Added some comments on backend generated code
This commit is contained in:
parent
eec571d56f
commit
f60376ab1d
3
TODO.md
3
TODO.md
|
@ -379,3 +379,6 @@ http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples
|
||||||
|
|
||||||
|
|
||||||
# orders ignorign default filter is not very effective, because of selecting all orders for billing will select ignored too
|
# orders ignorign default filter is not very effective, because of selecting all orders for billing will select ignored too
|
||||||
|
|
||||||
|
|
||||||
|
# mail system users group? which one is more convinient? if main group does not exists, backend will fail!
|
||||||
|
|
|
@ -23,6 +23,7 @@ class SieveFilteringMixin(object):
|
||||||
# create mailboxes if fileinfo is provided witout ':create' option
|
# create mailboxes if fileinfo is provided witout ':create' option
|
||||||
context['box'] = box
|
context['box'] = box
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Create %(box)s mailbox
|
||||||
mkdir -p %(maildir)s/.%(box)s
|
mkdir -p %(maildir)s/.%(box)s
|
||||||
chown %(user)s:%(group)s %(maildir)s/.%(box)s
|
chown %(user)s:%(group)s %(maildir)s/.%(box)s
|
||||||
if [[ ! $(grep '%(box)s' %(maildir)s/subscriptions) ]]; then
|
if [[ ! $(grep '%(box)s' %(maildir)s/subscriptions) ]]; then
|
||||||
|
@ -34,13 +35,15 @@ class SieveFilteringMixin(object):
|
||||||
context['filtering_cpath'] = re.sub(r'\.sieve$', '.svbin', context['filtering_path'])
|
context['filtering_cpath'] = re.sub(r'\.sieve$', '.svbin', context['filtering_path'])
|
||||||
if content:
|
if content:
|
||||||
context['filtering'] = ('# %(banner)s\n' + content) % context
|
context['filtering'] = ('# %(banner)s\n' + content) % context
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""\
|
||||||
|
# Create and compile orchestra sieve filtering
|
||||||
mkdir -p $(dirname '%(filtering_path)s')
|
mkdir -p $(dirname '%(filtering_path)s')
|
||||||
cat << 'EOF' > %(filtering_path)s
|
cat << 'EOF' > %(filtering_path)s
|
||||||
%(filtering)s
|
%(filtering)s
|
||||||
EOF
|
EOF
|
||||||
sievec %(filtering_path)s
|
sievec %(filtering_path)s
|
||||||
chown %(user)s:%(group)s {%(filtering_path)s,%(filtering_cpath)s}
|
chown %(user)s:%(group)s %(filtering_path)s
|
||||||
|
chown %(user)s:%(group)s %(filtering_cpath)s
|
||||||
""") % context
|
""") % context
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
|
@ -64,15 +67,20 @@ class UNIXUserMaildirBackend(SieveFilteringMixin, ServiceController):
|
||||||
def save(self, mailbox):
|
def save(self, mailbox):
|
||||||
context = self.get_context(mailbox)
|
context = self.get_context(mailbox)
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Update/create %(user)s user state
|
||||||
if [[ $( id %(user)s ) ]]; then
|
if [[ $( id %(user)s ) ]]; then
|
||||||
# Fucking postfix SASL caches credentials
|
old_password=$(getent shadow %(user)s | cut -d':' -f2)
|
||||||
old_password=$(grep "^%(user)s:" /etc/shadow|cut -d':' -f2)
|
usermod %(user)s \\
|
||||||
usermod %(user)s --password '%(password)s' --shell %(initial_shell)s
|
--shell %(initial_shell)s \\
|
||||||
if [[ "$old_password" != "%(password)s" ]]; then
|
--password '%(password)s'
|
||||||
|
if [[ "$old_password" != '%(password)s' ]]; then
|
||||||
|
# Postfix SASL caches passwords
|
||||||
RESTART_POSTFIX=1
|
RESTART_POSTFIX=1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
useradd %(user)s --home %(home)s --password '%(password)s'
|
useradd %(user)s \\
|
||||||
|
--home %(home)s \\
|
||||||
|
--password '%(password)s'
|
||||||
fi
|
fi
|
||||||
mkdir -p %(home)s
|
mkdir -p %(home)s
|
||||||
chmod 751 %(home)s
|
chmod 751 %(home)s
|
||||||
|
@ -86,6 +94,7 @@ class UNIXUserMaildirBackend(SieveFilteringMixin, ServiceController):
|
||||||
context['quota'] = mailbox.resources.disk.allocated * mailbox.resources.disk.resource.get_scale()
|
context['quota'] = mailbox.resources.disk.allocated * mailbox.resources.disk.resource.get_scale()
|
||||||
#unit_to_bytes(mailbox.resources.disk.unit)
