diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2013-08-25 22:07:56 +0200 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-08-25 22:07:56 +0200 |
commit | 2dbddf95e3b59bc330c37d4a5736f83396bf68fb (patch) | |
tree | d91f6ae774e8a5b65a64ba0d392acc71322cfa68 | |
parent | WIP (diff) | |
download | glouglou-2dbddf95e3b59bc330c37d4a5736f83396bf68fb.tar.xz glouglou-2dbddf95e3b59bc330c37d4a5736f83396bf68fb.zip |
WIP
-rw-r--r-- | v3/glougloud/Makefile | 26 | ||||
-rw-r--r-- | v3/glougloud/glougloud.c | 23 | ||||
-rw-r--r-- | v3/glougloud/glougloud.h | 2 | ||||
-rw-r--r-- | v3/glougloud/probes.c | 1 | ||||
-rw-r--r-- | v3/glougloud/redis.c | 18 | ||||
-rw-r--r-- | v3/glougloud/viz.c | 4 | ||||
-rw-r--r-- | v3/libglouglou/libglouglou.h | 1 | ||||
-rw-r--r-- | v3/libglouglou/utils.c | 18 |
8 files changed, 71 insertions, 22 deletions
diff --git a/v3/glougloud/Makefile b/v3/glougloud/Makefile index 202b96c..d1d88ca 100644 --- a/v3/glougloud/Makefile +++ b/v3/glougloud/Makefile @@ -5,20 +5,38 @@ CFLAGS+=-Wall -g LDFLAGS=-levent -ldnet -lglouglou -ldl -lhiredis USER_PROBES = _glougloud_probe USER_VIZ = _glougloud_viz +USER_DEFAULT = _glougloud +GLOUGLOUD_HOME = "/var/lib/glougloud" +GLOUGLOUD_CHROOT = "$(GLOUGLOUD_HOME)/chroot" PREFIX=/usr/local -BINDIR=$(PREFIX)/bin +BINDIR=$(PREFIX)/sbin all: make $(OBJECTS) $(CC) $(OBJECTS) -o $(PROG) $(LDFLAGS) install: $(PROG) - @echo "creating users $(USER_PROBES) and $(USER_VIZ)" - cmdp="useradd -r -d /var/empty/ -s /sbin/nologin $(USER_PROBES)" ;\ + @echo "creating glougloud home $(GLOUGLOUD_HOME)" + sudo mkdir -p $(GLOUGLOUD_HOME) + @echo "creating glougloud chroot $(GLOUGLOUD_CHROOT)" + sudo mkdir -p $(GLOUGLOUD_CHROOT) + sudo mkdir -p $(GLOUGLOUD_CHROOT)/socket + @echo "creating 3 users: $(USER_DEFAULT), $(USER_PROBES), $(USER_VIZ)" + cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_DEFAULT)" ;\ echo $$cmdp; $$($$cmdp) ;\ - cmdp="useradd -r -d /var/empty/ -s /sbin/nologin $(USER_VIZ)" ;\ + cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_PROBES)" ;\ echo $$cmdp; $$($$cmdp) ;\ + cmdp="usermod -a -G $(USER_DEFAULT) $(USER_PROBES)" ;\ + echo $$cmdp; $$($$cmdp) ;\ + cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_VIZ)" ;\ + echo $$cmdp; $$($$cmdp) ;\ + cmdp="usermod -a -G $(USER_DEFAULT) $(USER_VIZ)" ;\ + echo $$cmdp; $$($$cmdp) ; + @echo "setting ownership for glougloud chroot $(GLOUGLOUD_CHROOT)" + sudo chown -R root:$(USER_DEFAULT) $(GLOUGLOUD_HOME) + chmod -R 750 $(GLOUGLOUD_HOME) + chmod 770 $(GLOUGLOUD_CHROOT)/socket echo done @echo "installation of $(PROG)" mkdir -p $(BINDIR) diff --git a/v3/glougloud/glougloud.c b/v3/glougloud/glougloud.c index 07628fb..8942d94 100644 --- a/v3/glougloud/glougloud.c +++ b/v3/glougloud/glougloud.c @@ -29,8 +29,12 @@ static void sig_handler(int sig, short why, void *data) { log_info("got signal %d", sig); - if (sig == SIGINT || sig == SIGTERM) + if (sig == SIGINT || sig == SIGTERM) { + viz_shutdown(); + probes_shutdown(); + redis_shutdown(); event_base_loopexit(ev_base, NULL); + } } int @@ -49,7 +53,8 @@ main(int argc, char **argv) ggd->daemonize = 1; ggd->logfile = GLOUGLOUD_LOGFILE; ggd->loglevel = LOG_WARN; - ggd->redis.socket = "/tmp/glougloud_redis.sock"; + ggd->redis.socket_chrooted = "/socket/redis.sock"; + ggd->redis.socket = "/var/lib/glougloud/chroot/socket/redis.sock"; while ((op = getopt(argc, argv, "Dhl:L:p:P:v")) != -1) { switch (op) { @@ -88,6 +93,13 @@ main(int argc, char **argv) log_init(ggd->logfile, ggd->loglevel); log_warn("glougloud startup"); + if (redis_init(ggd) < 0) + log_fatal("init redis failed"); + if (probes_init(ggd) < 0) + log_fatal("init probes failed"); + if (viz_init(ggd) < 0) + log_fatal("init viz failed"); + ev_base = event_base_new(); ev_sigint = evsignal_new(ev_base, SIGINT, sig_handler, NULL); ev_sigterm = evsignal_new(ev_base, SIGTERM, sig_handler, NULL); @@ -99,13 +111,6 @@ main(int argc, char **argv) evsignal_add(ev_sighup, NULL); signal(SIGPIPE, SIG_IGN); - if (redis_init(ggd) < 0) - log_fatal("init redis failed"); - if (probes_init(ggd) < 0) - log_fatal("init probes failed"); - if (viz_init(ggd) < 0) - log_fatal("init viz failed"); - if (ggd->daemonize) { ggd->pid = fork(); log_info("daemonized, pid %d", ggd->pid); diff --git a/v3/glougloud/glougloud.h b/v3/glougloud/glougloud.h index dfc84e9..3f59603 100644 --- a/v3/glougloud/glougloud.h +++ b/v3/glougloud/glougloud.h @@ -5,6 +5,7 @@ #include <hiredis/hiredis.h> #include <hiredis/async.h> +#define GLOUGLOUD_USER_DEFAULT "_glougloud" #define GLOUGLOUD_USER_PROBES "_glougloud_probe" #define GLOUGLOUD_USER_VIZ "_glougloud_viz" #define GLOUGLOUD_LOGFILE "/var/log/glougloud.log" @@ -17,6 +18,7 @@ struct glougloud { int pid; struct { char *socket; + char *socket_chrooted; } redis; struct { struct addr serv_ip; diff --git a/v3/glougloud/probes.c b/v3/glougloud/probes.c index 93cc0d4..3e7d657 100644 --- a/v3/glougloud/probes.c +++ b/v3/glougloud/probes.c @@ -57,6 +57,7 @@ probes_init(struct glougloud *ggd) { if (_probes->pid > 0) return 0; droppriv(GLOUGLOUD_USER_PROBES, 1, NULL); + setprocname("probes"); _probes->evb = event_base_new(); _probes->mods = modules_load(GLOUGLOUD_MOD_PATH, NULL); diff --git a/v3/glougloud/redis.c b/v3/glougloud/redis.c index 8589326..6fca983 100644 --- a/v3/glougloud/redis.c +++ b/v3/glougloud/redis.c @@ -21,7 +21,7 @@ int redis_init(struct glougloud *ggd) { char redis_conf[4096]; char *echo_args[] = {"echo", redis_conf, NULL}; - char *redis_args[] = {"redis-server", "-", NULL}; + char *redis_args[] = {"glougloud: redis", "-", NULL}; char newpath[4096]; char *path; @@ -30,7 +30,7 @@ redis_init(struct glougloud *ggd) { _redis->pid = fork(); if (_redis->pid > 0) return 0; - droppriv(GLOUGLOUD_USER_PROBES, 0, NULL); + droppriv(GLOUGLOUD_USER_DEFAULT, 0, NULL); path = getenv("PATH"); snprintf(newpath, sizeof(newpath), "%s:/sbin:/usr/sbin:/usr/local/sbin", path); @@ -41,7 +41,7 @@ redis_init(struct glougloud *ggd) { "pidfile /var/run/glougloud/redis.pid\n" "port 0\n" "unixsocket %s\n" - "unixsocketperm 750\n" + "unixsocketperm 770\n" "timeout 0\n" "loglevel notice\n" /* XXX for the moment we log in glougloud log @@ -76,11 +76,13 @@ redis_connect(struct event_base *evb, { redisAsyncContext *rc; - rc = redisAsyncConnectUnix(_ggd->redis.socket); - if (rc->err) { - log_warn("redis connect: %s\n", rc->errstr); - return NULL; - } + do { + rc = redisAsyncConnectUnix(_ggd->redis.socket_chrooted); + if (rc->err) { + log_warn("redis connect: %s\n", rc->errstr); + sleep(1); + } + } while (rc->err); redisLibeventAttach(rc, evb); redisAsyncSetConnectCallback(rc, cb_connect); redisAsyncSetDisconnectCallback(rc, cb_disconnect); diff --git a/v3/glougloud/viz.c b/v3/glougloud/viz.c index 730ccf1..46f3f77 100644 --- a/v3/glougloud/viz.c +++ b/v3/glougloud/viz.c @@ -54,13 +54,15 @@ cb_srv_conn(evutil_socket_t listener, short event, void *arg) } int -viz_init(struct glougloud *ggd) { +viz_init(struct glougloud *ggd) +{ _ggd = ggd; _viz = xcalloc(1, sizeof(struct glougloud_viz)); _viz->pid = fork(); if (_viz->pid > 0) return 0; droppriv(GLOUGLOUD_USER_VIZ, 1, NULL); + setprocname("viz"); _viz->evb = event_base_new(); _viz->mods = modules_load(GLOUGLOUD_MOD_PATH, NULL); diff --git a/v3/libglouglou/libglouglou.h b/v3/libglouglou/libglouglou.h index 8944d59..cd85c5f 100644 --- a/v3/libglouglou/libglouglou.h +++ b/v3/libglouglou/libglouglou.h @@ -131,5 +131,6 @@ int exec_pipe(char *, char **, char *, char **); void kill_wait(pid_t, int); struct event *tcp_server_create(struct event_base *, struct addr *, int, event_callback_fn, void *); struct event *udp_server_create(struct event_base *, struct addr *, int, event_callback_fn, void *); +void setprocname(const char *); #endif /* _LIBGLOUGLOU_H_ */ diff --git a/v3/libglouglou/utils.c b/v3/libglouglou/utils.c index 1136869..723cfdc 100644 --- a/v3/libglouglou/utils.c +++ b/v3/libglouglou/utils.c @@ -21,6 +21,10 @@ #include <sys/wait.h> #include <sys/socket.h> +#if !defined(__OpenBSD__) +#include <sys/prctl.h> +#endif + #include "libglouglou.h" /* @@ -256,3 +260,17 @@ err: return NULL; } +void +setprocname(const char *name) +{ +#if defined(__OpenBSD__) + setproctitle(name); +#else + char basename[16]; + char newname[64]; + + prctl(PR_GET_NAME, (unsigned long) basename, 0, 0, 0); + snprintf(newname, sizeof(newname), "%s: %s", basename, name); + prctl(PR_SET_NAME, newname, 0, 0, 0); +#endif +} |