it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'virtiofsd-usermapping' into fvs

Browse source
This commit is contained in:
Raphael Dannecker 2024-06-24 07:20:55 +02:00
commit 4e229b4a5d
6 changed files with 37 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/lmn_mount/tasks/main.yml
View file

@ -18,7 +18,7 @@
fstype="davfs" fstype="davfs"
path="{{ web_dav }}" path="{{ web_dav }}"
mountpoint="/lmn/media/%(USER)/nextcloud" mountpoint="/lmn/media/%(USER)/nextcloud"
options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid" options="username=%(USER),nosuid,nodev,uid=%(USER),gid=%(USERGID),grpid,file_mode=0700,dir_mode=0700,forceuid,forcegid"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not> ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
</volume> </volume>
insertafter: "<!-- Volume definitions -->" insertafter: "<!-- Volume definitions -->"
@ -34,7 +34,7 @@
server="{{ smb_server }}" server="{{ smb_server }}"
path="{{ smb_share }}" path="{{ smb_share }}"
mountpoint="/srv/samba/schools/default-school" mountpoint="/srv/samba/schools/default-school"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}" options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=%(USERGID),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not> ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
</volume> </volume>
insertafter: "<!-- Volume definitions -->" insertafter: "<!-- Volume definitions -->"

5
roles/lmn_teacherlaptop/files/10-lmn-mount.sh
View file

@ -5,6 +5,7 @@ set -eu
if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p') USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p')
USERID=$(id -u "${USERNAME}") USERID=$(id -u "${USERNAME}")
GROUPID=$(id -g "${USERNAME}")
KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*) KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*)
export KRB5CCNAME export KRB5CCNAME
printenv >&2 printenv >&2
@ -26,13 +27,13 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
mkdir -p "/lmn/media/${USERNAME}/share" mkdir -p "/lmn/media/${USERNAME}/share"
mount -t cifs //server/default-school/ /srv/samba/schools/default-school \ mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
-o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10" -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
echo "after mount" >&2 echo "after mount" >&2
mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share" mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
# FIXME: Only umount server when Wireguard-Connection was the only connection to server. # FIXME: Only umount server when Wireguard-Connection was the only connection to server.
# Dirty fix (works only in fvs-IP-Range) # Dirty fix (works only in fvs-IP-Range)
if !(ip r s | grep "10.190." | grep -v wg0); then if ! (ip r s | grep "10.190." | grep -v wg0); then
echo "Try to umount server shares" echo "Try to umount server shares"
umount "/lmn/media/${USERNAME}/share" umount "/lmn/media/${USERNAME}/share"
umount /srv/samba/schools/default-school umount /srv/samba/schools/default-school

2
roles/lmn_teacherlaptop/files/mountserver
View file

@ -17,7 +17,7 @@ chmod 777 /srv/samba/schools/default-school
mkdir -p "/lmn/media/${SUDO_USER}/share" mkdir -p "/lmn/media/${SUDO_USER}/share"
mount -t cifs //server/default-school/ /srv/samba/schools/default-school \ mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
-o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10" -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share" mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share"
echo "Einbindung erfolgreich!" echo "Einbindung erfolgreich!"

8
roles/lmn_vm/files/mounthome.sh
View file

@ -36,12 +36,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
echo echo
mkdir -p "/lmn/media/${SUDO_USER}/oldhome" mkdir -p "/lmn/media/${SUDO_USER}/oldhome"
mkdir -p "/lmn/media/${SUDO_USER}/oldprojects" mkdir -p "/lmn/media/${SUDO_USER}/oldprojects"
#errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \ #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid" \
# "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome") # "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome")
#if [[ ! "${errcode}" ]]; then #if [[ ! "${errcode}" ]]; then
mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \ mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid,nobrl,mfsymlinks" \
"//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome" "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome"
mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \ mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid,nobrl,mfsymlinks" \
"//192.168.1.2/DATA/fvs/projekte" "/lmn/media/${SUDO_USER}/oldprojects" "//192.168.1.2/DATA/fvs/projekte" "/lmn/media/${SUDO_USER}/oldprojects"
#echo "Mounting successfull!" #echo "Mounting successfull!"
echo "Einbindung erfolgreich!" echo "Einbindung erfolgreich!"
@ -55,7 +55,7 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
echo "Bitte auch Groß- und Kleinschreibung achten." echo "Bitte auch Groß- und Kleinschreibung achten."
read -rp "Username: " username read -rp "Username: " username
mkdir -p "/lmn/media/${SUDO_USER}/linuxhome" mkdir -p "/lmn/media/${SUDO_USER}/linuxhome"
mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \ mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=${SUDO_GID},reconnect" \
"sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome" "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome"
#echo "Mounting successfull!" #echo "Mounting successfull!"
echo "Einbindung erfolgreich!" echo "Einbindung erfolgreich!"

