various admin server stuff
by Rich Megginson
I'd like to move mod_admserv and mod_restartd into the admin.git repo as
sub-directories. I couldn't figure out a way to migrate the CVS history
data into a git subdirectory, so I was thinking about just copying the
files in there with no history. Is this ok? We can always refer back
to the old CVS repo if we need to see history.
It turns out we can't get rid of mod_restartd and use mod_suexec.
mod_suexec explicitly forbids running CGIs as root, so we can't use that
to start the servers. I don't really like the fact that we have to
support this module for the sole purpose of being able to remotely
start, restart, and create instances of servers that run on low ports.
For one, mod_restartd is and always will be a security nightmare waiting
to happen - it is just a bad, bad idea to execute CGIs as root (or run
the admin server as root). For another, usually init or something like
daemontools does a much better job of making sure remote servers are
running (e.g. restarting after a crash). You always have to run
setup-ds-admin.pl when installing on a remote system, and that creates
the directory server instance, so I'm not really sure how useful it is
to be able to remotely create instances. I'd like to propose that we
make this feature optional (that is, can build admin server without it)
and possibly get rid of it altogether.
I would also like to relax the requirement that we have to use the
threaded model Apache. The only reason we require this is because
mod_admserv caches the auth credentials and ACIs in memory, in case you
need to perform a task while the config DS is down (e.g. like start or
restart). There are a few changes required to mod_admserv to relax this
restriction.
14 years, 6 months
Please review: auto upgrade during rpm posttrans
by Rich Megginson
It is a problem that upgrade is not run automatically during rpm
installation. It causes problems for other packages that depend on
389. This fix allows rpm to run the upgrade script. Some notes:
* had to write scriptlets in lua to allow data to be passed among
different phases - %posttrans does not know if it is being run as a
fresh install or an upgrade, so we have to get that information from
%post to pass to %posttrans
* upgrade must be run in posttrans - in %post, the old package that is
being upgraded will still be around - this includes the old schema in
the schema dir - the update script assumes the contents of the schema
dir are correct and current - so we have to wait until %posttrans when
the schema dir will contain only the new schema
* the upgrade script can only run non-interactively if the servers are
all shutdown first - so we have to shutdown the servers, run the
upgrade, then start the servers back up - however, if the user did not
want certain servers to be running, we first get a list of the running
servers, and only start those back up after the upgrade
Index: 389-ds-base.spec
===================================================================
RCS file: /cvs/extras/rpms/389-ds-base/F-11/389-ds-base.spec,v
retrieving revision 1.5
diff -u -8 -r1.5 389-ds-base.spec
--- 389-ds-base.spec 8 Sep 2009 19:24:58 -0000 1.5
+++ 389-ds-base.spec 6 Oct 2009 02:37:03 -0000
@@ -1,15 +1,15 @@
%define pkgname dirsrv
Summary: 389 Directory Server (base)
Name: 389-ds-base
-Version: 1.2.2
-Release: 2%{?dist}
+Version: 1.2.3
+Release: 1%{?dist}
License: GPLv2 with exceptions
URL: http://port389.org/
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Provides: fedora-ds-base = %{version}-%{release}
Obsoletes: fedora-ds-base < 1.2.1-1
BuildRequires: nspr-devel
@@ -141,29 +141,39 @@
-- print(fullname.." is linked to "..linked)
%{pkgname}_savelinks[fullname] = linked
end
end
end
end
end
-%post
-/sbin/chkconfig --add %{pkgname}
-/sbin/ldconfig
-# this has been problematic - if this directory
-# does not exist, the server will silently fail to
-# start - however, if the user has already created
-# it, we don't want to overwrite the permissions
-# on it - so we can't list it explicitly in the
-# files section - we list it as a ghost so that
-# it will be removed when the rpm is removed
-if [ ! -d %{_localstatedir}/run/%{pkgname} ] ; then
- mkdir -p %{_localstatedir}/run/%{pkgname}
-fi
+%post -p <lua>
