You were incredibly fast, and it looks good too!
Laca
On Tue, 2008-09-23 at 14:52 +0800, Niall Power wrote:
> I've implemented the proposed changes. There is now no
> postinstall script in the spec file. The roleadd and the auth
> add is now provided by a SMF service in the same manner
> as the desktop-cache services work.
> The new service is:
> svc:/system/filesystem/zfssnap-roleadd:default
> and is enabled by default.
>
> I've placed a depenendency on this service inside
> auto-snapshot:default so that the service will not start up
> without it (meaning that the role and auth both exist).
>
> I've also backported some changes to the auto-snapshot
> method script from Tim, that remove the dependency on
> /export/home/zfssnap. This allows zfssnap to have "/" as
> a home dir.
>
> Diffs to the source tarball and the new spec file are both
> attached.
>
> Thanks,
> Niall.
> Laszlo (Laca) Peter wrote:
> > For the record, since we already discussed this on IRC, this
> > patch helps with a few issues, like the location of the
> > home directory and also the need for adding /usr/sbin to the
> > PATH, however the postinstall script is still not suitable
> > for Solaris integration, since it tries to create the role
> > on the host system (where the installer is running) and not
> > on the target system (that is being installed/upgraded).
> >
> > It also doesn't help us on OpenSolaris where we don't have
> > either CASs or postinstall scripts and there are no actions
> > currently implemented for adding roles or auths.
> >
> > So the solution we discussed involves a CAS for adding the
> > auth (since this is the standard way to do that on svr4
> > Solaris, and an SMF service that
> >
> > 1) checks if the auth is there and adds it if it's not
> > 2) creates the role
> >
> > The auto-snapshot service will depend on this one.
> >
> > Laca
> >
> > On Tue, 2008-09-23 at 13:13 +0800, Niall Power wrote:
> >
> >> I have a patch from Tim that he had asked me to review that
> >> should address these issues. I approved the patch but he
> >> hasn't pushed the changes yet. I'll apply the patch in the spec
> >> file, do some testing and then we can drop it once he pushes
> >> the patch upstream.
> >>
> >> The patch uses "/" as the user's home directory and drops the need
> >> to add "/usr/sbin" to the role's PATH
> >>
> >> I've attached the patch if you're interested.
> >>
> >>
> >
> >
>
> plain text document attachment
> (zfs-auto-snapshot-01-zfssnap-role.diff)
> --- zfs-snapshot-0.11.0/src/lib/svc/method/zfs-auto-snapshot 2008-09-18
> 13:24:40.000000000 +0800
> +++ zfs-snapshot-0.11.0-new/src/lib/svc/method/zfs-auto-snapshot
> 2008-09-23 13:15:32.400827871 +0800
> @@ -64,14 +64,9 @@
> # clients can get confused by colons. Who knew?
> SEP=":"
>
> -# This variable gets set to the restarter/logfile property
> -# whenever we have $FMRI defined. Used by the print_log and
> -# print_note functions below for all output, it's defined
> -# by the schedule_snapshots take_snapshots and unschedule_snapshots
> -# methods. Note that for take_snapshot LOG gets set to
> -# a file in the zfssnap role's home directory, as we don't own
> -# the SMF log. Start/stop logging goes to retarter/logfile,
> -# everything else goes in the zfssnap role's log.
> +# A string we use to determine whether to echo log messages
> +# to stdout (and get picked up by SMF) or remain silent
> +# and use logger(1) to log to syslog instead.
> LOG=""
>
>
> @@ -600,24 +595,21 @@
>
>
> # A function we use to emit output. Right now, this goes to syslog via
> logger(1)
> -# as well as being appended to a log file specified by $LOG. If this logfile
> -# variable doesn't exist, we simply echo the message to stdout, which will
> -# make it's way to the final log destination via SMF, since we'll always have
> -# $LOG defined when being called from cron otherwise.
> +# as well as being echoed to stdout which will result in it being picked up
> by
> +# SMF.
