# sudoers.d
install -m 0600 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
+install -m 0600 -D sudoers.d/cephdaemon %{buildroot}%{_sysconfdir}/sudoers.d/cephdaemon
%if 0%{?rhel} >= 8
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{_bindir}/*
fi
fi
+%pre daemon
+# create user
+if ! getent passwd | grep -q '^cephdaemon:'; then
+ useradd -r -s /bin/bash -c "Ceph-daemon user for mgr/ssh" -m cephdaemon
+fi
+# set up (initially empty) .ssh/authorized_keys file
+if ! test -d /home/cephdaemon/.ssh; then
+ mkdir /home/cephdaemon/.ssh
+ chown --reference /home/cephdaemon /home/cephdaemon/.ssh
+ chmod 0700 /home/cephdaemon/.ssh
+fi
+if ! test -e /home/cephdaemon/.ssh/authorized_keys; then
+ touch /home/cephdaemon/.ssh/authorized_keys
+ chown --reference /home/cephdaemon /home/cephdaemon/.ssh/authorized_keys
+ chmod 0600 /home/cephdaemon/.ssh/authorized_keys
+fi
+exit 0
+
+%postun daemon
+userdel -r cephdaemon || true
+exit 0
+
%files daemon
%{_sbindir}/ceph-daemon
+%{_sysconfdir}/sudoers.d/cephdaemon
%files common
%dir %{_docdir}/ceph
usr/sbin/ceph-daemon
+etc/sudoers.d/cephdaemon
--- /dev/null
+#!/bin/sh
+# vim: set noet ts=8:
+# postinst script for ceph-daemon
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#
+# postinst configure <most-recently-configured-version>
+# old-postinst abort-upgrade <new-version>
+# conflictor's-postinst abort-remove in-favour <package> <new-version>
+# postinst abort-remove
+# deconfigured's-postinst abort-deconfigure in-favour <failed-install-package> <version> [<removing conflicting-package> <version>]
+#
+
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ # create cephdaemon user
+ # 1. create user if not existing
+ if ! getent passwd | grep -q "^cephdaemon:"; then
+ echo -n "Adding system user cephdaemon.."
+ adduser --quiet --system --disabled-password --gecos 'Ceph-dameon user for mgr/ssh' --shell /bin/bash cephdaemon 2>/dev/null || true
+ echo "..done"
+ fi
+
+ # 2. make sure user is unlocked
+ if [ -f /etc/shadow ]; then
+ usermod -U -e '' cephdaemon
+ else
+ usermod -U cephdaemon
+ fi
+
+ # set up (initially empty) .ssh/authorized_keys file
+ if ! test -d /home/cephdaemon/.ssh; then
+ mkdir /home/cephdaemon/.ssh
+ chown --reference /home/cephdaemon /home/cephdaemon/.ssh
+ chmod 0700 /home/cephdaemon/.ssh
+ fi
+ if ! test -e /home/cephdaemon/.ssh/authorized_keys; then
+ touch /home/cephdaemon/.ssh/authorized_keys
+ chown --reference /home/cephdaemon /home/cephdaemon/.ssh/authorized_keys
+ chmod 0600 /home/cephdaemon/.ssh/authorized_keys
+ fi
+
+ ;;
+ abort-upgrade|abort-remove|abort-deconfigure)
+ :
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postrm script for ceph-daemon
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ remove)
+ deluser --remove-home cephdaemon
+ ;;
+
+ purge)
+ ;;
+
+ upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
install -D -m 644 src/etc-rbdmap $(DESTDIR)/etc/ceph/rbdmap
install -D -m 644 etc/sysctl/90-ceph-osd.conf $(DESTDIR)/etc/sysctl.d/30-ceph-osd.conf
install -D -m 600 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
+ install -D -m 600 sudoers.d/cephdaemon $(DESTDIR)/etc/sudoers.d/cephdaemon
install -m 755 src/ceph-daemon/ceph-daemon $(DESTDIR)/usr/sbin/ceph-daemon
--- /dev/null
+# allow cephdaemon user to sudo ceph-daemon
+cephdaemon ALL=NOPASSWD: /usr/bin/ceph-daemon --image * ls
+cephdaemon ALL=NOPASSWD: /usr/bin/ceph-daemon --image * unit *
+cephdaemon ALL=NOPASSWD: /usr/bin/ceph-daemon --image * shell *
+cephdaemon ALL=NOPASSWD: /usr/bin/ceph-daemon --image * deploy *
+cephdaemon ALL=NOPASSWD: /usr/bin/ceph-daemon --image * ceph-volume *
+cephdaemon ALL=NOPASSWD: /usr/bin/ceph-daemon --image * rm-daemon *
projects / ceph.git / commitdiff