add the concept of slaves in alternc core. slaves now have an alternc account that gets created by the alternc-slave package that the master can use to restart apache and bind on the fly

.gitattributes

@@ -351,6 +351,7 @@ po/fr/LC_MESSAGES/alternc-admintools.po -text
 /quota_delete -text
 /quota_init -text
 src/Makefile -text
+src/alternc_reload -text
 src/basedir_prot.sh -text
 src/du.pl -text
 src/fixperms.sh -text

debian/alternc-slave.config

@@ -148,6 +148,10 @@ if [ -z "$RET" ]
 db_set alternc-slave/alternc_location "$ALTERNC_LOC"
 fi
 
+# backward compatbility
+db_get alternc-slave/mergelog-key
+[ -z "$RET" ] || db_set alternc-slave/master-key "$RET"
+
 db_input medium alternc-slave/desktopname || true
 db_input medium alternc-slave/hostingname || true
 db_input medium alternc-slave/internal_ip || true
@@ -164,7 +168,7 @@ db_input low alternc-slave/mysql/client || true
 db_input low alternc-slave/sql/backup_type || true
 db_input low alternc-slave/sql/overwrite || true
 db_input low alternc-slave/monitor_ip || true
-db_input low alternc-slave/mergelog-key || true
+db_input low alternc-slave/master-key || true
 db_go
 
 # vim: et sw=4

debian/alternc-slave.postinst

@@ -43,20 +43,6 @@ case "$1" in
     # ajoute l'user postfix au groupe sasl
     adduser --quiet postfix sasl
 
-    db_get "alternc-slave/mergelog-key"
-    key="$RET"
-    if [ "X$key" != "" ]; then
-        echo "Creating alternc-mergelog account"
-        adduser --quiet --system --home /var/run/alternc-mergelog --shell /usr/bin/scponly --ingroup adm alternc-mergelog
-        if ! grep -q "$key" /var/run/alternc-mergelog/.ssh/authorized_keys ; then
-            echo "Authorizing requested key to access alternc-mergelog account"
-            mkdir -p /var/run/alternc-mergelog/.ssh
-            echo "$key" >> /var/run/alternc-mergelog/.ssh/authorized_keys
-            chown -R alternc-mergelog:adm /var/run/alternc-mergelog/.ssh
-            chmod -R og-rwx /var/run/alternc-mergelog/.ssh
-        fi
-    fi
-
     # corriger les permissions du chroot
     mkdir -p /var/spool/postfix/var/run/saslauthd || true
     dpkg-statoverride --quiet --update --add root sasl 710 /var/spool/postfix/var/run/saslauthd  || true
@@ -165,6 +151,38 @@ EOF
       . $CONFIGFILE
     fi
 
+    # multi-server configuration
+    db_get "alternc-slave/master-key"
+    key="$RET"
+    if [ "X$key" != "" ]; then
+        if grep -q alternc-mergelog /etc/passwd ; then
+            echo "Reusing the alternc-mergelog account as a generic alternc account"
+            # the uid is ugly. we should request allocation from
+            # base-passwd instead
+            usermod --quiet --uid 342 --shell /usr/bin/rbash --login alternc alternc-mergelog
+            # this is a separate step otherwise usermod will look for
+            # files to chown in /var/alternc, which takes a long time
+            usermod --quiet --home $ALTERNC_LOC alternc
+        fi
+        if [ -d /var/run/alternc-mergelog/.ssh ]; then
+            echo "Cleaning up old alternc-mergelog home"
+            mv /var/run/alternc-mergelog/.ssh $ALTERNC_LOC/.ssh && rmdir /var/run/alternc-mergelog
+        fi
+        if ! grep -q alternc /etc/passwd ; then
+            echo "Creating alternc account"
+            # this uid is ugly. we should request allocation from
+            # base-password instead
+            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /usr/bin/rbash --ingroup adm alternc
+        fi
+        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then
+            echo "Authorizing requested key to access alternc-mergelog account"
+            mkdir -p $ALTERNC_LOC/.ssh
+            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys
+            chown -R alternc:adm $ALTERNC_LOC/.ssh
+            chmod -R og-rwx $ALTERNC_LOC/.ssh
+        fi
+    fi
+
     echo "checking for upgrades"
     /usr/share/alternc/install/upgrade_check.sh $2
 
