90 lines
3.1 KiB
Plaintext
90 lines
3.1 KiB
Plaintext
|
--------------------------------------------------------------------------------------------------
|
||
|
|
|
||
|
|
** Our objective: Prevent mixing up custom related files with opsi packages
|
||
|
|
If you install opsi packages on the OPSI-Server, they will be
|
||
|
|
extracted to /opt/pcbin/install. For some packages it's necessary to place
|
||
|
|
customized files inside this area (e.g. /opt/pcbin/install/<program>/custom/myconfig.cfg)
|
||
|
|
In this situation, opsi-packages are mixed up with private/individual files. This
|
||
|
|
could be a problem for maintenance, update or prtivacy reason.
|
||
|
|
|
||
|
|
** Solution: Separation of custom files
|
||
|
|
To separate the opsi-packages from the custom files, we setup a unionfs filesystem and
|
||
|
|
publish two directories as one, readonly aggregation filesystem.
|
||
|
|
|
||
|
|
---------------------------------------------------------------------------------------------------
|
||
|
|
|
||
|
|
** Installation of unionfs-fuse on a centos system
|
||
|
|
|
||
|
|
# Prerequirements for compiling unionfs
|
||
|
|
yum install gcc
|
||
|
|
yum install fuse
|
||
|
|
yum install fuse-devel
|
||
|
|
|
||
|
|
# Downloading and installing unionfs
|
||
|
|
wget http://podgorny.cz/unionfs-fuse/releases/unionfs-fuse-0.24.tar.bz2
|
||
|
|
tar xfvj unionfs-fuse-0.24.tar.bz2
|
||
|
|
cd unionfs-fuse-0.24
|
||
|
|
make
|
||
|
|
make install
|
||
|
|
|
||
|
|
# automatically loading the module
|
||
|
|
/etc/modprobe.d/fuse.conf
|
||
|
|
install fuse /sbin/modprobe fuse; /sbin/modprobe fuse
|
||
|
|
modprobe fuse
|
||
|
|
|
||
|
|
|
||
|
|
** Configure the aggreeagated opsi depot
|
||
|
|
# Create a depot directory containing the customized files.
|
||
|
|
mkdir /srv/opsi/depot.custom
|
||
|
|
|
||
|
|
# mount the new, aggregated depot to a new mountpoint
|
||
|
|
mkdir /dynamic/opsi-depot.unionfs
|
||
|
|
|
||
|
|
# Mount example1:
|
||
|
|
unionfs -o max_files=32768 \
|
||
|
|
-o allow_other,use_ino,suid,dev,nonempty \
|
||
|
|
/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO \
|
||
|
|
/dynamic/opsi-depot.unionfs
|
||
|
|
|
||
|
|
# Mount example2:
|
||
|
|
mount -t fuse -o max_files=32768 \
|
||
|
|
-o allow_other,use_ino,suid,dev,nonempty \
|
||
|
|
unionfs\#/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO \
|
||
|
|
/dynamic/opsi-depot.unionfs
|
||
|
|
|
||
|
|
# Automount aggreeagated depot by fstab
|
||
|
|
/etc/fstab
|
||
|
|
unionfs#/srv/opsi/depot.custom=RO:/opt/pcbin/install=RO /dynamic/opsi-depot.unionfs fuse allow_other,use_ino,suid,dev,nonempty,max_files=32768 0 0
|
||
|
|
|
||
|
|
|
||
|
|
# check, if you can access the new filesystem
|
||
|
|
ls -la /dynamic/opsi-depot.unionfs
|
||
|
|
|
||
|
|
|
||
|
|
** check functionallay using the swdaudit project
|
||
|
|
# create a custom file an validate the aggregated filesystem
|
||
|
|
touch /srv/opsi/depot.custom/MY_INDIVIDUAL_FILE.txt
|
||
|
|
|
||
|
|
# checks
|
||
|
|
ls /opt/pcbin/install/swaudit
|
||
|
|
ls /dynamic/opsi-depot.unionfs
|
||
|
|
|
||
|
|
rm /srv/opsi/depot.custom/MY_INDIVIDUAL_FILE.txt
|
||
|
|
|
||
|
|
|
||
|
|
** setup samba to use this new filesystem
|
||
|
|
/etc/samba/smb.conf
|
||
|
|
[opsi_depot]
|
||
|
|
available = yes
|
||
|
|
comment = opsi depot share (ro)
|
||
|
|
; path = /var/lib/opsi/depot
|
||
|
|
path = /dynamic/opsi-depot.unionfs
|
||
|
|
oplocks = no
|
||
|
|
level2 oplocks = no
|
||
|
|
writeable = no
|
||
|
|
invalid users = root
|
||
|
|
|
||
|
|
service smb restart
|
||
|
|
|
||
|
|
--------------------------------------------------------------------------------------------------
|