/* This file is part of Bolixo. Bolixo is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Bolixo is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Bolixo. If not, see . */ /* This program lauch all the components of the trli system over the network. It also program the blackhole system tying all the components together. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "bolixo.m" #include using namespace std; static int trli_chmod (const PARAM_STRING name, int mode) { int ret = chmod (name.ptr,mode); if (ret == -1) tlmp_error ("Can't chmod %s (%s)\n",name.ptr,strerror(errno)); return ret; } struct SERVER{ string sshcmd; string cpcmd; string public_ip; SERVER (const string &_sshcmd, const string &_cpcmd, const string &_ip){ sshcmd = _sshcmd; cpcmd = _cpcmd; public_ip = _ip; } SERVER(){} }; struct BLACKHOLE { string server; string config; unsigned port; BLACKHOLE (const string &_server, const string &_config, unsigned _port){ server = _server; config = _config; port = _port; } }; struct BOD { string server; unsigned port; unsigned workers; string secret; unsigned maxaccts; BOD (const string &_server, unsigned _port, unsigned _workers, const string &_secret, unsigned _maxaccts){ server = _server; port = _port; workers = _workers; secret = _secret; maxaccts = _maxaccts; } }; struct WRITED { string server; unsigned port; unsigned workers; string secret; string pubsecret; WRITED (const string &_server, unsigned _port, unsigned _workers, const string &_secret, const string &_pubsecret){ server = _server; port = _port; workers = _workers; secret = _secret; pubsecret = _pubsecret; } }; struct SESSIOND { string server; unsigned port; SESSIOND (const string &_server, unsigned _port){ server = _server; port = _port; } }; struct SQLD { string server; SQLD (const string &_server){ server = _server; } }; struct PROTO { string server; unsigned port; unsigned port_l; unsigned workers; PROTO (const string &_server, unsigned _workers){ server = _server; port = 9080; port_l = 9180; workers = _workers; } }; struct WEB { string server; string secret; WEB (const string &_server){ server = _server; } WEB (const string &_server, const string &_secret){ server = _server; secret = _secret; } }; struct EXIM { string server; vector alias; // Extra domains we accept as equivalent EXIM (const string &_server){ server = _server; } void addalias(PARAM_STRING _alias){ alias.push_back(_alias.ptr); } }; struct MON { string server; string bod_secret; string bolixod_secret; string publishd_secret; string documentd_secret; string alarmcmd; MON (const string &_server, const string &_bod_secret, const string &_bolixod_secret, const string &_publishd_secret, const string &_documentd_secret, const string &_alarmcmd){ server = _server; bod_secret = _bod_secret; bolixod_secret = _bolixod_secret; publishd_secret = _publishd_secret; documentd_secret = _documentd_secret; alarmcmd = _alarmcmd; } }; struct BOLIXOD { string server; string secret; unsigned workers; unsigned maxaccts; BOLIXOD (const string &_server, const string &_secret, unsigned _workers, unsigned _maxaccts){ server = _server; secret = _secret; workers = _workers; maxaccts = _maxaccts; } }; struct PUBLISHD { string server; string secret; PUBLISHD (const string &_server, const string &_secret){ server = _server; secret = _secret; } }; struct DOCUMENTD { string server; string secret; DOCUMENTD (const string &_server, const string &_secret){ server = _server; secret = _secret; } }; static bool closeweb = false; static const char *config_dir = "/etc/bolixo"; static const char *log_dir = "/var/log/bolixo"; static const char *sock_dir = "/var/run/blackhole"; static const char *sock_tests_dir = "/var/run/tests"; static const char *lxcsock_dir = "/var/run/blackhole"; //static const char *bin_path = "/usr/bin"; static const char *sbin_path = "/usr/sbin"; static const char *project_path = "/usr/sbin"; static const char *horizon_ip = "192.168.4.1"; static const char *horizon_ip2 = "192.168.4.2"; static const char *dnsproxy_ip = "192.168.4.3"; static const char *horizon_masterip = "192.168.4.1"; static const char *sql_bolixod_pwd = "bolixod.1"; static const char *sql_bolixod_user = "bolixod"; static const char *sql_bod_pwd = "bod.1"; static const char *sql_bod_user = "bod"; static const char *sql_bo_writed_pwd = "bo_writed.1"; static const char *sql_bo_writed_user = "bo_writed"; static const char *sql_publishd_pwd = "publishd.1"; static const char *sql_publishd_user = "publishd"; static const char *trli_user = "bolixo"; static int trli_userid = -1; static const char *blackhole_path = "/usr/sbin"; static const char *blackhole_user = "blackhole"; static const char *pid_dir = "/var/run"; static const char *devlog = "/dev/bolixo.log"; static const char *blackhole_options_conf = "/etc/blackhole-options.conf"; static const char *blackhole_rules = "/etc/blackhole-rules.sh"; static const char *horizon_options_conf = "/etc/horizon-options.conf"; static const char *horizon_rules = "/etc/horizon-rules.sh"; static const char *conproxy_options_conf = "/etc/conproxy-options.conf"; #define IP_PREFIX "192.168.122." static const char *ip_bod = IP_PREFIX "2"; static const char *ip_writed = IP_PREFIX "3"; static const char *ip_sessiond = IP_PREFIX "4"; static const char *ip_web = IP_PREFIX "5"; static const char *ip_web_fail = IP_PREFIX "15"; static const char *ip_webadm = IP_PREFIX "6"; static const char *ip_proto = IP_PREFIX "7"; static const char *ip0_webssl = IP_PREFIX "8"; static const char *ip_webssl = IP_PREFIX "8"; static const char *ip_webssl_fail = IP_PREFIX "18"; static const char *ip_preprod = IP_PREFIX "21"; static const char *ip_preprod2 = IP_PREFIX "22"; static const char *ip_preprod3 = IP_PREFIX "23"; static const char *ip_bosqlduser = IP_PREFIX "9"; static const char *ip_bosqlddata = IP_PREFIX "10"; static const char *ip_bosqldbolixo = IP_PREFIX "14"; static const char *ip_exim = IP_PREFIX "11"; static const char *ip_keysd = IP_PREFIX "12"; static const char *ip_bolixod = IP_PREFIX "13"; static const char *ip_publishd = IP_PREFIX "16"; static const char *ip_documentd = IP_PREFIX "17"; #define IP_PREFIX_P "192.168.5." static const char *ip_sqld_p = IP_PREFIX_P "1"; static const char *ip_bod_p = IP_PREFIX_P "2"; static const char *ip_writed_p = IP_PREFIX_P "3"; static const char *ip_sessiond_p = IP_PREFIX_P "4"; static const char *ip_web_p = IP_PREFIX_P "5"; static const char *ip_webadm_p = IP_PREFIX_P "6"; static const char *ip_proto_p = IP_PREFIX_P "7"; static const char *ip_webssl_p = IP_PREFIX_P "8"; static const char *vs_bod = "bod"; static const char *vs_bolixod = "bolixod"; static const char *vs_writed = "writed"; static const char *vs_sessiond = "sessiond"; static const char *vs_publishd = "publishd"; static const char *vs_documentd = "documentd"; struct CONFIG { bool iptables; bool private_site; string hostname; string nodename; string dirserver; string org; map servers; vector blackholes; vector bods; vector writeds; vector keysds; vector sessionds; vector bosqlddatas; vector bosqldusers; vector bosqldbolixos; vector protos; vector webs; vector webadms; vector webssls; vector logs; vector computes; vector exims; vector dnsproxys; vector monitors; vector bolixods; vector publishds; vector documentds; CONFIG(){ dirserver = "https://bolixo.org"; org="Bolixo.org"; iptables = false; } }; static bool preprodmode = false; static void generateconfig ( FILE *fout, const string &theserver, // We are generating for this server // This will allow some blackhole rule affinity const CONFIG &config, bool devmode) { string bk_control_str = string(blackhole_path) + "/blackhole-control -p " + sock_dir + "/blackhole.sock"; const char *bk_control = bk_control_str.c_str(); const char *rootserver = theserver.c_str(); // For now, there is only one server, so it is the one testing itself // Finds all servers set servers; for (auto x:config.bolixods) servers.insert(x.server); for (auto x:config.bods) servers.insert(x.server); for (auto x:config.writeds) servers.insert(x.server); for (auto x:config.keysds) servers.insert(x.server); for (auto x:config.sessionds) servers.insert(x.server); for (auto x:config.bosqlddatas) servers.insert(x.server); for (auto x:config.bosqldusers) servers.insert(x.server); for (auto x:config.bosqldbolixos) servers.insert(x.server); for (auto x:config.protos) servers.insert(x.server); for (auto x:config.webs) servers.insert(x.server); for (auto x:config.webadms) servers.insert(x.server); for (auto x:config.logs) servers.insert(x.server); for (auto x:config.webssls) servers.insert(x.server); for (auto x:config.exims) servers.insert(x.server); for (auto x:config.dnsproxys) servers.insert(x.server); fprintf (fout,"# Connect to all horizons\n"); for (auto x:servers) fprintf (fout,"%s horizon %s:%s/horizon-master.sock near\n",bk_control,x.c_str(),sock_dir); fprintf (fout,"%s reset-rules\n",bk_control); fprintf (fout,"# rule to connect the browser to the web server\n"); const char *prefix = ""; for (auto t:config.protos){ for (unsigned i=0; i static void print_configs ( const string &server, const string &public_ip, const CONFIG &config, bool devmode) { glocal const CONFIG *config = &config; glocal bool devmode = devmode; glocal const char *public_ip = public_ip.c_str(); glocal string server = server; glocal string stopbod; glocal string stopbolixod; glocal string stoppublishd; glocal string stopwrited; glocal string stopkeysd; glocal string stopsessiond; glocal string stopweb; glocal string stopwebadm; glocal string stopwebssl; glocal string stopsqlddata; glocal string stopsqlduser; glocal string stopsqldbolixo; glocal string stopproto; glocal string stopexim; glocal string stoptrlimon; glocal string stoptrlisyslog; glocal string stopcompute; glocal string stopdocumentd; glocal string stopemail_log; glocal const char *dirserver = config.dirserver.c_str(); glocal const char *nodename = config.nodename.c_str(); glocal const char *hostname = config.hostname.c_str(); glocal const char *org = config.org.c_str(); glocal bool iptables = config.iptables; glocal bool private_site = config.private_site; ("/tmp/bkstart.sh",false); glocal FILE *all_fout = fout; fprintf (fout,"#!