[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 3 commits: Create first user's Samba account at first boot of a main server Closes: #987632)
Wolfgang Schweer
gitlab at salsa.debian.org
Mon Apr 26 22:11:56 BST 2021
Wolfgang Schweer pushed to branch master at Debian Edu / debian-edu-config
Commits:
c996f6e7 by Wolfgang Schweer at 2021-04-26T23:00:02+02:00
Create first user's Samba account at first boot of a main server Closes: #987632)
(At first boot all required information is available via LDAP and debconf.)
Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the required
password from debconf and let tools/run-at-firstboot create the Samba account.
Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>
- - - - -
192a0693 by Wolfgang Schweer at 2021-04-26T23:01:01+02:00
Fix typo in d/changelog
Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>
- - - - -
2c76729b by Wolfgang Schweer at 2021-04-26T23:10:33+02:00
Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634)
Fix LTSP Initrd specific path component construction in case a 32-bit combined
server is installed.
Provide a full name for diskless workstation to show up in the iPXE menu.
Use BD ISO image as mirror to enable complete offline installations of a combined server
Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>
- - - - -
4 changed files:
- debian/changelog
- sbin/debian-edu-ltsp-install
- share/debian-edu-config/tools/kerberos-kdc-init
- share/debian-edu-config/tools/run-at-firstboot
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,19 @@
+debian-edu-config (2.11.55) UNRELEASED; urgency=medium
+
+ * Create first user's Samba account at first boot of a main server when all
+ required information is available via LDAP and debconf. Closes: #987632)
+ - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
+ required password from debconf and let tools/run-at-firstboot create the
+ Samba account.
+ * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634)
+ - Fix LTSP Initrd specific path component construction in case a 32-bit
+ combined server is installed.
+ - Provide a full name for diskless workstation to show up in the iPXE menu.
+ - Use BD ISO image as mirror to enable complete offline installations of a
+ combined server
+
+ -- Wolfgang Schweer <wschweer at arcor.de> Mon, 26 Apr 2021 22:39:29 +0200
+
debian-edu-config (2.11.54) unstable; urgency=medium
[ Wolfgang Schweer ]
=====================================
sbin/debian-edu-ltsp-install
=====================================
@@ -17,7 +17,7 @@
# Author/Copyright: Wolfgang Schweer <wschweer at arcor.de>
# Licence: GPL2+
# first edited: 2019-11-21
-# last edited: 2021-02-04
+# last edited: 2021-04-26
set -e
@@ -137,6 +137,8 @@ IPXE_DESKTOP_I386_IMG="Desktop Mode X2Go Thin Client (very old machines, 32-Bit)
# Provide a full menu name for x86_64.img
IPXE_X86_64_IMG="Diskless Workstation (64-Bit)"
+# Provide a full menu name for x86_32.img
+IPXE_X86_32_IMG="Diskless Workstation (32-Bit)"
##### Set default boot value ######
# Default value is x86_64 or x86_32 (arch specific, Diskless Workstation)
@@ -339,18 +341,33 @@ cat <<EOF > /etc/ltsp/skel/.x2goclient/settings
show=false
EOF
+# Specific settings needed if BD ISO image is used for installation.
+if grep -q BD /etc/apt/sources.list ; then
+ BD_ISO="true";
+ device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)"
+ mirror="file:///media/cdrom/"
+else
+ mirror="http://deb.debian.org/debian"
+fi
+
# Create thin client chroot and generate image.
export DEBIAN_FRONTEND=noninteractive
if ! [ "" == "$thin_type" ] && [ ! -d /srv/ltsp/thin/"$thin_type"-"$arch"/etc/ltsp ] ; then
mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"
# Install common thin client packages.
-debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch" \
- "$dist" /srv/ltsp/thin/"$thin_type"-"$arch" http://deb.debian.org/debian
+debootstrap --arch="$arch" --no-check-gpg --variant=minbase --include=linux-image-"$kernel_arch" \
+ "$dist" /srv/ltsp/thin/"$thin_type"-"$arch" "$mirror"
chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt clean
mount /dev/pts -t devpts /srv/ltsp/thin/"$thin_type"-"$arch"/dev/pts
mount proc -t proc /srv/ltsp/thin/"$thin_type"-"$arch"/proc
mount tmpfs -t tmpfs /srv/ltsp/thin/"$thin_type"-"$arch"/tmp
mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/tmp/user/0
+ if [ "true" == "$BD_ISO" ] ; then
+ mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
+ mount $device /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
+ cp /var/cache/apt/*.bin /srv/ltsp/thin/"$thin_type"-"$arch"/var/cache/apt/
+ echo "deb [trusted=yes] $mirror $dist main" > /srv/ltsp/thin/"$thin_type"-"$arch"/etc/apt/sources.list
+ fi
chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt -y -qq install education-thin-client p910nd
