better sync
* add/remove config files to mirror source * restart minifirewall only if present * sync state with proper action
This commit is contained in:
parent
df180e4d03
commit
b659e9d8c5
|
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
* Display help message if mandatory arguments are missing.
|
* Display help message if mandatory arguments are missing.
|
||||||
* Don't recreate jail on sync if it already exists
|
* Don't recreate jail on sync if it already exists
|
||||||
* Don't sync the whole firewall file, just remake rules for the current jail
|
* Don't sync the whole firewall file, just remake rules for the current jail
|
||||||
|
* On sync, if local jail is running, reload remote jail if already running, start if not
|
||||||
|
|
||||||
### Deprecated
|
### Deprecated
|
||||||
|
|
||||||
|
|
|
@ -25,21 +25,43 @@ if [ "$?" -eq 2 ]; then
|
||||||
ssh "${NODE}" "${LIBDIR}/bkctld-init ${jail_name}" | debug
|
ssh "${NODE}" "${LIBDIR}/bkctld-init ${jail_name}" | debug
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Sync Jail structure and configuration on remote server
|
# Sync jail structure and configuration on remote server
|
||||||
rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
|
rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
|
||||||
# New config directory
|
# Sync config (new structure)
|
||||||
rsync -a "${jail_config_dir}" "${NODE}:${jail_config_dir}"
|
if [ -d "${jail_config_dir}" ]; then
|
||||||
# Old incs policy config file
|
rsync -a --delete "${jail_config_dir}" "${NODE}:${jail_config_dir}"
|
||||||
rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}"
|
|
||||||
|
|
||||||
# Sync state on remote server
|
|
||||||
if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then
|
|
||||||
ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug
|
|
||||||
else
|
else
|
||||||
ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug
|
ssh "${NODE}" "rm -rf ${jail_config_dir}" | debug
|
||||||
|
fi
|
||||||
|
# Sync config (legacy structure)
|
||||||
|
if [ -e "${CONFDIR}/${jail_name}" ]; then
|
||||||
|
rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}"
|
||||||
|
else
|
||||||
|
ssh "${NODE}" "rm -f ${CONFDIR}/${jail_name}" | debug
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${FIREWALL_RULES}" ]; then
|
if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
ssh "${NODE}" "${LIBDIR}/bkctld-firewall ${jail_name}" | debug
|
ssh "${NODE}" "${LIBDIR}/bkctld-firewall ${jail_name}" | debug
|
||||||
ssh "${NODE}" /etc/init.d/minifirewall restart | debug
|
ssh "${NODE}" "test -x /etc/init.d/minifirewall && /etc/init.d/minifirewall restart" | debug
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Sync state on remote server
|
||||||
|
if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then
|
||||||
|
# fetch state of remote jail
|
||||||
|
ssh "${NODE}" "${LIBDIR}/bkctld-is-on ${jail_name} 2>/dev/null"
|
||||||
|
case "$?" in
|
||||||
|
0)
|
||||||
|
# jail is already running : reload it
|
||||||
|
ssh "${NODE}" "${LIBDIR}/bkctld-reload ${jail_name}" | debug
|
||||||
|
;;
|
||||||
|
100)
|
||||||
|
# jail is stopped : start it
|
||||||
|
ssh "${NODE}" "${LIBDIR}/bkctld-start ${jail_name}" | debug
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
error "Error evaluating jail \`${jail_name}' state. bkctld-is-on exited with \`$?'"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
ssh "${NODE}" "${LIBDIR}/bkctld-stop ${jail_name}" | debug
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue