-
Notifications
You must be signed in to change notification settings - Fork 0
Scripts: Custom Commands
mount -o remount,rw /license
rm /license/dsa/licenses/*.lic
mount -o remount,ro /license
system -> firmware customization -> custom commands -> base-> initialization:
cat <<"EOF" > /etc/NetworkManager/dispatcher.d/99-wlan
#!/bin/bash
if [ "$1" = "eth0" -o "$1" = "eth1" ]; then
case "$2" in
up)
nmcli radio wifi off
;;
down)
nmcli radio wifi on
;;
esac
fi
EOF
chmod +x /etc/NetworkManager/dispatcher.d/99-wlan
system -> firmware customization -> custom commands -> base-> initialization:
cat <<"EOF" > /etc/NetworkManager/dispatcher.d/99-wlan
#!/bin/bash
if [ "$1" = "eth0" -o "$1" = "eth1" ]; then
case "$2" in
up)
nmcli nm wifi off
;;
down)
nmcli nm wifi on
;;
esac
fi
EOF
chmod +x /etc/NetworkManager/dispatcher.d/99-wlan
system -> firmware customization -> custom commands -> network -> network initialization:
sleep 10
#SET Variables
CONFIG="/config/bin/icaconfig"
#Command for Set the param
SET=setparam
#Command for Config Reload
SETUP=killwait_postsetupd
#What param should be filled
CONFIG1=ica.pnlogin.desktop_folder_farm
#Param Value
VAL1=true
#Starting script
#add everthing together
$SET $CONFIG1 $VAL1
$SETUP
$CONFIG
#Put this line to custom commands, DNS Ready
sed -i 's/ SANAME=`get network.scepclient.cert${INST}.subjectaltname` /SANAME="`hostname`@domain.local"/'
/usr/sbin/scep_mkrequest
LX V10 (Please Note: This can be done in IGEL Setup and UMS from IGEL Linux Firmware 10.03.500 and above)
put under Firmware Customization -> Custom Commands -> Desktop -> Final Desktop Command, following commands
XDG_RUNTIME_DIR=/run/user/777 su -c "pacmd set-card-profile 0 output:hdmi-stereo" user;
XDG_RUNTIME_DIR=/run/user/777 su -c "pacmd set-card-profile 1 off" user;
amixer -D pulse sset Master 100%
This line is for UD3-LX 50. It greps the available sink for HDMI sound and sets the default sink to it.
su user -c 'pacmd set-default-sink "$(pacmd list-sinks | grep hdmi | grep name: | grep -o -P "(?<=<).*(?=>)")"'
This line is for UD6-LX 51. It sets the card profile to HDMI because there is no additinal sink for it.
su user -c "pacmd set-card-profile 0 output:hdmi-stereo-extra1"
This line is for UD5-LX 40 which has also a different sound profile for HDMI.
su user -c "pacmd set-card-profile 0 output:hdmi-stereo"
As of 2018-07-23 it is not possible to update IGEL devices via IGEL Cloud Gateway. There are other alternatives like AWS or self hosted update server, but they might be oversizes if there is only a small number of Home-Office users. Therefor I was ask to create a "idiot proven way" to update IGEL devices via a USB-Storage devices. The idea is to plug a USB medium into the device and run the update "hassle-free" without needing the user to configure the local update path.
- It will only work on IGEL Linux 10, because it relies on Systemd which is not available in IGEL Linux 5.
- The firmware version from IGEL's download server myigel.biz must be saved extracted on the USB-Storage device.
- USB Storage Hotplug must be set to 1 or more (Parameter: devices.hotplug.usb-storage.numdevices 1)
- Firmware update source must not be configured via UMS profile or Universal Firmware Update.
- The script will search for any IGEL LX or UDC3 Firmware Version but always use the first one found. If there is more then on Firmware version on the USB-Storage device you might end up with the wrong firmware.
- The script does not check if it is run on a LX or UDC3 device. Therefor it might end up trying to install e.g. a UDC3 firmware on a LX device. This is not harmful for the device, but the update will obviously fail.
- The script will not check if the firmware update files on the USB-Storage device are equal or later to the current installed firmware. It will always prompt the update message. The IGEL admin is responsible to provide the correct update files.
