version bump, maintenance service/timer

This commit is contained in:
Jörg Deckert 2024-11-25 19:37:03 +01:00
parent 04eb618baa
commit b75ef3aafc
13 changed files with 60 additions and 72 deletions

View File

@ -6,9 +6,12 @@ radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer
cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/
cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
systemd-units: appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer
cp appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
logrotate: appliance/logrotate-freeradius appliance/logrotate-privacyidea
cp appliance/logrotate-freeradius $(CHROOT)/etc/logrotate.d/freeradius
cp appliance/logrotate-privacyidea $(CHROOT)/etc/logrotate.d/privacyidea
$(02firstboot): appliance/02firstboot.start
mkdir -p $(CHROOT)/etc/local.d
@ -83,4 +86,4 @@ $(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
preinstall:
postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql
postinstall: systemd-units logrotate $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql

View File

@ -66,7 +66,7 @@ fi
# Database
systemctl stop mariadb
systemctl stop mariadb.service
if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
echo 'Initialize MariaDB...'
mkdir -p "/$LABEL/var/lib"
@ -84,7 +84,7 @@ if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
echo '### ERROR initialize database !!! ###'
exit 1
fi
systemctl start mariadb
systemctl start mariadb.service
sleep 5
echo 'Create privacyIDEA database...'
@ -105,7 +105,7 @@ else
rm -f "/var/lib/mysql"
fi
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
systemctl start mariadb
systemctl start mariadb.service
fi
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
@ -138,12 +138,14 @@ ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
/etc/ssl/cert-renew.sh
systemctl enable mariadb
systemctl enable freeradius
systemctl enable apache2
systemctl enable mariadb.service
systemctl enable freeradius.service
systemctl enable apache2.service
systemctl enable logrotate.timer
systemctl restart freeradius
systemctl restart apache2
systemctl restart freeradius.service
systemctl restart apache2.service
systemctl restart logrotate.timer
echo
echo "Success!"

View File

@ -1,32 +0,0 @@
#!/bin/bash
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
DIR="/DATA/Backup/MySQL"
if [ -z $1 ]; then
echo "database name missing! use --all for all db's"
exit 1;
elif [ $1 = '--all' ]; then
echo "full backup"
for i in `mysqlshow --defaults-file=/root/.my.cnf | awk '{print $2}' | grep -v Databases`; do
if [ "$i" != "information_schema" ] && [ "$i" != "performance_schema" ]; then
if test -f ${DIR}/${i}.sql; then
echo "Move ${DIR}/${i}.sql to ${DIR}/${i}.sql.1"
mv ${DIR}/${i}.sql ${DIR}/${i}.sql.1
fi
echo "dump ${i} to ${DIR}/${i}.sgl"
mysqldump --defaults-file=/root/.my.cnf --single-transaction --events --opt -QF -r${DIR}/${i}.sql $i
chmod 600 ${DIR}/${i}.sql
fi
done;
elif [ -n $1 ]; then
echo "Starting backup of $1"
if test -f $DIR/$1.sql; then
echo "Move $DIR/$1.sql to $DIR/$1.sql.1"
mv ${DIR}/${1}.sql ${DIR}/${1}.sql.1
fi
mysqldump --defaults-file=/root/.my.cnf --single-transaction --opt -QF -r${DIR}/${1}.sql $1
chmod 600 ${DIR}/${1}.sql
fi
echo "Done"
exit 0;

View File

@ -1,8 +0,0 @@
[Unit]
Description=execute backup tasks
RefuseManualStart=no
RefuseManualStop=yes
[Service]
Type=oneshot
ExecStart=/usr/local/bin/MySQL-Backup.sh --all

View File

@ -1,12 +0,0 @@
[Unit]
Description=execute backup tasks
RefuseManualStart=no
RefuseManualStop=no
[Timer]
Persistent=false
OnCalendar=Sun *-*-* 02:19:00
Unit=backup.service
[Install]
WantedBy=default.target

View File

@ -9,4 +9,4 @@ OnCalendar=Sun *-*-* 04:03:00
Unit=cert-renew.service
[Install]
WantedBy=default.target
WantedBy=timers.target

View File

@ -0,0 +1,12 @@
/var/log/radius/*.log {
missingok
notifempty
sharedscripts
postrotate
if test -d /run/systemd/system ; then
systemctl reload freeradius.service > /dev/null 2>&1 || true
else
/etc/init.d/freeradius reload > /dev/null 2>&1 || true
fi
endscript
}

View File

@ -0,0 +1,4 @@
/var/log/privacyidea/*.log {
missingok
notifempty
}

View File

@ -0,0 +1,10 @@
[Unit]
Description=execute privacyIDEA maintenance
RefuseManualStart=no
RefuseManualStop=yes
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'rm /var/lib/privacyidea/backup/privacyidea-backup-*'
ExecStart=/usr/bin/pi-manage rotate_audit
ExecStart=/usr/bin/pi-manage backup create

12
appliance/pi-maint.timer Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=privacyIDEA maintenance
RefuseManualStart=no
RefuseManualStop=no
[Timer]
Persistent=false
OnCalendar=Sun *-*-* 03:19:00
Unit=pi-maint.service
[Install]
WantedBy=timers.target

View File

@ -10,6 +10,7 @@ dev-python/yubiotp
dev-python/pycrypto
dev-python/mysql-connector-python
dev-python/pytest-cov
dev-python/segno
dev-python/sphinx
dev-python/sphinxcontrib-applehelp
dev-python/sphinxcontrib-devhelp
@ -23,9 +24,5 @@ dev-python/grpcio-tools
# grunt, wird nur zur privacyIDEA-Translation benötigt
dev-nodejs/*
### stable kann kein python3
##net-fs/samba
##sys-libs/ldb
##sys-libs/talloc
##sys-libs/tdb
##sys-libs/tevent
# Compile error with stable 2.6.4
net-nds/openldap

View File

@ -9,6 +9,7 @@ sci-libs/hdf5 -cxx -fortran -hl
# RADIUS (ohne Samba kein rlm_mschap.so)
net-dialup/freeradius kerberos ldap mysql python samba
net-dns/bind gssapi
net-dns/bind-tools gssapi
net-fs/samba ads gnutls ldap python winbind
sys-libs/ldb ldap python

1
world
View File

@ -2,5 +2,4 @@ app-crypt/certbot-apache
dev-db/mariadb
net-dialup/freeradius
www-apps/privacyidea
www-apps/privacyideaadm
www-servers/apache