Revision 2e22c3b1
Added by Benoît PECCATTE almost 7 years ago
| rudder-server-relay/SPECS/rudder-server-relay.spec | ||
|---|---|---|
|
mkdir -p %{buildroot}%{ruddervardir}/inventories/incoming
|
||
|
mkdir -p %{buildroot}%{ruddervardir}/inventories/accepted-nodes-updates
|
||
|
mkdir -p %{buildroot}%{ruddervardir}/shared-files
|
||
|
mkdir -p %{buildroot}%{ruddervardir}/share
|
||
|
mkdir -p %{buildroot}%{rudderlogdir}/apache2/
|
||
|
mkdir -p %{buildroot}/etc/sysconfig/
|
||
|
mkdir -p %{buildroot}/etc/cron.d/
|
||
| ... | ... | |
|
echo " Done"
|
||
|
fi
|
||
|
|
||
|
# share directory with rudder-policy-reader
|
||
|
chgrp -R rudder-policy-reader %{buildroot}%{ruddervardir}/share
|
||
|
chmod 770 /var/rudder/share
|
||
|
find %{buildroot}%{ruddervardir}/share -type d | xargs chmod g+s
|
||
|
|
||
|
# Create the rudder user
|
||
|
if ! getent passwd %{rudder_user} >/dev/null; then
|
||
|
echo -n "INFO: Creating the %{rudder_user} user..."
|
||
| ... | ... | |
|
%{ruddervardir}/inventories/incoming
|
||
|
%{ruddervardir}/inventories/accepted-nodes-updates
|
||
|
%{ruddervardir}/shared-files/
|
||
|
%{ruddervardir}/share/
|
||
|
%{rudderlogdir}/apache2/
|
||
|
%{rudderdir}/share/relay-api/
|
||
|
%{rudderdir}/share/python/
|
||
| rudder-server-relay/debian/dirs | ||
|---|---|---|
|
var/rudder/inventories/accepted-nodes-updates
|
||
|
var/rudder/inventories/incoming
|
||
|
var/rudder/shared-files
|
||
|
var/rudder/share
|
||
|
var/log/rudder/apache2
|
||
|
etc/apache2/conf-available
|
||
| rudder-server-relay/debian/postinst | ||
|---|---|---|
|
echo " Done"
|
||
|
fi
|
||
|
|
||
|
# share directory with rudder-policy-reader
|
||
|
chgrp -R rudder-policy-reader /var/rudder/share
|
||
|
chmod 770 /var/rudder/share
|
||
|
find /var/rudder/share -type d | xargs chmod g+s
|
||
|
|
||
|
|
||
|
# Create the rudder user
|
||
|
if ! getent passwd rudder >/dev/null; then
|
||
|
echo -n "INFO: Creating the rudder user..."
|
||
| ... | ... | |
|
# Generate certificates if needed
|
||
|
if [ ! -f /opt/rudder/etc/ssl/rudder.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder.key ]; then
|
||
|
echo -n "INFO: No usable SSL certificate detected for Rudder relay HTTP/S support, generating one automatically..."
|
||
|
openssl req -new -x509 -newkey rsa:2048 -subj "/C=FR/ST=France/L=Paris/CN=$(hostname --fqdn)/emailAddress=root@$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder.key -out /opt/rudder/etc/ssl/rudder.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
|
openssl req -new -x509 -newkey rsa:2048 -subj "/C=FR/ST=France/L=Paris/CN=$(hostname --fqdn)/emailAddress=root@$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder.key -out /opt/rudder/etc/ssl/rudder.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
|
chgrp www-data /opt/rudder/etc/ssl/rudder.key && chmod 640 /opt/rudder/etc/ssl/rudder.key
|
||
|
echo " Done"
|
||
|
fi
|
||
| ... | ... | |
|
echo "*****************************************************************************************"
|
||
|
echo "INFO: rudder-server-relay setup complete. "
|
||
|
echo "INFO: "
|
||
|
echo "INFO: * If you are installing a root server, configuration is automatically done "
|
||
|
echo "INFO: * If you are installing a simple relay, run: "
|
||
|
echo "INFO: * If you are installing a root server, configuration is automatically done "
|
||
|
echo "INFO: * If you are installing a simple relay, run: "
|
||
|
echo "INFO: '/opt/rudder/bin/rudder-node-to-relay $(cat /opt/rudder/etc/uuid.hive)' "
|
||
|
echo "INFO: on your root server to complete this node transition to a relay server. "
|
||
|
echo "INFO: Please look at the documentation for details (Section 'Relay servers') "
|
||
| rudder-webapp/debian/dirs | ||
|---|---|---|
|
opt/rudder/share/tools
|
||
|
opt/rudder/share/plugins
|
||
|
opt/rudder/share/upgrade-tools
|
||
|
var/rudder/share
|
||
|
var/rudder/backup
|
||
|
var/rudder/files
|
||
|
var/rudder/lock
|
||
Also available in: Unified diff
Fixes #10885: /var/rudder/share must be readable by rudder-policy-reader