dépôts / lhc / ateliers.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1ea1df)
Correction : vm_remote : uniformise rule_runit_configure avec vm_hosted .
authorJulien Moutinho <julm+heureux-cyclage@autogeree.net>
Wed, 17 Apr 2013 14:31:17 +0000 (16:31 +0200)
committerJulien Moutinho <julm+heureux-cyclage@autogeree.net>
Wed, 17 Apr 2013 14:51:10 +0000 (16:51 +0200)
17 files changed:
README patch | blob | history
etc/nginx/site.d/gitweb-tls/configure.sh patch | blob | history
etc/nginx/site.d/lhc-remorque/configure.sh patch | blob | history
etc/nginx/site.d/lhc-stats-tls/configure.sh patch | blob | history
etc/nginx/site.d/lhc-www-tls/configure.sh patch | blob | history
etc/nginx/site.d/sympa/configure.sh patch | blob | history
etc/sv/cyclo_paris_est__openerp/configure.sh patch | blob | history
etc/sv/dovecot/configure.sh patch | blob | history
etc/sv/dovecot/remote.sh [new file with mode: 0644] patch | blob
etc/sv/lhc-remorque/configure.sh patch | blob | history
etc/sv/nginx/configure.sh patch | blob | history
etc/sv/nginx/remote.sh [new file with mode: 0644] patch | blob
etc/sv/php5-fpm/configure.sh patch | blob | history
etc/sv/postfix/configure.sh patch | blob | history
etc/sv/postfix/remote.sh [new file with mode: 0644] patch | blob
vm_hosted patch | blob | history
vm_remote patch | blob | history

diff --git a/README b/README
index d3f24b4..4a5f9cc 100644 (file)
--- a/README
+++ b/README
@@ -49,7 +49,7 @@ TASK: pousser des changements locaux sur la VM
        @hosted % vm_hosted git_reset
 TASK: se connecter interactivement en root à la VM avec une connection SSH persistante
        @remote % ./vm_remote mosh -l root
-TASK: générer une autorité de certification et un sous-certificat TLS
+TASK: générer une autorité de certification et des sous-certificats TLS
        % export TRACE=all
        % random=/dev/urandom gpg_options="-r $USER@ -r $SOME_OTHER_USER@" lib/tool/openssl/make etc/openssl/heureux-cyclage.org
        % random=/dev/urandom gpg_options="-r $USER@ -r $SOME_OTHER_USER@" lib/tool/openssl/make etc/openssl/*.heureux-cyclage.org
@@ -60,8 +60,9 @@ TASK: gérer gitolite
        % git commit
        % ../../vm_remote gitolite_push
 TASK: configurer une zone DNS
-       % vm runit_configure nsd3 -- heureux-cyclage.org
+       @hosted % vm runit_configure nsd3 -- heureux-cyclage.org
 TASK: configurer un membre du groupe php5-fpm
-       % vm runit_configure nginx -- lhc-www
+       @remote % ./vm_remote runit_configure nginx -- lhc_www
+       @hosted % vm_hosted   runit_configure nginx -- lhc_www
 TASK: configurer un site nginx
-       % vm runit_configure nginx -- www.heureux-cyclage.org
+       @hosted % vm_hosted runit_configure nginx -- lhc_www
diff --git a/etc/nginx/site.d/gitweb-tls/configure.sh b/etc/nginx/site.d/gitweb-tls/configure.sh
index 4756a57..e278d17 100644 (file)
--- a/etc/nginx/site.d/gitweb-tls/configure.sh
+++ b/etc/nginx/site.d/gitweb-tls/configure.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 set -e -f -u -x
-local hint="run vm_remote nginx_configure before"
+local hint="run before: ./vm_remote runit_configure nginx -- $site"
 assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
 sudo install -m 664 -o www -g www \
  "$tool"/var/pub/x509/git.heureux-cyclage.org/crt+ca.pem \
diff --git a/etc/nginx/site.d/lhc-remorque/configure.sh b/etc/nginx/site.d/lhc-remorque/configure.sh
index 5012c6e..1bf5045 100644 (file)
--- a/etc/nginx/site.d/lhc-remorque/configure.sh
+++ b/etc/nginx/site.d/lhc-remorque/configure.sh
@@ -1,4 +1,4 @@
-local hint="run vm_remote nginx_configure before"
+local hint="run before: ./vm_remote runit_configure nginx -- $site"
 assert "sudo getent passwd wiki-\"$site\" >/dev/null" hint
 assert "sudo test -f ~wiki-$site/etc/ssh/id_rsa" hint
 
diff --git a/etc/nginx/site.d/lhc-stats-tls/configure.sh b/etc/nginx/site.d/lhc-stats-tls/configure.sh
index 110d6eb..da52d33 100644 (file)
--- a/etc/nginx/site.d/lhc-stats-tls/configure.sh
+++ b/etc/nginx/site.d/lhc-stats-tls/configure.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 set -e -f -u -x
-local hint="run vm_remote nginx_configure before"
+local hint="run before: ./vm_remote runit_configure nginx -- $site"
 assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
 sudo install -m 664 -o www -g www \
  "$tool"/var/pub/x509/stats.heureux-cyclage.org/crt+ca.pem \
diff --git a/etc/nginx/site.d/lhc-www-tls/configure.sh b/etc/nginx/site.d/lhc-www-tls/configure.sh
index 0f3e251..5fc0ce1 100644 (file)
--- a/etc/nginx/site.d/lhc-www-tls/configure.sh
+++ b/etc/nginx/site.d/lhc-www-tls/configure.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 set -e -f -u -x
-local hint="run vm_remote nginx_configure before"
+local hint="run before: ./vm_remote runit_configure nginx -- $site"
 assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
 sudo install -m 664 -o www -g www \
  "$tool"/var/pub/x509/www.heureux-cyclage.org/crt+ca.pem \
diff --git a/etc/nginx/site.d/sympa/configure.sh b/etc/nginx/site.d/sympa/configure.sh
index 48bd64c..fd85c70 100644 (file)
--- a/etc/nginx/site.d/sympa/configure.sh
+++ b/etc/nginx/site.d/sympa/configure.sh
@@ -1,4 +1,4 @@
-local hint="run vm_remote nginx_configure before"
+local hint="run before: ./vm_remote runit_configure nginx -- $site"
 assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
 sudo install -m 664 -o www -g www \
  "$tool"/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem \
diff --git a/etc/sv/cyclo_paris_est__openerp/configure.sh b/etc/sv/cyclo_paris_est__openerp/configure.sh
index 9ec8028..b5e74c6 100644 (file)
--- a/etc/sv/cyclo_paris_est__openerp/configure.sh
+++ b/etc/sv/cyclo_paris_est__openerp/configure.sh
@@ -1,11 +1,11 @@
 home=/home/"$sv"
 
-rule runit_sv_configure postgres
-rule runit_sv_start     postgres
+rule _runit_sv_configure postgres
+rule _runit_sv_start     postgres
 while ! sudo -u postgres psql </dev/null
 do sleep 1; done
-rule runit_sv_configure postfix
-rule runit_sv_start     postfix
+rule _runit_sv_configure postfix
+rule _runit_sv_start     postfix
 sudo postfix quiet-reload
 
