diff options
75 files changed, 1026 insertions, 801 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 7dae7c7..085f45b 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,114 @@ +2023-11-20 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20231020. + + [ Daniel Baumann] + * Setting protocol version in supermicro-ipmi-reset, thanks to Sakirnth Nagarasa <sakirnth@debian.org>. + * Clearing ipv4 address in supermicro-ipmi-reset for ipv6-only mode. + * Updating copyright notices for 2023. + +2022-12-28 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221228. + + [ Daniel Baumann ] + * Adding supermicro tools. + +2022-12-27 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221227. + + [ Daniel Baumann ] + * Generalizing extra ocsp symlinks too in dehydrated hooks. + +2022-12-26 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221226. + + [ Daniel Baumann ] + * Adding root_intermediate_cert to exit_hook.extra-cleanup dehydrated hook. + * Creating relative links for extra certificates in deploy_cert.extra dehydrated hook. + +2022-12-25 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221225. + + [ Daniel Baumann ] + * Updating chain coments in deploy_cert.extra dehydrated hook. + * Stripping empty lines from partial files when using short chain in deploy_cert.extra dehydrated hook. + * Generalizing extra file generation for any number of components as needed by redis in deploy_cert.extra dehydrated hook. + +2022-12-24 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221224. + + [ Daniel Baumann ] + * Correcting wrong date for previous release in changelog. + * Also calling pull the current branch in git-pull-branches. + * Excluding onboard i40e cards in linux-i40e script, as they are not configurable. + * Adding linux-ice script. + * Updating dehydrated todo. + * Removing superfluous dot in output-message of dehydrated-nsupdate. + * Adding freeradius to dehydrated service-reload hook. + * Adding preferred chain compatibility in deploy_cert.extra dehydrated hook. + +2022-12-23 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221223. + + [ Daniel Baumann ] + * Adding znuny-tools. + * Adding git-pull-branches in git-tools. + * Completely stop and start apache in dehydrated hook to ensure OCSP renewals. + * Adding apt tools. + +2022-11-22 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221122. + + [ Daniel Baumann ] + * Using certdir variable in dehydrated hook instead of hardcoded path. + * Using shortnames for extra certificates in dehydrated extra hooks. + * Adding dehydrated hook to cleanup extra files. + +2022-11-08 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221108. + + [ Daniel Baumann ] + * Only restarting knot if it was running before in knot-zones-reset. + * Correcting cosmetic typo in dehydrated extra-cert hook output. + * Removing ssh remote part from knot related commands. + +2022-11-01 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221101. + + [ Daniel Baumann ] + * Correcting file handling errors in dehydrated deploy_cert.extra hook. + * Improving comment in dehydrated deploy_cert.chrony hook. + * Improving CA filename prefix in dehydrated deploy_cert.extra hook. + +2022-10-30 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221030. + + [ Daniel Baumann ] + * Merging the different extra certificate files into one dehydrated hook handling all extra copies. + * Reworking chrony workaround (#1013882) now that we know it's going to be permanent. + * Adding postfix to service-reload dehydrated hook. + * Reworking service-reload dehydrated hook. + * Reworking fix-permission dehydrated hook. + * Improving wording of TSIG lookup hierarchy in dehydrated-nsupdate.1. + * Temporarily passing tsig string to bind in dehydrated-nsupdate to unbreak bind support, bind requires a different keyfile format as knot. + * Updating dig alternative handling similar to nsupdate for consistency. + * Updating dehydrated TODO file. + * Updating license with newer GPL-3 version containing https instead of http links. + * Using variable for service-tools in makefile. + * Providing individual root and intermediate certificate files in dehydrated extra hook. + * Reworking knot-zones-reset script. + * Adding kea tools. + 2022-07-04 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20220704. diff --git a/LICENSE.txt b/LICENSE.txt index 94a9ed0..f288702 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. + along with this program. If not, see <https://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. @@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see -<http://www.gnu.org/licenses/>. +<https://www.gnu.org/licenses/>. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read -<http://www.gnu.org/philosophy/why-not-lgpl.html>. +<https://www.gnu.org/licenses/why-not-lgpl.html>. @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -19,7 +19,11 @@ SHELL := sh -e +PROJECT = open-infrastructure +SOFTWARE = service-tools + VERSION := $(shell cat VERSION.txt) + TOOLS := $(shell find . -mindepth 1 -maxdepth 1 -type d -and -not -name ".*" -and -not -name debian) all: build @@ -65,7 +69,7 @@ clean: done distclean: - rm -rf service-tools-$(VERSION) + rm -rf $(SOFTWARE)-$(VERSION) @for TOOL in $(TOOLS); \ do \ @@ -80,19 +84,19 @@ release: distclean git commit -a -s -S -m 'Releasing version $(VERSION).' || true git tag -s -m 'Tagging version $(VERSION).' v$(VERSION) || true - mkdir service-tools-$(VERSION) - find . -mindepth 1 -maxdepth 1 -and -not -name ".git*" -and -not -name debian -and -not -name service-tools-$(VERSION) -exec cp \-a {} service-tools-$(VERSION) \; + mkdir $(SOFTWARE)-$(VERSION) + find . -mindepth 1 -maxdepth 1 -and -not -name ".git*" -and -not -name debian -and -not -name $(SOFTWARE)-$(VERSION) -exec cp \-a {} $(SOFTWARE)-$(VERSION) \; for FORMAT in xz lzip; \ do \ EXTENSION=$$(echo $${FORMAT} | cut -b-2); \ - tar --$${FORMAT} -cf ../service-tools-$(VERSION).tar.$${EXTENSION} service-tools-$(VERSION); \ - sha512sum ../service-tools-$(VERSION).tar.$${EXTENSION} > ../service-tools-$(VERSION).tar.$${EXTENSION}.sha512; \ - gpg --default-key 0xB62C61A10B93195F --armor -b ../service-tools-$(VERSION).tar.$${EXTENSION}; \ - mv ../service-tools-$(VERSION).tar.$${EXTENSION}.asc ../service-tools-$(VERSION).tar.$${EXTENSION}.sig; \ + tar --$${FORMAT} -cf ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION} $(SOFTWARE)-$(VERSION); \ + sha512sum ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION} > ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}.sha512; \ + gpg --default-key 0xB62C61A10B93195F --armor -b ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}; \ + mv ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}.asc ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}.sig; \ done - rm -rf service-tools-$(VERSION) + rm -rf $(SOFTWARE)-$(VERSION) upload: - scp ../service-tools-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/software/service-tools/upstream + scp ../$(SOFTWARE)-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/software/$(SOFTWARE)/upstream diff --git a/VERSION.txt b/VERSION.txt index d929766..8bf6a02 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20220704 +20231120 diff --git a/apache/Makefile b/apache/Makefile index 70b9a35..9b5b4db 100644 --- a/apache/Makefile +++ b/apache/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/apache/share/man/Makefile b/apache/share/man/Makefile index ab33e62..e8d97fb 100644 --- a/apache/share/man/Makefile +++ b/apache/share/man/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/apache/share/man/man.in b/apache/share/man/man.in index f95ca67..bcc6362 100644 --- a/apache/share/man/man.in +++ b/apache/share/man/man.in @@ -1,6 +1,6 @@ .