Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: kblair on February 02, 2010, 03:58:02 pm
-
Hey everyone,
A couple people have been trying to get me to post this somewhere, so they can implement it with their networks.
I'm not claiming to be an expert at coding whatsoever, and you'll see that im not.
I originally install ebox-desktop and it wasn't sufficient for my needs(a roaming profile workalike for ubuntu)
Knowing very little about PAM modules I modified the ebox scripts as well as login/logout scripts to achieve the following setup:
-Instead of setting up a profile for the user every time they login, their "profile" is synced down from the server, and synced back up to the server when they log out.
-On login the user's share is mounted using autofs(nfsd needs to be installed on the ebox platform server) and uses rsync to copy the profile to the local /home/samba/users/USER's Folder/
This could go directly to the /home/USER'S FOLDER/, i kept it the same as the server for simplicity. I used the users samba share folder(even though not using samba) to allow some of ebox's other features to tie in, like Quota.
-On logout it delets the trash(to conserve space and have a quicker sync) then uses rsync to copy the profile up to the server.
For all of this to work the client machines need to have, standard rsync installed along with aufofs:
autofs will need to following for my example coding:
In /etc/auto.master put:
/mnt/home /etc/auto.mnthome
then create the file /etc/auto.mnthome with the following line in it:
* -nfstype=nfs 192.168.1.6:/home/samba/users/&
This is a base way of doing this and may be a more efficient way to do some of these tasks through pamexec, although im not familiar enough with it to try.
Here are the scripts on the client machine with comments of modifications:
/usr/share/ebox-desktop/ebox-user-shares
# Create link to the user share
#SHARE=$USER
#DESC="$USER's share"
#create_desktop_link
#commented out the user share. i dont want the user knowing they have access to
#their samba share since it is being used to store their whole profile
# Create links to the group shares if they exist
for gid in `id -G`
do
if [ $gid -ge 2001 ]
then
groupname=`getent group $gid | cut -d: -f1`
SHARE=`ldapsearch -x -b "cn=$groupname,ou=Groups,dc=ebox" -h $SERVER \
| grep ^displayResource | cut -d: -f2 | cut -c2-`
if [ -n "$SHARE" ]
then
DESC=`ldapsearch -x -b "cn=$groupname,ou=Groups,dc=ebox" -h $SERVER \
| grep ^description | cut -d: -f2 | cut -c2-`
create_desktop_link
fi
fi
done
/usr/share/ebox-desktop/ebox-user-shares
#!/bin/bash
#I left all variable declarations but commented out everything except the samba configuration
#I left the samba configuration so that it would check on each login and create the samba shortcuts for groups
# Load configuration variables
. /etc/ebox-desktop/ebox-desktop.conf
CONFIGURED_STAMP=~/.ebox-desktop-configured
SERVER=`grep ^host /etc/ldap.conf | cut -d' ' -f2`
SCRIPTS_DIR=/usr/share/ebox-desktop
SKEL_DIR=/usr/share/ebox-desktop/skel
EBOX_DESKTOP_DIR=~/.ebox-desktop
[ -d $EBOX_DESKTOP_DIR ] || mkdir $EBOX_DESKTOP_DIR
# Ekiga configuration
#EKIGACONF=$EBOX_DESKTOP_DIR/ekiga.gconf
#cp $SKEL_DIR/ekiga.gconf $EKIGACONF
#LOCAL_APPS=$HOME/.local/share/applications
#mkdir -p $LOCAL_APPS
#cp /usr/share/applications/ekiga.desktop $LOCAL_APPS
#sed -i 's:^Exec=ekiga:Exec=/usr/share/ebox-desktop/ekiga-launcher:' $LOCAL_APPS/ekiga.desktop
# Evolution configuration
#EVOLUTIONCONF=$HOME/evolution.gconf
#cp $SKEL_DIR/evolution.gconf $EVOLUTIONCONF
#MAIL_ACCOUNT=`ldapsearch -x -b "uid=$USER,ou=Users,dc=ebox" -h $SERVER | grep ^mail: | head -1 | cut -d' ' -f2`
#if [ -n "$MAIL_ACCOUNT" ]
#then