 rule apt_get_install openerp --force-yes
diff --git a/etc/sv/dovecot/configure.sh b/etc/sv/dovecot/configure.sh
index b1aa08d..f588a45 100644 (file)
--- a/etc/sv/dovecot/configure.sh
+++ b/etc/sv/dovecot/configure.sh
@@ -1,6 +1,6 @@
 rule apt_get_install dovecot-imapd dovecot-managesieved dovecot-sieve
 rule insserv_remove  dovecot
-local hint="run vm_remote dovecot_key_send before"
+local hint="run before: ./vm_remote runit_configure dovecot"
 assert "sudo test -f /etc/dovecot/\"$vm_domainname\"/imap/x509/key.pem" hint
 sudo install -m 400 -o root -g root \
  "$tool"/var/pub/x509/imap."$vm_domainname"/crt+crl.self-signed.pem \
diff --git a/etc/sv/dovecot/remote.sh b/etc/sv/dovecot/remote.sh
new file mode 100644 (file)
index 0000000..0de2eaa
--- /dev/null
+++ b/etc/sv/dovecot/remote.sh
@@ -0,0 +1,14 @@
+rule _x509_site_key_decrypt imap."$vm_domainname" |
+rule ssh -l root ' \
+       sudo install -d -m 770 -o root -g root \
+        /etc/dovecot/'"$vm_domainname"'/ \
+        /etc/dovecot/'"$vm_domainname"'/imap \
+        /etc/dovecot/'"$vm_domainname"'/imap/x509 ; \
+       sudo install -m 644 -o root -g root /dev/stdin \
+        /etc/dovecot/'"$vm_domainname"'/imap/x509/.gitignore <<-EOF
+               key.pem
+               EOF
+       sudo install -m 400 -o root -g root \
+        /dev/stdin \
+        /etc/dovecot/"$vm_domainname"/imap/x509/key.pem
+ '
diff --git a/etc/sv/lhc-remorque/configure.sh b/etc/sv/lhc-remorque/configure.sh
index 61f70df..9a67266 100644 (file)
--- a/etc/sv/lhc-remorque/configure.sh
+++ b/etc/sv/lhc-remorque/configure.sh
@@ -1,4 +1,4 @@
-rule www_configure
+rule _www_configure
 
 home=~www-data/"$sv"
 
diff --git a/etc/sv/nginx/configure.sh b/etc/sv/nginx/configure.sh
index ad988a2..7b2b546 100644 (file)
--- a/etc/sv/nginx/configure.sh
+++ b/etc/sv/nginx/configure.sh
@@ -1,10 +1,10 @@
-rule runit_sv_configure php5-fpm '*'
-rule runit_sv_restart   php5-fpm
+rule _runit_sv_configure php5-fpm '*'
+rule _runit_sv_restart   php5-fpm
 rule apt_get_install nginx spawn-fcgi fcgiwrap
 rule insserv_remove  nginx
 rule insserv_remove fcgiwrap
 
-rule www_configure
+rule _www_configure
 
 sudo install -d -m 770 -o www -g www \
  /etc/nginx \
diff --git a/etc/sv/nginx/remote.sh b/etc/sv/nginx/remote.sh
new file mode 100644 (file)
index 0000000..e11e423
--- /dev/null
+++ b/etc/sv/nginx/remote.sh
@@ -0,0 +1,25 @@
+for site in $(find "$tool"/etc/nginx/site.d \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false ${@:+$(printf -- '-or -name %s\n' "$@")} \
+ -printf '%f\n')
+ do
+       if test -f "$tool"/etc/nginx/site.d/"$site"/x509_host
+        then
+               rule _x509_site_key_decrypt \
+                "$(cat "$tool"/etc/nginx/site.d/"$site"/x509_host)" |
+               rule ssh -l root ' \
+                       sudo install -d -m 770 -o root -g root \
+                        /etc/nginx \
+                        /etc/nginx/x509.d \
+                        /etc/nginx/x509.d/'"'$site'"'; \
+                       sudo install -m 644 -o root -g root /dev/stdin \
+                        /etc/nginx/x509.d/'"'$site'"'/.gitignore <<-EOF
+                               key.pem
+                               EOF
+                       sudo install -m 400 -o root -g root /dev/stdin \
+                        /etc/nginx/x509.d/'"'$site'"'/key.pem
+                '
+        fi
+       test ! -r "$tool"/etc/nginx/site.d/"$site"/remote.sh ||
+       .         "$tool"/etc/nginx/site.d/"$site"/remote.sh
+ done
diff --git a/etc/sv/php5-fpm/configure.sh b/etc/sv/php5-fpm/configure.sh
index 1d40c7c..1fdaa54 100644 (file)
--- a/etc/sv/php5-fpm/configure.sh
+++ b/etc/sv/php5-fpm/configure.sh
@@ -1,7 +1,7 @@
 rule apt_get_install php5-fpm php-apc php5-mysql php5-gd
 rule insserv_remove  php5-fpm
 
