server, service: added running as effective user
This commit is contained in:
+16
-2
@@ -87,14 +87,28 @@ EXTRA_DIST = \
|
||||
vendor/*
|
||||
|
||||
|
||||
SYSTEMD_LIBDIR = /lib/systemd/system
|
||||
FREEBSD_LOCALBASE = /usr/local
|
||||
FREEBSD_RCDIR = $(FREEBSD_LOCALBASE)/etc/rc.d
|
||||
LINUX_SYSTEMDDIR = /lib/systemd/system
|
||||
|
||||
install-data-local:
|
||||
test -z $(DESTDIR)$(srv_confdir) || $(MKDIR_P) $(DESTDIR)$(srv_confdir)
|
||||
test -z $(DESTDIR)$(srv_logdir) || $(MKDIR_P) $(DESTDIR)$(srv_logdir)
|
||||
test -z $(DESTDIR)$(srv_rundir) || $(MKDIR_P) $(DESTDIR)$(srv_rundir)
|
||||
test -z $(DESTDIR)$(SYSTEMD_LIBDIR) || $(MKDIR_P) $(DESTDIR)$(SYSTEMD_LIBDIR)
|
||||
$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(SYSTEMD_LIBDIR)
|
||||
if FREEBSD_OS
|
||||
test -z $(DESTDIR)$(FREEBSD_RCDIR) || $(MKDIR_P) $(DESTDIR)$(FREEBSD_RCDIR)
|
||||
$(INSTALL_DATA) initrc/minilbd $(DESTDIR)$(FREEBSD_RCDIR)
|
||||
chmod a+x $(DESTDIR)$(FREEBSD_RCDIR)/minilbd
|
||||
endif
|
||||
if LINUX_OS
|
||||
if SYSTEMD
|
||||
test -z $(DESTDIR)$(LINUX_SYSTEMDDIR) || $(MKDIR_P) $(DESTDIR)$(LINUX_SYSTEMDDIR)
|
||||
$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(LINUX_SYSTEMDDIR)
|
||||
endif
|
||||
endif
|
||||
|
||||
|
||||
|
||||
GENDIR=pkg/mlbctl
|
||||
grpc:
|
||||
|
||||
+16
-3
@@ -103,7 +103,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
|
||||
configure.lineno config.status.lineno
|
||||
mkinstalldirs = $(install_sh) -d
|
||||
CONFIG_CLEAN_FILES = app/config/variant.go initrc/minilbd.service \
|
||||
debian/control debian/changelog
|
||||
initrc/minilbd debian/control debian/changelog
|
||||
CONFIG_CLEAN_VPATH_FILES =
|
||||
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)"
|
||||
PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
|
||||
@@ -176,6 +176,7 @@ am__DIST_COMMON = $(srcdir)/Makefile.in \
|
||||
$(top_srcdir)/app/config/variant.go.in \
|
||||
$(top_srcdir)/debian/changelog.in \
|
||||
$(top_srcdir)/debian/control.in \
|
||||
$(top_srcdir)/initrc/minilbd.in \
|
||||
$(top_srcdir)/initrc/minilbd.service.in README.md config.guess \
|
||||
config.sub install-sh missing
|
||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
@@ -244,6 +245,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
PODMAN = @PODMAN@
|
||||
PROTOC = @PROTOC@
|
||||
ROOT_GROUP = @ROOT_GROUP@
|
||||
RUN_USER = @RUN_USER@
|
||||
SET_MAKE = @SET_MAKE@
|
||||
SHELL = @SHELL@
|
||||
SORT = @SORT@
|
||||
@@ -293,16 +295,19 @@ pdfdir = @pdfdir@
|
||||
prefix = @prefix@
|
||||
program_transform_name = @program_transform_name@
|
||||
psdir = @psdir@
|
||||
run_user = @run_user@
|
||||
runstatedir = @runstatedir@
|
||||
sbindir = @sbindir@
|
||||
sharedstatedir = @sharedstatedir@
|
||||
srcdir = @srcdir@
|
||||
srv_bindir = @srv_bindir@
|
||||
srv_confdir = @srv_confdir@
|
||||
srv_datadir = @srv_datadir@
|
||||
srv_devel_mode = @srv_devel_mode@
|
||||
srv_libdir = @srv_libdir@
|
||||
srv_logdir = @srv_logdir@
|
||||
srv_rundir = @srv_rundir@
|
||||
srv_sbindir = @srv_sbindir@
|
||||
srv_sharedir = @srv_sharedir@
|
||||
sysconfdir = @sysconfdir@
|
||||
target_alias = @target_alias@
|
||||
@@ -368,7 +373,9 @@ EXTRA_DIST = \
|
||||
README.md \
|
||||
vendor/*
|
||||
|
||||
SYSTEMD_LIBDIR = /lib/systemd/system
|
||||
FREEBSD_LOCALBASE = /usr/local
|
||||
FREEBSD_RCDIR = $(FREEBSD_LOCALBASE)/etc/rc.d
|
||||
LINUX_SYSTEMDDIR = /lib/systemd/system
|
||||
GENDIR = pkg/mlbctl
|
||||
BUILD_DIR = $(shell pwd)/TMP.build
|
||||
DIST_DIR = $(shell pwd)/DIST
|
||||
@@ -414,6 +421,8 @@ app/config/variant.go: $(top_builddir)/config.status $(top_srcdir)/app/config/va
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $@
|
||||
initrc/minilbd.service: $(top_builddir)/config.status $(top_srcdir)/initrc/minilbd.service.in
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $@
|
||||
initrc/minilbd: $(top_builddir)/config.status $(top_srcdir)/initrc/minilbd.in
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $@
|
||||
debian/control: $(top_builddir)/config.status $(top_srcdir)/debian/control.in
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $@
|
||||
debian/changelog: $(top_builddir)/config.status $(top_srcdir)/debian/changelog.in
|
||||
@@ -884,7 +893,11 @@ install-data-local:
|
||||
test -z $(DESTDIR)$(srv_logdir) || $(MKDIR_P) $(DESTDIR)$(srv_logdir)
|
||||
test -z $(DESTDIR)$(srv_rundir) || $(MKDIR_P) $(DESTDIR)$(srv_rundir)
|
||||
test -z $(DESTDIR)$(SYSTEMD_LIBDIR) || $(MKDIR_P) $(DESTDIR)$(SYSTEMD_LIBDIR)
|
||||
$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(SYSTEMD_LIBDIR)
|
||||
@FREEBSD_OS_TRUE@ test -z $(DESTDIR)$(FREEBSD_RCDIR) || $(MKDIR_P) $(DESTDIR)$(FREEBSD_RCDIR)
|
||||
@FREEBSD_OS_TRUE@ $(INSTALL_DATA) initrc/minilbd $(DESTDIR)$(FREEBSD_RCDIR)
|
||||
@FREEBSD_OS_TRUE@ chmod a+x $(DESTDIR)$(FREEBSD_RCDIR)/minilbd
|
||||
@LINUX_OS_TRUE@@SYSTEMD_TRUE@ test -z $(DESTDIR)$(LINUX_SYSTEMDDIR) || $(MKDIR_P) $(DESTDIR)$(LINUX_SYSTEMDDIR)
|
||||
@LINUX_OS_TRUE@@SYSTEMD_TRUE@ $(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(LINUX_SYSTEMDDIR)
|
||||
grpc:
|
||||
mkdir -p $(GENDIR)
|
||||
$(PROTOC) --proto_path=proto --go_out=$(GENDIR) --go-grpc_out=$(GENDIR) proto/mlbctl.proto
|
||||
|
||||
@@ -36,6 +36,7 @@ type Config struct {
|
||||
RunPath string `json:"runfile" yaml:"runfile"`
|
||||
AsDaemon bool `json:"asDaemon" yaml:"asDaemon"`
|
||||
LogLimit int64 `json:"logLimit" yaml:logLimit`
|
||||
RunUser string `json:"runUser" yaml:runUser`
|
||||
}
|
||||
|
||||
func NewConfig() (*Config, error) {
|
||||
@@ -45,6 +46,7 @@ func NewConfig() (*Config, error) {
|
||||
},
|
||||
AsDaemon: false,
|
||||
LogLimit: 1024 * 1024 * 10, // 10 Mb
|
||||
RunUser: "daemon",
|
||||
}
|
||||
hostname, err := os.Hostname()
|
||||
if err != nil {
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
package config
|
||||
|
||||
const (
|
||||
confdirPath = "/home/ziggi/Projects/minilb/etc/minilb"
|
||||
rundirPath = "/home/ziggi/Projects/minilb/tmp/run"
|
||||
logdirPath = "/home/ziggi/Projects/minilb/tmp/log"
|
||||
datadirPath = "/home/ziggi/Projects/minilb/tmp/data"
|
||||
packageVersion = "0.0.1"
|
||||
confdirPath = "/etc/minilb"
|
||||
rundirPath = "/var/run/minilb"
|
||||
logdirPath = "/var/log/minilb"
|
||||
datadirPath = "/var/lib/minilb"
|
||||
pkgVersion = "0.0.1"
|
||||
runUser = "daemon"
|
||||
)
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
package config
|
||||
|
||||
const (
|
||||
confdirPath = "@srv_confdir@"
|
||||
rundirPath = "@srv_rundir@"
|
||||
logdirPath = "@srv_logdir@"
|
||||
datadirPath = "@srv_datadir@"
|
||||
packageVersion = "@PACKAGE_VERSION@"
|
||||
confdirPath = "@srv_confdir@"
|
||||
rundirPath = "@srv_rundir@"
|
||||
logdirPath = "@srv_logdir@"
|
||||
datadirPath = "@srv_datadir@"
|
||||
pkgVersion = "@PACKAGE_VERSION@"
|
||||
runUser = "@run_user@"
|
||||
)
|
||||
|
||||
|
||||
+129
-82
@@ -3,6 +3,7 @@ package server
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"os/signal"
|
||||
"os/user"
|
||||
@@ -17,6 +18,7 @@ import (
|
||||
"helmet/app/logger"
|
||||
"helmet/app/operator"
|
||||
"helmet/app/service"
|
||||
"helmet/pkg/network"
|
||||
"helmet/pkg/x509crt"
|
||||
)
|
||||
|
||||
@@ -32,6 +34,7 @@ type Server struct {
|
||||
ctx context.Context
|
||||
cancel context.CancelFunc
|
||||
wg sync.WaitGroup
|
||||
listen net.Listener
|
||||
}
|
||||
|
||||
func NewServer() (*Server, error) {
|
||||
@@ -66,23 +69,66 @@ func (srv *Server) Build() error {
|
||||
var err error
|
||||
srv.log.Infof("Build server")
|
||||
|
||||
// Get effective user uid/guid
|
||||
usr, err := user.Lookup(srv.conf.RunUser)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
uid64, err := strconv.ParseInt(usr.Uid, 10, 64)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
gid64, err := strconv.ParseInt(usr.Gid, 10, 64)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
uid := int(uid64)
|
||||
gid := int(gid64)
|
||||
|
||||
if srv.conf.AsDaemon {
|
||||
logDir := filepath.Dir(srv.conf.LogPath)
|
||||
srv.log.Infof("Create %s dir", logDir)
|
||||
srv.log.Infof("Create log dir: %s", logDir)
|
||||
err = os.MkdirAll(logDir, 0750)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = os.Chown(logDir, uid, gid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
runDir := filepath.Dir(srv.conf.RunPath)
|
||||
srv.log.Infof("Create %s dir", runDir)
|
||||
srv.log.Infof("Create run dir: %s", runDir)
|
||||
err = os.MkdirAll(runDir, 0750)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = os.Chown(runDir, uid, gid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
// Create listener
|
||||
addrinfo := ":" + strconv.FormatUint(uint64(srv.conf.Service.Port), 10)
|
||||
listener, err := network.CreateListener(addrinfo)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
srv.listen = listener
|
||||
|
||||
// Change effective user
|
||||
err = syscall.Setuid(uid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
|
||||
usr, err = user.LookupId(uidstr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
srv.log.Warningf("Now run as user: %s", usr.Username)
|
||||
|
||||
// Create X509 certs
|
||||
srv.x509cert, srv.x509key, err = x509crt.CreateX509SelfSignedCert(srv.conf.Hostname)
|
||||
srv.x509cert, srv.x509key, err = x509crt.CreateCertKey(srv.conf.Hostname)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -103,8 +149,7 @@ func (srv *Server) Build() error {
|
||||
|
||||
// Create service
|
||||
serviceConfig := &service.ServiceConfig{
|
||||
PortNum: srv.conf.Service.Port,
|
||||
Hostname: srv.conf.Hostname,
|
||||
Listener: srv.listen,
|
||||
Handler: srv.hand,
|
||||
Operator: srv.oper,
|
||||
X509Cert: srv.x509cert,
|
||||
@@ -123,86 +168,21 @@ func (srv *Server) Run() error {
|
||||
return err
|
||||
}
|
||||
srv.log.Debugf("Server configuration:\n%s\n", yamlConfig)
|
||||
|
||||
srv.ctx, srv.cancel = context.WithCancel(context.Background())
|
||||
|
||||
currUser, err := user.Current()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
srv.log.Infof("Running server as user %s", currUser.Username)
|
||||
|
||||
sigs := make(chan os.Signal, 1)
|
||||
done := make(chan error, 1)
|
||||
|
||||
// Run service
|
||||
startService := func(svc *service.Service, done chan error) {
|
||||
err = svc.Run()
|
||||
if err != nil {
|
||||
srv.log.Errorf("Service error: %v", err)
|
||||
done <- err
|
||||
}
|
||||
srv.log.Infof("Start server as user %s", currUser.Username)
|
||||
uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
|
||||
usr, err := user.LookupId(uidstr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
go startService(srv.svc, done)
|
||||
srv.log.Infof("Run server as user %s", usr.Username)
|
||||
|
||||
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
|
||||
var signal os.Signal
|
||||
select {
|
||||
case signal = <-sigs:
|
||||
srv.log.Infof("Services stopped by signal: %v", signal)
|
||||
srv.cancel()
|
||||
srv.svc.Stop()
|
||||
srv.wg.Wait()
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (srv *Server) PseudoFork() error {
|
||||
const successExit int = 0
|
||||
var keyEnv string = "IMX0LTSELMRF8K"
|
||||
var err error
|
||||
|
||||
_, isChild := os.LookupEnv(keyEnv)
|
||||
switch {
|
||||
case !isChild:
|
||||
os.Setenv(keyEnv, "TRUE")
|
||||
procAttr := syscall.ProcAttr{}
|
||||
cwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var sysFiles = make([]uintptr, 3)
|
||||
sysFiles[0] = uintptr(syscall.Stdin)
|
||||
sysFiles[1] = uintptr(syscall.Stdout)
|
||||
sysFiles[2] = uintptr(syscall.Stderr)
|
||||
|
||||
procAttr.Files = sysFiles
|
||||
procAttr.Env = os.Environ()
|
||||
procAttr.Dir = cwd
|
||||
|
||||
_, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
os.Exit(successExit)
|
||||
case isChild:
|
||||
_, err = syscall.Setsid()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
os.Unsetenv(keyEnv)
|
||||
return err
|
||||
}
|
||||
|
||||
func (srv *Server) Daemonize() error {
|
||||
var err error
|
||||
if srv.conf.AsDaemon {
|
||||
// Restart process process
|
||||
err = srv.PseudoFork()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Redirect stdin
|
||||
nullFile, err := os.OpenFile("/dev/null", os.O_RDWR, 0)
|
||||
if err != nil {
|
||||
@@ -232,11 +212,6 @@ func (srv *Server) Daemonize() error {
|
||||
}
|
||||
srv.logf = logFile
|
||||
// Write process ID
|
||||
rundir := filepath.Dir(srv.conf.RunPath)
|
||||
err = os.MkdirAll(rundir, 0750)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
pidFile, err := os.OpenFile(srv.conf.RunPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0640)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -248,10 +223,46 @@ func (srv *Server) Daemonize() error {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
sigs := make(chan os.Signal, 1)
|
||||
done := make(chan error, 1)
|
||||
|
||||
// Run service
|
||||
startService := func(svc *service.Service, done chan error) {
|
||||
err = svc.Run()
|
||||
if err != nil {
|
||||
srv.log.Errorf("Service error: %v", err)
|
||||
done <- err
|
||||
}
|
||||
}
|
||||
go startService(srv.svc, done)
|
||||
|
||||
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
|
||||
var signal os.Signal
|
||||
select {
|
||||
case signal = <-sigs:
|
||||
srv.log.Infof("Services stopped by signal: %v", signal)
|
||||
srv.cancel()
|
||||
srv.svc.Stop()
|
||||
srv.wg.Wait()
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (srv *Server) Rotator() {
|
||||
func (srv *Server) Daemonize() error {
|
||||
var err error
|
||||
if srv.conf.AsDaemon {
|
||||
// Restart process process
|
||||
err = srv.pseudoFork()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (srv *Server) logRotator() {
|
||||
// TODO: integrate into logger
|
||||
srv.wg.Add(1)
|
||||
var counter uint64
|
||||
logFunc := func() {
|
||||
@@ -289,3 +300,39 @@ func (srv *Server) Rotator() {
|
||||
}
|
||||
go logFunc()
|
||||
}
|
||||
|
||||
func (srv *Server) pseudoFork() error {
|
||||
const successExit int = 0
|
||||
var keyEnv string = "IMX0LTSELMRF8K"
|
||||
var err error
|
||||
_, isChild := os.LookupEnv(keyEnv)
|
||||
switch {
|
||||
case !isChild:
|
||||
os.Setenv(keyEnv, "TRUE")
|
||||
procAttr := syscall.ProcAttr{}
|
||||
cwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var sysFiles = make([]uintptr, 3)
|
||||
sysFiles[0] = uintptr(syscall.Stdin)
|
||||
sysFiles[1] = uintptr(syscall.Stdout)
|
||||
sysFiles[2] = uintptr(syscall.Stderr)
|
||||
|
||||
procAttr.Files = sysFiles
|
||||
procAttr.Env = os.Environ()
|
||||
procAttr.Dir = cwd
|
||||
_, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
os.Exit(successExit)
|
||||
case isChild:
|
||||
_, err = syscall.Setsid()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
os.Unsetenv(keyEnv)
|
||||
return err
|
||||
}
|
||||
|
||||
+6
-22
@@ -4,12 +4,10 @@ import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
|
||||
"helmet/app/logger"
|
||||
|
||||
"helmet/app/handler"
|
||||
"helmet/app/logger"
|
||||
"helmet/app/operator"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
@@ -22,8 +20,7 @@ import (
|
||||
type ServiceConfig struct {
|
||||
Handler *handler.Handler
|
||||
Operator *operator.Operator
|
||||
PortNum uint32
|
||||
Hostname string
|
||||
Listener net.Listener
|
||||
X509Cert []byte
|
||||
X509Key []byte
|
||||
}
|
||||
@@ -33,11 +30,7 @@ type Service struct {
|
||||
hand *handler.Handler
|
||||
oper *operator.Operator
|
||||
log *logger.Logger
|
||||
portnum uint32
|
||||
hostname string
|
||||
|
||||
username string
|
||||
password string
|
||||
listen net.Listener
|
||||
x509Cert []byte
|
||||
x509Key []byte
|
||||
}
|
||||
@@ -46,8 +39,7 @@ func NewService(conf *ServiceConfig) *Service {
|
||||
svc := Service{
|
||||
hand: conf.Handler,
|
||||
oper: conf.Operator,
|
||||
portnum: conf.PortNum,
|
||||
hostname: conf.Hostname,
|
||||
listen: conf.Listener,
|
||||
x509Cert: conf.X509Cert,
|
||||
x509Key: conf.X509Key,
|
||||
}
|
||||
@@ -60,12 +52,6 @@ func (svc *Service) Run() error {
|
||||
var err error
|
||||
svc.log.Infof("Service run")
|
||||
|
||||
listenSpec := fmt.Sprintf(":%d", svc.portnum)
|
||||
listener, err := net.Listen("tcp", listenSpec)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
tlsCert, err := tls.X509KeyPair(svc.x509Cert, svc.x509Key)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -75,7 +61,6 @@ func (svc *Service) Run() error {
|
||||
ClientAuth: tls.NoClientCert,
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
|
||||
tlsCredentials := credentials.NewTLS(&tlsConfig)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -87,14 +72,13 @@ func (svc *Service) Run() error {
|
||||
gsrvOpts := []grpc.ServerOption{
|
||||
grpc.Creds(tlsCredentials),
|
||||
grpc.ChainUnaryInterceptor(interceptors...),
|
||||
//grpc.UnaryInterceptor(svc.authInterceptor),
|
||||
}
|
||||
svc.gsrv = grpc.NewServer(gsrvOpts...)
|
||||
|
||||
svc.hand.Register(svc.gsrv)
|
||||
|
||||
svc.log.Infof("Service listening at %v", listener.Addr())
|
||||
err = svc.gsrv.Serve(listener)
|
||||
svc.log.Infof("Service listening at %v", svc.listen.Addr())
|
||||
err = svc.gsrv.Serve(svc.listen)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -57,7 +57,6 @@ func (sta *Starter) run(cmd *cobra.Command, args []string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
srv.Config().AsDaemon = sta.runAsDaemon
|
||||
srv.Config().Service.Port = sta.port
|
||||
|
||||
@@ -69,7 +68,6 @@ func (sta *Starter) run(cmd *cobra.Command, args []string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
srv.Rotator()
|
||||
err = srv.Run()
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -608,6 +608,8 @@ PACKAGE_URL=''
|
||||
ac_default_prefix=/usr/local
|
||||
ac_subst_vars='LTLIBOBJS
|
||||
LIBOBJS
|
||||
srv_bindir
|
||||
srv_sbindir
|
||||
srv_datadir
|
||||
srv_libdir
|
||||
srv_sharedir
|
||||
@@ -615,6 +617,8 @@ srv_rundir
|
||||
srv_logdir
|
||||
srv_confdir
|
||||
srv_devel_mode
|
||||
run_user
|
||||
RUN_USER
|
||||
SYSTEMD_FALSE
|
||||
SYSTEMD_TRUE
|
||||
LINUX_OS_FALSE
|
||||
@@ -720,6 +724,7 @@ ac_subst_files=''
|
||||
ac_user_opts='
|
||||
enable_option_checking
|
||||
enable_silent_rules
|
||||
with_user
|
||||
enable_devel_mode
|
||||
with_confdir
|
||||
with_logdir
|
||||
@@ -1365,6 +1370,7 @@ Optional Features:
|
||||
Optional Packages:
|
||||
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||||
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
|
||||
--with-user=${PACKAGE} set executing user name
|
||||
--with-confdir=PATH set configuration dir to PATH (default:
|
||||
$SRV_CONFDIR)
|
||||
--with-logdir=PATH set path for logdir (default: $SRV_LOGDIR)
|
||||
@@ -3663,6 +3669,59 @@ test "x$prefix" == "xNONE" && prefix=$ac_default_prefix
|
||||
test "x$libexecdir" == "xNONE" && libexecdir=${prefix}/lib
|
||||
|
||||
|
||||
case $host_os in
|
||||
*freebsd* )
|
||||
default_user="daemon"
|
||||
default_group="daemon"
|
||||
;;
|
||||
*linux* )
|
||||
default_user="daemon"
|
||||
default_group="daemon"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
# Check whether --with-user was given.
|
||||
if test ${with_user+y}
|
||||
then :
|
||||
withval=$with_user; if test ! -z "$with_user" ; then
|
||||
case $with_user in
|
||||
"")
|
||||
as_fn_error $? "You must specify user name" "$LINENO" 5
|
||||
;;
|
||||
*)
|
||||
RUN_USER="$with_user"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
RUN_USER="$default_user"
|
||||
fi
|
||||
else case e in #(
|
||||
e) RUN_USER="$default_user" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
||||
if test "x$enable_devel_mode" = "xyes"
|
||||
then :
|
||||
|
||||
RUN_USER="`id -un`"
|
||||
|
||||
fi
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: run_user set as ${RUN_USER}" >&5
|
||||
printf "%s\n" "$as_me: run_user set as ${RUN_USER}" >&6;}
|
||||
|
||||
printf "%s\n" "#define RUN_USER \"$RUN_USER\"" >>confdefs.h
|
||||
|
||||
RUN_USER="$RUN_USER"
|
||||
|
||||
|
||||
printf "%s\n" "#define run_user \"$RUN_USER\"" >>confdefs.h
|
||||
|
||||
run_user="$RUN_USER"
|
||||
|
||||
|
||||
|
||||
# Check whether --enable-devel-mode was given.
|
||||
if test ${enable_devel_mode+y}
|
||||
@@ -3706,7 +3765,6 @@ then :
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if test "x$enable_devel_mode" = "xyes"
|
||||
then :
|
||||
|
||||
@@ -3914,9 +3972,13 @@ srv_datadir="$SRV_DATADIR"
|
||||
printf "%s\n" "$as_me: srv_datadir set as ${SRV_DATADIR}" >&6;}
|
||||
|
||||
|
||||
srv_sbindir="${prefix}/sbin"
|
||||
|
||||
srv_bindir="${prefix}/bin"
|
||||
|
||||
|
||||
ac_config_files="$ac_config_files Makefile app/config/variant.go initrc/minilbd.service debian/control debian/changelog"
|
||||
|
||||
ac_config_files="$ac_config_files Makefile app/config/variant.go initrc/minilbd.service initrc/minilbd debian/control debian/changelog"
|
||||
|
||||
cat >confcache <<\_ACEOF
|
||||
# This file is a shell script that caches the results of configure
|
||||
@@ -4670,6 +4732,7 @@ do
|
||||
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
|
||||
"app/config/variant.go") CONFIG_FILES="$CONFIG_FILES app/config/variant.go" ;;
|
||||
"initrc/minilbd.service") CONFIG_FILES="$CONFIG_FILES initrc/minilbd.service" ;;
|
||||
"initrc/minilbd") CONFIG_FILES="$CONFIG_FILES initrc/minilbd" ;;
|
||||
"debian/control") CONFIG_FILES="$CONFIG_FILES debian/control" ;;
|
||||
"debian/changelog") CONFIG_FILES="$CONFIG_FILES debian/changelog" ;;
|
||||
|
||||
|
||||
+41
-1
@@ -59,6 +59,44 @@ fi
|
||||
test "x$prefix" == "xNONE" && prefix=$ac_default_prefix
|
||||
test "x$libexecdir" == "xNONE" && libexecdir=${prefix}/lib
|
||||
|
||||
dnl --------------------------------------------------------------------------------------
|
||||
|
||||
case $host_os in
|
||||
*freebsd* )
|
||||
default_user="daemon"
|
||||
default_group="daemon"
|
||||
;;
|
||||
*linux* )
|
||||
default_user="daemon"
|
||||
default_group="daemon"
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_ARG_WITH(user,
|
||||
AS_HELP_STRING([--with-user=${PACKAGE}],[set executing user name]),
|
||||
[ if test ! -z "$with_user" ; then
|
||||
case $with_user in
|
||||
"")
|
||||
AC_MSG_ERROR(You must specify user name)
|
||||
;;
|
||||
*)
|
||||
RUN_USER="$with_user"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
RUN_USER="$default_user"
|
||||
fi ],
|
||||
[ RUN_USER="$default_user" ])
|
||||
|
||||
AS_IF([test "x$enable_devel_mode" = "xyes"], [
|
||||
RUN_USER="`id -un`"
|
||||
])
|
||||
|
||||
AC_MSG_NOTICE(run_user set as ${RUN_USER})
|
||||
AC_DEFINE_UNQUOTED(RUN_USER, "$RUN_USER", [effective user])
|
||||
AC_SUBST(RUN_USER, "$RUN_USER")
|
||||
AC_DEFINE_UNQUOTED(run_user, "$RUN_USER", [effective user])
|
||||
AC_SUBST(run_user, "$RUN_USER")
|
||||
|
||||
dnl --------------------------------------------------------------------------------------
|
||||
|
||||
@@ -91,7 +129,6 @@ AC_ARG_WITH(confdir,
|
||||
esac
|
||||
fi ])
|
||||
|
||||
|
||||
AS_IF([test "x$enable_devel_mode" = "xyes"], [
|
||||
SRV_CONFDIR="${SRCDIR}/etc/${PACKAGE}"
|
||||
sysconfdir="${SRCDIR}/etc/${PACKAGE}"
|
||||
@@ -240,12 +277,15 @@ AC_MSG_NOTICE(srv_datadir set as ${SRV_DATADIR})
|
||||
|
||||
dnl --------------------------------------------------------------------------------------
|
||||
|
||||
AC_SUBST(srv_sbindir, "${prefix}/sbin")
|
||||
AC_SUBST(srv_bindir, "${prefix}/bin")
|
||||
|
||||
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
app/config/variant.go
|
||||
initrc/minilbd.service
|
||||
initrc/minilbd
|
||||
debian/control
|
||||
debian/changelog
|
||||
])
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# PROVIDE: minilbd
|
||||
# REQUIRE: DAEMON
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="minilbd"
|
||||
rcvar="minilbd_enable"
|
||||
|
||||
pidfile="@srv_rundir@/minilbd.pid"
|
||||
command="@prefix@/sbin/${name}"
|
||||
command_args="--asDaemon=true"
