diff --git a/Makefile b/Makefile index ca12cf5..8e83557 100644 --- a/Makefile +++ b/Makefile @@ -6,9 +6,12 @@ radius_dict = $(CHROOT)/etc/raddb/dictionary.orig radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea -systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer - cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/ - cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/ +systemd-units: appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer + cp appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/ + +logrotate: appliance/logrotate-freeradius appliance/logrotate-privacyidea + cp appliance/logrotate-freeradius $(CHROOT)/etc/logrotate.d/freeradius + cp appliance/logrotate-privacyidea $(CHROOT)/etc/logrotate.d/privacyidea $(02firstboot): appliance/02firstboot.start mkdir -p $(CHROOT)/etc/local.d @@ -83,4 +86,4 @@ $(CHROOT)/var/lib/mysql: mariadb/my.cnf.root preinstall: -postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql +postinstall: systemd-units logrotate $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql diff --git a/appliance/02firstboot.start b/appliance/02firstboot.start index 3143cc6..b653534 100755 --- a/appliance/02firstboot.start +++ b/appliance/02firstboot.start @@ -66,7 +66,7 @@ fi # Database -systemctl stop mariadb +systemctl stop mariadb.service if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then echo 'Initialize MariaDB...' mkdir -p "/$LABEL/var/lib" @@ -84,7 +84,7 @@ if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then echo '### ERROR initialize database !!! ###' exit 1 fi - systemctl start mariadb + systemctl start mariadb.service sleep 5 echo 'Create privacyIDEA database...' @@ -105,7 +105,7 @@ else rm -f "/var/lib/mysql" fi ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" - systemctl start mariadb + systemctl start mariadb.service fi if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then @@ -138,12 +138,14 @@ ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2" /etc/ssl/cert-renew.sh -systemctl enable mariadb -systemctl enable freeradius -systemctl enable apache2 +systemctl enable mariadb.service +systemctl enable freeradius.service +systemctl enable apache2.service +systemctl enable logrotate.timer -systemctl restart freeradius -systemctl restart apache2 +systemctl restart freeradius.service +systemctl restart apache2.service +systemctl restart logrotate.timer echo echo "Success!" diff --git a/appliance/MySQL-Backup.sh b/appliance/MySQL-Backup.sh deleted file mode 100755 index 19ccfc9..0000000 --- a/appliance/MySQL-Backup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" - -DIR="/DATA/Backup/MySQL" - -if [ -z $1 ]; then - echo "database name missing! use --all for all db's" - exit 1; -elif [ $1 = '--all' ]; then - echo "full backup" - for i in `mysqlshow --defaults-file=/root/.my.cnf | awk '{print $2}' | grep -v Databases`; do - if [ "$i" != "information_schema" ] && [ "$i" != "performance_schema" ]; then - if test -f ${DIR}/${i}.sql; then - echo "Move ${DIR}/${i}.sql to ${DIR}/${i}.sql.1" - mv ${DIR}/${i}.sql ${DIR}/${i}.sql.1 - fi - echo "dump ${i} to ${DIR}/${i}.sgl" - mysqldump --defaults-file=/root/.my.cnf --single-transaction --events --opt -QF -r${DIR}/${i}.sql $i - chmod 600 ${DIR}/${i}.sql - fi - done; -elif [ -n $1 ]; then - echo "Starting backup of $1" - if test -f $DIR/$1.sql; then - echo "Move $DIR/$1.sql to $DIR/$1.sql.1" - mv ${DIR}/${1}.sql ${DIR}/${1}.sql.1 - fi - mysqldump --defaults-file=/root/.my.cnf --single-transaction --opt -QF -r${DIR}/${1}.sql $1 - chmod 600 ${DIR}/${1}.sql -fi -echo "Done" -exit 0; diff --git a/appliance/backup.service b/appliance/backup.service deleted file mode 100644 index 13ca921..0000000 --- a/appliance/backup.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=execute backup tasks -RefuseManualStart=no -RefuseManualStop=yes - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/MySQL-Backup.sh --all diff --git a/appliance/backup.timer b/appliance/backup.timer deleted file mode 100644 index ec59929..0000000 --- a/appliance/backup.timer +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=execute backup tasks -RefuseManualStart=no -RefuseManualStop=no - -[Timer] -Persistent=false -OnCalendar=Sun *-*-* 02:19:00 -Unit=backup.service - -[Install] -WantedBy=default.target diff --git a/appliance/cert-renew.timer b/appliance/cert-renew.timer index fa2ee54..340fe5d 100644 --- a/appliance/cert-renew.timer +++ b/appliance/cert-renew.timer @@ -9,4 +9,4 @@ OnCalendar=Sun *-*-* 04:03:00 Unit=cert-renew.service [Install] -WantedBy=default.target +WantedBy=timers.target diff --git a/appliance/logrotate-freeradius b/appliance/logrotate-freeradius new file mode 100644 index 0000000..325db5c --- /dev/null +++ b/appliance/logrotate-freeradius @@ -0,0 +1,12 @@ +/var/log/radius/*.log { + missingok + notifempty + sharedscripts + postrotate + if test -d /run/systemd/system ; then + systemctl reload freeradius.service > /dev/null 2>&1 || true + else + /etc/init.d/freeradius reload > /dev/null 2>&1 || true + fi + endscript +} diff --git a/appliance/logrotate-privacyidea b/appliance/logrotate-privacyidea new file mode 100644 index 0000000..7103550 --- /dev/null +++ b/appliance/logrotate-privacyidea @@ -0,0 +1,4 @@ +/var/log/privacyidea/*.log { + missingok + notifempty +} diff --git a/appliance/pi-maint.service b/appliance/pi-maint.service new file mode 100644 index 0000000..54d4bba --- /dev/null +++ b/appliance/pi-maint.service @@ -0,0 +1,10 @@ +[Unit] +Description=execute privacyIDEA maintenance +RefuseManualStart=no +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=/bin/sh -c 'rm /var/lib/privacyidea/backup/privacyidea-backup-*' +ExecStart=/usr/bin/pi-manage rotate_audit +ExecStart=/usr/bin/pi-manage backup create diff --git a/appliance/pi-maint.timer b/appliance/pi-maint.timer new file mode 100644 index 0000000..b5519c5 --- /dev/null +++ b/appliance/pi-maint.timer @@ -0,0 +1,12 @@ +[Unit] +Description=privacyIDEA maintenance +RefuseManualStart=no +RefuseManualStop=no + +[Timer] +Persistent=false +OnCalendar=Sun *-*-* 03:19:00 +Unit=pi-maint.service + +[Install] +WantedBy=timers.target diff --git a/package.accept_keywords b/package.accept_keywords index e90be0f..88540d8 100644 --- a/package.accept_keywords +++ b/package.accept_keywords @@ -10,6 +10,7 @@ dev-python/yubiotp dev-python/pycrypto dev-python/mysql-connector-python dev-python/pytest-cov +dev-python/segno dev-python/sphinx dev-python/sphinxcontrib-applehelp dev-python/sphinxcontrib-devhelp @@ -23,9 +24,5 @@ dev-python/grpcio-tools # grunt, wird nur zur privacyIDEA-Translation benötigt dev-nodejs/* -### stable kann kein python3 -##net-fs/samba -##sys-libs/ldb -##sys-libs/talloc -##sys-libs/tdb -##sys-libs/tevent +# Compile error with stable 2.6.4 +net-nds/openldap diff --git a/package.use b/package.use index b790fbc..f06cb51 100644 --- a/package.use +++ b/package.use @@ -9,6 +9,7 @@ sci-libs/hdf5 -cxx -fortran -hl # RADIUS (ohne Samba kein rlm_mschap.so) net-dialup/freeradius kerberos ldap mysql python samba +net-dns/bind gssapi net-dns/bind-tools gssapi net-fs/samba ads gnutls ldap python winbind sys-libs/ldb ldap python diff --git a/world b/world index fc444c9..b92b8fe 100644 --- a/world +++ b/world @@ -2,5 +2,4 @@ app-crypt/certbot-apache dev-db/mariadb net-dialup/freeradius www-apps/privacyidea -www-apps/privacyideaadm www-servers/apache