-rule www_configure
+rule _www_configure
 
 rule adduser php5 \
  --disabled-login \
@@ -29,10 +29,12 @@ sudo install -m 440 -o php5 -g php5 \
 sudo install -m 664 -o php5 -g php5 \
  "$tool"/etc/php5/fpm/php.ini \
                                /etc/php5/fpm/php.ini
-for conf in $(find "$tool"/etc/php5/fpm/conf.d \
- -mindepth 1 -maxdepth 1 -type f \
- -name '*.conf' \
- -printf '%f\n' || true)
+for conf in $(
+       test ! -d "$tool"/etc/php5/fpm/conf.d ||
+       find "$tool"/etc/php5/fpm/conf.d \
+        -mindepth 1 -maxdepth 1 -type f \
+        -name '*.conf' \
+        -printf '%f\n')
  do
        sudo install -m 660 -o php5 -g php5 \
         "$tool"/etc/php5/fpm/conf.d/"$conf" \
@@ -95,6 +97,6 @@ for pool in $(find "$tool"/etc/php5/fpm/pool.d/ \
                rlimit_files = 131072
                slowlog = /home/www/log/php5/fpm/$pool/slow.log
                user = ${pool}__php5
-               $(cat "$tool"/etc/php5/fpm/pool.d/"$conf")
+               $(cat "$tool"/etc/php5/fpm/pool.d/"$pool".conf)
                EOF
  done
diff --git a/etc/sv/postfix/configure.sh b/etc/sv/postfix/configure.sh
index 690f9a6..36b0174 100644 (file)
--- a/etc/sv/postfix/configure.sh
+++ b/etc/sv/postfix/configure.sh
@@ -1,4 +1,4 @@
-local hint="run vm_remote postfix_key_send before"
+local hint="run before: ./vm_remote runit_configure $sv"
 assert "sudo test -f /etc/postfix/$vm_domainname/smtpd/x509/key.pem" hint
 #warn "lors de l'installation Debian, ne sélectionner aucune configuration pour postfix"
 sudo debconf-set-selections <<-EOF
diff --git a/etc/sv/postfix/remote.sh b/etc/sv/postfix/remote.sh
new file mode 100644 (file)
index 0000000..e6a6f5b
--- /dev/null
+++ b/etc/sv/postfix/remote.sh
@@ -0,0 +1,18 @@
+rule _x509_site_key_decrypt smtpd."$vm_domainname" |
+rule ssh -l root ' \
+       sudo install -d -m 770 -o root -g root \
+        /etc/postfix/'"$vm_domainname"'/ \
+        /etc/postfix/'"$vm_domainname"'/smtpd \
+        /etc/postfix/'"$vm_domainname"'/smtpd/x509; \
+       sudo install -m 644 -o root -g root /dev/stdin \
+        /etc/postfix/'"$vm_domainname"'/smtp/x509/.gitignore <<-EOF
+               key.pem
+               EOF
+       sudo install -m 644 -o root -g root /dev/stdin \
+        /etc/postfix/'"$vm_domainname"'/smtpd/x509/.gitignore <<-EOF
+               key.pem
+               EOF
+       install -m 400 -o root -g root \
+        /dev/stdin \