@@ -175,6 +193,25 @@ EOF
         echo "<?php $include_str ?>" >> $pma_config
     fi
 
+    if ! grep -q '## ALTERNC START' /etc/sudoers; then
+        # XXX: this is not proper locking
+        if [ -e /etc/sudoers.tmp ]; then
+            echo "sudoers file being edited, aborting"
+            exit 1
+        else
+            cp /etc/sudoers /etc/sudoers.tmp
+            cat >> /etc/sudoers.tmp <<EOF
+## ALTERNC START
+## do not change anything between those lines
+alternc ALL=NOPASSWD: /usr/sbin/invoke-rc.d apache reload
+alternc ALL=NOPASSWD: /usr/sbin/invoke-rc.d apache2 reload
+alternc ALL=NOPASSWD: /usr/sbin/rndc reload *
+## ALTERNC END
+EOF
+            mv /etc/sudoers.tmp /etc/sudoers
+        fi
+    fi
+
     # important: postinst gele sans ca
     db_stop
 

debian/alternc-slave.templates

@@ -176,13 +176,14 @@ Type: boolean
 _Description: Should AlternC remove bind mailboxes ?
  If you accept all users e-mails will be deleted
 
-Template:alternc-slave/mergelog-key
+Template:alternc-slave/master-key
 Type: string
-_Description: SSH key of the mergelog server:
+_Description: SSH key of the master server:
  The slave nodes can be configured to accept connexions from a central
- server (the mergelog server) that will merge the apache logs from all
- the slave servers.
+ server (the master server) that will operate various maintenance tasks
+ on the slave. This currently includes logfile centralisation and
+ service reloading but may be expanded to other domains.
  .
- To do this, the server needs to have an account created and a public
- key. Enter the public key here and the account will be created. If
- this field is left empty, no account will be created.
+ To configure this, the server needs to have an account created and a
+ public key. Enter the public key here and the account will be created.
+ If this field is left empty, no account will be created.

debian/alternc.postinst

@@ -96,6 +96,9 @@ SQLBACKUP_TYPE=""
 
 # overwrite existing files when backing up
 SQLBACKUP_OVERWRITE=""
+
+# known slave servers, empty for none, localhost is special (no ssh)
+ALTERNC_SLAVES=""
 EOF
 
         chown root:www-data $CONFIGFILE
@@ -122,6 +125,7 @@ EOF
     update_var alternc/sql/backup_type SQLBACKUP_TYPE
     update_var alternc/sql/backup_overwrite SQLBACKUP_OVERWRITE
     update_var alternc/alternc_location ALTERNC_LOC
+    update_var alternc/slaves ALTERNC_SLAVES
     sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp
     mv -f $CONFIGFILE.tmp $CONFIGFILE
 
@@ -151,6 +155,24 @@ EOF
       . $CONFIGFILE
     fi
 
+    # multi-server configuration: we create an alternc account with
+    # authorized keys. since this is the master, we do not give him a
+    # valid shell, but we still need the user for proper perms
+    if [ ! -z "$ALTERNC_SLAVES" && "$ALTERNC_SLAVES" != "localhost" ] ; then
+        if ! grep -q alternc /etc/passwd ; then
+            echo "Creating alternc account"
+            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /bin/false --ingroup adm alternc
+        fi
+        key=`cat ~root/.ssh/id_dsa.pub`
+        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then
+            echo "Authorizing root ssh key to access the common alternc account"
+            mkdir -p $ALTERNC_LOC/.ssh
+            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys
+            chown -R alternc:adm $ALTERNC_LOC/.ssh
+            chmod -R og-rwx $ALTERNC_LOC/.ssh
+        fi
+    fi
+
     # /var/alternc/dns/d/www.example.com
     FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`"
     if [ "$FQDN_LETTER" = "$FQDN" ]

debian/rules

@@ -74,6 +74,7 @@ install: build
 	install tools/top_ftp_users debian/alternc/usr/bin
 	install tools/get_domains_by_account debian/alternc/usr/bin
 	install tools/get_account_by_domain debian/alternc/usr/bin
+    install src/alternc_reload debian/alternc/usr/sbin
 	install -m 644 po/fr/LC_MESSAGES/alternc-admintools.mo debian/alternc/usr/share/locale/fr/LC_MESSAGES/
 