Put under Firmware Customization -> Custom Commands -> Desktop -> Final Desktop Command, following commands
cat <<"EOF" > /etc/systemd/system/automatic-update-file.service
[Unit]
Description=automatic-update-file
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/tmp/automatic-update-file
[Install]
WantedBy=multi-user.target
EOF
systemctl enable automatic-update-file.service
cat <<"EOF" > /etc/udev/rules.d/automatic-update-file.rules
ACTION=="add", KERNEL=="sd*", SUBSYSTEMS=="scsi", ENV{SYSTEMD_WANTS}="automatic-update-file.service"
EOF
cat <<"EOF" > /tmp/automatic-update-file
#!/bin/bash
sleep 1
FILESOURCE=$(find /media \( -iname "lxiv.inf" -o -iname "osiv.inf" -o -iname "lxos.inf" \) -printf '%h\n' | head -1)
#Logging action
ACTION="automatic-update-file_${1}"
#output to systemlog with ID amd tag
LOGGER="logger -it ${ACTION}"
#Starting script
echo "Starting" | $LOGGER
echo $FILESOURCE | $LOGGER
if [ -n "$FILESOURCE" ]
then
echo "IGEL Firmware files found at" $FILESOURCE | $LOGGER
setparam update.protocol file
setparam update.file.path $FILESOURCE
killall setupd
sleep 1
export XAUTHORITY=/var/run/lightdm/root/:0
source /etc/igel/update/automatic-run
else
echo "No IGEL Firmware found" | $LOGGER
exit 1
fi
EOF
chmod +x /tmp/automatic-update-file
Providing easy access to some device information so the user can read them out to a support admin (similar to BG Info)
- User must be able to run the script. A custom Application is the most convenient way to archive this.
- Create a new custom Application in System -> Firmware Customization -> Custom Application, name it e.g. "TC Info"
- In TC Info -> Settings put in:
Icon Name:
/usr/share/icons/IGEL-Basic/categories/64/igel-network.pngCommand:/tmp/tcinfo
Put under Firmware Customization -> Custom Commands -> Desktop -> Final Desktop Command, following commands
cat <<"EOF" > /tmp/tcinfo
#!/bin/bash
notify-send-message -t 20000 -i /usr/share/icons/Mint-X/apps/32/network-settings.png \
"Hostname: $(echo $HOSTNAME)" \
"IP: $(getmyip)"
MAC: $(cat /sys/class/net/eth0/address)
VERSION: $(cat /etc/firmware)"
EOF
chmod +x /tmp/tcinfo
cat <<"EOF" > /tmp/tcinfo
#!/bin/bash
notify-send-message -t 20000 -i /usr/share/icons/IGEL-Basic/categories/64/igel-network.png \
"Hostname: $(cat /etc/hostname)" \
"IP: $('getmyip')"
EOF
chmod +x /tmp/tcinfo
In 24 hours on 7 days environments it could get challenging to find the right time to perform Firmware updates. Therefor I was ask to write an script which performs an firmware update if no Citrix or Vmware session is active and.
- Written and tested for IGEL LX10, but I see no reason why it should not work an LX5.
- Firmware version must be assigned through UMS prior to running the script.
- The specific example will run the script every Tuesday starting at 1:00 PM. To reschedule change the first line of the script. Use Systemd Timer expressions
- After the first run, the script will check if a Citrix or Vmware Session is present if this is the case it will retire. In this example it will retire 9 times and wait 30min between every try. Retries and wait time can be configured accordingly.
Put under Firmware Customization -> Custom Commands -> Desktop -> Final Desktop Command, following commands I came up with to different version for slightly different use cases.
The first version is more complex. It will compare the current installed firmware version with the new assigned version and perform the update imminently.
systemd-run --unit="update-script" --on-calendar="Tue *-*-* 01:00:00" /wfs/updatescript
cat <<"EOF" > /wfs/updatescript
#!/bin/bash
RETRIES=9 #Here you can change how many update retries the script will do.
WAIT=30m #Here you can change how long the script will wait after every retry. Please add the suffix 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
#Logging action
ACTION="update-script_${1}"
#output to systemlog with ID amd tag
LOGGER="logger -it ${ACTION}"
#Starting update script
echo "Starting" | $LOGGER
#start retry loop
until [ $RETRIES -lt 0 ]; do
#check if session is active
if ! pgrep -x "vmware-remotemk" > /dev/null && ! pgrep -x "wfica" > /dev/null
then
echo "No active session detected, checking for new firmware version" | $LOGGER
#get latest settings from UMS
get_rmsettings_boot
#Get current firmware version
CURRENT=$(cat /etc/os-release | grep VERSION= | egrep -o "([0-9]{1,}\.)+[0-9]{1,}");
echo "Current firmware is" $CURRENT | $LOGGER
#Get assigned firmware version
NEW=$(cat /wfs/group.ini | grep IGEL_Universal_Desktop | egrep -o "([0-9]{1,}\.)+[0-9]{1,}")
echo "New firmware version is" $NEW | $LOGGER
#Compare firmware version
if [ $CURRENT != $NEW ]
then
echo "Current firmware is not equal to new firmware, starting update to version" $NEW | $LOGGER
#If current firmware is not equal to new firmware, start update process
update
#Exit the loop after the update
echo "Update done, exiting" | $LOGGER
exit 1
else
echo "Current firmware is equal to new firmware, exiting" | $LOGGER
exit 1
fi
else
echo "Active session detected, waiting" $WAIT "Retries left =" $RETRIES | $LOGGER
let RETRIES-=1
sleep $WAIT
fi
done
EOF
chmod +x /wfs/updatescript
The second version will not compare firmware version. It will only reboot the device and relies on supported IGEL features. The idea is to use the "Automatic Update Check on Boot" option to check for firmware updates this option is available for http/s and ftp/s update sources through System -> Update -> Firmware Update.
systemd-run --unit="update-script" --on-calendar="Tue *-*-* 01:00:00" /wfs/updatescript
cat <<"EOF" > /wfs/updatescript
#!/bin/bash
RETRIES=9 #Here you can change how many update retries the script will do.