/bin/sh\n"); if (glocal.devmode){ fprintf (fout,"ifconfig | grep -F -q 192.168.4.1 || echo 192.168.4.1 non disponible\n"); }else{ fprintf (fout,"mkdir -p %s %s\n",sock_dir,log_dir); } // SERVICE blackhole for (auto bk:glocal.config->blackholes){ if (bk.server == glocal.server){ (blackhole_options_conf,false); fprintf (fout,"#!/bin/sh\n" "BLACKHOLEOPTIONS=\" --control %s/blackhole.sock --horizon_port 8100" " --statfile %s/blackhole-connect.log --pidfile %s/blackhole.pid" " --conproxyport %s/conproxy.sock" " --debugfile /tmp/blackhole.log\"\n" ,sock_dir,log_dir,pid_dir ,sock_dir); return 0; trli_chmod (blackhole_options_conf,0755); ("/tmp/blackhole.sh",false); fprintf (fout,"#!/bin/sh\n" ". %s\n" "%s/blackhole --daemon $BLACKHOLEOPTIONS\n" ,blackhole_options_conf,blackhole_path); return 0; trli_chmod ("/tmp/blackhole.sh",0755); fprintf (glocal.all_fout,"/tmp/blackhole.sh\n"); (blackhole_rules,false); generateconfig (fout,glocal.server,*glocal.config,glocal.devmode); return 0; trli_chmod (blackhole_rules,0755); fprintf (glocal.all_fout,"%s\n",blackhole_rules); ("/tmp/blackhole-reload.sh",false); string bk_control_str = string(blackhole_path) + "/blackhole-control -p " + sock_dir + "/blackhole.sock"; const char *bk_control = bk_control_str.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s pause\n",bk_control); fprintf (fout,"%s reset-rules\n",bk_control); fprintf (fout,"%s reset-horizons\n",bk_control); fprintf (fout,"%s reset-wormholes\n",bk_control); fprintf (fout,"/tmp/blackhole-rules.sh\n"); fprintf (fout,"%s resume\n",bk_control); return 0; trli_chmod ("/tmp/blackhole-reload.sh",0755); } } // SERVICE horizon (horizon_options_conf,false); fprintf (fout,"#!/bin/sh\n"); if (!glocal.devmode){ fprintf (fout,"ifconfig lo:horizon 192.168.4.1 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:horizon2 192.168.4.2 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:dnsproxy 192.168.4.3 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:web 192.168.5.5 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:webadm 192.168.5.6 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:writed 192.168.5.3 netmask 255.255.255.255\n"); } fprintf (fout,"mkdir -p %s\n",sock_tests_dir); fprintf (fout,"rm -f %s/*\n",sock_tests_dir); const char *user = blackhole_user; if (!glocal.devmode){ user = "root"; } fprintf (fout, "HORIZONOPTIONS=\"" " --bind %s,9000 --bind %s,9100 --bind %s,9200 --bind %s,3307 --bind %s,3307" " --bind %s,9080 --bind %s,9081 --bind %s,8053" " --bind %s,9080 --bind %s,9081" " --control %s/horizon.sock --master %s,8100 --master %s/horizon-master.sock --user %s --pidfile %s/horizon.pid" " --conproxyport %s/conproxy.sock --open_network" ,horizon_ip,horizon_ip,horizon_ip,horizon_ip,horizon_ip2 ,horizon_ip,horizon_ip,horizon_ip ,horizon_ip2,horizon_ip2 ,sock_dir,horizon_masterip,sock_dir,user,pid_dir ,sock_dir); if (!glocal.devmode){ fprintf (fout," --bind %s,25",glocal.public_ip); fprintf (fout," --bind %s,80",glocal.public_ip); fprintf (fout," --bind %s,443",glocal.public_ip); fprintf (fout," --bind 127.0.0.1,8080"); fprintf (fout," --open_client"); } fprintf (fout,"\"\n"); return 0; trli_chmod (horizon_options_conf,0755); ("/tmp/horizon.sh",false); fprintf (fout,". %s\n",horizon_options_conf); fprintf (fout,"%s/horizon --daemon $HORIZONOPTIONS\n",blackhole_path); return 0; trli_chmod ("/tmp/horizon.sh",0755); fprintf (glocal.all_fout,"/tmp/horizon.sh\n"); fprintf (glocal.all_fout,"%s\n",horizon_rules); (horizon_rules,false); string hc_str = string (blackhole_path) + "/horizon-control --port " + sock_dir + "/horizon.sock"; const char *hc = hc_str.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s vserver dnsproxy %s\n",hc,dnsproxy_ip); fprintf (fout,"%s vserver sqlsource %s\n",hc,horizon_ip); fprintf (fout,"%s vserver sqlsource2 %s\n",hc,horizon_ip2); fprintf (fout,"%s vserver bolixod %s\n",hc,ip_bolixod); fprintf (fout,"%s vserver publishd %s\n",hc,ip_publishd); fprintf (fout,"%s vserver bod %s\n",hc,ip_bod); fprintf (fout,"%s vserver bod_p %s\n",hc,ip_bod_p); fprintf (fout,"%s vserver writed %s\n",hc,ip_writed); fprintf (fout,"%s vserver writed_p %s\n",hc,ip_writed_p); fprintf (fout,"%s vserver sessiond %s\n",hc,ip_sessiond); fprintf (fout,"%s vserver sessiond_p %s\n",hc,ip_sessiond_p); fprintf (fout,"%s vserver web %s\n",hc,ip_web); fprintf (fout,"%s vserver web_p %s\n",hc,ip_web_p); fprintf (fout,"%s vserver webadm %s\n",hc,ip_webadm); fprintf (fout,"%s vserver webadm_p %s\n",hc,ip_webadm_p); fprintf (fout,"%s vserver webssl %s\n",hc,ip_webssl); fprintf (fout,"%s vserver webssl_p %s\n",hc,ip_webssl_p); fprintf (fout,"%s vserver bosqlddata %s\n",hc,ip_bosqlddata); fprintf (fout,"%s vserver bosqlduser %s\n",hc,ip_bosqlduser); fprintf (fout,"%s vserver bosqldbolixo %s\n",hc,ip_bosqldbolixo); fprintf (fout,"%s vserver sqld_p %s\n",hc,ip_sqld_p); fprintf (fout,"%s vserver proto %s\n",hc,ip_proto); fprintf (fout,"%s vserver proto_p %s\n",hc,ip_proto_p); fprintf (fout,"%s allow %s\n",hc,horizon_masterip); fprintf (fout,"%s vserverdir root /\n",hc); fprintf (fout,"%s --bind 192.168.4.1,9082,ip0\n",hc); // Socket for monitoring for (auto t:glocal.config->keysds){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/A-keysd-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/A-keysd-%s.sock\n" ,trli_user,sock_tests_dir,server); } for (auto t:glocal.config->sessionds){ const char *server = t.server.c_str(); unsigned port = 9200; fprintf (fout,"%s --bind unix,%s/A-sessiond-%s-client-%u.sock,root\n" ,hc,sock_tests_dir,server,port); fprintf (fout,"%s --bind unix,%s/A-sessiond-%s-admin-%u.sock,root\n" ,hc,sock_tests_dir,server,port); fprintf (fout,"chown %s %s/A-sessiond-%s-admin-9200.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"chown %s %s/A-sessiond-%s-client-9200.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For bolixod system tests\n"); for (auto t:glocal.config->bolixods){ const char *server = t.server.c_str(); for (unsigned i=0; ipublishds){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/B-publishd-%s-client.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/B-publishd-%s-client.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For documentd system tests\n"); for (auto t:glocal.config->documentds){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/B-documentd-%s-client.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/B-documentd-%s-client.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For bod system tests\n"); for (auto t:glocal.config->bods){ const char *server = t.server.c_str(); for (unsigned i=0; i<=t.workers; i++){ unsigned port = 9000+i; fprintf (fout,"%s --bind unix,%s/B-bod-%s-client-%u.sock,root\n" ,hc,sock_tests_dir,server,port); fprintf (fout,"%s --bind unix,%s/B-bod-%s-admin-%u.sock,root\n" ,hc,sock_tests_dir,server,port); fprintf (fout,"chown %s %s/B-bod-%s-client-%u.sock\n" ,trli_user,sock_tests_dir,server,port); fprintf (fout,"chown %s %s/B-bod-%s-admin-%u.sock\n" ,trli_user,sock_tests_dir,server,port); } } fprintf (fout,"# For exim system tests\n"); for (auto t:glocal.config->exims){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/C-exim-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/C-exim-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For web 80 system tests\n"); for (auto t:glocal.config->webs){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/F-web-80-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/F-web-80-%s.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"%s --bind unix,%s/F-web-fail-80-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/F-web-fail-80-%s.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"%s --bind unix,%s/F-websocket-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/F-websocket-%s.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"%s --bind unix,%s/F-websocket-fail-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/F-websocket-fail-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For web trli-stop system tests\n"); for (auto t:glocal.config->webs){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/D-web-stop-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/D-web-stop-%s.