You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2014/09/22 21:44:02 UTC

[03/50] git commit: updated refs/heads/master to 1290e10

CLOUDSTACK-7143: cleanup configure_login.sh code

Had to change various things to make this code re-entrant. In particular,
the sed-based manipulation of /etc/sudoers is gone and replaced with a
simpler, minimal (but compatible) sudoers file.

Remove the sshd_config tuning since sshd_config is overwritten when we
apply the cloud_scripts overlay (from build.sh).


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3f8c31b0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3f8c31b0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3f8c31b0

Branch: refs/heads/master
Commit: 3f8c31b0da89e630b27b26d495ad1babbf57678a
Parents: e86121d
Author: Leo Simons <ls...@schubergphilis.com>
Authored: Mon Jul 21 11:10:59 2014 +0200
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Sep 22 21:31:35 2014 +0200

----------------------------------------------------------------------
 .../systemvmtemplate/configure_login.sh         | 72 ++++++++++++++------
 1 file changed, 51 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f8c31b0/tools/appliance/definitions/systemvmtemplate/configure_login.sh
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
index 413d485..680b08a 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
@@ -1,26 +1,49 @@
-setup_accounts() {
-  # Setup sudo to allow no-password sudo for "admin"
-  groupadd -r admin
-  # Create a 'cloud' user if it's not there
-  id cloud
-  if [[ $? -ne 0 ]]
-  then
-    useradd -G admin cloud
-  else
-    usermod -a -G admin cloud
-  fi
-  echo "root:$ROOTPW" | chpasswd
-  echo "cloud:`openssl rand -base64 32`" | chpasswd
-  sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
-  sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers
-  # Disable password based authentication via ssh, this will take effect on next reboot
-  sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
-  # Secure ~/.ssh
+#!/bin/bash
+
+set -e
+set -x
+
+function add_admin_group() {
+  groupadd -f -r admin
+}
+
+function configure_cloud_user() {
+  usermod -a -G admin cloud
   mkdir -p /home/cloud/.ssh
   chmod 700 /home/cloud/.ssh
+  echo "cloud:`openssl rand -base64 32`" | chpasswd
+}
+
+function configure_sudoers() {
+  cat >/etc/sudoers <<END
+Defaults	env_reset
+Defaults	exempt_group=admin
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+root	  ALL=(ALL:ALL) ALL
+%admin	ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
+
+#includedir /etc/sudoers.d
+END
+  echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud
 }
 
-fix_inittab() {
+# sshd_config is overwritten from cloud_scripts
+#function configure_sshd() {
+#  grep "UseDNS no" /etc/ssh/sshd_config && \
+#      grep "PasswordAuthentication no" /etc/ssh/sshd_config && \
+#      return
+#  # Tweak sshd to prevent DNS resolution (speed up logins)
+#  echo 'UseDNS no' >> /etc/ssh/sshd_config
+#
+#  # Require ssh keys for login
+#  sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
+#}
+
+function configure_inittab() {
+  grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return
+
   # Fix inittab
   cat >> /etc/inittab << EOF
 
@@ -28,5 +51,12 @@ vc:2345:respawn:/sbin/getty 38400 hvc0
 EOF
 }
 
-setup_accounts
-fix_inittab
+function configure_login() {
+  add_admin_group
+  configure_cloud_user
+  configure_sudoers
+  # configure_sshd
+  configure_inittab
+}
+
+return 2>/dev/null || configure_login