Changeset 2534


Ignore:
Timestamp:
07/27/09 23:21:26 (5 years ago)
Author:
anarcat
Message:

add the concept of slaves in alternc core. slaves now have an alternc account that gets created by the alternc-slave package that the master can use to restart apache and bind on the fly

Location:
alternc/trunk
Files:
7 edited
1 copied

Legend:

Unmodified
Added
Removed
  • alternc/trunk/debian/alternc-slave.config

    r2400 r2534  
    149149fi 
    150150 
     151# backward compatbility 
     152db_get alternc-slave/mergelog-key 
     153[ -z "$RET" ] || db_set alternc-slave/master-key "$RET" 
     154 
    151155db_input medium alternc-slave/desktopname || true 
    152156db_input medium alternc-slave/hostingname || true 
     
    165169db_input low alternc-slave/sql/overwrite || true 
    166170db_input low alternc-slave/monitor_ip || true 
    167 db_input low alternc-slave/mergelog-key || true 
     171db_input low alternc-slave/master-key || true 
    168172db_go 
    169173 
  • alternc/trunk/debian/alternc-slave.postinst

    r2424 r2534  
    4343    # ajoute l'user postfix au groupe sasl 
    4444    adduser --quiet postfix sasl 
    45  
    46     db_get "alternc-slave/mergelog-key" 
    47     key="$RET" 
    48     if [ "X$key" != "" ]; then 
    49         echo "Creating alternc-mergelog account" 
    50         adduser --quiet --system --home /var/run/alternc-mergelog --shell /usr/bin/scponly --ingroup adm alternc-mergelog 
    51         if ! grep -q "$key" /var/run/alternc-mergelog/.ssh/authorized_keys ; then 
    52             echo "Authorizing requested key to access alternc-mergelog account" 
    53             mkdir -p /var/run/alternc-mergelog/.ssh 
    54             echo "$key" >> /var/run/alternc-mergelog/.ssh/authorized_keys 
    55             chown -R alternc-mergelog:adm /var/run/alternc-mergelog/.ssh 
    56             chmod -R og-rwx /var/run/alternc-mergelog/.ssh 
    57         fi 
    58     fi 
    5945 
    6046    # corriger les permissions du chroot 
     
    166152    fi 
    167153 
     154    # multi-server configuration 
     155    db_get "alternc-slave/master-key" 
     156    key="$RET" 
     157    if [ "X$key" != "" ]; then 
     158        if grep -q alternc-mergelog /etc/passwd ; then 
     159            echo "Reusing the alternc-mergelog account as a generic alternc account" 
     160            # the uid is ugly. we should request allocation from 
     161            # base-passwd instead 
     162            usermod --quiet --uid 342 --shell /usr/bin/rbash --login alternc alternc-mergelog 
     163            # this is a separate step otherwise usermod will look for 
     164            # files to chown in /var/alternc, which takes a long time 
     165            usermod --quiet --home $ALTERNC_LOC alternc 
     166        fi 
     167        if [ -d /var/run/alternc-mergelog/.ssh ]; then 
     168            echo "Cleaning up old alternc-mergelog home" 
     169            mv /var/run/alternc-mergelog/.ssh $ALTERNC_LOC/.ssh && rmdir /var/run/alternc-mergelog 
     170        fi 
     171        if ! grep -q alternc /etc/passwd ; then 
     172            echo "Creating alternc account" 
     173            # this uid is ugly. we should request allocation from 
     174            # base-password instead 
     175            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /usr/bin/rbash --ingroup adm alternc 
     176        fi 
     177        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then 
     178            echo "Authorizing requested key to access alternc-mergelog account" 
     179            mkdir -p $ALTERNC_LOC/.ssh 
     180            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys 
     181            chown -R alternc:adm $ALTERNC_LOC/.ssh 
     182            chmod -R og-rwx $ALTERNC_LOC/.ssh 
     183        fi 
     184    fi 
     185 
    168186    echo "checking for upgrades" 
    169187    /usr/share/alternc/install/upgrade_check.sh $2 
     
