-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathatomic-install
47 lines (39 loc) · 1.54 KB
/
atomic-install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/sh -eu
# This is the install script for cockpit-ws when run in a privileged container
# We expect that cockpit-bridge and related stuff is already in the host.
#
# The host file system must be mounted at /host
cd /
PATH="/bin:/sbin"
if [ ! -d /host/etc -o ! -d /host/proc -o ! -d /host/var/run ]; then
echo "cockpit-run: host file system is not mounted at /host" >&2
exit 1
fi
if [ ! -f /host/usr/bin/cockpit-bridge ]; then
echo "cockpit-run: cockpit-bridge must be installed in the host" >&2
exit 1
fi
if [ ! -d /host/usr/share/cockpit ]; then
echo "cockpit-run: cockpit-shell and other resources must be installed in the host" >&2
exit 1
fi
if [ -f /host/usr/libexec/cockpit-ws ]; then
echo "cockpit-ws must not be installed in the host" >&2
exit 1
fi
set -x
# Copy the cockpit pam file into the host, since the PAM stack is gonna run
# on the host with host PAM modules, and the host files, such as /etc/shadow
# However we must ensure that it doesn't have selinux stuff ... because well,
# containers and SELinux don't mix (yet?)
sed -e '/pam_selinux/d' -e '/pam_sepermit/d' /etc/pam.d/cockpit > /host/etc/pam.d/cockpit
# Make sure that we have required directories in the host
mkdir -p /host/etc/cockpit/ws-certs.d
chmod 755 /host/etc/cockpit/ws-certs.d
chown root:root /host/etc/cockpit/ws-certs.d
mkdir -p /host/var/lib/cockpit
chmod 775 /host/var/lib/cockpit
chown root:wheel /host/var/lib/cockpit
# Ensure we have certificates
/bin/mount --bind /host/etc/cockpit /etc/cockpit
/usr/sbin/remotectl certificate --ensure