[debian-lan-devel] [debian-lan] 02/03: Implement SSHFS_CLIENT class for diskless clients.
Andreas B. Mundt
andi at moszumanska.debian.org
Mon Jun 16 19:39:25 UTC 2014
This is an automated email from the git hooks/post-receive script.
andi pushed a commit to branch master
in repository debian-lan.
commit 6b6da8a03b1ca1f33a2649589a9c7802cda8f7dc
Author: Andreas B. Mundt <andi at debian.org>
Date: Mon Jun 16 14:28:31 2014 +0200
Implement SSHFS_CLIENT class for diskless clients.
Allow to use sshfs for mounting the home directories on diskless
clients. Usefull when the kerberos credentials hack used so far
breaks.
---
fai/config/class/50-host-classes | 2 ++
fai/config/package_config/DISKLESS_CLIENT | 7 +++++++
fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5 | 8 +++++---
fai/config/scripts/SSHFS_CLIENT/10-pam_mount | 25 +++++++++++++++++++++++++
4 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 41c988a..d1f40e2 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -84,6 +84,8 @@ case $HOSTNAME in
diskless)
## You might want to add some localization class like:
# echo "DEBIAN $WORKSTATION_A XORG DISKLESS_CLIENT GERMAN"
+ ## Add SSHFS_CLIENT if you prefer sshfs for the home directory:
+ # echo "DEBIAN $WORKSTATION_A XORG DISKLESS_CLIENT SSHFS_CLIENT"
echo "DEBIAN $WORKSTATION_A XORG DISKLESS_CLIENT"
## skip GRUB_PC below:
exit 0 ;;
diff --git a/fai/config/package_config/DISKLESS_CLIENT b/fai/config/package_config/DISKLESS_CLIENT
index e729aa5..c9f54c4 100644
--- a/fai/config/package_config/DISKLESS_CLIENT
+++ b/fai/config/package_config/DISKLESS_CLIENT
@@ -62,3 +62,10 @@ pciutils usbutils
#heirloom-mailx
mutt
acpi-support-base
+
+
+PACKAGES aptitude SSHFS_CLIENT
+sshfs
+libpam-mount
+libpam-script-
+autofs-ldap-
diff --git a/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5 b/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
index ecf26fd..22a1ecd 100755
--- a/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
+++ b/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
@@ -2,6 +2,8 @@
#
set -e
-ainsl /etc/default/nfs-common 'RPCGSSDOPTS="-n"'
-ainsl /etc/pam.d/common-auth 'auth optional pam_script.so'
-fcopy -m root,root,0755 /usr/share/libpam-script/pam_script_auth
+if ! ifclass SSHFS_CLIENT ; then
+ ainsl /etc/default/nfs-common 'RPCGSSDOPTS="-n"'
+ ainsl /etc/pam.d/common-auth 'auth optional pam_script.so'
+ fcopy -m root,root,0755 /usr/share/libpam-script/pam_script_auth
+fi
diff --git a/fai/config/scripts/SSHFS_CLIENT/10-pam_mount b/fai/config/scripts/SSHFS_CLIENT/10-pam_mount
new file mode 100755
index 0000000..d22b315
--- /dev/null
+++ b/fai/config/scripts/SSHFS_CLIENT/10-pam_mount
@@ -0,0 +1,25 @@
+#!/usr/sbin/cfagent -f
+
+control:
+ any::
+ actionsequence = ( editfiles )
+ EditFileSize = ( 30000 )
+
+editfiles:
+ any::
+ { ${target}/etc/fuse.conf
+ SetCommentStart "#"
+ UnCommentLinesMatching "#user_allow_other"
+ }
+
+ { ${target}/etc/security/pam_mount.conf.xml
+ # We need to first mount sshfs to some location other than $HOME, because of a deadlock fuse/ssh
+ # when mounting directly to $HOME. (Perhaps related to ~/.ssh in the home directory).
+ BeginGroupIfNoSuchLine '<!-- Debian-LAN -->'
+ LocateLineMatching '\s*<!-- Volume definitions -->'
+ InsertLine '<!-- Debian-LAN -->'
+ InsertLine '<volume fstype="fuse" path="sshfs#%(USER)@mainserver:" mountpoint="/home/%(USER)"'
+ InsertLine ' options="GSSAPIAuthentication=yes,StrictHostKeyChecking=no,allow_root" />'
+ InsertLine '<volume path="/home/%(USER)" mountpoint="~" options="bind" />'
+ EndGroup
+ }
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/debian-lan.git
More information about the debian-lan-devel
mailing list