    176194    fi 
    177195 
     196    if ! grep -q '## ALTERNC START' /etc/sudoers; then 
     197        # XXX: this is not proper locking 
     198        if [ -e /etc/sudoers.tmp ]; then 
     199            echo "sudoers file being edited, aborting" 
     200            exit 1 
     201        else 
     202            cp /etc/sudoers /etc/sudoers.tmp 
     203            cat >> /etc/sudoers.tmp <<EOF 
     204## ALTERNC START 
     205## do not change anything between those lines 
     206alternc ALL=NOPASSWD: /usr/sbin/invoke-rc.d apache reload 
     207alternc ALL=NOPASSWD: /usr/sbin/invoke-rc.d apache2 reload 
     208alternc ALL=NOPASSWD: /usr/sbin/rndc reload * 
     209## ALTERNC END 
     210EOF 
     211            mv /etc/sudoers.tmp /etc/sudoers 
     212        fi 
     213    fi 
     214 
    178215    # important: postinst gele sans ca 
    179216    db_stop 
  • alternc/trunk/debian/alternc-slave.templates

    r2402 r2534  
    177177 If you accept all users e-mails will be deleted 
    178178 
    179 Template:alternc-slave/mergelog-key 
     179Template:alternc-slave/master-key 
    180180Type: string 
    181 _Description: SSH key of the mergelog server: 
     181_Description: SSH key of the master server: 
    182182 The slave nodes can be configured to accept connexions from a central 
    183  server (the mergelog server) that will merge the apache logs from all 
    184  the slave servers. 
     183 server (the master server) that will operate various maintenance tasks 
     184 on the slave. This currently includes logfile centralisation and 
     185 service reloading but may be expanded to other domains. 
    185186 . 
    186  To do this, the server needs to have an account created and a public 
    187  key. Enter the public key here and the account will be created. If 
    188  this field is left empty, no account will be created. 
     187 To configure this, the server needs to have an account created and a 
     188 public key. Enter the public key here and the account will be created. 
     189 If this field is left empty, no account will be created. 
  • alternc/trunk/debian/alternc.postinst

    r2500 r2534  
    9797# overwrite existing files when backing up 
    9898SQLBACKUP_OVERWRITE="" 
     99 
     100# known slave servers, empty for none, localhost is special (no ssh) 
     101ALTERNC_SLAVES="" 
    99102EOF 
    100103 
     
    123126    update_var alternc/sql/backup_overwrite SQLBACKUP_OVERWRITE 
    124127    update_var alternc/alternc_location ALTERNC_LOC 
     128    update_var alternc/slaves ALTERNC_SLAVES 
    125129    sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp 
    126130    mv -f $CONFIGFILE.tmp $CONFIGFILE 
     
    152156    fi 
    153157 
     158    # multi-server configuration: we create an alternc account with 
     159    # authorized keys. since this is the master, we do not give him a 
     160    # valid shell, but we still need the user for proper perms 
     161    if [ ! -z "$ALTERNC_SLAVES" && "$ALTERNC_SLAVES" != "localhost" ] ; then 
     162        if ! grep -q alternc /etc/passwd ; then 
     163            echo "Creating alternc account" 
     164            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /bin/false --ingroup adm alternc 
     165        fi 
     166        key=`cat ~root/.ssh/id_dsa.pub` 
     167        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then 
     168            echo "Authorizing root ssh key to access the common alternc account" 
     169            mkdir -p $ALTERNC_LOC/.ssh 
     170            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys 
     171            chown -R alternc:adm $ALTERNC_LOC/.ssh 
     172            chmod -R og-rwx $ALTERNC_LOC/.ssh 
     173        fi 
     174    fi 
     175 
    154176    # /var/alternc/dns/d/www.example.com 
    155177    FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`" 
  • alternc/trunk/debian/rules

    r2435 r2534  
    7575        install tools/get_domains_by_account debian/alternc/usr/bin 
    7676        install tools/get_account_by_domain debian/alternc/usr/bin 
     77    install src/alternc_reload debian/alternc/usr/sbin 
    7778        install -m 644 po/fr/LC_MESSAGES/alternc-admintools.mo debian/alternc/usr/share/locale/fr/LC_MESSAGES/ 
    7879 
  • alternc/trunk/debian/templates

