Make /usr readonly to support OSTree
OSTree structure requires /usr to be readonly as OSTree's dracut hook creates a read-only bind mount over /usr. 1. deploy validate_postgresql_connection.sh directly to /usr/local/bin. It was copied to the location after installation. 2. move /usr/local/etc/ldapscripts to /etc/ldapscripts, files need writable. 3. move /usr/libexec/cni to /opt/cni/bin. Plugins are installed at runtime. TCs: provision aio-dx centos with /usr mount to readonly fs. unlocked host provision aio-sx debian and unlocked host. upgrade AIO-DX from 21.12 upgrade AIO-SX from 21.12 successfully apply cert-manager and nginx-ingress-controller Story: 2009101 Task: 44314 Change-Id: I99231f3f7db3d2d8eaceba137e13dea650370f71 Signed-off-by: Bin Qian <bin.qian@windriver.com>
This commit is contained in:
parent
c55c77ee88
commit
54f2f7d6c6
@ -29,6 +29,8 @@ Requires: puppet-concat
|
|||||||
%description
|
%description
|
||||||
A Puppet module for managing PostgreSQL databases
|
A Puppet module for managing PostgreSQL databases
|
||||||
|
|
||||||
|
%define local_bindir /usr/local/bin
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -n %{prefix}-%{module_dir}
|
%setup -n %{prefix}-%{module_dir}
|
||||||
%patch0001 -p1
|
%patch0001 -p1
|
||||||
@ -45,8 +47,10 @@ find . \( -name spec -o -name ext \) | xargs rm -rf
|
|||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
install -d -m 0755 %{buildroot}/%{_datadir}/puppet/modules/%{module_dir}
|
install -d -m 0755 %{buildroot}/%{_datadir}/puppet/modules/%{module_dir}
|
||||||
cp -rp * %{buildroot}/%{_datadir}/puppet/modules/%{module_dir}/
|
cp -rp * %{buildroot}/%{_datadir}/puppet/modules/%{module_dir}/
|
||||||
|
install -d -m 0755 %{buildroot}%{local_bindir}/
|
||||||
|
install -p -D -m 755 files/validate_postgresql_connection.sh %{buildroot}%{local_bindir}/
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%license %{_datadir}/puppet/modules/%{module_dir}/LICENSE
|
%license %{_datadir}/puppet/modules/%{module_dir}/LICENSE
|
||||||
%{_datadir}/puppet/modules/%{module_dir}
|
%{_datadir}/puppet/modules/%{module_dir}
|
||||||
|
%{local_bindir}/validate_postgresql_connection.sh
|
||||||
|
@ -77,8 +77,8 @@ for d in $PLUGINS; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
%install
|
%install
|
||||||
install -d -p %{buildroot}%{_libexecdir}/cni/
|
install -d -p %{buildroot}/opt/cni/bin
|
||||||
install -p -m 0755 bin/* %{buildroot}/%{_libexecdir}/cni
|
install -p -m 0755 bin/* %{buildroot}/opt/cni/bin
|
||||||
|
|
||||||
%check
|
%check
|
||||||
%if 0%{?with_check}
|
%if 0%{?with_check}
|
||||||
@ -119,8 +119,8 @@ install -p -m 0755 bin/* %{buildroot}/%{_libexecdir}/cni
|
|||||||
%files
|
%files
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%doc *.md
|
%doc *.md
|
||||||
%dir %{_libexecdir}/cni
|
%dir /opt/cni/bin
|
||||||
%{_libexecdir}/cni/*
|
/opt/cni/bin/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Feb 17 2022 Steven Webster <steven.webster@windriver.com> - 1.0.1
|
* Thu Feb 17 2022 Steven Webster <steven.webster@windriver.com> - 1.0.1
|
||||||
|
@ -1 +1 @@
|
|||||||
usr/bin/* usr/libexec/cni/
|
usr/bin/* opt/cni/bin
|
||||||
|
