aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@nxc.no>2017-08-16 17:53:40 +0300
committerSergey Poznyakoff <gray@nxc.no>2017-08-16 18:04:00 +0300
commit168d61f49a4ec1dc2a956e848000d970dffa017f (patch)
tree693496e8d423009e0d9f93831294416cca902263
parenta83d669187ed26207f86aabf2d8d2f43663c9101 (diff)
downloadnssync-168d61f49a4ec1dc2a956e848000d970dffa017f.tar.gz
nssync-168d61f49a4ec1dc2a956e848000d970dffa017f.tar.bz2
Improve docs.
* NEWS: Document changes. * doc/nssync.8: Likewise. * doc/nssync.texi: Likewise. * src/Makefile.am (LOCALSTATEDIR): Change definition * src/cmdline.opt (--syslog): New option. * src/nssync.c (main): Honor --syslog in cron mode. * src/nssync.h (nssync_server): Return int. * src/server.c (nssync_server): Change to the user privs after opening the socket. Create the pidfile afterward.
-rw-r--r--NEWS6
-rw-r--r--doc/nssync.8174
-rw-r--r--doc/nssync.texi250
-rw-r--r--src/Makefile.am2
-rw-r--r--src/cmdline.opt8
-rw-r--r--src/nssync.c36
-rw-r--r--src/nssync.h2
-rw-r--r--src/server.c12
8 files changed, 338 insertions, 152 deletions
diff --git a/NEWS b/NEWS
index e68f424..2fd9acd 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,12 @@ Version 1.1.92 (Git)
* Standalone server mode.
+The server mode is enabled by the `--server' command line option.
+In this mode, nssync becomes a daemon and starts listening on the
+preconfigured address and port (by default, 127.0.0.1:8080) for REST
+HTTP requests. A POST request to the URI `/nssync' causes the program
+to wake up and perform synchronization.
+
* check-ns
This new configuration statement controls which zones are served by
diff --git a/doc/nssync.8 b/doc/nssync.8
index 6ea3121..26d67d5 100644
--- a/doc/nssync.8
+++ b/doc/nssync.8
@@ -1,5 +1,5 @@
.\" This file is part of Nssync. -*- nroff -*-
-.\" Copyright (C) 2011, 2014 Sergey Poznyakoff
+.\" Copyright (C) 2011-2017 Sergey Poznyakoff
.\"
.\" Nssync is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
@@ -13,18 +13,34 @@
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with Nssync. If not, see <http://www.gnu.org/licenses/>.
-.TH NSSYNC "8" "December 1, 2014" "NSSYNC" ""
+.TH NSSYNC "8" "August 16, 2017" "NSSYNC" ""
.SH NAME
\fBnssync\fR \- A DNS Zone File Maintenance Utility
.SH SYNOPSIS
-\fBnssync\fR [\-EVXdfhntx] [\-D \fISYMBOL[=VALUE\fR]] [\-I \fIDIR\fR]\
- [\-c \fIFILE\fR] [\-\-config\-file=\fIFILE\fR] [\-\-config\-help]\
- [\-\-debug] [\-\-debug\-lexer] [\-\-debug\-parser]\
- [\-\-define=\fISYMBOL\fR[=\fIVALUE\fR]] [\-\-dry\-run] [\-\-force]\
- [\-\-help] [\-\-include\-directory=\fIDIR\fR] [\-\-lint]\
- [\-\-no\-preprocessor] [\-\-preprocessor=\fICOMMAND\fR]\
- [\-\-usage] [\-\-version]
+\fBnssync\fR\
+ [\fB\-EFSVXdfhnstx\fR]\
+ [\fB\-D\fR \fISYMBOL[=VALUE\fR]]\
+ [\fB\-I\fR \fIDIR\fR]\
+ [\fB\-c\fR \fIFILE\fR]\
+ [\fB\-\-config\-file=\fIFILE\fR]\
+ [\fB\-\-config\-help\fR]\
+ [\fB\-\-debug\fR]\
+ [\fB\-\-debug\-lexer\fR]\
+ [\fB\-\-debug\-parser\fR]\
+ [\fB\-\-define=\fISYMBOL\fR[=\fIVALUE\fR]]\
+ [\fB\-\-dry\-run\fR]\
+ [\fB\-\-force\fR]\
+ [\fB\-\-foreground\fR]\
+ [\fB\-\-help\fR]\
+ [\fB\-\-include\-directory=\fIDIR\fR]\
+ [\fB\-\-lint\fR]\
+ [\fB\-\-no\-preprocessor\fR]\
+ [\fB\-\-preprocessor=\fICOMMAND\fR]\
+ [\fB\-\-server\fR]\
+ [\fB\-\-syslog\fR]\
+ [\fB\-\-usage\fR]\
+ [\fB\-\-version\fR]
.SH WARNING
This manpage is a short description of the \fBnssync\fR utility.
For a detailed discussion, including examples of the configuration and
@@ -49,43 +65,14 @@ The nssync utility provides an alternative solution, which makes it
possible to keep your zone data in an SQL database without using DLZ
and with glue records working.
-It does so by periodically polling the database to determine which
-data have recently changed and converting the database into BIND zone
+It does so by polling the database to determine records that have
+recently changed and converting the database into BIND zone
files.
-The \fBnssync\fR utility is normally started periodically from
-crontab. Upon startup it reads its configuration file, which supplies
-the necessary program settings. Then, if the settings require so, it
-verifies that no other copy of the \fBnssync\fR is already
-running. Further on, it parses the \fBnamed\fR configuration file
-\fBnamed.conf\fR to determine several settings needed for its further
-operation, in particular, the value of the \fBdirectory\fR statement
-in the \fBoptions\fR block.
-
-Once these preliminary operations are over, \fBnssync\fR starts
-its main task. Its configuration file defines, among other data, one
-or more synchronization blocks. Each such block defines SQL
-statements which return information about DNS zones as well as the
-location of \fBnamed\fR configuration file where the \fBzone\fR
-statements for these zones are to be stored (it is supposed that this
-file is included somewhere in the main \fBnamed.conf\fR file). For
-each synchronization block, the utility retrieves the zone data from
-the database and formats them into separate zone files. Each of these
-files is then compared to an already existing one (locations of the
-zone files are defined in the synchronization block they pertain to).
-If the files differ, new zone file replaces the old one and a flag is
-set indicating that the \fBnamed\fR daemon needs to be restarted
-in order to read new configuration.
-
-When this stage is finished, \fBnssync\fR reloads the name server
-(if required) and exits.
-
-Several command line options can be supplied in order to modify the
-program's behavior. In particular, it is possible to check the
-configuration file syntax or even instruct the utility to do
-everything, except modifying the zone files (a so-called dry-run
-mode). This allows you to debug your configuration before actually
-starting using \fBnssync\fR.
+The program can be run either periodically, as a cron job, or as a
+standalone daemon. In the latter case, it listens on a specified
+address for a specific HTTP request and triggers zone updates upon
+receiving it.
.SH OPTIONS
.TP
\fB\-E\fR
@@ -97,9 +84,13 @@ Use \fIFILE\fR instead of the default configuration file.
\fB\-f\fR, \fB\-\-force\fR
Proceed even if SQL slave status has not changed.
.TP
+\fB\-F\fR, \fB\-\-foreground\fR
+Remain in foreground when running in server mode.
+Valid only when used together with the \fB\-\-server\fR option.
+.TP
\fB\-n\fR, \fB\-\-dry\-run\fR
Do nothing, print almost everything; implies
-\fB\-\-debug \-\-stderr\fR. Use additional \fB\-\-debug\fR options to get
+\fB\-\-debug. Use additional \fB\-\-debug\fR options to get
even more info.
.TP
\fB\-t\fR, \fB\-\-lint\fR
@@ -118,6 +109,12 @@ Disable preprocessing.
\fB\-\-preprocessor\fR=\fICOMMAND\fR
Use \fICOMMAND\fR instead of the default preprocessor.
