[debian-lan-devel] [debian-lan] 03/03: Fixes for jessie. Tested on mainserver and workstation.
Andreas B. Mundt
andi at moszumanska.debian.org
Tue Mar 25 19:21:06 UTC 2014
This is an automated email from the git hooks/post-receive script.
andi pushed a commit to branch master
in repository debian-lan.
commit dd33283bd90ab9909b8d714fadb0765521f46677
Author: Andreas B. Mundt <andi at debian.org>
Date: Sat Mar 22 08:25:03 2014 +0100
Fixes for jessie. Tested on mainserver and workstation.
* Use jessie repositories.
* Remove unavailable packages from package list.
* Fix NFSv4 cfengine script to account for slightly modified syntax in
/etc/default/nfs-*.
* Move web content to new apache document root directory.
* Fix firewall setup: Renamed upstream file.
* LDAP authz-regexp: Add gss-spnego.
* Fix access to CUPS web interface (no kerberos so far).
* Fix nfsroot path.
---
fai/config/files/etc/apt/sources.list/CLIENT_A | 2 +-
fai/config/files/etc/apt/sources.list/GATEWAY_A | 2 +-
fai/config/files/etc/apt/sources.list/SERVER_A | 2 +-
fai/config/files/etc/ldap/slapd.conf/GOSA | 8 +++++---
fai/config/files/etc/ldap/slapd.conf/SERVER_A | 6 ++++++
.../files/usr/local/sbin/dhcpd-keytab/SERVER_A | 2 +-
.../files/var/www/{ => html}/index.html/GOSA | 0
fai/config/hooks/savelog.LAST.source | 3 ++-
fai/config/package_config/DISKLESS_CLIENT | 2 +-
fai/config/package_config/FAIBASE | 2 +-
fai/config/package_config/KERBEROS_CLIENT | 1 -
fai/config/package_config/SERVER_A | 1 +
fai/config/scripts/CUPS_SERVER/10-config | 24 +++++++++++++++-------
fai/config/scripts/FIREWALL/10-config | 4 ++--
fai/config/scripts/GOSA/10-config | 2 +-
fai/config/scripts/NFS_CLIENT/30-config | 4 ++--
fai/config/scripts/NFS_SERVER/10-config | 6 +++---
fai/config/scripts/PROXY/20-wpad | 2 +-
18 files changed, 46 insertions(+), 27 deletions(-)
diff --git a/fai/config/files/etc/apt/sources.list/CLIENT_A b/fai/config/files/etc/apt/sources.list/CLIENT_A
index 5efd091..cbfbf1c 100644
--- a/fai/config/files/etc/apt/sources.list/CLIENT_A
+++ b/fai/config/files/etc/apt/sources.list/CLIENT_A
@@ -1,5 +1,5 @@
deb http://http.debian.net/debian/ jessie main
-deb http://security.debian.org/ stable/updates main
+deb http://security.debian.org/ jessie/updates main
deb http://http.debian.net/debian/ jessie-updates main
## Backports repository:
diff --git a/fai/config/files/etc/apt/sources.list/GATEWAY_A b/fai/config/files/etc/apt/sources.list/GATEWAY_A
index 5efd091..cbfbf1c 100644
--- a/fai/config/files/etc/apt/sources.list/GATEWAY_A
+++ b/fai/config/files/etc/apt/sources.list/GATEWAY_A
@@ -1,5 +1,5 @@
deb http://http.debian.net/debian/ jessie main
-deb http://security.debian.org/ stable/updates main
+deb http://security.debian.org/ jessie/updates main
deb http://http.debian.net/debian/ jessie-updates main
## Backports repository:
diff --git a/fai/config/files/etc/apt/sources.list/SERVER_A b/fai/config/files/etc/apt/sources.list/SERVER_A