|
#unit_to_bytes(mailbox.resources.disk.unit)
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Set Maildir quota for %(user)s
|
||||||
mkdir -p %(maildir)s
|
mkdir -p %(maildir)s
|
||||||
chown %(user)s:%(group)s %(maildir)s
|
chown %(user)s:%(group)s %(maildir)s
|
||||||
if [[ ! -f %(maildir)s/maildirsize ]]; then
|
if [[ ! -f %(maildir)s/maildirsize ]]; then
|
||||||
|
@ -137,7 +146,7 @@ class DovecotPostfixPasswdVirtualUserBackend(SieveFilteringMixin, ServiceControl
|
||||||
|
|
||||||
def set_user(self, context):
|
def set_user(self, context):
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
if [[ $( grep "^%(user)s:" %(passwd_path)s ) ]]; then
|
if [[ $( grep '^%(user)s:' %(passwd_path)s ) ]]; then
|
||||||
sed -i 's#^%(user)s:.*#%(passwd)s#' %(passwd_path)s
|
sed -i 's#^%(user)s:.*#%(passwd)s#' %(passwd_path)s
|
||||||
else
|
else
|
||||||
echo '%(passwd)s' >> %(passwd_path)s
|
echo '%(passwd)s' >> %(passwd_path)s
|
||||||
|
@ -148,7 +157,7 @@ class DovecotPostfixPasswdVirtualUserBackend(SieveFilteringMixin, ServiceControl
|
||||||
|
|
||||||
def set_mailbox(self, context):
|
def set_mailbox(self, context):
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
if [[ ! $(grep "^%(user)s@%(mailbox_domain)s\s" %(virtual_mailbox_maps)s) ]]; then
|
if [[ ! $(grep '^%(user)s@%(mailbox_domain)s\s' %(virtual_mailbox_maps)s) ]]; then
|
||||||
echo "%(user)s@%(mailbox_domain)s\tOK" >> %(virtual_mailbox_maps)s
|
echo "%(user)s@%(mailbox_domain)s\tOK" >> %(virtual_mailbox_maps)s
|
||||||
UPDATED_VIRTUAL_MAILBOX_MAPS=1
|
UPDATED_VIRTUAL_MAILBOX_MAPS=1
|
||||||
fi""") % context
|
fi""") % context
|
||||||
|
@ -240,6 +249,7 @@ class PostfixAddressVirtualDomainBackend(ServiceController):
|
||||||
domain = context['domain']
|
domain = context['domain']
|
||||||
if domain.name != context['local_domain'] and self.is_local_domain(domain):
|
if domain.name != context['local_domain'] and self.is_local_domain(domain):
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# %(domain)s is a virtual domain belonging to this server
|
||||||
if [[ ! $(grep '^\s*%(domain)s\s*$' %(virtual_alias_domains)s) ]]; then
|
if [[ ! $(grep '^\s*%(domain)s\s*$' %(virtual_alias_domains)s) ]]; then
|
||||||
echo '%(domain)s' >> %(virtual_alias_domains)s
|
echo '%(domain)s' >> %(virtual_alias_domains)s
|
||||||
UPDATED_VIRTUAL_ALIAS_DOMAINS=1
|
UPDATED_VIRTUAL_ALIAS_DOMAINS=1
|
||||||
|
@ -253,6 +263,7 @@ class PostfixAddressVirtualDomainBackend(ServiceController):
|
||||||
domain = context['domain']
|
domain = context['domain']
|
||||||
if self.is_last_domain(domain):
|
if self.is_last_domain(domain):
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Delete %(domain)s virtual domain
|
||||||
if [[ $(grep '^%(domain)s\s*$' %(virtual_alias_domains)s) ]]; then
|
if [[ $(grep '^%(domain)s\s*$' %(virtual_alias_domains)s) ]]; then
|
||||||
sed -i '/^%(domain)s\s*/d' %(virtual_alias_domains)s
|
sed -i '/^%(domain)s\s*/d' %(virtual_alias_domains)s
|
||||||
UPDATED_VIRTUAL_ALIAS_DOMAINS=1
|
UPDATED_VIRTUAL_ALIAS_DOMAINS=1
|
||||||
|
@ -271,7 +282,7 @@ class PostfixAddressVirtualDomainBackend(ServiceController):
|
||||||
|
|
||||||
def commit(self):
|
def commit(self):
|
||||||
context = self.get_context_files()
|
context = self.get_context_files()
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""
|
||||||
[[ $UPDATED_VIRTUAL_ALIAS_DOMAINS == 1 ]] && {
|
[[ $UPDATED_VIRTUAL_ALIAS_DOMAINS == 1 ]] && {
|
||||||
service postfix reload
|
service postfix reload
|
||||||
}
|
}
|
||||||
|
@ -309,6 +320,7 @@ class PostfixAddressBackend(PostfixAddressVirtualDomainBackend):
|
||||||
if destination:
|
if destination:
|
||||||
context['destination'] = destination
|
context['destination'] = destination
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Set virtual alias entry for %(email)s
|
||||||
LINE='%(email)s\t%(destination)s'
|
LINE='%(email)s\t%(destination)s'
|
||||||
if [[ ! $(grep '^%(email)s\s' %(virtual_alias_maps)s) ]]; then
|
if [[ ! $(grep '^%(email)s\s' %(virtual_alias_maps)s) ]]; then
|
||||||
# Add new line
|
# Add new line
|
||||||
|
@ -323,12 +335,7 @@ class PostfixAddressBackend(PostfixAddressVirtualDomainBackend):
|
||||||
fi""") % context)
|
fi""") % context)
|
||||||
else:
|
else:
|
||||||
logger.warning("Address %i is empty" % address.pk)
|
logger.warning("Address %i is empty" % address.pk)
|
||||||
self.append(textwrap.dedent("""
|
self.exclude_virtual_alias_maps(context)
|
||||||
if [[ $(grep '^%(email)s\s' %(virtual_alias_maps)s) ]]; then
|
|
||||||
sed -i '/^%(email)s\s/d' %(virtual_alias_maps)s
|
|
||||||
UPDATED_VIRTUAL_ALIAS_MAPS=1
|
|
||||||
fi""") % context
|
|
||||||
)
|
|
||||||
# Virtual mailbox stuff
|
# Virtual mailbox stuff
|
||||||
# destination = []
|
# destination = []
|
||||||
# for mailbox in address.get_mailboxes():
|
# for mailbox in address.get_mailboxes():
|
||||||
|
@ -340,9 +347,11 @@ class PostfixAddressBackend(PostfixAddressVirtualDomainBackend):
|
||||||
|
|
||||||
def exclude_virtual_alias_maps(self, context):
|
def exclude_virtual_alias_maps(self, context):
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
sed -i '/^%(email)s\s.*$/d;{!q0;q1}' %(virtual_alias_maps)s && \\
|
# Remove %(email)s virtual alias entry
|
||||||
|
if [[ $(grep '^%(email)s\s' %(virtual_alias_maps)s) ]]; then
|
||||||
|
sed -i '/^%(email)s\s/d' %(virtual_alias_maps)s
|
||||||
UPDATED_VIRTUAL_ALIAS_MAPS=1
|
UPDATED_VIRTUAL_ALIAS_MAPS=1
|
||||||
""") % context
|
fi""") % context
|
||||||
)
|
)
|
||||||
|
|
||||||
def save(self, address):
|
def save(self, address):
|
||||||
|
@ -356,6 +365,7 @@ class PostfixAddressBackend(PostfixAddressVirtualDomainBackend):
|
||||||
def commit(self):
|
def commit(self):
|
||||||
context = self.get_context_files()
|
context = self.get_context_files()
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""\
|
||||||
|
# Apply changes if needed
|
||||||
[[ $UPDATED_VIRTUAL_ALIAS_DOMAINS == 1 ]] && {
|
[[ $UPDATED_VIRTUAL_ALIAS_DOMAINS == 1 ]] && {
|
||||||
service postfix reload
|
service postfix reload
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,6 +31,7 @@ class UNIXUserBackend(ServiceController):
|
||||||
context['groups_arg'] = '--groups %s' % groups if groups else ''
|
context['groups_arg'] = '--groups %s' % groups if groups else ''
|
||||||
# TODO userd add will fail if %(user)s group already exists
|
# TODO userd add will fail if %(user)s group already exists
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Update/create %(user)s user state
|
||||||
if [[ $( id %(user)s ) ]]; then
|
if [[ $( id %(user)s ) ]]; then
|
||||||
usermod %(user)s --home %(home)s \\
|
usermod %(user)s --home %(home)s \\
|
||||||
--password '%(password)s' \\
|
--password '%(password)s' \\
|
||||||
|
@ -58,6 +59,7 @@ class UNIXUserBackend(ServiceController):
|
||||||
)
|
)
|
||||||
if context['home'] != context['base_home']:
|
if context['home'] != context['base_home']:
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
|
# Set extra permissions since %(user)s home is inside %(mainuser)s home
|
||||||
if [[ $(mount | grep "^$(df %(home)s|grep '^/')\s" | grep acl) ]]; then
|
if [[ $(mount | grep "^$(df %(home)s|grep '^/')\s" | grep acl) ]]; then
|
||||||
# Accountn group as the owner
|
# Accountn group as the owner
|
||||||
chown %(mainuser)s:%(mainuser)s %(home)s
|
chown %(mainuser)s:%(mainuser)s %(home)s
|
||||||
|
@ -83,7 +85,8 @@ class UNIXUserBackend(ServiceController):
|
||||||
context = self.get_context(user)
|
context = self.get_context(user)
|
||||||
if not context['user']:
|
if not context['user']:
|
||||||
return
|
return
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""
|
||||||
|
# Delete %(user)s user
|
||||||
nohup bash -c 'sleep 2 && killall -u %(user)s -s KILL' &> /dev/null &
|
nohup bash -c 'sleep 2 && killall -u %(user)s -s KILL' &> /dev/null &
|
||||||
killall -u %(user)s || true
|
killall -u %(user)s || true
|
||||||
userdel %(user)s || exit_code=$?
|
userdel %(user)s || exit_code=$?
|
||||||
|
|
|
@ -126,7 +126,7 @@ class PHPBackend(WebAppServiceMixin, ServiceController):
|
||||||
service php5-fpm reload
|
service php5-fpm reload
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Coordinate Apache restart with other concurrent backends (i.e. Apache2Backend)
|
# Coordinate Apache restart with other concurrent backends (e.g. Apache2Backend)
|
||||||
is_last=0
|
is_last=0
|
||||||
mv /dev/shm/restart.apache2 /dev/shm/restart.apache2.locked || {
|
mv /dev/shm/restart.apache2 /dev/shm/restart.apache2.locked || {
|
||||||
sleep 0.2
|
sleep 0.2
|
||||||
|
@ -144,6 +144,7 @@ class PHPBackend(WebAppServiceMixin, ServiceController):
|
||||||
else
|
else
|
||||||
echo -n "$state" > /dev/shm/restart.apache2.locked
|
echo -n "$state" > /dev/shm/restart.apache2.locked
|
||||||
if [[ $UPDATED_APACHE -eq 1 ]]; then
|
if [[ $UPDATED_APACHE -eq 1 ]]; then
|
||||||
|
echo -e "Apache will be restarted by another backend:\\n${state}"
|
||||||
echo "$backend RESTART" >> /dev/shm/restart.apache2.locked
|
echo "$backend RESTART" >> /dev/shm/restart.apache2.locked
|
||||||
fi
|
fi
|
||||||
mv /dev/shm/restart.apache2.locked /dev/shm/restart.apache2
|
mv /dev/shm/restart.apache2.locked /dev/shm/restart.apache2
|
||||||
|
|
|
@ -67,8 +67,7 @@ class Apache2Backend(ServiceController):
|
||||||
SuexecUserGroup {{ user }} {{ group }}\
|
SuexecUserGroup {{ user }} {{ group }}\
|
||||||
{% for line in extra_conf.splitlines %}
|
{% for line in extra_conf.splitlines %}
|
||||||
{{ line | safe }}{% endfor %}
|
{{ line | safe }}{% endfor %}
|
||||||
</VirtualHost>
|
</VirtualHost>""")
|
||||||
""")
|
|
||||||
).render(Context(context))
|
).render(Context(context))
|
||||||
|
|
||||||
def render_redirect_https(self, context):
|
def render_redirect_https(self, context):
|
||||||
|
@ -85,8 +84,7 @@ class Apache2Backend(ServiceController):
|
||||||
RewriteEngine On
|
RewriteEngine On
|
||||||
RewriteCond %{HTTPS} off
|
RewriteCond %{HTTPS} off
|
||||||
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
|
||||||
</VirtualHost>
|
</VirtualHost>""")
|
||||||
""")
|
|
||||||
).render(Context(context))
|
).render(Context(context))
|
||||||
|
|
||||||
def save(self, site):
|
def save(self, site):
|
||||||
|
@ -99,8 +97,9 @@ class Apache2Backend(ServiceController):
|
||||||
apache_conf += self.render_virtual_host(site, context, ssl=True)
|
apache_conf += self.render_virtual_host(site, context, ssl=True)
|
||||||
if site.protocol == site.HTTPS_ONLY:
|
if site.protocol == site.HTTPS_ONLY:
|
||||||
apache_conf += self.render_redirect_https(context)
|
apache_conf += self.render_redirect_https(context)
|
||||||
context['apache_conf'] = apache_conf
|
context['apache_conf'] = apache_conf.strip()
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""
|
||||||
|
# Generate %(site_name)s Apache site config
|
||||||
read -r -d '' apache_conf << 'EOF' || true
|
read -r -d '' apache_conf << 'EOF' || true
|
||||||
%(apache_conf)s
|
%(apache_conf)s
|
||||||
EOF
|
EOF
|
||||||
|
@ -113,6 +112,7 @@ class Apache2Backend(ServiceController):
|
||||||
)
|
)
|
||||||
if context['server_name'] and site.active:
|