.TP
+\fB\-s\fR, \fB\-\-server\fR
+Run in server mode.
+.TP
+\fB\-S\fR, \fB\-\-syslog\fR
+Use syslog for diagnostics (default for server mode).
+.TP
\fB\-d\fR, \fB\-\-debug\fR
Increase debug level.
.TP
@@ -148,9 +145,13 @@ if IPv4 address of one of the servers matches one of the IP addresses
of the host on which \fBnssync\fR is run.
.TP
\fBpidfile\fR \fIFILE\fR;
-At startup, check if \fIFILE\fR already exists and is owned by an existing
-process. Exit if so. Use this statement to avoid accidentally
-running two copies of \fBnssync\fR simultaneously.
+Set the name of the PID file. At startup, @command{nssync} checks if
+the @var{file} already exists and is owned by an existing process.
+If so, it exits. The default PID file is
+\fILOCALSTATEDIR\fB/nssync/\fIPROGNAME\fB.pid\fR, where \fIPROGNAME\fR
+stands for the name under which the program was invoked and
+\fILOCALSTATEDIR\fR is the name of the directory for modifiable
+single-machine data set during configure.
.TP
\fBtempdir\fR \fIDIR\fR;
Sets the name for the temporary directory. This is a directory where
@@ -187,23 +188,68 @@ containing \fBzone\fR statements.
The handling of \fIPAT\fR is similar to that in \fBzonefile-pattern\fR,
except that only the \fB$synctag\fR reference is defined.
.TP
-\fBcompare\-command\fR \fICMD\fR;
-Defines a command to be used for comparing two zone files. The
-\fICMD\fR must be a command taking two files as its arguments and
-returning 0 if they are the same or non-zero if they differ.
-\fBNssync\fR uses this command to determine whether a particular
-zone has changed. The variable references \fB$oldfile\fR and
-\fBnewfile\fR are replaced with the old and new zone file names,
-accordingly.
-
-The default \fBcompare\-command\fR value is:
-
- cmp $oldfile $newfile > /dev/null
-.TP
\fBreload\-command\fR \fIcmd\fR;
Defines a command to reload the nameserver. The default is
\fB/usr/sbin/rndc reload\fR.
+.TP
+\fBuser\fR \fINAME\fR;
+Run as unprivileged user \fINAME\fR. If \fINAME\fR begins with a plus
+sign, it is treated as a UID number of the user, instead of the user
+name.
+
+When switching to the user privileges, @command{nssync} retains the
+supplementary groups of that user.
+.TP
+\fBgroup\fR \fINAME\fR;
+Run with the privileges of group \fINAME\fR. By default,
+the primary group of the user supplied with the \fBuser\fR statement
+is used.
+
+If \fINAME\fR begins with a plus sign, it is treated as a GID number
+of the group
+.SS Server Settings
+.EX
+server {
+ address [\fIIP\fR][fB:\fIPORT\fR];
+}
+.EE
+.TP
+\fBaddress\fR [\fIIP\fR][fB:\fIPORT\fR];
+Specifies the IPv4 address and/or port to listen on for control requests.
+Either IP or port parts can be omitted, but not both. In any case, the
+colon before \fIPORT\fR is mandatory. A host name can be used instead
+of numeric IP, and a symbolic service name (from \fB/etc/services\fR),
+in place of the numeric port.
+.SS Syslog configuration
+.EX
+syslog {
+ facility \fINAME\fR;
+ tag \fINAME\fR;
+}
+.EE
+.TP
+\fBfacility\fR \fINAME\fR;
+Specifies the syslog facility to use. Allowed names are:
+.BR user ,
+.BR daemon " (default),"
+.BR auth ,
+.BR authpriv ,
+.BR mail ,
+.BR cron ,
+.BR local0 " through " local7
+(all names case-insensitive), or a facility number.
