From d2b6094f7f55507dbca232b38e29042b0c188d53 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Wed, 15 Apr 2020 14:46:14 -0400 Subject: [PATCH 01/15] Fix quoting and escaping shellcheck errors shellcheck was still complaining about a few SC1117 and SC2086 warnings. I ignored those that did not seem necessary and fixed the rest. The less linter noise the better. --- zzz_evobackup | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/zzz_evobackup b/zzz_evobackup index f267171..be36204 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -83,7 +83,7 @@ test_server() { else # SSH connection failed new_error=$(printf "Failed to connect to \`%s' within %s seconds" "${item}" "${SSH_CONNECT_TIMEOUT}") - SERVERS_SSH_ERRORS=$(printf "%s\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d') + SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d') return 1 fi @@ -96,16 +96,16 @@ pick_server() { if [ "${increment}" -ge "${list_length}" ]; then # We've reached the end of the list new_error="No more server available" - SERVERS_SSH_ERRORS=$(printf "%s\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d') + SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d') # Log errors to stderr - printf "%s\n" "${SERVERS_SSH_ERRORS}" >&2 + printf "%s\\n" "${SERVERS_SSH_ERRORS}" >&2 # Log errors to logfile - printf "%s\n" "${SERVERS_SSH_ERRORS}" >> $LOGFILE + printf "%s\\n" "${SERVERS_SSH_ERRORS}" >> $LOGFILE return 1 fi - # Extract the day of month, without leading 0 (which would give an octal based number) + # Extract the day of month, without leading 0 (which would give an octal based number) today=$(date +%e) # A salt is useful to randomize the starting point in the list # but stay identical each time it's called for a server (based on hostname). @@ -123,6 +123,8 @@ pick_server() { if [ -e "${PIDFILE}" ]; then pid=$(cat "${PIDFILE}") # Does process still exist ? + # ignore check because multiple processes might exist + # shellcheck disable=SC2086 if kill -0 ${pid} 2> /dev/null; then # Killing the childs of evobackup. for ppid in $(pgrep -P "${pid}"); do @@ -130,7 +132,7 @@ if [ -e "${PIDFILE}" ]; then done # Then kill the main PID. kill -9 "${pid}" - printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\n" >&2 + printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\\n" >&2 else rm -f ${PIDFILE} fi @@ -299,7 +301,7 @@ if [ "${LOCAL_TASKS}" = "1" ]; then ## Dump findmnt(8) output FINDMNT_BIN=$(command -v findmnt) - if [ -x ${FINDMNT_BIN} ]; then + if [ -x "${FINDMNT_BIN}" ]; then ${FINDMNT_BIN} > ${LOCAL_BACKUP_DIR}/findmnt.txt fi else @@ -366,6 +368,8 @@ if [ "${SYNC_TASKS}" = "1" ]; then # Remote shell command RSH_COMMAND="ssh -p ${SSH_PORT} -o 'ConnectTimeout ${SSH_CONNECT_TIMEOUT}'" + # ignore check because we want it to split the different arguments to $rep + # shellcheck disable=SC2086 rsync -avzh --stats --delete --delete-excluded --force --ignore-errors --partial \ --exclude "lost+found" \ --exclude ".nfs.*" \ @@ -410,11 +414,11 @@ fi END=$(/bin/date +"%d-%m-%Y ; %H:%M") -printf "EvoBackup - %s - START %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\n" \ +printf "EvoBackup - %s - START %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \ "${HOSTNAME}" "${BEGINNING}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \ >> $LOGFILE -printf "EvoBackup - %s - STOP %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\n" \ +printf "EvoBackup - %s - STOP %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \ "${HOSTNAME}" "${END}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \ >> $LOGFILE From ec994f7e2c4a2e949bc652f5012973946be62134 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Mon, 20 Apr 2020 12:12:51 -0400 Subject: [PATCH 02/15] Removed a ignore shellcheck comment in zzz_evobackup and fix warning Since only one PID can be in the PID file, we will never have more than one, we can thus easily quote the variable and remove the shellcheck ignore. --- zzz_evobackup | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/zzz_evobackup b/zzz_evobackup index be36204..e722d44 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -123,9 +123,7 @@ pick_server() { if [ -e "${PIDFILE}" ]; then pid=$(cat "${PIDFILE}") # Does process still exist ? - # ignore check because multiple processes might exist - # shellcheck disable=SC2086 - if kill -0 ${pid} 2> /dev/null; then + if kill -0 "${pid}" 2> /dev/null; then # Killing the childs of evobackup. for ppid in $(pgrep -P "${pid}"); do kill -9 "${ppid}"; From f8395cf4454d71089f663f2c338db018a4c0b52c Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 22 Apr 2020 01:17:53 +0200 Subject: [PATCH 03/15] Release 2.3.1 --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 352fb94..fd2d7b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Security +## [2.3.1] - 2020-04-22 + +### Added + +* State the age of the current "rm" process when killing it +* Give the new PID after killing the previous "rm" process + +### Fixed + +* typos +* forgotten quotes + ## [2.3.0] - 2020-04-20 ### Changed From 1cbb982d022ea849cdc2a9b043c496c6a6888bdd Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sat, 25 Apr 2020 10:29:00 +0200 Subject: [PATCH 04/15] extract functions in test helpers --- test/test_helper.bash | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/test/test_helper.bash b/test/test_helper.bash index df8f644..92de516 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -9,11 +9,11 @@ setup() { set_variable "/etc/default/bkctld" "BACKUP_DISK" "/dev/vdb" - JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1) + JAILNAME=$(random_jail_name) JAILPATH="/backup/jails/${JAILNAME}" INCSPATH="/backup/incs/${JAILNAME}" - PORT=$(awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}') - INC_NAME=$(date +"%Y-%m-%d-%H") + PORT=$(random_port) + INC_NAME=$(inc_name_today) /usr/lib/bkctld/bkctld-init "${JAILNAME}" } @@ -23,6 +23,16 @@ teardown() { /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}" } +random_jail_name() { + tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1 +} +random_port() { + awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}' +} +inc_name_today() { + date +"%Y-%m-%d-%H" +} + set_variable() { file=${1:?} var_name=${2:?} From 807dd44408b3e2a3cd4003b0f3ab6b4bb736763a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sat, 25 Apr 2020 10:30:21 +0200 Subject: [PATCH 05/15] Display help message if mandatory arguments are missing --- CHANGELOG.md | 2 ++ bkctld | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd2d7b4..c2df1b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +* Display help message if mandatory arguments are missing. + ### Deprecated ### Removed diff --git a/bkctld b/bkctld index 080bd29..21ee88d 100755 --- a/bkctld +++ b/bkctld @@ -52,17 +52,30 @@ case "${subcommand}" in ;; "init" | "is-on") jail_name="${2:-}" - "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" + if [ -z "${jail_name}" ]; then + "${LIBDIR}/bkctld-help" + exit 1 + else + "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" + fi ;; "key" | "port" | "ip") jail_name="${2:-}" option="${3:-}" - "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${option}" + if [ "${jail_name}" = "all" ] || [ -z "${jail_name}" ]; then + "${LIBDIR}/bkctld-help" + exit 1 + else + "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${option}" + fi ;; "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall") jail_name="${2:-}" if [ "${jail_name}" = "all" ]; then "${LIBDIR}/bkctld-list" | xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}" + elif [ -z "${jail_name}" ]; then + "${LIBDIR}/bkctld-help" + exit 1 else "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" fi From 64ec60428d6d123dbc63926e14355b931a74c57c Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 09:51:09 +0200 Subject: [PATCH 06/15] error() function accepts an optional return code --- lib/bkctld-ip | 2 +- lib/bkctld-is-on | 2 +- lib/bkctld-key | 2 +- lib/bkctld-port | 2 +- lib/bkctld-reload | 2 +- lib/bkctld-remove | 2 +- lib/bkctld-restart | 2 +- lib/bkctld-start | 2 +- lib/bkctld-stop | 2 +- lib/bkctld-sync | 2 +- lib/bkctld-update | 2 +- lib/includes | 8 ++++++-- 12 files changed, 17 insertions(+), 13 deletions(-) diff --git a/lib/bkctld-ip b/lib/bkctld-ip index cefcedb..cb0e60c 100755 --- a/lib/bkctld-ip +++ b/lib/bkctld-ip @@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 jail_sshd_config="${jail_path}/${SSHD_CONFIG}" diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on index 7722f13..6a80569 100755 --- a/lib/bkctld-is-on +++ b/lib/bkctld-is-on @@ -14,7 +14,7 @@ if [ -z "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 jail_pid_file="${jail_path}/${SSHD_PID}" diff --git a/lib/bkctld-key b/lib/bkctld-key index e0b8c94..8384bf7 100755 --- a/lib/bkctld-key +++ b/lib/bkctld-key @@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 if [ -z "${keyfile}" ]; then if [ -f "${jail_path}/${AUTHORIZED_KEYS}" ]; then diff --git a/lib/bkctld-port b/lib/bkctld-port index 8ed125c..e2bcf66 100755 --- a/lib/bkctld-port +++ b/lib/bkctld-port @@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 jail_sshd_config="${jail_path}/${SSHD_CONFIG}" diff --git a/lib/bkctld-reload b/lib/bkctld-reload index 711405a..310b23c 100755 --- a/lib/bkctld-reload +++ b/lib/bkctld-reload @@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 "${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0 diff --git a/lib/bkctld-remove b/lib/bkctld-remove index 0580e16..6303ac8 100755 --- a/lib/bkctld-remove +++ b/lib/bkctld-remove @@ -14,7 +14,7 @@ fi jail_path=$(jail_path "${jail_name}") incs_path=$(incs_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 "${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" diff --git a/lib/bkctld-restart b/lib/bkctld-restart index e9e3dae..f3f2e87 100755 --- a/lib/bkctld-restart +++ b/lib/bkctld-restart @@ -15,7 +15,7 @@ if [ -z "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 "${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" "${LIBDIR}/bkctld-start" "${jail_name}" diff --git a/lib/bkctld-start b/lib/bkctld-start index 81c1f92..e25ff0b 100755 --- a/lib/bkctld-start +++ b/lib/bkctld-start @@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 "${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0 diff --git a/lib/bkctld-stop b/lib/bkctld-stop index 7f02394..50438c5 100755 --- a/lib/bkctld-stop +++ b/lib/bkctld-stop @@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 "${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0 diff --git a/lib/bkctld-sync b/lib/bkctld-sync index 90250f9..74dea8c 100755 --- a/lib/bkctld-sync +++ b/lib/bkctld-sync @@ -14,7 +14,7 @@ fi jail_path=$(jail_path "${jail_name}") jail_config_dir=$(jail_config_dir "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !" diff --git a/lib/bkctld-update b/lib/bkctld-update index ba15687..c5b4ec2 100755 --- a/lib/bkctld-update +++ b/lib/bkctld-update @@ -13,7 +13,7 @@ if [ ! -n "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" || error "${jail_name}: jail not found" +test -d "${jail_path}" || error "${jail_name}: jail not found" 2 "${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" diff --git a/lib/includes b/lib/includes index 805df0b..6ba6fec 100755 --- a/lib/includes +++ b/lib/includes @@ -59,15 +59,19 @@ warning() { logger -t bkctld -p daemon.warning "$(process_name) ${msg}" fi } - +# Return codes +# 1 : generic error +# 2 : jail not found +# > 100 : subcommands specific errors error() { msg="${1:-$(cat /dev/stdin)}" + rc="${2:-1}" tty -s && echo "$(log_date) ERROR $(process_name) ${msg}" >&2 if [ "${LOGLEVEL}" -ge 5 ]; then tty -s || echo "$(log_date) ERROR $(process_name) ${msg}" >&2 logger -t bkctld -p daemon.error "$(process_name) ${msg}" fi - exit 1 + exit ${rc} } dry_run() { From b3529f213164f71375dc5b553869242ee98c94cc Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 09:51:36 +0200 Subject: [PATCH 07/15] bkctld-is-on returns code 100 if jail is stopped --- lib/bkctld-is-on | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on index 6a80569..9a96b05 100755 --- a/lib/bkctld-is-on +++ b/lib/bkctld-is-on @@ -18,12 +18,13 @@ test -d "${jail_path}" || error "${jail_name}: jail not found" 2 jail_pid_file="${jail_path}/${SSHD_PID}" -return=1 +# Error codes are references in "includes" file +return=100 if [ -f "${jail_pid_file}" ]; then pid=$(cat "${jail_pid_file}") ps -p "${pid}" > /dev/null && return=0 fi -if [ "${return}" -eq 1 ]; then +if [ "${return}" -gt 0 ]; then rm -f "${jail_pid_file}" grep -q "${jail_path}/proc" /proc/mounts && umount --lazy "${jail_path}/proc/" grep -q "${jail_path}/dev" /proc/mounts && umount --lazy --recursive "${jail_path}/dev" From ebfc16f65a20c030063fb96200a8139b7ea83f07 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 09:51:47 +0200 Subject: [PATCH 08/15] grammar --- lib/bkctld-stats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bkctld-stats b/lib/bkctld-stats index f6734eb..c619b2d 100755 --- a/lib/bkctld-stats +++ b/lib/bkctld-stats @@ -16,7 +16,7 @@ touch "${INDEX_DIR}/.lastrun.duc" EOF [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0 -[ ! -f ${IDX_FILE} ] && error "Index file do not exits !" +[ ! -f ${IDX_FILE} ] && error "Index file doesn't exits !" printf "Last update of index file : " stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}" From 9cd94dabc2b77ce2de3e32a505e4bf72f7f4ea8b Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 09:52:06 +0200 Subject: [PATCH 09/15] An empty lock file shouldn't stop the program --- lib/bkctld-rm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bkctld-rm b/lib/bkctld-rm index 67616f4..59035da 100755 --- a/lib/bkctld-rm +++ b/lib/bkctld-rm @@ -26,7 +26,7 @@ kill_or_clean_lockfile() { warning "Process not found at PID \`${pid}'. Ignoring lock file \`${lock_file}'." fi else - error "Empty lockfile \`${lock_file}'. It should contain a PID." + warning "Empty lockfile \`${lock_file}'. It should contain a PID." fi # Remove the lock file rm -f ${lock_file} From 8ed06511d9ffd61a9d8b92821ef8cd6df94a87ea Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 10:31:20 +0200 Subject: [PATCH 10/15] bkctld-sync: don't init jail if it already exists --- lib/bkctld-sync | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/bkctld-sync b/lib/bkctld-sync index 74dea8c..d521c79 100755 --- a/lib/bkctld-sync +++ b/lib/bkctld-sync @@ -18,8 +18,12 @@ test -d "${jail_path}" || error "${jail_name}: jail not found" 2 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !" -# Init jail on remote server -ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail_name}" | debug +ssh "${NODE}" "${LIBDIR}/bkctld-is-on ${jail_name} 2>/dev/null" +# return code 2 is for "missing jail" error +if [ "$?" -eq 2 ]; then + # Init jail on remote server + ssh "${NODE}" "${LIBDIR}/bkctld-init ${jail_name}" | debug +fi # Sync Jail structure and configuration on remote server rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/* From 8311e33c769a6ed2ca68549b6c4d8be1ba850a1d Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 10:31:46 +0200 Subject: [PATCH 11/15] join arguments in ssh command --- lib/bkctld-sync | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/bkctld-sync b/lib/bkctld-sync index d521c79..9987fdd 100755 --- a/lib/bkctld-sync +++ b/lib/bkctld-sync @@ -34,9 +34,9 @@ rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}" # Sync state on remote server if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then - ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail_name}" | debug + ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug else - ssh "${NODE}" "${LIBDIR}/bkctld-stop" "${jail_name}" | debug + ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug fi if [ -n "${FIREWALL_RULES}" ]; then From 3ac79da9b2502577f2d6986928c4f33e2566b7bd Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 10:33:06 +0200 Subject: [PATCH 12/15] bkctld-sync: don't sync whole firewall file, just rules for jail --- lib/bkctld-sync | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bkctld-sync b/lib/bkctld-sync index 9987fdd..75ea2b0 100755 --- a/lib/bkctld-sync +++ b/lib/bkctld-sync @@ -40,6 +40,6 @@ else fi if [ -n "${FIREWALL_RULES}" ]; then - rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}" + ssh "${NODE}" "${LIBDIR}/bkctld-firewall ${jail_name}" | debug ssh "${NODE}" /etc/init.d/minifirewall restart | debug fi From df180e4d031b078597734d6c0e07b4e830384f79 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 1 May 2020 10:34:23 +0200 Subject: [PATCH 13/15] Update CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2df1b3..804b2f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed * Display help message if mandatory arguments are missing. +* Don't recreate jail on sync if it already exists +* Don't sync the whole firewall file, just remake rules for the current jail ### Deprecated From b659e9d8c5ee54cfccd4ef4c8b45cb0358f39824 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 3 May 2020 11:03:04 +0200 Subject: [PATCH 14/15] better sync * add/remove config files to mirror source * restart minifirewall only if present * sync state with proper action --- CHANGELOG.md | 1 + lib/bkctld-sync | 44 +++++++++++++++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 804b2f5..df191f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Display help message if mandatory arguments are missing. * Don't recreate jail on sync if it already exists * Don't sync the whole firewall file, just remake rules for the current jail +* On sync, if local jail is running, reload remote jail if already running, start if not ### Deprecated diff --git a/lib/bkctld-sync b/lib/bkctld-sync index 75ea2b0..c228697 100755 --- a/lib/bkctld-sync +++ b/lib/bkctld-sync @@ -25,21 +25,43 @@ if [ "$?" -eq 2 ]; then ssh "${NODE}" "${LIBDIR}/bkctld-init ${jail_name}" | debug fi -# Sync Jail structure and configuration on remote server +# Sync jail structure and configuration on remote server rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/* -# New config directory -rsync -a "${jail_config_dir}" "${NODE}:${jail_config_dir}" -# Old incs policy config file -rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}" - -# Sync state on remote server -if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then - ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug +# Sync config (new structure) +if [ -d "${jail_config_dir}" ]; then + rsync -a --delete "${jail_config_dir}" "${NODE}:${jail_config_dir}" else - ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug + ssh "${NODE}" "rm -rf ${jail_config_dir}" | debug +fi +# Sync config (legacy structure) +if [ -e "${CONFDIR}/${jail_name}" ]; then + rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}" +else + ssh "${NODE}" "rm -f ${CONFDIR}/${jail_name}" | debug fi if [ -n "${FIREWALL_RULES}" ]; then ssh "${NODE}" "${LIBDIR}/bkctld-firewall ${jail_name}" | debug - ssh "${NODE}" /etc/init.d/minifirewall restart | debug + ssh "${NODE}" "test -x /etc/init.d/minifirewall && /etc/init.d/minifirewall restart" | debug +fi + +# Sync state on remote server +if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then + # fetch state of remote jail + ssh "${NODE}" "${LIBDIR}/bkctld-is-on ${jail_name} 2>/dev/null" + case "$?" in + 0) + # jail is already running : reload it + ssh "${NODE}" "${LIBDIR}/bkctld-reload ${jail_name}" | debug + ;; + 100) + # jail is stopped : start it + ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug + ;; + *) + error "Error evaluating jail \`${jail_name}' state. bkctld-is-on exited with \`$?'" + ;; + esac +else + ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug fi From 80fb38d53437b2c4d735d9b48d0db23c44f5afcb Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 3 May 2020 11:13:55 +0200 Subject: [PATCH 15/15] Release 2.3.2 --- CHANGELOG.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df191f1..d69aab0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,11 +10,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed -* Display help message if mandatory arguments are missing. -* Don't recreate jail on sync if it already exists -* Don't sync the whole firewall file, just remake rules for the current jail -* On sync, if local jail is running, reload remote jail if already running, start if not - ### Deprecated ### Removed @@ -23,6 +18,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Security +## [2.3.2] - 2020-05-03 + +### Changed + +* Display help message if mandatory arguments are missing. +* Don't recreate jail on sync if it already exists +* Don't sync the whole firewall file, just remake rules for the current jail +* On sync, if local jail is running, reload remote jail if already running, start if not + ## [2.3.1] - 2020-04-22 ### Added