From fe757f9b25d61d0968dac4f4b94c856e9e3fe673 Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Fri, 5 Oct 2007 11:57:58 +0000 Subject: [PATCH] first cut for incremental database replication via ipropd --- heimdal/heimdal-setup.sh | 14 ++++++++++ heimdal/heimdal.spec | 59 ++++++++++++++++++++++++++++++++-------- heimdal/rc.heimdal | 35 ++++++++++++++++++++---- 3 files changed, 91 insertions(+), 17 deletions(-) diff --git a/heimdal/heimdal-setup.sh b/heimdal/heimdal-setup.sh index 451dc99480..5b4b480abf 100644 --- a/heimdal/heimdal-setup.sh +++ b/heimdal/heimdal-setup.sh @@ -65,3 +65,17 @@ echo "++ exporting keytab file for \"host/$host\" from Kerberos database" ( echo "ext_keytab host/$host" ) | @l_prefix@/sbin/kadmin -l -p admin/admin +echo "++ adding ipropd master \"iprop/$host\" to Kerberos database" +( echo -n "add" + echo -n " --random-key" + echo -n " --max-ticket-life=1day --max-renewable-life=1week" + echo -n " --expiration-time=never --pw-expiration-time=never" + echo -n " --attributes=\"\"" + echo -n " iprop/$host" + echo "" +) | @l_prefix@/sbin/kadmin -l -p admin/admin + +echo "++ exporting keytab file for \"host/$host\" from Kerberos database" +( echo "ext_keytab iprop/$host" +) | @l_prefix@/sbin/kadmin -l -p admin/admin + diff --git a/heimdal/heimdal.spec b/heimdal/heimdal.spec index 939843bb43..1ede7cdeb3 100644 --- a/heimdal/heimdal.spec +++ b/heimdal/heimdal.spec @@ -105,6 +105,13 @@ Conflicts: kerberos %{l_shtool} subst \ -e 's;HDB_DB_DIR "/kdc.conf";"%{l_prefix}/etc/heimdal/kdc.conf";g' \ kadmin/kadmin.c kadmin/kadmind.c kdc/kdc_locl.h kpasswd/kpasswdd.c + %{l_shtool} subst \ + -e 's;HDB_DB_DIR "/slaves";"%{l_prefix}/etc/heimdal/ipropd.slaves";g' \ + -e 's;HDB_DB_DIR "/slaves-stats";"%{l_prefix}/var/heimdal/run/ipropd.stats";g' \ + lib/kadm5/iprop.h + %{l_shtool} subst \ + -e 's;HDB_DB_DIR "/signal";"%{l_prefix}/var/heimdal/run/ipropd.signal";g' \ + lib/kadm5/private.h ( echo "ac_cv_prog_COMPILE_ET=" ) >config.cache CC="%{l_cc}" \ @@ -210,6 +217,10 @@ Conflicts: kerberos %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE krb5.conf} %{SOURCE kdc.conf} \ $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ + %{l_shtool} install -c -m 644 \ + /dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.master + %{l_shtool} install -c -m 644 \ + /dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.slaves # install OSSP fsl configuration %{l_shtool} install -c -m 644 %{l_value -s -a} \ @@ -253,25 +264,51 @@ Conflicts: kerberos echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ " echo " passwd -p admin/admin" echo "" + echo "REPLICATION:" + echo "" + echo "For database replication prepare the *master* with:" + echo " \$ echo 'iprop/.@' \\ " + echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.slaves" + echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf" + echo " heimdal_daemons=\"[...] ipropd-master\"" + echo "" + echo "For database replication prepare the *slave* with:" + echo " \$ echo '.' \\ " + echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.master" + echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " + echo " add --random-key --attributes=\"\" \\ " + echo " --max-ticket-life=1day --max-renewable-life=1week \\ " + echo " --expiration-time=never --pw-expiration-time=never \\ " + echo " iprop/." + echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " + echo " ext_keytab host/." + echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf" + echo " heimdal_daemons=\"[...] ipropd-slave\"" + echo "" + echo "HOSTS:" + echo "" echo "Then you should add and attach all remote hosts to Heimdal" echo "by running the following command on each *remote* host:" echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " - echo " add --random-key --attributes=\"\" \\ " - echo " --max-ticket-life=1day --max-renewable-life=1week \\ " - echo " --expiration-time=never --pw-expiration-time=never \\ " - echo " host/." + echo " add --random-key --attributes=\"\" \\ " + echo " --max-ticket-life=1day --max-renewable-life=1week \\ " + echo " --expiration-time=never --pw-expiration-time=never \\ " + echo " host/." echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " - echo " ext_keytab host/." + echo " ext_keytab host/." + echo "" + echo "USERS:" echo "" echo "Then you should add all your users to Heimdal via:" - echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " - echo " add --password= --use-defaults \\ " - echo " /@" + echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ " + echo " add --password= --use-defaults \\ " + echo " /@" echo "" echo "After this, your users can use Kerberos all attached hosts:" echo " \$ $RPM_INSTALL_PREFIX/bin/kinit /" echo " \$ $RPM_INSTALL_PREFIX/bin/klist" echo " \$ $RPM_INSTALL_PREFIX/bin/kdestroy" + echo "" ) | %{l_rpmtool} msg -b -t notice fi # after upgrade, restore status @@ -284,8 +321,8 @@ Conflicts: kerberos # before erase, stop service and remove log files [ $1 -eq 0 ] || exit 0 %{l_rc} heimdal stop 2>/dev/null - rm -f $RPM_INSTALL_PREFIX/var/heimdal/log/*.log* >/dev/null 2>&1 || true - rm -f $RPM_INSTALL_PREFIX/var/heimdal/run/*.pid >/dev/null 2>&1 || true - rm -f $RPM_INSTALL_PREFIX/var/heimdal/db/* >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/heimdal/log/* >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/heimdal/run/* >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/heimdal/db/* >/dev/null 2>&1 || true exit 0 diff --git a/heimdal/rc.heimdal b/heimdal/rc.heimdal index 3c7f9f72eb..c2f75f06d5 100644 --- a/heimdal/rc.heimdal +++ b/heimdal/rc.heimdal @@ -9,6 +9,8 @@ heimdal_flags_kdc="" heimdal_flags_kadmind="" heimdal_flags_kpasswdd="" + heimdal_flags_ipropd_master="" + heimdal_flags_ipropd_slave="" heimdal_log_prolog="true" heimdal_log_epilog="true" heimdal_log_numfiles="10" @@ -20,6 +22,8 @@ heimdal_pidfile_kdc="@l_prefix@/var/heimdal/run/kdc.pid" heimdal_pidfile_kadmind="@l_prefix@/var/heimdal/run/kadmind.pid" heimdal_pidfile_kpasswdd="@l_prefix@/var/heimdal/run/kpasswdd.pid" + heimdal_pidfile_ipropd_master="@l_prefix@/var/heimdal/run/ipropd-master.pid" + heimdal_pidfile_ipropd_slave="@l_prefix@/var/heimdal/run/ipropd-slave.pid" heimdal_signal () { [ -f $heimdal_pidfile_kdc ] \ && kill -$1 `cat $heimdal_pidfile_kdc` @@ -30,9 +34,17 @@ [ -f $heimdal_pidfile_kpasswdd ] \ && kill -$1 `cat $heimdal_pidfile_kpasswdd` local rc_heimdal_kpasswdd=$? - [ $rc_heimdal_kdc -eq 0 -o \ - $rc_heimdal_kadmind -eq 0 -o \ - $rc_heimdal_kpasswdd -eq 0 ] + [ -f $heimdal_pidfile_ipropd_master ] \ + && kill -$1 `cat $heimdal_pidfile_ipropd_master` + local rc_heimdal_ipropd_master=$? + [ -f $heimdal_pidfile_ipropd_slave ] \ + && kill -$1 `cat $heimdal_pidfile_ipropd_slave` + local rc_heimdal_ipropd_slave=$? + [ $rc_heimdal_kdc -eq 0 -o \ + $rc_heimdal_kadmind -eq 0 -o \ + $rc_heimdal_kpasswdd -eq 0 -o \ + $rc_heimdal_ipropd_master -eq 0 -o \ + $rc_heimdal_ipropd_slave -eq 0 ] } %status -u @l_susr@ -o @@ -61,6 +73,15 @@ nohup @l_prefix@/sbin/kpasswdd $heimdal_flags_kpasswdd & echo $! >$heimdal_pidfile_kpasswdd ;; + ipropd-master ) + nohup @l_prefix@/sbin/ipropd-master $heimdal_flags_ipropd_master & + echo $! >$heimdal_pidfile_ipropd_master + ;; + ipropd-slave ) + nohup @l_prefix@/sbin/ipropd-slave $heimdal_flags_ipropd_slave \ + `cat @l_prefix@/etc/heimdal/ipropd.master` & + echo $! >$heimdal_pidfile_ipropd_slave + ;; esac done @@ -69,9 +90,11 @@ rcService heimdal active no && exit 0 heimdal_signal TERM sleep 5 - rm -f $heimdal_pidfile_kdc 2>/dev/null || true - rm -f $heimdal_pidfile_kadmind 2>/dev/null || true - rm -f $heimdal_pidfile_kpasswdd 2>/dev/null || true + rm -f $heimdal_pidfile_kdc 2>/dev/null || true + rm -f $heimdal_pidfile_kadmind 2>/dev/null || true + rm -f $heimdal_pidfile_kpasswdd 2>/dev/null || true + rm -f $heimdal_pidfile_ipropd_master 2>/dev/null || true + rm -f $heimdal_pidfile_ipropd_slave 2>/dev/null || true %restart -u @l_susr@ rcService heimdal enable yes || exit 0