    r2533 r2534  
    176176_Description: Should AlternC remove mailboxes ? 
    177177 If you accept all users e-mails will be deleted 
     178 
     179Template: alternc/slaves 
     180Type: string 
     181_Description: Slave servers 
     182 This is a space-separated list of servers that are "slaves" to the 
     183 master server (this server). When writing apache configuration files, 
     184 the master server will attempt to reload apache on those remote 
     185 servers. The alternc-slave package correctly configures those machines 
     186 to allow login and reload. 
  • alternc/trunk/src/alternc_reload

    r2532 r2534  
    2525# ---------------------------------------------------------------------- 
    2626# Original Author of file: Jerome Moinet for l'Autre Net - 14/12/2000 
    27 # Purpose of file: system level domain management 
     27# Purpose of file: service reloading 
    2828# ---------------------------------------------------------------------- 
    2929# 
     
    3939# 
    4040 
    41 CONFIG_FILE="/etc/alternc/local.sh" 
     41DOMAIN_LOG_FILE="/var/log/alternc/update_domains.log" 
    4242 
    43 DOMAIN_LOG_FILE="/var/log/alternc/update_domains.log" 
    44 DATA_ROOT="/var/alternc" 
    45  
    46 NAMED_TEMPLATE="/etc/bind/templates/named.template" 
    47 ZONE_TEMPLATE="/etc/bind/templates/zone.template" 
    48  
    49 ACTION_INSERT=0 
    50 ACTION_UPDATE=1 
    51 ACTION_DELETE=2 
    52 TYPE_LOCAL=0 
    53 TYPE_URL=1 
    54 TYPE_IP=2 
    55 TYPE_WEBMAIL=3 
    56 YES=1 
    57  
    58 if [ `id -u` -ne 0 ]; then 
    59     echo "update_domains.sh must be launched as root" 
    60     exit 1 
     43if [ `whoami` = 'root' ]; then 
     44    sudo="env" 
     45else 
     46    sudo="sudo" 
    6147fi 
    6248 
    63 if [ ! -x "/usr/bin/get_account_by_domain" ]; then 
    64     echo "Your AlternC installation is incorrect ! If you are using pre 0.9.4, " 
    65     echo "you have to install alternc-admintools: " 
    66     echo "    apt-get update ; apt-get install alternc-admintools" 
    67     exit 1 
    68 fi 
     49RELOAD_ZONES="$*" 
    6950 
    70 if [ ! -r "$CONFIG_FILE" ]; then 
    71     echo "Can't access $CONFIG_FILE." 
    72     exit 1 
    73 fi 
    74  
    75 . "$CONFIG_FILE" 
    76  
    77 if [ -z "$DEFAULT_MX" -o -z "$PUBLIC_IP" ]; then 
    78     echo "Bad configuration. Please use:" 
    79     echo "   dpkg-reconfigure alternc" 
    80     exit 1 
    81 fi 
    82  
    83 if [ -f "$LOCK_FILE" ]; then 
    84     echo "`date` $0: last cron unfinished or stale lock file." | 
    85         tee -a "$DOMAIN_LOG_FILE" >&2 
    86     exit 1 
    87 fi 
    88  
    89 NAMED_CONF_FILE="$DATA_ROOT/bind/automatic.conf" 
    90 ZONES_DIR="$DATA_ROOT/bind/zones" 
    91 APACHECONF_DIR="$DATA_ROOT/apacheconf" 
    92 OVERRIDE_PHP_FILE="$APACHECONF_DIR/override_php.conf" 
    93 WEBMAIL_DIR="$DATA_ROOT/bureau/admin/webmail" 
    94 LOCK_FILE="$DATA_ROOT/bureau/cron.lock" 
    95 HTTP_DNS="$DATA_ROOT/dns" 
    96 HTML_HOME="$DATA_ROOT/html" 
    97  
    98 MYSQL_SELECT="mysql --defaults-file=/etc/alternc/my.cnf -Bs " 
    99 MYSQL_DELETE="mysql --defaults-file=/etc/alternc/my.cnf " 
    100  
    101 ######################################################################## 
    102 # Functions 
    103 # 
    104 . /usr/lib/alternc/functions.sh 
    105  
    106 ######################################################################## 
    107 # Main 
    108 # 
    109  
    110 # Init 
    111  
    112 touch "$LOCK_FILE" 
    113 DOMAINS_TMP_FILE=`mktemp -t alternc.update_domains.XXXXXX` 
    114 HOSTS_TMP_FILE=`mktemp -t alternc.update_domains.XXXXXX` 
    115 RELOAD_ZONES_TMP_FILE=`mktemp -t alternc.update_domains.XXXXXX` 
    116  
    117 cleanup() { 
    118     rm -f "$LOCK_FILE" "$DOMAINS_TMP_FILE" "$HOSTS_TMP_FILE" 
    119     rm -f "$RELOAD_ZONES_TMP_FILE" 
    120     exit 0 
    121 } 
    122  
    123 trap cleanup 0 1 2 15 
    124  
    125 # Query database 
    126  
    127 $MYSQL_SELECT <<EOF | tail -n '+1' > "$DOMAINS_TMP_FILE" 
    128 SELECT membres.login, 
    129        domaines_standby.domaine, 
    130        if (domaines_standby.mx = '', '@', domaines_standby.mx), 
    131        domaines_standby.gesdns, 
    132        domaines_standby.gesmx, 
    133        domaines_standby.action 
    134   FROM domaines_standby 
    135        LEFT JOIN membres membres 
    136                ON membres.uid = domaines_standby.compte 
    137  ORDER BY domaines_standby.action 
    138 EOF 
    139  
