This commit is contained in:
DT Netsolution GmbH 2012-01-27 14:07:19 +01:00
parent ba6d54f5c7
commit 256f62b0ab

View File

@ -0,0 +1,89 @@
--------------------------------------------------------------------------------------------------
** Our objective: Prevent mixing up custom related files with opsi packages
If you install opsi packages on the OPSI-Server, they will be
extracted to /opt/pcbin/install. For some packages it's necessary to place
customized files inside this area (e.g. /opt/pcbin/install/<program>/custom/myconfig.cfg)
In this situation, opsi-packages are mixed up with private/individual files. This
could be a problem for maintenance, update or prtivacy reason.
** Solution: Separation of custom files
To separate the opsi-packages from the custom files, we setup a unionfs filesystem and
publish two directories as one, readonly aggregation filesystem.
---------------------------------------------------------------------------------------------------
** Installation of unionfs-fuse on a centos system
# Prerequirements for compiling unionfs
yum install gcc
yum install fuse
yum install fuse-devel
# Downloading and installing unionfs
wget http://podgorny.cz/unionfs-fuse/releases/unionfs-fuse-0.24.tar.bz2
tar xfvj unionfs-fuse-0.24.tar.bz2
cd unionfs-fuse-0.24
make
make install
# automatically loading the module
/etc/modprobe.d/fuse.conf
install fuse /sbin/modprobe fuse; /sbin/modprobe fuse
modprobe fuse
** Configure the aggreeagated opsi depot
# Create a depot directory containing the customized files.
mkdir /srv/opsi/depot.custom
# mount the new, aggregated depot to a new mountpoint
mkdir /dynamic/opsi-depot.unionfs
# Mount example1:
unionfs -o max_files=32768 \
-o allow_other,use_ino,suid,dev,nonempty \
/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO \
/dynamic/opsi-depot.unionfs
# Mount example2:
mount -t fuse -o max_files=32768 \
-o allow_other,use_ino,suid,dev,nonempty \
unionfs\#/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO \
/dynamic/opsi-depot.unionfs
# Automount aggreeagated depot by fstab
/etc/fstab
unionfs#/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO /dynamic/opsi-depot.unionfs fuse allow_other,use_ino,suid,dev,nonempty,max_files=32768 0 0
# check, if you can access the new filesystem
ls -la /dynamic/opsi-depot.unionfs
** check functionallay using the swdaudit project
# create a custom file an validate the aggregated filesystem
touch /srv/opsi/depot.custom/MY_INDIVIDUAL_FILE.txt
# checks
ls /opt/pcbin/install/swaudit
ls /dynamic/opsi-depot.unionfs
rm /srv/opsi/depot.custom/MY_INDIVIDUAL_FILE.txt
** setup samba to use this new filesystem
/etc/samba/smb.conf
[opsi_depot]
available = yes
comment = opsi depot share (ro)
; path = /var/lib/opsi/depot
path = /dynamic/opsi-depot.unionfs
oplocks = no
level2 oplocks = no
writeable = no
invalid users = root
service smb restart
--------------------------------------------------------------------------------------------------