+        /etc/postfix/'"'$vm_domainname'"'/smtpd/x509/key.pem
+ '
diff --git a/vm_hosted b/vm_hosted
index ec1dc33..ecf17c4 100755 (executable)
--- a/vm_hosted
+++ b/vm_hosted
@@ -557,8 +557,8 @@ rule_network_configure () {
        sudo install -m 640 -o root -g root /dev/stdin \
         /etc/network/interfaces
  }
-rule_runit_configure () { # SYNTAX: $sv -- $configure_options
-       #rule apt_get_install runit
+rule_runit_configure () { # SYNTAX: $sv [...] -- $configure_options
+       rule apt_get_install runit
        if test $# = 0
         then
                set +x
@@ -591,14 +591,14 @@ rule_runit_configure () { # SYNTAX: $sv -- $configure_options
                 -false $(printf -- '-or -name %s\n' $services) \
                 -printf '%f\n')
                 do
-                       rule runit_sv_configure "$sv" "$@"
-                       rule runit_sv_start     "$sv"
+                       rule _runit_sv_configure "$sv" "$@"
+                       rule _runit_sv_start     "$sv"
                 done
                #sleep 3
                #sudo find -L /etc/service -type l -delete
         fi
  }
-rule_runit_sv_configure () { # SYNTAX: $sv $configure_options
+rule__runit_sv_configure () { # SYNTAX: $sv $configure_options
        local sv="$1"; shift
        sudo install -d -m 770 -o root -g root \
         /etc/sv/"$sv"
@@ -625,7 +625,7 @@ rule_runit_sv_configure () { # SYNTAX: $sv $configure_options
                ../sv/"$sv" \
         /etc/service/"$sv"
  }
-rule_runit_sv_restart () { # SYNTAX: $sv
+rule__runit_sv_restart () { # SYNTAX: $sv
        local sv="$1"
        while true
         do case $(sudo sv restart "$sv" | tee /dev/stderr) in
@@ -635,7 +635,7 @@ rule_runit_sv_restart () { # SYNTAX: $sv
                 esac
         done
  }
-rule_runit_sv_start () { # SYNTAX: $sv
+rule__runit_sv_start () { # SYNTAX: $sv
        local sv="$1"
        while true
         do case $(sudo sv start "$sv" | tee /dev/stderr) in
@@ -828,7 +828,7 @@ rule_user_root_configure () {
         do sudo gpg --import "$key"
         done
  }
-rule_www_configure () {
+rule__www_configure () {
        rule adduser www \
         --disabled-login \
         --disabled-password \
diff --git a/vm_remote b/vm_remote
index b12b180..64f57df 100755 (executable)
--- a/vm_remote
+++ b/vm_remote
@@ -92,44 +92,6 @@ rule_luks_key_backup () { # SYNTAX: ${gpg_options:---recipient $USER@} DESCRIPTI
         done
  }
 