    140 $MYSQL_SELECT <<EOF | tail -n '+1' > "$HOSTS_TMP_FILE" 
    141 SELECT membres.login, 
    142        sub_domaines_standby.domaine, 
    143        if (sub_domaines_standby.sub = '', '@', sub_domaines_standby.sub), 
    144        if (sub_domaines_standby.valeur = '', 'NULL', 
    145                                              sub_domaines_standby.valeur), 
    146        sub_domaines_standby.type, 
    147        sub_domaines_standby.action 
    148   FROM sub_domaines_standby 
    149        LEFT JOIN membres membres 
    150                ON membres.uid = sub_domaines_standby.compte 
    151  ORDER BY sub_domaines_standby.action desc 
    152 EOF 
    153  
    154 # Handle domain updates 
    155  
    156 if [ "`wc -l < $DOMAINS_TMP_FILE`" -gt 0 ]; then 
    157     echo `date` >> $DOMAIN_LOG_FILE 
    158     cat "$DOMAINS_TMP_FILE" >> $DOMAIN_LOG_FILE 
    159 fi 
    160  
    161 # We need to tweak the IFS as $MYSQL_SELECT use tabs to separate fields 
    162 OLD_IFS="$IFS" 
    163 IFS="   " 
    164 while read user domain mx are_we_dns are_we_mx action ; do 
    165     IFS="$OLD_IFS"  
    166  
    167     DOMAIN_LETTER=`print_domain_letter "$domain"` 
    168     USER_LETTER=`print_user_letter "$user"` 
    169  
    170     case "$action" in 
    171       $ACTION_INSERT) 
    172         if [ "$are_we_dns" = "$YES" ] ; then 
    173             init_zone "$domain" 
    174         fi 
    175         ;; 
    176  
    177       $ACTION_UPDATE) 
    178         if [ "$are_we_dns" = "$YES" ] ; then 
    179             init_zone "$domain" 
    180             change_mx "$domain" "$mx" 
    181         else 
    182             remove_zone "$domain" 
    183         fi 
    184         ;; 
    185  
    186       $ACTION_DELETE) 
    187         remove_zone "$domain" 
    188  
    189         # remove symlinks 
    190         rm -f "${HTTP_DNS}/${DOMAIN_LETTER}/"*".$domain" 
    191         rm -f "${HTTP_DNS}/${DOMAIN_LETTER}/$domain" 
    192         rm -rf "${HTTP_DNS}/redir/${DOMAIN_LETTER}/"*".$domain" 
    193         rm -rf "${HTTP_DNS}/redir/${DOMAIN_LETTER}/$domain" 
    194         ;; 
    195  
    196       *) 
    197         echo "Unknown action code: $action" >> "$DOMAIN_LOG_FILE" 
    198         ;; 
    199     esac 
    200  
    201     IFS="       " 
    202 done < "$DOMAINS_TMP_FILE" 
    203 IFS="$OLD_IFS" 
    204  
    205 # Handle hosts update 
    206  
    207 if [ "`wc -l < $HOSTS_TMP_FILE`" -gt 0 ] ; then 
    208     echo `date` >> $DOMAIN_LOG_FILE 
    209     cat "$HOSTS_TMP_FILE" >> $DOMAIN_LOG_FILE 
    210 fi 
    211  
    212 OLD_IFS="$IFS" 
    213 IFS="   " 
    214 while read user domain host value type action; do 
    215     IFS="$OLD_IFS" 
    216  
    217     case "$action" in 
    218       $ACTION_UPDATE | $ACTION_INSERT) 
    219         add_host "$domain" "$type" "$host" "$value" "$user" 
    220         ;; 
    221  
    222       $ACTION_DELETE) 
    223         delete_host "$domain" "$host" 
    224         ;; 
    225  
    226       *) 
    227         echo "Unknown action code: $action" >> "$DOMAIN_LOG_FILE" 
    228         ;; 
    229     esac 
    230  
    231     IFS="       " 
    232 done < "$HOSTS_TMP_FILE" 
    233 IFS="$OLD_IFS" 
    234  
    235 # Reload configuration for named and apache 
    236  
    237 RELOAD_ZONES=`cat "$RELOAD_ZONES_TMP_FILE"` 
    23851if [ ! -z "$RELOAD_ZONES" ]; then 
    23952    if [ "$RELOAD_ZONES" = "all" ]; then 
    240         rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE" 
     53        $sudo rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE" 
    24154    else 
    24255        for zone in $RELOAD_ZONES; do 
    243             rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE" 
     56            $sudo rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE" 
    24457        done 
    24558    fi 
    24659    if [ -x /usr/sbin/apache ]; then 
    247         invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE" 
     60        $sudo invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE" 
    24861    fi 
    24962    if [ -x /usr/sbin/apache2 ]; then 
    250         invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE" 
     63        $sudo invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE" 
    25164    fi 
    25265fi 
    253  
    254 # Cleanup 
    255  
    256 echo "DELETE FROM domaines_standby" | $MYSQL_DELETE  
    257 echo "DELETE FROM sub_domaines_standby" | $MYSQL_DELETE  
    258  
    259 # vim: et sw=4 
  • alternc/trunk/src/update_domains.sh

