Qdevice: Adjust path to final location

Signed-off-by: Jan Friesse <jfriesse@redhat.com>

Makefile.am

@@ -79,12 +79,30 @@ install-exec-local:
 	$(INSTALL) -d $(DESTDIR)/${COROSYSCONFDIR}/uidgid.d
 	$(INSTALL) -d $(DESTDIR)/${localstatedir}/lib/corosync
 	$(INSTALL) -d $(DESTDIR)/${localstatedir}/log/cluster
+if BUILD_QNETD
+	$(INSTALL) -m 750 -d $(DESTDIR)/${localstatedir}/run/corosync-qnetd
+	$(INSTALL) -m 750 -d $(DESTDIR)/${COROSYSCONFDIR}/qnetd
+endif
+if BUILD_QDEVICES
+	$(INSTALL) -m 750 -d $(DESTDIR)/${localstatedir}/run/corosync-qdevice
+	$(INSTALL) -d $(DESTDIR)/${COROSYSCONFDIR}/qdevice/
+	$(INSTALL) -m 750 -d $(DESTDIR)/${COROSYSCONFDIR}/qdevice/net
+endif
 
 uninstall-local:
 	rmdir $(DESTDIR)/${COROSYSCONFDIR}/service.d || :;
 	rmdir $(DESTDIR)/${COROSYSCONFDIR}/uidgid.d || :;
 	rmdir $(DESTDIR)/${localstatedir}/lib/corosync || :;
 	rmdir $(DESTDIR)/${localstatedir}/log/cluster || :;
+if BUILD_QNETD
+	rmdir $(DESTDIR)/${localstatedir}/run/corosync-qnetd || :;
+	rmdir $(DESTDIR)/${COROSYSCONFDIR}/qnetd || :;
+endif
+if BUILD_QDEVICES
+	rmdir $(DESTDIR)/${localstatedir}/run/corosync-qdevice || :;
+	rmdir $(DESTDIR)/${COROSYSCONFDIR}/qdevice/net || :;
+	rmdir $(DESTDIR)/${COROSYSCONFDIR}/qdevice/ || :;
+endif
 
 if AUGTOOL
 check_SCRIPTS = test_lense.sh

qdevices/corosync-qdevice-net-certutil.sh

@@ -35,8 +35,8 @@
 #
 
 BASE_DIR="@COROSYSCONFDIR@/qdevice/net"
-DB_DIR_QNETD="$BASE_DIR/qnetd/nssdb"
-DB_DIR_NODE="$BASE_DIR/node/nssdb"
+DB_DIR_QNETD="@COROSYSCONFDIR@/qnetd/nssdb"
+DB_DIR_NODE="$BASE_DIR/nssdb"
 # Validity of certificate (months)
 CRT_VALIDITY=1200
 CA_NICKNAME="QNet CA"
@@ -94,7 +94,7 @@ create_new_noise_file() {
         (ps -elf; date; w) | sha1sum | (read sha_sum rest; echo $sha_sum) > "$noise_file"
 
         chown root:root "$noise_file"
-        chmod 400 "$noise_file"
+        chmod 600 "$noise_file"
     else
         echo "Using existing noise file $noise_file"
     fi

qdevices/corosync-qnetd-certutil.sh

@@ -34,7 +34,8 @@
 # THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-DB_DIR="@COROSYSCONFDIR@/qdevice/net/qnetd/nssdb"
+CONFIG_DIR="@COROSYSCONFDIR@/qnetd"
+DB_DIR="$CONFIG_DIR/nssdb"
 # Validity of certificate (months)
 CRT_VALIDITY=1200
 CA_NICKNAME="QNet CA"
@@ -59,6 +60,12 @@ usage() {
     exit 0
 }
 
+chown_ref_cfgdir() {
+    if [ "$UID" == "0" ];then
+        chown --reference="$CONFIG_DIR" "$@" 2>/dev/null || chown `stat -f "%u:%g" "$CONFIG_DIR"` "$@" 2>/dev/null || return $?
+    fi
+}
+
 create_new_noise_file() {
     local noise_file="$1"
 
@@ -67,8 +74,8 @@ create_new_noise_file() {
 
         (ps -elf; date; w) | sha1sum | (read sha_sum rest; echo $sha_sum) > "$noise_file"
 
-        chown root:root "$noise_file"
-        chmod 400 "$noise_file"
+        chown_ref_cfgdir "$noise_file"
+        chmod 600 "$noise_file"
     else
         echo "Using existing noise file $noise_file"
     fi
@@ -79,6 +86,8 @@ get_serial_no() {
 
     if ! [ -f "$SERIAL_NO_FILE" ];then
         echo "100" > $SERIAL_NO_FILE
+        chown_ref_cfgdir "$SERIAL_NO_FILE"
+        chmod 600 "$SERIAL_NO_FILE"
     fi
     serial_no=`cat $SERIAL_NO_FILE`
     serial_no=$((serial_no+1))
@@ -96,14 +105,17 @@ init_qnetd_ca() {
     if ! [ -d "$DB_DIR" ];then
         echo "Creating $DB_DIR"
         mkdir -p "$DB_DIR"
-        chown root:root "$DB_DIR"
+        chown_ref_cfgdir "$DB_DIR"
         chmod 700 "$DB_DIR"
     fi
 