@ -20,6 +20,7 @@ Patch1: sudo-delete-support.patch
|
|||||||
Patch2: log_timestamp.patch
|
Patch2: log_timestamp.patch
|
||||||
Patch3: ldap-user-setup-support.patch
|
Patch3: ldap-user-setup-support.patch
|
||||||
Patch4: allow-anonymous-bind-for-ldap-search.patch
|
Patch4: allow-anonymous-bind-for-ldap-search.patch
|
||||||
|
Patch5: install-ldapscripts-files-to-etc.patch
|
||||||
|
|
||||||
%define debug_package %{nil}
|
%define debug_package %{nil}
|
||||||
|
|
||||||
@ -36,6 +37,7 @@ Shell scripts that allow to manage POSIX accounts (users, groups, machines) in a
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -46,21 +48,22 @@ rm -Rf %{buildroot}/usr/local/man
|
|||||||
rm -f %{buildroot}/usr/local/sbin/*machine*
|
rm -f %{buildroot}/usr/local/sbin/*machine*
|
||||||
rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample
|
rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample
|
||||||
install -d %{buildroot}/usr/local/etc/
|
install -d %{buildroot}/usr/local/etc/
|
||||||
install -m 644 %{SOURCE1} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.conf
|
install -d %{buildroot}/etc/ldapscripts/
|
||||||
install -m 644 %{SOURCE2} %{buildroot}/usr/local/etc/ldapscripts/ldapadduser.template.cgcs
|
install -m 644 %{SOURCE1} %{buildroot}/etc/ldapscripts/ldapscripts.conf
|
||||||
install -m 644 %{SOURCE3} %{buildroot}/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs
|
install -m 644 %{SOURCE2} %{buildroot}/etc/ldapscripts/ldapadduser.template.cgcs
|
||||||
install -m 644 %{SOURCE4} %{buildroot}/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs
|
install -m 644 %{SOURCE3} %{buildroot}/etc/ldapscripts/ldapaddgroup.template.cgcs
|
||||||
install -m 644 %{SOURCE5} %{buildroot}/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs
|
install -m 644 %{SOURCE4} %{buildroot}/etc/ldapscripts/ldapmoduser.template.cgcs
|
||||||
install -m 644 %{SOURCE6} %{buildroot}/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs
|
install -m 644 %{SOURCE5} %{buildroot}/etc/ldapscripts/ldapaddsudo.template.cgcs
|
||||||
install -m 600 %{SOURCE7} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.passwd
|
install -m 644 %{SOURCE6} %{buildroot}/etc/ldapscripts/ldapmodsudo.template.cgcs
|
||||||
|
install -m 600 %{SOURCE7} %{buildroot}/etc/ldapscripts/ldapscripts.passwd
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%dir /usr/local/etc/ldapscripts/
|
%dir /etc/ldapscripts/
|
||||||
%dir /usr/local/lib/ldapscripts/
|
%dir /usr/local/lib/ldapscripts/
|
||||||
/usr/local/sbin/*
|
/usr/local/sbin/*
|
||||||
%config(noreplace) /usr/local/etc/ldapscripts/ldapscripts.passwd
|
%config(noreplace) /etc/ldapscripts/ldapscripts.passwd
|
||||||
/usr/local/etc/ldapscripts/*
|
/etc/ldapscripts/*
|
||||||
/usr/local/lib/ldapscripts/*
|
/usr/local/lib/ldapscripts/*
|
||||||
|
|
||||||
|
|
||||||
|
@ -0,0 +1,53 @@
|
|||||||
|
From c3f8f0bae32fb59eb9f7e4be7b88e9e8931a9711 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bin Qian <bin.qian@windriver.com>
|
||||||
|
Date: Wed, 27 Apr 2022 22:08:59 +0000
|
||||||
|
Subject: [PATCH] install ldapscripts files to /etc
|
||||||
|
|
||||||
|
Install ldapscripts files to /etc where they originally deployed to.