\" Open Infrastructure: service-tools .\" -.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .\" .\" SPDX-License-Identifier: GPL-3.0+ .\" diff --git a/apache/share/man/service-tools.7.rst b/apache/share/man/service-tools.7.rst index d1cbf6b..bbe6b00 100644 --- a/apache/share/man/service-tools.7.rst +++ b/apache/share/man/service-tools.7.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: apache-tools -.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/postgresql/Makefile b/apt/Makefile index 9bc75b3..49377eb 100644 --- a/postgresql/Makefile +++ b/apt/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -63,18 +63,8 @@ build: install: build mkdir -p $(DESTDIR)/usr/bin cp -r bin/* $(DESTDIR)/usr/bin - ln -sf pg_hba.conf $(DESTDIR)/usr/bin/update-pg_hba.conf - - mkdir -p $(DESTDIR)/usr/share/bash-completion/completions - cp -r share/bash-completion/* $(DESTDIR)/usr/share/bash-completion/completions uninstall: - for FILE in share/bash-completion/*; \ - do \ - rm -f $(DESTDIR)/usr/share/bash-completion/completions/$$(basename $${FILE}); \ - done - - rm -f $(DESTDIR)/usr/bin/update-pg_hba.conf for FILE in bin/*; \ do \ rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ diff --git a/knot-resolver/bin/kresd-stats-list b/apt/bin/apt-install index 01aceb5..323d1b6 100755 --- a/knot-resolver/bin/kresd-stats-list +++ b/apt/bin/apt-install @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,37 +21,48 @@ set -e -HOSTS="${*}" +PROGRAM="$(basename "${0}")" +OPTIONS="${*}" + +Usage () +{ + echo "Usage: ${PROGRAM} PACKAGE" >&2 + echo "Usage: ${PROGRAM} PACKAGE1 PACKAGE2 ..." >&2 + echo + echo "See ${PROGRAM}(1) for more information." -if [ -z "${HOSTS}" ] -then - echo "Usage: ${0} localhost|[HOST1 HOST2 ...]" >&2 exit 1 +} + +if [ -z "${OPTIONS}" ] +then + Usage fi -for HOST in ${HOSTS} +for OPTION in ${OPTIONS} do - case "${HOST}" in - localhost) - NUMBER="$(systemctl | grep -c 'kresd@[0-9].service')" - - for NUMBER in $(seq 1 "${NUMBER}") - do - echo "Stats localhost, resolver ${NUMBER}" - echo "stats.list()" | sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" - done + case "${OPTION}" in + -*) + # abort if options are trying to be used + Usage ;; - *) - NUMBER="$(ssh "${HOST}" sudo systemctl | grep -c 'kresd@[0-9].service')" + /*) + # abort if local deb files are trying to be installed + Usage + ;; - for NUMBER in $(seq 1 "${NUMBER}") - do - echo "Stats ${HOST}, resolver ${NUMBER}" - echo "stats.list()" | ssh "${HOST}" sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" - done + .*) + # abort if local deb files are trying to be installed + echo "Debug: ." + Usage ;; esac done -echo +# ignore local apt configuration files +APT_CONFIG="" +export APT_CONFIG + +apt update +apt install "${OPTIONS}" diff --git a/knot/bin/knot-reset-zones b/apt/bin/apt-remove index 40779cf..719c8e7 100755 --- a/knot/bin/knot-reset-zones +++ b/apt/bin/apt-remove @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,38 +21,47 @@ set -e -HOSTS="${*}" +PROGRAM="$(basename "${0}")" +OPTIONS="${*}" + +Usage () +{ + echo "Usage: ${PROGRAM} PACKAGE" >&2 + echo "Usage: ${PROGRAM} PACKAGE1 PACKAGE2 ..." >&2 + echo + echo "See ${PROGRAM}(1) for more information." -if [ -z "${HOSTS}" ] -then - echo "Usage: ${0} localhost|[HOST1 HOST2 ...]" >&2 exit 1 +} + +if [ -z "${OPTIONS}" ] +then + Usage fi -for HOST in ${HOSTS} +for OPTION in ${OPTIONS} do - case "${HOST}" in - localhost) - echo -n "Resetting in-memory data for all zones..." - - service knot stop - rm -rf /var/lib/knot/journal/*.mdb - rm -rf /var/lib/knot/timers/*.mdb - service knot start - - echo " done." + case "${OPTION}" in + -*) + # abort if options are trying to be used + Usage ;; - *) - echo -n "'${HOST}': Resetting in-memory data for all zones..." - - ssh "${HOST}" \ - "sudo service knot stop && \ - rm -rf /var/lib/knot/journal/*.mdb && \ - rm -rf /var/lib/knot/timers/*.mdb && \ - sudo service knot start" + /*) + # abort if local deb files are trying to be installed + Usage + ;; - echo " done." + .*) + # abort if local deb files are trying to be installed + echo "Debug: ." + Usage ;; esac done + +# ignore local apt configuration files +APT_CONFIG="" +export APT_CONFIG + +apt remove --purge "${OPTIONS}" diff --git a/postgresql/share/man/Makefile b/apt/share/man/Makefile index a8af58d..ce5fe50 100644 --- a/postgresql/share/man/Makefile +++ b/apt/share/man/Makefile @@ -1,6 +1,6 @@ -# Open Infrastructure: compute-tools +# Open Infrastructure: service-tools -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -27,7 +27,7 @@ RST2MAN = rst2man \ --tab-width=4 \ --verbose -VERSION := $(shell cat ../../VERSION.txt) +VERSION := $(shell cat ../../../VERSION.txt) SHELL := sh -e @@ -35,8 +35,6 @@ all: build build: man -rebuild: clean build - man: man.in *.rst @echo -n "Creating manpages... " @@ -46,7 +44,7 @@ man: man.in *.rst $(RST2MAN) $${FILE} | \ sed -e '/^.\\" Man page generated/d' \ -e '/^.\\" Generated by/d' \ - -e "s|^\(.TH .*\) \(\"\" \"\"\) |\1 $${VERSION} compute-tools |" \ + -e "s|^\(.TH .*\) \(\"\" \"\"\) |\1 $${VERSION} service-tools |" \ >> $$(basename $${FILE} .rst); \ echo -n "."; \ done @@ -56,4 +54,6 @@ man: man.in *.rst clean: rm -f *.[0-9] -.PHONY: all clean build rebuild man +distclean: clean + +rebuild: clean build diff --git a/apt/share/man/apt-install.1.rst b/apt/share/man/apt-install.1.rst new file mode 100644 index 0000000..6880898 --- /dev/null +++ b/apt/share/man/apt-install.1.rst @@ -0,0 +1,123 @@ +.. Open Infrastructure: service-tools + +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=========== +apt-install +=========== + +------------------------------------------------------------------------ +securely allow unprivileged users to install packages via apt using sudo +------------------------------------------------------------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **sudo apt-install** PACKAGE +| **sudo apt-install** PACKAGE1 PACKAGE2 ... + +Description +=========== + +**apt-install** securely allows unprivileged users to install packages via apt using sudo. + +Some background information +=========================== + +| **Use case** +| On managed systems by a group of system administrators, it would be nice to allow +| unprivileged users to install the packages they like from the pre-configured +| Debian repositories. +| +| **Unsecure via sudo** +| Traditionally this has been done by granting the unprivileged users to run +| sudo with e.g.: +| "user ALL=NOPASSWD: /usr/bin/apt, /usr/bin/apt-get" +| (see sudoers(5) for information about sudoers, the configuration file for sudo). +| +| **Using local apt configuration** +| Using sudo as above allows for custom apt options to be passed as arguments, e.g.: +| sudo apt update -o APT::Update::Pre-Invoke::="/bin/sh" +| +| Or refering