Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package crmsh for openSUSE:Factory checked
in at 2022-09-02 21:56:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/crmsh (Old)
and /work/SRC/openSUSE:Factory/.crmsh.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crmsh"
Fri Sep 2 21:56:43 2022 rev:255 rq:1000825 version:4.4.1+20220902.dceb5b92
Changes:
--------
--- /work/SRC/openSUSE:Factory/crmsh/crmsh.changes 2022-08-30
14:51:24.196414872 +0200
+++ /work/SRC/openSUSE:Factory/.crmsh.new.2083/crmsh.changes 2022-09-02
21:57:06.096377604 +0200
@@ -1,0 +2,12 @@
+Fri Sep 02 06:51:37 UTC 2022 - xli...@suse.com
+
+- Update to version 4.4.1+20220902.dceb5b92:
+ * Add SAN
+ * Apply proposed changes.
+ * Do not provide senceless default values for IPAddr2. Fix command line to
verify and setup cluster group.
+ * Fix typos
+ * Add documetation to the script
+ * move missplaced directory
+ * Initial version of cryptctl setup script.
+
+-------------------------------------------------------------------
Old:
----
crmsh-4.4.1+20220830.5a63c85f.tar.bz2
New:
----
crmsh-4.4.1+20220902.dceb5b92.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ crmsh.spec ++++++
--- /var/tmp/diff_new_pack.WLzbcq/_old 2022-09-02 21:57:06.628378891 +0200
+++ /var/tmp/diff_new_pack.WLzbcq/_new 2022-09-02 21:57:06.632378901 +0200
@@ -36,7 +36,7 @@
Summary: High Availability cluster command-line interface
License: GPL-2.0-or-later
Group: %{pkg_group}
-Version: 4.4.1+20220830.5a63c85f
+Version: 4.4.1+20220902.dceb5b92
Release: 0
URL: http://crmsh.github.io
Source0: %{name}-%{version}.tar.bz2
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.WLzbcq/_old 2022-09-02 21:57:06.676379006 +0200
+++ /var/tmp/diff_new_pack.WLzbcq/_new 2022-09-02 21:57:06.680379017 +0200
@@ -9,7 +9,7 @@
</service>
<service name="tar_scm">
<param name="url">https://github.com/ClusterLabs/crmsh.git</param>
- <param
name="changesrevision">5a63c85f3d0e2e2d1bb3407fb4de7e0b4e9a8144</param>
+ <param
name="changesrevision">051a68726275e7f61ba85da01354fd4536ac746f</param>
</service>
</servicedata>
(No newline at EOF)
++++++ crmsh-4.4.1+20220830.5a63c85f.tar.bz2 ->
crmsh-4.4.1+20220902.dceb5b92.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/crmsh-4.4.1+20220830.5a63c85f/scripts/cryptctl/README.md
new/crmsh-4.4.1+20220902.dceb5b92/scripts/cryptctl/README.md
--- old/crmsh-4.4.1+20220830.5a63c85f/scripts/cryptctl/README.md
1970-01-01 01:00:00.000000000 +0100
+++ new/crmsh-4.4.1+20220902.dceb5b92/scripts/cryptctl/README.md
2022-09-02 08:33:58.000000000 +0200
@@ -0,0 +1,56 @@
+# cryptctl
+
+## Intorducion
+
+The cryptctl server daemon provides a LUKS-based disk encryption. This script
aims to setup an HA environment for the cryptctl-server
+
+## Prerequsits
+
+The cryptctl server needs following resources
+
+* /etc/sysconfig/cryptctl-server The configuration of the server. This will be
created once the server was setup and will be only modified if the
configuration will be changed like changing the administrator password. It is
sufficient to copy this file to all nodes when the cluster will be created.
+* The server certificate files in the directory /etc/cryptctl/servertls/. The
content of this directory will not be changed until the certifcates are valid.
It is sufficient to copy these files to all nodes when the cluster will be
created.
+* /var/lib/cryptctl/keydb The content of this directory must be provided on
shared storage like SAN NAS or NFS server. The encryption keys will be saved
here. For these directory a Filesystem resource agent will be created.
+* An IP address the cryptctl-server is listening on. An IPAddr2 resource agent
will be created for this reason.
