Commit f38c607c authored by Antoine Rozenknop's avatar Antoine Rozenknop
Browse files

bugfix: vnc password was not required with lightdm image

parent c69df5e2
......@@ -448,6 +448,15 @@ Cette commande devrait déposer tous les fichiers nécessaires dans `/var/www/ht
### Taches programmées <a name="CRON"></a>
#### Script de lancement, de surveillance et d'arrêt des conteneurs
Le lancement et l'arrêt des conteneurs est effectué par le script `session_manager.sh`. On peut configurer l'image de base des conteneurs en modifiant la variable
IMAGE_VERSION au début de ce script. Par défaut, actuellement, elle pointe vers l'image `mariotel:0.65`.
Une version de ce script existe pour `podman` en remplacement de `docker` : `session_manager-podman.sh`.
#### Lancement programmé
Pour le lancement automatisé des sessions programmées de Mariotel, nous utilisons `cron`.
Il faut ajouter la ligne suivante dans la `crontab` de `root`, avec `crontab -e` en tant que `root` ou dans un des fichiers système, comme `/etc/crontab`.
......
......@@ -208,13 +208,13 @@ run apt -y install tigervnc-standalone-server xterm
#
# mot de passe par défaut de vnc : toor
run mkdir -p /root/.vnc && echo toor | vncpasswd -f > /root/.vnc/passwd
run mkdir -p /.vnc && echo toor | vncpasswd -f > /.vnc/passwd && chmod -R a=u /.vnc
run echo "\
[Unit]\n\
Description=XVNC Per-Connection Daemon\n\
[Service]\n\
ExecStart=-/usr/bin/Xvnc -rfbauth /root/.vnc/passwd -inetd -query localhost -geometry 1920x1080 -once -MaxIdleTime 900 -SecurityTypes=None -depth 24 :1 +extension Composite\n\
ExecStart=-/usr/bin/Xvnc -rfbauth /.vnc/passwd -inetd -query localhost -geometry 1920x1080 -once -MaxIdleTime 900 -SecurityTypes=VncAuth -depth 24 :1 +extension Composite\n\
User=nobody\n\
StandardInput=socket\n\
StandardError=journal\n\
......
......@@ -84,10 +84,6 @@ if [[ $1 =~ -h|--help ]]; then help; exit 0; fi
export `xargs --null --max-args=1 echo < /proc/1/environ`
# Set HOME according to the user:
if [[ $USER = root ]]; then HOME=/root; else HOME=/home/$USER; fi
# ---
# The relevant log file for Mariotel:
mkdir -p "$STARTUPDIR"
......@@ -134,6 +130,11 @@ fi
### Issue #7: Fixing problems with foreground mode
### (compensates the last 'WORKDIR ${STARTUPDIR}' in Dockerfile)
if [[ $(whoami) == "root" ]]
then
export HOME=/
fi
cd "$HOME"
#-------------------------#
......@@ -304,10 +305,15 @@ if [[ "${VNC_VIEW_ONLY}" == "true" ]]; then
echo "Start VNC server in view only mode"
### create random pw to prevent access
echo $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20) | vncpasswd -f > "${PASSWD_PATH}"
echo "${VNC_PW}" | vncpasswd -f >> "${PASSWD_PATH}"
else
echo "${VNC_PW}" | vncpasswd -f > "${PASSWD_PATH}"
fi
echo "${VNC_PW}" | vncpasswd -f >> "${PASSWD_PATH}"
chmod 600 "${PASSWD_PATH}"
# if this script is launched by systemd, then Xvnc is launched by systemd as nobody user
# Give access to every one to the password file
if [[ $(whoami) == "root" ]] ; then chmod -R a=u $HOME/.vnc; fi
#-------------------------#
# VNC start #
......
......@@ -79,10 +79,11 @@ function test_memory_and_swap_limits_support {
}
function test_xfs_quota_support {
local DOCKER_ROOT_DIR=$(podman info | grep graphRoot | awk '{print $2}')
# ---
grep "$(df $DOCKER_ROOT_DIR -t xfs --output='source' 2>/dev/null | tail -n 1)" /proc/mounts | grep -w -q 'usrquota,prjquota'
# ---
true
# local DOCKER_ROOT_DIR=$(podman info | grep graphRoot | awk '{print $2}')
# # ---
# grep "$(df $DOCKER_ROOT_DIR -t xfs --output='source' 2>/dev/null | tail -n 1)" /proc/mounts | grep -w -q 'usrquota,prjquota'
# # ---
}
# Am I the only instance that runs?
......@@ -117,9 +118,9 @@ OPTION_SHM='--tmpfs /dev/shm:rw,nosuid,nodev,exec,size=320M'
unset OPTION_MEMORY_LIMITS
test_memory_and_swap_limits_support && OPTION_MEMORY_LIMITS='--memory="1g" --memory-swap="3g"'
# 1G disk space available per container (if supported):
# 10G disk space available per container (if supported):
unset OPTION_DISK_LIMITS
test_xfs_quota_support && OPTION_DISK_LIMITS='--storage-opt size=1G'
test_xfs_quota_support && OPTION_DISK_LIMITS='--storage-opt size=10G'
# No more than 4 cores for a container:
OPTION_CPU_LIMITS='--cpus="4.0"'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment