summaryrefslogtreecommitdiff
path: root/office/taskd/README_SLACKWARE
blob: e912b7c1fe8d9cc7a60f2c462b90462536484754 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
*** Running a taskd server under Slackware ***

Table of contents:
	
	* Taskd configuration for Slackware
	* Creating a taskd user and data directory
	* Initializing the server
	* Certificates and clients
	* Starting the server
	* Cautions and quirks...

See man taskd, /usr/doc/taskd-VERSION/doc/operation.txt
and man task-sync (from task) for full details of
what follows. In particular, read the operation.txt
document for a more complete overview.

Taskd configuration for Slackware
=================================

The taskd server is written to be cross-platform among
Unix-like OSs and leaves many setup and configuration
choices to the user. The provided man pages and text
guides are complete and helpful, but this SlackBuild
script adds a few details to make initial setup easier
on a Slackware system.

The added pieces are:

	* Creation of a taskd user and group
	* Creation of data directory - /var/lib/taskd
	* A global path config file - /etc/taskddata
	* Profile scripts - /etc/profile.d/taskddata.{sh,csh}
	* A Slackware start script - /etc/rc.d/rc.taskd

If you build and install the package with this script, you
you will end with a complete taskd install just as provided
by the upstream sources. Simply ignore or remove the above 
listed files and skip the following config steps, and you
may then configure and run the server according to your own
choices based on man taskd and the distribution docs.

If you continue, the following steps will get your taskd 
server running quickly and safely based on the above 
listed choices.

Create a taskd user and data directory
======================================

The server should be run as a non-priviledged user, and
the data paths should be owned by that user and not
accessible by others. You may use any UID/GID you choose,
those guaranteed not to conflict on a Slackware/SBo system
may be found here: http://www.slackbuilds.org/uid_gid.txt

To create the user account and data directory, execute the
following shell commands as root:

groupadd -g 290 taskd
useradd -g taskd -u 290 -d /var/lib/taskd taskd 
mkdir -p /var/lib/taskd
chown taskd:taskd /var/lib/taskd
chmod 700 /var/lib/taskd

Initializing the server
=======================

You need to initialize the server as the taskd user,
AND  the $TASKDDATA env variable must be set for that user,
so let's verify that first:

	su - taskd
	echo $TASKDDATA

If the value of $TASKDDATA is not the same as the data path
set above, check the following:

	/etc/taskddata - Must export the variable when sourced

	/etc/profile.d/taskddata.{sh,csh} - are executable
		OR
	/etc/profile - includes a line ". /etc/taskddata"

After you verify taskd user correctly sees $TASKDDATA...

	taskd init --data $TASKDDATA
	taskd config server localhost:53589

Change logs and PIDs from /tmp to data path

	taskd config log $TASKDDATA/taskd.log
	taskd config pid.file $TASKDDATA/taskd.pid
	taskd config ip.log   1

We will allow all connections for now...

	taskd config client.allow all
	taskd config client.deny none

Certificates and clients
========================

The server needs a certificate, key and crl to operate.
See operation.txt and man taskd to set up your own certs,
the following uses locally created self-signed certs.

You will need to be root for this...

      cd /usr/share/taskd-VERSION/pki
      ./generate

Once the various files are created, install them in $TASKDDATA:

      cp client.cert.pem $TASKDDATA
      cp server.cert.pem $TASKDDATA
      cp server.key.pem $TASKDDATA
      cp server.crl.pem $TASKDDATA

Configure the server to use them:

      taskd config client.cert $TASKDDATA/client.cert.pem
      taskd config server.cert $TASKDDATA/server.cert.pem
      taskd config server.key $TASKDDATA/server.key.pem
      taskd config server.crl $TASKDDATA/server.crl.pem

We are using self-signed certs at this point, so...

      cp ca.cert.pem $TASKDDATA
      taskd config ca.cert $TASKDDATA/ca.cert.pem

Now you must change ownership of these to taskd in the data
directory:

	chown taskd:taskd /var/lib/taskd/*

The resultant client.cert.pem and client.key.pem files 
are needed by the clients (see man task-sync from task).

This will get taskd working and is probably sufficient for local
use. You will want to use proper certificates and keys created
per-user for production use. See the accompanying docs for details.

See man taskd for creating and managing organizations, groups and 
users on the server.

Starting the server
===================

To start/stop the taskd server:

chmod +x /etc/rc.d/rc.taskd

/etc/rc.d/rc.taskd start
/etc/rc.d/rc.taskd stop

See comments in /etc/rc.d/rc.taskd to auto-start at boot.

Cautions and quirks...
======================

Taskd is a new application and is not as mature as the task
client application. Although it has proven to be very stable in 
operation, it has a few loose ends still when it comes to
admin of the server. Hopefully these will be cleaned up with
future releases!

A recurring theme in my own use has been that when creating
new organizations and users, I forget to su - taskd first and
perform the operation as root - and it succeeds! But taskd
creates the associated subdirectories and files with root
ownership and the server cannot use them!

Another is when changing server certs, I generate and copy
them in as root - the server will not start afterward.

The fix is easy in both cases...

chown -R taskd:taskd /var/lib/taskd

Just remember to perform all server admin as taskd, and when
something breaks - check ownerships first!

Another quirk is the start script - rc.taskd. I generated this
based on the distribution taskdctl script, so I'll share the
blame! It is not very robust when it encounters errors at startup
and will report "server started" under some conditions where the
server actually failed to start... use man taskd and test from
an su - taskd shell when getting the configs right.

Hopefully the server will catch the client soon in terms of
polish!

Enjoy!