to local apt configuration file: +| sudo APT_CONFIG=~/apt.conf apt update +| +| **Installing local debian packages** +| Unfortunatly this allows to not just install packages from the repositories, +| but also to install local packages: +| sudo apt install ./root-shell.deb +| +| Creating a Debian package that contains a wrapper for a root shell or invokes +| a shell as root during within the maintainer scripts is left to the reader, +| however, there's a example available here: +| https://git.open-infrastructure.net/software/root-shell/ + +| **Using wrapper scripts for apt install and apt remove** +| The apt-install and apt-remove wrapper drop parameters as well as file and path +| arguments to ensure only packages from the configured Debian repositories can be +| installed. + +sudo configuration +================== + +| Users can be granted sudo rights for apt-install and apt-remove via sudoers(5): +| "user ALL=NOPASSWD: /usr/bin/apt-install, /usr/bin/apt-remove" + +| It might make sense to also allow unprivileged users to allow updating the system: +| "user ALL=NOPASSWD: /usr/bin/apt update, /usr/bin/apt upgrade, /usr/bin/apt dist-upgrade" + +Warning +======= + +| Granting users local access to a system is always a security risk. +| Giving local users the ability to install packages even more so. + +| While the apt-install and apt-remove wrappers do prevent installing malicious packages, +| bugs in any of the packages within the configured Debian repositories can be exploited. + +See also +======== + +| apt(8), +| sudo(8), +| sudoers(5) + +Homepage +======== + +More information about service-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +service-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/postgresql/share/man/man.in b/apt/share/man/man.in index f95ca67..bcc6362 100644 --- a/postgresql/share/man/man.in +++ b/apt/share/man/man.in @@ -1,6 +1,6 @@ .\" Open Infrastructure: service-tools .\" -.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .\" .\" SPDX-License-Identifier: GPL-3.0+ .\" diff --git a/dehydrated/Makefile b/dehydrated/Makefile index 2b6da9f..bf6fc46 100644 --- a/dehydrated/Makefile +++ b/dehydrated/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/dehydrated/TODO b/dehydrated/TODO index efbd047..b6cc845 100644 --- a/dehydrated/TODO +++ b/dehydrated/TODO @@ -1,7 +1,9 @@ TODO ==== + * add cleanup hook for extra certificates * add manpages for individual dehydrated hooks * use /etc/default for dehydrated-cron * use /etc/default for dehydrated-hook * use settings from _dehydrated.$domain.$tld for automatic configuration + * allow to configure 'use NS records' or 'use mname in SOA' per zone/tsig diff --git a/dehydrated/bin/dehydrated-cron b/dehydrated/bin/dehydrated-cron index 2f283e4..c1da9c5 100755 --- a/dehydrated/bin/dehydrated-cron +++ b/dehydrated/bin/dehydrated-cron @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/dehydrated/bin/dehydrated-hook b/dehydrated/bin/dehydrated-hook index 9103495..470fa50 100755 --- a/dehydrated/bin/dehydrated-hook +++ b/dehydrated/bin/dehydrated-hook @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index 8d2cf7b..d59e5ff 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -194,12 +194,12 @@ do ;; bind) - NSUPDATE_OPTIONS="-y $(cat ${KEY})" + NSUPDATE_OPTIONS="-y $(cat "${KEY}")" ;; esac fi - echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." + echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}.." # shellcheck disable=SC2086 echo "server ${NAMESERVER} diff --git a/dehydrated/share/hooks/deploy_cert.chrony b/dehydrated/share/hooks/deploy_cert.chrony index 9bccf75..40771a8 100755 --- a/dehydrated/share/hooks/deploy_cert.chrony +++ b/dehydrated/share/hooks/deploy_cert.chrony @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -23,9 +23,9 @@ set -e if grep -Eqrs '^ *ntsservercert' /etc/chrony then - # https://bugs.debian.org/1013882 echo -n " + Copying certificate for chrony..." + # https://bugs.debian.org/1013882 cp -fL "${FULLCHAINFILE}" /etc/chrony/cert.pem cp -fL "${KEYFILE}" /etc/chrony/key.pem diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra index ec61676..5cf7b72 100755 --- a/dehydrated/share/hooks/deploy_cert.extra +++ b/dehydrated/share/hooks/deploy_cert.extra @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,17 +21,68 @@ set -e -echo " + Creating extra certificate files..." +echo -n " + Creating extra certificate files..." DIRECTORY="$(dirname "${CERTFILE}")" -for EXTRA in fullchain-privkey privkey-fullchain +if [ "$(grep -c 'BEGIN CERTIFICATE' ${FULLCHAINFILE})" -ge 3 ] +then + # long chain: + # * chain.pem: (R3 | ISRG Root X1) + # * fullchain.pem: (Certificate | R3 | ISRG Root X1) + CHAIN="long" +else + # short chain: + # * chain.pem: (R3) + # * fullchain.pem (Certificate | R3) + CHAIN="short" +fi + +case "${CHAIN}" in + long) + # split chain.pem + TMPFILE="$(mktemp -p "${DIRECTORY}" -u ca.XXXXXXXXXX)" + grep -Ev '^$' "${CHAINFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}' + + # intermediate (R3) + mv "${TMPFILE}00" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" + ln -sf "intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem" + + # root (ISRG Root X1) + mv "${TMPFILE}01" "${DIRECTORY}/root-${TIMESTAMP}.pem" + ln -sf "root-${TIMESTAMP}.pem" "${DIRECTORY}/root.pem" + ;; + + short) + # intermediate (R3) + grep -Ev '^$' "${DIRECTORY}/chain-${TIMESTAMP}.pem" > "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" + ln -sf "intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem" + + # root (ISRG Root X1) + ISSUER_URI="$(openssl x509 -in "${DIRECTORY}/chain-${TIMESTAMP}.pem" -text -noout | grep 'Authority Information Access:' -A1 | awk -FURI: '/http/ { print $2 }')" + + if [ -n "${ISSUER_URI}" ] + then + wget -q "${ISSUER_URI}" -O - | openssl x509 -outform PEM > "${DIRECTORY}/root-${TIMESTAMP}.pem" + ln -sf "root-${TIMESTAMP}.pem" "${DIRECTORY}/root.pem" + fi + ;; +esac + +# extra certificate permutations: +# * privkey_fullchain.pem: postfix +# * root_intermediate_cert.pem: redis + +for EXTRA in fullchain_privkey privkey_fullchain root_intermediate_cert do - EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')" + rm -f "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem" + + for FILE in $(echo ${EXTRA} | sed -e 's|_| |g') + do + cat "${DIRECTORY}/${FILE}-${TIMESTAMP}.pem" >> "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem" + done - cat "${EXTRA1}-${TIMESTAMP}.pem" "${EXTRA2}-${TIMESTAMP}.pem" > "${DIRECTORY}/${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem" - ln -sf "${EXTRA1}-${EXTRA2}-${TIMESTAMP}.pem" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem" + ln -sf "${EXTRA}-${TIMESTAMP}.pem" "${DIRECTORY}/${EXTRA}.pem" done echo " done." diff --git a/dehydrated/share/hooks/deploy_ocsp.extra b/dehydrated/share/hooks/deploy_ocsp.extra index 36d0302..869616d 100755 --- a/dehydrated/share/hooks/deploy_ocsp.extra +++ b/dehydrated/share/hooks/deploy_ocsp.extra @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -26,12 +26,11 @@ echo " + Creating extra ocsp links..." DIRECTORY="$(dirname "${OCSPFILE}")" OCSP="$(readlink "${OCSPFILE}")" -for EXTRA in fullchain-privkey privkey-fullchain +for EXTRA in fullchain_privkey privkey_fullchain root_intermediate_cert do - EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')" + rm -f "${DIRECTORY}/${EXTRA}-${TIMESTAMP}.pem.ocsp" - ln -sf "${OCSP}" "${DIRECTORY}/cert.${EXTRA1}-${EXTRA2}.pem.ocsp" + ln -sf "${OCSP}" "${DIRECTORY}/${EXTRA}.pem.ocsp" done echo " done." diff --git a/dehydrated/share/hooks/exit_hook.cleanup-extra-ocsp b/dehydrated/share/hooks/exit_hook.cleanup-extra-ocsp deleted file mode 100755 index 0efc812..0000000 --- a/dehydrated/share/hooks/exit_hook.cleanup-extra-ocsp +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# Open Infrastructure: service-tools - -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <https://www.gnu.org/licenses/>. - -set -e - -echo " + Deleting extra ocsp links..." - -for EXTRA in fullchain-privkey privkey-fullchain -do - EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')" - - for FILE in "${CERTDIR}"/*/ocsp-*.der - do - LINK="$(dirname ${FILE})/cert.${EXTRA1}-${EXTRA2}.pem.ocsp" - ORIGINAL="$(readlink "${LINK}")" - - if [ ! -e "$(dirname ${FILE})/${ORIGINAL}" ] - then - rm -f "${LINK}" - fi - done -done - -echo " done." diff --git a/dehydrated/share/hooks/exit_hook.extra-cleanup b/dehydrated/share/hooks/exit_hook.extra-cleanup new file mode 100755 index 0000000..02baa19 --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.extra-cleanup @@ -0,0 +1,77 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +echo -n " + Cleanup extra certificate files..." + +for EXTRA in root intermediate fullchain_privkey privkey_fullchain root_intermediate_cert +do + for CERTIFICATE in "${CERTDIR}"/*/ + do + if ! ls "${CERTIFICATE}"/${EXTRA}*.pem > /dev/null 2>&1 + then + continue + fi + + SYMLINK="${CERTIFICATE}/${EXTRA}.pem" + ORIGINAL="$(readlink -f "${SYMLINK}")" + + if [ -e "${SYMLINK}" ] && [ ! -e "${ORIGINAL}" ] + then + # remove dangling symlink + rm -f "${SYMLINK}" + fi + + if [ -e "${SYMLINK}.ocsp" ] && [ ! -e "${ORIGINAL}.ocsp" ] + then + # remove dangling symlink + rm -f "${SYMLINK}.ocsp" + fi + + if [ -e "${SYMLINK}" ] + then + for FILE in "${CERTIFICATE}/${EXTRA}"-[0-9]*.pem + do + case "$(basename "${FILE}")" in + "$(basename "${ORIGINAL}")") + continue + ;; + + *) + # archive unused files + ARCHIVE="${BASEDIR}/archive/$(basename "${CERTIFICATE}")" + mkdir -p "${ARCHIVE}" + + mv "${FILE}" "${ARCHIVE}" + + if [ -e "${FILE}.ocsp" ] + then + mv "${FILE}.ocsp" "${ARCHIVE}" + fi + ;; + esac + done + fi + done +done + +echo " done." diff --git a/dehydrated/share/hooks/exit_hook.fix-permissions b/dehydrated/share/hooks/exit_hook.fix-permissions index 4a467a7..fa8ef95 100755 --- a/dehydrated/share/hooks/exit_hook.fix-permissions +++ b/dehydrated/share/hooks/exit_hook.fix-permissions @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,7 +21,7 @@ set -e -if [ ! -e /var/lib/dehydrated/certs ] +if [ ! -e "${CERTDIR}" ] then exit 0 fi @@ -31,10 +31,10 @@ then echo -n " + Fixing file owner and permissions..." # https://bugs.debian.org/854431 - chown -R root:ssl-cert /var/lib/dehydrated/certs + chown -R root:ssl-cert "${CERTDIR}" - find /var/lib/dehydrated/certs -type d -exec chmod 0750 {} \; - find /var/lib/dehydrated/certs -type f -exec chmod 0640 {} \; + find "${CERTDIR}" -type d -exec chmod 0750 {} \; + find "${CERTDIR}" -type f -exec chmod 0640 {} \; echo " done." fi diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload index cf297ab..dcbbb58 100755 --- a/dehydrated/share/hooks/exit_hook.service-reload +++ b/dehydrated/share/hooks/exit_hook.service-reload @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -25,7 +25,8 @@ Run_apache2 () { if grep -Eqrs '^ *SSLCertificateFile' /etc/apache2/sites-enabled then - service apache2 reload + service apache2 stop + service apache2 start fi } @@ -37,6 +38,14 @@ Run_chrony () fi } +Run_freeradius () +{ + if grep -Eqrs 'certificate_file = /var/lib/dehydrated' /etc/freeradius/*/* + then + service freeradius reload + fi +} + Run_haproxy () { if grep 'ssl crt' /etc/haproxy/haproxy.cfg | grep -qsv '^#' @@ -95,7 +104,7 @@ Run_redis_server () echo " + Reloading services:" -SERVICES="apache2 chrony haproxy knot-resolver postfix postgresql redis-sentinel redis-server" +SERVICES="apache2 chrony freeradius haproxy knot-resolver postfix postgresql redis-sentinel redis-server" for SERVICE in ${SERVICES} do diff --git a/dehydrated/share/man/Makefile b/dehydrated/share/man/Makefile index a6d6bf2..ce5fe50 100644 --- a/dehydrated/share/man/Makefile +++ b/dehydrated/share/man/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/dehydrated/share/man/dehydrated-cron.1.rst b/dehydrated/share/man/dehydrated-cron.1.rst index cd93a30..9e63fa3 100644 --- a/dehydrated/share/man/dehydrated-cron.1.rst +++ b/dehydrated/share/man/dehydrated-cron.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: service-tools -.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/dehydrated/share/man/dehydrated-hook.1.rst b/dehydrated/share/man/dehydrated-hook.1.rst index de63127..732bd12 100644 --- a/dehydrated/share/man/dehydrated-hook.1.rst +++ b/dehydrated/share/man/dehydrated-hook.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: service-tools -.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst index d4b097b..6a9ad4f 100644 --- a/dehydrated/share/man/dehydrated-nsupdate.1.rst +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: service-tools -.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/dehydrated/share/man/man.in b/dehydrated/share/man/man.in index f95ca67..bcc6362 100644 --- a/dehydrated/share/man/man.in +++ b/dehydrated/share/man/man.in @@ -1,6 +1,6 @@ .\" Open Infrastructure: service-tools .\" -.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .\" .\" SPDX-License-Identifier: GPL-3.0+ .\" diff --git a/dnsdist/Makefile b/dnsdist/Makefile index 6b3744b..49377eb 100644 --- a/dnsdist/Makefile +++ b/dnsdist/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/dnsdist/bin/dnsdist-console b/dnsdist/bin/dnsdist-console index ea26d63..9ddbc30 100755 --- a/dnsdist/bin/dnsdist-console +++ b/dnsdist/bin/dnsdist-console @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/Makefile b/git/Makefile index d3c7921..14db1ef 100644 --- a/git/Makefile +++ b/git/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/bin/git-checkout-branches b/git/bin/git-checkout-branches index 220386f..dd04bb6 100755 --- a/git/bin/git-checkout-branches +++ b/git/bin/git-checkout-branches @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/bin/git-hook b/git/bin/git-hook index 218ef00..81776ea 100755 --- a/git/bin/git-hook +++ b/git/bin/git-hook @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/dehydrated/share/hooks/exit_hook.cleanup-extra-cert b/git/bin/git-pull-branches index 816a65c..aca1ea3 100755 --- a/dehydrated/share/hooks/exit_hook.cleanup-extra-cert +++ b/git/bin/git-pull-branches @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,22 +21,34 @@ set -e -echo " + Deleting extra certificate files..." +CURRENT_BRANCH="$(git branch --show-current)" +REMOTE_BRANCHES="$(git branch -r | awk '{ print $1 }')" -for EXTRA in fullchain-privkey privkey-fullchain +# pull current branch +git pull + +# pull remote branches +for REMOTE_BRANCH in ${REMOTE_BRANCHES} do - EXTRA1="$(echo ${EXTRA} | awk -F- '{ print $1 }')" - EXTRA2="$(echo ${EXTRA} | awk -F- '{ print $2 }')" - - for FILE in "${CERTDIR}"/*/"cert.${EXTRA1}-${EXTRA2}-"*.pem - do - LINK="$(dirname ${FILE})/cert.${EXTRA1}-${EXTRA2}.pem" - - if [ "${FILE}" != "${LINK}" ] - then - rm -f "${FILE}" - fi - done + BRANCH="$(echo "${REMOTE_BRANCH}" | cut -d/ -f 2-)" + + case "${BRANCH}" in + HEAD|"${CURRENT_BRANCH}") + continue + ;; + esac + + if git branch | sed -e 's|\*||' | grep -qs " ${BRANCH}$" + then + git checkout "${BRANCH}" + git pull + else + git checkout -b "${BRANCH}" "${REMOTE_BRANCH}" + fi done -echo " done." +# checkout current branch +if [ "$(git branch --show-current)" != "${CURRENT_BRANCH}" ] +then + git checkout "${CURRENT_BRANCH}" +fi diff --git a/git/bin/git-remove-origin-branches b/git/bin/git-remove-origin-branches index be65a1f..de403ca 100755 --- a/git/bin/git-remove-origin-branches +++ b/git/bin/git-remove-origin-branches @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/bin/git-remove-origin-tags b/git/bin/git-remove-origin-tags index 8246ec2..1de452f 100755 --- a/git/bin/git-remove-origin-tags +++ b/git/bin/git-remove-origin-tags @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/bin/git-repo-repack b/git/bin/git-repo-repack index cf5a30c..035d55a 100755 --- a/git/bin/git-repo-repack +++ b/git/bin/git-repo-repack @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/share/hooks/post-update.d/cgit-agefile b/git/share/hooks/post-update.d/cgit-agefile index a00b038..4faafd6 100755 --- a/git/share/hooks/post-update.d/cgit-agefile +++ b/git/share/hooks/post-update.d/cgit-agefile @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/share/hooks/post-update.d/git-update-server-info b/git/share/hooks/post-update.d/git-update-server-info index 1b21b51..c90015a 100755 --- a/git/share/hooks/post-update.d/git-update-server-info +++ b/git/share/hooks/post-update.d/git-update-server-info @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/git/share/hooks/post-update.d/irker-notification b/git/share/hooks/post-update.d/irker-notification index 7c712db..8ef52ce 100755 --- a/git/share/hooks/post-update.d/irker-notification +++ b/git/share/hooks/post-update.d/irker-notification @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/irker/Makefile b/irker/Makefile index ef951c3..213ddfa 100644 --- a/irker/Makefile +++ b/irker/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/irker/bin/irkerhook-debian b/irker/bin/irkerhook-debian index ce8dfb4..71c85b4 100755 --- a/irker/bin/irkerhook-debian +++ b/irker/bin/irkerhook-debian @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/kea/Makefile b/kea/Makefile new file mode 100644 index 0000000..49377eb --- /dev/null +++ b/kea/Makefile @@ -0,0 +1,80 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: + +install: build + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + +uninstall: + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + +distclean: + +reinstall: uninstall install diff --git a/kea/bin/kea-json b/kea/bin/kea-json new file mode 100644 index 0000000..9380a3c --- /dev/null +++ b/kea/bin/kea-json @@ -0,0 +1,29 @@ +curl -X POST -H "Content-Type: application/json" -d '{ "command": "lease4-get", "arguments": { "subnet-id": 152, "ip-address": "147.87.152.14"}, "service": [ "dhcp4" ] }' http://localhost:8000/ | jq + +··curl -X POST -H "Content-Type: application/json" -d '{ "command": "config-reload", "service": [ "dhcp4" ] }' http://localhost:8000/ +»·······»·······curl -X POST -H "Content-Type: application/json" -d '{ "command": "config-reload", "service": [ "dhcp6" ] }' http://localhost:8000/ +»·······»·······curl -X POST -H "Content-Type: application/json" -d '{ "command": "config-reload", "service": [ "d2" ] }' http://localhost:8000/ + + + + +- man muss immer die subnet id mitgeben +- mac adressen als identifier sind nur in ipv4 erlabut, nicht in ipv6 + +mein beispiel: + +# get a lease6 +curl -X POST -H "Content-Type: application/json" -d ' +{ "command": "lease6-get", "arguments": { "subnet-id": 601000054, +"ip-address": "2a07:6b41:18:12:15:0:1:9"}, "service": [ "dhcp6" ] }' +http://localhost:8000/ | jq + +# delete lease6 +curl -X POST -H "Content-Type: application/json" -d ' +{ "command": "lease6-del", "arguments": { "subnet-id": 601000054, +"ip-address": "2a07:6b41:18:12:15:0:1:9"}, "service": [ "dhcp6" ] }' +http://localhost:8000/ | jq + +docu: + +https://kea.readthedocs.io/en/latest/arm/hooks.html#libdhcp-lease-cmds-so-lease-commands-for-easier-lease-management diff --git a/knot-resolver/bin/kresd-restart b/kea/bin/kea-leases-reset index 49c2462..f1e4d91 100755 --- a/knot-resolver/bin/kresd-restart +++ b/kea/bin/kea-leases-reset @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -27,25 +27,32 @@ for HOST in ${HOSTS} do case "${HOST}" in localhost) - NUMBER="$(systemctl | grep -c 'kresd@[0-9].service')" + echo "Removing all leases..." - for NUMBER in $(seq 1 "${NUMBER}") - do - echo "Flushing localhost, resolver ${NUMBER}" - echo "cache.clear()" | sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" - done + sudo service kea-dhcp6-server stop + sudo service kea-dhcp4-server stop + + sudo rm -f /var/lib/kea/*.csv* + + sudo service kea-dhcp6-server start + sudo service kea-dhcp4-server start + + echo + echo "done." ;; *) - NUMBER="$(ssh "${HOST}" sudo systemctl | grep -c 'kresd@[0-9].service')" + echo "'${HOST}': Removing all leases..." - for NUMBER in $(seq 1 "${NUMBER}") - do - echo "Flushing ${HOST}, resolver ${NUMBER}" - echo "cache.clear()" | ssh "${HOST}" sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" - done + ssh "${HOST}" \ + "sudo service kea-dhcp6-server stop; \ + sudo service kea-dhcp4-server stop; \ + sudo rm -f /var/lib/kea/*.csv*; \ + sudo service kea-dhcp6-server start; \ + sudo service kea-dhcp4-server start" + + echo + echo "done." ;; esac done - -echo diff --git a/knot-resolver/Makefile b/knot-resolver/Makefile index 6b3744b..49377eb 100644 --- a/knot-resolver/Makefile +++ b/knot-resolver/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/knot-resolver/bin/kresd-cache-clear b/knot-resolver/bin/kresd-cache-clear index 49c2462..52042a1 100755 --- a/knot-resolver/bin/kresd-cache-clear +++ b/knot-resolver/bin/kresd-cache-clear @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,31 +21,10 @@ set -e -HOSTS="${*:-localhost}" +NUMBER="$(systemctl | grep -c 'kresd@[0-9].service')" -for HOST in ${HOSTS} +for NUMBER in $(seq 1 "${NUMBER}") do - case "${HOST}" in - localhost) - NUMBER="$(systemctl | grep -c 'kresd@[0-9].service')" - - for NUMBER in $(seq 1 "${NUMBER}") - do - echo "Flushing localhost, resolver ${NUMBER}" - echo "cache.clear()" | sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" - done - ;; - - *) - NUMBER="$(ssh "${HOST}" sudo systemctl | grep -c 'kresd@[0-9].service')" - - for NUMBER in $(seq 1 "${NUMBER}") - do - echo "Flushing ${HOST}, resolver ${NUMBER}" - echo "cache.clear()" | ssh "${HOST}" sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" - done - ;; - esac + echo "Flushing localhost, resolver ${NUMBER}" + echo "cache.clear()" | sudo socat - UNIX-CONNECT:/run/knot-resolver/control/"${NUMBER}" done - -echo diff --git a/knot/Makefile b/knot/Makefile index a49dc34..a4f4977 100644 --- a/knot/Makefile +++ b/knot/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/postgresql/bin/postgresql-backup b/knot/bin/knot-zones-reset index beaf2d8..d007906 100755 --- a/postgresql/bin/postgresql-backup +++ b/knot/bin/knot-zones-reset @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,27 +21,35 @@ set -e +echo "Resetting in-memory data for all zones..." -#!