.SS SQL Access
+.EX
+mysql {
+ config-file \fIFILE\fR;
+ config-group \fINAME\fR;
+ database \fIDBNAME\fR;
+ user \fINAME\fR;
+ password \fITEXT\fR;
+ ssl-ca \fIFILE\fR;
+ slave-status-file \fIFILE\fR;
+}
+.EE
.TP
\fBhost\fR \fIHOSTNAME\fR[:\fIPORT\-OR\-SOCKET\fR];
Defines the SQL server IP and port. The \fIHOSTNAME\fR can be either
@@ -224,10 +270,10 @@ Sets SQL user name.
\fBpassword\fR \fIARG\fR;
Sets SQL user password.
.TP
-\fBsql\-config\-file\fR \fIFILE\fR;
+\fBconfig\-file\fR \fIFILE\fR;
Read MySQL configuration from the \fBoption file\fR \fIFILE\fR.
.TP
-\fBsql\-config\-group\fR \fINAME\fR;
+\fBconfig\-group\fR \fINAME\fR;
Read the named group from the SQL configuration file.
.TP
\fBslave\-status\-file\fR \fIFILE\fR;
@@ -334,7 +380,7 @@ Sergey Poznyakoff
.SH "BUG REPORTS"
Report bugs to <gray+nssync@gnu.org.ua>.
.SH COPYRIGHT
-Copyright \(co 2011, 2012, 2014 Sergey Poznyakoff
+Copyright \(co 2011-2017 Sergey Poznyakoff
.br
.na
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
diff --git a/doc/nssync.texi b/doc/nssync.texi
index 103ae7d..59b6863 100644
--- a/doc/nssync.texi
+++ b/doc/nssync.texi
@@ -115,9 +115,13 @@ makes it possible to keep your zone data in an SQL@footnote{As of
version @value{VERSION} only MySQL is supported.} database without
using DLZ and with glue records working.
-It does so by periodically polling the database to determine which
-data have changed recently and converting the database into BIND zone
-files.
+It does so by polling the database to determine which data have
+changed recently and converting the database into BIND zone files.
+
+The program can be run either periodically, as a cron job, or as a
+standalone daemon. In the latter case, it listens on a specified
+address for a specific HTTP request and triggers zone updates upon
+receiving it.
@ifhtml
@ifset WEBDOCS
@@ -130,18 +134,20 @@ select another format.
@node Overview
@chapter Overview
-The @command{nssync} utility is normally started periodically from
-crontab. Upon startup it reads its configuration file, which supplies
-the necessary program settings. Then, if the settings require so, it
-verifies that no other copy of the @command{nssync} is already
-running. Further on, it parses the @command{named} configuration file
-@file{named.conf} to determine several settings needed for its further
-operation, in particular, the value of the @samp{directory} statement
-in the @samp{options} block.
+When started, the @command{nssync} utility reads its configuration
+file, which supplies the necessary program settings. Then, if no
+other copy of the @command{nssync} is already running, it parses the
+@command{named} configuration file @file{named.conf} to determine
+several settings needed for its further operation, in particular, the
+value of the @samp{directory} statement in the @samp{options} block.
+
+If started in server mode, @command{nssync} switches to background
+and begins listening for HTTP requests on a preconfigured port. Upon
+receiving a request for synchronization, it begins its main task.
+Otherwise, it passes to the synchronization right away.
@cindex synchronization block
-Once these preliminary operations are over, @command{nssync} starts
-its main task. Its configuration file defines, among other data, one
+Its configuration file defines, among other data, one
or more @dfn{synchronization blocks}. Each such block defines SQL
statements which return information about DNS zones as well as the
location of @command{named} configuration file where the @code{zone}
@@ -155,8 +161,8 @@ If the files differ, new zone file replaces the old one and a flag is
set indicating that the @command{named} daemon needs to be restarted
in order to read new configuration.
-When this stage is finished, @command{nssync} reloads the name server
-(if required) and exits.
+When this stage is finished, @command{nssync} returns to the request
+waiting loop (if started as a server), or returns to the shell.
Several command line options can be supplied in order to modify the
program's behavior. In particular, it is possible to check the
@@ -165,6 +171,55 @@ everything, except modifying the zone files (a so-called @dfn{dry-run
mode}). This allows you to debug your configuration before actually
starting using @command{nssync}.
+@menu
+* Cron mode::
+* Server mode::
+@end menu
+
+@node Cron mode
+@section Cron Mode
+The default mode of operation is called @dfn{cron mode} because it is
+most often used when @command{nssync} is invoked as a cron job. In
+this mode, @command{nssync} performs a single synchronization and
+terminates. Any errors and diagnostic messages are reported on the
+standard error stream. If this is undesirable, use the
+@option{--syslog} option to redirect them to syslog. In this case,
+the @samp{daemon} facility will be used, unless set otherwise in the
+configuration file (@pxref{syslog statement}).
+
+@node Server mode
+@section Server Mode
+Server mode is enabled by the @option{--server} command line option.
+In this mode, @command{nssync} switches to background mode (becomes a
+@dfn{daemon}) and starts listening on the preconfigured address and
+port (by default, 127.0.0.1:8080) for REST HTTP requests. A
+@samp{POST} request to the URI @samp{/nssync} causes the program to
+wake up and perform synchronization. The response contains a JSON
+object, containing at least one boolean key: @code{success}. Its
+value is @code{true} if the operation terminated successfully and
+@code{false} otherwise. Other possible keys are:
+
+@table @samp
+@item zones
+An array of names of the zones that have been updated. If no zones have
+been updated, this key is absent.
+
+@item errors
+An array of errors that ocurred during the operation. Each element is
+an object with the following keys:
+
+@table @samp
+@item message
+Textual description of the error. This key is always present.
+
+@item zone
+Name of the zone in which the error occurred. This key may be absent,
+if the error is a general one.
+@end table
+@end table
+
+In server mode, all diagnostics is reported via syslog.
+
@node Configuration File
@chapter Configuration File
@findex nssync.conf
@@ -186,6 +241,7 @@ settings in detail.
@menu
* General Settings::
+* Server Settings::
* SQL Access::
* Synchronization Block::
@end menu
@@ -195,9 +251,17 @@ settings in detail.
These settings modify the behavior of @command{nssync} as a whole.
@deffn {Configuration} pidfile @var{file}
-At startup, check if @var{file} already exists and is owned by an existing
-process. Exit if so. Use this statement to avoid accidentally
-running two copies of @command{nssync} simultaneously.
+At startup, @command{nssync} checks if the @var{file} already exists
+and is owned by an existing process. If so, it exits. This
+statements sets the full pathname of the PID file. If not specified,
+the default name will be used, which is formed as
+@file{@code{LOCALSTATEDIR}/nssync/@code{PROGNAME}.pid},
+where @code{PROGNAME} stands for the name under which @command{nssync}
+was invoked and @code{LOCALSTATEDIR} is the name of the directory for
+modifiable single-machine data set during configure.
+
+Note, that the directory where @var{file} is located must be writable
+for the user @command{nssync} runs as (see the @code{user} statement).
@end deffn
@deffn {Configuration} tempdir @var{dir}
@@ -206,6 +270,24 @@ Sets the name for the temporary directory. This is a directory where
point to an existing directory.
@end deffn
+@deffn {Configuration} user @var{name}
+Run as unprivileged user @var{name}. If @var{name} begins with a plus
+sign, it is treated as a UID number of the user, instead of the user
+name.
+
+When switching to the user privileges, @command{nssync} retains the
+supplementary groups of that user.
+@end deffn
+
+@deffn {Configuration} group @var{name}
+Run with the privileges of group @var{name}. By default,
+@command{nsswitch} will use the primary group of the user supplied
+with the @code{user} statement.
+
+If @var{name} begins with a plus sign, it is treated as a GID number
+of the group.
+@end deffn
+
@deffn {Configuration} check-ns @var{bool}
If set to @code{true}, @command{nssync} will check the list of NS
servers prior to creating a zone file. The file will be created only
@@ -256,42 +338,71 @@ The handling of @var{pat} is similar to that in @code{zonefile-pattern},
except that only the @samp{$synctag} reference is defined.
