Changeset 2534

Timestamp:

07/27/09 23:21:26 (4 years ago)

Author:

anarcat

Message:

add the concept of slaves in alternc core. slaves now have an alternc account that gets created by the alternc-slave package that the master can use to restart apache and bind on the fly

Location:

alternc/trunk

Files:

• debian/alternc-slave.config (modified) (2 diffs)
• debian/alternc-slave.postinst (modified) (3 diffs)
• debian/alternc-slave.templates (modified) (1 diff)
• debian/alternc.postinst (modified) (3 diffs)
• debian/rules (modified) (1 diff)
• debian/templates (modified) (1 diff)
• src/alternc_reload (copied) (copied from alternc/trunk/src/update_domains.sh) (2 diffs)
• src/update_domains.sh (modified) (2 diffs)

alternc/trunk/debian/alternc-slave.config

@@ -149 +149 @@
 fi
 
+# backward compatbility
+db_get alternc-slave/mergelog-key
+[ -z "$RET" ] || db_set alternc-slave/master-key "$RET"
+
 db_input medium alternc-slave/desktopname || true
 db_input medium alternc-slave/hostingname || true
@@ -165 +169 @@
 db_input low alternc-slave/sql/overwrite || true
 db_input low alternc-slave/monitor_ip || true
-db_input low alternc-slave/mergelog-key || true
+db_input low alternc-slave/master-key || true
 db_go
 

alternc/trunk/debian/alternc-slave.postinst

@@ -43 +43 @@
     # ajoute l'user postfix au groupe sasl
     adduser --quiet postfix sasl
-
-    db_get "alternc-slave/mergelog-key"
-    key="$RET"
-    if [ "X$key" != "" ]; then
-        echo "Creating alternc-mergelog account"
-        adduser --quiet --system --home /var/run/alternc-mergelog --shell /usr/bin/scponly --ingroup adm alternc-mergelog
-        if ! grep -q "$key" /var/run/alternc-mergelog/.ssh/authorized_keys ; then
-            echo "Authorizing requested key to access alternc-mergelog account"
-            mkdir -p /var/run/alternc-mergelog/.ssh
-            echo "$key" >> /var/run/alternc-mergelog/.ssh/authorized_keys
-            chown -R alternc-mergelog:adm /var/run/alternc-mergelog/.ssh
-            chmod -R og-rwx /var/run/alternc-mergelog/.ssh
-        fi
-    fi
 
     # corriger les permissions du chroot
@@ -166 +152 @@
     fi
 
+    # multi-server configuration
+    db_get "alternc-slave/master-key"
+    key="$RET"
+    if [ "X$key" != "" ]; then
+        if grep -q alternc-mergelog /etc/passwd ; then
+            echo "Reusing the alternc-mergelog account as a generic alternc account"
+            # the uid is ugly. we should request allocation from
+            # base-passwd instead
+            usermod --quiet --uid 342 --shell /usr/bin/rbash --login alternc alternc-mergelog
+            # this is a separate step otherwise usermod will look for
+            # files to chown in /var/alternc, which takes a long time
+            usermod --quiet --home $ALTERNC_LOC alternc
+        fi
+        if [ -d /var/run/alternc-mergelog/.ssh ]; then
+            echo "Cleaning up old alternc-mergelog home"
+            mv /var/run/alternc-mergelog/.ssh $ALTERNC_LOC/.ssh && rmdir /var/run/alternc-mergelog
+        fi
+        if ! grep -q alternc /etc/passwd ; then
+            echo "Creating alternc account"
+            # this uid is ugly. we should request allocation from
+            # base-password instead
+            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /usr/bin/rbash --ingroup adm alternc
+        fi
+        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then
+            echo "Authorizing requested key to access alternc-mergelog account"
+            mkdir -p $ALTERNC_LOC/.ssh
+            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys
+            chown -R alternc:adm $ALTERNC_LOC/.ssh
+            chmod -R og-rwx $ALTERNC_LOC/.ssh
+        fi
+    fi
+
     echo "checking for upgrades"
     /usr/share/alternc/install/upgrade_check.sh $2
@@ -176 +194 @@
     fi
 
