VA
/
va-privacyidea
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

version bump, maintenance service/timer

This commit is contained in:
Jörg Deckert 2024-11-25 19:37:03 +01:00
parent 04eb618baa
commit b75ef3aafc
13 changed files with 60 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Makefile
View File

@ -6,9 +6,12 @@ radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer systemd-units: appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer
cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/ cp appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
logrotate: appliance/logrotate-freeradius appliance/logrotate-privacyidea
cp appliance/logrotate-freeradius $(CHROOT)/etc/logrotate.d/freeradius
cp appliance/logrotate-privacyidea $(CHROOT)/etc/logrotate.d/privacyidea
$(02firstboot): appliance/02firstboot.start $(02firstboot): appliance/02firstboot.start
mkdir -p $(CHROOT)/etc/local.d mkdir -p $(CHROOT)/etc/local.d
@ -83,4 +86,4 @@ $(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
preinstall: preinstall:
postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql postinstall: systemd-units logrotate $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql

18
appliance/02firstboot.start
View File

@ -66,7 +66,7 @@ fi
# Database # Database
systemctl stop mariadb systemctl stop mariadb.service
if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
echo 'Initialize MariaDB...' echo 'Initialize MariaDB...'
mkdir -p "/$LABEL/var/lib" mkdir -p "/$LABEL/var/lib"
@ -84,7 +84,7 @@ if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
echo '### ERROR initialize database !!! ###' echo '### ERROR initialize database !!! ###'
exit 1 exit 1
fi fi
systemctl start mariadb systemctl start mariadb.service
sleep 5 sleep 5
echo 'Create privacyIDEA database...' echo 'Create privacyIDEA database...'
@ -105,7 +105,7 @@ else
rm -f "/var/lib/mysql" rm -f "/var/lib/mysql"
fi fi
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
systemctl start mariadb systemctl start mariadb.service
fi fi
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
@ -138,12 +138,14 @@ ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
/etc/ssl/cert-renew.sh /etc/ssl/cert-renew.sh
systemctl enable mariadb systemctl enable mariadb.service
systemctl enable freeradius systemctl enable freeradius.service
systemctl enable apache2 systemctl enable apache2.service
systemctl enable logrotate.timer
systemctl restart freeradius systemctl restart freeradius.service
systemctl restart apache2 systemctl restart apache2.service
systemctl restart logrotate.timer
echo echo
echo "Success!" echo "Success!"

32
appliance/MySQL-Backup.sh
View File

@ -1,32 +0,0 @@
#!/bin/bash
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
DIR="/DATA/Backup/MySQL"
if [ -z $1 ]; then
echo "database name missing! use --all for all db's"
exit 1;
elif [ $1 = '--all' ]; then
echo "full backup"
for i in `mysqlshow --defaults-file=/root/.my.cnf | awk '{print $2}' | grep -v Databases`; do
if [ "$i" != "information_schema" ] && [ "$i" != "performance_schema" ]; then
if test -f ${DIR}/${i}.sql; then
echo "Move ${DIR}/${i}.sql to ${DIR}/${i}.sql.1"
mv ${DIR}/${i}.sql ${DIR}/${i}.sql.1
fi
echo "dump ${i} to ${DIR}/${i}.sgl"
mysqldump --defaults-file=/root/.my.cnf --single-transaction --events --opt -QF -r${DIR}/${i}.sql $i
chmod 600 ${DIR}/${i}.sql
fi
done;
elif [ -n $1 ]; then
echo "Starting backup of $1"
if test -f $DIR/$1.sql; then
echo "Move $DIR/$1.sql to $DIR/$1.sql.1"
mv ${DIR}/${1}.sql ${DIR}/${1}.sql.1
fi
mysqldump --defaults-file=/root/.my.cnf --single-transaction --opt -QF -r${DIR}/${1}.sql $1
chmod 600 ${DIR}/${1}.sql
fi
echo "Done"
exit 0;