@end deffn
-@deffn {Configuration} compare-command @var{cmd}
-Defines a command to be used for comparing two zone files. The
-@var{cmd} must be a command taking two files as its arguments and
-returning 0 if they are the same or non-zero if they differ.
-@command{Nssync} uses this command to determine whether a particular
-zone has changed. The following @dfn{variable references} are
-expanded in @var{cmd}:
+@deffn {Configuration} reload-command @var{cmd}
+Defines a command to reload the nameserver. The default is
+@samp{/usr/sbin/rndc reload}.
+@end deffn
-@table @asis
-@item $oldfile
-@itemx $@{oldfile@}
-Old zone file.
+@node Server Settings
+@section Server Settings.
-@item $newfile
-@item $@{newfile@}
-New zone file.
-@end table
+The program runs in server mode (@pxref{Server mode}) if given the
+@option{--server} command line option. By default, it will start
+listening on IP address 127.0.0.1, port 8080 and will use
+@command{syslog} facility @samp{daemon} for error reporting. To
+change the address, use the @code{server} block statement.
+
+@deffn {Configuration} server
+The server block can contain only one keyword: @code{address}.
+@end deffn
-The default @code{compare-command} value is:
+@deffn {server} address [@var{IP}][:@var{PORT}]
+Specify the IPv4 address and/or port to listen on for control requests.
+Either IP or port parts can be omitted, but not both. In any case, the
+colon before @var{PORT} is mandatory. A host name can be used instead
+of numeric IP, and a symbolic service name (from
+@file{/etc/services}), in place of the numeric port. E.g.:
@example
-cmp $oldfile $newfile > /dev/null
+server @{
+ address 192.0.2.1:80;
+@}
@end example
@end deffn
-@deffn {Configuration} reload-command @var{cmd}
-Defines a command to reload the nameserver. The default is
-@samp{/usr/sbin/rndc reload}.
+@anchor{syslog statement}
+@deffn {Configuration} syslog
+This block statement configures logging via @command{syslog}. It can
+contain the following keywords: @code{facility}, and @code{tag}.
+@end deffn
+
+@deffn {syslog} facility @var{syslog-facility}
+Specifies the syslog facility to use. Allowed @var{syslog-facility}
+values are: @samp{user}, @samp{daemon}, @samp{auth}, @samp{authpriv},
+@samp{mail}, @samp{cron}, @samp{local0} through @samp{local7} (all
+names case-insensitive), or a facility number.
@end deffn
+@deffn {syslog} tag @var{string}
+Use @var{string} to tag syslog messages, instead of the program name.
+@end deffn
+
+Example of customized syslog configuration:
+
+@example
+syslog @{
+ facility local5;
+ tag "NSsync";
+@}
+@end example
+
@node SQL Access
@section SQL Access
-The following statements define the database server and the database
-to use:
+@kwindex sql
+Access to the MySQL database is configured using the @code{mysql}
+block statement. It can contain the following keywords:
-@deffn {Configuration} host @var{hostname}[:@var{port-or-socket}]
+@deffn {mysql} host @var{hostname}[:@var{port-or-socket}]
Defines the SQL server IP and port. The @var{hostname} can be either
the server IP address or its hostname. The @var{port-or-socket} part,
if supplied, can be either the number of TCP port to use instead of
@@ -299,22 +410,22 @@ the default 3306 or the full pathname of the UNIX socket. In the
latter case @var{hostname} is effectively ignored.
@end deffn
-@deffn {Configuration} database @var{name}
+@deffn {mysql} database @var{name}
Sets the database name.
@end deffn
-@deffn {Configuration} ssl-ca @var{file}
+@deffn {mysql} ssl-ca @var{file}
Defines the name of the Certificate Authority (CA) file.
@end deffn
There are two ways to supply database access credentials. The
simplest one is by using @code{user} and @code{password} statements:
-@deffn {Configuration} user @var{name}
+@deffn {mysql} user @var{name}
Sets SQL user name.
@end deffn
-@deffn {Configuration} password @var{arg}
+@deffn {mysql} password @var{arg}
Sets SQL user password.
