fun requestApt {node, pkg} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestCron {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestFtp {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestTrustedPath {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestSocketPerm {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestFirewall {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
OpenSSL.close bio
end
+fun requestFirewallRegen node =
+ let
+ val (user, context) = requestContext (fn () => ())
+ val bio = OpenSSL.connect true (context, Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
+ (* Only supporting on slave nodes *)
+
+ val _ = Msg.send (bio, MsgFirewallRegen)
+
+ fun handleResult () =
+ case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ OS.Process.failure)
+ | SOME m =>
+ case m of
+ MsgOk => (print "Firewall regenerated.\n";
+ OS.Process.success)
+ | MsgError s => (print ("Firewall regeneration failed: " ^ s ^ "\n");
+ OS.Process.failure)
+ | _ => (print "Unexpected server reply.\n";
+ OS.Process.failure)
+ in
+ handleResult()
+ before OpenSSL.close bio
+ end
+
structure SS = StringSet
fun domainList dname =
("Requested mysql-fixperms, but execution failed!",
SOME "Script execution failed."))
(fn () => ()))
+ | MsgFirewallRegen =>
+ doIt (fn () => if Acl.query {user = user, class = "priv", value = "all"} then
+ if List.exists (fn x => x = host) Config.Firewall.firewallNodes then
+ if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ())
+ then
+ ("Firewall rules regenerated.", NONE)
+ else
+ ("Rules regeneration failed!", SOME "Script execution failed.")
+ else ("Node not controlled by domtool firewall.", SOME (host))
+ else
+ ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall")))
+ (fn () => ())
| _ => (OpenSSL.close bio;
loop ())