     echo "Creating new key and cert db"
     echo -n "" > "$PWD_FILE"
+    chown_ref_cfgdir "$PWD_FILE"
+    chmod 600 "$PWD_FILE"
+
     certutil -N -d "$DB_DIR" -f "$PWD_FILE"
-    chown root:root "$DB_DIR/key3.db" "$DB_DIR/cert8.db" "$DB_DIR/secmod.db"
+    chown_ref_cfgdir "$DB_DIR/key3.db" "$DB_DIR/cert8.db" "$DB_DIR/secmod.db"
     chmod 600 "$DB_DIR/key3.db" "$DB_DIR/cert8.db" "$DB_DIR/secmod.db"
 
     create_new_noise_file "$NOISE_FILE"
@@ -116,6 +128,7 @@ init_qnetd_ca() {
     # Export CA certificate in ascii
     certutil -L -d "$DB_DIR" -n "$CA_NICKNAME" > "$CA_EXPORT_FILE"
     certutil -L -d "$DB_DIR" -n "$CA_NICKNAME" -a >> "$CA_EXPORT_FILE"
+    chown_ref_cfgdir "$CA_EXPORT_FILE"
 
     certutil -S -n "$SERVER_NICKNAME" -s "$SERVER_SUBJECT" -c "$CA_NICKNAME" -t "u,u,u" -m `get_serial_no` \
         -v $CRT_VALIDITY -d "$DB_DIR" -z "$NOISE_FILE" -f "$PWD_FILE"
@@ -133,6 +146,7 @@ sign_cluster_cert() {
 
     echo "Signing cluster certificate"
     certutil -C -v "$CRT_VALIDITY" -m `get_serial_no` -i "$CERTIFICATE_FILE" -o "$CRT_FILE" -c "$CA_NICKNAME" -d "$DB_DIR"
+    chown_ref_cfgdir "$CRT_FILE"
 
     echo "Certificate stored in $CRT_FILE"
 }

qdevices/qdevice-config.h

@@ -49,8 +49,8 @@ extern "C" {
  * idea to change them as long as you are not 100% sure what you are doing. Also
  * most of them can be changed in CLI via advanced_settings (-S).
  */
-#define QDEVICE_DEFAULT_LOCK_FILE		LOCALSTATEDIR"/run/corosync-qdevice.pid"
-#define QDEVICE_DEFAULT_LOCAL_SOCKET_FILE	LOCALSTATEDIR"/run/corosync-qdevice.sock"
+#define QDEVICE_DEFAULT_LOCK_FILE		LOCALSTATEDIR"/run/corosync-qdevice/corosync-qdevice.pid"
+#define QDEVICE_DEFAULT_LOCAL_SOCKET_FILE	LOCALSTATEDIR"/run/corosync-qdevice/corosync-qdevice.sock"
 #define QDEVICE_DEFAULT_LOCAL_SOCKET_BACKLOG	10
 #define QDEVICE_MIN_LOCAL_SOCKET_BACKLOG	1
 

qdevices/qnet-config.h

@@ -60,7 +60,7 @@ extern "C" {
 #define QNETD_MIN_CLIENT_RECEIVE_SEND_SIZE		16
 #define QNETD_DEFAULT_MAX_CLIENTS			0
 
-#define QNETD_DEFAULT_NSS_DB_DIR			COROSYSCONFDIR "/qdevice/net/qnetd/nssdb"
+#define QNETD_DEFAULT_NSS_DB_DIR			COROSYSCONFDIR "/qnetd/nssdb"
 #define QNETD_DEFAULT_CERT_NICKNAME			"QNetd Cert"
 
 #define QNETD_DEFAULT_TLS_SUPPORTED			TLV_TLS_SUPPORTED
@@ -74,8 +74,8 @@ extern "C" {
 #define QNETD_DEFAULT_DPD_INTERVAL			(10*1000)
 #define QNETD_MIN_DPD_INTERVAL				1
 
-#define QNETD_DEFAULT_LOCK_FILE				LOCALSTATEDIR"/run/corosync-qnetd.pid"
-#define QNETD_DEFAULT_LOCAL_SOCKET_FILE			LOCALSTATEDIR"/run/corosync-qnetd.sock"
+#define QNETD_DEFAULT_LOCK_FILE				LOCALSTATEDIR"/run/corosync-qnetd/corosync-qnetd.pid"
+#define QNETD_DEFAULT_LOCAL_SOCKET_FILE			LOCALSTATEDIR"/run/corosync-qnetd/corosync-qnetd.sock"
 #define QNETD_DEFAULT_LOCAL_SOCKET_BACKLOG		10
 #define QNETD_MIN_LOCAL_SOCKET_BACKLOG			1
 
@@ -87,7 +87,7 @@ extern "C" {
 
 #define QNETD_TOOL_PROGRAM_NAME				"corosync-qnetd-tool"
 
-#define QDEVICE_NET_DEFAULT_NSS_DB_DIR			COROSYSCONFDIR "/qdevice/net/node/nssdb"
+#define QDEVICE_NET_DEFAULT_NSS_DB_DIR			COROSYSCONFDIR "/qdevice/net/nssdb"
 
 #define QDEVICE_NET_DEFAULT_INITIAL_MSG_RECEIVE_SIZE	(1 << 15)
 #define QDEVICE_NET_DEFAULT_INITIAL_MSG_SEND_SIZE	(1 << 15)