Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: cbowlby/resource-agents
base: 741152d6c9
...
head fork: cbowlby/resource-agents
compare: 5636042302
  • 4 commits
  • 1 file changed
  • 0 commit comments
  • 1 contributor
Commits on May 16, 2012
Chris Bowlby dhcpd: Added a means to copy additional files into the chroot path.
I've added a new includes variable that allows an admin to copy in
additional files that have been specified in an "include" declaration
in the dhcpd configuration file itself.
db29d8a
Chris Bowlby dhcpd: Expanded the validation tests to verify all sub-folders exist.
There was an issue that if a partially created chroot environment was
already in place, it would fail to finish initializing the rest of the
environment. I have expanded the tests against each of the required
sub-folders, and it now creates them properly if they do not exist.
References #3.
c6debce
Chris Bowlby dhcpd: Additional permission adjustments.
The db path for the leases file was not being properly set.
391bb3a
Chris Bowlby dhcpd: Adjusted the permissions setting to be more robust.
The paths were being assumed, so I have now adjusted the code to use the
variables as their source for the pid and leases files, and pulling the
dirname from those.
5636042
Showing with 41 additions and 15 deletions.
  1. +41 −15 heartbeat/dhcpd
View
56 heartbeat/dhcpd
@@ -19,6 +19,7 @@ OCF_RESKEY_config_default=""
OCF_RESKEY_chrooted_path_default="/var/lib/dhcp"
OCF_RESKEY_leases_default="/db/dhcpd.leases"
OCF_RESKEY_interface_default=""
+OCF_RESKEY_includes_default=""
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
@@ -28,11 +29,15 @@ OCF_RESKEY_interface_default=""
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
: ${OCF_RESKEY_leases=${OCF_RESKEY_leases_default}}
: ${OCF_RESKEY_interface=${OCF_RESKEY_interface_default}}
+: ${OCF_RESKEY_includes=${OCF_RESKEY_includes_default}}
# To enable support for different versions of dhcp, we need
# to know what version we are being run against.
DHCP_VERSION_MAJOR=`${OCF_RESKEY_binary} --version 2>&1 | awk -F- '{print $3}' | awk -F. '{print $1}'`
+# These files are always copied by default to ensure the chroot environment works.
+DEFAULT_FILE_LIST="/etc/gai.conf /etc/nsswitch.conf /etc/resolv.conf /etc/host.conf /etc/hosts /etc/localtime /dev/urandom"
+
usage() {
cat <<EOF
usage: $0 start|stop|status|monitor|meta-data|validate-all
@@ -112,6 +117,21 @@ service.
<shortdesc lang="en">Network Interface</shortdesc>
<content type="string" default="${OCF_RESKEY_interface_default}"/>
</parameter>
+ <parameter name="includes" unique="0" required="0">
+ <longdesc lang="en">
+ This parameter provides a means for an admin to copy include
+ files into the chrooted environment. If a dhcpd.conf file
+ contains a line similar to the this:
+
+ include "/etc/named.keys";
+
+ Then an admin also has to tell the dhcpd ra script that this
+ file should be pulled into the chrooted environment. This is
+ a space delimited list.
+ </longdesc>
+ <shortdesc lang="en">Include Files</shortdesc>
+ <content type="string" default="${OCF_RESKEY_includes_default}"/>
+ </parameter>
<parameter name="leases" unique="0" required="0">
<longdesc lang="en">
This parameter defines the leases database file, from
@@ -206,15 +226,18 @@ dhcpd_initialize_chroot() {
if ! [ -d ${OCF_RESKEY_chrooted_path} ] ; then
ocf_log info "Initializing ${OCF_RESKEY_chrooted_path} for use."
mkdir -p ${OCF_RESKEY_chrooted_path}
- for i in "db dev etc lib64 var" ; do
- if ! [ -d ${OCF_RESKEY_chrooted_path}/${i} ] ; then
- mkdir -p ${OCF_RESKEY_chrooted_path}/${i}
- fi
- done
-
- if ! [ -d ${OCF_RESKEY_chrooted_path}/var/run ] ; then
- mkdir -p ${OCF_RESKEY_chrooted_path}/var/run
+ fi
+
+ # Make sure all sub-paths are created if something went wrong during
+ # a partial run.
+ for i in "db dev etc lib64 var" ; do
+ if ! [ -d ${OCF_RESKEY_chrooted_path}/${i} ] ; then
+ mkdir -p ${OCF_RESKEY_chrooted_path}/${i}
fi
+ done
+
+ if ! [ -d ${OCF_RESKEY_chrooted_path}/var/run ] ; then
+ mkdir -p ${OCF_RESKEY_chrooted_path}/var/run
fi
ocf_log debug "making sure we are not running version 4 or higher"
@@ -231,7 +254,8 @@ dhcpd_initialize_chroot() {
fi
# Ensure all permissions are in place if the folder was re-created.
- chown -R ${OCF_RESKEY_user}:${OCF_RESKEY_group} ${OCF_RESKEY_chrooted_path}/var
+ chown -R ${OCF_RESKEY_user}:${OCF_RESKEY_group} ${OCF_RESKEY_chrooted_path}/`dirname ${OCF_RESKEY_leases}`
+ chown -R ${OCF_RESKEY_user}:${OCF_RESKEY_group} ${OCF_RESKEY_chrooted_path}/`dirname ${OCF_RESKEY_pid}`
## If there is no conf file, we can't initialize the chrooted
## environment, return with "program not configured"
@@ -248,14 +272,16 @@ dhcpd_initialize_chroot() {
# Remove the random device.
test -e "${OCF_RESKEY_chrooted_path}/dev/urandom" && rm -f ${OCF_RESKEY_chrooted_path}/dev/urandom
- FILE_LIST="/etc/gai.conf /etc/nsswitch.conf /etc/resolv.conf /etc/host.conf /etc/hosts /etc/localtime /dev/urandom"
-
- if [ -e /etc/named.keys ] ; then
- FILE_LIST="${FILE_LIST} /etc/named.keys"
- fi
+ # Test for the existance of the defined include files, and append
+ # them to the list of files to be copied.
+ for i in ${OCF_RESKEY_includes} ; do
+ if [ -e ${i} ] ; then
+ DEFAULT_FILE_LIST="${DEFAULT_FILE_LIST} ${i}"
+ fi
+ done
# Ensure all "modified" non-chrooted configuration files are copied into the chrooted environment.
- for i in ${OCF_RESKEY_config} ${FILE_LIST}; do
+ for i in ${OCF_RESKEY_config} ${DEFAULT_FILE_LIST}; do
# First, lets make sure the directory exists within the chrooted environment.
if test -d "${i}" ; then
test -d "${OCF_RESKEY_chrooted_path}/${i}" || mkdir -p "${OCF_RESKEY_chrooted_path}/${i}"

No commit comments for this range

Something went wrong with that request. Please try again.