openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

first cut for incremental database replication via ipropd

master
Dr. Ralf S. Engelschall 18 years ago
parent
46b59d2401
commit
fe757f9b25
3 changed files with 91 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      heimdal/heimdal-setup.sh
  2. 59
      heimdal/heimdal.spec
  3. 35
      heimdal/rc.heimdal

14
heimdal/heimdal-setup.sh
Unescape View File

@ -65,3 +65,17 @@ echo "++ exporting keytab file for \"host/$host\" from Kerberos database"
( echo "ext_keytab host/$host"
) | @l_prefix@/sbin/kadmin -l -p admin/admin
echo "++ adding ipropd master \"iprop/$host\" to Kerberos database"
( echo -n "add"
echo -n " --random-key"
echo -n " --max-ticket-life=1day --max-renewable-life=1week"
echo -n " --expiration-time=never --pw-expiration-time=never"
echo -n " --attributes=\"\""
echo -n " iprop/$host"
echo ""
) | @l_prefix@/sbin/kadmin -l -p admin/admin
echo "++ exporting keytab file for \"host/$host\" from Kerberos database"
( echo "ext_keytab iprop/$host"
) | @l_prefix@/sbin/kadmin -l -p admin/admin

59
heimdal/heimdal.spec
Unescape View File

@ -105,6 +105,13 @@ Conflicts: kerberos
%{l_shtool} subst \
-e 's;HDB_DB_DIR "/kdc.conf";"%{l_prefix}/etc/heimdal/kdc.conf";g' \
kadmin/kadmin.c kadmin/kadmind.c kdc/kdc_locl.h kpasswd/kpasswdd.c
%{l_shtool} subst \
-e 's;HDB_DB_DIR "/slaves";"%{l_prefix}/etc/heimdal/ipropd.slaves";g' \
-e 's;HDB_DB_DIR "/slaves-stats";"%{l_prefix}/var/heimdal/run/ipropd.stats";g' \
lib/kadm5/iprop.h
%{l_shtool} subst \
-e 's;HDB_DB_DIR "/signal";"%{l_prefix}/var/heimdal/run/ipropd.signal";g' \
lib/kadm5/private.h
( echo "ac_cv_prog_COMPILE_ET="
) >config.cache
CC="%{l_cc}" \
@ -210,6 +217,10 @@ Conflicts: kerberos
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE krb5.conf} %{SOURCE kdc.conf} \
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/
%{l_shtool} install -c -m 644 \
/dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.master
%{l_shtool} install -c -m 644 \
/dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.slaves
# install OSSP fsl configuration
%{l_shtool} install -c -m 644 %{l_value -s -a} \
@ -253,25 +264,51 @@ Conflicts: kerberos
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ "
echo " passwd -p <new-password> admin/admin"
echo ""
echo "REPLICATION:"
echo ""
echo "For database replication prepare the *master* with:"
echo " \$ echo 'iprop/<hostname-slave>.<domain>@<realm>' \\ "
echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.slaves"
echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf"
echo " heimdal_daemons=\"[...] ipropd-master\""
echo ""
echo "For database replication prepare the *slave* with:"
echo " \$ echo '<hostname-master>.<domain>' \\ "
echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.master"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " add --random-key --attributes=\"\" \\ "
echo " --max-ticket-life=1day --max-renewable-life=1week \\ "
echo " --expiration-time=never --pw-expiration-time=never \\ "
echo " iprop/<hostname-slave>.<domain>"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " ext_keytab host/<hostname-slave>.<domain>"
echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf"
echo " heimdal_daemons=\"[...] ipropd-slave\""
echo ""
echo "HOSTS:"
echo ""
echo "Then you should add and attach all remote hosts to Heimdal"
echo "by running the following command on each *remote* host:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " add --random-key --attributes=\"\" \\ "
echo " --max-ticket-life=1day --max-renewable-life=1week \\ "
echo " --expiration-time=never --pw-expiration-time=never \\ "
echo " host/<hostname>.<domain>"
echo " add --random-key --attributes=\"\" \\ "
echo " --max-ticket-life=1day --max-renewable-life=1week \\ "
echo " --expiration-time=never --pw-expiration-time=never \\ "
echo " host/<hostname>.<domain>"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " ext_keytab host/<hostname>.<domain>"
echo " ext_keytab host/<hostname>.<domain>"
echo ""
echo "USERS:"
echo ""
echo "Then you should add all your users to Heimdal via:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " add --password=<password> --use-defaults \\ "
echo " <user>/<user>@<realm>"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ "
echo " add --password=<password> --use-defaults \\ "
echo " <user>/<user>@<realm>"
echo ""
echo "After this, your users can use Kerberos all attached hosts:"
echo " \$ $RPM_INSTALL_PREFIX/bin/kinit <user>/<user>"
echo " \$ $RPM_INSTALL_PREFIX/bin/klist"
echo " \$ $RPM_INSTALL_PREFIX/bin/kdestroy"
echo ""
) | %{l_rpmtool} msg -b -t notice
fi
# after upgrade, restore status
@ -284,8 +321,8 @@ Conflicts: kerberos
# before erase, stop service and remove log files
[ $1 -eq 0 ] || exit 0
%{l_rc} heimdal stop 2>/dev/null
rm -f $RPM_INSTALL_PREFIX/var/heimdal/log/*.log* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/run/*.pid >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/db/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/log/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/run/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/db/* >/dev/null 2>&1 || true
exit 0

