integ: Convert wrsroot -> sysadmin

This also changes the group wrs_protected to sys_protected to de-brand the user and group names. Depends-On: I887464a20fc17d66529caea03be2b445156f9426 Change-Id: Ic2ea06d3ac15c31854a604af5f4cecf9094fcaea Story: 2004716 Task: 28748 Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-05-09 12:58:20 -07:00 · 2019-05-09 12:58:20 -07:00 · 83c6575d51
commit 83c6575d51
parent 6ccb588bf8
16 changed files with 52 additions and 53 deletions
--- a/base/systemd-config/files/systemd.conf.tmpfiles.d
+++ b/base/systemd-config/files/systemd.conf.tmpfiles.d
@ -25,18 +25,18 @@ d /run/log 0755 root root -
 z /run/log/journal 2755 root systemd-journal - -
 Z /run/log/journal/%m ~2750 root systemd-journal - -

-a+ /run/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
-A+ /run/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
+a+ /run/log/journal/%m - - - - d:group:sys_protected:r-x,d:group:wheel:r-x
+A+ /run/log/journal/%m - - - - group:sys_protected:r-x,group:wheel:r-x

 z /var/log/journal 2755 root systemd-journal - -
 z /var/log/journal/%m 2755 root systemd-journal - -
 z /var/log/journal/%m/system.journal 0640 root systemd-journal - -

-a+ /var/log/journal    - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
-a+ /var/log/journal    - - - - group:wrs_protected:r-x,group:wheel:r-x
-a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
-a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
-a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r--
+a+ /var/log/journal    - - - - d:group:sys_protected:r-x,d:group:wheel:r-x
+a+ /var/log/journal    - - - - group:sys_protected:r-x,group:wheel:r-x
+a+ /var/log/journal/%m - - - - d:group:sys_protected:r-x,d:group:wheel:r-x
+a+ /var/log/journal/%m - - - - group:sys_protected:r-x,group:wheel:r-x
+a+ /var/log/journal/%m/system.journal - - - - group:sys_protected:r--,group:wheel:r--

 d /var/lib/systemd 0755 root root -
 d /var/lib/systemd/coredump 0755 root root 3d
--- a/config-files/sudo-config/centos/build_srpm.data
+++ b/config-files/sudo-config/centos/build_srpm.data
@ -1,2 +1,2 @@
 COPY_LIST="files/*"
-TIS_PATCH_VER=0
+TIS_PATCH_VER=1
--- a/config-files/sudo-config/centos/sudo-config.spec
+++ b/config-files/sudo-config/centos/sudo-config.spec
@ -12,26 +12,25 @@ Group: base
 Packager: StarlingX
 URL: unknown

-Source0: wrs.sudo
+Source0: sysadmin.sudo
 Source1: LICENSE

-%define WRSROOT_P cBglipPpsKwBQ
+%define SYSADMIN_P 4SuW8cnXFyxsk

 %description
 StarlingX sudo configuration file

 %install
 install -d %{buildroot}/%{_sysconfdir}/sudoers.d
-install -m 440 %{SOURCE0}  %{buildroot}/%{_sysconfdir}/sudoers.d/wrs
+install -m 440 %{SOURCE0}  %{buildroot}/%{_sysconfdir}/sudoers.d/sysadmin

 %pre
-getent group wrs >/dev/null || groupadd -r wrs
-getent group wrs_protected >/dev/null || groupadd -f -g 345 wrs_protected
-getent passwd wrsroot > /dev/null || \
-useradd -m -g wrs -G root,wrs_protected \
-    -d /home/wrsroot -p %{WRSROOT_P} \
-    -s /bin/sh wrsroot 2> /dev/null || :
+getent group sys_protected >/dev/null || groupadd -f -g 345 sys_protected
+getent passwd sysadmin > /dev/null || \
+useradd -m -g sys_protected -G root \
+    -d /home/sysadmin -p %{SYSADMIN_P} \
+    -s /bin/sh sysadmin 2> /dev/null || :

 %files
 %license ../SOURCES/LICENSE
-%config(noreplace) %{_sysconfdir}/sudoers.d/wrs
+%config(noreplace) %{_sysconfdir}/sudoers.d/sysadmin
--- a/config-files/sudo-config/files/sysadmin.sudo
+++ b/config-files/sudo-config/files/sysadmin.sudo
@ -0,0 +1,12 @@
+##
+## User privilege specification
+##
+sysadmin ALL=(ALL) ALL
+sysadmin ALL=(root) NOPASSWD: /usr/bin/config_controller
+sysadmin ALL=(root) NOPASSWD: /usr/bin/config_region
+sysadmin ALL=(root) NOPASSWD: /usr/bin/config_subcloud
+sysadmin ALL=(root) NOPASSWD: /usr/bin/config_management
+sysadmin ALL=(root) NOPASSWD: /usr/local/sbin/collect
+
+Defaults lecture=never, secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
+Defaults passprompt="Password: "
--- a/config-files/sudo-config/files/wrs.sudo
+++ b/config-files/sudo-config/files/wrs.sudo
@ -1,12 +0,0 @@
-##
-## User privilege specification
-##
-wrsroot ALL=(ALL) ALL
-wrsroot ALL=(root) NOPASSWD: /usr/bin/config_controller
-wrsroot ALL=(root) NOPASSWD: /usr/bin/config_region
-wrsroot ALL=(root) NOPASSWD: /usr/bin/config_subcloud
-wrsroot ALL=(root) NOPASSWD: /usr/bin/config_management
-wrsroot ALL=(root) NOPASSWD: /usr/local/sbin/collect
-
-Defaults lecture=never, secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
-Defaults passprompt="Password: "
--- a/kubernetes/helm/centos/files/helm-upload
+++ b/kubernetes/helm/centos/files/helm-upload
@ -12,7 +12,7 @@