/bin/sh - -set -e - -DIRECTORY="/srv/$(cat /etc/hostname)/postgresql-backup/$(date +%Y-%m-%d)" -DATABASES="fbm_test" - -mkdir -p "${DIRECTORY}" -chown -R postgres:postgres "${DIRECTORY}" +if systemctl status knot | grep -qs 'Active: active' +then + START="true" + sudo service knot stop +else + START="false" +fi -for DATABASE in ${DATABASES} -do - su - postgres -c "pg_dump -f ${DIRECTORY} -F d -j $(nproc) -C -d ${DATABASE}" -done +sudo rm -rf /var/lib/knot/journal/*.mdb +sudo rm -rf /var/lib/knot/timers/*.mdb -chown -R root:root "${DIRECTORY}" +if [ -e /var/lib/knot/zones/.git ] +then + sudo chown -R root:root /var/lib/knot/zones/ + cd /var/lib/knot/zones + sudo git clean -dxf + sudo git checkout -f + sudo chown -R knot:knot /var/lib/knot/zones/ +fi +case "${START}" in + true) + sudo service knot start + ;; +esac -# FIXME -#postgres pg_dump ${DATABASE} | plzip > postgresql-backup/${DATABASE}-"$(date +\%Y\%m\%d)".sql.lz -#find postgresql-backup/ -mtime +90 -name "${DATABASE}-*lz" | xargs -r rm +echo +echo "done." diff --git a/knot/share/cron/knot-reset-zones b/knot/share/cron/knot-reset-zones deleted file mode 100755 index 9762da4..0000000 --- a/knot/share/cron/knot-reset-zones +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/cron.d/knot-reset-zone - -0 0 * * * root /usr/bin/knot-reset-zones localhost > /dev/null 2>&1 diff --git a/knot/share/cron/knot-zones-reset b/knot/share/cron/knot-zones-reset new file mode 100755 index 0000000..13dfd44 --- /dev/null +++ b/knot/share/cron/knot-zones-reset @@ -0,0 +1,3 @@ +# /etc/cron.d/knot-zones-reset + +0 0 * * * root /usr/bin/knot-zones-reset > /dev/null 2>&1 diff --git a/linux/Makefile b/linux/Makefile index 09978b9..8274c79 100644 --- a/linux/Makefile +++ b/linux/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -64,9 +64,6 @@ install: build mkdir -p $(DESTDIR)/usr/bin cp -r bin/* $(DESTDIR)/usr/bin - mkdir -p $(DESTDIR)/etc/modprobe.d - cp share/kmod/* $(DESTDIR)/etc/modprobe.d - mkdir -p $(DESTDIR)/lib/systemd/system cp -r share/systemd/* $(DESTDIR)/lib/systemd/system @@ -76,12 +73,6 @@ uninstall: rm -f $(DESTDIR)/lib/systemd/system/$$(basename $${FILE}); \ done - for FILE in share/kmod/*; \ - do \ - rm -f $(DESTDIR)/etc/modprobe.d/$$(basename $${FILE}); \ - done - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/modprobe.d || true - for FILE in bin/*; \ do \ rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ diff --git a/linux/bin/linux-i40e b/linux/bin/linux-i40e index ffe17b3..9ab0426 100755 --- a/linux/bin/linux-i40e +++ b/linux/bin/linux-i40e @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -130,7 +130,7 @@ then exit 1 fi -DEVICES="$(grep -s '^DRIVER=i40e' /sys/class/net/*/device/uevent | awk -F/ '{ print $5 }' | sort -V)" +DEVICES="$(grep -s '^DRIVER=i40e' /sys/class/net/*/device/uevent | awk -F/ '{ print $5 }' | grep -v eno | sort -V)" if [ -z "${DEVICES}" ] then diff --git a/linux/bin/linux-leds b/linux/bin/linux-ice index ffe17b3..5f0feee 100755 --- a/linux/bin/linux-leds +++ b/linux/bin/linux-ice @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -130,11 +130,11 @@ then exit 1 fi -DEVICES="$(grep -s '^DRIVER=i40e' /sys/class/net/*/device/uevent | awk -F/ '{ print $5 }' | sort -V)" +DEVICES="$(grep -s '^DRIVER=ice' /sys/class/net/*/device/uevent | awk -F/ '{ print $5 }' | grep -v eno | sort -V)" if [ -z "${DEVICES}" ] then - echo "'${PROGRAM}': no network devices available with i40e driver" >&2 + echo "'${PROGRAM}': no network devices available with ice driver" >&2 fi case "${1}" in diff --git a/linux/share/kmod/linux-leds.conf b/linux/share/kmod/linux-leds.conf deleted file mode 100644 index 8e00229..0000000 --- a/linux/share/kmod/linux-leds.conf +++ /dev/null @@ -1,4 +0,0 @@ -# /etc/modprobe.d/linux-leds.conf - -blacklist pcengines-apuv2 -ledtrig_netdev diff --git a/linux/share/man/Makefile b/linux/share/man/Makefile index a6d6bf2..ce5fe50 100644 --- a/linux/share/man/Makefile +++ b/linux/share/man/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/linux/share/man/linux-i40e.1.rst b/linux/share/man/linux-i40e.1.rst index f4c2eb7..890ac02 100644 --- a/linux/share/man/linux-i40e.1.rst +++ b/linux/share/man/linux-i40e.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: service-tools -.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -59,6 +59,7 @@ Recommended options See also ======== +| linux-ice(1), | ethtool(8), | https://www.kernel.org/doc/Documentation/networking/i40e.txt diff --git a/linux/share/man/linux-ice.1.rst b/linux/share/man/linux-ice.1.rst new file mode 100644 index 0000000..1abfb90 --- /dev/null +++ b/linux/share/man/linux-ice.1.rst @@ -0,0 +1,86 @@ +.. Open Infrastructure: service-tools + +.. Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +========= +linux-ice +========= + +------------------------------------------------------------ +setting recommended options for the Linux ice device driver +------------------------------------------------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **linux-ice** start|stop|status + +Description +=========== + +**linux-ice** sets all recommended options for the Linux ice device driver. + +Recommended options +=================== + +| **Enabling disable-fw-lldp** +| Many Intel network cards such as the X700 Series drop LLDP pakets by default. +| When using LACP (802.1ad) this has the effect that after a reboot of one switch, +| the bond interfaces do not recover. Disabling the firewalling of LLDP pakets on +| the network card allows the operating system (= Linux kernel) to actually recieve +| the pakets and re-establish the bonded connection. + +| **Enabling link-down-on-close** +| Many Intel network cards such as the X700 Series do not take down the link +| when the corresponding interface is deconfigured. This is in contrast to the +| consumer (Intel) network cards that usually do this. Therefore, without enabling +| the link-down-on-close, most assumptions of HA stacks (e.g. pacemaker/corosync) +| are not met and can lead to various unwanted effects. Enabling this options +| restores the usual behaviour. + +See also +======== + +| linux-i40e(1), +| ethtool(8), +| https://www.kernel.org/doc/Documentation/networking/ice.txt + +Homepage +======== + +More information about service-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +service-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/linux/share/man/man.in b/linux/share/man/man.in index f95ca67..bcc6362 100644 --- a/linux/share/man/man.in +++ b/linux/share/man/man.in @@ -1,6 +1,6 @@ .\" Open Infrastructure: service-tools .\" -.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> .\" .\" SPDX-License-Identifier: GPL-3.0+ .