Peter Souter's questions

我正在尝试更新一些在 RHEL 机器上禁用 CAD 的 Puppet 清单。

现在我正在 systemd 上以最高级的方式进行操作：屏蔽（即链接到 /dev/null）

$ctrlaltdel_process = '/usr/bin/logger -p security.info "Control-Alt-Delete pressed"'

  # Every version of RHEL has a different way of doing this! :)
  case $::operatingsystemmajrelease {
    '4','5': {
      augeas { 'disable-inittab-ctrlaltdel':
        context => '/files/etc/inittab',
        lens    => 'inittab.lns',
        incl    => '/etc/inittab',
        changes => "set *[action = 'ctrlaltdel']/process '${ctrlaltdelprocess}'",
      }
    }
    '6': {
      file { '/etc/init/control-alt-delete.conf':
        ensure  => file,
        content => $ctrlaltdel_process,
      }
    }
    '7': {
      file { '/etc/systemd/system/ctrl-alt-del.target':
        ensure => 'link',
        target => '/dev/null',
      }
    }
    default: {
      fail("Module ${module_name} is not supported on this ${::operatingsystemmajrelease}")
    }
  }

正如你所看到的，在其他系统上，我实际上正在编写一个安全日志，说明 CAD 被按下，但我不会在 systemd 机器上得到这个。

我喜欢在日志中实际设置陷阱的想法，这样我们就可以追踪人们是否正在这样做。

有人可以给我一个 ctrl+alt+delete 的示例 systemd 配置文件，它会做同样的事情吗？

我开始使用 RHEL7 并了解一些 systemd 带来的变化。

有没有办法/sbin/service iptables save在firewalld中执行？

$ /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

我可以从文档中找到的最接近的平行是--reload：

Reload the firewall without loosing state information:
$ firewall-cmd --reload

但它没有明确说明它是否在储蓄。

我有一个看起来像这样的 FreeBSD Vagrant 盒子：

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.box = "chef/freebsd-10.0"

  config.vm.network "private_network", ip: "10.0.1.10"
  config.vm.synced_folder '.', '/vagrant', :nfs => true, id: "vagrant-root"

end

但是，如果它尝试在名称过长的目录路径中运行，则会失败：

==> default: Mounting NFS shared folders...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

mount -t nfs '10.0.1.1:/Users/petersouter/projects/reallylongpathnameover88characterssothatmountfswillfail12345678910111213141516' '/vagrant'

Stdout from the command:



Stderr from the command:

mount_nfs: 10.0.1.1:/Users/petersouter/projects/reallylongpathnameover88characterssothatmountfswillfail12345678910111213141516: File name too long

除了将目录复制到名称较短的目录之外，还有其他方法可以解决此问题吗？我可以更新 FreeBSD 的东西，使它可以接受更大的文件名吗？

我有一套针对 docker 主机运行的烧杯测试。

我不知道 docker 如何处理交换文件的复杂性，但它似乎不喜欢它。

Puppet 代码如下所示：

exec { 'Create swap file':
  command => "/bin/dd if=/dev/zero of=${swapfile} bs=1M count=${swapfilesize_mb}",
  creates => $swapfile,
}
exec { 'Attach swap file':
  command => "/sbin/mkswap ${swapfile} && /sbin/swapon ${swapfile}",
  require => Exec['Create swap file'],
  unless  => "/sbin/swapon -s | grep ${swapfile}",
}
if $add_mount {
  mount { 'swap':
    ensure  => present,
    fstype  => swap,
    device  => $swapfile,
    dump    => 0,
    pass    => 0,
    require => Exec['Attach swap file'],
  }
}

错误信息如下：

Info: Loading facts
Notice: Compiled catalog for centos-6-x64 in environment production in 0.22 seconds
Info: Applying configuration version '1411345072'
Notice: /Stage[main]/Swap_file/Exec[Create swap file]/returns: executed successfully
Notice: /Stage[main]/Swap_file/Exec[Attach swap file]/returns: mkswap: /tmp/swapfile: warning: don't erase bootbits sectors
Notice: /Stage[main]/Swap_file/Exec[Attach swap file]/returns:         on whole disk. Use -f to force.
Notice: /Stage[main]/Swap_file/Exec[Attach swap file]/returns: Setting up swapspace version 1, size = 5116 KiB
Notice: /Stage[main]/Swap_file/Exec[Attach swap file]/returns: no label, UUID=ceb75f7d-ae8b-4781-bd1b-4123bec9bcf1
Notice: /Stage[main]/Swap_file/Exec[Attach swap file]/returns: swapon: /tmp/swapfile: swapon failed: Input/output error
Error: /sbin/mkswap /tmp/swapfile && /sbin/swapon /tmp/swapfile returned 255 instead of one of [0]
Error: /Stage[main]/Swap_file/Exec[Attach swap file]/returns: change from notrun to 0 failed: /sbin/mkswap /tmp/swapfile && /sbin/swapon /tmp/swapfile returned 255 instead of one of [0]
Notice: /Stage[main]/Swap_file/Mount[swap]: Dependency Exec[Attach swap file] has failures: true
Warning: /Stage[main]/Swap_file/Mount[swap]: Skipping because of failed dependencies
Notice: Finished catalog run in 0.26 seconds

所以基本上，我如何设置一个 docker 容器到我可以运行swapon而不会出错的地方？