-rule_apache2_key_send () {
-       local -; set +f
-       for conf in "$tool"/etc/nginx/site.d/*/key_send
-        do conf=${conf#"$tool"/etc/nginx/site.d/}
-               local site=${conf%/key_send}
-               rule _x509_site_key_decrypt \
-                "$(cat "$tool"/etc/apache2/site.d/"$site"/x509_host)" |
-               rule ssh -l root ' \
-                       sudo install -d -m 770 -o '"$user"' -g '"$user"' \
-                        /etc/apache2 \
-                        /etc/apache2/x509.d \
-                        /etc/apache2/x509.d/'"$site"'; \
-                       sudo install -m 644 -o '"$user"' -g '"$user"' /dev/stdin \
-                        /etc/apache2/x509.d/'"$site"'/.gitignore <<-EOF
-                               key.pem
-                               EOF
-                       sudo install -m 400 -o root -g root \
-                        /dev/stdin \
-                        /etc/apache2/x509.d/'"'$site'"'/key.pem
-                '
-        done
- }
-rule_dovecot_key_send () {
-       rule _x509_site_key_decrypt imap."$vm_domainname" |
-       rule ssh -l root ' \
-               sudo install -d -m 770 -o root -g root \
-                /etc/dovecot/'"$vm_domainname"'/ \
-                /etc/dovecot/'"$vm_domainname"'/imap \
-                /etc/dovecot/'"$vm_domainname"'/imap/x509 ; \
-               sudo install -m 644 -o root -g root /dev/stdin \
-                /etc/dovecot/'"$vm_domainname"'/imap/x509/.gitignore <<-EOF
-                       key.pem
-                       EOF
-               sudo install -m 400 -o root -g root \
-                /dev/stdin \
-                /etc/dovecot/"$vm_domainname"/imap/x509/key.pem
-        '
- }
 rule_gitolite_git () {
        (
        cd "$tool"/etc/gitolite
@@ -141,51 +103,37 @@ rule_gitolite_git () {
                git '"$*"
        )
  }
-rule_nginx_configure () {
-       local -; set +f
-       for conf in "$tool"/etc/nginx/site.d/*/site.conf
-        do conf=${conf#"$tool"/etc/nginx/site.d/}
-               local site="${conf%/site.conf}"
-               if test -f "$tool"/etc/nginx/site.d/"$site"/x509_host
-                then
-                       rule _x509_site_key_decrypt \
-                        "$(cat "$tool"/etc/nginx/site.d/"$site"/x509_host)" |
-                       rule ssh -l root ' \
-                               sudo install -d -m 770 -o root -g root \
-                                /etc/nginx \
-                                /etc/nginx/x509.d \
-                                /etc/nginx/x509.d/'"'$site'"'; \
-                               sudo install -m 644 -o root -g root /dev/stdin \
-                                /etc/nginx/x509.d/'"'$site'"'/.gitignore <<-EOF
-                                       key.pem
-                                       EOF
-                               sudo install -m 400 -o root -g root /dev/stdin \
-                                /etc/nginx/x509.d/'"'$site'"'/key.pem
-                        '
-                fi
-               test ! -r "$tool"/etc/nginx/site.d/"$site"/remote.sh ||
-               .         "$tool"/etc/nginx/site.d/"$site"/remote.sh
-        done
+rule_runit_configure () { # SYNTAX: $sv [...] -- $configure_options
+       if test $# = 0
+        then
+               set +x
+               rule ssh sudo sv status \
+                $(sudo find /etc/sv \
+                -mindepth 1 -maxdepth 1 -type d \
+                -printf '%p\n' | sort)
+        else
+               local services=
+               while [ $# -gt 0 ]
+                do case $1 in
+                        (--) shift; break;;
+                        (*) services="$services $1"; shift;;
+                        esac
+                done
+               for sv in $(find "$tool"/etc/sv \
+                -mindepth 1 -maxdepth 1 -type d \
+                -false $(printf -- '-or -name %s\n' $services) \
+                -printf '%f\n')
+                do
+                       rule _runit_sv_configure "$sv" "$@"
+                done
+        fi
  }
-rule_postfix_key_send () {
-       rule _x509_site_key_decrypt smtpd."$vm_domainname" |
-       rule ssh -l root ' \
-               sudo install -d -m 770 -o root -g root \
-                /etc/postfix/'"$vm_domainname"'/ \
-                /etc/postfix/'"$vm_domainname"'/smtpd \
-                /etc/postfix/'"$vm_domainname"'/smtpd/x509; \
-               sudo install -m 644 -o root -g root /dev/stdin \
-                /etc/postfix/'"$vm_domainname"'/smtp/x509/.gitignore <<-EOF
-                       key.pem
-                       EOF
-               sudo install -m 644 -o root -g root /dev/stdin \
-                /etc/postfix/'"$vm_domainname"'/smtpd/x509/.gitignore <<-EOF
-                       key.pem
-                       EOF
-               install -m 400 -o root -g root \
-                /dev/stdin \
-                /etc/postfix/'"'$vm_domainname'"'/smtpd/x509/key.pem
-        '
+rule__runit_sv_configure () { # SYNTAX: $sv $configure_options
+       local sv="$1"; shift
+       (
+       test ! -r "$tool"/etc/sv/"$sv"/remote.sh ||
+       .         "$tool"/etc/sv/"$sv"/remote.sh || return 1
+       )
  }
 
 rule=${1:-help}
outils d'administration d'ateliers.heureux-cyclage.org