 # We want to run as the "www" user and scripts can't be setuid.  The
-# sudoers permissions are set up to allow wrsroot to run this script
+# sudoers permissions are set up to allow sysadmin to run this script
 # as the "www" user without a password.
 if [ $USER != "www" ]; then
    exec sudo -u www $0 $@
--- a/kubernetes/helm/centos/files/helm.sudo
+++ b/kubernetes/helm/centos/files/helm.sudo
@ -1,3 +1,3 @@
-wrsroot ALL=(www) NOPASSWD: /usr/local/sbin/helm-upload
+sysadmin ALL=(www) NOPASSWD: /usr/local/sbin/helm-upload

 Defaults lecture=never, secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
--- a/ldap/ldapscripts/files/ldap-user-setup-support.patch
+++ b/ldap/ldapscripts/files/ldap-user-setup-support.patch
@ -49,7 +49,7 @@ index 0000000..27d12dc
 +. "$_RUNTIMEFILE"
 +
 +# runtime defaults
-+_DEFAULTGRP2="wrs_protected"
+_DEFAULTGRP2="sys_protected"
 +_BASHSHELL="/bin/bash"
 +_DEFAULTSHADOWMAX="90"
 +_DEFAULTSHADOWWARNING="2"
--- a/security/python-keyring/python-keyring/chmod_keyringlock2.patch
+++ b/security/python-keyring/python-keyring/chmod_keyringlock2.patch
@ -30,7 +30,7 @@ Index: keyring-5.3/keyring/backends/file.py
 +            if oct(stat.S_IMODE(os.stat(lockdir + "/" + lockfile).st_mode)) != '0770':
 +                # Must have the lock file with the correct group and permissisions g+rw
 +                os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
-+                groupinfo = grp.getgrnam('wrs_protected')
+                groupinfo = grp.getgrnam('sys_protected')
 +                os.chown(lockdir + "/" + lockfile,-1,groupinfo.gr_gid)
 
 
--- a/security/python-keyring/python-keyring/fix_keyring_lockfile_location.patch
+++ b/security/python-keyring/python-keyring/fix_keyring_lockfile_location.patch
@ -82,7 +82,7 @@ Index: keyring-5.3/keyring/backends/file.py
 -        if os.geteuid() == 0 and (not os.path.exists(lockfile)):
 -             from pwd import getpwnam
 -             import stat
-             nonrootuser = "wrsroot"
+-             nonrootuser = "sysadmin"
 -             with open(lockfile, 'w'):
 -                 pass
 -             # must have the lock file with the correct group permissisions g+rw
--- a/security/python-keyring/python-keyring/use_new_lock.patch
+++ b/security/python-keyring/python-keyring/use_new_lock.patch
@ -180,7 +180,7 @@ Index: keyring-5.3/keyring/backends/file.py
 +        if os.geteuid() == 0 and (not os.path.exists(lockfile)):
 +             from pwd import getpwnam
 +             import stat
-+             nonrootuser = "wrsroot"
+             nonrootuser = "sysadmin"
 +             with open(lockfile, 'w'):
 +                 pass
 +             # must have the lock file with the correct group permissisions g+rw
--- a/tools/collector/scripts/collect
+++ b/tools/collector/scripts/collect
@ -28,7 +28,7 @@
 # Generally, individual commands that display output have that output
 # redirected to the appropriate info file in /scratch/var/extra
 #
-# wrsroot@controller-0:/scratch# sudo collect
+# sysadmin@controller-0:/scratch# sudo collect
 # nodetype : controller
 # Collector: /scratch
 # Extra Dir: /scratch/var/extra
@ -76,7 +76,7 @@ TOOL_NAME=collect
 TOOL_VER=2
 TOOL_REV=0

