102 lines
3.4 KiB
Plaintext
102 lines
3.4 KiB
Plaintext
--------------------------------------------------------------------------------------------------
|
|
|
|
** Our objective: Prevent mixing up custom related files with OPSI packages
|
|
|
|
If you install OPSI packages on the OPSI-Server, they will be
|
|
extracted to /opt/pcbin/install. For some packages it's necessary to place
|
|
customized files inside this area (e.g. /opt/pcbin/install/<program>/custom/myconfig.cfg)
|
|
In this situation, OPSI-packages are mixed up with private/individual files. This
|
|
could be a problem for maintenance, update or privacy reason.
|
|
|
|
** Solution: Separation of custom files
|
|
|
|
To separate the OPSI-packages from the custom files, we setup a unionfs filesystem and
|
|
publish two directories as one, read-only aggregation filesystem.
|
|
|
|
---------------------------------------------------------------------------------------------------
|
|
|
|
|
|
** Installation of unionfs-fuse on a centos system
|
|
|
|
# Prerequirements for compiling unionfs
|
|
yum install gcc
|
|
yum install fuse
|
|
yum install fuse-devel
|
|
|
|
# Downloading and installing unionfs
|
|
wget http://podgorny.cz/unionfs-fuse/releases/unionfs-fuse-0.24.tar.bz2
|
|
tar xfvj unionfs-fuse-0.24.tar.bz2
|
|
cd unionfs-fuse-0.24
|
|
make
|
|
make install
|
|
|
|
# automatically loading the module
|
|
/etc/modprobe.d/fuse.conf
|
|
install fuse /sbin/modprobe fuse; /sbin/modprobe fuse
|
|
modprobe fuse
|
|
|
|
|
|
** Configure the aggreeagated OPSI depot
|
|
# Create a depot directory containing the customized files.
|
|
mkdir /srv/opsi/depot.custom
|
|
|
|
# mount the new, aggregated depot to a new mountpoint
|
|
mkdir /dynamic/opsi-depot.unionfs
|
|
|
|
# Mount example1:
|
|
unionfs -o max_files=32768 \
|
|
-o allow_other,use_ino,suid,dev,nonempty \
|
|
/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO \
|
|
/dynamic/opsi-depot.unionfs
|
|
|
|
# Mount example2:
|
|
mount -t fuse -o max_files=32768 \
|
|
-o allow_other,use_ino,suid,dev,nonempty \
|
|
unionfs\#/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO \
|
|
/dynamic/opsi-depot.unionfs
|
|
|
|
# Automount aggreeagated depot by fstab
|
|
/etc/fstab
|
|
unionfs#/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO /dynamic/opsi-depot.unionfs fuse allow_other,use_ino,suid,dev,nonempty,max_files=32768 0 0
|
|
|
|
|
|
# check, if you can access the new filesystem
|
|
ls -la /dynamic/opsi-depot.unionfs
|
|
|
|
|
|
** check functionallay using the swdaudit project
|
|
# create a custom file an validate the aggregated filesystem
|
|
touch /srv/opsi/depot.custom/MY_INDIVIDUAL_FILE.txt
|
|
|
|
# checks
|
|
ls /opt/pcbin/install/swaudit
|
|
ls /dynamic/opsi-depot.unionfs
|
|
|
|
rm /srv/opsi/depot.custom/MY_INDIVIDUAL_FILE.txt
|
|
|
|
|
|
** setup samba to use this new filesystem
|
|
/etc/samba/smb.conf
|
|
[opsi_depot]
|
|
available = yes
|
|
comment = opsi depot share (ro)
|
|
; path = /var/lib/opsi/depot
|
|
path = /dynamic/opsi-depot.unionfs
|
|
oplocks = no
|
|
level2 oplocks = no
|
|
writeable = no
|
|
invalid users = root
|
|
|
|
service smb restart
|
|
|
|
|
|
# Testing using a OPSI client PC
|
|
On a windows client PC. connect to the OPSI depot networkshare
|
|
\\<opsi-server\opsi_depot and check the directory swaudit\custom. You
|
|
should have read-only access to the test file MY_INDIVIDUAL_FILE.txt
|
|
located in the individual/private directory on the OPSI-server.
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------------------------------
|