> function print_log { # message to display
> logger -t zfs-auto-snap -p daemon.notice $*
> if [ -z "$LOG" ] ; then
> echo $*
> - else
> - echo $(date) $* >> $LOG
> fi
> }
>
> # Another function to emit output, this time checking to see if the
> # user has set the service into verbose mode, otherwise, we print nothing
> +# This goes to stdout, and will get collected by either SMF or cron
> function print_note { # mesage to display
> if [ "$VERBOSE" == "true" ] ; then
> - print_log $*
> + echo $(date "+%b %d %T") $*
> fi
> }
>
> @@ -945,8 +937,7 @@
> case $SMF_FMRI in
> svc:/*)
> zfs_smf_props $SMF_FMRI
> - LOG_BASE=$(basename $logfile)
> - export LOG="$HOME/$LOG_BASE"
> + export LOG="false"
>
> take_snapshot $SMF_FMRI
> if [ $? -eq 0 ] ; then
> --- zfs-snapshot-0.11.0/src/lib/svc/method/zfs-auto-snapshot-roleadd
> 1970-01-01 08:00:00.000000000 +0800
> +++ zfs-snapshot-0.11.0-new/src/lib/svc/method/zfs-auto-snapshot-roleadd
> 2008-09-23 14:20:33.419742101 +0800
> @@ -0,0 +1,91 @@
> +#!/bin/ksh -p
> +#
> +# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
> +# Use is subject to license terms.
> +#
> +# Permission is hereby granted, free of charge, to any person obtaining a
> +# copy of this software and associated documentation files (the
> +# "Software"), to deal in the Software without restriction, including
> +# without limitation the rights to use, copy, modify, merge, publish,
> +# distribute, and/or sell copies of the Software, and to permit persons
> +# to whom the Software is furnished to do so, provided that the above
> +# copyright notice(s) and this permission notice appear in all copies of
> +# the Software and that both the above copyright notice(s) and this
> +# permission notice appear in supporting documentation.
> +#
> +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
> +# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
> +# OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
> +# HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
> +# INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
> +# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
> +# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
> +# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> +#
> +# Except as contained in this notice, the name of a copyright holder
> +# shall not be used in advertising or otherwise to promote the sale, use
> +# or other dealings in this Software without prior written authorization
> +# of the copyright holder.
> +#
> +###########################################################################
> +#
> +PATH=/usr/bin:/usr/sbin
> +
> +. /lib/svc/share/smf_include.sh
> +
> +auth_exists() {
> + AUTH=$1
> + /usr/bin/grep "^$AUTH:" $BASEDIR/etc/security/auth_attr > /dev/null
> + return $?
> +}
> +
> +USAGE="Usage: $0 <method>"
> +
> +if [ $# -ne 1 ] ; then
> + echo $USAGE
> + exit 2
> +fi
> +
> +METHOD="$1"
> +
> +case "$METHOD" in
> + start)
> + # Continue with rest of script
> + ;;
> + -*)
> + echo $USAGE
> + exit 2
> + ;;
> + *)
> + echo "Invalid method $METHOD"
> + exit 2
> + ;;
> +esac
> +
> +
> +# add our authorization
> +auth_exists solaris.smf.manage.zfs-auto-snapshot
> +if [ $? -ne 0 ] ; then
> + echo "solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS Automatic
> Snapshot Service::" \
> + >> /etc/security/auth_attr
> +fi
> +
> +#If the "zfssnap" role doesn't exist on the system then create it.
