1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
*** Running a taskd server under Slackware ***
Table of contents:
* Taskd configuration for Slackware
* Creating a taskd user and data directory
* Initializing the server
* Certificates and clients
* Starting the server
* Cautions and quirks...
See man taskd, /usr/doc/taskd-VERSION/doc/operation.txt
and man task-sync (from task) for full details of
what follows. In particular, read the operation.txt
document for a more complete overview.
Taskd configuration for Slackware
=================================
The taskd server is written to be cross-platform among
Unix-like OSs and leaves many setup and configuration
choices to the user. The provided man pages and text
guides are complete and helpful, but this SlackBuild
script adds a few details to make initial setup easier
on a Slackware system.
The added pieces are:
* Creation of a taskd user and group
* Creation of data directory - /var/lib/taskd
* A global path config file - /etc/taskddata
* Profile scripts - /etc/profile.d/taskddata.{sh,csh}
* A Slackware start script - /etc/rc.d/rc.taskd
If you build and install the package with this script, you
you will end with a complete taskd install just as provided
by the upstream sources. Simply ignore or remove the above
listed files and skip the following config steps, and you
may then configure and run the server according to your own
choices based on man taskd and the distribution docs.
If you continue, the following steps will get your taskd
server running quickly and safely based on the above
listed choices.
Create a taskd user and data directory
======================================
The server should be run as a non-priviledged user, and
the data paths should be owned by that user and not
accessible by others. You may use any UID/GID you choose,
those guaranteed not to conflict on a Slackware/SBo system
may be found here: http://www.slackbuilds.org/uid_gid.txt
To create the user account and data directory, execute the
following shell commands as root:
groupadd -g 290 taskd
useradd -g taskd -u 290 -d /var/lib/taskd taskd
mkdir -p /var/lib/taskd
chown taskd:taskd /var/lib/taskd
chmod 700 /var/lib/taskd
Initializing the server
=======================
You need to initialize the server as the taskd user,
AND the $TASKDDATA env variable must be set for that user,
so let's verify that first:
su - taskd
echo $TASKDDATA
If the value of $TASKDDATA is not the same as the data path
set above, check the following:
/etc/taskddata - Must export the variable when sourced
/etc/profile.d/taskddata.{sh,csh} - are executable
OR
/etc/profile - includes a line ". /etc/taskddata"
After you verify taskd user correctly sees $TASKDDATA...
taskd init --data $TASKDDATA
taskd config server localhost:53589
Change logs and PIDs from /tmp to data path
taskd config log $TASKDDATA/taskd.log
taskd config pid.file $TASKDDATA/taskd.pid
taskd config ip.log 1
We will allow all connections for now...
taskd config client.allow all
taskd config client.deny none
Certificates and clients
========================
The server needs a certificate, key and crl to operate.
See operation.txt and man taskd to set up your own certs,
the following uses locally created self-signed certs.
You will need to be root for this...
cd /usr/share/taskd-VERSION/pki
./generate
Once the various files are created, install them in $TASKDDATA:
cp client.cert.pem $TASKDDATA
cp server.cert.pem $TASKDDATA
cp server.key.pem $TASKDDATA
cp server.crl.pem $TASKDDATA
Configure the server to use them:
taskd config client.cert $TASKDDATA/client.cert.pem
taskd config server.cert $TASKDDATA/server.cert.pem
taskd config server.key $TASKDDATA/server.key.pem
taskd config server.crl $TASKDDATA/server.crl.pem
We are using self-signed certs at this point, so...
cp ca.cert.pem $TASKDDATA
taskd config ca.cert $TASKDDATA/ca.cert.pem
Now you must change ownership of these to taskd in the data
directory:
chown taskd:taskd /var/lib/taskd/*
The resultant client.cert.pem and client.key.pem files
are needed by the clients (see man task-sync from task).
This will get taskd working and is probably sufficient for local
use. You will want to use proper certificates and keys created
per-user for production use. See the accompanying docs for details.
See man taskd for creating and managing organizations, groups and
users on the server.
Starting the server
===================
To start/stop the taskd server:
chmod +x /etc/rc.d/rc.taskd
/etc/rc.d/rc.taskd start
/etc/rc.d/rc.taskd stop
See comments in /etc/rc.d/rc.taskd to auto-start at boot.
Cautions and quirks...
======================
Taskd is a new application and is not as mature as the task
client application. Although it has proven to be very stable in
operation, it has a few loose ends still when it comes to
admin of the server. Hopefully these will be cleaned up with
future releases!
A recurring theme in my own use has been that when creating
new organizations and users, I forget to su - taskd first and
perform the operation as root - and it succeeds! But taskd
creates the associated subdirectories and files with root
ownership and the server cannot use them!
Another is when changing server certs, I generate and copy
them in as root - the server will not start afterward.
The fix is easy in both cases...
chown -R taskd:taskd /var/lib/taskd
Just remember to perform all server admin as taskd, and when
something breaks - check ownerships first!
Another quirk is the start script - rc.taskd. I generated this
based on the distribution taskdctl script, so I'll share the
blame! It is not very robust when it encounters errors at startup
and will report "server started" under some conditions where the
server actually failed to start... use man taskd and test from
an su - taskd shell when getting the configs right.
Hopefully the server will catch the client soon in terms of
polish!
Enjoy!
|