WAIT=30m #Here you can change how long the script will wait after every retry. Please add the suffix 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
#Logging action
ACTION="update-script_${1}"
#output to systemlog with ID amd tag
LOGGER="logger -it ${ACTION}"
#Starting update script
echo "Starting" | $LOGGER
#start retry loop
until [ $RETRIES -lt 0 ]; do
#check if session is active
if ! pgrep -x "vmware-remotemk" > /dev/null && ! pgrep -x "wfica" > /dev/null
then
echo "No active session detected, starting firmware update" | $LOGGER
#get latest settings from UMS
get_rmsettings_boot
reboot
else
echo "Active session detected, waiting" $WAIT "Retries left =" $RETRIES | $LOGGER
let RETRIES-=1
sleep $WAIT
fi
done
EOF
chmod +x /wfs/updatescript
This will speed up the process of logging off and re-providing the login window.
system -> firmware customization -> custom commands -> post session:
Under "Sesstion type" choose "Citrix" or "Citrix via Browser" and under "Post session command" go for "Enter custom command here" and type:
/config/sessions/pnlogoff0; sleep 1; /config/sessions/pnlogin0
Enables automatic enrollment for IGEL endpoints connected to ICG. Also useful if the root certificate for ICG must be exchanged, because changing the root certificate will lose the trust between endpoints and ICG. In that case all endpoints must be register again to be able to connect.
- Written for IGEL OS11. Tested on OS11 and OS10.
- A Firmware version which includes the tool /sbin/icg-config. It should be included in all OS10 version, but was absent in the beginning of OS11. It was reintroduced in 11.03.500. It is possible to extract the tool from the current version and add it to an older version via UMS file transfer. The needed files are /sbin/icg-config and a helper library /usr/lib/x86_64-linux-gnu/libwebsockets.so.
- To make it useful in case of an root certificate exchange, it must be placed on the endpoints before the current certificate expires or the UMS must be able to reach the devices via other means e.g. a VPN connection.
- The ICG single/mass deployment key can be saved encrypted in the profile. In local terminal on IGEL OS the encrypt command is
setcryptparam system.environment_variables.fixvariable0.value MYSECRETKEY. Then to read out the crypted key:get system.environment_variables.fixvariable0.value. - The script needs some global variables to be present in System -> Firmware Customization -> Environment Variables -> Predefined (case sensitive):
- KEY = Encrypted ICG single or multi pass key.
- ICGADDRESS = ICG address to connect to.
- STRUCTURETAG = New structure tag. If the script was successful it will be visible in the UMS console.
- RETRIES = How often should the script retire if ICGADDRESS is not reachable.
- WAIT = How long should the script wait in-between RETRIES. E.g. 30s for seconds, 30m for minutes, 30h for hours, 30d for days. Please find a ready to use UMS Profile here: CC-AutomaticICGRegistration.zip
Put under Firmware Customization -> Custom Commands -> Network -> Final Network Command:
cat <<"EOF" > /tmp/icg-autoregister
#!/bin/bash
DECRYPTKEY=$(getcrypt system.environment_variables.fixvariable0.value)
RUNONCE=$(get system.remotemanager.ums_structure_tag)
ONLINECHECK=$(probeport $ICGADDRESS 8443)
#Logging action
ACTION="icg-autoregister_${1}"
#output to systemlog with ID amd tag
LOGGER="logger -it ${ACTION}"
#Starting script
echo "Starting" | $LOGGER
#start retry loop
until [ $RETRIES -lt 0 ]; do
if [ "$ONLINECHECK" == "Connection successful" ]; then
echo "ICG reachable, checking Structure Tag" | $LOGGER
if [ "$RUNONCE" != "$STRUCTURETAG" ]; then
echo "Structure Tag does not metch, starting ICG registration" | $LOGGER
REGISTER=$(/sbin/icg-config -s $ICGADDRESS -o $DECRYPTKEY 2>&1)
if [ -n "$REGISTER" ]; then
echo "ICG registration failed with message: $REGISTER" | $LOGGER
else
echo "ICG registration succsessful, changing Structure Tag" | $LOGGER
setparam system.remotemanager.ums_structure_tag $STRUCTURETAG 2>&1 | $LOGGER
write_rmsettings 2>&1 | $LOGGER
# reboot
fi
else
echo "Structure Tag already up to date (abort)" | $LOGGER
fi
exit 1
else
echo "ICG at $ICGADDRESS not reachable, waiting" $WAIT "Retries left =" $RETRIES | $LOGGER
let RETRIES-=1
sleep $WAIT
fi
done
EOF
chmod +x /tmp/icg-autoregister
/tmp/icg-autoregister &