+
+## Setup
+
+### Setp cryptctl server
+As first step you have to setup the cryptctl server:
+```shell
+cryptctl init-server
+```
+
+### Create a basic cluster
+If not already done you have to setup a basic cluster with at last two nodes.
It is very important that Node1 must be the server where you have confiugred
the cryptctl server.
+
+```shell
+crm cluster init -i <NetDev> -A <AdminIP> -n <ClusterName> -y
+```
+
+Join the cluster from other nodes:
+```shell
+ssh <Node2>
+crm cluster join -y <Node1>
+```
+
+### Setup the resource group for the cryptctl server
+
+You can setup all needed resource agents and copy all files to all nodes whit
the cryptcl crm-shell-script in one step. It is scrictly recommended to verify
the setup in first step:
+
+```shell
+crm script verify cryptctl \
+ cert-path=</etc/cryptctl/servertls/certificate-name> \
+ cert-key-path=</etc/cryptctl/servertls/certificate-key-name>
\
+ virtual-ip:ip=<IP-Address> \
+ filesystem:device=<Path to the device>
+```
+
+If the check was succesfull you have to setup the cluster group by running the
script:
+```shell
+crm script run cryptctl \
+ cert-path=</etc/cryptctl/servertls/certificate-name> \
+ cert-key-path=</etc/cryptctl/servertls/certificate-key-name>
\
+ virtual-ip:ip=<IP-Address> \
+ filesystem:device=<Path to the device>
+```
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/crmsh-4.4.1+20220830.5a63c85f/scripts/cryptctl/main.yml
new/crmsh-4.4.1+20220902.dceb5b92/scripts/cryptctl/main.yml
--- old/crmsh-4.4.1+20220830.5a63c85f/scripts/cryptctl/main.yml 1970-01-01
01:00:00.000000000 +0100
+++ new/crmsh-4.4.1+20220902.dceb5b92/scripts/cryptctl/main.yml 2022-09-02
08:33:58.000000000 +0200
@@ -0,0 +1,70 @@
+# Copyright (C) 2022 Peter Varkoly
+# License: GNU General Public License (GPL)
+version: 2.2
+category: System/Management
+shortdesc: A utility for setting up LUKS-based disk encryption
+longdesc: |
+ Configure a resource group containing a virtual IP address,
+ a filesystem resource containing the disk encryption keys and records,
+ and a systemd instance of the cryptctl server.
+
+ Furthermore a resource group will be created to bind all resources on the
same node.
+parameters:
+ - name: id
+ shortdesc: ID of the resource group
+ value: cryptctl
+ - name: cert-path
+ shortdesc: The path to the created certificate
+ required: true
+ - name: cert-key-path
+ shortdesc: The path to the created certificate key
+ required: true
+
+include:
+ - script: virtual-ip
+ shortdesc: The IP address configured here will start before the cryptctl
instance.
+ required: true
+ parameters:
+ - name: id
+ value: "{{id}}-vip"
+ - script: filesystem
+ shortdesc: Filesystem resource containing the disk encryption keys and
records
+ required: true
+ parameters:
+ - name: id
+ value: "{{id}}-filesystem"
+ - name: directory
+ value: "/var/lib/cryptctl/keydb"
+ - agent: systemd:cryptctl-server
+ name: cryptctl-server
+ parameters:
+ - name: id
+ value: cryptctl-server-service
+ ops: |
+ op monitor interval=10s
+
+actions:
+ - service: "cryptctl-server:disable"
+ nodes: all
+ shortdesc: "Disable cryptctl-server service on all nodes."
+ - copy: "/etc/sysconfig/cryptctl-server"
+ to: "/etc/sysconfig/cryptctl-server"
+ nodes: all
+ shortdesc: "Copy the configuration to all nodes"
+ - copy: "{{cert-path}}"
+ to: "{{cert-path}}"
+ nodes: all
+ shortdesc: "Copy the certificat file to all nodes"
+ - copy: "{{cert-key-path}}"
+ to: "{{cert-key-path}}"
+ nodes: all
+ shortdesc: "Copy the certificat key file to all nodes"
+ - include: virtual-ip
+ - include: filesystem
+ - include: cryptctl-server
+ - cib: |
+ group group-{{id}}
+ {{virtual-ip:id}}
+ {{filesystem:id}}
+ {{cryptctl-server:id}}
+
