Don't kill other ntpd instances.

Signed-off-by: Adam Wujek <dev_public@wujek.eu>

Signed-off-by: Adam Wujek <dev_public@wujek.eu>

Maciej Lipinski authored 4 years ago and Grzegorz Daniluk committed 4 years ago

Some deamons/etc that log messages to syslog do not specify facility.level
in their messages. The logger is configured to parse the message looking
for facility.level (option: --prio-prefix). If the message does not include
If no facility.priority is specified, the logger will use the one specified
after -p, this is now provided. For example, PPSi does not specify
facility.priority in messages (hopefully, this will change), without
"-p daemon.info", it was reported as user.info. If user wishes to,
he/she can override. This is the default config

This reverts commit 9c8412e3.

S59leap_seconds_file_update is already there to call the script at boot
time.

Setting the options to force dot-config/IP over DHCP can
be dangerous. Until now, the switch would wait endlessly
in an infinite loop.

This commit introduces a way to escape the loop. This can
be done by connecting to the back UART and pressing any
key.

As monit process is started after other processes, it does not take into
account  the 'unmonitor' messages sent from start scripts (ldap.sh,
...). This generates error messages at startup.

To avoid that, the configuration of monit is set now dynamically in the
apply_dotconfig script. All disabled processes are then removed from the
configuration to avoid errors due to process start order.
Also the first monitoring cycle is postponed by 30s at startup.

If dot-config is read remotly using DHCP for the URL, the host name in
the URL is not well substitute.
The fix forces the update of "hostname" when the script
dhcp_get_filename.sh is called.

When the configuration indicates that the network is  forced to use the
DHCP service for its setup (CONFIG_ETH0_DHCP=y), the script waits
forever the availability of the DHCP service.

In the other cases, the behavior remains unchanged.

When the dot-config file is read at startup using the DHCP service to
get the server IP address, the script waits forever the availability of
DHCP service in the following case :
- CONFIG_DOTCONF_SOURCE_FORCE_DHCP=y AND CONFIG_ETH0_DHCP=y

CONFIG_ETH0_DHCP: Set to indicate that the network is forced to use DHCP
for its setup.

In the other cases, the behavior stay unchanged.

Some scripts write to files to pass information to SNMP.
To avoid read access failure from SNMP, the previous file is copied to a
.old file then the new one is created.

The update is related to the new feature introduced in Kconfig for the
logging of messages (default_syslog)

The system clock monitor measures the offset between the local time and
the NTP time. If this offset exceed a given threshold an alarm will be
raised .

Another option is added in Kconfig that applies to all the deamons
that provide <facility*8+priority> in their messages. If logging
in Kconfig is set to "default_syslog", the logger is run with
the option --prio-prefix. With this option, the facility/priority
from message is used. All the other otions for "Logint directions.."
are left unchnaged.

Jean-Claude BAU authored 5 years ago and Maciej Lipinski committed 5 years ago

- Add a new tool (wrs_leapsec) to check for an incoming leap second. It
is done by parsing the leap second file. If a leap second is detected
then adjustment parameters for the clock algoritm are set in the kernel.
- Start the tool at startup
- With cron, execute the tool every 3 hours
- As many tools need to parse the leap seconds file, functions have been
added in the library and then called by these tools

Jean-Claude BAU authored 5 years ago and Maciej Lipinski committed 5 years ago

- Install cron
- New leap_seconds_file_update script. Launched at startup and then 1
time per day by cron
- Kconfig update to setup from where the file should be downloaded

Jean-Claude BAU authored 5 years ago and Maciej Lipinski committed 5 years ago

The -n option in the wr_date tool is used for a dry run. It execute the
code without applying changes in the system and the hardware.
However calling "wr_date -n set host" was not setting the date but
applying the TAI offset. To make things more consistant, a new option
has been added. Calling "wr_date set host tai" now sets only the TAI
offset.
The wr_date script has been changed to take into account this
modification of the behavior.

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

If the build or image is broken and sdb-read is missing don't try to
overwrite hwinfo

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Forward messages from scripts running before syslog is available
to the kernel log. Before these messages were printed only to the
console.

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Init scripts start logger that prints output of deamons into syslogs.
This logger is run with -p to attach tag. This tag is interpreted
as the process that produces the following message. In the many init
scripts this tag was set to wr-switch, incorrectly. This commit
corrects it to include the name of the daemon.

Since nss-pam-ldapd 0.8.4 the uniqueMember attribute was replaced by
using the member attribute by default. This means that you should use

map group member sAMAccountName

https://lists.arthurdejong.org/nss-pam-ldapd-users/2017/msg00012.html



Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

dropbear was replaced, because it does not support correctly LDAP+kerberos.

It was almost working. With LDAP+Kerberos over PAM dropbear was prompting once
more for a password when the correct was given.

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

It is assumed that authorization is done via LDAP

No need to give extra password when using sudo

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

otherwise openssh complains at the root login

Signed-off-by: Adam Wujek <adam.wujek@cern.ch>