35
heimdal/rc.heimdal
Unescape View File

@ -9,6 +9,8 @@
heimdal_flags_kdc=""
heimdal_flags_kadmind=""
heimdal_flags_kpasswdd=""
heimdal_flags_ipropd_master=""
heimdal_flags_ipropd_slave=""
heimdal_log_prolog="true"
heimdal_log_epilog="true"
heimdal_log_numfiles="10"
@ -20,6 +22,8 @@
heimdal_pidfile_kdc="@l_prefix@/var/heimdal/run/kdc.pid"
heimdal_pidfile_kadmind="@l_prefix@/var/heimdal/run/kadmind.pid"
heimdal_pidfile_kpasswdd="@l_prefix@/var/heimdal/run/kpasswdd.pid"
heimdal_pidfile_ipropd_master="@l_prefix@/var/heimdal/run/ipropd-master.pid"
heimdal_pidfile_ipropd_slave="@l_prefix@/var/heimdal/run/ipropd-slave.pid"
heimdal_signal () {
[ -f $heimdal_pidfile_kdc ] \
&& kill -$1 `cat $heimdal_pidfile_kdc`
@ -30,9 +34,17 @@
[ -f $heimdal_pidfile_kpasswdd ] \
&& kill -$1 `cat $heimdal_pidfile_kpasswdd`
local rc_heimdal_kpasswdd=$?
[ $rc_heimdal_kdc -eq 0 -o \
$rc_heimdal_kadmind -eq 0 -o \
$rc_heimdal_kpasswdd -eq 0 ]
[ -f $heimdal_pidfile_ipropd_master ] \
&& kill -$1 `cat $heimdal_pidfile_ipropd_master`
local rc_heimdal_ipropd_master=$?
[ -f $heimdal_pidfile_ipropd_slave ] \
&& kill -$1 `cat $heimdal_pidfile_ipropd_slave`
local rc_heimdal_ipropd_slave=$?
[ $rc_heimdal_kdc -eq 0 -o \
$rc_heimdal_kadmind -eq 0 -o \
$rc_heimdal_kpasswdd -eq 0 -o \
$rc_heimdal_ipropd_master -eq 0 -o \
$rc_heimdal_ipropd_slave -eq 0 ]
}
%status -u @l_susr@ -o
@ -61,6 +73,15 @@
nohup @l_prefix@/sbin/kpasswdd $heimdal_flags_kpasswdd &
echo $! >$heimdal_pidfile_kpasswdd
;;
ipropd-master )
nohup @l_prefix@/sbin/ipropd-master $heimdal_flags_ipropd_master &
echo $! >$heimdal_pidfile_ipropd_master
;;
ipropd-slave )
nohup @l_prefix@/sbin/ipropd-slave $heimdal_flags_ipropd_slave \
`cat @l_prefix@/etc/heimdal/ipropd.master` &
echo $! >$heimdal_pidfile_ipropd_slave
;;
esac
done
@ -69,9 +90,11 @@
rcService heimdal active no && exit 0
heimdal_signal TERM
sleep 5
rm -f $heimdal_pidfile_kdc 2>/dev/null || true
rm -f $heimdal_pidfile_kadmind 2>/dev/null || true
rm -f $heimdal_pidfile_kpasswdd 2>/dev/null || true
rm -f $heimdal_pidfile_kdc 2>/dev/null || true
rm -f $heimdal_pidfile_kadmind 2>/dev/null || true
rm -f $heimdal_pidfile_kpasswdd 2>/dev/null || true
rm -f $heimdal_pidfile_ipropd_master 2>/dev/null || true
rm -f $heimdal_pidfile_ipropd_slave 2>/dev/null || true
%restart -u @l_susr@
rcService heimdal enable yes || exit 0

Write Preview
Loading…
Cancel
Save