#!/bin/bash # postinst script for condor set -e . /usr/share/debconf/confmodule db_version 2.0 condor_user=condor condor_gecos="HTCondor Daemons" # make this one fixed because 'condor_config_val -tilde' relies on the user # home dir to exist condor_home=/var/lib/condor condor_local_cfg=/etc/condor/condor_config.local condor_debconf_cfg=/etc/condor/config.d/00debconf condor_make_homedir() { for dlabel in LOCAL_UNIV_EXECUTE CRED_STORE_DIR EXECUTE LOCK LOG SPOOL; do if dname=$(condor_config_val $dlabel 2>/dev/null); then mkdir -p $dname chown -R $condor_user: $dname else echo "HTCondor's configuration doesn't define $dlabel. This might be an indication of a problem." fi done # why should this be world writable? #for dlabel in EXECUTE CRED_STORE_DIR; do # chmod 1777 $(condor_config_val $dlabel) #done } condor_local_cfg_template() { if [ ! -e $condor_local_cfg ]; then cat > $condor_local_cfg << EOT # HTCondor configuration file # # Configuration placed into this file extends/overwrites the settings in the # main HTCondor configuration at /etc/condor/condor_config. # It may be advantagous to leave the main configuration file pristine and put # local configuration here to ease configuration updates during upgrades of the # HTCondor Debian package. Alternatively, it is also possible to place additional # configuration files into /etc/condor/config.d that will take precedence over # both the main configuration file and this local configuration. Note that # DebConf-generated configuration will overwrite settings in this file. EOT fi } condor_put_debconf_cfg() { # exit early if debconf is undesired db_get condor/wantdebconf if [ "$RET" = "false" ]; then # remove any previous debconf settings of no longer wanted [ -f "$condor_debconf_cfg" ] && rm -f $condor_debconf_cfg || true return fi # get settings from debconf db_get condor/personal ccfg_personal="$RET" db_get condor/reservedmemory ccfg_reservedmemory="$RET" db_get condor/admin ccfg_admin="$RET" db_get condor/phonehome ccfg_phonehome="$RET" db_get condor/daemons ccfg_daemons="$RET" db_get condor/filesystemdomain ccfg_filesystemdomain="$RET" db_get condor/uiddomain ccfg_uiddomain="$RET" db_get condor/centralmanager ccfg_centralmanager="$RET" db_get condor/allowwrite ccfg_allowwrite="$RET" db_get condor/startpolicy ccfg_startpolicy="$RET" # assemble configuration for a personal condor (if requested) if [ "$ccfg_personal" = "true" ]; then ccfg_daemons="STARTD, SCHEDD, COLLECTOR, NEGOTIATOR" ccfg_filesystemdomain='$(FULL_HOSTNAME)' ccfg_uiddomain='$(FULL_HOSTNAME)' ccfg_centralmanager='127.0.0.1' ccfg_allowwrite='$(CONDOR_HOST) $(IPV4_ADDRESS) $(IPV6_ADDRESS) 127.* ::1' else # do little replacement, otherwise take as is ccfg_daemons=${ccfg_daemons/:/, } fi # we always need the master daemon ccfg_daemons+="${ccfg_daemons:+, }MASTER" # header cat > $condor_debconf_cfg << EOT # This is the DebConf-generated configuration for HTCondor # # DO NOT edit this file, as changes will be overwritten during package # upgrades. Instead place custom configuration into either # /etc/condor/condor_config.local or another file in /etc/condor/config.d Use # the latter location if you need to overwrite/complement settings in the # DebConf-generated configuration. # which HTCondor daemons to run on this machine DAEMON_LIST = $ccfg_daemons # who receives emails when something goes wrong CONDOR_ADMIN = $ccfg_admin # how much memory should NOT be available to HTCondor RESERVED_MEMORY = $ccfg_reservedmemory # label to identify the local filesystem in a HTCondor pool FILESYSTEM_DOMAIN = $ccfg_filesystemdomain # label to identify the user id of the system in a HTCondor pool # (this need to be a fully qualified domain name) UID_DOMAIN = $ccfg_uiddomain # which machine is the central manager of this HTCondor pool CONDOR_HOST = $ccfg_centralmanager # what machines can access HTCondor daemons on this machine ALLOW_WRITE = $ccfg_allowwrite ALLOW_NEGOTIATOR = $ccfg_allowwrite EOT # handle phone home settings individually, and only if necessary if [ "$ccfg_phonehome" = "true" ]; then cat >> $condor_debconf_cfg << EOT # contact information where HTCondor sends usage statistics CONDOR_DEVELOPERS = htcondor-admin@cs.wisc.edu CONDOR_DEVELOPERS_COLLECTOR = condor.cs.wisc.edu EOT fi # now add a few more setting that allow the personal condor to work out of # the box in a safe way if [ "$ccfg_personal" = "true" ]; then cat >> $condor_debconf_cfg << EOT # the following settings will restrict HTCondor's network access to the internal # network BIND_ALL_INTERFACES = FALSE NETWORK_INTERFACE = 127.0.0.1 # make HTCondor ignore UID domain name mismatch on systems without a fully # qualified domain name (safe because the personal HTCondor does not allow # remote access TRUST_UID_DOMAIN = TRUE EOT fi # now add a few more setting that allow the personal condor to work out of # the box in a safe way if [ "$ccfg_startpolicy" = "true" ]; then cat >> $condor_debconf_cfg << EOT # allow HTCondor jobs to run with the same priority as any other machine activity # always start jobs once they are submitted START = TRUE # never suspend jobs SUSPEND = FALSE # always continue jobs CONTINUE = TRUE # never preempt PREEMPT = FALSE # never kill KILL = FALSE EOT fi } case "$1" in configure) # according to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621833#119 # this should always work if ! adduser --system --group --gecos "$condor_gecos" --home $condor_home \ --disabled-password --disabled-login $condor_user --quiet 2>/dev/null; then # the only time where it would fail, is when there is an existing # non-system 'condor' user. This could happen e.g. in a heterogenous # HTCondor pool (various OSes) where the adminstrative HTCondor user # comes from LDAP and the home dir is shared across machines. This # is a supported deployment scenario for HTCondor (see installation # manual section 3.2) # the only problem is the possibility to conflict with an actual # "human" user with the same name, so only proceed when the # respective user is locked down SH=$(getent passwd | egrep '^condor:'| cut -d : -f 7) if [ "$SH" = "/bin/false" -o "$SH" = "/usr/sbin/nologin" ]; then echo "WARNING: HTCondor will be running under an existing non-system user account 'condor'." else echo "ERROR: HTCondor cannot run under unlocked non-system account 'condor'" 1>&2 exit 1 fi fi # make sure the config and home dir are complete condor_local_cfg_template condor_put_debconf_cfg condor_make_homedir # tell systemd to create tmpfiles, but do no harm if not available systemd-tmpfiles --create --exclude-prefix=/dev || true # take care of starting condor if it is not yet running -- if it is # already running this command should have no effect if [ -x "/etc/init.d/condor" ]; then if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d condor start || exit $? else /etc/init.d/condor start || exit $? fi update-rc.d condor defaults 30 70 >/dev/null || exit 0 fi # send the restart command to condor, as we know that the installation # is finished. condor_master should figure this out on its own within # 5 minutes, but there is no need to wait # check for a running condor master first, as otherwise the restart # command fails and consequently package installation fails condor_status -master 2> /dev/null && condor_restart || true ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac db_stop # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. exit 0