diff options
author | Sergey Poznyakoff <gray@nxc.no> | 2017-08-16 17:53:40 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@nxc.no> | 2017-08-16 18:04:00 +0300 |
commit | 168d61f49a4ec1dc2a956e848000d970dffa017f (patch) | |
tree | 693496e8d423009e0d9f93831294416cca902263 | |
parent | a83d669187ed26207f86aabf2d8d2f43663c9101 (diff) | |
download | nssync-168d61f49a4ec1dc2a956e848000d970dffa017f.tar.gz nssync-168d61f49a4ec1dc2a956e848000d970dffa017f.tar.bz2 |
Improve docs.
* NEWS: Document changes.
* doc/nssync.8: Likewise.
* doc/nssync.texi: Likewise.
* src/Makefile.am (LOCALSTATEDIR): Change definition
* src/cmdline.opt (--syslog): New option.
* src/nssync.c (main): Honor --syslog in cron mode.
* src/nssync.h (nssync_server): Return int.
* src/server.c (nssync_server): Change to the user privs
after opening the socket. Create the pidfile afterward.
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | doc/nssync.8 | 174 | ||||
-rw-r--r-- | doc/nssync.texi | 250 | ||||
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/cmdline.opt | 8 | ||||
-rw-r--r-- | src/nssync.c | 36 | ||||
-rw-r--r-- | src/nssync.h | 2 | ||||
-rw-r--r-- | src/server.c | 12 |
8 files changed, 338 insertions, 152 deletions
@@ -8,6 +8,12 @@ Version 1.1.92 (Git) * Standalone server mode. +The server mode is enabled by the `--server' command line option. +In this mode, nssync becomes a daemon and starts listening on the +preconfigured address and port (by default, 127.0.0.1:8080) for REST +HTTP requests. A POST request to the URI `/nssync' causes the program +to wake up and perform synchronization. + * check-ns This new configuration statement controls which zones are served by diff --git a/doc/nssync.8 b/doc/nssync.8 index 6ea3121..26d67d5 100644 --- a/doc/nssync.8 +++ b/doc/nssync.8 @@ -1,5 +1,5 @@ .\" This file is part of Nssync. -*- nroff -*- -.\" Copyright (C) 2011, 2014 Sergey Poznyakoff +.\" Copyright (C) 2011-2017 Sergey Poznyakoff .\" .\" Nssync is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -13,18 +13,34 @@ .\" .\" You should have received a copy of the GNU General Public License .\" along with Nssync. If not, see <http://www.gnu.org/licenses/>. -.TH NSSYNC "8" "December 1, 2014" "NSSYNC" "" +.TH NSSYNC "8" "August 16, 2017" "NSSYNC" "" .SH NAME \fBnssync\fR \- A DNS Zone File Maintenance Utility .SH SYNOPSIS -\fBnssync\fR [\-EVXdfhntx] [\-D \fISYMBOL[=VALUE\fR]] [\-I \fIDIR\fR]\ - [\-c \fIFILE\fR] [\-\-config\-file=\fIFILE\fR] [\-\-config\-help]\ - [\-\-debug] [\-\-debug\-lexer] [\-\-debug\-parser]\ - [\-\-define=\fISYMBOL\fR[=\fIVALUE\fR]] [\-\-dry\-run] [\-\-force]\ - [\-\-help] [\-\-include\-directory=\fIDIR\fR] [\-\-lint]\ - [\-\-no\-preprocessor] [\-\-preprocessor=\fICOMMAND\fR]\ - [\-\-usage] [\-\-version] +\fBnssync\fR\ + [\fB\-EFSVXdfhnstx\fR]\ + [\fB\-D\fR \fISYMBOL[=VALUE\fR]]\ + [\fB\-I\fR \fIDIR\fR]\ + [\fB\-c\fR \fIFILE\fR]\ + [\fB\-\-config\-file=\fIFILE\fR]\ + [\fB\-\-config\-help\fR]\ + [\fB\-\-debug\fR]\ + [\fB\-\-debug\-lexer\fR]\ + [\fB\-\-debug\-parser\fR]\ + [\fB\-\-define=\fISYMBOL\fR[=\fIVALUE\fR]]\ + [\fB\-\-dry\-run\fR]\ + [\fB\-\-force\fR]\ + [\fB\-\-foreground\fR]\ + [\fB\-\-help\fR]\ + [\fB\-\-include\-directory=\fIDIR\fR]\ + [\fB\-\-lint\fR]\ + [\fB\-\-no\-preprocessor\fR]\ + [\fB\-\-preprocessor=\fICOMMAND\fR]\ + [\fB\-\-server\fR]\ + [\fB\-\-syslog\fR]\ + [\fB\-\-usage\fR]\ + [\fB\-\-version\fR] .SH WARNING This manpage is a short description of the \fBnssync\fR utility. For a detailed discussion, including examples of the configuration and @@ -49,43 +65,14 @@ The nssync utility provides an alternative solution, which makes it possible to keep your zone data in an SQL database without using DLZ and with glue records working. -It does so by periodically polling the database to determine which -data have recently changed and converting the database into BIND zone +It does so by polling the database to determine records that have +recently changed and converting the database into BIND zone files. -The \fBnssync\fR utility is normally started periodically from -crontab. Upon startup it reads its configuration