# sed -i "s/USERNAME/$USER/g" $EVOLUTIONCONF
# MAIL_ACCOUNT_ESCAPED=`echo $MAIL_ACCOUNT | sed 's/@/%40/'`
# sed -i "s/MAIL_ACCOUNT_ESCAPED/$MAIL_ACCOUNT_ESCAPED/g" $EVOLUTIONCONF
# sed -i "s/MAIL_ACCOUNT/$MAIL_ACCOUNT/g" $EVOLUTIONCONF
# sed -i "s/EBOX_SERVER/$SERVER/g" $EVOLUTIONCONF
# sed -i "s/MAIL_PROTOCOL/$MAIL_PROTOCOL/g" $EVOLUTIONCONF
# sed -i "s/MAIL_USE_SSL/$MAIL_USE_SSL/g" $EVOLUTIONCONF
# gconftool --load $EVOLUTIONCONF
#fi
#rm $EVOLUTIONCONF
# Samba configuration
HAS_SAMBA_ACCOUNT=`ldapsearch -x -b "uid=$USER,ou=Users,dc=ebox" -h $SERVER | grep "^objectClass: sambaSamAccount"`
if [ -n "$HAS_SAMBA_ACCOUNT" ]
then
$SCRIPTS_DIR/ebox-user-shares $SERVER
fi
# Pidgin configuration
#cp -r $SKEL_DIR/pidgin $EBOX_DESKTOP_DIR
#HAS_JABBER_ACCOUNT=`ldapsearch -x -b "uid=$USER,ou=Users,dc=ebox" -h $SERVER | grep "^objectClass: userJabberAccount"`
#if [ -n "$HAS_JABBER_ACCOUNT" ]
#then
# $SCRIPTS_DIR/ebox-jabber-setup $SERVER
#fi
# Firefox profile configuration
#$SCRIPTS_DIR/ebox-firefox-profile $SERVER
touch $CONFIGURED_STAMP
/usr/share/ebox-prepare-home
#This is the file with the majority of the changes
#!/bin/bash
USER=$PAM_USER
USERHOME=/home/samba/users/$USER
PROFILE=$USERHOME/.profile
CONFIGURED_STAMP=~/.ebox-desktop-configured
SETUP_SCRIPT=/usr/share/ebox-desktop/ebox-setup-user
#added mountpoint definition
MOUNT_POINT=/mnt/home
if [ $USER = "root" ]
then
exit
fi
cat /usr/src/eboxlock >> /root/prepare-homelog
#This is a lock mechanism i've put in to "not sync"
#For some reason i found that this script was running once when you logout after GDM
#PostSession, so in the postsession i have it touching /usr/src/eboxlock, so the one execute it
#does afterwards doesnt waste resources and and resync back up the same info.
#On the other hand this might be resulting in some of the "not-syncing" users have been
#reporting, so if theres a way higher up to stop the extra run of ebox-prepare-home when logging
#out this would make it much more efficient.
if [ -f /usr/src/eboxlock ]
then
rm /usr/src/eboxlock
echo "lock existed then removed" >> /root/prepare-homelog
exit
fi
#The following 4 lines were added to ensure the users folder exists and has correct ownership
#before trying to sync
mkdir $USERHOME
chown $USER $USERHOME
chgrp "Domain Users" $USERHOME
chgrp "Domain Users" /mnt/home/$USER
#A standard date and time log for troubleshooting purposes.
date > /root/loginsynclog
#here is the sync command, using rsync it will sync the users folder on the server under
#/home/samba/users/USER to the same local folder. exclude .gvfs was added due to rsync not
#being able to continue if a drive was left mounted when logging in/out(can probably be removed #from this script but left in logout script.)
#I currently have it logging to /root/loginsynclog
rsync -av --delete --exclude '.gvfs' $MOUNT_POINT/$USER/ $USERHOME >> /root/loginsynclog
#The following removes the current groups shortcuts before it runs them again
#this allows dynamic changing of groups and it's shortcuts.
#IE: if i dont want a user part of a group i can remove them from it, and it will take the shortcut
#away next time they login.
rm $USERHOME/Desktop/*.desktop
# Execute ebox-desktop setup
#since this script is ran every start up, and i want users to be able to add stuff to their .profile file
#I added the following lines to remove all instances of the run setup script command, then add it
#once to the end
sed -i '/ebox/d' $PROFILE
echo "\n# Added by ebox-desktop" >> $PROFILE
echo "[ -f /usr/src/doesnotexist ] || $SETUP_SCRIPT" >> $PROFILE
# Set proper .profile ownership
chown $USER: $PROFILE
#this is a custom script ran specific to our machines and can be removed
/usr/local/bin/fixmtrr.sh
#below is another "mechanism" i've put in while implementing this
#it will run this script which is on the server under an updates folder.
