5 Commits

Author SHA1 Message Date
Bin Qian
54f2f7d6c6 Make /usr readonly to support OSTree
OSTree structure requires /usr to be readonly as OSTree's dracut
hook creates a read-only bind mount over /usr.

1. deploy validate_postgresql_connection.sh directly to
   /usr/local/bin. It was copied to the location after
   installation.
2. move /usr/local/etc/ldapscripts to /etc/ldapscripts, files
   need writable.
3. move /usr/libexec/cni to /opt/cni/bin. Plugins are installed
   at runtime.

TCs:
   provision aio-dx centos with /usr mount to readonly fs.
   unlocked host
   provision aio-sx debian and unlocked host.
   upgrade AIO-DX from 21.12
   upgrade AIO-SX from 21.12
   successfully apply cert-manager and nginx-ingress-controller

Story: 2009101
Task: 44314

Change-Id: I99231f3f7db3d2d8eaceba137e13dea650370f71
Signed-off-by: Bin Qian <bin.qian@windriver.com>
2022-04-29 11:19:37 -04:00
Saul Wold
83c6575d51 integ: Convert wrsroot -> sysadmin
This also changes the group wrs_protected to sys_protected
to de-brand the user and group names.

Depends-On: I887464a20fc17d66529caea03be2b445156f9426
Change-Id: Ic2ea06d3ac15c31854a604af5f4cecf9094fcaea
Story: 2004716
Task: 28748
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-06-14 15:09:09 -07:00
slin14
6a6ea416e1 remove lshell
There is security related issue with lshell, and it is not
maintained now. So remove it from our system to avoid
security issue.

To remove lshell:
1. Package sudo-config is created for wrs.sudo configure file
following the refactor process.
2. ldapusersetup in ldapscripts is modified to use bash only.
lshell support is removed.

ldapusersetup related patches are merged into 1 for easy
maintenance.

Test has been done:
Build and deploy test is done, also unit tests for ldap are
executed with pass, except lshell related test.

Closes-Bug: 1795451

Change-Id: Ia5de1bc94d22eb6c9bea6d9a96e92564ad848b19
Signed-off-by: slin14 <shuicheng.lin@intel.com>
2018-10-30 02:22:54 +08:00
Kam Nasim
8c1837205d Multi-Region: Support shared LDAP service
Decouple NSLCD from the open-ldap SM service and manage it by PMOND
instead. This is needed because in the Shared LDAP case, we deprovision
the open-ldap service on the Secondary Region which renders NSLCD
unmanaged.

Additionally, we allow the Secondary Region or Sub Clouds to bind
anonymously, but still need to support LDAP read operations in these
regions such as ldapfinger or lsldap. For this purpose, the ldapscripts
runtime library has been modified to allow anonymous binds during LDAP
search operations.

Change-Id: I3d4a709d058963be61a0311a539cd020f54118d6
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Signed-off-by: Scott Little <scott.little@windriver.com>
2018-08-01 15:31:55 -04:00
Scott Little
69be80651e Relocate ldapscripts to stx-integ/ldap/ldapscripts
Move content from stx-gplv2 into stx-integ

Packages will be relocated to

stx-integ:
    base/
        bash
        cgcs-users
        cluster-resource-agents
        dpkg
        haproxy
        libfdt
        netpbm
        rpm

    database/
        mariadb

    filesystem/
        iscsi-initiator-utils

    filesystem/drbd/
        drbd-tools

    kernel/kernel-modules/
        drbd
        integrity
        intel-e1000e
        intel-i40e
        intel-i40evf
        intel-ixgbe
        intel-ixgbevf
        qat17
        tpmdd

    ldap/
        ldapscripts

    networking/
        iptables
        net-tools

Change-Id: I688cd576de5e8fb9fbe7ad727b9e5321ad4b0e45
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
2018-08-01 15:31:54 -04:00