/* This program lauch all the components of the trli system over the network. It also program the blackhole system tying all the components together. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "hostname.h" using namespace std; static int trli_chmod (const PARAM_STRING name, int mode) { int ret = chmod (name.ptr,mode); if (ret == -1) tlmp_error ("Can't chmod %s (%s)\n",name.ptr,strerror(errno)); return ret; } struct SERVER{ string sshcmd; string cpcmd; string public_ip; SERVER (const string &_sshcmd, const string &_cpcmd, const string &_ip){ sshcmd = _sshcmd; cpcmd = _cpcmd; public_ip = _ip; } SERVER(){} }; struct BLACKHOLE { string server; string config; unsigned port; BLACKHOLE (const string &_server, const string &_config, unsigned _port){ server = _server; config = _config; port = _port; } }; struct TRLID { string server; unsigned port; unsigned workers; string secret; TRLID (const string &_server, unsigned _port, unsigned _workers, const string &_secret){ server = _server; port = _port; workers = _workers; secret = _secret; } }; struct WRITED { string server; unsigned port; unsigned workers; string secret; WRITED (const string &_server, unsigned _port, unsigned _workers, const string &_secret){ server = _server; port = _port; workers = _workers; secret = _secret; } }; struct SESSIOND { string server; unsigned port; SESSIOND (const string &_server, unsigned _port){ server = _server; port = _port; } }; struct SQLD { string server; SQLD (const string &_server){ server = _server; } }; struct PROTO { string server; unsigned port; unsigned port_l; unsigned workers; PROTO (const string &_server, unsigned _workers){ server = _server; port = 9080; port_l = 9180; workers = _workers; } }; struct WEB { string server; WEB (const string &_server){ server = _server; } }; struct MON { string server; string secret; string alarmcmd; MON (const string &_server, const string &_secret, const string &_alarmcmd){ server = _server; secret = _secret; alarmcmd = _alarmcmd; } }; static bool closeweb = false; static const char *varlxc = "/var/lib/lxc"; static const char *config_dir = "/etc/trli"; static const char *log_dir = "/var/log/trli"; static const char *sock_dir = "/var/run/blackhole"; static const char *sock_tests_dir = "/var/run/tests"; static const char *lxcsock_dir = "/var/run/blackhole"; //static const char *bin_path = "/usr/bin"; static const char *sbin_path = "/usr/sbin"; static const char *horizon_ip = "192.168.4.1"; static const char *horizon_ip2 = "192.168.4.2"; static const char *dnsproxy_ip = "192.168.4.3"; static const char *horizon_masterip = "192.168.4.1"; static const char *sql_trlid_pwd = "trlid.1"; static const char *sql_trlid_user = "trlid"; static const char *sql_trli_writed_pwd = "trli_writed.1"; static const char *sql_trli_writed_user = "trli_writed"; static const char *trli_user = "trli"; static int trli_userid = -1; static const char *blackhole_path = "/usr/sbin"; static const char *blackhole_user = "blackhole"; static const char *pid_dir = "/var/run"; static const char *devlog = "/dev/trli.log"; static const char *blackhole_options_conf = "/etc/blackhole-options.conf"; static const char *blackhole_rules = "/etc/blackhole-rules.sh"; static const char *horizon_options_conf = "/etc/horizon-options.conf"; static const char *horizon_rules = "/etc/horizon-rules.sh"; static const char *conproxy_options_conf = "/etc/conproxy-options.conf"; #define IP_PREFIX "192.168.122." static const char *ip_lxc_gateway = IP_PREFIX "1"; static const char *ip_trlid = IP_PREFIX "2"; static const char *ip_writed = IP_PREFIX "3"; static const char *ip_sessiond = IP_PREFIX "4"; static const char *ip_web = IP_PREFIX "5"; static const char *ip_web_fail = IP_PREFIX "15"; static const char *ip_webadm = IP_PREFIX "6"; static const char *ip_proto = IP_PREFIX "7"; static const char *ip_webssl = IP_PREFIX "8"; static const char *ip_webssl_fail = IP_PREFIX "18"; static const char *ip_sqlduser = IP_PREFIX "9"; static const char *ip_sqlddata = IP_PREFIX "10"; static const char *ip_exim = IP_PREFIX "11"; #define IP_PREFIX_P "192.168.5." static const char *ip_sqld_p = IP_PREFIX_P "1"; static const char *ip_trlid_p = IP_PREFIX_P "2"; static const char *ip_writed_p = IP_PREFIX_P "3"; static const char *ip_sessiond_p = IP_PREFIX_P "4"; static const char *ip_web_p = IP_PREFIX_P "5"; static const char *ip_webadm_p = IP_PREFIX_P "6"; static const char *ip_proto_p = IP_PREFIX_P "7"; static const char *ip_webssl_p = IP_PREFIX_P "8"; static const char *vs_trlid = "trlid"; static const char *vs_writed = "writed"; static const char *vs_sessiond = "sessiond"; struct CONFIG { map servers; vector blackholes; vector trlids; vector writeds; vector sessionds; vector sqlddatas; vector sqldusers; vector protos; vector webs; vector webadms; vector webssls; vector logs; vector computes; vector exims; vector dnsproxys; vector monitors; }; static bool preprodmode = false; static void generateconfig ( FILE *fout, const string &theserver, // We are generating for this server // This will allow some blackhole rule affinity const CONFIG &config, bool devmode) { string bk_control_str = string(blackhole_path) + "/blackhole-control -p " + sock_dir + "/blackhole.sock"; const char *bk_control = bk_control_str.c_str(); const char *rootserver = theserver.c_str(); // For now, there is only one server, so it is the one testing itself // Finds all servers set servers; for (auto x:config.trlids) servers.insert(x.server); for (auto x:config.writeds) servers.insert(x.server); for (auto x:config.sessionds) servers.insert(x.server); for (auto x:config.sqlddatas) servers.insert(x.server); for (auto x:config.sqldusers) servers.insert(x.server); for (auto x:config.protos) servers.insert(x.server); for (auto x:config.webs) servers.insert(x.server); for (auto x:config.webadms) servers.insert(x.server); for (auto x:config.logs) servers.insert(x.server); for (auto x:config.webssls) servers.insert(x.server); for (auto x:config.exims) servers.insert(x.server); for (auto x:config.dnsproxys) servers.insert(x.server); fprintf (fout,"# Connect to all horizons\n"); for (auto x:servers) fprintf (fout,"%s horizon %s:%s/horizon-master.sock near\n",bk_control,x.c_str(),sock_dir); fprintf (fout,"%s reset-rules\n",bk_control); fprintf (fout,"# rule to connect the browser to the web server\n"); const char *prefix = ""; for (auto t:config.protos){ for (unsigned i=0; i static void lxc_config (const char *name, const char *utsname, const char *ip, bool internet_access) { glocal const char *name = name; glocal const char *utsname = utsname; glocal const char *ip = ip; glocal bool internet_access = internet_access; (string_f("/var/lib/lxc/%s/config",name),false); fprintf (fout,"lxc.net.0.type = veth\n"); fprintf (fout,"lxc.net.0.link = virbr0\n"); unsigned long ipu = ipnum_aip2l (glocal.ip); fprintf (fout,"lxc.net.0.hwaddr = fe:dc:%02x:%02x:%02x:%02x\n" ,(unsigned)(ipu>>24),(unsigned)((ipu>>16)&0xff),(unsigned)((ipu>>8)&0xff),(unsigned)(ipu&0xff)); fprintf (fout,"lxc.net.0.flags = up\n"); fprintf (fout,"lxc.rootfs.path = /var/lib/lxc/%s/rootfs\n",glocal.name); //fprintf (fout,"lxc.rootfs.backend = dir\n"); fprintf (fout,"lxc.include = /usr/share/lxc/config/common.conf\n"); fprintf (fout,"lxc.arch = x86_64\n"); fprintf (fout,"lxc.uts.name = %s\n",glocal.utsname); fprintf (fout,"lxc.net.0.ipv4.address=%s/24\n",glocal.ip); if (glocal.internet_access) fprintf (fout,"lxc.net.0.ipv4.gateway=%s\n",ip_lxc_gateway); fprintf (fout,"lxc.autodev=0\n"); fprintf (fout,"lxc.cap.drop = sys_admin\n"); fprintf (fout,"lxc.cap.drop = mknod\n"); fprintf (fout,"lxc.cap.drop = net_raw\n"); if (preprodmode) fprintf (fout,"lxc.seccomp.profile=\n"); fprintf (fout,"lxc.mount.auto =\n"); return 0; } static void lxc_config (const char *name, const char *ip, bool internet_access) { lxc_config (name,name,ip,internet_access); } static void lxc_config (const char *name, const char *ip) { lxc_config (name,ip,false); } #define _TLMP_lxc_stop struct _F_lxc_stop { #define _F_lxc_stop_insert(x) void x insert (FILE *fout, const char *name, const char *command, int workers) virtual _F_lxc_stop_insert( ); #define _F_lxc_stop_horizon(x) void x horizon (FILE *fout, const char *name) virtual _F_lxc_stop_horizon( ); }; void _F_lxc_stop::insert (FILE *fout, const char *name, const char *command, int workers) { if (command != NULL){ if (workers == -1){ fprintf (fout,"%s/%s-control -p /var/lib/lxc/%s/rootfs%s/%s.sock quit\n" ,sbin_path,command,name,lxcsock_dir,command); }else{ for (int i=0; i static void lxc_stop (_F_lxc_stop &c, const char *name, const char *command, int workers, string &stopfile) { glocal _F_lxc_stop *c = &c; glocal const char *name = name; glocal const char *command = command; glocal int workers = workers; glocal string horizonfile = string_f ("/var/lib/lxc/%s/horizon-stop.sh",name); (glocal.horizonfile,false); fprintf (fout,"#!/bin/sh\n"); glocal.c->horizon(fout,glocal.name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock vserver %s -\n" ,blackhole_path,sock_dir,glocal.name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock vserverdir %s -\n" ,blackhole_path,sock_dir,glocal.name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/log %s\n" ,blackhole_path,sock_dir,glocal.name); return 0; trli_chmod (glocal.horizonfile,0755); stopfile = string_f ("/var/lib/lxc/%s/%s.stop",name,name); (stopfile,false); fprintf (fout,"#!/bin/sh\n"); glocal.c->insert (fout,glocal.name,glocal.command,glocal.workers); fprintf (fout,"%s\n",glocal.horizonfile.c_str()); fprintf (fout,"/var/lib/lxc/%s/%s.save\n",glocal.name,glocal.name); return 0; trli_chmod (stopfile,0755); } static void lxc_stop (const char *name, const char *command, int workers, string &stopfile) { (name,command,workers,stopfile); } void _F_lxc_start::prestart (FILE *fout, const char *name) { } void _F_lxc_start::horizon (FILE *fout, const char *name) { } void _F_lxc_stop::horizon (FILE *fout, const char *name) { } static void lxc_start (_F_lxc_start &c, const char *name, const char *ip, string &startfile, const char *user, int userid) { glocal _F_lxc_start *c = &c; glocal const char *name = name; glocal const char *ip = ip; glocal const char *user = user; glocal int userid = userid; glocal string horizonfile = string_f ("/var/lib/lxc/%s/horizon-start.sh",name); (glocal.horizonfile,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/horizon-control -p %s/horizon.sock vserver %s %s\n" ,blackhole_path,sock_dir,glocal.name,glocal.ip); fprintf (fout,"%s/horizon-control -p %s/horizon.sock vserverdir %s /var/lib/lxc/%s/rootfs\n" ,blackhole_path,sock_dir,glocal.name,glocal.name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/log:/var/lib/lxc/%s/rootfs/dev/log,%s\n" ,blackhole_path,sock_dir,glocal.name,glocal.name); fprintf (fout,"chmod 666 /var/lib/lxc/%s/rootfs/dev/log\n",glocal.name); glocal.c->horizon(fout,glocal.name); return 0; trli_chmod (glocal.horizonfile,0755); startfile = string_f ("/var/lib/lxc/%s/%s.start",name,name); (startfile,false); string lxcdir_s = string_f ("%s/%s",varlxc,glocal.name); const char *lxcdir = lxcdir_s.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"execif(){\n"); fprintf (fout,"\tif [ -x $1 ] ; then\n"); fprintf (fout,"\t\t$1\n"); fprintf (fout,"\telse\n"); fprintf (fout,"\t\treturn 0\n"); fprintf (fout,"\tfi\n"); fprintf (fout,"}\n"); fprintf (fout,"if lxc-info -s -n %s | grep -q RUNNING\n",glocal.name); fprintf (fout,"then\n"); fprintf (fout,"\techo %s already running\n\texit 1\n",glocal.name); fprintf (fout,"fi\n"); glocal.c->prestart (fout,glocal.name); fprintf (fout,"rm -fr /var/lib/lxc/%s/rootfs\n",glocal.name); fprintf (fout,"/var/lib/lxc/%s/%s-lxc0.sh\n",glocal.name,glocal.name); // lxc0 might have linked /etc/passwd and /etc/hosts fprintf (fout,"rm -f /var/lib/lxc/%s/rootfs/etc/passwd\n",glocal.name); fprintf (fout,"rm -f /var/lib/lxc/%s/rootfs/etc/hosts\n",glocal.name); fprintf (fout,"rm -f /var/lib/lxc/%s/rootfs/etc/group\n",glocal.name); // Creates a generic /etc/passwd fprintf (fout,"echo \"root:x:0:0:root:/root:/sbin/nologin\" >/var/lib/lxc/%s/rootfs/etc/passwd\n" ,glocal.name); fprintf (fout,"echo \"%s:x:%d:%d:trli user:/home/trli:/sbin/nologin\" >>/var/lib/lxc/%s/rootfs/etc/passwd\n" ,glocal.user,glocal.userid,glocal.userid,glocal.name); // Creates a generic /etc/group fprintf (fout,"echo \"root:x:0:\" >/var/lib/lxc/%s/rootfs/etc/group\n",glocal.name); fprintf (fout,"echo \"apache:x:48:\" >>/var/lib/lxc/%s/rootfs/etc/group\n",glocal.name); fprintf (fout,"echo \"mysql:x:27:\" >>/var/lib/lxc/%s/rootfs/etc/group\n",glocal.name); fprintf (fout,"echo \"exim:x:93:\" >>/var/lib/lxc/%s/rootfs/etc/group\n",glocal.name); fprintf (fout,"echo \"mail:x:12:exim\" >>/var/lib/lxc/%s/rootfs/etc/group\n",glocal.name); fprintf (fout,"echo 127.0.0.1 localhost >/var/lib/lxc/%s/rootfs/etc/hosts\n",glocal.name); fprintf (fout,"echo %s %s >>/var/lib/lxc/%s/rootfs/etc/hosts\n",glocal.ip,glocal.name,glocal.name); fprintf (fout,"cp /var/lib/lxc/%s/%s.init /var/lib/lxc/%s/rootfs/tmp/config\n",glocal.name,glocal.name,glocal.name); fprintf (fout,"%s/%s.restore\n",lxcdir,glocal.name); glocal.c->insert (fout,glocal.name,"",0); fprintf (fout,"%s\n",glocal.horizonfile.c_str()); fprintf (fout,"execif %s/%s.prestart\n",lxcdir,glocal.name); fprintf (fout,"lxc-start -n %s\n",glocal.name); fprintf (fout,"execif %s/%s.poststart\n",lxcdir,glocal.name); return 0; trli_chmod (startfile,0755); } static void lxc_start (const char *name, const char *ip, string &startfile, const char *user, int userid) { (name,ip,startfile,user,userid); } static void lxc_start (const char *name, const char *ip, string &startfile) { lxc_start (name,ip,startfile,trli_user,trli_userid); } static void lxc_status (const char *binpath, const char *name, const char *command, int workers) { glocal const char *name = name; glocal const char *command = command; glocal int workers = workers; glocal const char *binpath = binpath; string tmp = string_f ("/var/lib/lxc/%s/status.sh",name); (tmp,false); if (glocal.workers == -1){ fprintf (fout,"%s/%s-control -p /var/lib/lxc/%s/rootfs%s/%s.sock status\n" ,glocal.binpath,glocal.command,glocal.name,lxcsock_dir,glocal.command); }else{ for (int i=0; i trli_chmod (tmp,0755); } static void lxc_status (const char *name, const char *command, int workers) { lxc_status (sbin_path,name,command,workers); } static void lxc_debug_one (FILE *fout, const char *hc) { fprintf (fout,"if [ \"$1\" = off ]; then\n"); fprintf (fout,"\t%s debug 0\n",hc); fprintf (fout,"elif [ \"$1\" = on ]; then\n"); fprintf (fout,"\t%s debug 1\n",hc); fprintf (fout,"else\n"); fprintf (fout,"\techo on or off\n"); fprintf (fout,"fi\n"); } static void lxc_debug (const char *binpath, const char *name, const char *command, int workers) { glocal const char *name = name; glocal const char *command = command; glocal int workers = workers; glocal const char *binpath = binpath; string tmp = string_f ("/var/lib/lxc/%s/debug.sh",name); (tmp,false); if (glocal.workers == -1){ string hc_str = string_f ("%s/%s-control -p /var/lib/lxc/%s/rootfs/tmp/%s.sock",glocal.binpath,glocal.command,glocal.name,glocal.command); const char *hc = hc_str.c_str(); fprintf (fout,"%s debugfile /tmp/%s-debug.log\n",hc,glocal.name); lxc_debug_one (fout,hc); }else{ fprintf (fout,"#!/bin/sh\n"); for (int i=0; i trli_chmod (tmp,0755); } static void lxc_debug (const char *name, const char *command, int workers) { lxc_debug (sbin_path,name,command,workers); } static void config_sql (const char *name, const char *ip, string &startfile, string &stopfile) { glocal string sock = string_f("/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock",name); string rootdir = string_f("/var/lib/lxc/%s",name); mkdir (rootdir.c_str(),0755); (string_f ("%s/%s.init",rootdir.c_str(),name),false); fprintf (fout,"/usr/libexec/mysqld --basedir=/usr --user=mysql\n"); return 0; (name,ip,startfile,"mysql",27); fprintf (fout,"if [ -d /var/lib/lxc/%s/rootfs/var/lib/mysql ] ; then\n",name); fprintf (fout,"\techo \"Directory /var/lib/mysql exist in container %s\"\n",name); fprintf (fout,"\techo Abort\n"); fprintf (fout,"\texit 1\n"); fprintf (fout,"fi\n"); fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/my.cnf.d/notcp.cnf\n",name); fprintf (fout,"[mysqld]\n"); fprintf (fout,"skip-networking\n"); fprintf (fout,"EOF\n"); (name,NULL,-1,stopfile); fprintf (fout,"%s/vkillall -n %s /usr/libexec/mysqld\n",sbin_path,name); fprintf (fout,"echo -n \"Stopping %s \"\n",name); fprintf (fout,"for ((i=0; i<5; i++))\n"); fprintf (fout,"do\n"); fprintf (fout,"\techo -n .\n"); fprintf (fout,"\tsleep 1\n"); fprintf (fout,"\tRUNNING=`lxc-info -s -n %s | grep -q RUNNING && echo running`\n",name); fprintf (fout,"\tif [ \"$RUNNING\" = \"\" ] ; then\n"); fprintf (fout,"\t\tbreak\n"); fprintf (fout,"\tfi\n"); fprintf (fout,"done\n"); fprintf (fout,"echo\n"); fprintf (fout,"lxc-info -s -n %s | grep -q RUNNING && (echo Force stop %s; lxc-stop -n %s)\n" ,name,name,name); lxc_config (name,ip); string runsql = string_f ("%s/%s.runsql",rootdir.c_str(),name); (runsql,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"if [ $# = 0 ] ; then\n"); fprintf (fout,"\techo table\n"); fprintf (fout,"\texit 1\n"); fprintf (fout,"fi\n"); fprintf (fout,"mysql -S %s $*\n",glocal.sock.c_str()); return 0; trli_chmod (runsql,0755); string admsql = string_f ("%s/%s.admsql",rootdir.c_str(),name); (admsql,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"if [ $# = 0 ] ; then\n"); fprintf (fout,"\techo command\n"); fprintf (fout,"\texit 1\n"); fprintf (fout,"fi\n"); fprintf (fout,"mysqladmin -S %s $*\n",glocal.sock.c_str()); return 0; trli_chmod (admsql,0755); } static void tlmpweb_conf (FILE *fout, const char *name) { fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/tlmpweb.conf\n",name); fprintf (fout,"AddType application/x-httpd-hc .hc\n"); fprintf (fout,"Action application/x-httpd-hc /cgi-bin/tlmpweb\n"); fprintf (fout,"DirectoryIndex index.hc\n"); fprintf (fout,"EOF\n"); } /* Print all configururation for services running on a given server */ static void print_configs ( const string &server, const string &public_ip, const CONFIG &config, bool devmode) { glocal const CONFIG *config = &config; glocal bool devmode = devmode; glocal const char *public_ip = public_ip.c_str(); glocal string server = server; glocal string stoptrlid; glocal string stopwrited; glocal string stopsessiond; glocal string stopweb; glocal string stopwebadm; glocal string stopwebssl; glocal string stopsqlddata; glocal string stopsqlduser; glocal string stopproto; glocal string stopexim; glocal string stoptrlimon; glocal string stoptrlisyslog; glocal string stopcompute; ("/tmp/bkstart.sh",false); glocal FILE *all_fout = fout; fprintf (fout,"#!/bin/sh\n"); if (glocal.devmode){ fprintf (fout,"ifconfig | fgrep -q 192.168.4.1 || echo 192.168.4.1 non disponible\n"); }else{ fprintf (fout,"mkdir -p %s %s\n",sock_dir,log_dir); } // SERVICE blackhole for (auto bk:glocal.config->blackholes){ if (bk.server == glocal.server){ (blackhole_options_conf,false); fprintf (fout,"#!/bin/sh\n" "BLACKHOLEOPTIONS=\" --control %s/blackhole.sock --horizon_port 8100" " --statfile %s/blackhole-connect.log --pidfile %s/blackhole.pid" " --conproxyport %s/conproxy.sock" " --debugfile /tmp/blackhole.log\"\n" ,sock_dir,log_dir,pid_dir ,sock_dir); return 0; trli_chmod (blackhole_options_conf,0755); ("/tmp/blackhole.sh",false); fprintf (fout,"#!/bin/sh\n" ". %s\n" "%s/blackhole --daemon $BLACKHOLEOPTIONS\n" ,blackhole_options_conf,blackhole_path); return 0; trli_chmod ("/tmp/blackhole.sh",0755); fprintf (glocal.all_fout,"/tmp/blackhole.sh\n"); (blackhole_rules,false); generateconfig (fout,glocal.server,*glocal.config,glocal.devmode); return 0; trli_chmod (blackhole_rules,0755); fprintf (glocal.all_fout,"%s\n",blackhole_rules); ("/tmp/blackhole-reload.sh",false); string bk_control_str = string(blackhole_path) + "/blackhole-control -p " + sock_dir + "/blackhole.sock"; const char *bk_control = bk_control_str.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s pause\n",bk_control); fprintf (fout,"%s reset-rules\n",bk_control); fprintf (fout,"%s reset-horizons\n",bk_control); fprintf (fout,"%s reset-wormholes\n",bk_control); fprintf (fout,"/tmp/blackhole-rules.sh\n"); fprintf (fout,"%s resume\n",bk_control); return 0; trli_chmod ("/tmp/blackhole-reload.sh",0755); } } // SERVICE horizon (horizon_options_conf,false); fprintf (fout,"#!/bin/sh\n"); if (!glocal.devmode){ fprintf (fout,"ifconfig lo:horizon 192.168.4.1 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:horizon2 192.168.4.2 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:dnsproxy 192.168.4.3 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:web 192.168.5.5 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:webadm 192.168.5.6 netmask 255.255.255.255\n"); fprintf (fout,"ifconfig lo:writed 192.168.5.3 netmask 255.255.255.255\n"); } fprintf (fout,"mkdir -p %s\n",sock_tests_dir); fprintf (fout,"rm -f %s/*\n",sock_tests_dir); const char *user = blackhole_user; if (!glocal.devmode){ user = "root"; } fprintf (fout, "HORIZONOPTIONS=\"" " --bind %s,9000 --bind %s,9100 --bind %s,9200 --bind %s,3307 --bind %s,3307" " --bind %s,9080 --bind %s,9081 --bind %s,8053" " --bind %s,9080 --bind %s,9081" " --control %s/horizon.sock --master %s,8100 --master %s/horizon-master.sock --user %s --pidfile %s/horizon.pid" " --conproxyport %s/conproxy.sock --open_network" ,horizon_ip,horizon_ip,horizon_ip,horizon_ip,horizon_ip2 ,horizon_ip,horizon_ip,horizon_ip ,horizon_ip2,horizon_ip2 ,sock_dir,horizon_masterip,sock_dir,user,pid_dir ,sock_dir); if (!glocal.devmode){ fprintf (fout," --bind %s,25",glocal.public_ip); fprintf (fout," --bind %s,80",glocal.public_ip); fprintf (fout," --bind %s,443",glocal.public_ip); fprintf (fout," --bind 127.0.0.1,8080"); fprintf (fout," --open_client"); } fprintf (fout,"\"\n"); return 0; trli_chmod (horizon_options_conf,0755); ("/tmp/horizon.sh",false); fprintf (fout,". %s\n",horizon_options_conf); fprintf (fout,"%s/horizon --daemon $HORIZONOPTIONS\n",blackhole_path); return 0; trli_chmod ("/tmp/horizon.sh",0755); fprintf (glocal.all_fout,"/tmp/horizon.sh\n"); fprintf (glocal.all_fout,"%s\n",horizon_rules); (horizon_rules,false); string hc_str = string (blackhole_path) + "/horizon-control --port " + sock_dir + "/horizon.sock"; const char *hc = hc_str.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s vserver dnsproxy %s\n",hc,dnsproxy_ip); fprintf (fout,"%s vserver sqlsource %s\n",hc,horizon_ip); fprintf (fout,"%s vserver sqlsource2 %s\n",hc,horizon_ip2); fprintf (fout,"%s vserver trlid %s\n",hc,ip_trlid); fprintf (fout,"%s vserver trlid_p %s\n",hc,ip_trlid_p); fprintf (fout,"%s vserver writed %s\n",hc,ip_writed); fprintf (fout,"%s vserver writed_p %s\n",hc,ip_writed_p); fprintf (fout,"%s vserver sessiond %s\n",hc,ip_sessiond); fprintf (fout,"%s vserver sessiond_p %s\n",hc,ip_sessiond_p); fprintf (fout,"%s vserver web %s\n",hc,ip_web); fprintf (fout,"%s vserver web_p %s\n",hc,ip_web_p); fprintf (fout,"%s vserver webadm %s\n",hc,ip_webadm); fprintf (fout,"%s vserver webadm_p %s\n",hc,ip_webadm_p); fprintf (fout,"%s vserver webssl %s\n",hc,ip_webssl); fprintf (fout,"%s vserver webssl_p %s\n",hc,ip_webssl_p); fprintf (fout,"%s vserver sqlddata %s\n",hc,ip_sqlddata); fprintf (fout,"%s vserver sqlduser %s\n",hc,ip_sqlduser); fprintf (fout,"%s vserver sqld_p %s\n",hc,ip_sqld_p); fprintf (fout,"%s vserver proto %s\n",hc,ip_proto); fprintf (fout,"%s vserver proto_p %s\n",hc,ip_proto_p); fprintf (fout,"%s allow %s\n",hc,horizon_masterip); fprintf (fout,"%s vserverdir root /\n",hc); // Socket for monitoring for (auto t:glocal.config->sessionds){ const char *server = t.server.c_str(); unsigned port = 9200; fprintf (fout,"%s --bind unix,%s/A-sessiond-%s-client-%u.sock,root\n" ,hc,sock_tests_dir,server,port); fprintf (fout,"%s --bind unix,%s/A-sessiond-%s-admin-%u.sock,root\n" ,hc,sock_tests_dir,server,port); fprintf (fout,"chown %s %s/A-sessiond-%s-admin-9200.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"chown %s %s/A-sessiond-%s-client-9200.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For trlid system tests\n"); for (auto t:glocal.config->trlids){ const char *server = t.server.c_str(); for (unsigned i=0; iexims){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/C-exim-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/C-exim-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For web 80 system tests\n"); for (auto t:glocal.config->webs){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/F-web-80-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/F-web-80-%s.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"%s --bind unix,%s/F-web-fail-80-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/F-web-fail-80-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For web trli-stop system tests\n"); for (auto t:glocal.config->webs){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/D-web-stop-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/D-web-stop-%s.sock\n" ,trli_user,sock_tests_dir,server); fprintf (fout,"%s --bind unix,%s/D-web-fail-stop-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/D-web-fail-stop-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For webadm trli-stop system tests\n"); for (auto t:glocal.config->webadms){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/D-webadm-stop-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/D-webadm-stop-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For trli-syslog system tests\n"); for (auto t:glocal.config->logs){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/E-syslog-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/E-syslog-%s.sock\n" ,trli_user,sock_tests_dir,server); } fprintf (fout,"# For trli-log system tests\n"); for (auto t:glocal.config->computes){ const char *server = t.server.c_str(); fprintf (fout,"%s --bind unix,%s/E-log-%s.sock,root\n" ,hc,sock_tests_dir,server); fprintf (fout,"chown %s %s/E-log-%s.sock\n" ,trli_user,sock_tests_dir,server); } if (!glocal.devmode){ fprintf (fout,"# Allow the host to send email\n"); fprintf (fout,"%s --bind unix,/dev/smtp.sock,root\n" ,hc); fprintf (fout,"chown %s /dev/smtp.sock\n" ,trli_user); } return 0; trli_chmod (horizon_rules,0755); ("/tmp/horizon-debug.sh",false); string hc_str = string (blackhole_path) + "/horizon-control --port " + sock_dir + "/horizon.sock"; const char *hc = hc_str.c_str(); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s debugfile /tmp/horizon.log\n",hc); fprintf (fout,"if [ \"$1\" = off ]; then\n"); fprintf (fout,"\t%s debug 0\n",hc); fprintf (fout,"elif [ \"$1\" = on ]; then\n"); fprintf (fout,"\t%s debug 1\n",hc); fprintf (fout,"else\n"); fprintf (fout,"\techo on or off\n"); fprintf (fout,"fi\n"); return 0; trli_chmod ("/tmp/horizon-debug.sh",0755); // SERVICE conproxy ("/tmp/conproxy.sh",false); fprintf (fout,"#!/bin/sh\n" "%s/conproxy" " -p %s/conproxy.sock --user %s --pidfile %s/conproxy.pid --daemon --statfile %s/conproxy-connect.log\n" ,blackhole_path,sock_dir,blackhole_user,pid_dir,log_dir); return 0; if (!glocal.devmode){ (conproxy_options_conf,false); fprintf (fout, "MAXHANDLES=10000\n" "CONPROXYOPTIONS=\"-p %s/conproxy.sock --user %s --pidfile %s/conproxy.pid --statfile %s/conproxy-connect.log\"\n" ,sock_dir,blackhole_user,pid_dir,log_dir); return 0; } trli_chmod ("/tmp/conproxy.sh",0755); fprintf (glocal.all_fout,"/tmp/conproxy.sh\n"); ("/tmp/protocheck.sh",false); fprintf (fout,"#!/bin/sh\n" "%s/protocheck-2factors" " --control %s/protocheck-2factors.sock --user %s --pidfile %s/protocheck-0.pid --daemon" " --follow_mode --unlocked --bind %s --port 9080" " --http %s/http_check.conf\n" ,blackhole_path,sock_dir,blackhole_user,pid_dir ,ip_proto_p ,config_dir); fprintf (fout,"#!/bin/sh\n" "%s/protocheck-2factors" " --control %s/protocheck-2factors-learn.sock --user %s --pidfile %s/protocheck-1.pid --daemon" " --follow_mode --unlocked --bind %s --port 9081" " --http %s/http_check.conf --learnfile /tmp/learn.log\n" ,blackhole_path,sock_dir,blackhole_user,pid_dir ,ip_proto_p ,config_dir); return 0; trli_chmod ("/tmp/protocheck.sh",0755); //fprintf (glocal.all_fout,"/tmp/protocheck.sh\n"); return 0; trli_chmod ("/tmp/bkstart.sh",0755); const char *trlistart = "/root/trlistart.sh"; const char *trlistop = "/root/trlistop.sh"; if (devmode){ trlistart = "/tmp/trlistart.sh"; trlistop = "/tmp/trlistop.sh"; } (trlistart,false); glocal FILE *all_fout = fout; fprintf (fout,"#!/bin/sh\n"); { // SERVICE iptables if (!glocal.devmode){ const char *iptables_sh = glocal.devmode ? "/tmp/iptables.sh" : "/root/iptables.sh"; (iptables_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"iptables --flush\n"); fprintf (fout,"iptables --flush -t nat\n"); fprintf (fout,"iptables --delete-chain\n"); fprintf (fout,"iptables -t nat --delete-chain\n"); fprintf (fout,"#iptables -t nat -A OUTPUT -s %s -p tcp -j REDIRECT --to-port 8080\n",ip_exim); fprintf (fout,"iptables -t nat -A POSTROUTING -o eth0 -s %s -j MASQUERADE\n",ip_exim); fprintf (fout,"iptables --flush -t mangle\n"); fprintf (fout,"iptables -t mangle -X DIVERT\n"); fprintf (fout,"iptables -t mangle -N DIVERT\n"); fprintf (fout,"iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT\n"); #if 0 fprintf (fout,"iptables -t mangle -A OUTPUT --src 192.168.122.0/24 -d 192.168.4.0/24 -j ACCEPT\n"); fprintf (fout,"iptables -t mangle -A OUTPUT --src 192.168.122.0/24 -d 192.168.122.1 -j ACCEPT\n"); fprintf (fout,"iptables -t mangle -A OUTPUT --src %s -p tcp -j MARK --set-xmark 0x1/0xffffffff\n",ip_exim); fprintf (fout,"iptables -t mangle -A OUTPUT --src %s -p tcp -j MARK --set-xmark 0x1/0xffffffff\n",ip_webssl); #endif glocal bool onerule = false; glocal fout; ("/root/sshd.lst",true); glocal.onerule = true; fprintf (glocal.fout,"iptables -A INPUT -s %s -p tcp --dport 22 -j ACCEPT\n",line); return 0; if (glocal.onerule){ fprintf (fout,"iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j REJECT\n"); } fprintf (fout,"iptables -t mangle -A DIVERT -j MARK --set-mark 1\n"); fprintf (fout,"iptables -t mangle -A DIVERT -j ACCEPT\n"); fprintf (fout,"ip rule add fwmark 1 lookup 100\n"); fprintf (fout,"ip route add local 0.0.0.0/0 dev lo table 100\n"); fprintf (fout,"echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter\n"); return 0; trli_chmod (iptables_sh,0755); fprintf (glocal.all_fout,"%s\n",iptables_sh); } // SERVICE dnsproxy { ("/var/lib/lxc/udpproxy.sh",false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"echo udpproxy\n"); fprintf (fout,"/usr/sbin/udpproxy --daemon --udp2tcp --udpport 53 --udphost %s --tcphost %s --tcpport 8053 --bindaddr %s\n" ,horizon_ip,horizon_ip,dnsproxy_ip); fprintf (fout,"/usr/sbin/udpproxy --daemon --control %s/udpproxy-out.sock" " --pidfile /var/run/udpproxy-out.pid --tcp2udp --tcphost %s --tcpport 8053 --udpport 53" ,sock_dir,dnsproxy_ip); glocal FILE *fout = fout; ("/etc/resolv.conf",true); vector tb; int n = str_splitline(line,' ',tb); if (n == 2 && string_cmp(tb[0],"nameserver")==0){ fprintf (glocal.fout," --udphost %s",tb[1].c_str()); } return 0; fprintf (fout,"\n"); return 0; fprintf (glocal.all_fout,"/var/lib/lxc/udpproxy.sh\n"); trli_chmod ("/var/lib/lxc/udpproxy.sh",0755); } // SERVICE trlid for (auto t:glocal.config->trlids){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/trlid",0755); glocal const char *secret = t.secret.c_str(); glocal int workers = t.workers; ("/var/lib/lxc/trlid/trlid.init",false); fprintf (fout,"export TRLID_PWD=%s\n",sql_trlid_pwd); for (int i=0; i string startfile; ("trlid",ip_trlid,startfile,trli_user,trli_userid); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/writed.sock:/var/lib/lxc/%s/rootfs/dev/writed.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/writed.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",trli_user,name); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("trlid","trlid",glocal.workers,glocal.stoptrlid); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/writed.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); _F_lxc_stop::insert(fout,name,command,workers); lxc_config ("trlid",ip_trlid); lxc_status ("trlid","trlid",glocal.workers); lxc_debug ("trlid","trlid",glocal.workers); } } // SERVICE writed for (auto t:glocal.config->writeds){ if (t.server == glocal.server){ mkdir ("/var/lib/lxc/writed",0755); glocal const char *secret = t.secret.c_str(); glocal int workers = t.workers; ("/var/lib/lxc/writed/writed.init",false); fprintf (fout,"export TRLI_WRITED_PWD=%s\n",sql_trli_writed_pwd); for (int i=0; i string startfile; ("writed",ip_writed,startfile,trli_user,trli_userid); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/compute.sock:/var/lib/lxc/%s/rootfs/dev/compute.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/compute.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/smtp.sock:/var/lib/lxc/%s/rootfs/dev/smtp.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/dev/smtp.sock\n",trli_user,name); // Sockets for both MySQL servers fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/lib/mysql\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql.sock\n",trli_user,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/var/lib/mysql/mysql-users.sock:/var/lib/lxc/%s/rootfs/var/lib/mysql/mysql-users.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/lib/mysql/mysql-users.sock\n",trli_user,name); fprintf (fout,"mkdir -p /var/lib/lxc/%s/rootfs/var/log/trli\n",name); fprintf (fout,"chown %s /var/lib/lxc/%s/rootfs/var/log/trli\n",trli_user,name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("writed","trli-writed",glocal.workers,glocal.stopwrited); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/compute.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/smtp.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /var/lib/mysql/mysql-users.sock %s\n" ,blackhole_path,sock_dir,name); _F_lxc_stop::insert(fout,name,command,workers); lxc_config ("writed",ip_writed); lxc_status ("writed","trli-writed",glocal.workers); lxc_debug ("writed","trli-writed",glocal.workers); } } // SERVICE sessiond for (auto s:glocal.config->sessionds){ if (s.server == glocal.server){ mkdir ("/var/lib/lxc/sessiond",0755); ("/var/lib/lxc/sessiond/sessiond.init",false); fprintf (fout,"%s/trli-sessiond ",sbin_path); fprintf (fout,"--tcpport 9200 --control %s/trli-sessiond.sock" " --admin-secrets %s/secrets.admin --client-secrets %s/secrets.client" " --user %s --daemon --pidfile /tmp/sessiond.pid" " --variable subject --variable order\n" ,lxcsock_dir ,config_dir,config_dir ,trli_user); return 0; string startfile; lxc_start ("sessiond",ip_sessiond,startfile); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); lxc_stop ("sessiond","trli-sessiond",-1,glocal.stopsessiond); lxc_config ("sessiond",ip_sessiond); lxc_status ("sessiond","trli-sessiond",-1); lxc_debug ("sessiond","trli-sessiond",-1); } } // SERVICE web for (auto s:glocal.config->webs){ if (s.server == glocal.server){ static const char *tb[]={"web","web-fail"}; const char *ip = ip_web; for (auto w:tb){ mkdir (string_f("/var/lib/lxc/%s",w).c_str(),0755); (string_f("/var/lib/lxc/%s/%s.init",w,w),false); fprintf (fout,"/usr/sbin/httpd --daemon\n"); fprintf (fout,"%s/trli-stop --daemon --user %s --control /tmp/trli-stop.sock --pidfile /tmp/trli-stop.pid\n",sbin_path,"apache"); return 0; string startfile; (w,ip,startfile,"apache",48); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/trlid.sock:/var/lib/lxc/%s/rootfs/dev/trlid.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/trlid.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",name); tlmpweb_conf (fout,name); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"cat <<-EOF >/var/lib/lxc/web/rootfs/var/www/html/static.html\n"); fprintf (fout,"\n"); fprintf (fout,"this is a test\n"); fprintf (fout,"\n"); fprintf (fout,"EOF\n"); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); string stopcmd; (w,NULL,-1,stopcmd); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/trlid.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"lxc-stop -n %s\n",name); glocal.stopweb += string_f("%s\n",stopcmd.c_str()); lxc_config (w,ip); ip = ip_web_fail; } } } // SERVICE webadm for (auto s:glocal.config->webadms){ if (s.server == glocal.server){ mkdir ("/var/lib/lxc/webadm",0755); ("/var/lib/lxc/webadm/webadm.init",false); fprintf (fout,"/usr/sbin/httpd --daemon\n"); fprintf (fout,"%s/trli-stop --daemon --user %s --control /tmp/trli-stop.sock --pidfile /tmp/trli-stop.pid\n",sbin_path,"apache"); return 0; string startfile; ("webadm",ip_webadm,startfile,"apache",48); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/trlid.sock:/var/lib/lxc/%s/rootfs/dev/trlid.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/trlid.sock\n",name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock --bind unix,/dev/sessiond.sock:/var/lib/lxc/%s/rootfs/dev/sessiond.sock,%s\n" ,blackhole_path,sock_dir,name,name); fprintf (fout,"chown 48 /var/lib/lxc/%s/rootfs/dev/sessiond.sock\n",name); tlmpweb_conf (fout,name); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("webadm",NULL,-1,glocal.stopwebadm); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/trlid.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"%s/horizon-control -p %s/horizon.sock unbindfd unix /dev/sessiond.sock %s\n" ,blackhole_path,sock_dir,name); fprintf (fout,"lxc-stop -n %s\n",name); lxc_config ("webadm",ip_webadm); } } // SERVICE webssl for (auto s:glocal.config->webssls){ if (s.server == glocal.server){ static const char *tb[]={"webssl","webssl-fail"}; const char *ip = ip_webssl; for (auto w:tb){ mkdir (string_f("/var/lib/lxc/%s",w).c_str(),0755); (string_f("/var/lib/lxc/%s/%s.init",w,w),false); fprintf (fout,"/usr/sbin/httpd --daemon\n"); return 0; string startfile; (w,ip,startfile,"apache",48); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/proxy.conf\n",name); fprintf (fout,"DirectoryIndex index.hc\n"); fprintf (fout,"ProxyPass \"/index.hc\" \"http://192.168.4.1:9080/index.hc\"\n"); fprintf (fout,"ProxyPass \"/blog.hc\" \"http://192.168.4.1:9080/blog.hc\"\n"); fprintf (fout,"ProxyPass \"/admin.hc\" \"http://192.168.4.2:9080/admin.hc\"\n"); fprintf (fout,"ProxyPass \"/static.html\" \"http://192.168.4.1:9080/static.html\"\n"); fprintf (fout,"EOF\n"); if (!glocal.devmode){ fprintf (fout,"cat <<-EOF >/var/lib/lxc/%s/rootfs/etc/httpd/conf.d/redirect.conf\n",name); fprintf (fout,"\n"); fprintf (fout,"Redirect permanent / https://" TRUELIES "/\n"); fprintf (fout,"\n"); fprintf (fout,"EOF\n"); } fprintf (fout,"ROOT=/var/lib/lxc/%s/rootfs\n",name); fprintf (fout,"for FILE in /etc/httpd/conf.d/add.conf /etc/httpd/conf.d/le_http_01_challenge_pre.conf /etc/httpd/conf.d/le_http_01_challenge_post.conf\n"); fprintf (fout,"do\n"); fprintf (fout," if [ -f $FILE ] ; then\n"); fprintf (fout," cp -a $FILE $ROOT/etc/httpd/conf.d/.\n"); fprintf (fout," cp -a $FILE /tmp/.\n"); fprintf (fout," fi\n"); fprintf (fout,"done\n"); fprintf (fout,"if [ -d /var/lib/letsencrypt ] ; then\n"); fprintf (fout," mkdir -p $ROOT/var/lib/letsencrypt\n"); fprintf (fout," cp -a /var/lib/letsencrypt/. $ROOT/var/lib/letsencrypt/.\n"); fprintf (fout,"fi\n"); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); string stopcmd; lxc_stop (w,NULL,-1,stopcmd); glocal.stopwebssl += string_f("%s\n",stopcmd.c_str()); lxc_config (w,TRUELIES,ip,true); ip = ip_webssl_fail; } } } // SERVICE protocheck for (auto s:glocal.config->protos){ if (s.server == glocal.server){ glocal PROTO *p = &s; mkdir ("/var/lib/lxc/protocheck",0755); ("/var/lib/lxc/protocheck/protocheck.init",false); for (unsigned i=0; iworkers; i++){ fprintf (fout,"%s/protocheck-2factors" " --control %s/protocheck-2factors-%u.sock --user %s --pidfile %s/protocheck-%u.pid --daemon" " --follow_mode --unlocked --bind %s --port unix:/tmp/proto-%u.sock" " --http %s/http_check.conf --errorfile /tmp/error-%u.log\n" ,blackhole_path ,lxcsock_dir,i,"apache",pid_dir,i ,ip_proto,glocal.p->port+i ,config_dir,i); } fprintf (fout,"%s/protocheck-2factors" " --control %s/protocheck-2factors-learn.sock --user %s --pidfile %s/protocheck-learn.pid --daemon" " --follow_mode --unlocked --bind %s --port unix:/tmp/proto-%u.sock" " --http %s/http_check.conf --learnfile /tmp/learn.log --errorfile /tmp/error-learn.log\n" ,blackhole_path ,lxcsock_dir,"apache",pid_dir ,ip_proto,glocal.p->port_l ,config_dir); return 0; string startfile; lxc_start ("protocheck",ip_proto,startfile,"apache",48); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); ("protocheck",NULL,-1,glocal.stopproto); for (unsigned i=0; iworkers; i++){ fprintf (fout,"%s/protocheck-2factors-control" " -p /var/lib/lxc/protocheck/rootfs%s/protocheck-2factors-%u.sock quit\n" ,blackhole_path,lxcsock_dir,i); } fprintf (fout,"%s/protocheck-2factors-control" " -p /var/lib/lxc/protocheck/rootfs%s/protocheck-2factors-learn.sock quit\n" ,blackhole_path,lxcsock_dir); fprintf (fout,"lxc-info -s -n %s | grep -q RUNNING && (echo Force stop %s; lxc-stop -n %s)\n" ,name,name,name); lxc_config ("protocheck",ip_proto); lxc_status (blackhole_path,"protocheck","protocheck-2factors",s.workers); lxc_debug (blackhole_path,"protocheck","protocheck-2factors",s.workers); } } // SERVICE sqlddata for (auto s:glocal.config->sqlddatas){ if (s.server == glocal.server){ string startfile; config_sql ("sqlddata",ip_sqlddata,startfile,glocal.stopsqlddata); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); } } // SERVICE sqlduser for (auto s:glocal.config->sqldusers){ if (s.server == glocal.server){ string startfile; config_sql ("sqlduser",ip_sqlduser,startfile,glocal.stopsqlduser); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); } } // SERVICE exim for (auto s:glocal.config->exims){ if (s.server == glocal.server){ glocal WEB *p = &s; mkdir ("/var/lib/lxc/exim",0755); ("/var/lib/lxc/exim/exim.init",false); fprintf (fout,"/usr/sbin/exim -bd -q15m\n"); return 0; string startfile; ("exim",ip_exim,startfile,"exim",93); fprintf (fout,"echo nameserver %s >/var/lib/lxc/exim/rootfs/etc/resolv.conf\n" ,horizon_ip); fprintf (fout,"echo smtp 25/tcp mail >/var/lib/lxc/exim/rootfs/etc/services\n"); fprintf (fout,"echo 192.168.122.1 relay >>/var/lib/lxc/%s/rootfs/etc/hosts\n",name); fprintf (fout,"echo 192.168.4.1 norelay >>/var/lib/lxc/%s/rootfs/etc/hosts\n",name); fprintf (fout,"echo root: /dev/null >/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"echo exim: /dev/null >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"echo no-reply: /dev/null >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"if [ -f /etc/trli/admins.conf ] ; then\n"); fprintf (fout,"\t. /etc/trli/admins.conf\n"); fprintf (fout,"\techo info: $ADMIN1 >>/var/lib/lxc/%s/rootfs/etc/aliases\n",name); fprintf (fout,"else\n"); fprintf (fout,"\techo No /etc/trli/admins.conf\n"); fprintf (fout,"fi\n"); fprintf (fout,"cp -a /etc/pki /var/lib/lxc/%s/rootfs/etc/pki\n",name); fprintf (fout,"DIRCERTS=/var/lib/lxc/%s/rootfs/etc/pki/tls/certs\n",name); fprintf (fout,"DIRPRIVATE=/var/lib/lxc/%s/rootfs/etc/pki/tls/private\n",name); fprintf (fout,"mkdir -p $DIRCERTS $DIRPRIVATE\n"); fprintf (fout,"test -f /etc/letsencrypt/live/" TRUELIES "/cert.pem && cp /etc/letsencrypt/live/" TRUELIES "/cert.pem $DIRCERTS/exim.pem\n"); fprintf (fout,"test -f /etc/letsencrypt/live/" TRUELIES "/privkey.pem && cp /etc/letsencrypt/live/" TRUELIES "/privkey.pem $DIRPRIVATE/exim.pem\n"); fprintf (glocal.all_fout,"%s\n",startfile.c_str()); lxc_stop ("exim",NULL,-1,glocal.stopexim); lxc_config ("exim",TRUELIES,ip_exim,true); } } } // SERVICE trli-mon for (auto s:glocal.config->monitors){ if (s.server == glocal.server){ static const char *mon_sh = "/var/lib/lxc/trli-mon-start.sh"; glocal MON *s = &s; (mon_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/trli-mon --daemon --control %s/trli-mon.sock --sock_dir %s --secret %s --user %s --alarmcmd %s\n" ,sbin_path,sock_dir,sock_tests_dir,glocal.s->secret.c_str(),trli_user,glocal.s->alarmcmd.c_str()); if (glocal.devmode){ fprintf (fout,"chown %s %s/trli-mon.sock\n",trli_user,sock_dir); } return 0; trli_chmod (mon_sh,0755); fprintf (fout,"%s\n",mon_sh); static const char *stop_sh = "/var/lib/lxc/trli-mon-stop.sh"; (stop_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/trli-mon-control -p %s/trli-mon.sock quit\n",sbin_path,sock_dir); return 0; trli_chmod (stop_sh,0755); glocal.stoptrlimon = stop_sh; } } // SERVICE trli-syslog for (auto s:glocal.config->logs){ if (s.server == glocal.server){ static const char *mon_sh = "/var/lib/lxc/trli-syslog-start.sh"; (mon_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/trli-syslog --daemon --logport %s --control %s/trli-syslog.sock --user %s\n" ,sbin_path,devlog,sock_dir,trli_user); if (glocal.devmode){ fprintf (fout,"chown %s %s/trli-mon.sock\n",trli_user,sock_dir); fprintf (fout,"chown %s %s\n",trli_user,devlog); }else{ fprintf (fout,"chown blackhole %s\n",devlog); } return 0; trli_chmod (mon_sh,0755); fprintf (fout,"%s\n",mon_sh); static const char *stop_sh = "/var/lib/lxc/trli-syslog-stop.sh"; (stop_sh,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/trli-syslog-control -p %s/trli-syslog.sock quit\n",sbin_path,sock_dir); return 0; trli_chmod (stop_sh,0755); glocal.stoptrlisyslog = stop_sh; } } // SERVICE compute for (auto s:glocal.config->computes){ static const char *compute_start = "/var/lib/lxc/compute-start.sh"; (compute_start,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,". /root/trli.conf\n"); fprintf (fout,"%s/trli-log --daemon --data_dbserv 192.168.4.1 --data_dbuser %s" " --data_dbname trli --sqltcpport 3307" " --control %s/trli-log.sock --unixadmin unix:%s/compute.sock" " --compute --admin-secrets %s/secrets.admin" " /var/lib/lxc/writed/rootfs/%s/trli-writed.log\n" ,sbin_path,sql_trli_writed_user ,sock_dir,sock_dir ,config_dir ,log_dir); if (glocal.devmode){ fprintf (fout,"chown %s %s/compute.sock\n",trli_user,sock_dir); } return 0; trli_chmod (compute_start,0755); fprintf (fout,"%s\n",compute_start); glocal.stopcompute = "/var/lib/lxc/compute-stop.sh"; (glocal.stopcompute,false); fprintf (fout,"#!/bin/sh\n"); fprintf (fout,"%s/trli-log-control -p %s/trli-log.sock quit\n" ,sbin_path,sock_dir); return 0; trli_chmod (glocal.stopcompute,0755); } return 0; trli_chmod (trlistart,0755); (trlistop,false); fprintf (fout,"#!/bin/sh\n"); if (glocal.stopcompute.size() > 0) fprintf (fout,"%s\n",glocal.stopcompute.c_str()); if (glocal.stoptrlimon.size() > 0) fprintf (fout,"%s\n",glocal.stoptrlimon.c_str()); if (glocal.stoptrlid.size() > 0) fprintf (fout,"%s\n",glocal.stoptrlid.c_str()); if (glocal.stopwrited.size() > 0) fprintf (fout,"%s\n",glocal.stopwrited.c_str()); if (glocal.stopsessiond.size() > 0) fprintf (fout,"%s\n",glocal.stopsessiond.c_str()); if (glocal.stopweb.size() > 0) fprintf (fout,"%s\n",glocal.stopweb.c_str()); if (glocal.stopwebadm.size() > 0) fprintf (fout,"%s\n",glocal.stopwebadm.c_str()); if (glocal.stopwebssl.size() > 0) fprintf (fout,"%s\n",glocal.stopwebssl.c_str()); if (glocal.stopsqlddata.size() > 0) fprintf (fout,"%s\n",glocal.stopsqlddata.c_str()); if (glocal.stopsqlduser.size() > 0) fprintf (fout,"%s\n",glocal.stopsqlduser.c_str()); if (glocal.stopproto.size() > 0) fprintf (fout,"%s\n",glocal.stopproto.c_str()); if (glocal.stopexim.size() > 0) fprintf (fout,"%s\n",glocal.stopexim.c_str()); if (glocal.stoptrlisyslog.size() > 0) fprintf (fout,"%s\n",glocal.stoptrlisyslog.c_str()); fprintf (fout,"killall udpproxy\n"); return 0; trli_chmod (trlistop,0755); ("/tmp/bkstop.sh",false); fprintf (fout,"%s/blackhole-control -p %s/blackhole.sock quit\n",blackhole_path,sock_dir); fprintf (fout,"%s/horizon-control -p %s/horizon.sock quit\n",blackhole_path,sock_dir); fprintf (fout,"%s/conproxy-control -p %s/conproxy.sock quit\n",blackhole_path,sock_dir); //fprintf (fout,"%s/protocheck-2factors-control -p %s/protocheck-2factors.sock quit\n",blackhole_path,sock_dir); //fprintf (fout,"%s/protocheck-2factors-control -p %s/protocheck-2factors-learn.sock quit\n",blackhole_path,sock_dir); return 0; trli_chmod ("/tmp/bkstop.sh",0755); } static bool trli_lookup (const char *name, vector &tb) { bool ret = false; if (tb.size() > 0){ if (strcmp(tb[0].c_str(),"all")==0){ ret = true; }else{ for (auto x:tb){ if (strcmp(x.c_str(),name)==0){ ret = true; break; } } } } return ret; } int main (int argc, char *argv[]) { glocal int ret = -1; glocal const char *config_file = "/etc/trli/manager.conf"; glocal bool dumpconfig = false; glocal bool devmode = false; glocal vector devip; // List of services which requires a development IP glocal bool inframode = false; glocal.ret = (argc,argv); setproginfo ("trli-manager",VERSION,"Control the trli cluster"); setarg ('c',"config","Config file",glocal.config_file,false); setarg (' ',"dump","Dump config (debug)",glocal.dumpconfig,false); setarg (' ',"devip","Use development IP (127.0.0.X) for a given service",glocal.devip,false); setarg (' ',"blackhole_path","Path of blackhole utilities",blackhole_path,false); setgrouparg ("Modes"); setarg (' ',"devmode","Sets various parameters to run on a workstation",glocal.devmode,false); setarg (' ',"inframode","Generate config only for infrastructure",glocal.inframode,false); setarg (' ',"preprodmode","Sets various parameters to run in pre-production",preprodmode,false); setgrouparg ("SQL"); setarg (' ',"trliduser","SQL user for trlid server",sql_trlid_user,false); setarg (' ',"trlidpwd","SQL password for trlid server",sql_trlid_pwd,false); setarg (' ',"writeduser","SQL user for trli-writed server",sql_trli_writed_user,false); setarg (' ',"writedpwd","SQL password for trli-writed server",sql_trli_writed_pwd,false); int ret = -1; glocal CONFIG config; if (getenv("TRLID_PWD")!=NULL) sql_trlid_pwd = getenv("TRLID_PWD"); if (getenv("TRLI_WRITED_PWD")!=NULL) sql_trli_writed_pwd = getenv("TRLI_WRITED_PWD"); closeweb = file_exist("/root/closeweb"); (glocal.config_file,true); const char *pt = str_skip(line); if (*pt != '#' && *pt != '\0'){ vector tb; int n = str_splitlineq(pt,tb); if (n > 1){ const char *word = tb[0].c_str(); if (strcmp(word,"server")==0 && n == 5){ glocal.config.servers[tb[1]] = SERVER(tb[2],tb[3],tb[4]); }else if (strcmp(word,"blackhole")==0 && n == 4){ glocal.config.blackholes.push_back(BLACKHOLE(tb[1],tb[2],trli_atou(tb[3]))); }else if (strcmp(word,"trlid")==0 && n == 5){ glocal.config.trlids.push_back(TRLID(tb[1],trli_atou(tb[2]),trli_atou(tb[3]),tb[4])); }else if (strcmp(word,"writed")==0 && n == 5){ glocal.config.writeds.push_back(WRITED(tb[1],trli_atou(tb[2]),trli_atou(tb[3]),tb[4])); }else if (strcmp(word,"sessiond")==0 && n == 3){ glocal.config.sessionds.push_back(SESSIOND(tb[1],trli_atou(tb[2]))); }else if (strcmp(word,"sqlddata")==0 && n == 2){ glocal.config.sqlddatas.push_back(SQLD(tb[1])); }else if (strcmp(word,"sqlduser")==0 && n == 2){ glocal.config.sqldusers.push_back(SQLD(tb[1])); }else if (strcmp(word,"proto")==0 && n == 3){ glocal.config.protos.push_back(PROTO(tb[1],trli_atou(tb[2]))); }else if (strcmp(word,"web")==0 && n == 2){ glocal.config.webs.push_back(WEB(tb[1])); }else if (strcmp(word,"webadm")==0 && n == 2){ glocal.config.webadms.push_back(WEB(tb[1])); }else if (strcmp(word,"webssl")==0 && n == 2){ glocal.config.webssls.push_back(WEB(tb[1])); }else if (strcmp(word,"log")==0 && n == 2){ glocal.config.logs.push_back(WEB(tb[1])); }else if (strcmp(word,"compute")==0 && n == 2){ glocal.config.computes.push_back(WEB(tb[1])); }else if (strcmp(word,"exim")==0 && n == 2){ glocal.config.exims.push_back(WEB(tb[1])); }else if (strcmp(word,"dnsproxy")==0 && n == 2){ glocal.config.dnsproxys.push_back(WEB(tb[1])); }else if (strcmp(word,"monitor")==0 && n == 4){ glocal.config.monitors.push_back(MON(tb[1],tb[2],tb[3])); }else{ tlmp_error ("Invalid line %d in configuration file %s\n",noline,info.filename); } }else{ tlmp_error ("Invalid line %d in configuration file %s\n",noline,info.filename); } } return 0; tlmp_error ("Empty configuration file %s, ending\n",glocal.config_file); exit (-1); tlmp_error ("Missing configuration file %s, ending\n",fname); exit (-1); if (glocal.dumpconfig){ for (auto x:glocal.config.servers) printf ("server %s sshcmd=%s cpcmd=%s\n",x.first.c_str(),x.second.sshcmd.c_str(),x.second.cpcmd.c_str()); for (auto x:glocal.config.blackholes) printf ("blackhole server %s config %s port %u\n",x.server.c_str(),x.config.c_str(),x.port); for (auto x:glocal.config.trlids) printf ("trlid server %s port %u workers %u\n",x.server.c_str(),x.port,x.workers); for (auto x:glocal.config.writeds) printf ("writed server %s port %u workers %u\n",x.server.c_str(),x.port,x.workers); for (auto x:glocal.config.sessionds) printf ("sessiond server %s port %u\n",x.server.c_str(),x.port); for (auto x:glocal.config.sqlddatas) printf ("sqldata server %s\n",x.server.c_str()); for (auto x:glocal.config.sqldusers) printf ("sqluser server %s\n",x.server.c_str()); for (auto x:glocal.config.protos) printf ("proto server %s\n",x.server.c_str()); for (auto x:glocal.config.webs) printf ("web server %s\n",x.server.c_str()); for (auto x:glocal.config.webadms) printf ("webadm server %s\n",x.server.c_str()); for (auto x:glocal.config.webssls) printf ("webadm server %s\n",x.server.c_str()); for (auto x:glocal.config.logs) printf ("log server %s\n",x.server.c_str()); for (auto x:glocal.config.computes) printf ("compute server %s\n",x.server.c_str()); } if (preprodmode){ // Run preprod as an lxc container #define PIP_PREFIX "192.168.124." ip_lxc_gateway = PIP_PREFIX "1"; ip_trlid = PIP_PREFIX "2"; ip_writed = PIP_PREFIX "3"; ip_sessiond = PIP_PREFIX "4"; ip_web = PIP_PREFIX "5"; ip_web_fail = PIP_PREFIX "15"; ip_webadm = PIP_PREFIX "6"; ip_proto = PIP_PREFIX "7"; ip_webssl = PIP_PREFIX "8"; ip_webssl_fail = PIP_PREFIX "18"; ip_sqlduser = PIP_PREFIX "9"; ip_sqlddata = PIP_PREFIX "10"; ip_exim = PIP_PREFIX "11"; } if (glocal.devmode){ char path[PATH_MAX]; if (getcwd(path,sizeof(path))==NULL){ tlmp_error ("Can't get current working directory, aborting\n"); exit (-1); } static string dev_config_dir = string(path) +"/data"; config_dir = dev_config_dir.c_str(); static string dev_log_dir("/tmp"); log_dir = dev_log_dir.c_str(); static string dev_sock_dir("/tmp"); sock_dir = dev_sock_dir.c_str(); static string dev_sock_tests_dir("/tmp/tests"); sock_tests_dir = dev_sock_tests_dir.c_str(); static string dev_sbin_path(path); sbin_path = dev_sbin_path.c_str(); devlog = "/tmp/trli.log"; blackhole_options_conf = "/tmp/blackhole-options.conf"; blackhole_rules = "/tmp/blackhole-rules.sh"; horizon_options_conf = "/tmp/horizon-options.conf"; horizon_rules = "/tmp/horizon-rules.sh"; if (trli_lookup("horizon",glocal.devip)){ horizon_ip = "127.0.0.10"; horizon_ip2 = "127.0.0.11"; horizon_masterip = "127.0.0.1"; } if (trli_lookup("trlid",glocal.devip)) vs_trlid = "trlid_p"; if (trli_lookup("writed",glocal.devip)) vs_writed = "writed_p"; if (trli_lookup("sessiond",glocal.devip)) vs_sessiond = "sessiond_p"; if (trli_lookup("web",glocal.devip)) ip_web = "192.168.5.5"; if (trli_lookup("webadm",glocal.devip)) ip_webadm = "192.168.5.6"; if (trli_lookup("webssl",glocal.devip)) ip_webssl = ip_webssl_p; if (trli_lookup("proto",glocal.devip)) ip_proto = "192.168.5.7"; if (trli_lookup("sqlddata",glocal.devip)) ip_sqlddata = "127.0.0.1"; if (trli_lookup("sqlduser",glocal.devip)) ip_sqlduser = "127.0.0.1"; uid_t uid = getuid(); struct passwd *p = getpwuid(uid); if (p == NULL){ tlmp_error ("Can't identify the current user, aborting\n"); exit (-1); } static string dev_trli_user(p->pw_name); trli_user = dev_trli_user.c_str(); trli_userid = p->pw_uid; blackhole_user = dev_trli_user.c_str(); pid_dir = "/tmp"; }else{ struct passwd *p = getpwnam(trli_user); if (p == NULL){ tlmp_error ("Can't identify the user %s, aborting\n",trli_user); exit (-1); } trli_userid = p->pw_uid; } if (argc == 2 && strcmp(argv[0],"printconfig")==0){ const string server(argv[1]); auto s = glocal.config.servers.find(server); if (s == glocal.config.servers.end()){ tlmp_error ("Server %s not found in configuration\n",server.c_str()); }else{ print_configs (server,s->second.public_ip,glocal.config,glocal.devmode); } } return ret; return glocal.ret; }