    r2338 r2534  
    8585        tee -a "$DOMAIN_LOG_FILE" >&2 
    8686    exit 1 
     87fi 
     88 
     89# backward compatibility: single-server setup 
     90if [ -z "$ALTERNC_SLAVES" ] ; then 
     91    ALTERNC_SLAVES="localhost" 
    8792fi 
    8893 
     
    236241 
    237242RELOAD_ZONES=`cat "$RELOAD_ZONES_TMP_FILE"` 
    238 if [ ! -z "$RELOAD_ZONES" ]; then 
    239     if [ "$RELOAD_ZONES" = "all" ]; then 
    240         rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE" 
     243 
     244for slave in $ALTERNC_SLAVES; do 
     245    if [ "$slave" = "localhost" ]; then 
     246        alternc_reload $RELOAD_ZONES 
    241247    else 
    242         for zone in $RELOAD_ZONES; do 
    243             rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE" 
    244         done 
     248        ssh alternc@$slave alternc_reload "$RELOAD_ZONES" 
    245249    fi 
    246     if [ -x /usr/sbin/apache ]; then 
    247         invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE" 
    248     fi 
    249     if [ -x /usr/sbin/apache2 ]; then 
    250         invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE" 
    251     fi 
    252 fi 
     250done 
    253251 
    254252# Cleanup 
Note: See TracChangeset for help on using the changeset viewer.