/CLIENT_A/20-misc
index cef8995..8bbe3a1 100755
--- a/fai/config/scripts/CLIENT_A/20-misc
+++ b/fai/config/scripts/CLIENT_A/20-misc
@@ -10,6 +10,9 @@ cat > $target/etc/apt/apt.conf.d/proxy <<EOF
Acquire::http::Proxy "http://aptcache.intern:3142/";
EOF
+## authorized_keys for root:
+fcopy -ir /root
+
## Fetch proxy information from wpad.dat:
WPAD=/tmp/wpad.dat
http_proxy=""; wget --output-document=$WPAD http://wpad.intern/wpad.dat
diff --git a/fai/config/scripts/FAISERVER/20-configspace b/fai/config/scripts/FAISERVER/20-configspace
index 08a41af..a3c2b6c 100755
--- a/fai/config/scripts/FAISERVER/20-configspace
+++ b/fai/config/scripts/FAISERVER/20-configspace
@@ -9,5 +9,7 @@ if [ $FAI_ACTION == "install" ] ; then
echo "done."
cp -a /var/lib/fai/config $target/srv/fai/
+ chmod 770 $target/srv/fai/config/
+ chown root:adm $target/srv/fai/config/
echo "New config space copied to faiserver."
fi
diff --git a/fai/config/scripts/SERVER_A/10-misc b/fai/config/scripts/SERVER_A/10-misc
index 4414c1d..77f5251 100755
--- a/fai/config/scripts/SERVER_A/10-misc
+++ b/fai/config/scripts/SERVER_A/10-misc
@@ -12,9 +12,21 @@ if [ ! -z $USERNAME ] && ! $ROOTCMD getent passwd $USERNAME ; then
$ROOTCMD usermod --groups adm,sudo $USERNAME
fi
+## Prepare ssh key pair for root:
+KEY="/root/.ssh/id_rsa"
+if [ ! -e $KEY ]; then
+ $ROOTCMD ssh-keygen -t rsa -N '' -f $KEY
+fi
+if ifclass FAISERVER ; then
+ ## Add public key to fai config space:
+ DIR="/srv/fai/config/files/root/.ssh/authorized_keys/"
+ $ROOTCMD mkdir -pv $DIR
+ $ROOTCMD cp -v ${KEY}.pub $DIR/CLIENT_A
+fi
+
## Make debian-lan-scripts available:
-fcopy -m root,root,0700 /usr/sbin/debian-lan
+fcopy -rm root,root,0700 /usr/local/sbin/
## Use apt-cacher-ng as proxy for APT:
cat > $target/etc/apt/apt.conf.d/proxy <<EOF
--
Debian-LAN development and packaging
More information about the debian-lan-devel
mailing list