mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-14 21:56:41 +01:00
ed16becd86
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
192 lines
5.9 KiB
Text
192 lines
5.9 KiB
Text
*** Running a taskd server under Slackware ***
|
|
|
|
Table of contents:
|
|
|
|
* Taskd configuration for Slackware
|
|
* Creating a taskd user and data directory
|
|
* Initializing the server
|
|
* Certificates and clients
|
|
* Starting the server
|
|
* Cautions and quirks...
|
|
|
|
See man taskd, /usr/doc/taskd-VERSION/doc/operation.txt
|
|
and man task-sync (from task) for full details of
|
|
what follows. In particular, read the operation.txt
|
|
document for a more complete overview.
|
|
|
|
Taskd configuration for Slackware
|
|
=================================
|
|
|
|
The taskd server is written to be cross-platform among
|
|
Unix-like OSs and leaves many setup and configuration
|
|
choices to the user. The provided man pages and text
|
|
guides are complete and helpful, but this SlackBuild
|
|
script adds a few details to make initial setup easier
|
|
on a Slackware system.
|
|
|
|
The added pieces are:
|
|
|
|
* Creation of a taskd user and group
|
|
* Creation of data directory - /var/lib/taskd
|
|
* A global path config file - /etc/taskddata
|
|
* Profile scripts - /etc/profile.d/taskddata.{sh,csh}
|
|
* A Slackware start script - /etc/rc.d/rc.taskd
|
|
|
|
If you build and install the package with this script, you
|
|
you will end with a complete taskd install just as provided
|
|
by the upstream sources. Simply ignore or remove the above
|
|
listed files and skip the following config steps, and you
|
|
may then configure and run the server according to your own
|
|
choices based on man taskd and the distribution docs.
|
|
|
|
If you continue, the following steps will get your taskd
|
|
server running quickly and safely based on the above
|
|
listed choices.
|
|
|
|
Create a taskd user and data directory
|
|
======================================
|
|
|
|
The server should be run as a non-priviledged user, and
|
|
the data paths should be owned by that user and not
|
|
accessible by others. You may use any UID/GID you choose,
|
|
those guaranteed not to conflict on a Slackware/SBo system
|
|
may be found here: http://www.slackbuilds.org/uid_gid.txt
|
|
|
|
To create the user account and data directory, execute the
|
|
following shell commands as root:
|
|
|
|
groupadd -g 290 taskd
|
|
useradd -g taskd -u 290 -d /var/lib/taskd taskd
|
|
mkdir -p /var/lib/taskd
|
|
chown taskd:taskd /var/lib/taskd
|
|
chmod 700 /var/lib/taskd
|
|
|
|
Initializing the server
|
|
=======================
|
|
|
|
You need to initialize the server as the taskd user,
|
|
AND the $TASKDDATA env variable must be set for that user,
|
|
so let's verify that first:
|
|
|
|
su - taskd
|
|
echo $TASKDDATA
|
|
|
|
If the value of $TASKDDATA is not the same as the data path
|
|
set above, check the following:
|
|
|
|
/etc/taskddata - Must export the variable when sourced
|
|
|
|
/etc/profile.d/taskddata.{sh,csh} - are executable
|
|
OR
|
|
/etc/profile - includes a line ". /etc/taskddata"
|
|
|
|
After you verify taskd user correctly sees $TASKDDATA...
|
|
|
|
taskd init --data $TASKDDATA
|
|
taskd config server localhost:53589
|
|
|
|
Change logs and PIDs from /tmp to data path
|
|
|
|
taskd config log $TASKDDATA/taskd.log
|
|
taskd config pid.file $TASKDDATA/taskd.pid
|
|
taskd config ip.log 1
|
|
|
|
We will allow all connections for now...
|
|
|
|
taskd config client.allow all
|
|
taskd config client.deny none
|
|
|
|
Certificates and clients
|
|
========================
|
|
|
|
The server needs a certificate, key and crl to operate.
|
|
See operation.txt and man taskd to set up your own certs,
|
|
the following uses locally created self-signed certs.
|
|
|
|
You will need to be root for this...
|
|
|
|
cd /usr/share/taskd-VERSION/pki
|
|
./generate
|
|
|
|
Once the various files are created, install them in $TASKDDATA:
|
|
|
|
cp client.cert.pem $TASKDDATA
|
|
cp server.cert.pem $TASKDDATA
|
|
cp server.key.pem $TASKDDATA
|
|
cp server.crl.pem $TASKDDATA
|
|
|
|
Configure the server to use them:
|
|
|
|
taskd config client.cert $TASKDDATA/client.cert.pem
|
|
taskd config server.cert $TASKDDATA/server.cert.pem
|
|
taskd config server.key $TASKDDATA/server.key.pem
|
|
taskd config server.crl $TASKDDATA/server.crl.pem
|
|
|
|
We are using self-signed certs at this point, so...
|
|
|
|
cp ca.cert.pem $TASKDDATA
|
|
taskd config ca.cert $TASKDDATA/ca.cert.pem
|
|
|
|
Now you must change ownership of these to taskd in the data
|
|
directory:
|
|
|
|
chown taskd:taskd /var/lib/taskd/*
|
|
|
|
The resultant client.cert.pem and client.key.pem files
|
|
are needed by the clients (see man task-sync from task).
|
|
|
|
This will get taskd working and is probably sufficient for local
|
|
use. You will want to use proper certificates and keys created
|
|
per-user for production use. See the accompanying docs for details.
|
|
|
|
See man taskd for creating and managing organizations, groups and
|
|
users on the server.
|
|
|
|
Starting the server
|
|
===================
|
|
|
|
To start/stop the taskd server:
|
|
|
|
chmod +x /etc/rc.d/rc.taskd
|
|
|
|
/etc/rc.d/rc.taskd start
|
|
/etc/rc.d/rc.taskd stop
|
|
|
|
See comments in /etc/rc.d/rc.taskd to auto-start at boot.
|
|
|
|
Cautions and quirks...
|
|
======================
|
|
|
|
Taskd is a new application and is not as mature as the task
|
|
client application. Although it has proven to be very stable in
|
|
operation, it has a few loose ends still when it comes to
|
|
admin of the server. Hopefully these will be cleaned up with
|
|
future releases!
|
|
|
|
A recurring theme in my own use has been that when creating
|
|
new organizations and users, I forget to su - taskd first and
|
|
perform the operation as root - and it succeeds! But taskd
|
|
creates the associated subdirectories and files with root
|
|
ownership and the server cannot use them!
|
|
|
|
Another is when changing server certs, I generate and copy
|
|
them in as root - the server will not start afterward.
|
|
|
|
The fix is easy in both cases...
|
|
|
|
chown -R taskd:taskd /var/lib/taskd
|
|
|
|
Just remember to perform all server admin as taskd, and when
|
|
something breaks - check ownerships first!
|
|
|
|
Another quirk is the start script - rc.taskd. I generated this
|
|
based on the distribution taskdctl script, so I'll share the
|
|
blame! It is not very robust when it encounters errors at startup
|
|
and will report "server started" under some conditions where the
|
|
server actually failed to start... use man taskd and test from
|
|
an su - taskd shell when getting the configs right.
|
|
|
|
Hopefully the server will catch the client soon in terms of
|
|
polish!
|
|
|
|
Enjoy!
|