Merge branch 'stable_14r4' of gitlab.taurusgroup.one:clustervision/trinityx-combined into stable_14r4

Author: aphmschonewille

site/controller.yml

@@ -269,6 +269,7 @@
       tags: ood, ood-vnc
 
     - role: trinity/ood-interactive_apps
+      ood_apps_admin_group: '{{ admin_group }}'
       tags: ood, interactive-apps, ood-interactive-apps
 
     # - role: trinity/prometheus-auth

site/imports/trinity-redhat-image-setup.yml

@@ -99,6 +99,7 @@
     tags: ood, ood-vnc
 
   - role: trinity/ood-interactive_apps
+    ood_apps_admin_group: '{{ admin_group }}'
     tags: ood, ood-interactive-apps, interactive-apps
 
   - role: trinity/target

site/imports/trinity-ubuntu-image-setup.yml

@@ -97,6 +97,7 @@
 #    tags: ood
 
   - role: trinity/ood-interactive_apps
+    ood_apps_admin_group: '{{ admin_group }}'
     tags: ood, ood-interactive-apps, interactive-apps
 
   - role: trinity/target

site/roles/trinity/mariadb/tasks/main.yml

@@ -39,6 +39,16 @@
     seuser: system_u
   when: primary | default(True)
 
+- name: modify mariadb-server.cnf
+  replace:
+    dest: '/etc/my.cnf.d/mariadb-server.cnf'
+    regexp: '^{{ item }}='
+    replace: '#{{ item }}='
+  with_items:
+    - datadir
+    - socket
+  ignore_errors: true
+
 - name: Render /etc/my.cnf
   template:
     src: 'etc_my.cnf.j2'

site/roles/trinity/ood-interactive_apps/defaults/main.yml

@@ -1 +1,3 @@
 ---
+
+ood_apps_admin_group: 'admins'

site/roles/trinity/ood-interactive_apps/tasks/main.yml

@@ -13,3 +13,7 @@
   when: '"Code Server" in ood_interactive_apps'
   tags: codeserver
 
+- name: Install OSImage addons
+  ansible.builtin.include_tasks:
+    file: osimage.yml
+

site/roles/trinity/ood-interactive_apps/tasks/osimage.yml

@@ -0,0 +1,27 @@
+---
+
+- block:
+  - name: Ensure addons directory exists
+    file:
+      path: "{{ trix_ood }}/{{ ood_portal_version }}/osimage/addons/"
+      state: directory
+
+  - name: Render wrapper addon for lchroot
+    template:
+      src: "osimage/lchroot_wrapper.sh.j2"
+      dest: "{{ trix_ood }}/{{ ood_portal_version }}/osimage/addons/chroot_wrapper.sh"
+      mode: 0755
+      owner: root
+      group: root
+
+  - name: Render sudoers for lchroot
+    template:
+      src: "osimage/sudoers.j2"
+      dest: "/etc/sudoers.d/lchroot"
+      mode: 0755
+      owner: root
+      group: root
+  when: 
+    - on_controller|default(False)
+    - ansible_connection not in 'chroot'
+

site/roles/trinity/ood-interactive_apps/templates/osimage/lchroot_wrapper.sh.j2

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# This code is part of the TrinityX software suite
+# Copyright (C) 2023  ClusterVision Solutions b.v.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+###
+# 
+# USAGE:
+# cat /etc/ood/config/apps/shell/env
+#   OOD_SSH_WRAPPER=/trinity/local/ondemand/3.0/osimage/addons/chroot_wrapper.sh
+# 
+# cat /trinity/local/ondemand/3.0/osimage/addons/chroot_wrapper.sh
+# https://vmware-controller1.cluster:8080/pun/sys/shell/ssh/vmware-controller1.cluster/image=compute,path=/trinity/images/compute,kernel_version=5.14.0-427.37.1.el9_4.x86_64
+# 
+####
+
+function wait_till_ok {
+    local OS_PATH=$1
+    if [[ -f "${OS_PATH}/tmp/lchroot.lock" ]]; then
+        echo "lchroot is already running, waiting for it to finish (press f to force)"
+
+        while [[ -f "${OS_PATH}/tmp/lchroot.lock" ]]; do
+            read -t 1 -n 1 -s key
+            if [[ $key == "f" ]]; then
+                echo ""
+                echo "Removing lock file"
+                sudo rm "${OS_PATH}/tmp/lchroot.lock"
+                break
+            else
+                echo -n "."
+            fi
+        done
+    fi
+}
+
+
+for arg in "$@"; do
+    if [[ "$arg" =~ image= ]]; then
+        OS_IMAGE=$(echo "$arg" | grep -oP 'image=[^,]+' | cut -d= -f2 | tr -d "'")
+    fi
+    if [[ "$arg" =~ path= ]]; then
+        OS_PATH=$(echo "$arg" | grep -oP 'path=[^,]+' | cut -d= -f2 | tr -d "'")
+    fi
+done
+
+
+if [[ -n "$OS_IMAGE"  ]]; then
+    if [[ ! -n "$OS_PATH"  ]]; then
+        OS_PATH="{{ trix_images }}/${OS_IMAGE}"
+    fi
+    wait_till_ok "${OS_PATH}"
+    sudo lchroot $OS_IMAGE
+else
+    exec /usr/bin/ssh "$@"
+fi

site/roles/trinity/ood-interactive_apps/templates/osimage/sudoers.j2

@@ -0,0 +1,2 @@
+%{{ood_apps_admin_group}} ALL=(ALL) NOPASSWD: /usr/sbin/lchroot
+%{{ood_apps_admin_group}} ALL=(ALL) NOPASSWD: /bin/rm {{ trix_images }}/*/tmp/lchroot.lock

site/roles/trinity/openldap/tasks/main.yml

@@ -136,8 +136,18 @@
       shell: rsync -raW -AX /etc/openldap/slapd.d/* {{ openldap_server_conf_path|quote }}
       args:
         creates: '{{ openldap_server_conf_path }}/cn=config.ldif'
+      register: openldap_copy
+      ignore_errors: true
       when: primary | default(True)
 
+    - name: Copy default configuration to {{ openldap_server_conf_path }} without xattr
+      shell: rsync -raW /etc/openldap/slapd.d/* {{ openldap_server_conf_path|quote }}
+      args:
+        creates: '{{ openldap_server_conf_path }}/cn=config.ldif'
+      when: 
+        - primary | default(True)
+        - openldap_copy is failed
+
     - name: Delete default configuration
       file:
         path: '/etc/openldap/slapd.d'