BIN
roles/lmn_vm/files/virtiofsd
View file

Binary file not shown.

29
roles/lmn_vm/files/vm-run
View file

@ -19,6 +19,8 @@ options:
--os OS operating system (win10|linux|..) --os OS operating system (win10|linux|..)
--data-disk size additional data-disk --data-disk size additional data-disk
--bridge virbrX additional network interface on bridge virbrX --bridge virbrX additional network interface on bridge virbrX
--uid uid set uid on guest
--gid gid set gid on guest
--macvtap additional network interface on device macvtap --macvtap additional network interface on device macvtap
--options options additional options for virt-install command --options options additional options for virt-install command
EOF EOF
@ -109,12 +111,25 @@ create_clone() {
create_printerlist() { create_printerlist() {
## Prepare .printerlist.csv ## Prepare .printerlist.csv
mkdir -p "${VM_MEDIADIR}" mkdir -p "${VM_MEDIADIR}"
chgrp "$(id -g)" "${VM_MEDIADIR}"
echo "Name;IppURL" > "${VM_MEDIADIR}/.printerlist.csv" echo "Name;IppURL" > "${VM_MEDIADIR}/.printerlist.csv"
for p in $(lpstat -v | cut -f 3 -d" " | sed 's/:$//'); do for p in $(lpstat -v | cut -f 3 -d" " | sed 's/:$//'); do
echo "$p;ipp://192.168.122.1/printers/$p" >> "${VM_MEDIADIR}/.printerlist.csv" echo "$p;ipp://192.168.122.1/printers/$p" >> "${VM_MEDIADIR}/.printerlist.csv"
done done
} }
start_virtiofsd() {
# BEGIN temporary fix, while linux-starter are not migrated to --uid and --gid
if [[ "$LIBVIRTOSINFO" =~ debian.* ]]; then
[[ "$GUEST_UID" == 0 ]] && GUEST_UID=1010
[[ "$GUEST_GID" == 0 ]] && GUEST_GID=1010
fi
# END temporary fix
socket="/run/user/$(id -u $USER)/virtiofs-${VM_NAME}.sock"
/usr/local/bin/virtiofsd --uid-map=:${GUEST_UID}:${UID}:1: --gid-map=:${GUEST_GID}:$(id -g):1: \
--socket-path "$socket" --shared-dir "/lmn/media/${USER}" --syslog &
}
QEMU='qemu:///session' QEMU='qemu:///session'
NEWCLONE=0 NEWCLONE=0
@ -122,10 +137,12 @@ PERSISTENT=0
LIBVIRTOSINFO="win10" LIBVIRTOSINFO="win10"
LIBVIRTOPTS="" LIBVIRTOPTS=""
NO_VIEWER=0 NO_VIEWER=0
GUEST_UID=0
GUEST_GID=0
source /etc/lmn/vm.conf source /etc/lmn/vm.conf
TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,help -n $0 -- "$@") TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,uid:,gid:,help -n $0 -- "$@")
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
eval set -- "$TEMP" eval set -- "$TEMP"
@ -203,6 +220,14 @@ while true; do
LIBVIRTOSINFO=$2 LIBVIRTOSINFO=$2
shift 2 shift 2
;; ;;
--uid )
GUEST_UID=$2
shift 2
;;
--gid )
GUEST_GID=$2
shift 2
;;
--help ) --help )
show_help show_help
exit 1 exit 1
@ -245,7 +270,7 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
create_printerlist create_printerlist
# start virtiofsd-service # start virtiofsd-service
[[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/vm-virtiofsd "${VM_NAME}" [[ "${QEMU}" = 'qemu:///session' ]] && start_virtiofsd
# finally, create the new vm # finally, create the new vm