remote master-key variable: it's configured on the master and propagated to the slave through /var/alternc now

2009-08-04 20:09:12 +00:00 · 2009-08-04 20:09:12 +00:00 · c0a7de7ae8
parent ab5397d2d0
commit c0a7de7ae8
3 changed files with 18 additions and 46 deletions
--- a/debian/alternc-slave.config
+++ b/debian/alternc-slave.config
@ -148,10 +148,6 @@ if [ -z "$RET" ]
 db_set alternc-slave/alternc_location "$ALTERNC_LOC"
 fi

-# backward compatbility
-db_get alternc-slave/mergelog-key || true
-[ -z "$RET" ] || db_set alternc-slave/master-key "$RET"
-
 db_input medium alternc-slave/desktopname || true
 db_input medium alternc-slave/hostingname || true
 db_input medium alternc-slave/internal_ip || true
@ -168,7 +164,6 @@ db_input low alternc-slave/mysql/client || true
 db_input low alternc-slave/sql/backup_type || true
 db_input low alternc-slave/sql/overwrite || true
 db_input low alternc-slave/monitor_ip || true
-db_input low alternc-slave/master-key || true
 db_go

 # vim: et sw=4
--- a/debian/alternc-slave.postinst
+++ b/debian/alternc-slave.postinst
@ -151,36 +151,24 @@ EOF
      . $CONFIGFILE
    fi

-    # multi-server configuration
-    db_get "alternc-slave/master-key"
-    key="$RET"
-    if [ "X$key" != "" ]; then
-        if grep -q alternc-mergelog /etc/passwd ; then
-            echo "Reusing the alternc-mergelog account as a generic alternc account"
-            # the uid is ugly. we should request allocation from
-            # base-passwd instead
-            usermod --quiet --uid 342 --shell /usr/bin/rbash --login alternc alternc-mergelog
-            # this is a separate step otherwise usermod will look for
-            # files to chown in /var/alternc, which takes a long time
-            usermod --quiet --home $ALTERNC_LOC alternc
-        fi
-        if [ -d /var/run/alternc-mergelog/.ssh ]; then
-            echo "Cleaning up old alternc-mergelog home"
-            mv /var/run/alternc-mergelog/.ssh $ALTERNC_LOC/.ssh && rmdir /var/run/alternc-mergelog
-        fi
-        if ! grep -q alternc /etc/passwd ; then
-            echo "Creating alternc account"
-            # this uid is ugly. we should request allocation from
-            # base-password instead
-            adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /usr/bin/rbash --ingroup adm alternc
-        fi
-        if ! grep -q "$key" $ALTERNC_LOC/.ssh/authorized_keys ; then
-            echo "Authorizing requested key to access alternc-mergelog account"
-            mkdir -p $ALTERNC_LOC/.ssh
-            echo "$key" >> $ALTERNC_LOC/.ssh/authorized_keys
-            chown -R alternc:adm $ALTERNC_LOC/.ssh
-            chmod -R og-rwx $ALTERNC_LOC/.ssh
-        fi
+    if grep -q alternc-mergelog /etc/passwd ; then
+        echo "Reusing the alternc-mergelog account as a generic alternc account"
+        # the uid is ugly. we should request allocation from
+        # base-passwd instead
+        usermod --quiet --uid 342 --shell /usr/bin/rbash --login alternc alternc-mergelog
+        # this is a separate step otherwise usermod will look for
+        # files to chown in /var/alternc, which takes a long time
+        usermod --quiet --home $ALTERNC_LOC alternc
+    fi
+    if [ -d /var/run/alternc-mergelog/.ssh ]; then
+        echo "Cleaning up old alternc-mergelog home"
+        mv /var/run/alternc-mergelog/.ssh $ALTERNC_LOC/.ssh && rmdir /var/run/alternc-mergelog
+    fi
+    if ! grep -q alternc /etc/passwd ; then
+        echo "Creating alternc account"
+        # this uid is ugly. we should request allocation from
+        # base-password instead
+        adduser --quiet --system --uid 342 --home $ALTERNC_LOC --shell /usr/bin/rbash --ingroup adm alternc
    fi

    echo "checking for upgrades"
--- a/debian/alternc-slave.templates
+++ b/debian/alternc-slave.templates
@ -176,14 +176,3 @@ Type: boolean
 _Description: Should AlternC remove bind mailboxes ?
 If you accept all users e-mails will be deleted

-Template:alternc-slave/master-key
-Type: string
-_Description: SSH key of the master server:
- The slave nodes can be configured to accept connexions from a central
- server (the master server) that will operate various maintenance tasks
- on the slave. This currently includes logfile centralisation and
- service reloading but may be expanded to other domains.
- .
- To configure this, the server needs to have an account created and a
- public key. Enter the public key here and the account will be created.
- If this field is left empty, no account will be created.