mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-21 14:31:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

coreos-base/oem-gce: enable oslogin

Browse Source 
Enable google cloud oslogin. Use a one-shot systemd unit with
ConditionFirstBoot to enable oslogin by flipping some symlinks to
oslogin specific ones. Don't do anything if the user has modified one of
the files.
This commit is contained in:
Andrew Jeddeloh 2018-07-03 10:20:25 -07:00
parent 4ca2796803
commit 3fbb737589
4 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/base.ign vendored
View File

@ -1,6 +1,6 @@
{ {
"ignition": { "ignition": {
"version": "2.1.0" "version": "2.2.0"
}, },
"storage": { "storage": {
"files": [ "files": [
@ -12,6 +12,14 @@
}, },
"mode": 292 "mode": 292
}, },
{
"filesystem": "root",
"path": "/etc/systemd/system/oem-gce-enable-oslogin.service",
"contents": {
"source": "oem:///units/oem-gce-enable-oslogin.service"
},
"mode": 292
},
{ {
"filesystem": "root", "filesystem": "root",
"path": "/etc/hosts", "path": "/etc/hosts",
@ -39,6 +47,10 @@
{ {
"name": "oem-gce.service", "name": "oem-gce.service",
"enabled": true "enabled": true
},
{
"name": "oem-gce-enable-oslogin.service",
"enabled": true
} }
] ]
} }

29
sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin vendored Normal file
View File

@ -0,0 +1,29 @@
#!/usr/bin/bash
# Verify all the config files were not touched by the user. Do not try to
# enable oslogin if the user has messed with them
if [ -e '/etc/pam.d/sshd' ]; then
echo '/etc/pam.d/sshd already exists. Not enabling OS Login'
exit 0
fi
if [ "$(readlink -f /etc/nsswitch.conf)" != '/usr/share/baselayout/nsswitch.conf' ]; then
echo '/etc/nsswitch.conf is not a symlink to /usr/share/baselayout/nsswitch.conf. Not enabling OS Login'
exit 0
fi
if [ "$(readlink -f /etc/ssh/sshd_config)" != '/usr/share/ssh/sshd_config' ]; then
echo '/etc/ssh/sshd_config is not a symlink to /usr/share/ssh/sshd_config. Not enabling OS Login'
exit 0
fi
# Actually start enabling things. Die if we fail.
set -e
mkdir -m 0750 -p '/var/lib/google-sudoers.d'
mkdir -m 0750 -p '/var/lib/google-users.d'
ln -f -s '/usr/share/google-oslogin/pam_sshd' '/etc/pam.d/sshd'
ln -f -s '/usr/share/google-oslogin/nsswitch.conf' '/etc/nsswitch.conf'
ln -f -s '/usr/share/google-oslogin/sshd_config' '/etc/ssh/sshd_config'
ln -f -s '/usr/share/google-oslogin/oslogin-sudoers' '/etc/sudoers.d/oslogin-sudoers'

14
sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service vendored Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=Enable GCE OS Login
After=local-fs.target
ConditionFirstBoot=true
Before=sshd.service
Before=sshd.socket
[Service]
Type=oneshot
ExecStart=/usr/share/oem/bin/enable-oslogin
[Install]
WantedBy=sysinit.target

2
sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20170327-r1.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823.ebuild vendored
View File

@ -27,4 +27,6 @@ src_install() {
doins -r "${FILESDIR}/base" doins -r "${FILESDIR}/base"
doins -r "${FILESDIR}/files" doins -r "${FILESDIR}/files"
doins -r "${FILESDIR}/units" doins -r "${FILESDIR}/units"
exeinto "/usr/share/oem/bin"
doexe "${FILESDIR}/bin/enable-oslogin"
} }