initial commit of file from CVS for smeserver-nfs on Sat Sep 7 19:56:53 AEST 2024

root/etc/e-smith/templates/etc/exports/10exports

@@ -0,0 +1,99 @@
+{
+    use strict;
+    use warnings;
+    use esmith::AccountsDB;
+    use esmith::ConfigDB;
+    use esmith::NetworksDB;
+    use Net::IPv4Addr qw(ipv4_in_network ipv4_parse);
+    use esmith::util::network qw(isValidIP);
+
+    my $ndb = esmith::NetworksDB->open_ro;
+    my $accounts = esmith::AccountsDB->open_ro;
+    my $config   = esmith::ConfigDB->open_ro;
+
+        sub convert_to_cidr
+        {
+            $_ = shift;
+            return "$_/32" unless (m!/!);
+            my ($ip,$bits) = ipv4_parse($_);
+            return "$ip/$bits";
+        }
+
+        my @localAccess = map {
+                convert_to_cidr($_)
+            } $ndb->local_access_spec();
+
+
+    my @ibays = $accounts->ibays;
+
+    foreach my $ibay (@ibays) 
+    {
+        #first we verify if the NFS is enabled for the ibay
+        my $nfsstatus = $ibay->prop("NfsStatus") || "disabled";
+
+        #then we look about the host(s) allowed
+        my $nfsclient       = $ibay->prop("NfsClient") || "";
+        my $nfslocalnetwork = $ibay->prop("NfsLocalNetwork") || "disabled";
+
+        $nfsclient = $nfsclient . ':local' if ($nfslocalnetwork eq 'enabled');
+
+        #Then we retrieve the name of the ebay
+        my $key = $ibay->key;
+
+        #start to count   
+        my $count = '0';
+
+        if (($nfsstatus eq 'enabled')) 
+        {
+            # write the configuration
+            {
+                my @IP = split /[:]/, $nfsclient;
+                foreach my $IP (@IP) 
+                {
+                    #now we look about exports options
+                    my $nfsrw           = $ibay->prop("NfsRW")       || 'ro';
+                    my $nfssync         = $ibay->prop("NfsSync")     || 'sync';
+                    my $wdelay          = $ibay->prop("NfsWdelay")   || 'wdelay';
+                    my $nfssquash       = $ibay->prop("NfsSquash")   || 'root_squash';
+                    my $anonuid         = $ibay->prop("NfsAnonUid")  || '';
+                    my $anongid         = $ibay->prop("NfsAnonGid")  || '';
+                    my $secure          = $ibay->prop("NfsSecure")   || 'secure';
+                    my $hide            = $ibay->prop("NfsHide")     || 'nohide';
+
+                    my $nfs_options = $hide . ',' . $nfssync . ',' . $wdelay;
+          
+                    if  (isValidIP($IP) && (grep { ipv4_in_network($_, $IP) } @localAccess) )    
+                    {
+                        $nfs_options =  $nfs_options . ',' . "anonuid=$anonuid"
+                                        if (($anonuid =~ m/(\d+)/) && ($anonuid !~ m/(\D+)/));
+                        $nfs_options =  $nfs_options . ',' . "anongid=$anongid"
+                                        if (($anongid =~ m/(\d+)/) && ($anongid !~ m/(\D+)/));
+                        $nfs_options = $nfs_options . ',' . $nfsrw;
+                        $nfs_options = $nfs_options . ',' . $nfssquash;
+                        $nfs_options = $nfs_options . ',' . $secure;
+                        $OUT .=  "\n/home/e-smith/files/ibays/$key/files " if ($count == '0');
+                        $OUT .=  " $IP($nfs_options)";
+                        $count++
+                    }
+
+                    if ($IP eq 'local')
+                    {
+                        $nfsrw       = 'ro';
+                        $nfssquash   = 'root_squash';
+                        $secure      = 'secure';
+                        $nfs_options = $nfs_options . ',' . $nfsrw;
+                        $nfs_options = $nfs_options . ',' . $nfssquash;
+                        $nfs_options = $nfs_options . ',' . $secure;
+
+                        foreach my $localAccess (@localAccess)
+                        {
+                            $OUT .=  "\n/home/e-smith/files/ibays/$key/files " if ($count == '0');
+                            $OUT .=  " $localAccess($nfs_options)" if $localAccess !~ '127.0.0.1';
+                            $count++
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

