From 7418efa0bd7a0e776149c08bb64c2bb477ade261 Mon Sep 17 00:00:00 2001 From: Andy Witter Date: Fri, 9 Nov 2018 06:19:58 -0500 Subject: [PATCH] Fix systemd not allowing user opensrf to restart apache when opensrf is restarted. --- GenaSYS.sh | 32 ++++++++++++++++++++++---------- templates/{ => systemd}/autogen.service | 0 templates/systemd/opensrf.service | 23 +++++++++++++++++++++++ templates/systemd/opensrf.sudoers | 2 ++ 4 files changed, 47 insertions(+), 10 deletions(-) rename templates/{ => systemd}/autogen.service (100%) create mode 100644 templates/systemd/opensrf.service create mode 100644 templates/systemd/opensrf.sudoers diff --git a/GenaSYS.sh b/GenaSYS.sh index 856f9fa..3f30fa1 100755 --- a/GenaSYS.sh +++ b/GenaSYS.sh @@ -25,8 +25,8 @@ PURPOSE_="Generate config files needed for Evergreen-ILS Cluster" SYNOPSIS_="$NAME_" REQUIRES_="standard GNU commands, apt, dpkg" - VERSION_="1.88" - DATE_="2010-11-23; last update: 2018-11-07" + VERSION_="1.90" + DATE_="2010-11-23; last update: 2018-11-08" AUTHOR_="Andy Witter " URL_="http://evergreen-ils.org" CATEGORY_="devel" @@ -53,8 +53,8 @@ done WD=$(dirname $(readlink -f $0)) CUSTOMDIR="$WD/custom" -EG_VERSION="3.0.2" -UBUNTU_CODENAME="trusty" +EG_VERSION="3.2.0" +UBUNTU_CODENAME="xenial" LICENSE="$WD/License.txt" TEMPLATEDIR="$WD/templates" DEFAULT_PRIVATE_NET="10.0.1" @@ -209,12 +209,12 @@ echo BoxTitleBar GenaSYS echo echo -en "$SHADE_BLUE_20 $SHADE_BLUE_20";echo -echo -en "$SHADE_BLUE_20 Evergreen $EG_VERSION Cluster configuration. $SHADE_BLUE_20";echo +echo -en "$SHADE_BLUE_20 Evergreen $EG_VERSION Cluster configuration. $SHADE_BLUE_20";echo echo -en "$SHADE_BLUE_20 $SHADE_BLUE_20";echo -echo -en "$SHADE_BLUE_20 Welcome to GenaSYS for Evergreen ${EG_VERSION} ${SHADE_BLUE_20}";echo +echo -en "$SHADE_BLUE_20 Welcome to GenaSYS for Evergreen ${EG_VERSION} ${SHADE_BLUE_20}";echo echo -en "$SHADE_BLUE_20 This program will ask you a few questions then generate $SHADE_BLUE_20";echo echo -en "$SHADE_BLUE_20 all the system config files needed for a standard $SHADE_BLUE_20";echo -echo -en "$SHADE_BLUE_20 distributed installation of Evergreen $EG_VERSION $SHADE_BLUE_20";echo +echo -en "$SHADE_BLUE_20 distributed installation of Evergreen $EG_VERSION $SHADE_BLUE_20";echo echo -en "$SHADE_BLUE_20 $SHADE_BLUE_20";echo for SHADE in {1..61} do @@ -1909,6 +1909,7 @@ for BRICK in $(seq $BRICKCOUNT) eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/var/data/locale/opac eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/var/web/reporter eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/systemd/system + eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/sudoers.d ### head gets exports if [ "$ROBOTS_TXT" = "y" ] || [ "$ROBOTS_TXT" = "Y" ] ### Copy robots.txt if selected. @@ -1976,7 +1977,8 @@ for BRICK in $(seq $BRICKCOUNT) eval cp -f $TEMPLATEDIR/apt/head_apt.list ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/\$BRICKHOSTNAME${BRICK}-head_apt.list eval cp -f $TMPFOLDER/60-evergreen-ils.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/rsyslog.d eval cp -f $TEMPLATEDIR/rsyslog/50-default.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/rsyslog.d - eval cp -f $TEMPLATEDIR/autogen.service ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/systemd/system + eval cp -f $TEMPLATEDIR/systemd/autogen.service ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/systemd/system + eval cp -f $TEMPLATEDIR/systemd/opensrf.sudoers ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/sudoers.d/opensrf #eval sed -i "s^CLUSTER_DOMAINNAME^${CLUSTERDOMAINNAME}^g" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/60-evergreen-ils.conf eval echo "\$BRICKHOSTNAME${BRICK}-head" > ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/etc/hostname @@ -2079,6 +2081,7 @@ for BRICK in $(seq $BRICKCOUNT) eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/var/data/locale/opac eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/var/web/reporter eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/systemd/system + eval mkdir -p ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/sudoers.d ### head gets exports if [ "$ROBOTS_TXT" = "y" ] || [ "$ROBOTS_TXT" = "Y" ] ### Copy robots.txt if selected. then @@ -2147,7 +2150,8 @@ for BRICK in $(seq $BRICKCOUNT) eval cp -f $TEMPLATEDIR/apt/head_apt.list ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/\$BRICKHOSTNAME${BRICK}-head_apt.list eval cp -f $TMPFOLDER/60-evergreen-ils.