 	# Remove helpers files from l18n dir

debian/templates

@@ -175,3 +175,12 @@ Template: alternc/postrm_remove_mailboxes
 Type: boolean
 _Description: Should AlternC remove mailboxes ?
  If you accept all users e-mails will be deleted
+
+Template: alternc/slaves
+Type: string
+_Description: Slave servers
+ This is a space-separated list of servers that are "slaves" to the
+ master server (this server). When writing apache configuration files,
+ the master server will attempt to reload apache on those remote
+ servers. The alternc-slave package correctly configures those machines
+ to allow login and reload.

src/alternc_reload

@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# $Id: update_domaines.sh,v 1.31 2005/08/29 19:21:31 anarcat Exp $
+# ----------------------------------------------------------------------
+# AlternC - Web Hosting System
+# Copyright (C) 2002 by the AlternC Development Team.
+# http://alternc.org/
+# ----------------------------------------------------------------------
+# Based on:
+# Valentin Lacambre's web hosting softwares: http://altern.org/
+# ----------------------------------------------------------------------
+# LICENSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License (GPL)
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# To read the license please visit http://www.gnu.org/copyleft/gpl.html
+# ----------------------------------------------------------------------
+# Original Author of file: Jerome Moinet for l'Autre Net - 14/12/2000
+# Purpose of file: service reloading
+# ----------------------------------------------------------------------
+#
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+set -e
+
+umask 022
+
+########################################################################
+# Constants & Preliminary checks
+#
+
+DOMAIN_LOG_FILE="/var/log/alternc/update_domains.log"
+
+if [ `whoami` = 'root' ]; then
+    sudo="env"
+else
+    sudo="sudo"
+fi
+
+RELOAD_ZONES="$*"
+
+if [ ! -z "$RELOAD_ZONES" ]; then
+    if [ "$RELOAD_ZONES" = "all" ]; then
+        $sudo rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE"
+    else
+        for zone in $RELOAD_ZONES; do
+            $sudo rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE"
+        done
+    fi
+    if [ -x /usr/sbin/apache ]; then
+        $sudo invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
+    fi
+    if [ -x /usr/sbin/apache2 ]; then
+        $sudo invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
+    fi
+fi

src/update_domains.sh

@@ -86,6 +86,11 @@ if [ -f "$LOCK_FILE" ]; then
     exit 1
 fi
 
+# backward compatibility: single-server setup
+if [ -z "$ALTERNC_SLAVES" ] ; then
+    ALTERNC_SLAVES="localhost"
+fi
+
 NAMED_CONF_FILE="$DATA_ROOT/bind/automatic.conf"
 ZONES_DIR="$DATA_ROOT/bind/zones"
 APACHECONF_DIR="$DATA_ROOT/apacheconf"
@@ -235,21 +240,14 @@ IFS="$OLD_IFS"
 # Reload configuration for named and apache
 
 RELOAD_ZONES=`cat "$RELOAD_ZONES_TMP_FILE"`
-if [ ! -z "$RELOAD_ZONES" ]; then
-    if [ "$RELOAD_ZONES" = "all" ]; then
-        rndc reload > /dev/null || echo "Cannot reload bind" >> "$DOMAIN_LOG_FILE"
+
+for slave in $ALTERNC_SLAVES; do
+    if [ "$slave" = "localhost" ]; then
+        alternc_reload $RELOAD_ZONES
     else
-        for zone in $RELOAD_ZONES; do
-            rndc reload "$zone" > /dev/null || echo "Cannot reload bind for zone $zone" >> "$DOMAIN_LOG_FILE"
-        done
+        ssh alternc@$slave alternc_reload "$RELOAD_ZONES"
     fi
-    if [ -x /usr/sbin/apache ]; then
-        invoke-rc.d apache reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
-    fi
-    if [ -x /usr/sbin/apache2 ]; then
-        invoke-rc.d apache2 reload > /dev/null || echo "Cannot restart apache" >> "$DOMAIN_LOG_FILE"
-    fi
-fi
+done
 
 # Cleanup