it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

On NFS systems, restart automount service when establishing a VPN connection

Browse source
This commit is contained in:
Raphael Dannecker 2025-07-02 11:10:08 +02:00
parent 7243c8d265
commit b063b5eefb
2 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/lmn_vpn/tasks/main.yml
View file

@ -6,9 +6,9 @@
mode: "0755" mode: "0755"
- name: Copy NetworkManager dispatcher-script (10-lmn-mount.sh) - name: Copy NetworkManager dispatcher-script (10-lmn-mount.sh)
ansible.builtin.copy: ansible.builtin.template:
src: 10-lmn-mount.sh src: 10-lmn-mount.sh.j2
dest: /etc/NetworkManager/dispatcher.d/ dest: /etc/NetworkManager/dispatcher.d/10-lmn-mount.sh
mode: "0755" mode: "0755"
- name: Create link to dispatcher-script (10-lmn-mount.sh) - name: Create link to dispatcher-script (10-lmn-mount.sh)

22
roles/lmn_vpn/files/10-lmn-mount.sh → roles/lmn_vpn/templates/10-lmn-mount.sh.j2
View file

@ -4,15 +4,24 @@ set -eu
if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p') USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p')
USERID=$(id -u "${USERNAME}")
GROUPID=$(id -g "${USERNAME}")
KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*)
export KRB5CCNAME
printenv >&2
if [[ "$NM_DISPATCHER_ACTION" = "up" ]]; then if [[ "$NM_DISPATCHER_ACTION" = "up" ]]; then
# Exit if server is already mounted # Exit if server is already mounted
findmnt /srv/samba/schools/default-school > /dev/null && exit 0 findmnt /srv/samba/schools/default-school > /dev/null && exit 0
{% if nfs4 %}
echo "Before systemctl restart autofs" >&2
systemctl restart srv-samba-schools-default\\x2dschool.automount
echo "After systemctl restart autofs" >&2
{% else %}
USERID=$(id -u "${USERNAME}")
GROUPID=$(id -g "${USERNAME}")
KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*)
export KRB5CCNAME
printenv >&2
# Exit if server is already mounted
findmnt /srv/samba/schools/default-school > /dev/null && exit 0
if ! klist -s -c "${KRB5CCNAME}"; then if ! klist -s -c "${KRB5CCNAME}"; then
#echo "try to renew KRB5-Ticket" >&2 #echo "try to renew KRB5-Ticket" >&2
#sudo -u "${USERNAME}" kinit -R -c "${KRB5CCNAME}" #sudo -u "${USERNAME}" kinit -R -c "${KRB5CCNAME}"
@ -30,7 +39,9 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
-o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10" -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
echo "after mount" >&2 echo "after mount" >&2
mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share" mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
{% endif %}
SUDO_USER=$USERNAME /usr/local/bin/install-printers.sh SUDO_USER=$USERNAME /usr/local/bin/install-printers.sh
{% if not nfs4 %}
elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
# FIXME: Only umount server when Wireguard-Connection was the only connection to server. # FIXME: Only umount server when Wireguard-Connection was the only connection to server.
# Dirty fix (works only in fvs-IP-Range) # Dirty fix (works only in fvs-IP-Range)
@ -39,5 +50,6 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
umount "/lmn/media/${USERNAME}/share" umount "/lmn/media/${USERNAME}/share"
umount /srv/samba/schools/default-school umount /srv/samba/schools/default-school
fi fi
{% endif %}
fi fi
fi fi