|
||||||
|
As /usr needs to be readonly to support OSTree
|
||||||
|
|
||||||
|
Signed-off-by: Bin Qian <bin.qian@windriver.com>
|
||||||
|
---
|
||||||
|
debian/rules | 22 +++++++++++-----------
|
||||||
|
1 file changed, 11 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/debian/rules b/debian/rules
|
||||||
|
index cad1a0f..1388e4c 100755
|
||||||
|
--- a/debian/rules
|
||||||
|
+++ b/debian/rules
|
||||||
|
@@ -9,14 +9,14 @@ override_dh_auto_install:
|
||||||
|
$(MAKE) install DESTDIR=debian/ldapscripts PREFIX=/usr ETCDIR=/etc/ldapscripts LIBDIR=/usr/share/ldapscripts MANDIR=/usr/share/man
|
||||||
|
cp debian/runtime.debian debian/ldapscripts/usr/share/ldapscripts
|
||||||
|
rm debian/ldapscripts/etc/ldapscripts/*.sample
|
||||||
|
- $(MAKE) install DESTDIR=debian/ldapscripts PREFIX=/usr ETCDIR=/usr/local/etc/ldapscripts
|
||||||
|
- install -m 644 ldapscripts.conf.cgcs debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
- install -m 644 ldapadduser.template.cgcs debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
- install -m 644 ldapaddgroup.template.cgcs debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
- install -m 644 ldapmoduser.template.cgcs debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
- install -m 644 ldapaddsudo.template.cgcs debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
- install -m 644 ldapmodsudo.template.cgcs debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
- install -m 600 ldapscripts.passwd debian/ldapscripts/usr/local/etc/ldapscripts
|
||||||
|
+ $(MAKE) install DESTDIR=debian/ldapscripts PREFIX=/usr ETCDIR=/etc/ldapscripts
|
||||||
|
+ install -m 644 ldapscripts.conf.cgcs debian/ldapscripts/etc/ldapscripts
|
||||||
|
+ install -m 644 ldapadduser.template.cgcs debian/ldapscripts/etc/ldapscripts
|
||||||
|
+ install -m 644 ldapaddgroup.template.cgcs debian/ldapscripts/etc/ldapscripts
|
||||||
|
+ install -m 644 ldapmoduser.template.cgcs debian/ldapscripts//etc/ldapscripts
|
||||||
|
+ install -m 644 ldapaddsudo.template.cgcs debian/ldapscripts/etc/ldapscripts
|
||||||
|
+ install -m 644 ldapmodsudo.template.cgcs debian/ldapscripts/etc/ldapscripts
|
||||||
|
+ install -m 600 ldapscripts.passwd debian/ldapscripts/etc/ldapscripts
|
||||||
|
rm -rf ./debian/ldapscripts/usr/local/etc/ldapscripts/ldapaddmachine.template.sample
|
||||||
|
|
||||||
|
override_dh_installdocs:
|
||||||
|
@@ -31,6 +31,6 @@ override_dh_installexamples:
|
||||||
|
override_dh_fixperms:
|
||||||
|
dh_fixperms --exclude etc/ldapscripts/ldapscripts.passwd
|
||||||
|
chmod 440 ./debian/ldapscripts/usr/lib/ldapscripts/runtime
|
||||||
|
- chmod 440 ./debian/ldapscripts/usr/local/etc/ldapscripts/ldapaddgroup.template.sample
|
||||||
|
- chmod 440 ./debian/ldapscripts/usr/local/etc/ldapscripts/ldapadduser.template.sample
|
||||||
|
- chmod 440 ./debian/ldapscripts/usr/local/etc/ldapscripts/ldapscripts.conf.sample
|
||||||
|
+ chmod 440 ./debian/ldapscripts/etc/ldapscripts/ldapaddgroup.template.sample
|
||||||
|
+ chmod 440 ./debian/ldapscripts/etc/ldapscripts/ldapadduser.template.sample
|
||||||
|
+ chmod 440 ./debian/ldapscripts/etc/ldapscripts/ldapscripts.conf.sample
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
@ -1,2 +1,3 @@
|
|||||||
debian-install-cgcs-files.patch
|
debian-install-cgcs-files.patch
|
||||||
debian-align-permission-with-centos.patch
|
debian-align-permission-with-centos.patch
|
||||||
|
install-ldapscripts-files-to-etc.patch
|
||||||
|
@ -0,0 +1,38 @@
|
|||||||
|
From afac530d7bd2754980d519e479777b918db18cd0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bin Qian <bin.qian@windriver.com>
|
||||||
|
Date: Wed, 27 Apr 2022 22:06:27 +0000
|
||||||
|
Subject: [PATCH] install ldapscripts files to /etc
|
||||||
|
|
||||||
|
Deploy ldapscripts config files to /etc/ldapscripts as it was done
|
||||||
|
originally. We no longer need to use sed to modify the path.