file, which supplies -the necessary program settings. Then, if the settings require so, it -verifies that no other copy of the \fBnssync\fR is already -running. Further on, it parses the \fBnamed\fR configuration file -\fBnamed.conf\fR to determine several settings needed for its further -operation, in particular, the value of the \fBdirectory\fR statement -in the \fBoptions\fR block. - -Once these preliminary operations are over, \fBnssync\fR starts -its main task. Its configuration file defines, among other data, one -or more synchronization blocks. Each such block defines SQL -statements which return information about DNS zones as well as the -location of \fBnamed\fR configuration file where the \fBzone\fR -statements for these zones are to be stored (it is supposed that this -file is included somewhere in the main \fBnamed.conf\fR file). For -each synchronization block, the utility retrieves the zone data from -the database and formats them into separate zone files. Each of these -files is then compared to an already existing one (locations of the -zone files are defined in the synchronization block they pertain to). -If the files differ, new zone file replaces the old one and a flag is -set indicating that the \fBnamed\fR daemon needs to be restarted -in order to read new configuration. - -When this stage is finished, \fBnssync\fR reloads the name server -(if required) and exits. - -Several command line options can be supplied in order to modify the -program's behavior. In particular, it is possible to check the -configuration file syntax or even instruct the utility to do -everything, except modifying the zone files (a so-called dry-run -mode). This allows you to debug your configuration before actually -starting using \fBnssync\fR. +The program can be run either periodically, as a cron job, or as a +standalone daemon. In the latter case, it listens on a specified +address for a specific HTTP request and triggers zone updates upon +receiving it. .SH OPTIONS .TP \fB\-E\fR @@ -97,9 +84,13 @@ Use \fIFILE\fR instead of the default configuration file. \fB\-f\fR, \fB\-\-force\fR Proceed even if SQL slave status has not changed. .TP +\fB\-F\fR, \fB\-\-foreground\fR +Remain in foreground when running in server mode. +Valid only when used together with the \fB\-\-server\fR option. +.TP \fB\-n\fR, \fB\-\-dry\-run\fR Do nothing, print almost everything; implies -\fB\-\-debug \-\-stderr\fR. Use additional \fB\-\-debug\fR options to get +\fB\-\-debug. Use additional \fB\-\-debug\fR options to get even more info. .TP \fB\-t\fR, \fB\-\-lint\fR @@ -118,6 +109,12 @@ Disable preprocessing. \fB\-\-preprocessor\fR=\fICOMMAND\fR Use \fICOMMAND\fR instead of the default preprocessor. .TP +\fB\-s\fR, \fB\-\-server\fR +Run in server mode. +.TP +\fB\-S\fR, \fB\-\-syslog\fR +Use syslog for diagnostics (default for server mode). +.TP \fB\-d\fR, \fB\-\-debug\fR Increase debug level. .TP @@ -148,9 +145,13 @@ if IPv4 address of one of the servers matches one of the IP addresses of the host on which \fBnssync\fR is run. .TP \fBpidfile\fR \fIFILE\fR; -At startup, check if \fIFILE\fR already exists and is owned by an existing -process. Exit if so. Use this statement to avoid accidentally -running two copies of \fBnssync\fR simultaneously. +Set the name of the PID file. At startup, @command{nssync} checks if +the @var{file} already exists and is owned by an existing process. +If so, it exits. The default PID file is +\fILOCALSTATEDIR\fB/nssync/\fIPROGNAME\fB.pid\fR, where \fIPROGNAME\fR +stands for the name under which the program was invoked and +\fILOCALSTATEDIR\fR is the name of the directory for modifiable +single-machine data set during configure. .TP \fBtempdir\fR \fIDIR\fR; Sets the name for the temporary directory. This is a directory where @@ -187,23 +188,68 @@ containing \fBzone\fR statements. The handling of \fIPAT\fR is similar to that in \fBzonefile-pattern\fR, except that only the \fB$synctag\fR reference is defined. .TP -\fBcompare\-command\fR \fICMD\fR; -Defines a command to be used for comparing two zone files. The -\fICMD\fR must be a command taking two files as its arguments and -returning 0 if they are the same or non-zero if they differ. -\fBNssync\fR uses this command to determine whether a particular -zone has changed. The variable references \fB$oldfile\fR and -\fBnewfile\fR are replaced with the old and new zone file names, -accordingly. - -The default \fBcompare\-command\fR value is: - - cmp $oldfile $newfile > /dev/null -.TP \fBreload\-command\fR \fIcmd\fR; Defines a command to reload the nameserver. The default is \fB/usr/sbin/rndc reload\fR. +.TP +\fBuser\fR \fINAME\fR; +Run as unprivileged user \fINAME\fR. If \fINAME\fR begins with a plus +sign, it is treated as a UID number of the user, instead of the user +name. + +When switching to the user privileges, @command{nssync} retains the +supplementary groups of that user. +.TP +\fBgroup\fR \fINAME\fR; +Run with the privileges of group \fINAME\fR. By default, +the primary group of the user supplied with the \fBuser\fR statement +is used. + +If \fINAME\fR begins with a plus sign, it is treated as a GID number +of the group +.SS Server Settings +.EX +server { + address [\fIIP\fR][fB:\fIPORT\fR]; +} +.EE +.TP +\fBaddress\fR [\fIIP\fR][fB:\fIPORT\fR]; +Specifies the IPv4 address and/or port to listen on for control requests. +Either IP or port parts can be omitted, but not both. In any case, the +colon before \fIPORT\fR is mandatory. A host name can be used instead +of numeric IP, and a symbolic service name (from \fB/etc/services\fR), +in place of the numeric port. +.SS Syslog configuration +.EX +syslog { + facility \fINAME\fR; + tag \fINAME\fR; +} +.EE +.TP +\fBfacility\fR \fINAME\fR; +Specifies the syslog facility to use. Allowed names are: +.BR user , +.BR daemon " (default)," +.BR auth , +.BR authpriv , +.BR mail , +.BR cron , +.BR local0 " through " local7 +(all names case-insensitive), or a facility number. .SS SQL Access +.EX +mysql { + config-file \fIFILE\fR; + config-group \fINAME\fR; + database \fIDBNAME\fR; + user \fINAME\fR; + password \fITEXT\fR; + ssl-ca \fIFILE\fR; + slave-status-file \fIFILE\fR; +} +.EE .TP \fBhost\fR \fIHOSTNAME\fR[:\fIPORT\-OR\-SOCKET\fR]; Defines the SQL server IP and port. The \fIHOSTNAME\fR can be either @@ -224,10 +270,10 @@ Sets SQL user name. \fBpassword\fR \fIARG\fR; Sets SQL user password. .TP -\fBsql\-config\-file\fR \fIFILE\fR; +\fBconfig\-file\fR \fIFILE\fR; Read MySQL configuration from the \fBoption file\fR \fIFILE\fR. .TP -\fBsql\-config\-group\fR \fINAME\fR; +\fBconfig\-group\fR \fINAME\fR; Read the named group from the SQL configuration file. .TP \fBslave\-status\-file\fR \fIFILE\fR; @@ -334,7 +380,7 @@ Sergey Poznyakoff .SH "BUG REPORTS" Report bugs to <gray+nssync@gnu.org.ua>. .SH COPYRIGHT -Copyright \(co 2011, 2012, 2014 Sergey Poznyakoff +Copyright \(co 2011-2017 Sergey Poznyakoff .br .na License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> diff --git a/doc/nssync.texi b/doc/nssync.texi index 103ae7d..59b6863 100644 --- a/doc/nssync.texi +++ b/doc/nssync.texi @@ -115,9 +115,13 @@ makes it possible to keep your zone data in an SQL@footnote{As of version @value{VERSION} only MySQL is supported.} database without using DLZ and with glue records working. -It does so by periodically polling the database to determine which -data have changed recently and converting the database into BIND zone -files. +It does so by polling the database to determine which data have +changed recently and converting the database into BIND zone files. + +The program can be run either periodically, as a cron job, or as a +standalone daemon. In the latter case, it listens on a specified +address for a specific HTTP request and triggers zone updates upon +receiving it. @ifhtml @ifset WEBDOCS @@ -130,18 +134,20 @@ select another format. @node Overview @chapter Overview -The @command{nssync} utility is normally started periodically from -crontab. Upon startup it reads its configuration file, which supplies -the necessary program settings. Then, if the settings require so, it -verifies that no other copy of the @command{nssync} is already -running. Further on, it parses the @command{named} configuration file -@file{named.conf} to determine several settings needed for its further -operation, in particular, the value of the @samp{directory} statement -in the @samp{options} block. +When started, the @command{nssync} utility reads its configuration +file, which supplies the necessary program settings. Then, if no +other copy of the @command{nssync} is already running, it parses the +@command{named} configuration file @file{named.conf} to determine +several settings needed for its further operation, in particular, the +value of the @samp{directory} statement in the @samp{options} block. + +If started in server mode, @command{nssync} switches to background +and begins listening for HTTP requests on a preconfigured port. Upon +receiving a request for synchronization, it begins its main task. +Otherwise, it passes to the synchronization right away. @cindex synchronization block -Once these preliminary operations are over, @command{nssync} starts -its main task. Its configuration file defines, among other data, one +Its configuration file defines, among other data, one or more @dfn{synchronization blocks}. Each such block defines SQL statements which return information about DNS zones as well as the location of @command{named} configuration file where the @code{zone} @@ -155,8 +161,8 @@ If the files differ, new zone file replaces the old one and a flag is set indicating that the @command{named} daemon needs to be restarted in order to read new configuration. -When this stage is finished, @command{nssync} reloads the name server -(if required) and exits. +When this stage is finished, @command{nssync} returns to the request +waiting loop (if started as a server), or returns to the shell. Several command line options can be supplied in order to modify the program's behavior. In particular, it is possible to check the @@ -165,6 +171,55 @@ everything, except modifying the zone files (a so-called @dfn{dry-run mode}). This allows you to debug your configuration before actually starting using @command{nssync}. +@menu +* Cron mode:: +* Server mode:: +@end menu + +@node Cron mode +@section Cron Mode +The default mode of operation is called @dfn{cron mode} because it is +most often used when @command{nssync} is invoked as a cron job. In +this mode, @command{nssync} performs a single synchronization and +terminates. Any errors and diagnostic messages are reported on the +standard error stream. If this is undesirable, use the +@option{--syslog} option to redirect them to syslog. In this case, +the @samp{daemon} facility will be used, unless set otherwise in the +configuration file (@pxref{syslog statement}). + +@node Server mode +@section Server Mode +Server mode is enabled by the @option{--server} command line option. +In this mode, @command{nssync} switches to background mode (becomes a +@dfn{daemon}) and starts listening on the preconfigured address and +port (by default, 127.0.0.1:8080) for REST HTTP requests. A +@samp{POST} request to the URI @samp{/nssync} causes the program to +wake up and perform synchronization. The response contains a JSON +object, containing at least one boolean key: @code{success}. Its +value is @code{true} if the operation terminated successfully and +@code{false} otherwise. Other possible keys are: + +@table @samp +@item zones +An array of names of the zones that have been updated. If no zones have +been updated, this key is absent. + +@item errors +An array of errors that ocurred during the operation. Each element is +an object with the following keys: + +@table @samp +@item message +Textual description of the error. This key is always present. + +@item zone +Name of the zone in which the error occurred. This key may be absent, +if the error is a general one. +@end table +@end table + +In server mode, all diagnostics is reported via syslog. + @node Configuration File @chapter Configuration File @findex nssync.conf @@ -186,6 +241,7 @@ settings in detail. @menu * General Settings:: +* Server Settings:: * SQL Access:: * Synchronization Block:: @end menu @@ -195,9 +251,17 @@ settings in detail. These settings modify the behavior of @command{nssync} as a whole. @deffn {Configuration} pidfile @var{file} -At startup, check if @var{file} already exists and is owned by an existing -process. Exit if so. Use this statement to avoid accidentally -running two copies of @command{nssync} simultaneously. +At startup, @command{nssync} checks if the @var{file} already exists +and is owned by an existing process. If so, it exits. This +statements sets the full pathname of the PID file. If not specified, +the default name will be used, which is formed as +@file{@code{LOCALSTATEDIR}/nssync/@code{PROGNAME}.pid}, +where @code{PROGNAME} stands for the name under which @command{nssync} +was invoked and @code{LOCALSTATEDIR} is the name of the directory for +modifiable single-machine data set during configure. + +Note, that the directory where @var{file} is located must be writable +for the user @command{nssync} runs as (see the @code{user} statement). @end deffn @deffn {Configuration} tempdir @var{dir} @@ -206,6 +270,24 @@ Sets the name for the temporary directory. This is a directory where point to an existing directory. @end deffn +@deffn {Configuration} user @var{name} +Run as unprivileged user @var{name}. If @var{name} begins with a plus +sign, it is treated as a UID number of the user, instead of the user +name. + +When switching to the user privileges, @command{nssync} retains the +supplementary groups of that user. +@end deffn + +@deffn {Configuration} group @var{name} +Run with the privileges of group @var{name}. By default, +@command{nsswitch} will use the primary group of the user supplied +with the @code{user} statement. + +If @var{name} begins with a plus sign, it is treated as a GID number +of the group. +@end deffn + @deffn {Configuration} check-ns @var{bool} If set to @code{true}, @command{nssync} will check the list of NS servers prior to creating a zone file. The file will be created only @@ -256,42 +338,71 @@ The handling of @var{pat} is similar to that in @code{zonefile-pattern}, except that only the @samp{$synctag} reference is defined. @end deffn -@deffn {Configuration} compare-command @var{cmd} -Defines a command to be used for comparing two zone files. The -@var{cmd} must be a command taking two files as its arguments and -returning 0 if they are the same or non-zero if they differ. -@command{Nssync} uses this command to determine whether a particular -zone has changed. The following @dfn{variable references} are -expanded in @var{cmd}: +@deffn {Configuration} reload-command @var{cmd} +Defines a command to reload the nameserver. The default is +@samp{/usr/sbin/rndc reload}. +@end deffn -@table @asis -@item $oldfile -@itemx $@{oldfile@} -Old zone file. +@node Server Settings +@section Server Settings. -@item $newfile -@item $@{newfile@} -New zone file. -@end table +The program runs in server mode (@pxref{Server mode}) if given the +@option{--server} command line option. By default, it will start +listening on IP address 127.0.0.1, port 8080 and will use +@command{syslog} facility @samp{daemon} for error reporting. To +change the address, use the @code{server} block statement. + +@deffn {Configuration} server +The server block can contain only one keyword: @code{address}. +@end deffn -The default @code{compare-command} value is: +@deffn {server} address [@var{IP}][:@var{PORT}] +Specify the IPv4 address and/or port to listen on for control requests. +Either IP or port parts can be omitted, but not both. In any case, the +colon before @var{PORT} is mandatory. A host name can be used instead +of numeric IP, and a symbolic service name (from +@file{/etc/services}), in place of the numeric port. E.g.: @example -cmp $oldfile $newfile > /dev/null +server @{ + address 192.0.2.1:80; +@} @end example @end deffn -@deffn {Configuration} reload-command @var{cmd} -Defines a command to reload the nameserver. The default is -@samp{/usr/sbin/rndc reload}. +@anchor{syslog statement} +@deffn {Configuration} syslog +This block statement configures logging via @command{syslog}. It can +contain the following keywords: @code{facility}, and @code{tag}. +@end deffn + +@deffn {syslog} facility @var{syslog-facility} +Specifies the syslog facility to use. Allowed @var{syslog-facility} +values are: @samp{user}, @samp{daemon}, @samp{auth}, @samp{authpriv}, +@samp{mail}, @samp{cron}, @samp{local0} through @samp{local7} (all +names case-insensitive), or a facility number. @end deffn +@deffn {syslog} tag @var{string} +Use @var{string} to tag syslog messages, instead of the program name. +@end deffn + +Example of customized syslog configuration: + +@example +syslog @{ + facility local5; + tag "NSsync"; +@} +@end example + @node SQL Access @section SQL Access -The following statements define the database server and the database -to use: +@kwindex sql +Access to the MySQL database is configured using the @code{mysql} +block statement. It can contain the following keywords: -@deffn {Configuration} host @var{hostname}[:@var{port-or-socket}] +@deffn {mysql} host @var{hostname}[:@var{port-or-socket}] Defines the SQL server IP and port. The @var{hostname} can be either the server IP address or its hostname. The @var{port-or-socket} part, if supplied, can be either the number of TCP port to use instead of @@ -299,22 +410,22 @@ the default 3306 or the full pathname of the UNIX socket. In the latter case @var{hostname} is effectively ignored. @end deffn -@deffn {Configuration} database @var{name} +@deffn {mysql} database @var{name} Sets the database name. @end deffn -@deffn {Configuration} ssl-ca @var{file} +@deffn {mysql} ssl-ca @var{file} Defines the name of the Certificate Authority (CA) file. @end deffn There are two ways to supply database access credentials. The simplest one is by using @code{user} and @code{password} statements: -@deffn {Configuration} user @var{name} +@deffn {mysql} user @var{name} Sets SQL user name. @end deffn -@deffn {Configuration} password @var{arg} +@deffn {mysql} password @var{arg} Sets SQL user password. @end deffn @@ -325,7 +436,7 @@ must be tightened so as to avoid its compromise. The following two statements provide an alternative, more safe and flexible way of setting access credentials: -@deffn {Configuration} sql-config-file @var{file} +@deffn {mysql} config-file @var{file} Read MySQL configuration from the @dfn{option file} @var{file}. @ifhtml See @uref{http://dev.mysql.com/doc/refman/5.0/en/option-files.html, @@ -337,7 +448,7 @@ option files}, for a description of MySQL option file format. @end deffn -@deffn {Configuration} sql-config-group @var{name} +@deffn {mysql} config-group @var{name} Read the named group from the SQL configuration file. @end deffn @@ -345,8 +456,10 @@ To illustrate their use, suppose your @file{nssync.conf} file contains the following: @example -sql-config-file /etc/nssync.my; -sql-config-group nssync; +mysql @{ + sql-config-file /etc/nssync.my; + sql-config-group nssync; +@} @end example The the @file{/etc/nssync.my} will contain the actual SQL access @@ -361,7 +474,7 @@ pass = guessme @end example @anchor{slave-status-file} -@deffn {Configuration} slave-status-file @var{file} +@deffn {mysql} slave-status-file @var{file} Use this statement if @command{nssync} reads data from a slave database. It allows you to avoid recreating zone files if the database information has not changed since the previous run. @@ -490,21 +603,6 @@ sync external @{ @node Invocation @chapter Invocation -The @command{nssync} is normally invoked periodically from a crontab, -e.g.: - -@example -@group -@ifhtml -*/5 * * * * /usr/sbin/nssync | /usr/bin/logger -t nssync -p local1.err -@end ifhtml -@ifnothtml -*/5 * * * * /usr/sbin/nssync | \ - /usr/bin/logger -t nssync -p local1.err -@end ifnothtml -@end group -@end example - The following table summarizes available command line options: @table @option @@ -519,11 +617,27 @@ Use @var{file} instead of the default configuration file. @itemx --force Proceed even if slave status has not changed (@pxref{slave-status-file}). +@item -F +@itemx --foreground +When used together with @option{--server}, this option instructs +@command{nssync} to remain in foreground. + @item -n @itemx --dry-run -Do