OSTree structure requires /usr to be readonly as OSTree's dracut
hook creates a read-only bind mount over /usr.
1. deploy validate_postgresql_connection.sh directly to
/usr/local/bin. It was copied to the location after
installation.
2. move /usr/local/etc/ldapscripts to /etc/ldapscripts, files
need writable.
3. move /usr/libexec/cni to /opt/cni/bin. Plugins are installed
at runtime.
TCs:
provision aio-dx centos with /usr mount to readonly fs.
unlocked host
provision aio-sx debian and unlocked host.
upgrade AIO-DX from 21.12
upgrade AIO-SX from 21.12
successfully apply cert-manager and nginx-ingress-controller
Story: 2009101
Task: 44314
Change-Id: I99231f3f7db3d2d8eaceba137e13dea650370f71
Signed-off-by: Bin Qian <bin.qian@windriver.com>
This also changes the group wrs_protected to sys_protected
to de-brand the user and group names.
Depends-On: I887464a20fc17d66529caea03be2b445156f9426
Change-Id: Ic2ea06d3ac15c31854a604af5f4cecf9094fcaea
Story: 2004716
Task: 28748
Signed-off-by: Saul Wold <sgw@linux.intel.com>
There is security related issue with lshell, and it is not
maintained now. So remove it from our system to avoid
security issue.
To remove lshell:
1. Package sudo-config is created for wrs.sudo configure file
following the refactor process.
2. ldapusersetup in ldapscripts is modified to use bash only.
lshell support is removed.
ldapusersetup related patches are merged into 1 for easy
maintenance.
Test has been done:
Build and deploy test is done, also unit tests for ldap are
executed with pass, except lshell related test.
Closes-Bug: 1795451
Change-Id: Ia5de1bc94d22eb6c9bea6d9a96e92564ad848b19
Signed-off-by: slin14 <shuicheng.lin@intel.com>
Decouple NSLCD from the open-ldap SM service and manage it by PMOND
instead. This is needed because in the Shared LDAP case, we deprovision
the open-ldap service on the Secondary Region which renders NSLCD
unmanaged.
Additionally, we allow the Secondary Region or Sub Clouds to bind
anonymously, but still need to support LDAP read operations in these
regions such as ldapfinger or lsldap. For this purpose, the ldapscripts
runtime library has been modified to allow anonymous binds during LDAP
search operations.
Change-Id: I3d4a709d058963be61a0311a539cd020f54118d6
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Signed-off-by: Scott Little <scott.little@windriver.com>