\" diff --git a/linux/share/systemd/linux-ice.service b/linux/share/systemd/linux-ice.service new file mode 100644 index 0000000..ee8a727 --- /dev/null +++ b/linux/share/systemd/linux-ice.service @@ -0,0 +1,17 @@ +# Open Infrastructure: service-tools + +[Unit] +Description=setting recommended options for the Linux ice device driver +Documentation=man:linux-ice +Before=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/linux-ice start +ExecStop=/usr/bin/linux-ice stop +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=multi-user.target diff --git a/openldap/Makefile b/openldap/Makefile deleted file mode 100644 index e68219e..0000000 --- a/openldap/Makefile +++ /dev/null @@ -1,138 +0,0 @@ -# Open Infrastructure: service-tools - -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <https://www.gnu.org/licenses/>. - -SHELL := sh -e - -SCRIPTS = bin/* - -all: build - -test: - @echo -n "Checking for syntax errors with sh... " - @for SCRIPT in $(SCRIPTS); \ - do \ - sh -n $${SCRIPT}; \ - echo -n "."; \ - done - @echo " done." - - @echo -n "Checking for bashisms... " - @if [ -x /usr/bin/checkbashisms ]; \ - then \ - for SCRIPT in $(SCRIPTS); \ - do \ - checkbashisms -f -x $${SCRIPT}; \ - echo -n "."; \ - done; \ - else \ - echo "Note: devscripts not installed, skipping checkbashisms."; \ - fi - @echo " done." - - @echo -n "Checking with shellcheck... " - @if [ -x /usr/bin/shellcheck ]; \ - then \ - for SCRIPT in $(SCRIPTS); \ - do \ - shellcheck -e SC1090 -e SC2039 $${SCRIPT}; \ - echo -n "."; \ - done; \ - else \ - echo "Note: shellcheck not installed, skipping shellcheck."; \ - fi - @echo " done." - -build: share/man/*.rst - $(MAKE) -C share/man - -install: build - mkdir -p $(DESTDIR)/etc/dehydrated/hook.d - - mkdir -p $(DESTDIR)/etc/cron.d - cp -r share/cron/* $(DESTDIR)/etc/cron.d - - mkdir -p $(DESTDIR)/etc/cron.daily - ln -s /usr/bin/dehydrated-cron $(DESTDIR)/etc/cron.daily/dehydrated - - mkdir -p $(DESTDIR)/etc/logrotate.d - cp -r share/logrotate/* $(DESTDIR)/etc/logrotate.d - - mkdir -p $(DESTDIR)/usr/bin - cp -r bin/* $(DESTDIR)/usr/bin - - mkdir -p $(DESTDIR)/usr/share/dehydrated/hooks - cp -r share/hooks/* $(DESTDIR)/usr/share/dehydrated/hooks - - ln -sf /usr/bin/dehydrated-nsupdate $(DESTDIR)/usr/share/dehydrated/hooks/clean_challenge.nsupdate - ln -sf /usr/bin/dehydrated-nsupdate $(DESTDIR)/usr/share/dehydrated/hooks/deploy_challenge.nsupdate - - for SECTION in $$(seq 1 8); \ - do \ - if ls share/man/*.$${SECTION} > /dev/null 2>&1; \ - then \ - mkdir -p $(DESTDIR)/usr/share/man/man$${SECTION}; \ - cp share/man/*.$${SECTION} $(DESTDIR)/usr/share/man/man$${SECTION}; \ - fi; \ - done - -uninstall: - for SECTION in $$(seq 1 8); \ - do \ - for FILE in share/man/*.$${SECTION}; \ - do \ - rm -f $(DESTDIR)/usr/share/man/man$${SECTION}/$$(basename $${FILE}); \ - done; \ - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/man/man$${SECTION} || true; \ - done - - rm -rf $(DESTDIR)/usr/share/dehydrated/hooks - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/dehydrated || true - - for FILE in bin/*; \ - do \ - rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ - done - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true - - for FILE in share/logrotate/*; \ - do \ - rm -f $(DESTDIR)/etc/logrotate.d/$$(basename $${FILE}); \ - done - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/logrotate.d || true - - rm -f $(DESTDIR)/etc/cron.daily/dehydrated - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/cron.daily || true - - for FILE in share/cron/*; \ - do \ - rm -f $(DESTDIR)/etc/cron.d/$$(basename $${FILE}); \ - done - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/cron.d || true - - rm -rf $(DESTDIR)/etc/dehydrated/hook.d - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/dehydrated || true - - rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true - -clean: - $(MAKE) -C share/man clean - -distclean: clean - -reinstall: uninstall install diff --git a/openldap/share/cron/dehydrated b/openldap/share/cron/dehydrated deleted file mode 100755 index a560985..0000000 --- a/openldap/share/cron/dehydrated +++ /dev/null @@ -1,4 +0,0 @@ -# /etc/cron.d/dehydrated - -@daily root /usr/bin/slapd-cron-db -@daily root /usr/bin/slapd-cron-backup diff --git a/postgresql/bin/pg_hba.conf b/postgresql/bin/pg_hba.conf deleted file mode 100755 index 2b6c7cb..0000000 --- a/postgresql/bin/pg_hba.conf +++ /dev/null @@ -1,169 +0,0 @@ -#!/bin/sh - -# Open Infrastructure: service-tools - -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <https://www.gnu.org/licenses/>. - -set -e - -PROGRAM="$(basename "${0}")" - -Parameters () -{ - GETOPT_LONGOPTIONS="add,init,remove,update" - GETOPT_OPTIONS="a,i,r,u," - - PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" - - if [ "${?}" != "0" ] - then - echo "'${COMMAND}': getopt exit" >&2 - exit 1 - fi - - eval set -- "${PARAMETERS}" - - while true - do - case "${1}" in - -a|--add) - ACTION="add" - shift 1 - ;; - - -i|--init) - ACTION="init" - shift 1 - ;; - - -r|--remove) - ACTION="remove" - shift 1 - ;; - - -u|--update) - ACTION="update" - shift 1 - ;; - - --) - shift 1 - break - ;; - - *) - echo "'${COMMAND}': getopt error" >&2 - exit 1 - ;; - esac - done -} - -Usage () -{ - echo "Usage: ${PROGRAM} [-i|--init] [-a|--add LINE] [-r|--remove LINE] [-u|--update]" >&2 - echo - echo "See ${PROGRAM}(1) for more information." - - exit 1 -} - -Parameters "${@}" - -Run_add() -{ - echo "'add' not implemented yet" - exit 0 -} - -Run_init() -{ - echo "'init' not implemented yet" - exit 0 -} - -Run_remove() -{ - echo "'remove' not implemented yet" - exit 0 -} - -Run_update() -{ - # Check for pg_hba.conf - if ! ls /etc/postgresql/*/*/pg_hba.conf > /dev/null 2>&1 - then - echo "W: no pg_hba.conf in /etc/postgresql found." >&2 - exit 1 - fi - - # Check for managed pg_hba.conf - if ! ls /etc/postgresql/*/*/pg_hba.conf.g > /dev/null 2>&1 - then - echo "W: no managed pg_hba.conf in /etc/postgresql found, maybe use '${PROGRAM} --init' first." >&2 - exit 1 - fi - - # Update pg_hba.conf from pg_hba.conf.g directories - for DIRECTORY in /etc/postgresql/*/*/pg_hba.conf.g - do - if ls "${DIRECTORY}"/*.conf > /dev/null 2>&1 - then - CONFIG="$(basename "${DIRECTORY}" .g)" - - echo -n "Updating ${CONFIG}..." - - rm -f "${CONFIG}" - - for FILE in "${DIRECTORY}"/*.conf - do - cat "${FILE}" >> "${CONFIG}" - done - - echo " done." - fi - done -} - -case "${PROGRAM}" in - update-pg_hba.conf) - ACTION="update" - ;; -esac - -case "${ACTION}" in - add) - Run_add - ;; - - init) - Run_init - ;; - - remove) - Run_remove - ;; - - update) - Run_update - ;; - - *) - Usage - ;; -esac diff --git a/postgresql/share/bash-completion/pg_hba.conf b/postgresql/share/bash-completion/pg_hba.conf deleted file mode 100644 index c69b07b..0000000 --- a/postgresql/share/bash-completion/pg_hba.conf +++ /dev/null @@ -1,48 +0,0 @@ -# Open Infrastructure: service-tools - -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <https://www.gnu.org/licenses/>. - -_pg_hba_conf() -{ - local cur prev pg_type - COMPREPLY=() - cur="${COMP_WORDS[COMP_CWORD]}" - prev="${COMP_WORDS[COMP_CWORD-1]}" - - if [ ${COMP_CWORD} -gt 0 ] - then - pg_type="${COMP_WORDS[1]}" - fi - - if [ "${prev}" = "--" ] - then - compopt -o bashdefault - COMPREPLY=( $(compgen -c -- $cur) ) - return 0 - fi - - case "${pg_type}" in - *) - local pg_types="local host hostssl hostnossl hostgssenc hostnogssenc" - COMPREPLY=( $(compgen -W "${pg_types}" -- ${cur}) ) - return 0 - ;; - esac -} - -complete -F _pg_hba_conf pg_hba.conf diff --git a/postgresql/share/man/container.1.rst b/postgresql/share/man/container.1.rst deleted file mode 100644 index 6cd516f..0000000 --- a/postgresql/share/man/container.1.rst +++ /dev/null @@ -1,145 +0,0 @@ -.. Open Infrastructure: compute-tools - -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -.. -.. SPDX-License-Identifier: GPL-3.0+ -.. -.. This program is free software: you can redistribute it and/or modify -.. it under the terms of the GNU General Public License as published by -.. the Free Software Foundation, either version 3 of the License, or -.. (at your option) any later version. -.. -.. This program is distributed in the hope that it will be useful, -.. but WITHOUT ANY WARRANTY; without even the implied warranty of -.