index 5efd091..cbfbf1c 100644
--- a/fai/config/files/etc/apt/sources.list/SERVER_A
+++ b/fai/config/files/etc/apt/sources.list/SERVER_A
@@ -1,5 +1,5 @@
deb http://http.debian.net/debian/ jessie main
-deb http://security.debian.org/ stable/updates main
+deb http://security.debian.org/ jessie/updates main
deb http://http.debian.net/debian/ jessie-updates main
## Backports repository:
diff --git a/fai/config/files/etc/ldap/slapd.conf/GOSA b/fai/config/files/etc/ldap/slapd.conf/GOSA
index 5dae8c9..52278af 100644
--- a/fai/config/files/etc/ldap/slapd.conf/GOSA
+++ b/fai/config/files/etc/ldap/slapd.conf/GOSA
@@ -111,9 +111,11 @@ checkpoint 512 30
authz-regexp "uid=([^,]*),cn=gssapi,cn=auth"
"ldap:///dc=intern??sub?(uid=$1)"
-## map authentication via sasl on user dn:
-#authz-regexp "uid=([^,]*),cn=intern,cn=gssapi,cn=auth"
-# "ldap:///dc=intern??sub?(uid=$1)"
+authz-regexp "uid=([^,]*),cn=gss-spnego,cn=auth"
+ "ldap:///dc=intern??sub?(uid=$1)"
+
+authz-regexp "uid=([^,]*),cn=intern,cn=gssapi,cn=auth"
+ "ldap:///dc=intern??sub?(uid=$1)"
################# GOsa access ###################
access to dn.subtree="ou=gosa,dc=intern"
diff --git a/fai/config/files/etc/ldap/slapd.conf/SERVER_A b/fai/config/files/etc/ldap/slapd.conf/SERVER_A
index df1e6d7..0015244 100644
--- a/fai/config/files/etc/ldap/slapd.conf/SERVER_A
+++ b/fai/config/files/etc/ldap/slapd.conf/SERVER_A
@@ -96,6 +96,12 @@ checkpoint 512 30
authz-regexp "uid=([^,]*),cn=gssapi,cn=auth"
"ldap:///dc=intern??sub?(uid=$1)"
+authz-regexp "uid=([^,]*),cn=gss-spnego,cn=auth"
+ "ldap:///dc=intern??sub?(uid=$1)"
+
+authz-regexp "uid=([^,]*),cn=intern,cn=gssapi,cn=auth"
+ "ldap:///dc=intern??sub?(uid=$1)"
+
access to attrs=userPassword
by anonymous auth
by self write
diff --git a/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A b/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A
index 80a4571..b90734c 100755
--- a/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A
+++ b/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A
@@ -7,7 +7,7 @@
set -e
DATADIR="/root/installation/"
-NFSROOT="/srv/fai/nfsroot/live/filesystem.dir/"
+NFSROOT="/srv/fai/nfsroot/"
MACHINE=$1
WAIT=60
diff --git a/fai/config/files/var/www/index.html/GOSA b/fai/config/files/var/www/html/index.html/GOSA
similarity index 100%
rename from fai/config/files/var/www/index.html/GOSA
rename to fai/config/files/var/www/html/index.html/GOSA
diff --git a/fai/config/hooks/savelog.LAST.source b/fai/config/hooks/savelog.LAST.source
index 6c3a888..8a19ca2 100755
--- a/fai/config/hooks/savelog.LAST.source
+++ b/fai/config/hooks/savelog.LAST.source
@@ -160,7 +160,8 @@ Warning: you may need to reload your webservice!
/boot/grub/video.lst: No such file or directory
/boot/grub/video.lst: No such file or directory
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
-Resolving www.intern (www.intern)... failed: Name or service not known."
+Resolving www.intern (www.intern)... failed: Name or service not known
+Enabling conf localized-error-pages"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# The main routine
errorpatterns="$globalerrorpatterns
diff --git a/fai/config/package_config/DISKLESS_CLIENT b/fai/config/package_config/DISKLESS_CLIENT
index 0cb1ee6..e729aa5 100644
--- a/fai/config/package_config/DISKLESS_CLIENT
+++ b/fai/config/package_config/DISKLESS_CLIENT
@@ -54,7 +54,7 @@ openssh-client
strace
time
procinfo
-nullmailer
+#nullmailer # https://bugs.debian.org/329192
eject
locales
console-common
diff --git a/fai/config/package_config/FAIBASE b/fai/config/package_config/FAIBASE
index b36c733..0cdb654 100644
--- a/fai/config/package_config/FAIBASE
+++ b/fai/config/package_config/FAIBASE
@@ -12,7 +12,7 @@ openssh-client openssh-server
strace
time
procinfo
-nullmailer
+#nullmailer # https://bugs.debian.org/329192
eject
locales
console-setup kbd
diff --git a/fai/config/package_config/KERBEROS_CLIENT b/fai/config/package_config/KERBEROS_CLIENT
index 8630c0f..8ed6235 100644
--- a/fai/config/package_config/KERBEROS_CLIENT
+++ b/fai/config/package_config/KERBEROS_CLIENT
@@ -3,6 +3,5 @@
PACKAGES aptitude
krb5-user
libpam-krb5
-krb5-clients
libsasl2-modules-gssapi-mit
ntp
diff --git a/fai/config/package_config/SERVER_A b/fai/config/package_config/SERVER_A
index ba3f60b..9c5b4b3 100644
--- a/fai/config/package_config/SERVER_A
+++ b/fai/config/package_config/SERVER_A
@@ -7,6 +7,7 @@ screen
exim4 nullmailer-
etckeeper
unattended-upgrades
+# avahi-daemon # CUPS?
## backup:
dirvish
diff --git a/fai/config/scripts/CUPS_SERVER/10-config b/fai/config/scripts/CUPS_SERVER/10-config
index bb0c573..9137f3d 100755
--- a/fai/config/scripts/CUPS_SERVER/10-config
+++ b/fai/config/scripts/CUPS_SERVER/10-config
@@ -16,23 +16,33 @@ editfiles:
InsertLine 'Port 631'
InsertLine 'ServerAlias print.intern'
- LocateLineMatching 'BrowseAllow all'
- InsertLine 'BrowseRemoteProtocols cups dnssd'
- InsertLine 'BrowseAddress @LOCAL'
-
LocateLineMatching '<Location />'
LocateLineMatching ' Order allow,deny'
InsertLine ' # Allow remote access'
- InsertLine ' Allow all'
+ InsertLine ' Allow @LOCAL'
LocateLineMatching '<Location /admin>'
LocateLineMatching ' Order allow,deny'
InsertLine ' # Allow remote access'
- InsertLine ' Allow all'
+ InsertLine ' Allow @LOCAL'
LocateLineMatching '<Location /admin/conf>'
LocateLineMatching ' Order allow,deny'
InsertLine ' # Allow remote access'
- InsertLine ' Allow all'
+ InsertLine ' Allow @LOCAL'
EndGroup
}
+
+
+
+# Comparable script:
+#
+# ## Skip if not installing/converting:
+# if [ "$FAI_ACTION" != "install" ] && [ "$CONVERT" != "true" ] ; then
+# exit 0
+# fi
+#
+# sed -i "s/Listen localhost:631/Port 631/" ${target}/etc/cups/cupsd.conf
+# $ROOTCMD cupsctl ServerAlias=print.intern
+# $ROOTCMD cupsctl --remote-admin
+# $ROOTCMD cupsctl DefaultAuthType=Negotiate
diff --git a/fai/config/scripts/FIREWALL/10-config b/fai/config/scripts/FIREWALL/10-config
index 5b65c2e..c5a78b9 100755
--- a/fai/config/scripts/FIREWALL/10-config
+++ b/fai/config/scripts/FIREWALL/10-config
@@ -11,7 +11,7 @@ CONFDIR="${target}/etc/shorewall/"
