From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 12 Mar 2012 15:57:54 +0000 (+0100)
Subject: ud-generate: lock replicators
X-Git-Tag: userdir-ldap-0.3.85~65^2
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=fef4b91434558cf0addd62ee738b1a7f5ac33bbc

ud-generate: lock replicators

ud-generate: The ssh authorized_keys file for the sshdist user now wraps
the rsync call in an flock wrapper that acquires a shared lock on
ud-generate's lock.  This prevents syncing while ud-generate runs.
---

diff --git a/debian/changelog b/debian/changelog
index 569eb31..6a3f6d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -47,6 +47,9 @@ userdir-ldap (0.3.80) UNRELEASED; urgency=low
     - wrap cdbmake calls in eatmydata.  Nothing else does any fsync stuff,
       so doing it here just costs a lot.
   * ud-generate: Use a flock() lock instead of python's lockfile class.
+  * ud-generate: The ssh authorized_keys file for the sshdist user now wraps
+    the rsync call in an flock wrapper that acquires a shared lock on
+    ud-generate's lock.  This prevents syncing while ud-generate runs.
 
   [ Stephen Gran ]
   * Fix deprecation warnings for sha module by using hashlib module instead
@@ -59,7 +62,7 @@ userdir-ldap (0.3.80) UNRELEASED; urgency=low
   * ud-replicate: set correct permissions for web-passwords
   * add freecdb to depends
 
- -- Peter Palfrader <weasel@debian.org>  Mon, 12 Mar 2012 16:15:13 +0100
+ -- Peter Palfrader <weasel@debian.org>  Mon, 12 Mar 2012 16:56:11 +0100
 
 userdir-ldap (0.3.79) unstable; urgency=low
 
diff --git a/ud-generate b/ud-generate
index 8bc0432..51437b2 100755
--- a/ud-generate
+++ b/ud-generate
@@ -912,7 +912,7 @@ def HostToIP(Host, mapped=True):
    return IPAdresses
 
 # Generate the ssh known hosts file
-def GenSSHKnown(host_attrs, File, mode=None):
+def GenSSHKnown(host_attrs, File, mode=None, lockfilename=None):
    F = None
    try:
       OldMask = os.umask(0022)
@@ -952,7 +952,9 @@ def GenSSHKnown(host_attrs, File, mode=None):
                hosts = HostToIP(x)
                if 'sshdistAuthKeysHost' in x[1]:
                   hosts += x[1]['sshdistAuthKeysHost']
-               Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(hosts), I)
+               clientcommand='rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s'%(Host)
+               clientcommand="flock -s %s -c '%s'"%(lockfilename, clientcommand)
+               Line = 'command="%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (clientcommand, ",".join(hosts), I)
             else:
                Line = "%s %s" %(",".join(HostNames + HostToIP(x, False)), I)
             Line = Sanitize(Line) + "\n"
@@ -1098,7 +1100,7 @@ def generate_all(global_dir, ldap_conn):
    GenCDB(accounts, global_dir + "mail-forward.cdb", 'emailForward')
    GenCDB(accounts, global_dir + "mail-contentinspectionaction.cdb", 'mailContentInspectionAction')
    GenPrivate(accounts, global_dir + "debian-private")
-   GenSSHKnown(host_attrs, global_dir+"authorized_keys", 'authorized_keys')
+   GenSSHKnown(host_attrs, global_dir+"authorized_keys", 'authorized_keys', global_dir+'ud-generate.lock')
    GenMailBool(accounts, global_dir + "mail-greylist", "mailGreylisting")
    GenMailBool(accounts, global_dir + "mail-callout", "mailCallout")
    GenMailList(accounts, global_dir + "mail-rbl", "mailRBL")