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"%s --bind unix,%s/D-web-fail-stop-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/D-web-fail-stop-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For webadm trli-stop system tests\n"); for (auto t:glocal.config->webadms){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/D-webadm-stop-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/D-webadm-stop-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For trli-syslog system tests\n"); for (auto t:glocal.config->logs){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/E-syslog-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/E-syslog-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For trli-log system tests\n"); for (auto t:glocal.config->computes){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/E-log-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/E-log-%s.sock\n" ,trli_user,sock_tests_dir,server); } if (!glocal.devmode){ fprintf (fout,"# Allow the host to send email\n"); fprintf (fout,"%s --bind unix,/dev/smtp.sock,root\n" ,hc); fprintf (fout,"chown %s /dev/smtp.sock\n" ,trli_user); } return 0; trli_chmod (horizon_rules,0755); ("/tmp/horizon-debug.sh",false); string hc_str = string (blackhole_path) + "/horizon-control --port " + sock_dir + "/horizon.sock"; const char *hc = hc_str.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s debugfile /tmp/horizon.log\n",hc); fprintf (fout,"if [ \"$1\" = off ]; then\n"); fprintf (fout,"\t%s debug 0\n",hc); fprintf (fout,"elif [ \"$1\" = on ]; then\n"); fprintf (fout,"\t%s debug 1\n",hc); fprintf (fout,"else\n"); fprintf (fout,"\techo on or off\n"); fprintf (fout,"fi\n"); return 0; trli_chmod ("/tmp/horizon-debug.sh",0755); // SERVICE conproxy ("/tmp/conproxy.sh",false); fprintf (fout,"#!/bin/sh\n" "%s/conproxy" " -p %s/conproxy.sock --user %s --pidfile %s/conproxy.pid --daemon --statfile %s/conproxy-connect.log\n" ,blackhole_path,sock_dir,blackhole_user,pid_dir,log_dir); return 0; if (!glocal.devmode){ (conproxy_options_conf,false); fprintf (fout, "MAXHANDLES=10000\n" "CONPROXYOPTIONS=\"-p %s/conproxy.sock --user %s --pidfile %s/conproxy.pid --statfile %s/conproxy-connect.log\"\n" ,sock_dir,blackhole_user,pid_dir,log_dir); return 0; } trli_chmod ("/tmp/conproxy.sh",0755); fprintf (glocal.all_fout,"/tmp/conproxy.sh\n"); ("/tmp/protocheck.sh",false); fprintf (fout,"#!/bin/sh\n" "%s/protocheck-2factors" " --control %s/protocheck-2factors.sock --user %s --pidfile %s/protocheck-0.pid --daemon" " --follow_mode --unlocked --bind %s --port 9080" " --http %s/http_check.conf\n" ,blackhole_path,sock_dir,blackhole_user,pid_dir ,ip_proto_p ,config_dir); fprintf (fout,"#!/bin/sh\n" "%s/protocheck-2factors" " --control %s/protocheck-2factors-learn.sock --user %s --pidfile %s/protocheck-1.pid --daemon" " --follow_mode --unlocked --bind %s --port 9081" " --http %s/http_check.conf --learnfile /tmp/learn.log\n" ,blackhole_path,sock_dir,blackhole_user,pid_dir ,ip_proto_p ,config_dir); return 0; trli_chmod ("/tmp/protocheck.sh",0755); //fprintf (glocal.all_fout,"/tmp/protocheck.sh\n"); return 0; trli_chmod ("/tmp/bkstart.sh",0755); const char *bo_start = "/root/bolixostart.sh"; const char *bo_stop = "/root/bolixostop.sh"; if (devmode){ bo_start = "/tmp/bolixostart.sh"; bo_stop = "/tmp/bolixostop.sh"; } (bo_start,false); glocal FILE *all_fout = fout; glocal vector delayed; fprintf (fout,"#!/usr/bin/sh\n"); // When running bolixo inside a lxc container, /dev/net/tun is often missing, no idea why // So if the script /root/nettun exists, it is executed fprintf (fout,"test -x /root/nettun && /root/nettun\n"); // Check if the virtual bridge device is active. This is a common problem fprintf (fout,"if ! grep -q virbr0 /proc/net/dev; then\n"); fprintf (fout,"\techo virtual bridge device virbr0 not found, aborting\n"); fprintf (fout,"\texit 1\n"); fprintf (fout,"fi\n"); { // SERVICE iptables if (!glocal.devmode && glocal.iptables){ const char *iptables_sh = glocal.devmode ? "/tmp/iptables.sh" : "/root/iptables.sh"; (iptables_sh,false); glocal FILE *fout = fout; fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"iptables --flush\n"); fprintf (fout,"iptables --flush -t nat\n"); fprintf (fout,"iptables --delete-chain\n"); fprintf (fout,"iptables -t nat --delete-chain\n"); if (preprodmode){ fprintf (fout,"iptables -t nat -A PREROUTING -s %s -p tcp -j REDIRECT --to-port 2025\n",ip_exim); }else{ fprintf (fout,"#iptables -t nat -A PREROUTING -s %s -p tcp -j REDIRECT --to-port 8080\n",ip_exim); } fprintf (fout,"iptables -t nat -A POSTROUTING -o eth0 -s %s -j MASQUERADE\n",ip_exim); fprintf (fout,"iptables -t nat -A POSTROUTING -o eth0 -s %s -j MASQUERADE\n",ip_bod); fprintf (fout,"iptables -t nat -A POSTROUTING -o eth0 -s %s -j MASQUERADE\n",ip_bolixod); fprintf (fout,"iptables -t nat -A POSTROUTING -o eth0 -s %s -j MASQUERADE\n",ip_publishd); const char *dirserver = glocal.dirserver; { const char *pt; if (preprodmode){ dirserver = ip_preprod; }else if (is_start_any_ofnc(dirserver,pt,"https://","http://")){ dirserver = pt; } } fprintf (fout,"iptables -t nat -A POSTROUTING -o eth0 -s %s -d %s -j MASQUERADE\n",ip_web,dirserver); fprintf (fout,"iptables --flush -t mangle\n"); #if 1 fprintf (fout,"iptables -t mangle -X DIVERT\n"); fprintf (fout,"iptables -t mangle -N DIVERT\n"); fprintf (fout,"iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT\n"); #endif #if 0 fprintf (fout,"iptables -t mangle -A OUTPUT --src 192.168.122.0/24 -d 192.168.4.0/24 -j ACCEPT\n"); fprintf (fout,"iptables -t mangle -A OUTPUT --src 192.168.122.0/24 -d 192.168.122.1 -j ACCEPT\n"); fprintf (fout,"iptables -t mangle -A OUTPUT --src %s -p tcp -j MARK --set-xmark 0x1/0xffffffff\n",ip_exim); fprintf (fout,"iptables -t mangle -A OUTPUT --src %s -p tcp -j MARK --set-xmark 0x1/0xffffffff\n",ip_webssl); #endif #if 1 // Used by the horizon to connect to internal services while // using the original source IP (form the internet) fprintf (fout,"iptables -t mangle -A DIVERT -j MARK --set-mark 1\n"); fprintf (fout,"iptables -t mangle -A DIVERT -j ACCEPT\n"); fprintf (fout,"ip rule add fwmark 1 lookup 100\n"); fprintf (fout,"ip route add local 0.0.0.0/0 dev lo table 100\n"); fprintf (fout,"echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter\n"); #endif // Add some rules to monitor the turnserver network usage. // Normally, the server is globally available for (auto n:{"udp","tcp"}){ fprintf (fout,"iptables -A INPUT -p %s -s 0.0.0.0/0 -d %s --dport 3478 -j ACCEPT\n",n,glocal.public_ip); fprintf (fout,"iptables -A OUTPUT -p %s -s %s --sport 3478 -d 0.0.0.0/0 -j ACCEPT\n",n,glocal.public_ip); } glocal bool onerule = false; ("/root/sshd.lst",true); if (line[0] != '#' && line[0] > ' '){ glocal.onerule = true; fprintf (glocal.fout,"iptables -A INPUT -s %s -p tcp --dport 22 -j ACCEPT\n",line); } return 0; if (glocal.onerule){ fprintf (fout,"iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j REJECT\n"); } // Prevent any lxc0 container from talking to any other using IP. It has to go through blackhole if (preprodmode){ fprintf (fout,"iptables -A FORWARD -s 192.168.124.0/24 -d 192.168.124.0/24 -j REJECT\n"); }else{ fprintf (fout,"iptables -A FORWARD -s 192.168.122.0/24 -d 192.168.122.0/24 -j REJECT\n"); } return 0; trli_chmod (iptables_sh,0755); fprintf (glocal.all_fout,"%s\n",iptables_sh); } // SERVICE dnsproxy { ("/var/lib/lxc/udpproxy.sh",false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"echo udpproxy\n"); fprintf (fout,"/usr/sbin/udpproxy --daemon --control %s/udpproxy.sock --user %s" " --udp2tcp --udpport 53 --udphost %s --tcphost %s --tcpport 8053 --bindaddr %s\n" ,sock_dir,trli_user,horizon_ip,horizon_ip,dnsproxy_ip); fprintf (fout,"/usr/sbin/udpproxy --daemon --control %s/udpproxy-out.sock --user %s" " --pidfile /var/run/udpproxy-out.pid --tcp2udp --tcphost %s --tcpport 8053 --udpport 53" ,sock_dir,trli_user,dnsproxy_ip); glocal FILE *fout = fout; ("/etc/resolv.conf",true); string adr; if (splitline(line,match("nameserver"),adr)){ fprintf (glocal.fout," --udphost %s",adr.c_str()); } return 0; fprintf (fout,"\n"); return 0; fprintf (glocal.all_fout,"/var/lib/lxc/udpproxy.sh\n"); trli_chmod ("/var/lib/lxc/udpproxy.sh",0755); } // SERVICE bolixod for (auto t:glocal.config->bolixods){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/bolixod",0755); glocal const char *secret = t.secret.c_str(); glocal int workers = t.workers; glocal unsigned maxaccts = t.maxaccts; ("/var/lib/lxc/bolixod/bolixod.init",false); fprintf (fout,"export BOLIXOD_PWD=%s\n",sql_bolixod_pwd); for (int i=0; i string startfile; ("bolixod",ip_bolixod,startfile,trli_user,trli_userid); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",trli_user,name); umount_needed(fout,name,"bolixod"); fprintf (fout,"echo nameserver %s >/var/lib/lxc/%s/rootfs/etc/resolv.conf\n" ,horizon_ip,name); if (glocal.devmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_webssl,name); fprintf (fout,"echo %s alpha.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); }else if (preprodmode){ fprintf (fout,"echo %s alpha.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod2.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod2,name); fprintf (fout,"echo %s preprod3.