@end deffn
@@ -325,7 +436,7 @@ must be tightened so as to avoid its compromise.
The following two statements provide an alternative, more safe and
flexible way of setting access credentials:
-@deffn {Configuration} sql-config-file @var{file}
+@deffn {mysql} config-file @var{file}
Read MySQL configuration from the @dfn{option file} @var{file}.
@ifhtml
See @uref{http://dev.mysql.com/doc/refman/5.0/en/option-files.html,
@@ -337,7 +448,7 @@ option files},
for a description of MySQL option file format.
@end deffn
-@deffn {Configuration} sql-config-group @var{name}
+@deffn {mysql} config-group @var{name}
Read the named group from the SQL configuration file.
@end deffn
@@ -345,8 +456,10 @@ To illustrate their use, suppose your @file{nssync.conf} file contains
the following:
@example
-sql-config-file /etc/nssync.my;
-sql-config-group nssync;
+mysql @{
+ sql-config-file /etc/nssync.my;
+ sql-config-group nssync;
+@}
@end example
The the @file{/etc/nssync.my} will contain the actual SQL access
@@ -361,7 +474,7 @@ pass = guessme
@end example
@anchor{slave-status-file}
-@deffn {Configuration} slave-status-file @var{file}
+@deffn {mysql} slave-status-file @var{file}
Use this statement if @command{nssync} reads data from a slave
database. It allows you to avoid recreating zone files if the
database information has not changed since the previous run.
@@ -490,21 +603,6 @@ sync external @{
@node Invocation
@chapter Invocation
-The @command{nssync} is normally invoked periodically from a crontab,
-e.g.:
-
-@example
-@group
-@ifhtml
-*/5 * * * * /usr/sbin/nssync | /usr/bin/logger -t nssync -p local1.err
-@end ifhtml
-@ifnothtml
-*/5 * * * * /usr/sbin/nssync | \
- /usr/bin/logger -t nssync -p local1.err
-@end ifnothtml
-@end group
-@end example
-
The following table summarizes available command line options:
@table @option
@@ -519,11 +617,27 @@ Use @var{file} instead of the default configuration file.
@itemx --force
Proceed even if slave status has not changed (@pxref{slave-status-file}).
+@item -F
+@itemx --foreground
+When used together with @option{--server}, this option instructs
+@command{nssync} to remain in foreground.
+
@item -n
@itemx --dry-run
-Do nothing, print almost everything; implies @option{--debug
---stderr}. Use additional @option{--debug} options to get even more
-info.
+Do nothing, print almost everything; implies @option{--debug}. Use
+additional @option{--debug} options to get even more info.
+
+@item -s
+@itemx --server
+Run as a server. @xref{Server mode}, for a detailed discussion of
+this mode.
+
+@item -S
+@itemx --syslog
+Use syslog for diagnostics. This option is inferred if the
+@option{--server} option is given. Use it explicitly if you
+run @command{nssync} as a cron job (@pxref{Cron mode}) and want to
+redirect its diagnostics to syslog.
