[one-users] Including private files in user's contextualization iso

Javier Fontan jfontan at gmail.com
Thu Mar 3 07:02:28 PST 2011


You can modify the tm_context.sh script to add whatever extra files in
the context ISO. After the first weird while statement you have the
list of the files that are going to be in the context iso in STRC
variable. You can modify that SRC variable to add whatever extra files
you want. I think it is better to have the list of the extra archives
in a conf file, you can then modify SRC variable with something like
this:

SRC="$SRC $(cat /some/path/extra.files)"

These scripts are executed as the same user as oned so you can let the
extra files only readable by oneadmin.

On Wed, Mar 2, 2011 at 4:16 PM, Steven Timm <timm at fnal.gov> wrote:
>
> We would like to arrange that a certain system file
> (for example, kerberos 5 host keytab or x509 host certificate and private
> key)  be included in the contextualization iso of the
> user at startup time.
>
> It is of course possible to do this if these files are owned
> and readable by the user, but we would like to set it up
> so that these files are automatically added to all .iso
> images, and do it if possible in such a way that they
> are only readable by a system account such as root or oneadmin,
> and not by the non-privileged user.  Can that be done?
>
> Of course the user will get to see the keytab of his machine
> once he logs into the machine, but we would then supply
> a script to destroy the keytab on shutdown.
>
> Any ideas on what to do here?
>
> Currently we are using a pull script to pull them at boot time via
> ssl-encrypted wget from a central repository, but that requires that there
> be some certificate pre-loaded in the VM with which to encrypt the ssl.
>
> Steve timm
>
>
> --
> ------------------------------------------------------------------
> Steven C. Timm, Ph.D  (630) 840-8525
> timm at fnal.gov  http://home.fnal.gov/~timm/
> Fermilab Computing Division, Scientific Computing Facilities,
> Grid Facilities Department, FermiGrid Services Group, Group Leader.
> Lead of FermiCloud project.
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Javier Fontan, Grid & Virtualization Technology Engineer/Researcher
DSA Research Group: http://dsa-research.org
Globus GridWay Metascheduler: http://www.GridWay.org
OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org



More information about the Users mailing list