|
||||||
|
|
||||||
|
Signed-off-by: Bin Qian <bin.qian@windriver.com>
|
||||||
|
---
|
||||||
|
Makefile | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile b/Makefile
|
||||||
|
index d490f9e..ba1d93e 100644
|
||||||
|
--- a/Makefile
|
||||||
|
+++ b/Makefile
|
||||||
|
@@ -30,7 +30,7 @@ VERSION = 2.0.8
|
||||||
|
# Default installation paths
|
||||||
|
SBINDIR = $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/man
|
||||||
|
-ETCDIR = $(PREFIX)/etc/$(NAME)
|
||||||
|
+ETCDIR = /etc/$(NAME)
|
||||||
|
LIBDIR = $(PREFIX)/lib/$(NAME)
|
||||||
|
|
||||||
|
# Files to install
|
||||||
|
@@ -84,7 +84,7 @@ help:
|
||||||
|
configure:
|
||||||
|
@echo -n 'Configuring scripts... '
|
||||||
|
@sed 's|^BINDPWDFILE=.*|BINDPWDFILE="$(ETCDIR)/$(PWDFILE)"|g' 'etc/$(ETCFILE)' > 'etc/$(ETCFILE).patched'
|
||||||
|
- @sed '/^_CONFIGFILE=/s|^\(.*"\).*\(".*\)|\1$(ETCDIR)/$(ETCFILE)\2|g' 'lib/$(RUNFILE)' > 'lib/$(RUNFILE).patched'
|
||||||
|
+ @cp 'lib/$(RUNFILE)' 'lib/$(RUNFILE).patched'
|
||||||
|
@for i in $(SBINFILES) ; do \
|
||||||
|
sed 's|^_RUNTIMEFILE=.*|_RUNTIMEFILE="$(LIBDIR)/$(RUNFILE)"|g' "sbin/$$i" > "sbin/$$i.patched" ; \
|
||||||
|
done
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
@ -4,3 +4,4 @@ log_timestamp.patch
|
|||||||
ldap-user-setup-support.patch
|
ldap-user-setup-support.patch
|
||||||
allow-anonymous-bind-for-ldap-search.patch
|
allow-anonymous-bind-for-ldap-search.patch
|
||||||
ldapscripts-templates.patch
|
ldapscripts-templates.patch
|
||||||
|
install-ldapscripts-files-to-etc.patch
|
||||||
|
@ -0,0 +1,38 @@
|
|||||||
|
From ff3f64dadeb81a9224acaf62ce564d940f582d7c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bin Qian <bin.qian@windriver.com>
|
||||||
|
Date: Fri, 29 Apr 2022 10:54:08 -0400
|
||||||
|
Subject: [PATCH] install ldapscripts files to /etc
|
||||||
|
|
||||||
|
Deploy ldapscripts config files to /etc/ldapscripts as it was done
|
||||||
|
originally. We no longer need to use sed to modify the path.