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod3,name); fprintf (fout,"echo %s bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); } fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("bolixod","bolixod",project_path,glocal.workers,glocal.stopbolixod); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); lxc_config ("bolixod",ip_bolixod,true); lxc_status (project_path,"bolixod","bolixod",glocal.workers); lxc_debug (project_path,"bolixod","bolixod",glocal.workers); } } // SERVICE documentd for (auto t:glocal.config->documentds){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/documentd",0755); glocal const char *secret = t.secret.c_str(); ("/var/lib/lxc/documentd/documentd.init",false); { fprintf (fout,"%s/documentd ",project_path); fprintf (fout,"--control %s/documentd.sock" " --client-secrets %s/secrets.client" " --user %s --daemon" " --nodename %s" " --pidfile /tmp/documentd.pid\n" ,lxcsock_dir ,config_dir ,trli_user ,glocal.nodename ); } return 0; string startfile; ("documentd",ip_documentd,startfile,trli_user,trli_userid); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/keysd.sock:/var/lib/lxc/%s/rootfs/dev/keysd.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/keysd.sock\n",trli_user,name); fprintf (fout,"ulimit -SH -s 8192 -v 350000\n"); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/etc/bolixo/vidconf.secret\n",trli_user,name); fprintf (fout,"chmod 400 /var/lib/lxc/%s/rootfs/etc/bolixo/vidconf.secret\n",name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("documentd","documentd",project_path,-1,glocal.stopdocumentd); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/keysd.sock %s\n" ,blackhole_path,sock_dir,name); lxc_config ("documentd",ip_documentd,true); lxc_status (project_path,"documentd","documentd",-1); lxc_debug (project_path,"documentd","documentd",-1); } } // SERVICE publishd for (auto t:glocal.config->publishds){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/publishd",0755); glocal const char *secret = t.secret.c_str(); ("/var/lib/lxc/publishd/publishd.init",false); fprintf (fout,"export PUBLISHD_PWD=%s\n",sql_publishd_pwd); { const char *host = glocal.hostname; // Patch for the first preprod host which is a copy of the first prod server. if (preprodmode && strcmp(host,"alpha.bolixo.org")==0) host = "preprod.bolixo.org"; fprintf (fout,"%s/publishd ",project_path); fprintf (fout,"--control %s/publishd.sock" " --hostname %s" " --client_secrets %s/secrets.client" " --dbserv %s --dbname files --dbuser %s" " --user %s --daemon" " --pidfile /tmp/publishd.pid" ,lxcsock_dir ,host ,config_dir ,"localhost",sql_publishd_user ,trli_user ); if (glocal.devmode || preprodmode){ fprintf (fout," --nonstrict --usehttp test1.bolixo.org"); } fprintf (fout,"\n"); } return 0; string startfile; ("publishd",ip_publishd,startfile,trli_user,trli_userid); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/keysd.sock:/var/lib/lxc/%s/rootfs/dev/keysd.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/keysd.sock\n",trli_user,name); umount_needed(fout,name,"bolixo"); fprintf (fout,"echo nameserver %s >/var/lib/lxc/%s/rootfs/etc/resolv.conf\n" ,horizon_ip,name); if (glocal.devmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip0_webssl,name); fprintf (fout,"echo %s preprod.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod2.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod2,name); fprintf (fout,"echo %s preprod3.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod3,name); }else if (preprodmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip0_webssl,name); fprintf (fout,"echo %s alpha.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod2.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod2,name); fprintf (fout,"echo %s preprod3.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod3,name); fprintf (fout,"echo %s bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); } fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("publishd","publishd",project_path,-1,glocal.stoppublishd); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/keysd.sock %s\n" ,blackhole_path,sock_dir,name); lxc_config ("publishd",ip_publishd,true); lxc_status (project_path,"publishd","publishd",-1); lxc_debug (project_path,"publishd","publishd",-1); } } // SERVICE writed for (auto t:glocal.config->writeds){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/writed",0755); glocal const char *secret = t.secret.c_str(); glocal const char *pubsecret = t.pubsecret.c_str(); glocal int workers = t.workers; ("/var/lib/lxc/writed/writed.init",false); fprintf (fout,"export BO_WRITED_PWD=%s\n",sql_bo_writed_pwd); for (int i=0; i string startfile,delayfile; ("writed",ip_writed,startfile,delayfile,trli_user,trli_userid); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/compute.sock:/var/lib/lxc/%s/rootfs/dev/compute.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/compute.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/smtp.sock:/var/lib/lxc/%s/rootfs/dev/smtp.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/smtp.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/keysd.sock:/var/lib/lxc/%s/rootfs/dev/keysd.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/keysd.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/publishd.sock:/var/lib/lxc/%s/rootfs/dev/publishd.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/publishd.sock\n",trli_user,name); // Sockets for both MySQL servers fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql-users.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql-users.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql-users.sock\n",trli_user,name); umount_needed(fout,name,"bolixo"); // Generate the list of time zones fprintf (fout,"%s >/var/lib/lxc/%s/rootfs/etc/timezones.lst\n",zoneinfo_cmd,name); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/log/bolixo\n",name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/log/bolixo\n",trli_user,name); // Copy the new account greeting messages fprintf (fout,"FILE=/etc/bolixo/greetings.lst\n"); fprintf (fout,"if [ -f $FILE ] ; then\n"); fprintf (fout,"\tmkdir -p /var/lib/lxc/%s/rootfs/etc/bolixo\n",name); fprintf (fout,"\tcp $FILE /var/lib/lxc/%s/rootfs/etc/bolixo\n",name); fprintf (fout,"\tcat $FILE | grep -v '#' | while read line\n"); fprintf (fout,"\tdo\n"); fprintf (fout,"\t\tif [ \"$line\" != \"\" ]; then\n"); fprintf (fout,"\t\t\tdir=`dirname $line`\n"); fprintf (fout,"\t\t\tmkdir -p /var/lib/lxc/%s/rootfs/$dir\n",name); fprintf (fout,"\t\t\tcp $line /var/lib/lxc/%s/rootfs/$dir\n",name); fprintf (fout,"\t\tfi\n"); fprintf (fout,"\tdone\n"); fprintf (fout,"fi\n"); // Load the list of default interests fprintf (fout,"FILE=/etc/bolixo/default_interests.lst\n"); fprintf (fout,"if [ -f $FILE ] ; then\n"); fprintf (fout,"\tcat $FILE | grep -v '#' | while read line\n"); fprintf (fout,"\tdo\n"); fprintf (fout,"\t\tif [ \"$line\" != \"\" ] ;then\n"); fprintf (fout,"\t\t\t%s/bo-writed-control -p /var/lib/lxc/%s/rootfs/var/run/blackhole/bo-writed-0.sock add_default_interest $line\n" ,project_path,name); fprintf (fout,"\t\tfi\n"); fprintf (fout,"\tdone\n"); fprintf (fout,"fi\n"); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); glocal.delayed.push_back(delayfile); ("writed","bo-writed",project_path,glocal.workers,glocal.stopwrited); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/compute.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/publishd.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/smtp.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql-users.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/keysd.sock %s\n" ,blackhole_path,sock_dir,name); _F_lxc_stop::insert(fout,name,command,command_path,workers); lxc_config ("writed",ip_writed); lxc_status (project_path,"writed","bo-writed",glocal.workers); lxc_debug (project_path,"writed","bo-writed",glocal.workers); } } // SERVICE bod for (auto t:glocal.config->bods){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/bod",0755); glocal const char *secret = t.secret.c_str(); glocal int workers = t.workers; glocal unsigned maxaccts = t.maxaccts; ("/var/lib/lxc/bod/bod.init",false); fprintf (fout,"export BOD_PWD=%s\n",sql_bod_pwd); /* Important, we create one more bod process than specified (see the <=). The last one is used only by webapi.hc for the getpubkey request. This is done to avoid a dead-lock. The sequence is this. A user add a remote account in his interest list. The bod serving the user contact the remote site to register this site in the interest list of the remote user. If this is the first time that we contact the remote site, it will request our public key. And based on activities on all the bod servers, this request might be served by the bod server doing the remote request. Dead-lock. */ for (int i=0; i<=glocal.workers; i++){ const char *onlylocal = i==glocal.workers ? "--onlylocal" : ""; fprintf (fout,"%s/bod ",project_path); fprintf (fout,"--tcpport %d --control %s/bod-%d.sock" " --maxaccts %u" " --adminhost %s --adminport /dev/writed.sock --sesshost %s --sessport /dev/sessiond.sock" " --dbserv %s --dbname files --dbuser %s" " --admin_secrets %s/secrets.admin --client_secrets %s/secrets.client" " --mysecret %s --user %s --sqltcpport 3307 --daemon" " --pidfile /tmp/bod-%d.pid %s" ,9000+i,lxcsock_dir,i ,glocal.maxaccts ,horizon_ip,horizon_ip ,"localhost",sql_bod_user ,config_dir,config_dir ,glocal.secret,trli_user ,i,onlylocal); fprintf (fout," --nodename %s --dirserver %s",glocal.nodename,glocal.dirserver); if (glocal.devmode || preprodmode){ fprintf (fout," --nonstrict --usehttp test1.bolixo.org"); } fprintf (fout,"\n"); } return 0; string startfile,delayfile; ("bod",ip_bod,startfile,delayfile,trli_user,trli_userid); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/writed.sock:/var/lib/lxc/%s/rootfs/dev/writed.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/writed.