Deployment script draft (including openrc, user and group management).

This commit is contained in:
Philippe Pittoli 2023-02-11 12:32:37 +01:00
parent e723717d53
commit bd11b4bdef
2 changed files with 113 additions and 0 deletions

47
makefile Normal file
View File

@ -0,0 +1,47 @@
all:
deploy: create-users deploy-openrc
undeploy: remove-users remove-openrc
remove-users:
@grep _auth /etc/passwd >/dev/null && \
deluser _auth && echo "user _auth has been removed" || \
echo "user _auth already was deleted"
@grep _filestorage /etc/passwd >/dev/null && \
deluser _filestorage && echo "user _filestorage has been removed" || \
echo "user _filestorage already was deleted"
@grep _ipc /etc/group >/dev/null && \
delgroup _ipc && echo "group _ipc has been removed" || \
echo "group _ipc already was deleted"
remove-openrc:
rm /etc/init.d/authd
rm /etc/init.d/filestoraged
GROUP ?= _ipc
# BusyBox addgroup [-g GID] [-S] [USER] GROUP
# -g GID -S (system group)
group-ipc:
@grep $(GROUP) /etc/group >/dev/null && echo "group $(GROUP) already exists" || \
(addgroup -S $(GROUP) && echo "group $(GROUP) has been created")
# BusyBox adduser [OPTIONS] USER [GROUP]
# -S (system user) -H (no mkdir) -s SHELL -g GECOS -G GROUP -D (no pass) -h HOME
user-auth: group-ipc
@grep _auth /etc/passwd >/dev/null && echo "user _auth already exists" || \
(adduser -S -H -s /bin/false -g "IPC auth daemon" -G $(GROUP) -D _auth && \
echo "user _auth has been created")
user-filestorage: group-ipc
@grep _filestorage /etc/passwd >/dev/null && echo "user _filestorage already exists" || \
(adduser -S -H -s /bin/false -g "IPC filestorage daemon" -G $(GROUP) -D _filestorage && \
echo "user _filestorage has been created")
create-users: user-auth user-filestorage
deploy-openrc-authd:
install -m0400 openrc/authd /etc/init.d/
deploy-openrc-filestoraged:
install -m0400 openrc/filestoraged /etc/init.d/
deploy-openrc: deploy-openrc-authd deploy-openrc-filestoraged

66
openrc/authd Executable file
View File

@ -0,0 +1,66 @@
#!/sbin/openrc-run
: ${cfgfile:="/etc/baguette/auth.yml"}
: ${auth_password_file:="/etc/baguette/auth-password"}
command_user="_auth:_ipc"
# The command cannot go background by itself and cannot write its own PID.
command_background=true
description="Authentication daemon"
description_checkconfig="Verify configuration file (TODO)"
description_reload="Reload configuration (TODO)"
description_debug="Print actual command line to run (TODO)"
extra_commands="checkconfig debug"
extra_started_commands="reload"
pidfile="${AUTHD_PIDFILE:-"/run/$RC_SVCNAME.pid"}"
command="${AUTHD_BINARY:-"/usr/local/bin/authd"}"
command_args="${command_args:-${AUTHD_OPTS:- -k $auth_password_file}}"
depend() {
provide auth
}
required_files="$cfgfile $auth_password_file"
debug() {
ewarn Hello this is debug.
ewarn auth_password_file: $auth_password_file
ewarn pidfile: $pidfile
ewarn command: $command
ewarn command_args: $command_args
}
checkconfig() {
if [ ! -d /run/ipc ] ; then
mkdir -p /run/ipc || return 1
fi
# "$command" -t $command_args || return 1
ewarn "authd cannot check its own configuration files, yet"
return 0
}
start_pre() {
checkconfig
}
stop_pre() {
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return 1
fi
}
reload() {
ewarn "Reloading: not available, let's just restart."
# checkconfig || return 1
restart || return 1
# ebegin "Reloading $RC_SVCNAME"
# start-stop-daemon --signal HUP \
# --exec "$command" --pidfile "$pidfile"
# eend $?
}