> +/usr/bin/grep "^zfssnap:" $BASEDIR/etc/passwd > /dev/null
> +if [ $? -ne 0 ]; then
> + /usr/sbin/roleadd -u 51 -d / -c "ZFS Automatic Snapshots role" \
> + -P "ZFS File System Management" \
> + -A solaris.smf.manage.zfs-auto-snapshot -m zfssnap
> + if [$? -ne 0]; then
> + echo "ERROR: Failed to add zfssnap role"
> + exit $SMF_EXIT_ERR_FATAL
> + fi
> + /usr/bin/passwd -r files -N zfssnap
> + if [$? -ne 0]; then
> + echo "ERROR: Failed to make zfssnap a no password account"
> + exit $SMF_EXIT_ERR_FATAL
> + fi
> +fi
> +
> +exit $SMF_EXIT_OK
> ---
> zfs-snapshot-0.11.0/src/var/svc/manifest/system/filesystem/zfs-auto-snapshot-roleadd.xml
> 1970-01-01 08:00:00.000000000 +0800
> +++
> zfs-snapshot-0.11.0-new/src/var/svc/manifest/system/filesystem/zfs-auto-snapshot-roleadd.xml
> 2008-09-23 14:16:09.506401499 +0800
> @@ -0,0 +1,88 @@
> +<?xml version="1.0"?>
> +<!DOCTYPE service_bundle SYSTEM
> "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
> +<!--
> + Copyright 2008 Sun Microsystems, Inc. All rights reserved.
> + Use is subject to license terms.
> +
> + Permission is hereby granted, free of charge, to any person obtaining a
> + copy of this software and associated documentation files (the
> + "Software"), to deal in the Software without restriction, including
> + without limitation the rights to use, copy, modify, merge, publish,
> + distribute, and/or sell copies of the Software, and to permit persons
> + to whom the Software is furnished to do so, provided that the above
> + copyright notice(s) and this permission notice appear in all copies of
> + the Software and that both the above copyright notice(s) and this
> + permission notice appear in supporting documentation.
> +
> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
> + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
> + OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
> + HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
> + INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
> + FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
> + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
> + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> +
> + Except as contained in this notice, the name of a copyright holder
> + shall not be used in advertising or otherwise to promote the sale, use
> + or other dealings in this Software without prior written authorization
> + of the copyright holder.
> +
> + Service manifest for ensuring GNOME desktop file cache is up to date.
> + see update-desktop-database manpage for details.
> +-->
> +
> +<service_bundle type='manifest' name='SUNWzfs-auto-snapshot'>
> +
> +<service
> + name='system/filesystem/zfssnap-roleadd'
> + type='service'
> + version='1'>
> +
> + <create_default_instance enabled='true' />
> +
> + <single_instance />
> +
> + <!-- Need / & /usr filesystems mounted, /var mounted read/write -->
> + <dependency
> + name='fs-local'
> + type='service'
> + grouping='require_all'
> + restart_on='none'>
> + <service_fmri value='svc:/system/filesystem/local' />
> + </dependency>
> +
> + <exec_method
> + type='method'
> + name='start'
> + exec='/lib/svc/method/zfs-auto-snapshot-roleadd %m'
> + timeout_seconds='60'>
> + <method_context>
> + <method_credential user='root' group='root' />
> + </method_context>
> + </exec_method>
> +
> + <exec_method
> + type='method'
> + name='stop'
> + exec=':true'
> + timeout_seconds='60' />
> +
> + <property_group name='startd' type='framework'>
> + <propval name='duration' type='astring'
> + value='transient' />
> + </property_group>
> +
> + <stability value='Unstable' />
> +
> + <template>
> + <common_name>
> + <loctext xml:lang='C'>ZFS auto snapshot role user
> creation
> + </loctext>
> + </common_name>
> +
> + </template>
> +</service>
> +
> +</service_bundle>
> ---
> zfs-snapshot-0.11.0/src/var/svc/manifest/system/filesystem/zfs-auto-snapshot.xml
> 2008-09-18 13:24:40.000000000 +0800
> +++
> zfs-snapshot-0.11.0-new/src/var/svc/manifest/system/filesystem/zfs-auto-snapshot.xml
> 2008-09-23 14:16:01.922877047 +0800
> @@ -53,6 +53,15 @@
> <service_fmri value="svc:/system/cron" />
> </dependency>
>
> + <!-- We need to make sure the zfssnap role and auth is present -->
> + <dependency
> + name='zfssnap-role'
> + grouping='require_all'
> + restart_on='none'
> + type='service'>
> + <service_fmri value='svc:/system/filesystem/zfssnap-roleadd' />
> + </dependency>
> +
> <property_group name='startd' type='framework'>
> <propval name='duration' type='astring' value='transient' />
> </property_group>
> plain text document attachment (SUNWzfs-auto-snapshot.spec)
> #
> # spec file for package SUNWzfs-auto-snapshot
> # includes module(s): zfs-snapshot
> #
> # Copyright 2008 Sun Microsystems, Inc.
> # This file and all modifications and additions to the pristine
> # package are under the same license as the package itself.
> #
> # Owner: niall
> #
>
> %include Solaris.inc
> # NOTE: If the version is bumped the new tarball must be uploaded to the
> # Sun Download Center. Contact GNOME RE for assistance.
>
> Name: SUNWzfs-auto-snapshot
> Summary: ZFS automatic snapshot service
> Version: 0.11.0
> Source:
> http://dlc.sun.com/osol/jds/downloads/extras/time-slider/zfs-snapshot-%{version}.tar.bz2
> Patch1: zfs-auto-snapshot-01-zfssnap-role.diff
>
> SUNW_BaseDir: /
> SUNW_Copyright: %{name}.copyright
> BuildRoot: %{_tmppath}/%{name}-%{version}-build
> Prereq: /usr/sbin/roleadd
>
> %include default-depend.inc
> Requires: SUNWzfsu
>
> %prep
> %setup -q -n zfs-snapshot-%{version}
> %patch1 -p1
>
> %build
>
> %install
> rm -rf $RPM_BUILD_ROOT
> mkdir -p $RPM_BUILD_ROOT/lib
> mkdir -p $RPM_BUILD_ROOT/var
> cp -R src/lib $RPM_BUILD_ROOT
> cp -R src/var $RPM_BUILD_ROOT
>
> mkdir -p $RPM_BUILD_ROOT/etc/security
> echo 'solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS Automatic
> Snapshot Service::' > $RPM_BUILD_ROOT/etc/security/auth_attr
>
>
> %{?pkgbuild_postprocess: %pkgbuild_postprocess -v -c
> "%{version}:%{jds_version}:%{name}:$RPM_ARCH:%(date
> +%%Y-%%m-%%d):%{support_level}" $RPM_BUILD_ROOT}
>
> %clean
> rm -rf $RPM_BUILD_ROOT
>
> %if %(test -f /usr/sadm/install/scripts/i.manifest && echo 0 || echo 1)
> %iclass manifest -f i.manifest
> %endif
>
> %files
> %defattr (-, root, bin)
> %dir %attr (0755, root, sys) /var
> %dir %attr (0755, root, sys) /var/svc
> %dir %attr (0755, root, sys) /var/svc/manifest
> %dir %attr (0755, root, sys) /var/svc/manifest/system
> %dir %attr (0755, root, sys) /var/svc/manifest/system/filesystem
> %class(manifest) %attr (0444, root, sys)
> /var/svc/manifest/system/filesystem/*.xml
> %dir %attr (0755, root, bin) /lib/svc/method
> %attr (0555, root, bin) /lib/svc/method/zfs-auto-snapshot*
> %dir %attr (0755, root, sys) /etc
> %dir %attr (0755, root, sys) /etc/security
> %config %class (rbac) %attr (0644, root, sys) /etc/security/auth_attr
>
> %changelog
> * Tue Sep 23 2008 - niall.power at sun.com
> - Remove postinstall roleadd as it breaks on live media and LU
> etc.
> Add patch -01-zfssnap-role to create it as a SMF service instead
> * Mon Sep 22 2008 - niall.power at sun.com
> - Move pre install to post install phase so that
> authorisation is available before adding role user
> * Wed Sep 18 2008 - niall.power at sun.com
> - Initial spec file created.