+    if ! grep -q '## ALTERNC START' /etc/sudoers; then
+        # XXX: this is not proper locking
+        if [ -e /etc/sudoers.tmp ]; then
+            echo "sudoers file being edited, aborting"
+            exit 1
+        else
+            cp /etc/sudoers /etc/sudoers.tmp
+            cat >> /etc/sudoers.tmp <<EOF
+## ALTERNC START
+## do not change anything between those lines
+alternc ALL=NOPASSWD: /usr/sbin/invoke-rc.d apache reload
+alternc ALL=NOPASSWD: /usr/sbin/invoke-rc.d apache2 reload
+alternc ALL=NOPASSWD: /usr/sbin/rndc reload *
+## ALTERNC END
+EOF
+            mv /etc/sudoers.tmp /etc/sudoers
+        fi
+    fi
+
     # important: postinst gele sans ca
     db_stop

alternc/trunk/debian/alternc-slave.templates

@@ -177 +177 @@
  If you accept all users e-mails will be deleted
 
-Template:alternc-slave/mergelog-key
+Template:alternc-slave/master-key
 Type: string
-_Description: SSH key of the mergelog server:
+_Description: SSH key of the master server:
  The slave nodes can be configured to accept connexions from a central
- server (the mergelog server) that will merge the apache logs from all
- the slave servers.
+ server (the master server) that will operate various maintenance tasks
+ on the slave. This currently includes logfile centralisation and
+ service reloading but may be expanded to other domains.
  .
- To do this, the server needs to have an account created and a public
- key. Enter the public key here and the account will be created. If
- this field is left empty, no account will be created.
+ To configure this, the server needs to have an account created and a
+ public key. Enter the public key here and the account will be created.
+ If this field is left empty, no account will be created.

alternc/trunk/debian/alternc.postinst

@@ -97 +97 @@
 # overwrite existing files when backing up
 SQLBACKUP_OVERWRITE=""
+
+# known slave servers, empty for none, localhost is special (no ssh)
+ALTERNC_SLAVES=""
 EOF
 
@@ -123 +126 @@
     update_var alternc/sql/backup_overwrite SQLBACKUP_OVERWRITE
     update_var alternc/alternc_location ALTERNC_LOC
+    update_var alternc/slaves ALTERNC_SLAVES
     sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp
     mv -f $CONFIGFILE.tmp $CONFIGFILE
@@ -152 +156 @@
     fi
 
+    # multi-server configuration: we create an alternc account with
+    # authorized keys. since this is the master, we do not give him a
+    # valid shell, but we still need the user for proper perms
+    if [ ! -z "$ALTERNC_SLAVES" && "$ALTERNC_SLAVES" != "localhost" ] ; then
+        if ! grep -q alternc /etc/passwd ; then
+            echo "Creating alternc account"
+            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /bin/false --ingroup adm alternc
+        fi
+        key=`cat ~root/.ssh/id_dsa.pub`
+        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then
+            echo "Authorizing root ssh key to access the common alternc account"
+            mkdir -p $ALTERNC_LOC/.ssh
+            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys
+            chown -R alternc:adm $ALTERNC_LOC/.ssh
+            chmod -R og-rwx $ALTERNC_LOC/.ssh
+        fi
+    fi
+
     # /var/alternc/dns/d/www.example.com
     FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`"

alternc/trunk/debian/rules

@@ -75 +75 @@
         install tools/get_domains_by_account debian/alternc/usr/bin
         install tools/get_account_by_domain debian/alternc/usr/bin
+    install src/alternc_reload debian/alternc/usr/sbin
         install -m 644 po/fr/LC_MESSAGES/alternc-admintools.mo debian/alternc/usr/share/locale/fr/LC_MESSAGES/
 

alternc/trunk/debian/templates

@@ -176 +176 @@
 _Description: Should AlternC remove mailboxes ?
  If you accept all users e-mails will be deleted
+
+Template: alternc/slaves
+Type: string
+_Description: Slave servers
+ This is a space-separated list of servers that are "slaves" to the
+ master server (this server). When writing apache configuration files,
+ the master server will attempt to reload apache on those remote
+ servers. The alternc-slave package correctly configures those machines
+ to allow login and reload.

alternc/trunk/src/alternc_reload

@@ -25 +25 @@
 # ----------------------------------------------------------------------
 # Original Author of file: Jerome Moinet for l'Autre Net - 14/12/2000
-# Purpose of file: system level domain management
+# Purpose of file: service reloading
 # ----------------------------------------------------------------------
 #
@@ -39 +39 @@
 #
 
-CONFIG_FILE="/etc/alternc/local.sh"
+DOMAIN_LOG_FILE="/var/log/alternc/update_domains.log"
 