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.. GNU General Public License for more details. -.. -.. You should have received a copy of the GNU General Public License -.. along with this program. If not, see <https://www.gnu.org/licenses/>. - -============== -container-list -============== - ----------------------------- -List container on the system ----------------------------- - -:manual section: 1 -:manual group: Open Infrastructure - -Synopsis -======== - -| **container list** ['OPTIONS'] -| **cnt ls** ['OPTIONS'] - -Description -=========== - -The **container list** command lists container on the system. - -Options -======= - -The following **container list** options are available, defaults to '--started ---stopped': - --a, --all: - List all available container (started, stopped, and other). - ---csv-separator='SEPARATOR': - Specify custom CSV separator, defaults to ','. - --f, --format='FORMAT': - Use format to list container. Currently available formats are 'cli' (default), - 'csv', 'json', 'nwdiag', 'shell', 'sh', 'yaml', or 'xml'. - --h, --host='HOSTNAME': - List only container that are enabled for automatic start on the specified - hostname. Defaults to list containers of the local system only. Using 'all' - shows all container regardless of any automatic start configuration. - ---nwdiag-color='COLOR': - Specify custom nwdiag color for the host box, defaults to '#3465a4'. - ---nwdiag-label='LABEL': - Specify custom nwdiag label for the diagram, defaults to empty. - --o, --other: - List only container that are not enable for automatic start on the current - system. - --s, --started: - List only started container. - --t, --stopped: - List only stopped container. - -Examples -======== - -List all started and stopped containers of the local system: - - sudo container list - -List all started and other containers: - - sudo container list -s -o - -Create a CSV export of all started and stopped containers: - - sudo container list -f csv - -Create a JSON export of all started and stopped containers: - - sudo container list -f json - -Create a nwdiag export of all started and stopped containers: - - sudo container list -f nwdiag - -Create a SVG image via nwdiag of all started and stopped containers: - - sudo container list -f nwdiag | nwdiag -T svg -o cnt-list.svg - - -Create a shell export of all started and stopped containers: - - sudo container list -f shell - sudo container list -f sh - -Create a YAML export of all started and stopped containers: - - sudo container list -f yaml - -Create a XML export of all started and stopped containers: - - sudo container list -f xml - -See also -======== - -| compute-tools(7), -| container(1). - -Homepage -======== - -More information about compute-tools and the Open Infrastructure project can be -found on the homepage (https://open-infrastructure.net). - -Contact -======= - -Bug reports, feature requests, help, patches, support and everything else are -welcome on the Open Infrastructure Software Mailing List -<software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System -(https://bugs.debian.org). - -Authors -======= - -compute-tools were written by Daniel Baumann -<daniel.baumann@open-infrastructure.net> and others. diff --git a/supermicro/Makefile b/supermicro/Makefile new file mode 100644 index 0000000..49377eb --- /dev/null +++ b/supermicro/Makefile @@ -0,0 +1,80 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: + +install: build + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + +uninstall: + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + +distclean: + +reinstall: uninstall install diff --git a/supermicro/bin/supermicro-ipmi-reset b/supermicro/bin/supermicro-ipmi-reset new file mode 100755 index 0000000..8bd92f6 --- /dev/null +++ b/supermicro/bin/supermicro-ipmi-reset @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e + +PROGRAM="$(basename "${0}")" + +HOST="$(sed -e 's|.host$|.management|' /etc/hostname)" +ADDRESS="$(ipcalc-ng --all-info "$(dig +short AAAA "${HOST}")" | awk '/^Full Address/ { print $3 }')" + +if [ -z "${ADDRESS}" ] +then + "${PROGRAM}: no IP address found for ${HOST}" + exit 1 +fi + +echo "${PROGRAM}: resetting ipmi to factory defaults (including users and lan)" +ipmicfg -fdl -d + +echo "${PROGRAM}: change to protocol to dual-stack" +ipmicfg -addrptl 3 + +echo "${PROGRAM}: configuring ipmi to ${ADDRESS}" +ipmicfg -ipv6 add 1 "${ADDRESS}" 64 + +echo "${PROGRAM}: disabling ipv4 dhcp for ipv6-only configuration" +ipmicfg -dhcp off + +echo "${PROGRAM}: clearing ipv4 address for ipv6-only configuration" +ipmicfg -m 0.0.0.0 + +echo "${PROGRAM}: rebooting ipmi" +ipmicfg -r -d + +echo "${PROGRAM}: done." diff --git a/vim/Makefile b/vim/Makefile index 6b3744b..49377eb 100644 --- a/vim/Makefile +++ b/vim/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/vim/bin/vim-mtime b/vim/bin/vim-mtime index 20e1672..c0a0ad3 100755 --- a/vim/bin/vim-mtime +++ b/vim/bin/vim-mtime @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/znuny/Makefile b/znuny/Makefile new file mode 100644 index 0000000..49377eb --- /dev/null +++ b/znuny/Makefile @@ -0,0 +1,80 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: + +install: build + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + +uninstall: + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + +distclean: + +reinstall: uninstall install diff --git a/openldap/bin/slapd-cron-clean b/znuny/bin/otrs.Console.pl index 9e915bb..65d628c 100755 --- a/openldap/bin/slapd-cron-clean +++ b/znuny/bin/otrs.Console.pl @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,9 +21,4 @@ set -e -for FILE in $(find /var/lib/ldap -type f -name DB_CONFIG) -do - DATABASE="$(dirname "${FILE}")" - - db_archive -d -h "${DATABASE}" -done +sudo -u otrs /usr/share/otrs/bin/otrs.Console.pl ${@} diff --git a/openldap/bin/slapd-cron-backup b/znuny/bin/otrs.Daemon.pl index 814590e..4317808 100755 --- a/openldap/bin/slapd-cron-backup +++ b/znuny/bin/otrs.Daemon.pl @@ -2,7 +2,7 @@ # Open Infrastructure: service-tools -# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -21,13 +21,4 @@ set -e -BFHBCK=bfh-$( date +%y%m%d-%H%M ).ldif -ACCESSBCK=access-$( date +%y%m%d-%H%M ).ldif -BACKUPDIR=/srv/ldap-master.bfh.ch/slapcat - -/usr/sbin/slapcat -v -b "dc=bfh,dc=ch" -l $BACKUPDIR/$BFHBCK -gzip -9 $BACKUPDIR/$BFHBCK -/usr/sbin/slapcat -v -b "cn=accesslog" -l $BACKUPDIR/$ACCESSBCK -gzip -9 $BACKUPDIR/$ACCESSBCK - -find $BACKUPDIR -mtime +14 -exec rm {} + +sudo -u otrs /usr/share/otrs/bin/otrs.Daemon.pl ${@} |