#it will update the /etc/gdm/PostSession/Default file, which is what is used for the login script
#see below for the script info
/mnt/home/updates/updatepost.sh
/etc/gdm/PostSession/Default
#!/bin/sh
PATH="/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH:/bin:/usr/bin"
OLD_IFS=$IFS
gdmwhich () {
COMMAND="$1"
OUTPUT=
IFS=:
for dir in $PATH
do
if test -x "$dir/$COMMAND" ; then
if test "x$OUTPUT" = "x" ; then
OUTPUT="$dir/$COMMAND"
fi
fi
done
IFS=$OLD_IFS
echo "$OUTPUT"
}
#my modifications start here, this happens when a user logs out
#first line used for logging when troubleshooting
echo "Current User: " $USER >> /root/prepare-homelog
#the next 3 lines delete any trash and cookies to save on server space and syncing
rm -Rv /home/samba/users/$USER/.local/share/Trash/*
rm -Rv /home/samba/users/$USER/.local/share/Trash/.*
rm -Rv /home/samba/users/$USER/.mozilla/firefox/*.default/Cache/*
#here is the fundamental sync up to the server script
#note the exclude of gvfs(this was halting the sync if drives were mounted when users were logging out
#i've also piped it into zenity which gives the user some reassurance that it's syncing their files
rsync -av --delete --exclude '.gvfs' /home/samba/users/$USER/ /mnt/home/$USER | zenity --progress --auto-close --pulsate --text="Syncing Files"
#this touches a lock file that prevents another run of the ebox-prepare-home file after this script is run, which seems to be done automatically by something higher up
touch /usr/src/eboxlock
#a script with main purpose of updating the the login script
/mnt/home/updates/updatepre.sh
exit 0
/mnt/home/updates/updatepre.sh
#/mnt/home/updates/ is mounted and ran off the server, so all changes can be centralized
#this is ran in the logout script.
#pretty simple deleted the backup ebox-prepare-home.backup, moves the existing one to the
#backup and downloads the new one from the server
#!/bin/bash
rm /usr/share/ebox-desktop/ebox-prepare-home.backup
mv /usr/share/ebox-desktop/ebox-prepare-home /usr/share/ebox-desktop/ebox-prepare-home.backup
cp /mnt/home/updates/ebox-prepare-home /usr/share/ebox-desktop/
chmod 755 /usr/share/ebox-desktop/ebox-prepare-home
/mnt/home/updates/updatepost.sh
#/mnt/home/updates/ is mounted and ran off the server, so all changes can be centralized
#this is ran in the lin script.
#pretty simple deleted the backup Default.backup, moves the existing one to the
#backup and downloads the new one from the server
#!/bin/bash
rm /etc/gdm/PostSession/Default.backup
mv /etc/gdm/PostSession/Default /etc/gdm/PostSession/Default.backup
cp /mnt/home/updates/Default /etc/gdm/PostSession/
chmod 755 /etc/gdm/PostSession/Default
These above 2 scripts i also use when i want to do a large scale change.
Example: If i want to install a printer on all computers, i make a script to check if the printer is already installed then if not append a new printer into the cups.conf and then reference the script from the updatepre.sh script.
Which will basically setup the new printer on next logout.
If anyone see's some improvement and im sure theres lots of it, let me know.
-
Thank you very much for the contribution!
We can try to merge it into the official ebox-desktop code as soon as possible.
-
I wonder how this is going? I would love to have this working for Lucid clients.
-
Have you considered just mounting workstations' home directories to the eBox server home directories via NFS instead of copying/rsyncing?
-
I second that last post, Indeed this will be a alternative to sync. the files from station to server.
Instead of having the copy process twice 1 at login 2 at logout it will be much faster just to mount.
Any suggestions to this ?
Best regards
Bogdan
-
I previously had a setup with home directories mounted to a data server and it worked great(although anoying to maintain users accross all machines) for 30-40 workstations. When we upgraded to 75 machines there were major connection stability issues.
-
When we upgraded to 75 machines there were major connection stability issues.
I agree with you, in case that 50 people is accessing their file there would be problems not with network bandwidth than with Server HDD "bandwidth".
But just one question? What happens if power is lost during work, and no rsync to server is done? Will you have new files created/changed before power lose after rsync from server?
-
currently if power is lost, (and has from time to time), the user loses their work and what is on the server syncs up to the computer on re-login.
It is a problem, I just havent had the time to think of and implement something for that.
Im still having some problems of things not syncing here and there so im still trying to troubleshoot it.
I would like to get rid of the lock in the script however need to first understand, when logging out, why the system is running /usr/share/ebox-prepare-home (the login script) again once, after the logout script /etc/gdm/PostSession/Default.