%global numcomm @numcomm@ %global alphatag @alphatag@ %global dirty @dirty@ %define debug_package %{nil} %define anviluser admin %define anvilgroup admin %define suiapi striker-ui-api # selinux variables %define selinuxtype targeted %define selinuxsubnodemodule anvil-subnode %define selinuxdir %{_datadir}/selinux/packages/%{selinuxtype} Name: anvil Version: @version@ Release: 1%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} Summary: Alteeve Anvil! complete package. License: GPLv2+ URL: https://github.com/ClusterLabs/anvil Source0: %{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}.tar.gz BuildArch: noarch # required to detect paths to: # systemd unit files BuildRequires: systemd autoconf automake make # fence-agents binaries BuildRequires: fence-agents-common # OCFROOT BuildRequires: resource-agents # required to build SELinux policy BuildRequires: selinux-policy-devel %description This package generates the anvil-core, anvil-striker, anvil-node and anvil-dr RPM's. The 'core' RPM is common to all machines in an Anvil! cluster, with the other three used for each machine, given its roll. WARNING: This is an alpha-stage project. Many features are missing and this should not be used for anything other than development purposes! The first stable release will be 3.1. Anything 3.0 is UNSTABLE. %package core Summary: Alteeve's Anvil! Core package Requires: bash-completion Requires: binutils Requires: chrony Requires: cyrus-sasl Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-lib Requires: cyrus-sasl-md5 Requires: cyrus-sasl-plain Requires: bind-utils Requires: dmidecode Requires: dnf-utils Requires: expect Requires: fence-agents-all Requires: fence-agents-virsh Requires: firewalld Requires: freeipmi Requires: glibc-all-langpacks Requires: gpm Requires: hdparm Requires: htop Requires: iotop Requires: iproute Requires: kernel-core Requires: kernel-devel Requires: kernel-headers Requires: lsscsi Requires: lsof Requires: mailx Requires: mlocate Requires: net-snmp-utils Requires: NetworkManager-initscripts-updown Requires: nvme-cli Requires: parted Requires: pciutils Requires: perl-Capture-Tiny Requires: perl-Data-Dumper Requires: perl-Data-Validate-Domain Requires: perl-Data-Validate-IP Requires: perl-DBD-Pg Requires: perl-DBI Requires: perl-Data-Validate-Domain Requires: perl-Digest-SHA Requires: perl-File-MimeInfo Requires: perl-CGI Requires: perl-HTML-FromText Requires: perl-HTML-Strip Requires: perl-IO-Tty Requires: perl-JSON Requires: perl-Log-Journald Requires: perl-Mail-RFC822-Address Requires: perl-Net-Domain-TLD Requires: perl-Net-SSH2 Requires: perl-Net-Netmask Requires: perl-Net-OpenSSH Requires: perl-NetAddr-IP Requires: perl-Proc-Simple Requires: perl-Sys-Syslog Requires: perl-Sys-Virt Requires: perl-Text-Diff Requires: perl-Time-HiRes Requires: perl-UUID-Tiny Requires: perl-XML-LibXML Requires: perl-XML-Simple Requires: postfix Requires: postgresql-contrib Requires: postgresql-plperl Requires: rsync Requires: screen Requires: selinux-policy >= %{_selinux_policy_version} Requires: smartmontools Requires: strace Requires: syslinux Requires: sysstat Requires: tar Requires: tcpdump Requires: tmux Requires: unzip Requires: usbutils Requires: util-linux Requires: vim Requires: wget # iptables-services conflicts with firewalld Conflicts: iptables-services # We handle interface naming Conflicts: biosdevname %description core Common base libraries required for the Anvil! system. %package striker Summary: Alteeve's Anvil! Striker dashboard package Requires: anvil-core == %{version}-%{release} Requires: augeas Requires: bpg-dejavu-sans-fonts Requires: createrepo Requires: dejavu-sans-fonts Requires: dejavu-sans-mono-fonts Requires: dejavu-serif-fonts Requires: dhcp-server Requires: firefox Requires: gcc Requires: gdm Requires: gnome-terminal Requires: netpbm-progs Requires: nmap Requires: nodejs Requires: openssh-askpass Requires: postgresql-server Requires: syslinux Requires: syslinux-nonlinux Requires: tftp-server Requires: virt-manager # A Striker dashboard is not allowed to host servers or be a migration target. # So the node and dr packages can not be installed. Conflicts: anvil-node Conflicts: anvil-dr %description striker Web interface of the Striker dashboard for Alteeve Anvil! systems NOTE: This installs and enables Gnome desktop. %package node Summary: Alteeve's Anvil! node package Requires: anvil-core == %{version}-%{release} Requires: drbd90-utils Requires: kmod-drbd Requires: libvirt Requires: libvirt-daemon Requires: libvirt-daemon-driver-qemu Requires: libvirt-daemon-kvm Requires: libvirt-docs Requires: nmap-ncat Requires: pacemaker Requires: pcs Requires: python3-websockify Requires: qemu-kvm Requires: qemu-kvm-core Requires: virt-install Requires: virt-top # A node is allowed to host servers and be a live migration target. It is not # allowed to host a database or be a DR host. Conflicts: anvil-striker Conflicts: anvil-dr Conflicts: netcat %description node Provides support for active node in an Anvil! pair. NOTE: On RHEL proper, this requires the node had the "High-Availability Add-on". NOTE: LINBIT customers must have access to the LINBIT repositories configured. %package dr Summary: Alteeve's Anvil! DR host package Requires: anvil-core == %{version}-%{release} Requires: drbd90-utils Requires: kmod-drbd Requires: libvirt Requires: libvirt-daemon Requires: libvirt-daemon-driver-qemu Requires: libvirt-daemon-kvm Requires: libvirt-docs Requires: nmap-ncat Requires: python3-websockify Requires: qemu-kvm Requires: qemu-kvm-core Requires: virt-install Requires: virt-top # A DR host is not allowed to be a live-migration target or host a database. Conflicts: anvil-striker Conflicts: anvil-node Conflicts: netcat %description dr Provides support for asynchronous disaster recovery hosts in an Anvil! cluster. %prep %autosetup -n %{name}-%{version}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}} %build ./autogen.sh %{configure} make %{_smp_mflags} %install rm -rf %{buildroot} make install DESTDIR=%{buildroot} %pre core %selinux_relabel_pre -s %{selinuxtype} if [ ! -d /usr/share/anvil ]; then mkdir /usr/share/anvil fi getent group %{anvilgroup} >/dev/null || groupadd -r %{anvilgroup} getent passwd %{anviluser} >/dev/null || useradd --create-home \ --gid %{anvilgroup} --comment "Anvil! user account" %{anviluser} %post core # Always try to install in-case of update %selinux_modules_install -s %{selinuxtype} -p 200 %{selinuxdir}/%{selinuxsubnodemodule}.pp %if 0%{?rhel} < 9 echo "WARNING: setting SELinux to 'permissive' on rhel < 9." sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config setenforce 0 %endif # Enable and start the anvil-daemon ### TODO: check it if was disabled (if it existed before) and, if so, leave it disabled. systemctl enable --now chronyd.service systemctl enable --now anvil-daemon.service systemctl enable --now anvil-monitor-network.service systemctl enable --now scancore.service systemctl disable --now anvil-monitor-daemons.service systemctl disable --now anvil-monitor-performance.service %pre striker getent passwd %{suiapi} >/dev/null \ || useradd \ --comment "Striker UI API" \ --home-dir %{_datadir}/%{suiapi} \ --shell %{_sbindir}/nologin \ --user-group \ %{suiapi} # Check to see if we're updating. if grep -q apache /etc/passwd; then # Disable and stop apache to free the port. systemctl disable --now httpd.service # Transfer files owned by apache to Striker UI API user. chown -R --from apache %{suiapi}: /mnt chown -R --from apache %{suiapi}: %{_localstatedir}/www fi %post striker ### NOTE: PostgreSQL is initialized and enabled by striker-prep-database later. # Always reload to handle service file changes. systemctl daemon-reload systemctl enable %{suiapi}.service # Striker UI API needs explicit restart for changes to take effect. systemctl restart %{suiapi}.service restorecon -rv /%{_localstatedir}/www if ! $(ls -l /etc/systemd/system/default.target | grep -q graphical); then echo "Seting graphical interface as default on boot." systemctl set-default graphical.target systemctl enable gdm.service fi # Touch the system type file. echo "Touching the system type file" if [ -e '/etc/anvil/type.node' ] then rm -f /etc/anvil/type.node elif [ -e '/etc/anvil/type.dr' ] then rm -f /etc/anvil/type.dr fi touch /etc/anvil/type.striker ### TODO: I don't think we need this anymore # Open access for Striker. The database will be opened after initial setup. echo "Opening the web and postgresql ports." systemctl enable firewalld systemctl start firewalld firewall-cmd --add-service=http firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https firewall-cmd --add-service=https --permanent firewall-cmd --add-service=postgresql firewall-cmd --add-service=postgresql --permanent %pre node %post node # Touch the system type file. echo "Touching the system type file" if [ -e '/etc/anvil/type.striker' ] then rm -f /etc/anvil/type.striker elif [ -e '/etc/anvil/type.dr' ] then rm -f /etc/anvil/type.dr fi touch /etc/anvil/type.node %pre dr %post dr # Touch the system type file. echo "Touching the system type file" if [ -e '/etc/anvil/type.striker' ] then rm -f /etc/anvil/type.striker elif [ -e '/etc/anvil/type.node' ] then rm -f /etc/anvil/type.node fi touch /etc/anvil/type.dr ### Remove stuff - Disabled for now, messes things up during upgrades %postun core ## This is breaking on upgrades - (note: switch back to single percent sign ## when re-enabling) #getent passwd %%{anviluser} >/dev/null && userdel %%{anviluser} #getent group %%{anvilgroup} >/dev/null && groupdel %%{anvilgroup} # Only uninstall the policy when the package is actually being removed if [ $1 == 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{selinuxsubnodemodule} fi %preun striker if [ $1 == 0 ]; then # 0=Uninstall, 1=First install, >1=Upgrade (version count) systemctl disable --now %{suiapi}.service fi %postun striker ### TODO: Stopping postgres breaks the Anvil! during OS updates. Need to find a ### way to run this only during uninstalls, and not during updates. ### TODO: This breaks the repos # rm -rf /usr/share/anvil # echo "Closing the postgresql ports." #firewall-cmd --zone=public --remove-service=http #firewall-cmd --zone=public --remove-service=http --permanent # firewall-cmd --zone=public --remove-service=postgresql # firewall-cmd --zone=public --remove-service=postgresql --permanent # echo "Disabling and stopping postgresql-9.6." # systemctl disable postgresql.service # systemctl stop postgresql.service if [ $1 == 0 ]; then # 0=Uninstall systemctl daemon-reload fi # Remove the system type file. if [ -e '/etc/anvil/type.striker' ] then rm -f /etc/anvil/type.striker fi %postun node # Remove the system type file. if [ -e '/etc/anvil/type.node' ] then rm -f /etc/anvil/type.node fi %postun dr # Remove the system type file. if [ -e '/etc/anvil/type.dr' ] then rm -f /etc/anvil/type.dr fi %posttrans core # Relabel in posttrans makes sure files are in-place %selinux_relabel_post -s %{selinuxtype} %files core %doc README.md %config(noreplace) %{_sysconfdir}/anvil/anvil.conf %{_usr}/lib/* %config(noreplace) %{_datadir}/anvil/anvil.sql %{_datadir}/anvil/firewall.txt %{_datadir}/anvil/words.xml %{_sbindir}/* %{_sysconfdir}/anvil/anvil.version %{_datadir}/perl5/* %{_mandir}/* # selinux %attr(0644, root, root) %{selinuxdir}/%{selinuxsubnodemodule}.pp %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{selinuxsubnodemodule} %files striker %{_localstatedir}/www/*/* %{_datadir}/anvil/striker-auto-initialize-all.example %{_datadir}/%{suiapi}/* %ghost %{_sysconfdir}/anvil/snmp-vendors.txt %files node %{_sysconfdir}/libvirt/hooks/* %{_usr}/lib/ocf/resource.d/alteeve/server %files dr %{_sysconfdir}/libvirt/hooks/* %changelog * @date@ Autotools generated version - @version@-1-@numcomm@.@alphatag@.@dirty@ - Autotools generated version. - These aren't the droids you're looking for.