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/documentd.sock:/var/lib/lxc/%s/rootfs/dev/documentd.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/documentd.sock\n",trli_user,name); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); umount_needed (fout,name,"bolixo"); fprintf (fout,"echo nameserver %s >/var/lib/lxc/%s/rootfs/etc/resolv.conf\n" ,horizon_ip,name); if (glocal.devmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/bod/rootfs/etc/hosts\n" ,ip0_webssl); fprintf (fout,"echo %s preprod.bolixo.org >>/var/lib/lxc/bod/rootfs/etc/hosts\n" ,ip_preprod); fprintf (fout,"echo %s preprod2.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod2,name); fprintf (fout,"echo %s preprod3.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod3,name); }else if (preprodmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/bod/rootfs/etc/hosts\n" ,ip0_webssl); fprintf (fout,"echo %s alpha.bolixo.org >>/var/lib/lxc/bod/rootfs/etc/hosts\n" ,ip_preprod); fprintf (fout,"echo %s preprod.bolixo.org >>/var/lib/lxc/bod/rootfs/etc/hosts\n" ,ip_preprod); fprintf (fout,"echo %s preprod2.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod2,name); fprintf (fout,"echo %s preprod3.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod3,name); fprintf (fout,"echo %s bolixo.org >>/var/lib/lxc/bod/rootfs/etc/hosts\n" ,ip_preprod); } fprintf (fout,"SESSION=`%s/bo-writed-control -p /var/lib/lxc/writed/rootfs/var/run/blackhole/bo-writed-0.sock login admin`\n" ,project_path); fprintf (fout,"if [ \"$SESSION\" = \"\" ] ;then\n"); fprintf (fout,"\techo No session for user admin\n"); fprintf (fout,"\texit 1\n"); fprintf (fout,"else\n"); fprintf (fout,"\tfor file in /var/lib/lxc/bod/rootfs/var/run/blackhole/bod-*.sock\n"); fprintf (fout,"\tdo\n"); fprintf (fout,"\t\t%s/bod-control -p $file set_admin_session $SESSION\n",project_path); fprintf (fout,"\tdone\n"); fprintf (fout,"fi\n"); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); glocal.delayed.push_back(delayfile); // +1 for the pubkey bod server ("bod","bod",project_path,glocal.workers+1,glocal.stopbod); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/writed.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/documentd.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"SESSION=`%s/bod-control -p /var/lib/lxc/bod/rootfs/var/run/blackhole/bod-0.sock status | grep admin_sessionid: | ( read a b; echo $b)`\n" ,project_path); fprintf (fout,"if [ \"$SESSION\" != \"\" ] ; then\n"); fprintf (fout,"\t%s/bo-writed-control -p /var/lib/lxc/writed/rootfs/var/run/blackhole/bo-writed-0.sock logout $SESSION\n" ,project_path); fprintf (fout,"fi\n"); lxc_config ("bod",ip_bod,true); lxc_status (project_path,"bod","bod",glocal.workers+1); lxc_debug (project_path,"bod","bod",glocal.workers+1); } } // SERVICE keysd for (auto t:glocal.config->keysds){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/keysd",0755); ("/var/lib/lxc/keysd/keysd.init",false); fprintf (fout,"export BO_WRITED_PWD=%s\n",sql_bo_writed_pwd); fprintf (fout,"%s/bo-keysd ",project_path); fprintf (fout,"--control %s/bo-keysd.sock" " --data_dbserv %s --data_dbname %s --data_dbuser %s" " --users_dbserv %s --users_dbname %s --users_dbuser %s" " --user %s --daemon" " --pidfile /tmp/keysd.pid\n" ,lxcsock_dir ,"localhost","files",sql_bo_writed_user ,"localhost","users",sql_bo_writed_user ,trli_user); return 0; string startfile; ("keysd",ip_keysd,startfile,trli_user,trli_userid); // Sockets for both MySQL servers fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql-users.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql-users.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql-users.sock\n",trli_user,name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("keysd","bo-keysd",project_path,-1,glocal.stopkeysd); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql-users.sock %s\n" ,blackhole_path,sock_dir,name); _F_lxc_stop::insert(fout,name,command,command_path,workers); lxc_config ("keysd",ip_keysd); lxc_status (project_path,"keysd","bo-keysd",-1); lxc_debug (project_path,"keysd","bo-keysd",-1); } } // SERVICE sessiond for (auto s:glocal.config->sessionds){ if (s.server == glocal.server){ mkdir ("/var/lib/lxc/sessiond",0755); ("/var/lib/lxc/sessiond/sessiond.init",false); fprintf (fout,"%s/bo-sessiond ",project_path); fprintf (fout,"--tcpport 9200 --control %s/bo-sessiond.sock" " --admin-secrets %s/secrets.admin --client-secrets %s/secrets.client" " --user %s --daemon --pidfile /tmp/sessiond.pid" " --variable subject --variable order --variable currentform" " --variable offsets --variable webtabs --variable currents --variable document --variable geometry" " --variable copy --variable fulltext --user_variable firstseen --variable subtabs\n" ,lxcsock_dir ,config_dir,config_dir ,trli_user); return 0; string startfile; lxc_start ("sessiond",ip_sessiond,startfile); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); lxc_stop ("sessiond","bo-sessiond",project_path,-1,glocal.stopsessiond); lxc_config ("sessiond",ip_sessiond); lxc_status (project_path,"sessiond","bo-sessiond",-1); lxc_debug (project_path,"sessiond","bo-sessiond",-1); } } // SERVICE web for (auto s:glocal.config->webs){ if (s.server == glocal.server){ glocal const char *secret = s.secret.c_str(); static const char *tb[]={"web","web-fail"}; const char *ip = ip_web; for (auto w:tb){ glocal w; mkdir (string_f("/var/lib/lxc/%s",w).c_str(),0755); (string_f("/var/lib/lxc/%s/%s.init",w,w),false); fprintf (fout,"/usr/sbin/httpd --daemon\n"); fprintf (fout,"%s/trli-stop --daemon --user %s --control /tmp/trli-stop.sock --pidfile /tmp/trli-stop.pid\n",sbin_path,"apache"); fprintf (fout,"%s/bo-websocket --daemon --user %s --user-control %s\n",project_path,"apache",trli_user); return 0; string startfile; (w,ip,startfile,"apache",48); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/bod.sock:/var/lib/lxc/%s/rootfs/dev/bod.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/bod.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/bod-pubkey.sock:/var/lib/lxc/%s/rootfs/dev/bod-pubkey.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/bod-pubkey.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/bolixod.sock:/var/lib/lxc/%s/rootfs/dev/bolixod.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/bolixod.sock\n",name); tlmpweb_conf (fout,name); fprintf (fout,"echo nameserver %s >/var/lib/lxc/%s/rootfs/etc/resolv.conf\n" ,horizon_ip,name); if (glocal.devmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_webssl,name); }else if (preprodmode){ fprintf (fout,"echo %s alpha.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); fprintf (fout,"echo %s preprod2.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod2,name); fprintf (fout,"echo %s preprod3.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod3,name); fprintf (fout,"echo %s bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip_preprod,name); } fprintf (fout,"echo AddOutputFilterByType DEFLATE text/html >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/deflate.conf\n",name); fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/cgitimeout.conf\n",name); fprintf (fout,"CGIDScriptTimeout 400\n"); fprintf (fout,"EOF\n"); // Generate the list of time zones fprintf (fout,"%s >/var/lib/lxc/%s/rootfs/etc/timezones.lst\n",zoneinfo_cmd,name); fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/var/www/html/static.html\n",name); fprintf (fout,"\n"); fprintf (fout,"this is a test\n"); fprintf (fout,"\n"); fprintf (fout,"EOF\n"); fprintf (fout,"echo %s >/var/lib/lxc/%s/rootfs/etc/secret\n",glocal.secret,name); fprintf (fout,"echo node=%s >/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",glocal.nodename,name); fprintf (fout,"echo dirserver=%s >>/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",glocal.dirserver,name); fprintf (fout,"echo org=%s >>/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",glocal.org,name); fprintf (fout,"echo waitevent_delay=0 >>/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",name); if (preprodmode){ fprintf (fout,"echo nonstrict >>/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",name); } if (glocal.devmode){ fprintf (fout,"echo experimental >>/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",name); } fprintf (fout,"echo %s:x:%d:%d:trli user:/home/trli:/sbin/nologin >>/var/lib/lxc/%s/rootfs/etc/passwd\n" ,trli_user,trli_userid,trli_userid,name); if (glocal.private_site){ fprintf (fout,"echo private_site >>/var/lib/lxc/%s/rootfs/etc/bolixonode.conf\n",name); } fprintf (glocal.all_fout,"%s\n",startfile.c_str()); string stopcmd; (w,NULL,NULL,-1,stopcmd); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/bod.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/bod-pubkey.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/bolixod.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"lxc-stop -n %s\n",name); string status_sh = string_f("/var/lib/lxc/%s/status.sh",w); (status_sh,false); fprintf (fout,"#!/usr/bin/sh\n"); fprintf (fout,"echo '----trli-stop'\n"); fprintf (fout,"%s/trli-stop-control --control /var/lib/lxc/%s/rootfs/tmp/trli-stop.sock status\n",sbin_path,glocal.w); fprintf (fout,"echo '----bo-websocket'\n"); fprintf (fout,"%s/bo-websocket-control --control /var/lib/lxc/%s/rootfs/var/run/websocket-control.sock status\n" ,project_path,glocal.w); return 0; chmod (status_sh.c_str(),0755); if (glocal.stopweb.size() > 0) glocal.stopweb += "\n"; glocal.stopweb += stopcmd.c_str(); lxc_config (w,ip,true); ip = ip_web_fail; } } } // SERVICE webadm for (auto s:glocal.config->webadms){ if (s.server == glocal.server){ mkdir ("/var/lib/lxc/webadm",0755); ("/var/lib/lxc/webadm/webadm.init",false); fprintf (fout,"/usr/sbin/httpd --daemon\n"); fprintf (fout,"%s/trli-stop --daemon --user %s --control /tmp/trli-stop.sock --pidfile /tmp/trli-stop.pid\n",sbin_path,"apache"); return 0; string startfile; ("webadm",ip_webadm,startfile,"apache",48); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/bod.sock:/var/lib/lxc/%s/rootfs/dev/bod.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/bod.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",name); tlmpweb_conf (fout,name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("webadm",NULL,NULL,-1,glocal.stopwebadm); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/bod.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"lxc-stop -n %s\n",name); lxc_config ("webadm",ip_webadm); } } // SERVICE webssl for (auto s:glocal.config->webssls){ if (s.server == glocal.server){ static const char *tb[]={"webssl","webssl-fail"}; glocal const char *ip = ip_webssl; for (auto w:tb){ mkdir (string_f("/var/lib/lxc/%s",w).c_str(),0755); (string_f("/var/lib/lxc/%s/%s.init",w,w),false); fprintf (fout,"/usr/sbin/httpd --daemon\n"); return 0; string startfile; (w,glocal.ip,startfile,"apache",48); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/web.sock:/var/lib/lxc/%s/rootfs/dev/web.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/web.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/ws.sock:/var/lib/lxc/%s/rootfs/dev/ws.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/ws.sock\n",name); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"echo %s %s >>/var/lib/lxc/%s/rootfs/etc/hosts\n",glocal.ip,glocal.hostname,name); fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/proxy.conf\n",name); fprintf (fout,"DirectoryIndex index.hc\n"); // The CGI execution timeout is 10 minutes, so make this one minute less. // This affects the notitication system. It means the connection will timeout every 9 minutes. const char *unixwebsock = "unix:/dev/web.sock|"; const char *unixwssock = "unix:/dev/ws.sock|"; fprintf (fout,"ProxyPass \"/index.hc\" \"%shttp://192.168.4.1:9080/index.hc\" timeout=%d\n",unixwebsock,9*60); fprintf (fout,"ProxyPass \"/webapi.hc\" \"%shttp://192.168.4.1:9080/webapi.hc\"\n",unixwebsock); fprintf (fout,"ProxyPass \"/bolixoapi.hc\" \"%shttp://192.168.4.1:9080/bolixoapi.hc\"\n",unixwebsock); fprintf (fout,"ProxyPass \"/bolixo.hc\" \"%shttp://192.168.4.1:9080/bolixo.hc\"\n",unixwebsock); fprintf (fout,"ProxyPass \"/wss\" \"%sws://192.168.4.1:9082/\"\n",unixwssock); fprintf (fout,"RewriteEngine On\n"); fprintf (fout,"#LogLevel alert rewrite:trace7\n"); fprintf (fout,"RewriteRule ^/public/(.*) /public.hc?image=\\$1 [PT,QSA]\n"); fprintf (fout,"RewriteRule ^/publique/(.*) /public.hc?image=\\$1 [PT,QSA]\n"); fprintf (fout,"ProxyPass \"/public.hc\" \"%shttp://192.168.4.1:9080/public.hc\"\n",unixwebsock); if (glocal.devmode){ fprintf (fout,"ProxyPass \"/journey.hc\" \"http://192.168.4.1:9080/journey.hc\"\n"); } fprintf (fout,"ProxyPass \"/blog.hc\" \"http://192.168.4.1:9080/blog.hc\"\n"); fprintf (fout,"ProxyPass \"/admin.hc\" \"http://192.168.4.2:9080/admin.hc\"\n"); fprintf (fout,"ProxyPass \"/static.html\" \"http://192.168.4.1:9080/static.html\"\n"); fprintf (fout,"EOF\n"); if (!glocal.devmode){ fprintf (fout,"if [ -f /etc/letsencrypt/live/%s/fullchain.pem ]; then\n",glocal.hostname); fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/redirect.conf\n",name); fprintf (fout,"\n"); #if 1 fprintf (fout,"RewriteEngine On\n"); fprintf (fout,"RewriteCond %%{HTTPS} !=on\n"); // This checks to make sure the connection is not already HTTPS fprintf (fout,"RewriteRule ^/?(.*) https://%%{SERVER_NAME}/$1 [R,L]\n"); #else static const char *tb[]={"","index.hc","bolixoapi.hc","bolixo.hc","webapi.hc"}; for (auto f:tb){ fprintf (fout,"Redirect permanent /%s %s/%s\n",f,glocal.nodename,f); } #endif fprintf (fout,"\n"); fprintf (fout,"EOF\n"); // We make sure this is the first virtualhost by naming it 0hostssl.conf fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/0hostssl.conf\n",name); fprintf (fout,"\n",glocal.hostname); fprintf (fout,"ServerName %s\n",glocal.hostname); if (preprodmode){ fprintf (fout,"ServerAlias preprod.bolixo.org\n"); } fprintf (fout,"SSLCertificateFile /etc/letsencrypt/live/%s/fullchain.pem\n",glocal.hostname); fprintf (fout,"SSLCertificateKeyFile /etc/letsencrypt/live/%s/privkey.pem\n",glocal.hostname); fprintf (fout,"Include /etc/letsencrypt/options-ssl-apache.conf\n"); fprintf (fout,"ErrorLog logs/ssl_error_log\n"); fprintf (fout,"TransferLog logs/ssl_access_log\n"); fprintf (fout,"RewriteEngine On\n"); fprintf (fout,"#LogLevel alert rewrite:trace7\n"); fprintf (fout,"RewriteRule ^/public/(.*) /public.hc?image=\\$1 [PT,QSA]\n"); fprintf (fout,"RewriteRule ^/publique/(.*) /public.hc?image=\\$1 [PT,QSA]\n"); fprintf (fout,"\n"); fprintf (fout,"EOF\n"); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/etc/letsencrypt/live/%s\n",name,glocal.hostname); fprintf (fout,"cp /etc/letsencrypt/options-ssl-apache.conf /var/lib/lxc/%s/rootfs/etc/letsencrypt\n",name); fprintf (fout,"cp /etc/letsencrypt/live/%s/fullchain.pem /var/lib/lxc/%s/rootfs/etc/letsencrypt/live/%s\n" ,glocal.hostname,name,glocal.hostname); fprintf (fout,"cp /etc/letsencrypt/live/%s/privkey.pem /var/lib/lxc/%s/rootfs/etc/letsencrypt/live/%s\n" ,glocal.hostname,name,glocal.hostname); fprintf (fout,"fi\n"); // Special case for directory server fprintf (fout,"if [ -f /etc/letsencrypt/live/bolixo.org/fullchain.pem ] ; then\n"); fprintf (fout," cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/bolixo_org.conf\n",name); fprintf (fout,"\n"); fprintf (fout,"ServerName bolixo.org\n"); fprintf (fout,"DirectoryIndex bolixo.hc\n"); fprintf (fout,"SSLCertificateFile /etc/letsencrypt/live/bolixo.org/fullchain.pem\n"); fprintf (fout,"SSLCertificateKeyFile /etc/letsencrypt/live/bolixo.org/privkey.pem\n"); fprintf (fout,"Include /etc/letsencrypt/options-ssl-apache.conf\n"); fprintf (fout,"ErrorLog logs/ssl_error_log\n"); fprintf (fout,"TransferLog logs/ssl_access_log\n"); fprintf (fout,"\n"); fprintf (fout,"EOF\n"); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/etc/letsencrypt/live/bolixo.org\n",name); fprintf (fout,"cp /etc/letsencrypt/live/bolixo.org/fullchain.pem /var/lib/lxc/%s/rootfs/etc/letsencrypt/live/bolixo.org\n",name); fprintf (fout,"cp /etc/letsencrypt/live/bolixo.org/privkey.pem /var/lib/lxc/%s/rootfs/etc/letsencrypt/live/bolixo.org\n",name); fprintf (fout,"echo %s bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n",glocal.ip,name); fprintf (fout,"fi\n"); } fprintf (fout,"ROOT=/var/lib/lxc/%s/rootfs\n",name); fprintf (fout,"for FILE in /etc/httpd/conf.d/add.conf /etc/httpd/conf.d/le_http_01_challenge_pre.conf /etc/httpd/conf.d/le_http_01_challenge_post.conf\n"); fprintf (fout,"do\n"); fprintf (fout," if [ -f $FILE ] ; then\n"); fprintf (fout," cp -a $FILE $ROOT/etc/httpd/conf.d/.\n"); fprintf (fout," cp -a $FILE /tmp/.\n"); fprintf (fout," fi\n"); fprintf (fout,"done\n"); fprintf (fout,"if [ -d /var/lib/letsencrypt ] ; then\n"); fprintf (fout," mkdir -p $ROOT/var/lib/letsencrypt\n"); fprintf (fout," cp -a /var/lib/letsencrypt/. $ROOT/var/lib/letsencrypt/.\n"); fprintf (fout,"fi\n"); fprintf (fout,"cp /var/www/html/images-doc/* $ROOT/var/www/html/.\n"); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); string stopcmd; (w,NULL,NULL,-1,stopcmd); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/web.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/ws.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"lxc-stop -n %s\n",name); if (glocal.stopwebssl.size() > 0) glocal.stopwebssl += "\n"; glocal.stopwebssl += stopcmd.c_str(); lxc_config (w,glocal.hostname,glocal.ip,true); glocal.ip = ip_webssl_fail; } } } // SERVICE protocheck for (auto s:glocal.config->protos){ if (s.server == glocal.server){ glocal PROTO *p = &s; mkdir ("/var/lib/lxc/protocheck",0755); ("/var/lib/lxc/protocheck/protocheck.init",false); for (unsigned i=0; iworkers; i++){ fprintf (fout,"%s/protocheck-2factors" " --control %s/protocheck-2factors-%u.sock --user %s --pidfile %s/protocheck-%u.pid --daemon" " --follow_mode --unlocked --bind %s --port unix:/tmp/proto-%u.sock" " --http %s/http_check.conf --errorfile /tmp/error-%u.log\n" ,blackhole_path ,lxcsock_dir,i,"apache",pid_dir,i ,ip_proto,glocal.p->port+i ,config_dir,i); } fprintf (fout,"%s/protocheck-2factors" " --control %s/protocheck-2factors-learn.sock --user %s --pidfile %s/protocheck-learn.pid --daemon" " --follow_mode --unlocked --bind %s --port unix:/tmp/proto-%u.sock" " --http %s/http_check.conf --learnfile /tmp/learn.log --errorfile /tmp/error-learn.log\n" ,blackhole_path ,lxcsock_dir,"apache",pid_dir ,ip_proto,glocal.p->port_l ,config_dir); return 0; string startfile; lxc_start ("protocheck",ip_proto,startfile,"apache",48); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("protocheck",NULL,NULL,-1,glocal.stopproto); for (unsigned i=0; iworkers; i++){ fprintf (fout,"%s/protocheck-2factors-control" " -p /var/lib/lxc/protocheck/rootfs%s/protocheck-2factors-%u.sock quit\n" ,blackhole_path,lxcsock_dir,i); } fprintf (fout,"%s/protocheck-2factors-control" " -p /var/lib/lxc/protocheck/rootfs%s/protocheck-2factors-learn.sock quit\n" ,blackhole_path,lxcsock_dir); fprintf (fout,"lxc-info -s -n %s | grep -q RUNNING && (echo Force stop %s; lxc-stop -n %s)\n" ,name,name,name); lxc_config ("protocheck",ip_proto); lxc_status (blackhole_path,"protocheck","protocheck-2factors",s.workers); lxc_debug (blackhole_path,"protocheck","protocheck-2factors",s.workers); } } // SERVICE bosqlddata for (auto s:glocal.config->bosqlddatas){ if (s.server == glocal.server){ string startfile; config_sql ("bosqlddata",ip_bosqlddata,startfile,glocal.stopsqlddata); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); } } // SERVICE bosqlduser for (auto s:glocal.config->bosqldusers){ if (s.server == glocal.server){ string startfile; config_sql ("bosqlduser",ip_bosqlduser,startfile,glocal.stopsqlduser); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); } } // SERVICE bosqldbolixo for (auto s:glocal.config->bosqldbolixos){ if (s.server == glocal.server){ string startfile; config_sql ("bosqldbolixo",ip_bosqldbolixo,startfile,glocal.stopsqldbolixo); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); } } // SERVICE exim for (auto s:glocal.config->exims){ if (s.server == glocal.server){ glocal EXIM *p = &s; mkdir ("/var/lib/lxc/exim",0755); ("/var/lib/lxc/exim/exim.init",false); fprintf (fout,"/usr/sbin/exim -bd -q15m\n"); return 0; string startfile; ("exim",ip_exim,startfile,"exim",93); fprintf (fout,"echo nameserver %s >/var/lib/lxc/%s/rootfs/etc/resolv.conf\n" ,horizon_ip,name); fprintf (fout,"echo smtp 25/tcp mail >/var/lib/lxc/exim/rootfs/etc/services\n"); if (preprodmode){ fprintf (fout,"echo %s test1.bolixo.org >>/var/lib/lxc/%s/rootfs/etc/hosts\n" ,ip0_webssl,name); fprintf (fout,"echo 192.168.124.1 relay >>/var/lib/lxc/%s/rootfs/etc/hosts\n",name); }else{ fprintf (fout,"echo 192.168.122.1 relay >>/var/lib/lxc/%s/rootfs/etc/hosts\n",name); } fprintf (fout,"echo 192.168.4.1 norelay >>/var/lib/lxc/%s/rootfs/etc/hosts\n",name); fprintf (fout,"echo root: /dev/null >/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"echo exim: /dev/null >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"echo no-reply: /dev/null >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"if [ -f /etc/bolixo/admins.conf ] ; then\n"); fprintf (fout,"\t. /etc/bolixo/admins.conf\n"); fprintf (fout,"\techo info: $ADMIN1 >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"\techo admin: $ADMIN1 >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"else\n"); fprintf (fout,"\techo No /etc/bolixo/admins.conf\n"); fprintf (fout,"fi\n"); fprintf (fout,"cp -a /etc/pki /var/lib/lxc/%s/rootfs/etc/pki\n",name); fprintf (fout,"DIRCERTS=/var/lib/lxc/%s/rootfs/etc/pki/tls/certs\n",name); fprintf (fout,"DIRPRIVATE=/var/lib/lxc/%s/rootfs/etc/pki/tls/private\n",name); fprintf (fout,"mkdir -p $DIRCERTS $DIRPRIVATE\n"); fprintf (fout,"test -f /etc/letsencrypt/live/%s/cert.pem && cp /etc/letsencrypt/live/%s/cert.pem $DIRCERTS/exim.pem\n" ,glocal.hostname,glocal.hostname); fprintf (fout,"test -f /etc/letsencrypt/live/%s/privkey.pem && cp /etc/letsencrypt/live/%s/privkey.pem $DIRPRIVATE/exim.pem\n" ,glocal.hostname,glocal.hostname); // Make sure exim accepts the hostname as well as the bolixo.org domain. string alias; for (auto &s:glocal.p->alias) alias += string_f(" : %s",s.c_str()); fprintf (fout,"sed 's/localhost.localdomain/localhost.localdomain : %s%s/' /var/lib/lxc/%s/rootfs/etc/exim/exim.conf.new\n",glocal.hostname,alias.c_str(),name,name); fprintf (fout,"mv -f /var/lib/lxc/%s/rootfs/etc/exim/exim.conf.new" " /var/lib/lxc/%s/rootfs/etc/exim/exim.conf\n",name,name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); lxc_stop ("exim",NULL,NULL,-1,glocal.stopexim); lxc_config ("exim","bolixo.org",ip_exim,true); } } } // SERVICE bo-mon for (auto s:glocal.config->monitors){ if (s.server == glocal.server){ static const char *mon_sh = "/var/lib/lxc/bo-mon-start.sh"; glocal MON *s = &s; (mon_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"ln -sf %s/udpproxy.sock %s/B-udpproxy.sock\n",sock_dir,sock_tests_dir); fprintf (fout,"ln -sf %s/udpproxy-out.sock %s/B-udpproxy-out.sock\n",sock_dir,sock_tests_dir); fprintf (fout,"%s/bo-mon --daemon --control %s/bo-mon.sock --sock_dir %s" " --bod-secret %s --bolixod-secret %s --publishd-secret %s --documentd-secret %s --user %s --alarmcmd %s\n" ,project_path,sock_dir,sock_tests_dir ,glocal.s->bod_secret.c_str(),glocal.s->bolixod_secret.c_str(),glocal.s->publishd_secret.c_str() ,glocal.s->documentd_secret.c_str() ,trli_user,glocal.s->alarmcmd.c_str()); if (glocal.devmode){ fprintf (fout,"chown %s %s/bo-mon.sock\n",trli_user,sock_dir); } return 0; trli_chmod (mon_sh,0755); fprintf (fout,"%s\n",mon_sh); static const char *stop_sh = "/var/lib/lxc/bo-mon-stop.sh"; (stop_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/bo-mon-control -p %s/bo-mon.sock quit\n",project_path,sock_dir); return 0; trli_chmod (stop_sh,0755); glocal.stoptrlimon = stop_sh; } } // SERVICE trli-syslog for (auto s:glocal.config->logs){ if (s.server == glocal.server){ string startcmd,stopcmd; const char *devlog_user = "blackhole"; if (glocal.devmode) devlog_user = trli_user; config_syslog (startcmd,glocal.stoptrlisyslog,devlog,devlog_user,trli_user); fprintf (fout,"%s\n",startcmd.c_str()); } } // SERVICE compute for (auto s:glocal.config->computes){ static const char *compute_start = "/var/lib/lxc/compute-start.sh"; (compute_start,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,". /root/trli.conf\n"); fprintf (fout,"%s/trli-log --daemon --data_dbserv 192.168.4.1 --data_dbuser %s" " --data_dbname trli --sqltcpport 3307" " --control %s/trli-log.sock --unixadmin unix:%s/compute.sock" " --compute --admin-secrets %s/secrets.admin" " /var/lib/lxc/writed/rootfs/%s/bo-writed.log\n" ,project_path,sql_bo_writed_user ,sock_dir,sock_dir ,config_dir ,log_dir); if (glocal.devmode){ fprintf (fout,"chown %s %s/compute.sock\n",trli_user,sock_dir); } return 0; trli_chmod (compute_start,0755); fprintf (fout,"%s\n",compute_start); glocal.stopcompute = "/var/lib/lxc/compute-stop.sh"; (glocal.stopcompute,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/trli-log-control -p %s/trli-log.sock quit\n" ,project_path,sock_dir); return 0; trli_chmod (glocal.stopcompute,0755); } if (glocal.delayed.size() > 0){ fprintf (fout,"sleep 2 # Gives some time for database services to start\n"); for (auto &s:glocal.delayed){ fprintf (fout,"%s\n",s.c_str()); } } // In production mode, the passphrase has to be entered by the operator. if (glocal.devmode){ fprintf (glocal.all_fout,"export KEYSDPASS=toto\n"); }else{ fprintf (glocal.all_fout,"if [ -f /root/keysd.pass ]; then\n"); fprintf (glocal.all_fout,"\texport KEYSDPASS=`cat /root/keysd.pass`\n"); fprintf (glocal.all_fout,"\tshred -u /root/keysd.pass\n"); fprintf (glocal.all_fout,"fi\n"); } if (preprodmode){ glocal.stopemail_log = "killall email-log"; fprintf (glocal.all_fout,"/usr/lib/email-log --daemon\n"); } fprintf (glocal.all_fout,"%s/bo-keysd-control -p /var/lib/lxc/keysd/rootfs/var/run/blackhole/bo-keysd.sock setpassphrase\n",project_path); fprintf (glocal.all_fout,"exit 0\n"); // So systemd believes the services started even if there were some errors. return 0; trli_chmod (bo_start,0755); (bo_stop,false); fprintf (fout,"#!/usr/bin/sh\n"); if (glocal.stopcompute.size() > 0) fprintf (fout,"%s\n",glocal.stopcompute.c_str()); if (glocal.stoptrlimon.size() > 0) fprintf (fout,"%s\n",glocal.stoptrlimon.c_str()); if (glocal.stopbod.size() > 0) fprintf (fout,"%s\n",glocal.stopbod.c_str()); if (glocal.stopbolixod.size() > 0) fprintf (fout,"%s\n",glocal.stopbolixod.c_str()); if (glocal.stoppublishd.size() > 0) fprintf (fout,"%s\n",glocal.stoppublishd.c_str()); if (glocal.stopdocumentd.size() > 0) fprintf (fout,"%s\n",glocal.stopdocumentd.c_str()); if (glocal.stopwrited.size() > 0) fprintf (fout,"%s\n",glocal.stopwrited.c_str()); if (glocal.stopkeysd.size() > 0) fprintf (fout,"%s\n",glocal.stopkeysd.c_str()); if (glocal.stopsessiond.size() > 0) fprintf (fout,"%s\n",glocal.stopsessiond.c_str()); if (glocal.stopweb.size() > 0) fprintf (fout,"%s\n",glocal.stopweb.c_str()); if (glocal.stopwebadm.size() > 0) fprintf (fout,"%s\n",glocal.stopwebadm.c_str()); if (glocal.stopwebssl.size() > 0) fprintf (fout,"%s\n",glocal.stopwebssl.c_str()); if (glocal.stopsqlddata.size() > 0) fprintf (fout,"%s\n",glocal.stopsqlddata.c_str()); if (glocal.stopsqlduser.size() > 0) fprintf (fout,"%s\n",glocal.stopsqlduser.c_str()); if (glocal.stopsqldbolixo.size() > 0) fprintf (fout,"%s\n",glocal.stopsqldbolixo.c_str()); if (glocal.stopproto.size() > 0) fprintf (fout,"%s\n",glocal.stopproto.c_str()); if (glocal.stopexim.size() > 0) fprintf (fout,"%s\n",glocal.stopexim.c_str()); if (glocal.stoptrlisyslog.size() > 0) fprintf (fout,"%s\n",glocal.stoptrlisyslog.c_str()); if (glocal.stopemail_log.size() > 0) fprintf (fout,"%s\n",glocal.stopemail_log.c_str()); fprintf (fout,"vkillall -n ROOT udpproxy\n"); fprintf (fout,"exit 0\n"); return 0; trli_chmod (bo_stop,0755); ("/tmp/bkstop.sh",false); fprintf (fout,"%s/blackhole-control -p %s/blackhole.sock quit\n",blackhole_path,sock_dir); fprintf (fout,"%s/horizon-control -p %s/horizon.sock quit\n",blackhole_path,sock_dir); fprintf (fout,"%s/conproxy-control -p %s/conproxy.sock quit\n",blackhole_path,sock_dir); //fprintf (fout,"%s/protocheck-2factors-control -p %s/protocheck-2factors.sock quit\n",blackhole_path,sock_dir); //fprintf (fout,"%s/protocheck-2factors-control -p %s/protocheck-2factors-learn.sock quit\n",blackhole_path,sock_dir); return 0; trli_chmod ("/tmp/bkstop.sh",0755); } static bool trli_lookup (const char *name, vector &tb) { bool ret = false; if (tb.size() > 0){ if (strcmp(tb[0].c_str(),"all")==0){ ret = true; }else{ for (auto x:tb){ if (strcmp(x.c_str(),name)==0){ ret = true; break; } } } } return ret; } int main (int argc, char *argv[]) { glocal int ret = -1; glocal const char *config_file = "/etc/trli/manager.conf"; glocal bool dumpconfig = false; glocal bool devmode = false; glocal vector devip; // List of services which requires a development IP glocal bool inframode = false; glocal.ret = (argc,argv,"bolixo"); setproginfo ("bo-manager",VERSION,MSG_U(I_BOMANAGER ,"Configure the Bolixo cluster" "\n" "bo-manager [ options ] printconfig host\n" )); setarg ('c',"config","Config file",glocal.config_file,false); setarg (' ',"dump","Dump config (debug)",glocal.dumpconfig,false); setarg (' ',"devip","Use development IP (127.0.0.X) for a given service",glocal.devip,false); setarg (' ',"blackhole_path","Path of blackhole utilities",blackhole_path,false); setgrouparg ("Modes"); setarg (' ',"devmode","Sets various parameters to run on a workstation",glocal.devmode,false); setarg (' ',"inframode","Generate config only for infrastructure",glocal.inframode,false); setarg (' ',"preprodmode","Sets various parameters to run in pre-production",preprodmode,false); setgrouparg ("SQL"); setarg (' ',"boduser","SQL user for bod server",sql_bod_user,false); setarg (' ',"bodpwd","SQL password for bod server",sql_bod_pwd,false); setarg (' ',"bolixoduser","SQL user for bolixod server",sql_bolixod_user,false); setarg (' ',"bolixodpwd","SQL password for bolixod server",sql_bolixod_pwd,false); setarg (' ',"writeduser","SQL user for bo-writed server",sql_bo_writed_user,false); setarg (' ',"writedpwd","SQL password for bo-writed server",sql_bo_writed_pwd,false); int ret = 0; glocal CONFIG config; if (getenv("BOD_PWD")!=NULL) sql_bod_pwd = getenv("BOD_PWD"); if (getenv("BOLIXOD_PWD")!=NULL) sql_bolixod_pwd = getenv("BOLIXOD_PWD"); if (getenv("PUBLISHD_PWD")!=NULL) sql_publishd_pwd = getenv("PUBLISHD_PWD"); if (getenv("BO_WRITED_PWD")!=NULL) sql_bo_writed_pwd = getenv("BO_WRITED_PWD"); closeweb = file_exist("/root/closeweb"); if (glocal.devmode){ glocal.config.nodename = "http://test1.bolixo.org"; glocal.config.hostname = "test1.bolixo.org"; glocal.config.dirserver = "http://test1.bolixo.org"; }else{ char hostname[200]; if (gethostname(hostname,sizeof(hostname)-1)!=-1){ glocal.config.hostname = hostname; glocal.config.nodename = string_f("http%s://%s",glocal.devmode ? "" : "s",hostname); }else{ tlmp_error (MSG_U(E_HOSTNAME,"Can't get this server host name (%s)\n"),strerror(errno)); } if (preprodmode){ glocal.config.dirserver = "http://test1.bolixo.org"; }else{ glocal.config.dirserver = "https://bolixo.org"; } } (glocal.config_file,true); const char *pt = str_skip(line); if (*pt != '#' && *pt != '\0'){ vector tb; int n = str_splitlineq(pt,tb); if (n >= 1){ const char *word = tb[0].c_str(); if (strcmp(word,"server")==0 && n == 5){ glocal.config.servers[tb[1]] = SERVER(tb[2],tb[3],tb[4]); }else if (strcmp(word,"blackhole")==0 && n == 4){ glocal.config.blackholes.push_back(BLACKHOLE(tb[1],tb[2],trli_atou(tb[3]))); }else if (strcmp(word,"bod")==0 && n == 6){ glocal.config.bods.push_back(BOD(tb[1],trli_atou(tb[2]),trli_atou(tb[3]),tb[4],trli_atou(tb[5]))); }else if (strcmp(word,"writed")==0 && n == 6){ glocal.config.writeds.push_back(WRITED(tb[1],trli_atou(tb[2]),trli_atou(tb[3]),tb[4],tb[5])); }else if (strcmp(word,"keysd")==0 && n == 2){ glocal.config.keysds.push_back(WEB(tb[1])); }else if (strcmp(word,"sessiond")==0 && n == 3){ glocal.config.sessionds.push_back(SESSIOND(tb[1],trli_atou(tb[2]))); }else if (strcmp(word,"bosqlddata")==0 && n == 2){ glocal.config.bosqlddatas.push_back(SQLD(tb[1])); }else if (strcmp(word,"bosqlduser")==0 && n == 2){ glocal.config.bosqldusers.push_back(SQLD(tb[1])); }else if (strcmp(word,"bosqldbolixo")==0 && n == 2){ glocal.config.bosqldbolixos.push_back(SQLD(tb[1])); }else if (strcmp(word,"proto")==0 && n == 3){ glocal.config.protos.push_back(PROTO(tb[1],trli_atou(tb[2]))); }else if (strcmp(word,"web")==0 && n == 3){ glocal.config.webs.push_back(WEB(tb[1],tb[2])); }else if (strcmp(word,"webadm")==0 && n == 2){ glocal.config.webadms.push_back(WEB(tb[1])); }else if (strcmp(word,"webssl")==0 && n == 2){ glocal.config.webssls.push_back(WEB(tb[1])); }else if (strcmp(word,"log")==0 && n == 2){ glocal.config.logs.push_back(WEB(tb[1])); }else if (strcmp(word,"compute")==0 && n == 2){ glocal.config.computes.push_back(WEB(tb[1])); }else if (strcmp(word,"exim")==0 && n >= 2){ EXIM exim(tb[1]); for (int i=2; i tlmp_error ("Empty configuration file %s, ending\n",glocal.config_file); exit (-1); tlmp_error ("Missing configuration file %s, ending\n",fname); exit (-1); if (glocal.config.nodename.size()==0){ tlmp_error (MSG_U(E_NONODEMANE,"File %s does not contain the node name\n"),glocal.config_file); exit (-1); } if (glocal.dumpconfig){ for (auto x:glocal.config.servers) printf ("server %s sshcmd=%s cpcmd=%s\n",x.first.c_str(),x.second.sshcmd.c_str(),x.second.cpcmd.c_str()); for (auto x:glocal.config.blackholes) printf ("blackhole server %s config %s port %u\n",x.server.c_str(),x.config.c_str(),x.port); for (auto x:glocal.config.bods) printf ("bod server %s port %u workers %u\n",x.server.c_str(),x.port,x.workers); for (auto x:glocal.config.writeds) printf ("writed server %s port %u workers %u\n",x.server.c_str(),x.port,x.workers); for (auto x:glocal.config.sessionds) printf ("sessiond server %s port %u\n",x.server.c_str(),x.port); for (auto x:glocal.config.bosqlddatas) printf ("bosqldata server %s\n",x.server.c_str()); for (auto x:glocal.config.bosqldusers) printf ("bosqluser server %s\n",x.server.c_str()); for (auto x:glocal.config.protos) printf ("proto server %s\n",x.server.c_str()); for (auto x:glocal.config.webs) printf ("web server %s\n",x.server.c_str()); for (auto x:glocal.config.webadms) printf ("webadm server %s\n",x.server.c_str()); for (auto x:glocal.config.webssls) printf ("webadm server %s\n",x.server.c_str()); for (auto x:glocal.config.logs) printf ("log server %s\n",x.server.c_str()); for (auto x:glocal.config.computes) printf ("compute server %s\n",x.server.c_str()); } if (preprodmode){ // Run preprod as an lxc container manager_setpreprodmode(); #define PIP_PREFIX "192.168.124." ip_bod = PIP_PREFIX "2"; ip_writed = PIP_PREFIX "3"; ip_sessiond = PIP_PREFIX "4"; ip_web = PIP_PREFIX "5"; ip_web_fail = PIP_PREFIX "15"; ip_webadm = PIP_PREFIX "6"; ip_proto = PIP_PREFIX "7"; ip_webssl = PIP_PREFIX "8"; ip_webssl_fail = PIP_PREFIX "18"; ip_bosqlduser = PIP_PREFIX "9"; ip_bosqlddata = PIP_PREFIX "10"; ip_bosqldbolixo = PIP_PREFIX "14"; ip_exim = PIP_PREFIX "11"; ip_keysd = PIP_PREFIX "12"; ip_bolixod = PIP_PREFIX "13"; ip_publishd = PIP_PREFIX "16"; } if (glocal.devmode){ char path[PATH_MAX]; if (getcwd(path,sizeof(path))==NULL){ tlmp_error ("Can't get current working directory, aborting\n"); exit (-1); } static string dev_config_dir = string(path) +"/data"; config_dir = dev_config_dir.c_str(); static string dev_log_dir("/tmp"); log_dir = dev_log_dir.c_str(); static string dev_sock_dir("/tmp"); sock_dir = dev_sock_dir.c_str(); manager_set_sock_dir("/tmp"); static string dev_sock_tests_dir("/tmp/tests"); sock_tests_dir = dev_sock_tests_dir.c_str(); static string dev_project_path(path); project_path = dev_project_path.c_str(); devlog = "/tmp/trli.log"; blackhole_options_conf = "/tmp/blackhole-options.conf"; blackhole_rules = "/tmp/blackhole-rules.sh"; horizon_options_conf = "/tmp/horizon-options.conf"; horizon_rules = "/tmp/horizon-rules.sh"; if (trli_lookup("horizon",glocal.devip)){ horizon_ip = "127.0.0.10"; horizon_ip2 = "127.0.0.11"; horizon_masterip = "127.0.0.1"; } if (trli_lookup("bod",glocal.devip)) vs_bod = "bod_p"; if (trli_lookup("writed",glocal.devip)) vs_writed = "writed_p"; if (trli_lookup("sessiond",glocal.devip)) vs_sessiond = "sessiond_p"; if (trli_lookup("web",glocal.devip)) ip_web = "192.168.5.5"; if (trli_lookup("webadm",glocal.devip)) ip_webadm = "192.168.5.6"; if (trli_lookup("webssl",glocal.devip)) ip_webssl = ip_webssl_p; if (trli_lookup("proto",glocal.devip)) ip_proto = "192.168.5.7"; if (trli_lookup("bosqlddata",glocal.devip)) ip_bosqlddata = "127.0.0.1"; if (trli_lookup("bosqlduser",glocal.devip)) ip_bosqlduser = "127.0.0.1"; uid_t uid = getuid(); struct passwd *p = getpwuid(uid); if (p == NULL){ tlmp_error ("Can't identify the current user, aborting\n"); exit (-1); } static string dev_trli_user(p->pw_name); trli_user = dev_trli_user.c_str(); trli_userid = p->pw_uid; blackhole_user = dev_trli_user.c_str(); pid_dir = "/tmp"; }else{ struct passwd *p = getpwnam(trli_user); if (p == NULL){ tlmp_error ("Can't identify the user %s, aborting\n",trli_user); exit (-1); } trli_userid = p->pw_uid; } manager_set_manager_user (trli_user,trli_userid); if (argc == 2 && strcmp(argv[0],"printconfig")==0){ const string server(argv[1]); auto s = glocal.config.servers.find(server); if (s == glocal.config.servers.end()){ tlmp_error ("Server %s not found in configuration\n",server.c_str()); }else{ print_configs (server,s->second.public_ip,glocal.config,glocal.devmode); } } return ret; return glocal.ret; }