Well, it's not really to the point. Maybe my example was bad but there
are lots of other reasons one might want to run a script after the
install is finished. Actually, the reason this came up is that I want
the linux cli screen reader to run on the first boot and then get
disabled. But I just added it to the things my fai setup does after the
first reboot.
On 1/10/19 6:55 AM, Brian Kroth wrote:
You can configure the nfsroot with your ldap configs so you can have
them available during fai. I used this (at another UW department) for
rescue consoles to support natural logins from admins.
As far as the sudo config, why not just copy a sudoers (.d) snippet down
that references the user during fai/config management time? It can still
reference an ldap user without them being available yet. They don't need
to be in the local sudo group to privelege them. You can also add host
match restrictions if you want. It's quite customizable.
On Thu, Jan 10, 2019, 00:29 Martin Krämer <mk.mad...@gmail.com
<mailto:mk.mad...@gmail.com>> wrote:
Hi John,
if you are using LDAP - why not permitting a LDAP group (which
already exists during install) and then configure sudo via LDAP?
Thats how I solved it for my soho environment.
See: https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html
Kind Regards
Martin
On Wed, Jan 9, 2019, 22:06 John G Heim <jh...@math.wisc.edu
<mailto:jh...@math.wisc.edu> wrote:
So I had this problem. I want to configure certain users to have
sudo on
the workstations I manage. Problem we do ldap authenticaition --
so the
users don't exist during the install. I can easily write an fai
script
to do an adduser but it doesn't work because the user doesn't exist
during the install. What I needed to do is to run a script once
after
the system reboots into the newly installed operating system. I
thought
about putting a script on there that would run at boot time and
delete
itself. But that's ugly and failure prone. But I came up with a
solution
that is much more reliable and flexible.
1. Create a crontab file to be copied to the target system
during the
install. For example, during my fai installs, I create a class
called
INSTALL. So I created a crontab file
/srv/fai/config/files/etc/crontab/INSTALL.
Put a command like this in this file:
@reboot root fai --class/dev/null=POSTINST softupdate
2. Add an fcopy command to one of your installation scripts to
copy the
crontab file:
fcopy -Bi /etc/crontab
3. Create another, normal crontab file without the above line
and call
it POSTINST or whatever you called the class in the first
crontab. In
this example, it would be
/srv/fai/config/files/etc/crontab/POSTINST.
4. in your fai script space, create a directory called POSTINST
mkdir /srv/fai/config/scripts/POSTINST
5. Put a script in there to install the normal crontab file
fcopy -Bi /etc/crontab
6. Put scripts to do whatever else you want into that same
directory.
These scripts will be run just once when the system reboots
after the
original fai install. The target machine will look completely
normal and
there won't be any extra programs/scripts on it (unless you
count fai
itself).
Verstehst du?
--
--
John G. Heim; jh...@math.wisc.edu <mailto:jh...@math.wisc.edu>;
sip://jh...@sip.linphone.org <mailto:jh...@sip.linphone.org>