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/rsyslog.d eval cp -f $TEMPLATEDIR/rsyslog/50-default.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/rsyslog.d - eval cp -f $TEMPLATEDIR/autogen.service ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/systemd/system + eval cp -f $TEMPLATEDIR/systemd/autogen.service ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/systemd/system + eval cp -f $TEMPLATEDIR/systemd/opensrf.sudoers ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/sudoers.d #eval cp -f /tmp/rsyslog.conf ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/ eval echo "\$BRICKHOSTNAME${BRICK}-head" > ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/etc/hostname eval echo "\$BRICKHOSTNAME${BRICK}-head" >> $TMPOSRFNODES @@ -2561,7 +2565,7 @@ done for UTILITY in $MACHINES_UTILITY; do mkdir -p "$OUTDIR/$UTILITY/etc/systemd/system" -cp -f "$TEMPLATEDIR/autogen.service" "$OUTDIR/$UTILITY/etc/systemd/system" +cp -f "$TEMPLATEDIR/systemd/autogen.service" "$OUTDIR/$UTILITY/etc/systemd/system" cp -f "$TMPFOLDER/exports" "$OUTDIR/$UTILITY/etc/" ### action trigger filters for utility. @@ -2620,6 +2624,7 @@ do mkdir -p "$OUTDIR/$OTHERNODE/openils/var/data/offline/blocked" mkdir -p "$OUTDIR/$OTHERNODE/openils/var/data/vandelay" mkdir -p "$OUTDIR/$OTHERNODE/openils/var/web/reporter" + mkdir -p "$OUTDIR/$OTHERNODE/etc/apache2/ssl" && cp -f "${CERT_DIR}/server.key" "$OUTDIR/$OTHERNODE/etc/apache2/ssl" cp -f "${CERT_DIR}/server.crt" "$OUTDIR/$OTHERNODE/etc/apache2/ssl" [ -e "${CERT_DIR}/ca.crt" ] && cp -f "${CERT_DIR}/ca.crt" "$OUTDIR/$OTHERNODE/etc/apache2/ssl" @@ -2653,6 +2658,13 @@ do cat $TEMPLATEDIR/opensrf.xml/opensrf.xml-footer >> "$OUTDIR/$OTHERNODE/openils/conf/opensrf.xml" done +### make sure user opensrf can restart apache when opensrf is restart on nodes that opensrf is installed +for OSRF_SUDO_NODE in $MACHINES_OSRF_NO_BRICKS +do + mkdir -p "$OUTDIR/$OSRF_SUDO_NODE/etc/sudoers.d" + cp -f "${TEMPLATEDIR}/systemd/opensrf.sudoers" "$OUTDIR/${OSRF_SUDO_NODE}/etc/sudoers.d/opensrf" +done + ### Setup SIP echo diff --git a/templates/autogen.service b/templates/systemd/autogen.service similarity index 100% rename from templates/autogen.service rename to templates/systemd/autogen.service diff --git a/templates/systemd/opensrf.service b/templates/systemd/opensrf.service new file mode 100644 index 0000000..f3e9dd0 --- /dev/null +++ b/templates/systemd/opensrf.service @@ -0,0 +1,23 @@ +[Unit] +Description=Open Service Request Framework +After=ejabberd.service memcached.service +Before=apache2.service apache2-ws.service +#Requries=memcached.service +BindsTo=ejabberd.service + +[Service] +User=opensrf +Group=opensrf +Type=oneshot +RemainAfterExit=yes +Environment=PATH=/openils/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +#ExecStartPre=/bin/sleep 5 +ExecStart=/openils/bin/osrf_control --start-all +#ExecStartPost=/bin/sleep 5 +ExecStartPost=sudo /bin/systemctl -q restart apache2.service +ExecStartPost=sudo /bin/systemctl -q restart apache2-ws.service +ExecStop=/openils/bin/osrf_control --stop-all + +[Install] +WantedBy=multi-user.target +Alias=opensrf.service diff --git a/templates/systemd/opensrf.sudoers b/templates/systemd/opensrf.sudoers new file mode 100644 index 0000000..f9a9ed7 --- /dev/null +++ b/templates/systemd/opensrf.sudoers @@ -0,0 +1,2 @@ +Cmnd_Alias RE_APACHE2 = /bin/systemctl restart apache2.service, /bin/systemctl restart apache2-ws.service +opensrf ALL=(ALL) NOPASSWD: RE_APACHE2 -- 2.11.0