if context['server_name'] and site.active:
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""\
|
||||||
|
# Enable %(site_name)s site
|
||||||
if [[ ! -f %(sites_enabled)s ]]; then
|
if [[ ! -f %(sites_enabled)s ]]; then
|
||||||
a2ensite %(site_unique_name)s.conf
|
a2ensite %(site_unique_name)s.conf
|
||||||
UPDATED_APACHE=1
|
UPDATED_APACHE=1
|
||||||
|
@ -120,6 +120,7 @@ class Apache2Backend(ServiceController):
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""\
|
||||||
|
# Disable %(site_name)s site
|
||||||
if [[ -f %(sites_enabled)s ]]; then
|
if [[ -f %(sites_enabled)s ]]; then
|
||||||
a2dissite %(site_unique_name)s.conf;
|
a2dissite %(site_unique_name)s.conf;
|
||||||
UPDATED_APACHE=1
|
UPDATED_APACHE=1
|
||||||
|
@ -128,22 +129,26 @@ class Apache2Backend(ServiceController):
|
||||||
|
|
||||||
def delete(self, site):
|
def delete(self, site):
|
||||||
context = self.get_context(site)
|
context = self.get_context(site)
|
||||||
self.append("a2dissite %(site_unique_name)s.conf && UPDATED_APACHE=1" % context)
|
self.append(textwrap.dedent("""
|
||||||
self.append("rm -f %(sites_available)s" % context)
|
# Remove %(site_name)s site configuration
|
||||||
|
a2dissite %(site_unique_name)s.conf && UPDATED_APACHE=1
|
||||||
|
rm -f %(sites_available)s\
|
||||||
|
""") % context
|
||||||
|
)
|
||||||
|
|
||||||
def prepare(self):
|
def prepare(self):
|
||||||
super(Apache2Backend, self).prepare()
|
super(Apache2Backend, self).prepare()
|
||||||
# Coordinate apache restart with php backend in order not to overdo it
|
# Coordinate apache restart with php backend in order not to overdo it
|
||||||
self.append(textwrap.dedent("""\
|
self.append(textwrap.dedent("""\
|
||||||
backend="Apache2Backend"
|
backend="Apache2Backend"
|
||||||
echo "$backend" >> /dev/shm/restart.apache2
|
echo "$backend" >> /dev/shm/restart.apache2\
|
||||||
""")
|
""")
|
||||||
)
|
)
|
||||||
|
|
||||||
def commit(self):
|
def commit(self):
|
||||||
""" reload Apache2 if necessary """
|
""" reload Apache2 if necessary """
|
||||||
self.append(textwrap.dedent("""
|
self.append(textwrap.dedent("""
|
||||||
# Coordinate Apache restart with other concurrent backends (i.e. Apache2Backend)
|
# Coordinate Apache restart with other concurrent backends (e.g. PHPBackend)
|
||||||
is_last=0
|
is_last=0
|
||||||
mv /dev/shm/restart.apache2 /dev/shm/restart.apache2.locked || {
|
mv /dev/shm/restart.apache2 /dev/shm/restart.apache2.locked || {
|
||||||
sleep 0.2
|
sleep 0.2
|
||||||
|
@ -161,6 +166,7 @@ class Apache2Backend(ServiceController):
|
||||||
else
|
else
|
||||||
echo -n "$state" > /dev/shm/restart.apache2.locked
|
echo -n "$state" > /dev/shm/restart.apache2.locked
|
||||||
if [[ $UPDATED_APACHE -eq 1 ]]; then
|
if [[ $UPDATED_APACHE -eq 1 ]]; then
|
||||||
|
echo -e "Apache will be restarted by another backend:\\n${state}"
|
||||||
echo "$backend RESTART" >> /dev/shm/restart.apache2.locked
|
echo "$backend RESTART" >> /dev/shm/restart.apache2.locked
|
||||||
fi
|
fi
|
||||||
mv /dev/shm/restart.apache2.locked /dev/shm/restart.apache2
|
mv /dev/shm/restart.apache2.locked /dev/shm/restart.apache2
|
||||||
|
|
Loading…
Reference in a new issue