root/etc/e-smith/templates/etc/exports/20CustomRules

@@ -0,0 +1,58 @@
+{
+    use strict;
+    use warnings;
+    use esmith::NetworksDB;
+    use esmith::ConfigDB;
+    use Net::IPv4Addr qw(ipv4_in_network ipv4_parse);
+    use esmith::util::network qw(isValidIP);
+
+    my $DB = esmith::ConfigDB->open_ro or die "can't open Config DB";
+    my $ndb = esmith::NetworksDB->open_ro or die "can't open Network DB";
+
+    sub convert_to_cidr2
+    {
+        $_ = shift;
+        return "$_/32" unless (m!/!);
+        my ($ip,$bits) = ipv4_parse($_);
+        return "$ip/$bits";
+    }
+
+    my @localAccess = map {
+        convert_to_cidr2($_)
+    } $ndb->local_access_spec();
+
+
+    my $rules = $DB->get('nfs-rules') || '';
+    return "\# no custom rules, you are an Angel\n" unless ($rules ne '');
+
+    my %properties = $rules->props;
+
+    $OUT .= "\n";
+    $OUT .= "# Here Your custom rules, we hope that you know what you are doing\n";
+
+    foreach my $properties ( sort keys %properties)
+    {
+        my $values = $DB->get_prop("nfs-rules","$properties");
+        my $IP =  $1 if $values =~/(\d{1,5}\.\d{1,5}\.\d{1,5}\.\d{1,5})/;
+
+        if ($values =~/[\/a-zA-Z0-9_\-]+\s+(\d{1,5}\.\d{1,5}\.\d{1,5}\.\d{1,5}(\(|\/\d{2,2}\())/)
+        {
+            $OUT .= "$values\n" if (isValidIP($IP) && (grep { ipv4_in_network($_, $IP) } @localAccess) );
+            $OUT .= "##This is not an IP : $values\n" if (!isValidIP($IP));
+            $OUT .= "##Your IP is not in any Local Networks : $values\n" if (isValidIP($IP) 
+                                                    && (!grep { ipv4_in_network($_, $IP) } @localAccess));
+        }
+        elsif ($values =~/(\/+)\s+(\d{1,5}\.\d{1,5}\.\d{1,5}\.\d{1,5})/)
+        {
+            $OUT .= "##Give a full path, '/' is not accepted : $values\n";
+        }
+        elsif ($values =~/[\/a-zA-Z0-9_\-]+\s+\*/)
+        {
+            $OUT .= "##Wild Card * not accepted: $values\n";
+        }
+        elsif ($values =~/[\/a-zA-Z0-9_\-]+\s+(\d{1,5}\.\d{1,5}\.\d{1,5}\.\d{1,5})(\s+|\/\d{2,2}\s+)/)
+        {
+            $OUT .="##No spaces between IP and nfs rules : $values\n";
+        }
+    }
+}

root/etc/e-smith/templates/etc/hosts.allow/lockd

@@ -0,0 +1,3 @@
+{
+    $DB->hosts_allow_spec('nfslock', 'lockd');
+}

root/etc/e-smith/templates/etc/hosts.allow/mountd

@@ -0,0 +1,3 @@
+{
+    $DB->hosts_allow_spec('nfs', 'mountd');
+}

root/etc/e-smith/templates/etc/hosts.allow/rpcbind

@@ -0,0 +1,3 @@
+{
+    $DB->hosts_allow_spec('rpcbind', 'rpcbind');
+}

root/etc/e-smith/templates/etc/hosts.allow/rquotad

@@ -0,0 +1,3 @@
+{
+    $DB->hosts_allow_spec('nfs', 'rquotad');
+}

root/etc/e-smith/templates/etc/hosts.allow/statd

@@ -0,0 +1,3 @@
+{
+    $DB->hosts_allow_spec('nfslock', 'statd');
+}

root/etc/e-smith/templates/etc/sysconfig/nfs/lockdPort

@@ -0,0 +1,2 @@
+LOCKD_TCPPORT={ $nfslock{lockdPort} }
+LOCKD_UDPPORT={ $nfslock{lockdPort} }

root/etc/e-smith/templates/etc/sysconfig/nfs/mountdPort

@@ -0,0 +1 @@
+MOUNTD_PORT={ $nfs{mountdPort} }

root/etc/e-smith/templates/etc/sysconfig/nfs/rquotadPort

@@ -0,0 +1 @@
+RQUOTAD_PORT={ $nfs{rquotadPort} }

root/etc/e-smith/templates/etc/sysconfig/nfs/statdPort

@@ -0,0 +1,2 @@
+STATD_PORT={ $nfslock{statdPort} }
+STATD_OUTGOING_PORT={ $nfslock{statdOutgoingPort} }

root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/80-nfs.preset

@@ -0,0 +1,12 @@
+#nfs specific
+{
+$status = $nfslock{status} || 'disabled';
+$status = ($status eq "enabled") ? "enable" : "disable";
+$OUT .= "$status                rpc-statd.service\n";
+
+$status = $nfs{status} || 'disabled';
+$status = ($status eq "enabled") ? "enable" : "disable";
+$OUT .= "$status                nfs-server.service\n";
+
+}
+