prepare_shorewall(){
## Use shorewall's "two-interfaces" example as base setup:
- for FILE in interfaces masq policy routestopped rules zones ; do
+ for FILE in interfaces masq policy stoppedrules rules zones ; do
cp -v ${target}/usr/share/doc/shorewall/examples/two-interfaces/$FILE $CONFDIR
done
@@ -19,7 +19,7 @@ prepare_shorewall(){
sed -i "s/IP_FORWARDING=Keep/IP_FORWARDING=on/" $CONFDIR/shorewall.conf
## Define interfaces and use parameters:
- sed -i -e 's/eth0/\$NET_IF/' -e 's/eth1/\$LOC_IF/' $CONFDIR/interfaces $CONFDIR/masq $CONFDIR/routestopped
+ sed -i -e 's/eth0/\$NET_IF/' -e 's/eth1/\$LOC_IF/' $CONFDIR/interfaces $CONFDIR/masq $CONFDIR/stoppedrules
sed -i -e '$i LOC_IF=eth0' -e '$i NET_IF=eth1' $CONFDIR/params
## Limited ssh access:
diff --git a/fai/config/scripts/GOSA/10-config b/fai/config/scripts/GOSA/10-config
index 2d6b1dc..7cb7c1c 100755
--- a/fai/config/scripts/GOSA/10-config
+++ b/fai/config/scripts/GOSA/10-config
@@ -15,7 +15,7 @@ fcopy -m root,root,0770 /usr/local/sbin/gosa-sync
fcopy -m root,root,0770 /usr/local/sbin/gosa-remove
fcopy -m root,root,0770 /usr/local/sbin/add2gosa
-fcopy /var/www/index.html
+fcopy /var/www/html/index.html
## Insert password:
PWFILE="$DATADIR/LDAPadminPWD"
diff --git a/fai/config/scripts/NFS_CLIENT/30-config b/fai/config/scripts/NFS_CLIENT/30-config
index 2c6bf1f..c90923a 100755
--- a/fai/config/scripts/NFS_CLIENT/30-config
+++ b/fai/config/scripts/NFS_CLIENT/30-config
@@ -9,9 +9,9 @@ editfiles:
any::
{ ${target}/etc/default/nfs-common
## Start the idmapd daemon:
- ReplaceAll "NEED_IDMAPD=$" With "NEED_IDMAPD=yes"
+ ReplaceAll 'NEED_IDMAPD=.*' With 'NEED_IDMAPD="yes"'
## Start the gssd daemon:
- ReplaceAll "NEED_GSSD=$" With "NEED_GSSD=yes"
+ ReplaceAll 'NEED_GSSD=.*' With 'NEED_GSSD="yes"'
}
{ ${target}/etc/idmapd.conf
diff --git a/fai/config/scripts/NFS_SERVER/10-config b/fai/config/scripts/NFS_SERVER/10-config
index 109adf5..09fcbf4 100755
--- a/fai/config/scripts/NFS_SERVER/10-config
+++ b/fai/config/scripts/NFS_SERVER/10-config
@@ -14,9 +14,9 @@ editfiles:
any::
{ ${target}/etc/default/nfs-common
## start the idmapd daemon:
- ReplaceAll "NEED_IDMAPD=$" With "NEED_IDMAPD=yes"
+ ReplaceAll 'NEED_IDMAPD=.*' With 'NEED_IDMAPD="yes"'
## start the gssd daemon:
- ReplaceAll "NEED_GSSD=$" With "NEED_GSSD=yes"
+ ReplaceAll 'NEED_GSSD=.*' With 'NEED_GSSD="yes"'
}
{ ${target}/etc/idmapd.conf
@@ -37,7 +37,7 @@ editfiles:
{ ${target}/etc/default/nfs-kernel-server
## Start the svcgssd daemon:
- ReplaceAll "NEED_SVCGSSD=$" With "NEED_SVCGSSD=yes"
+ ReplaceAll 'NEED_SVCGSSD=.*' With 'NEED_SVCGSSD="yes"'
}
{ ${target}/etc/default/autofs
diff --git a/fai/config/scripts/PROXY/20-wpad b/fai/config/scripts/PROXY/20-wpad
index 5b0ca08..4c9a890 100755
--- a/fai/config/scripts/PROXY/20-wpad
+++ b/fai/config/scripts/PROXY/20-wpad
@@ -9,7 +9,7 @@ else
PORT="3128"
fi
-cat > $target/var/www/wpad.dat <<EOF
+cat > $target/var/www/html/wpad.dat <<EOF
function FindProxyForURL(url, host)
{
return "PROXY webcache:$PORT; DIRECT";
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/debian-lan.git
More information about the debian-lan-devel
mailing list