nothing, print almost everything; implies @option{--debug ---stderr}. Use additional @option{--debug} options to get even more -info. +Do nothing, print almost everything; implies @option{--debug}. Use +additional @option{--debug} options to get even more info. + +@item -s +@itemx --server +Run as a server. @xref{Server mode}, for a detailed discussion of +this mode. + +@item -S +@itemx --syslog +Use syslog for diagnostics. This option is inferred if the +@option{--server} option is given. Use it explicitly if you +run @command{nssync} as a cron job (@pxref{Cron mode}) and want to +redirect its diagnostics to syslog. @item -t @itemx --lint diff --git a/src/Makefile.am b/src/Makefile.am index 89012e1..4c36c9f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -49,7 +49,7 @@ AM_CPPFLAGS= \ @GRECS_INCLUDES@\ -I$(top_srcdir)/runcap\ -DSYSCONFDIR=\"$(sysconfdir)\"\ - -DLOCALSTATEDIR=\"$(localstatedir)\"\ + -DLOCALSTATEDIR=\"$(localstatedir)/$(PACKAGE)\"\ -DDEFAULT_VERSION_INCLUDE_DIR=\"$(incdir)\"\ -DDEFAULT_INCLUDE_DIR=\"$(pkgdatadir)/include\"\ -DDEFAULT_PREPROCESSOR="$(DEFAULT_PREPROCESSOR)" diff --git a/src/cmdline.opt b/src/cmdline.opt index 225b98a..9f27cb4 100644 --- a/src/cmdline.opt +++ b/src/cmdline.opt @@ -42,7 +42,7 @@ BEGIN END OPTION(dry-run,n,, - [<do nothing, print almost everything; implies `--debug --stderr', + [<do nothing, print almost everything; implies `--debug', use additional `--debug' options to get even more info>]) BEGIN debug_level++; @@ -73,6 +73,12 @@ BEGIN foreground = 1; END +OPTION(syslog,S,, + [<report errors via syslog>]) +BEGIN + syslog_option = 1; +END + GROUP(Preprocessor control) OPTION(include-directory,I,DIR, diff --git a/src/nssync.c b/src/nssync.c index b122c2b..93fa7fb 100644 --- a/src/nssync.c +++ b/src/nssync.c @@ -40,6 +40,7 @@ struct grecs_sockaddr *server_addr; int syslog_facility = LOG_DAEMON; char *syslog_tag; int foreground; +int syslog_option; #include "cmdline.h" @@ -663,10 +664,26 @@ int fatal_signals[] = { SIGTERM, 0 }; - + +int +single_run(void) +{ + if (syslog_option) + start_syslog(); + runas(); + debug(1,("start up")); + create_pidfile(); + if (nssync(NULL)) { + error("exiting due to errors"); + return EX_UNAVAILABLE; + } + return 0; +} + int main(int argc, char **argv) { + int rc; config_init(); parse_options(argc, argv); if (preprocess_only) @@ -674,26 +691,19 @@ main(int argc, char **argv) EX_CONFIG : 0); config_parse(); + check_pidfile(); + if (check_ns) get_host_addresses(); - runas(); - - check_pidfile(); - if (server_mode) { set_signals(fatal_signals, sigign); - nssync_server(); + rc = nssync_server(); } else { - debug(1,("start up")); set_signals(fatal_signals, sigfatal); - create_pidfile(); - if (nssync(NULL)) { - error("exiting due to errors"); - exit(EX_UNAVAILABLE); - } + rc = single_run(); } debug(1,("shut down")); remove_pidfile(); - exit(0); + return rc; } diff --git a/src/nssync.h b/src/nssync.h index 9871205..27baf23 100644 --- a/src/nssync.h +++ b/src/nssync.h @@ -151,7 +151,7 @@ int move_file(const char *file, const char *dst_file); int copy_file(const char *file_name, FILE *infile, const char *dst_file); void filetab_clear(void); -void nssync_server(void); +int nssync_server(void); int nssync(struct json_value **ret_json); diff --git a/src/server.c b/src/server.c index 32eedad..f326547 100644 --- a/src/server.c +++ b/src/server.c @@ -243,7 +243,7 @@ nssync_mhd_handler(void *cls, upload_data_size, con_cls); } -void +int nssync_server(void) { int fd; @@ -255,18 +255,20 @@ nssync_server(void) if (!server_addr) { if (grecs_str_to_sockaddr(&server_addr, DEFAULT_NSSYNC_ADDR, grecs_sockaddr_hints, NULL)) - exit(EX_UNAVAILABLE); + return EX_UNAVAILABLE; } fd = open_socket(server_addr); if (fd == -1) - exit(EX_UNAVAILABLE); + return EX_UNAVAILABLE; + runas(); + if (!foreground) { int i; if (daemon(0, 1)) { error("daemon failed: %s", strerror(errno)); - exit(EX_UNAVAILABLE); + return EX_UNAVAILABLE; } for (i = 0; i < fd; i++) close(i); @@ -296,4 +298,6 @@ nssync_server(void) /* Wait for signal to arrive */ sigwait(&sigs, &sn); MHD_stop_daemon(mhd); + + return 0; } |