|
||||||
|
|
||||||
|
Signed-off-by: Bin Qian <bin.qian@windriver.com>
|
||||||
|
---
|
||||||
|
Makefile | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile b/Makefile
|
||||||
|
index 6e5b193..7585602 100644
|
||||||
|
--- a/Makefile
|
||||||
|
+++ b/Makefile
|
||||||
|
@@ -30,7 +30,7 @@ VERSION = 2.0.8
|
||||||
|
# Default installation paths
|
||||||
|
SBINDIR = $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/man
|
||||||
|
-ETCDIR = $(PREFIX)/etc/$(NAME)
|
||||||
|
+ETCDIR = /etc/$(NAME)
|
||||||
|
LIBDIR = $(PREFIX)/lib/$(NAME)
|
||||||
|
|
||||||
|
# Files to install
|
||||||
|
@@ -85,7 +85,7 @@ help:
|
||||||
|
configure:
|
||||||
|
@echo -n 'Configuring scripts... '
|
||||||
|
@sed 's|^BINDPWDFILE=.*|BINDPWDFILE="$(ETCDIR)/$(PWDFILE)"|g' 'etc/$(ETCFILE)' > 'etc/$(ETCFILE).patched'
|
||||||
|
- @sed '/^_CONFIGFILE=/s|^\(.*"\).*\(".*\)|\1$(ETCDIR)/$(ETCFILE)\2|g' 'lib/$(RUNFILE)' > 'lib/$(RUNFILE).patched'
|
||||||
|
+ @cp 'lib/$(RUNFILE)' 'lib/$(RUNFILE).patched'
|
||||||
|
@for i in $(SBINFILES) ; do \
|
||||||
|
sed 's|^_RUNTIMEFILE=.*|_RUNTIMEFILE="$(LIBDIR)/$(RUNFILE)"|g' "sbin/$$i" > "sbin/$$i.patched" ; \
|
||||||
|
done
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
@ -37,7 +37,7 @@ BINDDN="cn=ldapadmin,dc=cgcs,dc=local"
|
|||||||
# The following file contains the raw password of the BINDDN
|
# The following file contains the raw password of the BINDDN
|
||||||
# Create it with something like : echo -n 'secret' > $BINDPWDFILE
|
# Create it with something like : echo -n 'secret' > $BINDPWDFILE
|
||||||
# WARNING !!!! Be careful not to make this file world-readable
|
# WARNING !!!! Be careful not to make this file world-readable
|
||||||
BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd"
|
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
|
||||||
# For older versions of OpenLDAP, it is still possible to use
|
# For older versions of OpenLDAP, it is still possible to use
|
||||||
# unsecure command-line passwords by defining the following option
|
# unsecure command-line passwords by defining the following option
|
||||||
# AND commenting the previous one (BINDPWDFILE takes precedence)
|
# AND commenting the previous one (BINDPWDFILE takes precedence)
|
||||||
@ -144,9 +144,9 @@ GETENTGRCMD="getent group"
|
|||||||
#GTEMPLATE="/path/to/ldapaddgroup.template"
|
#GTEMPLATE="/path/to/ldapaddgroup.template"
|
||||||
#UTEMPLATE="/path/to/ldapadduser.template"
|
#UTEMPLATE="/path/to/ldapadduser.template"
|
||||||
#MTEMPLATE="/path/to/ldapaddmachine.template"
|
#MTEMPLATE="/path/to/ldapaddmachine.template"
|
||||||
GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs"
|
GTEMPLATE="/etc/ldapscripts/ldapaddgroup.template.cgcs"
|
||||||
UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs"
|
UTEMPLATE="/etc/ldapscripts/ldapadduser.template.cgcs"
|
||||||
UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs"
|
UMTEMPLATE="/etc/ldapscripts/ldapmoduser.template.cgcs"
|
||||||
STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs"
|
STEMPLATE="/etc/ldapscripts/ldapaddsudo.template.cgcs"
|
||||||
SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs"
|
SMTEMPLATE="/etc/ldapscripts/ldapmodsudo.template.cgcs"
|
||||||
MTEMPLATE=""
|
MTEMPLATE=""
|
||||||
|
Loading…
Reference in New Issue
Block a user