-# collect must be run as wrsroot
+# collect must be run as sysadmin
 if [ ${UID} -eq 0 ]; then
  echo "Error: Cannot run collect as 'root' user"
  exit 1
@ -149,8 +149,8 @@ function print_help()
    echo ""
    echo "Optionally specify a --name prefix of the collected tar file."
    echo ""
-    echo "With the command set specified, simply run collect as wrsroot and when"
-    echo "prompted provide the wrsroot sudo password and let collect handle the rest."
+    echo "With the command set specified, simply run collect as sysadmin and when"
+    echo "prompted provide the sysadmin sudo password and let collect handle the rest."
    echo ""
    echo "Scope Options:"
    echo ""
@ -563,7 +563,7 @@ function clean_scratch_dir_remote()
    spawn bash -i
    expect -re $
    set timeout 60
-    send "${SSH_CMD} wrsroot@${this_hostname}\n"
+    send "${SSH_CMD} sysadmin@${this_hostname}\n"
    expect {
        "assword:" {
            send "${pw}\r"
@ -621,7 +621,7 @@ function delete_remote_dir_or_file()
    spawn bash -i
    expect -re $
    set timeout 60
-    send "${SSH_CMD} wrsroot@${this_hostname}\n"
+    send "${SSH_CMD} sysadmin@${this_hostname}\n"
    expect {
        "assword:" {
            send "${pw}\r"
@ -683,7 +683,7 @@ function get_file_from_host()
    spawn bash -i
    set timeout ${SCP_TIMEOUT}
    expect -re $
-    send "${SCP_CMD} wrsroot@${this_hostname}:${remote_src} ${local_dest} 2>>${HOST_COLLECT_ERROR_LOG}\n"
+    send "${SCP_CMD} sysadmin@${this_hostname}:${remote_src} ${local_dest} 2>>${HOST_COLLECT_ERROR_LOG}\n"
    expect {
        "assword:" {
            send "${pw}\r"
@ -1083,7 +1083,7 @@ EOF
            spawn bash -i
            set timeout 30
            expect -re $
-            send "${SSH_CMD} wrsroot@${host}\n"
+            send "${SSH_CMD} sysadmin@${host}\n"
            expect {
                "assword:" {
                    send "${pw}\r"
@ -1131,7 +1131,7 @@ EOF
                    exit ${FAIL_UNREACHABLE}
                }
                "Host key verification failed" {
-                    send "rm -f /home/wrsroot/.ssh/known_hosts\n"
+                    send "rm -f /home/sysadmin/.ssh/known_hosts\n"
                    exit ${FAIL}
                }
                timeout { exit ${FAIL_TIMEOUT} }
--- a/tools/collector/scripts/collect_host
+++ b/tools/collector/scripts/collect_host
@ -332,8 +332,8 @@ function collect_extra()
    echo    "${hostname}: Bash History ......: ${LOGFILE}"

    # history
-    delimiter ${LOGFILE} "cat /home/wrsroot/.bash_history"
-    cat /home/wrsroot/.bash_history >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
+    delimiter ${LOGFILE} "cat /home/sysadmin/.bash_history"
+    cat /home/sysadmin/.bash_history >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}

    LOGFILE="${EXTRA_DIR}/interrupt.info"
    echo    "${hostname}: Interrupt Info ....: ${LOGFILE}"
--- a/tools/engtools/hostdata-collectors/scripts/linux_benchmark.sh
+++ b/tools/engtools/hostdata-collectors/scripts/linux_benchmark.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-username="wrsroot"
+username="sysadmin"
 password="Li69nux*"
 test_duration="30"
 wait_duration="5"
--- a/tools/engtools/hostdata-collectors/scripts/remote/rsync-engtools-data.sh
+++ b/tools/engtools/hostdata-collectors/scripts/remote/rsync-engtools-data.sh
@ -32,7 +32,7 @@ fi
 sudo mkdir -p ${DEST}

 # rsync options
-USER=wrsroot
+USER=sysadmin
 RSYNC_OPT="-r -l --safe-links -h -P --stats --exclude=*.pyc"

 # Rsync data from multiple locations
--- a/tools/engtools/parsers/common/download-data.sh
+++ b/tools/engtools/parsers/common/download-data.sh
@ -21,11 +21,11 @@ fi

 source ./lab.conf

-rsync -azvh wrsroot@${CONTROLLER0_IP}:/scratch/syseng_data/* .
-rsync -azvh wrsroot@${CONTROLLER1_IP}:/scratch/syseng_data/* .
+rsync -azvh sysadmin@${CONTROLLER0_IP}:/scratch/syseng_data/* .
+rsync -azvh sysadmin@${CONTROLLER1_IP}:/scratch/syseng_data/* .

-rsync -azvh wrsroot@${CONTROLLER0_IP}:/opt/backups/tmp/syseng-data/* .
-rsync -azvh wrsroot@${CONTROLLER1_IP}:/opt/backups/tmp/syseng-data/* .
+rsync -azvh sysadmin@${CONTROLLER0_IP}:/opt/backups/tmp/syseng-data/* .
+rsync -azvh sysadmin@${CONTROLLER1_IP}:/opt/backups/tmp/syseng-data/* .

 # Compress the newly download data files if they have not been compressed
 CURDIR=$(pwd)