Hi,
Am Freitag, 8. April 2011, 15:23:52 schrieb Michael Calmer:
> Hi,
>
> here is a patch to build rhnmd on openSUSE.
>
> 0014-build-rhnmd-on-SUSE.patch
> - modify the specfile
> - add init script for openSUSE
>
> For SUSE I have removed the ssh key generation from the %post section.
> I added the generation into the SUSE init script.
> The reason for this is, that if you do it in %post and use this RPM in an
> appliance, you have the same ssh key on all copies of your appliance.
>
> Maybe you are interrested to do this also for RedHat / Fedora.
I changed this patch and splited one more general thing out.
build rhnmd on SUSE
- add init script for SUSE
- BuildRequire sysconfig to make chkconfig work during build in OBS
- openssh-server does not exist on SUSE (part of openssh)
- no keygen in %post to use it in appliances
- create nocpulse user in a different way to make hime work on SUSE
with openssh
add nocpulse config dir to filelist
I think rhnmd requires nothing which already provides this directory.
--
Regards,
Michael Calmer
--------------------------------------------------------------------------
Michael Calmer
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
T: +49 (0) 911 74053 0
F: +49 (0) 911 74053575 - e-mail: michael.cal...@suse.com
--------------------------------------------------------------------------
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
From e27fbdae5bb9b67afbbb75a5b7487908791e787d Mon Sep 17 00:00:00 2001
From: Michael Calmer <m...@suse.de>
Date: Fri, 15 Apr 2011 12:09:51 +0200
Subject: [PATCH 12/13] build rhnmd on SUSE
- add init script for SUSE
- BuildRequire sysconfig to make chkconfig work during build in OBS
- openssh-server does not exist on SUSE (part of openssh)
- no keygen in %post to use it in appliances
- create nocpulse user in a different way to make hime work on SUSE
with openssh
---
monitoring/rhnmd/rhnmd.init.SUSE | 107 ++++++++++++++++++++++++++++++++++++++
monitoring/rhnmd/rhnmd.spec | 21 +++++++-
2 files changed, 127 insertions(+), 1 deletions(-)
create mode 100644 monitoring/rhnmd/rhnmd.init.SUSE
diff --git a/monitoring/rhnmd/rhnmd.init.SUSE b/monitoring/rhnmd/rhnmd.init.SUSE
new file mode 100644
index 0000000..a1662f6
--- /dev/null
+++ b/monitoring/rhnmd/rhnmd.init.SUSE
@@ -0,0 +1,107 @@
+#!/bin/bash
+#
+# Init file for rhnmd daemon
+#
+# chkconfig: 2345 99 1
+# description: rhnmd server daemon
+#
+# processname: rhnmd
+
+### BEGIN INIT INFO
+# Provides: rhnmd
+# Required-Start: $local_fs $network $remote_fs
+# Required-Stop: $local_fs $network $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 6
+# Short-Description: rhnmd server daemon
+# Description: Provides wrapper around sshd
+# so NOCpulse monitoring can connect to your machine
+# and run probes, which requires local account.
+### END INIT INFO
+
+# source function library
+. /etc/rc.status
+
+prog="rhnmd"
+
+# Some functions to make the below more readable
+SU="/bin/su -s /bin/bash - nocpulse -c"
+SSHD="/usr/sbin/rhnmd"
+SSHD_PIDFILE="/var/run/rhnmd.pid"
+
+do_restart_sanity_check()
+{
+ $SU "$SSHD -t -f /etc/nocpulse/rhnmd_config"
+ RETVAL=$?
