it-team/lmn-vm
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add mount service

Browse source
This commit is contained in:
Raphael Dannecker 2026-01-21 11:50:20 +01:00
parent ca3047e8ab
commit 7070e183ae
5 changed files with 135 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

5
playbook.yml
View file

@ -1,10 +1,12 @@
--- ---
# playbook.yml # playbook.yml
- name: install base vm - name: Install base vm
hosts: all hosts: all
become: true become: true
remote_user: ansible remote_user: ansible
roles:
- vm_mount
tasks: tasks:
- name: Install lxqt - name: Install lxqt
@ -31,6 +33,7 @@
User=user User=user
Session=lxqt.desktop Session=lxqt.desktop
dest: /etc/sddm.conf dest: /etc/sddm.conf
mode: '0644'
- name: Set grub default to zero - name: Set grub default to zero
ansible.builtin.lineinfile: ansible.builtin.lineinfile:

47
roles/vm_mount/files/lmn-parse-vminfo Executable file
View file

@ -0,0 +1,47 @@
#!/usr/bin/python3
from impacket.krb5.ccache import CCache
from base64 import b64decode
import json, os, os.path, sys, stat, subprocess
if not os.path.isfile("/media/host/.vminfo.json"):
try:
subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "VM-Data", "/media/host"])
except:
subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "Home_Linux", "/media/host"])
if not os.path.isfile("/media/host/.vminfo.json"):
print("/media/host/.vminfo.json not found",file=sys.stderr)
exit(1)
with open("/media/host/.vminfo.json") as f:
data = json.load(f)
user = data["User"]
krbcred = b64decode(data["krb5"]["cred"])
if os.path.isfile("/tmp/krb5cc_1000"):
os.remove("/tmp/krb5cc_1000")
if os.path.isfile("/tmp/krb5cc_0"):
os.remove("/tmp/krb5cc_0")
ccache = CCache()
ccache.fromKRBCRED(krbcred)
ccache.saveFile("/tmp/krb5cc_1000")
ccache.saveFile("/tmp/krb5cc_0")
if os.path.isfile("/tmp/krb5cc_1000"):
os.chown("/tmp/krb5cc_1000",1000,1000)
os.chmod("/tmp/krb5cc_1000",stat.S_IRUSR | stat.S_IWUSR)
if os.path.isfile("/tmp/krb5cc_0"):
os.chown("/tmp/krb5cc_0",0,0)
os.chmod("/tmp/krb5cc_0",stat.S_IRUSR | stat.S_IWUSR)
mounts = data["Mounts"]
for mount in mounts:
directory = f"/lmn/media/{mount['Name']}"
if not os.path.exists(directory):
os.makedirs(directory)
if not os.path.ismount(directory):
subprocess.run(["/usr/bin/mount", "-t", "cifs", mount['RemotePath'], directory ,"-o", f"sec=krb5i,username={user},cruid=1000,uid=1000,gid=1000"])

9
roles/vm_mount/files/lmn-vminfo.service Executable file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Parse .vminfo.json and inject Host-User Kerberos-Ticket
Requires=remote-fs.target
Requires=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/python3 /usr/local/bin/lmn-parse-vminfo
RemainAfterExit=false

12
roles/vm_mount/files/lmn-vminfo.timer Executable file
View file

@ -0,0 +1,12 @@
[Unit]
Description=Timer for lmn-vminfo
Requires=remote-fs.target
After=network-online.target
[Timer]
OnActiveSec=5s
OnUnitActiveSec=1h
Persistent=true
[Install]
WantedBy=multi-user.target

33
roles/vm_mount/tasks/main.yml Normal file
View file

@ -0,0 +1,33 @@
---
- name: Install packages for lmn-vminfo.service
ansible.builtin.apt:
name:
- cifs-utils
- krb5-user
- python3-pip
- name: Provide lmn-parse-vminfo script
ansible.builtin.copy:
src: lmn-parse-vminfo
dest: /usr/local/bin/lmn-parse-vminfo
mode: '0755'
- name: Install impacket pip package
ansible.builtin.pip:
name: impacket
break_system_packages: true
- name: Provide lmn-vminfo.service and timer
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- lmn-vminfo.service
- lmn-vminfo.timer
- name: Enable lmn-vminfo.timer
ansible.builtin.systemd:
name: lmn-vminfo.timer
enabled: true