# Install case specific additional packages.
if [ "display" == "$thin_type" ] ; then
@@ -361,6 +378,9 @@ debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch
x2gothinclient-cdmanager x2gothinclient-usbmount \
firefox-esr-l10n-"$LANGCODE"
fi
+ if [ "true" == "$BD_ISO" ] ; then
+ umount /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
+ fi
umount /srv/ltsp/thin/"$thin_type"-"$arch"/dev/pts
umount /srv/ltsp/thin/"$thin_type"-"$arch"/proc
umount /srv/ltsp/thin/"$thin_type"-"$arch"/tmp
@@ -472,8 +492,11 @@ EOF
# next modification avoids ltsp command error if lot of images are available.
ALL_IMAGES=1 ltsp kernel
ltsp initrd
- mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/"$(uname -m)"/ltsp.img
-
+ if uname -r | grep -q 686 ; then
+ mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/x86_32/ltsp.img
+ else
+ mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/"$(uname -m)"/ltsp.img
+ fi
# Clean up ltsp.conf from specific items.
sed -i '/PRE_INIT_MAIN/d' /etc/ltsp/ltsp.conf
sed -i '/MASK_SYSTEM/d' /etc/ltsp/ltsp.conf
=====================================
share/debian-edu-config/tools/kerberos-kdc-init
=====================================
@@ -260,8 +260,12 @@ firstuser_post() {
firstuser_samba() {
echo "Adding Samba account for '$FIRSTUSERNAME'"
(echo $FIRSTUSERPWD; echo $FIRSTUSERPWD) | smbpasswd -a -s $FIRSTUSERNAME
- db_set debian-edu-config/first-user-password ''
- echo "First user password cleared from debconf database." 1>&2
+ # Clear password in case of success, i.e. if this script is called via
+ # /usr/share/debian-edu-config/tools/edu-ldap-from-scratch (outside d-i).
+ if pdbedit -L -v $FIRSTUSERNAME >/dev/null 2>&1 ; then
+ db_set debian-edu-config/first-user-password ''
+ echo "First user password cleared from debconf database." 1>&2
+ fi
}
## check if there is no kdc yet:
=====================================
share/debian-edu-config/tools/run-at-firstboot
=====================================
@@ -7,6 +7,9 @@ if [ -f /etc/debian-edu/config ] ; then
. /etc/debian-edu/config
fi
+# Enable debconf
+. /usr/share/debconf/confmodule
+
# Grab dist value for both testing and stable release cases.
if grep -q / /etc/debian_version ; then
dist=$(cat /etc/debian_version | cut -d/ -f1)
@@ -112,6 +115,19 @@ welcome to the mail-system.
EOF
logger -t exim-create-environment -p notice Sent mail to first-user.
fi
+
+# Create first user's Samba account. The smbpasswd command fails inside d-i
+# because user information from LDAP is missing at that time. All passwords have
+# been cleared from the debconf database inside d-i, except the one needed here.
+if echo "$PROFILE" | grep -q Main-Server ; then
+ db_get debian-edu-config/first-user-password
+ FIRSTUSERPWD="$RET"
+ (echo "$FIRSTUSERPWD"; echo "$FIRSTUSERPWD") | smbpasswd -a -s $FIRSTUSER
+ info "Added Samba account for '$FIRSTUSER'."
+ db_set debian-edu-config/first-user-password ''
+ info "First user password cleared from debconf database."
+fi
+
if [ -x /usr/bin/etckeeper ] ; then
etckeeper commit "End of first boot" > /dev/null 2>&1 || true
fi
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/e527178adb23cb609e9f9ac78a92fc584031bad5...2c76729bcf1d3c8d91493158a4bc495532a767f4
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/e527178adb23cb609e9f9ac78a92fc584031bad5...2c76729bcf1d3c8d91493158a4bc495532a767f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20210426/e3f07222/attachment-0001.htm>
More information about the debian-edu-commits
mailing list