+os.execute('/sbin/chkconfig --add %{pkgname}')
+os.execute('/sbin/ldconfig')
+-- this has been problematic - if this directory
+-- does not exist, the server will silently fail to
+-- start - however, if the user has already created
+-- it, we don't want to overwrite the permissions
+-- on it - so we can't list it explicitly in the
+-- files section - we list it as a ghost so that
+-- it will be removed when the rpm is removed
+if not posix.access("%{_localstatedir}/run/%{pkgname}") then
+ posix.mkdir("%{_localstatedir}/run/%{pkgname}")
+end
+-- since posttrans is not passed the upgrade status, we get
+-- it here
+if (arg[2] > 1) or %{pkgname}_exists then
+-- print("in %{pkgname} post - upgrading")
+ %{pkgname}_upgrading = true
+else
+-- print("in %{pkgname} post - installing")
+ %{pkgname}_upgrading = false
+end
+
%preun
if [ $1 = 0 ]; then
/sbin/service %{pkgname} stop >/dev/null 2>&1 || :
/sbin/chkconfig --del %{pkgname}
fi
%postun -p /sbin/ldconfig
@@ -172,32 +182,71 @@
-- if we saved the run level configuration in %pre, restore it now
-- we can get rid of this code once Fedora 11 becomes obsolete
if %{pkgname}_savelinks then
for fullpath,link in pairs(%{pkgname}_savelinks) do
posix.symlink(link,fullpath)
-- print("posttrans - restored run level "..fullpath.." to "..link)
end
end
+if %{pkgname}_upgrading then
+ instbase = "%{_sysconfdir}/%{pkgname}"
+-- print("posttrans - upgrading - looking for instances in "..instbase)
+-- find all instances
+ instances = {} -- instances that require a restart after upgrade
+ for dir in posix.files(instbase) do
+-- print("dir="..dir)
+ if string.find(dir,"^slapd-") and not string.find(dir,"\.removed$") then
+ inst = string.gsub(dir,"^slapd[-]", "")
+-- print("found instance "..inst.." getting status")
+ rc = os.execute('/sbin/service %{pkgname} status '..inst..' >/dev/null 2>&1')
+-- if instance is running, we must restart it after upgrade
+ if rc == 0 then
+ instances[inst] = inst
+-- print("instance "..inst.." is running")
+-- else
+-- print("instance "..inst.." is shutdown")
+ end
+ end
+ end
+-- shutdown all instances
+-- print("shutting down all instances . . .")
+ os.execute('/sbin/service %{pkgname} stop > /dev/null 2>&1')
+-- do the upgrade
+-- print("upgrading instances . . .")
+ os.execute('%{_sbindir}/setup-ds.pl -l /dev/null -u -s General.UpdateMode=offline > /dev/null 2>&1')
+-- restart instances that require it
+ for inst,dummy in pairs(instances) do
+-- print("restarting instance "..inst)
+ os.execute('/sbin/service %{pkgname} start '..inst..' >/dev/null 2>&1')
+ end
+end
+-- if we upgraded from fedora to 389, the upgrade will shutdown
+-- all old running instances, so we have to start them here
if %{pkgname}_exists then
+-- print("restarting all instances due to package rename")
os.execute('/sbin/service %{pkgname} start >/dev/null 2>&1')
end
+
%files
%defattr(-,root,root,-)
%doc LICENSE EXCEPTION LICENSE.GPLv2
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
%{_datadir}/%{pkgname}
%{_sysconfdir}/rc.d/init.d/%{pkgname}
+%{_sysconfdir}/rc.d/init.d/%{pkgname}-snmp
%{_bindir}/*
%{_sbindir}/*
%dir %{_libdir}/%{pkgname}
%{_libdir}/%{pkgname}/*.so.*
%{_libdir}/%{pkgname}/perl
%dir %{_libdir}/%{pkgname}/plugins
%{_libdir}/%{pkgname}/plugins/*.so
%dir %{_localstatedir}/lib/%{pkgname}
@@ -208,16 +257,23 @@
%files devel
%defattr(-,root,root,-)
%doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel
%{_includedir}/%{pkgname}
%{_libdir}/%{pkgname}/*.so
%changelog
+* Mon Sep 14 2009 Rich Megginson <rmeggins(a)redhat.com> - 1.2.3-1
+- 1.2.3 release
+- added template-initconfig to %files
+- %posttrans now runs update to update the server instances
+- servers are shutdown, then restarted if running before install
+- scriptlets mostly use lua now to pass data among scriptlet phases
+
* Tue Sep 08 2009 Nathan Kinder <nkinder(a)redhat.com> - 1.2.2-2
- removed BuildRequires for lm_sensors on s390 and s390x
* Thu Aug 20 2009 Rich Megginson <rmeggins(a)redhat.com> - 1.2.2-1
- backed out - added template-initconfig to %files - this change is for the next major release
- bump version to 1.2.2
- fix reopened 509472 db2index all does not reindex all the db backends correctly
- fix 518520 - pre hashed salted passwords do not work
14 years, 6 months
