Compare commits
No commits in common. "ac83234433ed9f3e0ac4da389d1693c4b60e7155" and "94a65a31e0028bc8512e5469f9d544b0a7c80395" have entirely different histories.
ac83234433
...
94a65a31e0
|
|
@ -67,19 +67,14 @@ fleetlock_lock() {
|
||||||
# called.
|
# called.
|
||||||
fleetlock_enable_unlock_service || return 1
|
fleetlock_enable_unlock_service || return 1
|
||||||
local fleetlock_group=""
|
local fleetlock_group=""
|
||||||
local optional_args=()
|
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. $FLEETLOCK_CONFIG || return 1
|
. $FLEETLOCK_CONFIG || return 1
|
||||||
if [ -z "$fleetlock_group" ]; then
|
if [ -z "$fleetlock_group" ]; then
|
||||||
echo "Unable to set fleetlock_group"
|
echo "Unable to set fleetlock_group"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
if [ -n "$fleetlock_lock_timeout" ]; then
|
|
||||||
optional_args+=("--timeout")
|
|
||||||
optional_args+=("$fleetlock_lock_timeout")
|
|
||||||
fi
|
|
||||||
echo "Getting fleetlock lock"
|
echo "Getting fleetlock lock"
|
||||||
$FLEETLOCK_TOOL --lock-group "$fleetlock_group" --lock "${optional_args[@]}" || return 1
|
$FLEETLOCK_TOOL --lock-group "$fleetlock_group" --lock || return 1
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
@ -87,20 +82,15 @@ fleetlock_lock() {
|
||||||
fleetlock_unlock() {
|
fleetlock_unlock() {
|
||||||
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
|
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
|
||||||
local fleetlock_group=""
|
local fleetlock_group=""
|
||||||
local optional_args=()
|
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. $FLEETLOCK_CONFIG || return 1
|
. $FLEETLOCK_CONFIG || return 1
|
||||||
if [ -z "$fleetlock_group" ]; then
|
if [ -z "$fleetlock_group" ]; then
|
||||||
echo "Unable to set fleetlock_group"
|
echo "Unable to set fleetlock_group"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
if [ -n "$fleetlock_unlock_timeout" ]; then
|
|
||||||
optional_args+=("--timeout")
|
|
||||||
optional_args+=("$fleetlock_unlock_timeout")
|
|
||||||
fi
|
|
||||||
machine_is_healthy || return 1
|
machine_is_healthy || return 1
|
||||||
echo "Releasing fleetlock lock"
|
echo "Releasing fleetlock lock"
|
||||||
$FLEETLOCK_TOOL --lock-group "$fleetlock_group" --unlock "${optional_args[@]}" || return 1
|
$FLEETLOCK_TOOL --lock-group "$fleetlock_group" --unlock || return 1
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -97,10 +97,7 @@ def do_fleetlock_request(
|
||||||
timeout=args.request_timeout,
|
timeout=args.request_timeout,
|
||||||
auth=("", config[args.lock_group]["password"]),
|
auth=("", config[args.lock_group]["password"]),
|
||||||
)
|
)
|
||||||
except (
|
except requests.exceptions.ConnectionError as e:
|
||||||
requests.exceptions.ConnectionError,
|
|
||||||
requests.exceptions.ReadTimeout,
|
|
||||||
) as e:
|
|
||||||
print(f"POST request failed: {e}")
|
print(f"POST request failed: {e}")
|
||||||
time.sleep(retry_sleep_delay)
|
time.sleep(retry_sleep_delay)
|
||||||
continue
|
continue
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ if test -f /root/.ssh/authorized_keys; then
|
||||||
if test `stat -t /root/.ssh/authorized_keys | cut -d\ -f5` != 0; then
|
if test `stat -t /root/.ssh/authorized_keys | cut -d\ -f5` != 0; then
|
||||||
chown root.root /root/.ssh/authorized_keys
|
chown root.root /root/.ssh/authorized_keys
|
||||||
fi
|
fi
|
||||||
if test `stat --printf=%a /root/.ssh/authorized_keys` != 440; then
|
if test `stat --printf=%a /root/.ssh/authorized_keys` != 600; then
|
||||||
chmod 440 /root/.ssh/authorized_keys
|
chmod 600 /root/.ssh/authorized_keys
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Set Cosmos directory permissions so that
|
|
||||||
# the files cannot be read by anyone but root,
|
|
||||||
# since it's possible that the directory
|
|
||||||
# can contain files that after applying the
|
|
||||||
# overlay to / only should be read or writable
|
|
||||||
# by root.
|
|
||||||
|
|
||||||
set -e
|
|
||||||
self=$(basename "$0")
|
|
||||||
|
|
||||||
if ! test -d "$COSMOS_BASE"; then
|
|
||||||
test -z "$COSMOS_VERBOSE" || echo "$self: COSMOS_BASE was not found. Aborting change of permissions."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
args=""
|
|
||||||
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
|
|
||||||
args="-v"
|
|
||||||
fi
|
|
||||||
|
|
||||||
chown ${args} root:root "$COSMOS_BASE"
|
|
||||||
chmod ${args} 750 "$COSMOS_BASE"
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Set Cosmos directory permissions so that
|
|
||||||
# the files cannot be read by anyone but root,
|
|
||||||
# since it's possible that the directory
|
|
||||||
# can contain files that after applying the
|
|
||||||
# overlay to / only should be read or writable
|
|
||||||
# by root.
|
|
||||||
|
|
||||||
set -e
|
|
||||||
self=$(basename "$0")
|
|
||||||
|
|
||||||
if ! test -d "$COSMOS_BASE"; then
|
|
||||||
test -z "$COSMOS_VERBOSE" || echo "$self: COSMOS_BASE was not found. Aborting change of permissions."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
args=""
|
|
||||||
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
|
|
||||||
args="-v"
|
|
||||||
fi
|
|
||||||
|
|
||||||
chown ${args} root:root "$COSMOS_BASE"
|
|
||||||
chmod ${args} 750 "$COSMOS_BASE"
|
|
||||||
|
|
@ -14,17 +14,10 @@ if ! test -d "$MODEL_OVERLAY"; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
args=""
|
|
||||||
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
|
|
||||||
args="-v"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -d "$MODEL_OVERLAY/root" ]; then
|
if [ -d "$MODEL_OVERLAY/root" ]; then
|
||||||
chown ${args} root:root "$MODEL_OVERLAY"/root
|
args=""
|
||||||
|
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
|
||||||
|
args="-v"
|
||||||
|
fi
|
||||||
chmod ${args} 0700 "$MODEL_OVERLAY"/root
|
chmod ${args} 0700 "$MODEL_OVERLAY"/root
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d "$MODEL_OVERLAY/root/.ssh" ]; then
|
|
||||||
chown ${args} -R root:root "$MODEL_OVERLAY"/root/.ssh
|
|
||||||
chmod ${args} 0700 "$MODEL_OVERLAY"/root/.ssh
|
|
||||||
fi
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue