[pve-devel] [PATCH 2/2] add package for QDevice Net Daemon

Mon Aug 1 15:54:59 CEST 2016

The QDevice Net Daemon is the daemon running outside of the cluster
with the purpose of providing a vote to the corosync-qdevice model
"net".

Create an own package for it as it's not related to corosync
directly (i.e. it has no dependency on (lib)corosync) and may run
on a non Proxmox VE server.

Provide a systemd Service file which starts the daemon with an
unprivileged user (coroqnetd) as recommended by the corosync devs

For this we add a tmpfiled.d config which generates the /run
directory with the correct permissions for the coroqnetd user
so that qnetd service can be started successfully.

corosync provides such an file already, but with root as user,
patch this to coroqnetd.

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---

 Makefile                                           |  1 +
 debian/changelog                                   |  2 ++
 debian/control                                     | 17 ++++++++++
 debian/corosync-pve.install                        |  2 +-
 debian/corosync-qnetd-pve.install                  |  6 ++++
 debian/corosync-qnetd-pve.postinst                 | 37 ++++++++++++++++++++++
 debian/corosync-qnetd-pve.postrm                   | 33 +++++++++++++++++++
 debian/corosync-qnetd.service                      | 15 +++++++++
 ...oroqnetd-the-owner-of-qnetd-run-directory.patch | 19 +++++++++++
 debian/patches/series                              |  1 +
 debian/rules                                       |  3 ++
 11 files changed, 135 insertions(+), 1 deletion(-)
 create mode 100644 debian/corosync-qnetd-pve.install
 create mode 100644 debian/corosync-qnetd-pve.postinst
 create mode 100644 debian/corosync-qnetd-pve.postrm
 create mode 100644 debian/corosync-qnetd.service
 create mode 100644 debian/patches/0001-make-coroqnetd-the-owner-of-qnetd-run-directory.patch

diff --git a/Makefile b/Makefile
index d97a74f..dad1102 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,7 @@ GITVERSION:=$(shell cat .git/refs/heads/master)
 
 DEBS=									\
 	corosync-pve_${CSVERSION}-${CSRELEASE}_${ARCH}.deb 		\
+	corosync-qnetd-pve_${CSVERSION}-${CSRELEASE}_${ARCH}.deb		\
 	libcorosync4-pve_${CSVERSION}-${CSRELEASE}_${ARCH}.deb 		\
 	libcorosync-pve-dev_${CSVERSION}-${CSRELEASE}_${ARCH}.deb
 
diff --git a/debian/changelog b/debian/changelog
index 44ec9c4..7932876 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ corosync-pve (2.4.0-2) unstable; urgency=medium
 
   * also compile QDevice daemon
 
+  * add package for QDevice Net Daemon
+
  -- Proxmox Support Team <support at proxmox.com>  Sat, 16 Jul 2016 10:27:49 +0200
 
 corosync-pve (2.4.0-1) unstable; urgency=medium
diff --git a/debian/control b/debian/control
index 498c31c..9f45833 100644
--- a/debian/control
+++ b/debian/control
@@ -26,6 +26,23 @@ Description: Standards-based cluster framework (daemon and modules)
  .
  This package contains the corosync daemon and modules.
 
+Package: corosync-qnetd-pve
+Section: admin
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libnss3-tools, adduser, systemd
+Conflicts:corosync-qnetd
+Provides: corosync-qnetd
+Description: corosync-qnetd
+ is a daemon running outside of the cluster with the purpose of providing
+ a vote to the  corosync-qdevice model net. It's designed to support
+ multiple clusters and be almost configuration and state free. New
+ clusters are handled dynamically and no configuration file exists. It's
+ also able to run as non-root user - which is recommended. Connection
+ between the corosync-qdevice model net client can be optionally
+ configured with TLS client certificate checking. The communic ation
+ protocol between server and client is designed to be very simple and
+ allow backwards compatibility.
+
 Package: libcorosync4-pve
 Section: libs
 Architecture: any
diff --git a/debian/corosync-pve.install b/debian/corosync-pve.install
index 4835b60..410da34 100644
--- a/debian/corosync-pve.install
+++ b/debian/corosync-pve.install
@@ -1,7 +1,7 @@
 usr/sbin
 usr/bin/corosync-blackbox
 usr/share/man/man5
-usr/share/man/man8
+usr/share/man/man8/{cmap_keys.8,cmap_overview.8,corosync.8,corosync-blackbox.8,corosync-cfgtool.8,corosync-cmapctl.8,corosync-cpgtool.8,corosync-keygen.8,corosync-notifyd.8,corosync_overview.8,corosync-qdevice.8,corosync-qdevice-net-certutil.8,corosync-qdevice-tool.8,corosync-quorumtool.8,cpg_overview.8,quorum_overview.8,sam_overview.8,votequorum_overview.8}
 debian/corosync.service lib/systemd/system
 debian/corosync-qdevice.service lib/systemd/system
 usr/share/corosync/corosync
diff --git a/debian/corosync-qnetd-pve.install b/debian/corosync-qnetd-pve.install
new file mode 100644
index 0000000..e71a791
--- /dev/null
+++ b/debian/corosync-qnetd-pve.install
@@ -0,0 +1,6 @@
+usr/bin/corosync-qnetd
+usr/bin/corosync-qnetd-certutil
+usr/bin/corosync-qnetd-tool
+usr/share/man/man8/corosync-qnetd*
+lib/tmpfiles.d/corosync-qnetd.conf usr/lib/tmpfiles.d
+debian/corosync-qnetd.service lib/systemd/system
diff --git a/debian/corosync-qnetd-pve.postinst b/debian/corosync-qnetd-pve.postinst
new file mode 100644
index 0000000..977ea23
--- /dev/null
+++ b/debian/corosync-qnetd-pve.postinst
@@ -0,0 +1,37 @@
+#!/bin/sh
+# postinst script for corosync
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    configure)
+
+
+	# create the corosync qnetd user
+        adduser --quiet --group --system --no-create-home coroqnetd
+	mkdir -p /etc/corosync/qnetd /var/run/corosync-qnetd
+	chown -R coroqnetd:coroqnetd /etc/corosync/qnetd /var/run/corosync-qnetd
+
+	test -d /etc/corosync/qnetd/nssdb || echo "\nno NSS db configured, run 'corosync-qnetd-certutil -i'\n"
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/corosync-qnetd-pve.postrm b/debian/corosync-qnetd-pve.postrm
new file mode 100644
index 0000000..0d55536
--- /dev/null
+++ b/debian/corosync-qnetd-pve.postrm
@@ -0,0 +1,33 @@
+#!/bin/sh
+# postrm script for corosync
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    purge)
+	rm -rf /etc/corosync/qnetd
+    ;;
+
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
diff --git a/debian/corosync-qnetd.service b/debian/corosync-qnetd.service
new file mode 100644
index 0000000..8557a0c
--- /dev/null
+++ b/debian/corosync-qnetd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Corosync Qdevice Network daemon
+ConditionKernelCommandLine=!nocluster
+ConditionPathExists=/etc/corosync/qnetd/nssdb
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/corosync-qnetd -f
+Type=simple
+Restart=on-abnormal
+User=coroqnetd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/patches/0001-make-coroqnetd-the-owner-of-qnetd-run-directory.patch b/debian/patches/0001-make-coroqnetd-the-owner-of-qnetd-run-directory.patch
new file mode 100644
index 0000000..885555e
--- /dev/null
+++ b/debian/patches/0001-make-coroqnetd-the-owner-of-qnetd-run-directory.patch
@@ -0,0 +1,19 @@
+From 85c15c6e0d04910d4f6db9ecb94ec64ab7009e9b Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Mon, 1 Aug 2016 14:59:25 +0200
+Subject: [PATCH] make coroqnetd the owner of qnetd /run directory
+
+---
+ conf/tmpfiles.d/corosync-qnetd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/conf/tmpfiles.d/corosync-qnetd.conf b/conf/tmpfiles.d/corosync-qnetd.conf
+index f4cbd03..aa014d5 100644
+--- a/conf/tmpfiles.d/corosync-qnetd.conf
++++ b/conf/tmpfiles.d/corosync-qnetd.conf
+@@ -1 +1 @@
+-d /var/run/corosync-qnetd 0770 root root -
++d /run/corosync-qnetd 0770 coroqnetd coroqnetd -
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 1196261..63d1e72 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
 #corosync-keygen.diff
 #cpg-join-fix.diff
 #disable-sched-rr.patch
+0001-make-coroqnetd-the-owner-of-qnetd-run-directory.patch
diff --git a/debian/rules b/debian/rules
index 83f0fb6..5299ae9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -23,12 +23,15 @@ override_dh_auto_configure:
 	--infodir=\$${prefix}/share/info 	\
 	--enable-augeas 			\
 	--enable-qdevices			\
+	--enable-qnetd				\
 	--enable-systemd
 
 override_dh_systemd_enable:
 	dh_systemd_enable -pcorosync-pve --name corosync corosync.service
 	dh_systemd_enable --no-enable -pcorosync-pve --name corosync-qdevice corosync-qdevice.service
+	dh_systemd_enable --no-enable -pcorosync-qnetd-pve --name corosync-qnetd.service
 
 override_dh_systemd_start:
 	dh_systemd_start --no-start -pcorosync-qdevice-pve
+	dh_systemd_start --no-start -pcorosync-qnetd-pve
 
-- 
2.1.4