-DOMAIN_LOG_FILE="/var/log/alternc/update_domains.log"
-DATA_ROOT="/var/alternc"
-
-NAMED_TEMPLATE="/etc/bind/templates/named.template"
-ZONE_TEMPLATE="/etc/bind/templates/zone.template"
-
-ACTION_INSERT=0
-ACTION_UPDATE=1
-ACTION_DELETE=2
-TYPE_LOCAL=0
-TYPE_URL=1
-TYPE_IP=2
-TYPE_WEBMAIL=3
-YES=1
-
-if [ `id -u` -ne 0 ]; then
-    echo "update_domains.sh must be launched as root"
-    exit 1
+if [ `whoami` = 'root' ]; then
+    sudo="env"
+else
+    sudo="sudo"
 fi
 
-if [ ! -x "/usr/bin/get_account_by_domain" ]; then
-    echo "Your AlternC installation is incorrect ! If you are using pre 0.9.4, "
-    echo "you have to install alternc-admintools: "
-    echo "    apt-get update ; apt-get install alternc-admintools"
-    exit 1
-fi
+RELOAD_ZONES="$*"
 
-if [ ! -r "$CONFIG_FILE" ]; then
-    echo "Can't access $CONFIG_FILE."
-    exit 1
-fi
-
-. "$CONFIG_FILE"
-
-if [ -z "$DEFAULT_MX" -o -z "$PUBLIC_IP" ]; then
-    echo "Bad configuration. Please use:"
-    echo "   dpkg-reconfigure alternc"
-    exit 1
-fi
-
-if [ -f "$LOCK_FILE" ]; then
-    echo "`date` $0: last cron unfinished or stale lock file." |
-        tee -a "$DOMAIN_LOG_FILE" >&2
-    exit 1
-fi
-
-NAMED_CONF_FILE="$DATA_ROOT/bind/automatic.conf"
-ZONES_DIR="$DATA_ROOT/bind/zones"
-APACHECONF_DIR="$DATA_ROOT/apacheconf"
-OVERRIDE_PHP_FILE="$APACHECONF_DIR/override_php.conf"
-WEBMAIL_DIR="$DATA_ROOT/bureau/admin/webmail"
-LOCK_FILE="$DATA_ROOT/bureau/cron.lock"
-HTTP_DNS="$DATA_ROOT/dns"
-HTML_HOME="$DATA_ROOT/html"
-
-MYSQL_SELECT="mysql --defaults-file=/etc/alternc/my.cnf -Bs "
-MYSQL_DELETE="mysql --defaults-file=/etc/alternc/my.cnf "
-
-########################################################################
-# Functions
-#
-. /usr/lib/alternc/functions.sh
-
-########################################################################
-# Main
-#
-
-# Init
-
-touch "$LOCK_FILE"
-DOMAINS_TMP_FILE=`mktemp -t alternc.update_domains.XXXXXX`
-HOSTS_TMP_FILE=`mktemp -t alternc.update_domains.XXXXXX`
-RELOAD_ZONES_TMP_FILE=`mktemp -t alternc.update_domains.XXXXXX`
-
-cleanup() {
-    rm -f "$LOCK_FILE" "$DOMAINS_TMP_FILE" "$HOSTS_TMP_FILE"
-    rm -f "$RELOAD_ZONES_TMP_FILE"
-    exit 0
-}
-
-trap cleanup 0 1 2 15
-
-# Query database
-
-$MYSQL_SELECT <<EOF | tail -n '+1' > "$DOMAINS_TMP_FILE"
-SELECT membres.login,
-       domaines_standby.domaine,
-       if (domaines_standby.mx = '', '@', domaines_standby.mx),
-       domaines_standby.gesdns,
-       domaines_standby.gesmx,
-       domaines_standby.action
-  FROM domaines_standby
-       LEFT JOIN membres membres
-               ON membres.uid = domaines_standby.compte
- ORDER BY domaines_standby.action
-EOF
-
-$MYSQL_SELECT <<EOF | tail -n '+1' > "$HOSTS_TMP_FILE"
-SELECT membres.login,
-       sub_domaines_standby.domaine,
-       if (sub_domaines_standby.sub = '', '@', sub_domaines_standby.sub),
-       if (sub_domaines_standby.valeur = '', 'NULL',
-                                             sub_domaines_standby.valeur),
-       sub_domaines_standby.type,
-       sub_domaines_standby.action
-  FROM sub_domaines_standby
-       LEFT JOIN membres membres
-               ON membres.uid = sub_domaines_standby.compte
- ORDER BY sub_domaines_standby.action desc
-EOF
-
-# Handle domain updates
-
-if [ "`wc -l < $DOMAINS_TMP_FILE`" -gt 0 ]; then
-    echo `date` >> $DOMAIN_LOG_FILE
-    cat "$DOMAINS_TMP_FILE" >> $DOMAIN_LOG_FILE
-fi
-
-# We need to tweak the IFS as $MYSQL_SELECT use tabs to separate fields
-OLD_IFS="$IFS"
-IFS="   "
-while read user domain mx are_we_dns are_we_mx action ; do
-    IFS="$OLD_IFS" 
-
-    DOMAIN_LETTER=`print_domain_letter "$domain"`