8
appliance/backup.service
View File

@ -1,8 +0,0 @@
[Unit]
Description=execute backup tasks
RefuseManualStart=no
RefuseManualStop=yes
[Service]
Type=oneshot
ExecStart=/usr/local/bin/MySQL-Backup.sh --all

12
appliance/backup.timer
View File

@ -1,12 +0,0 @@
[Unit]
Description=execute backup tasks
RefuseManualStart=no
RefuseManualStop=no
[Timer]
Persistent=false
OnCalendar=Sun *-*-* 02:19:00
Unit=backup.service
[Install]
WantedBy=default.target

2
appliance/cert-renew.timer
View File

@ -9,4 +9,4 @@ OnCalendar=Sun *-*-* 04:03:00
Unit=cert-renew.service Unit=cert-renew.service
[Install] [Install]
WantedBy=default.target WantedBy=timers.target

12
appliance/logrotate-freeradius Normal file
View File

@ -0,0 +1,12 @@
/var/log/radius/*.log {
missingok
notifempty
sharedscripts
postrotate
if test -d /run/systemd/system ; then
systemctl reload freeradius.service > /dev/null 2>&1 || true
else
/etc/init.d/freeradius reload > /dev/null 2>&1 || true
fi
endscript
}

4
appliance/logrotate-privacyidea Normal file
View File

@ -0,0 +1,4 @@
/var/log/privacyidea/*.log {
missingok
notifempty
}

10
appliance/pi-maint.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=execute privacyIDEA maintenance
RefuseManualStart=no
RefuseManualStop=yes
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'rm /var/lib/privacyidea/backup/privacyidea-backup-*'
ExecStart=/usr/bin/pi-manage rotate_audit
ExecStart=/usr/bin/pi-manage backup create

12
appliance/pi-maint.timer Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=privacyIDEA maintenance
RefuseManualStart=no
RefuseManualStop=no
[Timer]
Persistent=false
OnCalendar=Sun *-*-* 03:19:00
Unit=pi-maint.service
[Install]
WantedBy=timers.target

9
package.accept_keywords
View File

@ -10,6 +10,7 @@ dev-python/yubiotp
dev-python/pycrypto dev-python/pycrypto
dev-python/mysql-connector-python dev-python/mysql-connector-python
dev-python/pytest-cov dev-python/pytest-cov
dev-python/segno
dev-python/sphinx dev-python/sphinx
dev-python/sphinxcontrib-applehelp dev-python/sphinxcontrib-applehelp
dev-python/sphinxcontrib-devhelp dev-python/sphinxcontrib-devhelp
@ -23,9 +24,5 @@ dev-python/grpcio-tools
# grunt, wird nur zur privacyIDEA-Translation benötigt # grunt, wird nur zur privacyIDEA-Translation benötigt
dev-nodejs/* dev-nodejs/*
### stable kann kein python3 # Compile error with stable 2.6.4
##net-fs/samba net-nds/openldap
##sys-libs/ldb
##sys-libs/talloc
##sys-libs/tdb
##sys-libs/tevent

1
package.use
View File

@ -9,6 +9,7 @@ sci-libs/hdf5 -cxx -fortran -hl
# RADIUS (ohne Samba kein rlm_mschap.so) # RADIUS (ohne Samba kein rlm_mschap.so)
net-dialup/freeradius kerberos ldap mysql python samba net-dialup/freeradius kerberos ldap mysql python samba
net-dns/bind gssapi
net-dns/bind-tools gssapi net-dns/bind-tools gssapi
net-fs/samba ads gnutls ldap python winbind net-fs/samba ads gnutls ldap python winbind
sys-libs/ldb ldap python sys-libs/ldb ldap python

1
world
View File

@ -2,5 +2,4 @@ app-crypt/certbot-apache
dev-db/mariadb dev-db/mariadb
net-dialup/freeradius net-dialup/freeradius
www-apps/privacyidea www-apps/privacyidea
www-apps/privacyideaadm
www-servers/apache www-servers/apache