@item -t
@itemx --lint
diff --git a/src/Makefile.am b/src/Makefile.am
index 89012e1..4c36c9f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -49,7 +49,7 @@ AM_CPPFLAGS= \
@GRECS_INCLUDES@\
-I$(top_srcdir)/runcap\
-DSYSCONFDIR=\"$(sysconfdir)\"\
- -DLOCALSTATEDIR=\"$(localstatedir)\"\
+ -DLOCALSTATEDIR=\"$(localstatedir)/$(PACKAGE)\"\
-DDEFAULT_VERSION_INCLUDE_DIR=\"$(incdir)\"\
-DDEFAULT_INCLUDE_DIR=\"$(pkgdatadir)/include\"\
-DDEFAULT_PREPROCESSOR="$(DEFAULT_PREPROCESSOR)"
diff --git a/src/cmdline.opt b/src/cmdline.opt
index 225b98a..9f27cb4 100644
--- a/src/cmdline.opt
+++ b/src/cmdline.opt
@@ -42,7 +42,7 @@ BEGIN
END
OPTION(dry-run,n,,
- [<do nothing, print almost everything; implies `--debug --stderr',
+ [<do nothing, print almost everything; implies `--debug',
use additional `--debug' options to get even more info>])
BEGIN
debug_level++;
@@ -73,6 +73,12 @@ BEGIN
foreground = 1;
END
+OPTION(syslog,S,,
+ [<report errors via syslog>])
+BEGIN
+ syslog_option = 1;
+END
+
GROUP(Preprocessor control)
OPTION(include-directory,I,DIR,
diff --git a/src/nssync.c b/src/nssync.c
index b122c2b..93fa7fb 100644
--- a/src/nssync.c
+++ b/src/nssync.c
@@ -40,6 +40,7 @@ struct grecs_sockaddr *server_addr;
int syslog_facility = LOG_DAEMON;
char *syslog_tag;
int foreground;
+int syslog_option;
#include "cmdline.h"
@@ -663,10 +664,26 @@ int fatal_signals[] = {
SIGTERM,
0
};
-
+
+int
+single_run(void)
+{
+ if (syslog_option)
+ start_syslog();
+ runas();
+ debug(1,("start up"));
+ create_pidfile();
+ if (nssync(NULL)) {
+ error("exiting due to errors");
+ return EX_UNAVAILABLE;
+ }
+ return 0;
+}
+
int
main(int argc, char **argv)
{
+ int rc;
config_init();
parse_options(argc, argv);
if (preprocess_only)
@@ -674,26 +691,19 @@ main(int argc, char **argv)
EX_CONFIG : 0);
config_parse();
+ check_pidfile();
+
if (check_ns)
get_host_addresses();
- runas();
-
- check_pidfile();
-
if (server_mode) {
set_signals(fatal_signals, sigign);
- nssync_server();
+ rc = nssync_server();
} else {
- debug(1,("start up"));
set_signals(fatal_signals, sigfatal);
- create_pidfile();
- if (nssync(NULL)) {
- error("exiting due to errors");
- exit(EX_UNAVAILABLE);
- }
+ rc = single_run();
}
debug(1,("shut down"));
remove_pidfile();
- exit(0);
+ return rc;
}
diff --git a/src/nssync.h b/src/nssync.h
index 9871205..27baf23 100644
--- a/src/nssync.h
+++ b/src/nssync.h
@@ -151,7 +151,7 @@ int move_file(const char *file, const char *dst_file);
int copy_file(const char *file_name, FILE *infile, const char *dst_file);
void filetab_clear(void);
-void nssync_server(void);
+int nssync_server(void);
int nssync(struct json_value **ret_json);
diff --git a/src/server.c b/src/server.c
index 32eedad..f326547 100644
--- a/src/server.c
+++ b/src/server.c
@@ -243,7 +243,7 @@ nssync_mhd_handler(void *cls,
upload_data_size, con_cls);
}
-void
+int
nssync_server(void)
{
int fd;
@@ -255,18 +255,20 @@ nssync_server(void)
if (!server_addr) {
if (grecs_str_to_sockaddr(&server_addr, DEFAULT_NSSYNC_ADDR,
grecs_sockaddr_hints, NULL))
- exit(EX_UNAVAILABLE);
+ return EX_UNAVAILABLE;
}
fd = open_socket(server_addr);
if (fd == -1)
- exit(EX_UNAVAILABLE);
+ return EX_UNAVAILABLE;
+ runas();
+
if (!foreground) {
int i;
if (daemon(0, 1)) {
error("daemon failed: %s", strerror(errno));
- exit(EX_UNAVAILABLE);
+ return EX_UNAVAILABLE;
}
for (i = 0; i < fd; i++)
close(i);
@@ -296,4 +298,6 @@ nssync_server(void)
/* Wait for signal to arrive */
sigwait(&sigs, &sn);
MHD_stop_daemon(mhd);
+
+ return 0;
}

Return to:

Send suggestions and report system problems to the System administrator.