From fd6850c7efcd043c04c9f4d85626571cae170dfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Tue, 20 Feb 2024 09:34:01 +0000 Subject: [PATCH] fix: osh-sync-watcher: default to a valid rshcmd (fixes #433) --- bin/admin/osh-sync-watcher.sh | 6 ++++++ .../administration/configuration/osh-sync-watcher_sh.rst | 4 ++-- etc/bastion/osh-sync-watcher.sh.dist | 6 +++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/bin/admin/osh-sync-watcher.sh b/bin/admin/osh-sync-watcher.sh index 99b4737..671741c 100755 --- a/bin/admin/osh-sync-watcher.sh +++ b/bin/admin/osh-sync-watcher.sh @@ -62,6 +62,12 @@ if [ "$enabled" != "1" ] ; then exit 0 fi +# check that rshcmd is not empty after loading the config +if [ -z "$rshcmd" ]; then + _err "The 'rshcmd' mandatory config value is empty, please review the configuration ($configfile)" + exit 1 +fi + # is another copy of myself still running ? if [ -e "$PIDFILE" ] ; then oldpid=$(head -1 "$PIDFILE") diff --git a/doc/sphinx/administration/configuration/osh-sync-watcher_sh.rst b/doc/sphinx/administration/configuration/osh-sync-watcher_sh.rst index f0a0bde..c0cc7ff 100644 --- a/doc/sphinx/administration/configuration/osh-sync-watcher_sh.rst +++ b/doc/sphinx/administration/configuration/osh-sync-watcher_sh.rst @@ -93,9 +93,9 @@ rshcmd :Default: ``""`` -:Example: ``"ssh -q -i /root/.ssh/id_master2slave"`` +:Example: ``"ssh -q -i /root/.ssh/id_master2slave -o StrictHostKeyChecking=accept-new"`` -This value will be passed as the ``--rsh`` parameter of ``rsync`` (don't use ``-p`` to specify the port heree, use the ``remotehostlist`` config below instead), this can be used to specify which SSH key to use, for example. Note that this option is mandatory (if you don't have anything to specify here, you can just say ``ssh``). +This value will be passed as the ``--rsh`` parameter of ``rsync`` (don't use ``-p`` to specify the port here, use the ``remotehostlist`` config below instead), this can be used to specify which SSH key to use, for example. NOTE THAT THIS OPTION IS MANDATORY (if you don't have anything to specify here, you can just say ``ssh``). If you followed the standard installation procedure, the "example" value specified below will work. remoteuser ********** diff --git a/etc/bastion/osh-sync-watcher.sh.dist b/etc/bastion/osh-sync-watcher.sh.dist index 1706d5e..d65f853 100644 --- a/etc/bastion/osh-sync-watcher.sh.dist +++ b/etc/bastion/osh-sync-watcher.sh.dist @@ -41,10 +41,10 @@ timeout=120 # >> These options configure how the primary bastion should push its configuration to the secondaries # # rshcmd (string) -# DESC: This value will be passed as the ``--rsh`` parameter of ``rsync`` (don't use ``-p`` to specify the port heree, use the ``remotehostlist`` config below instead), this can be used to specify which SSH key to use, for example. Note that this option is mandatory (if you don't have anything to specify here, you can just say ``ssh``). +# DESC: This value will be passed as the ``--rsh`` parameter of ``rsync`` (don't use ``-p`` to specify the port here, use the ``remotehostlist`` config below instead), this can be used to specify which SSH key to use, for example. NOTE THAT THIS OPTION IS MANDATORY (if you don't have anything to specify here, you can just say ``ssh``). If you followed the standard installation procedure, the "example" value specified below will work. # DEFAULT: "" -# EXAMPLE: "ssh -q -i /root/.ssh/id_master2slave" -rshcmd="" +# EXAMPLE: "ssh -q -i /root/.ssh/id_master2slave -o StrictHostKeyChecking=accept-new" +rshcmd="ssh -q -i /root/.ssh/id_master2slave -o StrictHostKeyChecking=accept-new" # # remoteuser (string) # DESC: The remote user to connect as, using ``ssh`` while rsyncing to secondaries. You probably don't need to change this.