-    USER_LETTER=`print_user_letter "$user"`
-
-    case "$action" in
-      $ACTION_INSERT)
-        if [ "$are_we_dns" = "$YES" ] ; then
-            init_zone "$domain"
-        fi
-        ;;
-
-      $ACTION_UPDATE)
-        if [ "$are_we_dns" = "$YES" ] ; then
-            init_zone "$domain"
-            change_mx "$domain" "$mx"
-        else
-            remove_zone "$domain"
-        fi
-        ;;
-
-      $ACTION_DELETE)
-        remove_zone "$domain"
-
-        # remove symlinks
-        rm -f "${HTTP_DNS}/${DOMAIN_LETTER}/"*".$domain"
-        rm -f "${HTTP_DNS}/${DOMAIN_LETTER}/$domain"
-        rm -rf "${HTTP_DNS}/redir/${DOMAIN_LETTER}/"*".$domain"
-        rm -rf "${HTTP_DNS}/redir/${DOMAIN_LETTER}/$domain"
-        ;;
-
-      *)
-        echo "Unknown action code: $action" >> "$DOMAIN_LOG_FILE"
-        ;;
-    esac
-
-    IFS="       "
-done < "$DOMAINS_TMP_FILE"
-IFS="$OLD_IFS"
-
-# Handle hosts update
-
-if [ "`wc -l < $HOSTS_TMP_FILE`" -gt 0 ] ; then
-    echo `date` >> $DOMAIN_LOG_FILE
-    cat "$HOSTS_TMP_FILE" >> $DOMAIN_LOG_FILE
-fi
-
-OLD_IFS="$IFS"
-IFS="   "
-while read user domain host value type action; do
-    IFS="$OLD_IFS"
-
-    case "$action" in
-      $ACTION_UPDATE | $ACTION_INSERT)
-        add_host "$domain" "$type" "$host" "$value" "$user"
-        ;;
-
-      $ACTION_DELETE)
-        delete_host "$domain" "$host"
-        ;;
-
-      *)
-        echo "Unknown action code: $action" >> "$DOMAIN_LOG_FILE"
-        ;;
-    esac
-
-    IFS="       "
-done < "$HOSTS_TMP_FILE"
-IFS="$OLD_IFS"
-
-# Reload configuration for named and apache
-
-RELOAD_ZONES=`cat "$RELOAD_ZONES_TMP_FILE"`
 if [ ! -z "$RELOAD_ZONES" ]; then
     if [ "$RELOAD_ZONES" = "all" ]; then
-        rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE"
+        $sudo rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE"
     else
         for zone in $RELOAD_ZONES; do
-            rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE"
+            $sudo rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE"
         done
     fi
     if [ -x /usr/sbin/apache ]; then
-        invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
+        $sudo invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
     fi
     if [ -x /usr/sbin/apache2 ]; then
-        invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
+        $sudo invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
     fi
 fi
-
-# Cleanup
-
-echo "DELETE FROM domaines_standby" | $MYSQL_DELETE 
-echo "DELETE FROM sub_domaines_standby" | $MYSQL_DELETE 
-
-# vim: et sw=4

alternc/trunk/src/update_domains.sh

@@ -85 +85 @@
         tee -a "$DOMAIN_LOG_FILE" >&2
     exit 1
+fi
+
+# backward compatibility: single-server setup
+if [ -z "$ALTERNC_SLAVES" ] ; then
+    ALTERNC_SLAVES="localhost"
 fi
 
@@ -236 +241 @@
 
 RELOAD_ZONES=`cat "$RELOAD_ZONES_TMP_FILE"`
-if [ ! -z "$RELOAD_ZONES" ]; then
-    if [ "$RELOAD_ZONES" = "all" ]; then
-        rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE"
+
+for slave in $ALTERNC_SLAVES; do
+    if [ "$slave" = "localhost" ]; then
+        alternc_reload $RELOAD_ZONES
     else
-        for zone in $RELOAD_ZONES; do
-            rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE"
-        done
+        ssh alternc@$slave alternc_reload "$RELOAD_ZONES"
     fi
-    if [ -x /usr/sbin/apache ]; then
-        invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
-    fi
-    if [ -x /usr/sbin/apache2 ]; then
-        invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
-    fi
-fi
+done
 
 # Cleanup