+ if [ ! "$RETVAL" = 0 ]; then
+ rc_failed
+ echo "Configuration file or keys are invalid"
+ fi
+}
+
+start()
+{
+ echo -n $"Starting $prog:"
+ IDENTITY="/var/lib/nocpulse/.ssh/nocpulse-identity"
+ if [ ! -f "$IDENTITY" ]
+ then
+ /bin/su -s /bin/bash -c "/usr/bin/ssh-keygen -q -t dsa -N '' -f $IDENTITY" - nocpulse
+ if [ ! -e "/var/lib/nocpulse/.bashrc" ]; then
+ echo 'LANG="C"' > /var/lib/nocpulse/.bashrc
+ fi
+ fi
+ startproc -p $SSHD_PIDFILE $SSHD -f /etc/nocpulse/rhnmd_config -o "PidFile=$SSHD_PIDFILE"
+ rc_status
+ touch /var/lock/subsys/rhnmd
+ rc_status -v
+}
+
+stop()
+{
+ echo -n $"Stopping $prog:"
+ rm -f /var/lock/subsys/rhnmd
+ killproc -p $SSHD_PIDFILE -TERM $SSHD
+ rc_status -v
+}
+
+reload()
+{
+ echo -n $"Reloading $prog:"
+ killproc -p $SSHD_PIDFILE -HUP $SSHD
+ rc_status -v
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ reload
+ ;;
+ condrestart|try-restart)
+ if [ -f /var/lock/subsys/rhnmd ] ; then
+ do_restart_sanity_check
+ if [ "$RETVAL" = 0 ] ; then
+ stop
+ # avoid race
+ sleep 3
+ start
+ fi
+ fi
+ ;;
+ status)
+ echo -n "Checking for service rhnmd: "
+ checkproc -p $SSHD_PIDFILE $SSHD
+ rc_status -v
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
+esac
+rc_exit
diff --git a/monitoring/rhnmd/rhnmd.spec b/monitoring/rhnmd/rhnmd.spec
index 6779bb5..93f85bb 100644
--- a/monitoring/rhnmd/rhnmd.spec
+++ b/monitoring/rhnmd/rhnmd.spec
@@ -14,7 +14,13 @@ License: GPLv2
BuildArch: noarch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: openssh-server openssh
+Requires: openssh
+%if 0%{?suse_version}
+# make chkconfig work during build
+BuildRequires: sysconfig
+%else
+Requires: openssh-server
+%endif
BuildRequires: pam-devel
Obsoletes: rhnmd.i386 < 5.3.0-5
Obsoletes: rhnmd.x86_64 < 5.3.0-5
@@ -42,7 +48,11 @@ mkdir -p $RPM_BUILD_ROOT%{_var}/lib/%{np_name}/.ssh
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
mkdir -p $RPM_BUILD_ROOT%{_libdir}
ln -sf sshd $RPM_BUILD_ROOT%{_usr}/sbin/rhnmd
+%if 0%{?suse_version}
+install -pm 0755 rhnmd.init.SUSE $RPM_BUILD_ROOT%{_initddir}/rhnmd
+%else
install -pm 0755 rhnmd-init $RPM_BUILD_ROOT%{_initddir}/rhnmd
+%endif
install -pm 0644 rhnmd_config $RPM_BUILD_ROOT%{_sysconfdir}/%{np_name}/rhnmd_config
install -pm 0600 authorized_keys $RPM_BUILD_ROOT%{_var}/lib/%{np_name}/.ssh/authorized_keys
install -pm 0644 rhnmd-pam_config $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/rhnmd
@@ -50,9 +60,15 @@ install -pm 0644 rhnmd-pam_config $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/rhnmd
%pre
if [ $1 -eq 1 ] ; then
getent group %{np_name} >/dev/null || groupadd -r %{np_name}
+%if !0%{?suse_version}
getent passwd %{np_name} >/dev/null || \
useradd -r -g %{np_name} -d %{_var}/lib/%{np_name} -c "NOCpulse user" %{np_name}
/usr/bin/passwd -l %{np_name} >/dev/null
+%else
+ # SUSE sshd do not allow to login into locked accounts
+ getent passwd %{np_name} >/dev/null || \
+ useradd -r -g %{np_name} -d %{_var}/lib/%{np_name} -c "NOCpulse user" %{np_name} -s /bin/bash
+%endif
exit 0
fi
# Old NOCpulse packages has home in /home/nocpulse.
@@ -64,10 +80,13 @@ if getent passwd %{np_name} >/dev/null && [ -d /home/nocpulse ]; then
fi
%post
+# keygen is done in init script. Doing this in %post is bad for using this rpm in appliances.
+%if !0%{?suse_version}
if [ ! -f %{identity} ]
then
/sbin/runuser -s /bin/bash -c "/usr/bin/ssh-keygen -q -t dsa -N '' -f %{identity}" - %{np_name}
fi
+%endif
/sbin/chkconfig --add rhnmd
%preun
--
1.7.3.4
From 9a6499e8dad1bc50432bd639648a1ce5c0c7d750 Mon Sep 17 00:00:00 2001
From: Michael Calmer <m...@suse.de>
Date: Fri, 15 Apr 2011 12:11:10 +0200
Subject: [PATCH 13/13] add nocpulse config dir to filelist
---
monitoring/rhnmd/rhnmd.spec | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/monitoring/rhnmd/rhnmd.spec b/monitoring/rhnmd/rhnmd.spec
index 93f85bb..856bd4b 100644
--- a/monitoring/rhnmd/rhnmd.spec
+++ b/monitoring/rhnmd/rhnmd.spec
@@ -100,6 +100,7 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-, root,root,-)
+%dir %{_sysconfdir}/%{np_name}
%config(noreplace) %{_sysconfdir}/pam.d/rhnmd
%dir %attr(-, %{np_name},%{np_name}) %{_var}/lib/%{np_name}
%dir %attr(700, %{np_name},%{np_name}) %{_var}/lib/%{np_name}/.ssh
--
1.7.3.4
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
