1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#!/bin/bash
set -e
# Copyright (C) 2018 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
#
# This script is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
LTSP_OPT="/srv/ltsp"
# work around libpam-tmpdir not working for the
# root user and /tmp being too small anyway...
TMPDIR="/srv/tmp"
export TMPDIR
mkdir -p ${TMPDIR}/
chown root:root ${TMPDIR}
chmod 1777 ${TMPDIR}
if [ -e "/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in" ] && cat "/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in" | grep -v "#" | grep -q "@rootpw@"; then
# Drop previous ltsp.conf (yes, we want to do that!)
rm /etc/ltsp/ltsp.conf
touch /etc/ltsp/ltsp.conf
chown root:root /etc/ltsp/ltsp.conf
chmod 0600 /etc/ltsp/ltsp.conf
echo "# THIS FILE IS RE-CREATED DAILY FROM /etc/ltsp/ltsp.conf.itzks-systems-disklserver.in - DON'T EDIT THIS FILE" >> /etc/ltsp/ltsp.conf
echo >> /etc/ltsp/ltsp.conf
# configure LTSP before creating ltsp.img and iPXE config
host_rootpw=$(cat /etc/shadow | grep -E "^root:" | cut -d":" -f2)
[ "$host_rootpw" ] && export host_rootpw && perl -p -e "s/\@rootpw\@/\$ENV{host_rootpw}/g" "/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in" >> "/etc/ltsp/ltsp.conf"
unset host_rootpw
fi
ltsp_chroots="$(ls "${LTSP_OPT}" | while read chroot_dir; do test ! -h "${LTSP_OPT}/${chroot_dir}" -a -x "${LTSP_OPT}/${chroot_dir}/bin/bash" && echo -n "${chroot_dir} " || true; done)"
ltsp_chroots="${ltsp_chroots%%?*( )}"
for chroot in ${ltsp_chroots}; do
if [ -e "${LTSP_OPT}/${chroot}/chroot-upgrade-in-process" ]; then
echo "Chroot ${LTSP_OPT}/${chroot} is currently being upgraded. Skipping..."
continue
fi
latest_upgrade=$(ls ${LTSP_OPT}/${chroot} | grep -E 'chroot-updated_[0-9]{8}$' | sort | tail -n1)
if [ -z "${latest_upgrade}" ]; then
echo "chroot ${LTSP_OPT}/${chroot} lacks the chroot-updated_<date> file. Can't proceeed. Skipping..."
continue
fi
# several chroot preparations (also helpful when directly booting the nfsroot)...
# These preparations run with every script execution (i.e. daily via CRON) to make sure the
# NFS chroot is updated.
# Copy an appropriate SSH secret key for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/id_<crypto>.
# Currently we prefer disklserver:/root/.ssh/id_<crypto>.DLW and fall back to the host's private key file
# (i.e. disklserver:/root/.ssh/id_<crypto>).
for priv_key_file in id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk d_rsa; do
if [ -e "/root/.ssh/${priv_key_file}.DLW" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then
cp "/root/.ssh/${priv_key_file}.DLW" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}"
elif [ -e "/root/.ssh/${priv_key_file}" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then
cp "/root/.ssh/${priv_key_file}" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}"
fi
done
# Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys)
# Use host's authorized_keys file for granting DLW access via SSH as root without password
if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then
cp "/root/.ssh/authorized_keys" "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys"
fi
# Create the SquashFS image (if an update is required)
if [ -e "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created" ]; then
echo "chroot ${LTSP_OPT}/${chroot}'s squashfs image is up-to-date. Skipping..."
else
if ltsp image "${LTSP_OPT}/${chroot}"; then
rm -f "${LTSP_OPT}/${chroot}/chroot-updated_*.squashfs-created"
touch "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created"
fi
fi
done
# let's update kernel images, ltsp.img (LTSP initrd) and LTSP's iPXE
# boot menu configuration, just in case...
ALL_IMAGES=1 ltsp kernel
ltsp initrd
ltsp ipxe
|