|
||||
procname="@prefix@/sbin/${name}"
|
||||
|
||||
load_rc_config ${name}
|
||||
|
||||
: ${minilbd_enable:="NO"}
|
||||
|
||||
run_rc_command "$1"
|
||||
#EOF
|
||||
|
||||
@@ -3,10 +3,10 @@ Description=minilbd
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=@srv_sbindir@/minilbd -asDaemon=true
|
||||
ExecStart=/usr/sbin/minilbd --asDaemon=true
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecRestart=/bin/kill -HUP $MAINPID
|
||||
ExecStartPre=/usr/bin/install -d -o root -g root /home/ziggi/Projects/minilb/tmp/run /home/ziggi/Projects/minilb/tmp/log
|
||||
ExecStartPre=/usr/bin/install -d -o daemon /var/run/minilb /var/log/minilb
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -3,10 +3,10 @@ Description=minilbd
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=@srv_sbindir@/minilbd -asDaemon=true
|
||||
ExecStart=@srv_sbindir@/minilbd --asDaemon=true
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecRestart=/bin/kill -HUP $MAINPID
|
||||
ExecStartPre=/usr/bin/install -d -o root -g root @srv_rundir@ @srv_logdir@
|
||||
ExecStartPre=/usr/bin/install -d -o @run_user@ @srv_rundir@ @srv_logdir@
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
package network
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net"
|
||||
)
|
||||
|
||||
const protocol = "tcp"
|
||||
|
||||
func CreateTLSListener(addrinfo string, x509cert, x509key []byte) (net.Listener, error) {
|
||||
var listen net.Listener
|
||||
var err error
|
||||
tlsCert, err := tls.X509KeyPair(x509cert, x509key)
|
||||
if err != nil {
|
||||
return listen, err
|
||||
}
|
||||
tlsConfig := tls.Config{
|
||||
Certificates: []tls.Certificate{tlsCert},
|
||||
ClientAuth: tls.NoClientCert,
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
listen, err = tls.Listen(protocol, addrinfo, &tlsConfig)
|
||||
if err != nil {
|
||||
return listen, err
|
||||
}
|
||||
return listen, err
|
||||
}
|
||||
|
||||
func CreateListener(addrinfo string) (net.Listener, error) {
|
||||
var listen net.Listener
|
||||
var err error
|
||||
listen, err = net.Listen(protocol, addrinfo)
|
||||
if err != nil {
|
||||
return listen, err
|
||||
}
|
||||
return listen, err
|
||||
}
|
||||
@@ -11,7 +11,7 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
func CreateX509SelfSignedCert(subject string, hostnames ...string) ([]byte, []byte, error) {
|
||||
func CreateCertKey(subject string, hostnames ...string) ([]byte, []byte, error) {
|
||||
var err error
|
||||
|
||||
certPem := make([]byte, 0)
|
||||
@@ -72,7 +72,7 @@ func CreateX509SelfSignedCert(subject string, hostnames ...string) ([]byte, []by
|
||||
return certPem, keyPem, err
|
||||
}
|
||||
|
||||
func CreateX509CACert(commonName string) ([]byte, []byte, error) {
|
||||
func CreateCACert(commonName string) ([]byte, []byte, error) {
|
||||
var err error
|
||||
certPem := make([]byte, 0)
|
||||
keyPem := make([]byte, 0)
|
||||
|
||||
@@ -10,22 +10,16 @@ import (
|
||||
)
|
||||
|
||||
func TestCert(t *testing.T) {
|
||||
|
||||
{
|
||||
//caCert, caKey, err := CreateX509SelfSignedCert("test1")
|
||||
//require.NoError(t, err)
|
||||
//fmt.Println(string(caCert))
|
||||
//fmt.Println(string(caKey))
|
||||
}
|
||||
{
|
||||
caCert, caKey, err := CreateX509CACert("test1")
|
||||
caCert, caKey, err := CreateCertKey("test1")
|
||||
require.NoError(t, err)
|
||||
fmt.Println(string(caCert))
|
||||
fmt.Println(string(caKey))
|
||||
}
|
||||
{
|
||||
caCert, caKey, err := CreateCACert("test1")
|
||||
require.NoError(t, err)
|
||||
fmt.Println(string(caCert))
|
||||
fmt.Println(string(caKey))
|
||||
|
||||
// caCert, caKey, err = CreateX509Cert("test1", caKey)
|
||||
// require.NoError(t, err)
|
||||
// fmt.Println(string(caCert))
|
||||
// fmt.Println(string(caKey))
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user