better sync

* add/remove config files to mirror source * restart minifirewall only if present * sync state with proper action
2020-05-03 11:03:04 +02:00 · 2020-05-03 11:03:04 +02:00 · b659e9d8c5
parent df180e4d03
commit b659e9d8c5
2 changed files with 34 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Display help message if mandatory arguments are missing.
 * Don't recreate jail on sync if it already exists
 * Don't sync the whole firewall file, just remake rules for the current jail
+* On sync, if local jail is running, reload remote jail if already running, start if not

 ### Deprecated

--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@ -25,21 +25,43 @@ if [ "$?" -eq 2 ]; then
    ssh "${NODE}" "${LIBDIR}/bkctld-init ${jail_name}" | debug
 fi

-# Sync Jail structure and configuration on remote server
+# Sync jail structure and configuration on remote server
 rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
-# New config directory
-rsync -a "${jail_config_dir}" "${NODE}:${jail_config_dir}"
-# Old incs policy config file
-rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}"
-
-# Sync state on remote server
-if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then
-    ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug
+# Sync config (new structure)
+if [ -d "${jail_config_dir}" ]; then
+    rsync -a --delete "${jail_config_dir}" "${NODE}:${jail_config_dir}"
 else
-    ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug
+    ssh "${NODE}" "rm -rf ${jail_config_dir}" | debug
+fi
+# Sync config (legacy structure)
+if [ -e "${CONFDIR}/${jail_name}" ]; then
+    rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}"
+else
+    ssh "${NODE}" "rm -f ${CONFDIR}/${jail_name}" | debug
 fi

 if [ -n "${FIREWALL_RULES}" ]; then
    ssh "${NODE}" "${LIBDIR}/bkctld-firewall ${jail_name}" | debug
-    ssh "${NODE}" /etc/init.d/minifirewall restart | debug
+    ssh "${NODE}" "test -x /etc/init.d/minifirewall && /etc/init.d/minifirewall restart" | debug
+fi
+
+# Sync state on remote server
+if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then
+    # fetch state of remote jail
+    ssh "${NODE}" "${LIBDIR}/bkctld-is-on ${jail_name} 2>/dev/null"
+    case "$?" in
+        0)
+            # jail is already running : reload it
+            ssh "${NODE}" "${LIBDIR}/bkctld-reload ${jail_name}" | debug
+        ;;
+        100)
+            # jail is stopped : start it
+            ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug
+        ;;
+        *)
+            error "Error evaluating jail \`${jail_name}' state. bkctld-is-on exited with \`$?'"
+        ;;
+    esac
+else
+    ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug
 fi