minimal changeset to get things working on 18.04

@joshdata squashed pull request #1398, removed some comments, and added these notes: * The old init.d script for the management daemon is replaced with a systemd service. * A systemd service configuration is added to configure permissions for munin on startup. * nginx SSL settings are updated because nginx's options and defaults have changed, and we now enable http2. * Automatic SSHFP record generation is updated to know that 22 is the default SSH daemon port, since it is no longer explicit in sshd_config. * The dovecot-lucene package is dropped because the Mail-in-a-Box PPA where we built the package has not been updated for Ubuntu 18.04. * The stock postgrey package is installed instead of the one from our PPA (which we no longer support), which loses the automatic whitelisting of DNSWL.org-whitelisted senders. * Drop memcached and the status check for memcached, which we used to use with ownCloud long ago but are no longer installing. * Other minor changes.
2026-03-04 15:54:48 +01:00 · 2018-07-07 18:41:41 +00:00
parent 504a9b0abc
commit d96613b8fe
20 changed files with 101 additions and 412 deletions
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -354,19 +354,20 @@ def build_sshfp_records():
 	# Get our local fingerprints by running ssh-keyscan. The output looks
 	# like the known_hosts file: hostname, keytype, fingerprint. The order
 	# of the output is arbitrary, so sort it to prevent spurrious updates
-	# to the zone file (that trigger bumping the serial number).
-
-	# scan the sshd_config and find the ssh ports (port 22 may be closed)
+	# to the zone file (that trigger bumping the serial number). However,
+	# if SSH has been configured to listen on a nonstandard port, we must
+	# specify that port to sshkeyscan.
+	port = 22
 	with open('/etc/ssh/sshd_config', 'r') as f:
-		ports = []
-		t = f.readlines()
-		for line in t:
-			s = line.split()
+		for line in f:
+			s = line.rstrip().split()
 			if len(s) == 2 and s[0] == 'Port':
-				ports = ports + [s[1]]
-	# the keys are the same at each port, so we only need to get
-	# them at the first port found (may not be port 22)
-	keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
+				try:
+					port = int(s[1])
+				except ValueError:
+					pass
+				break
+	keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", str(port), "localhost"])
 	for key in sorted(keys.split("\n")):
 		if key.strip() == "" or key[0] == "#": continue
 		try:
--- a/management/munin_start.sh
+++ b/management/munin_start.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+mkdir -p /var/run/munin && chown munin /var/run/munin
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -28,7 +28,6 @@ def get_services():
 		{ "name": "Spamassassin", "port": 10025, "public": False, },
 		{ "name": "OpenDKIM", "port": 8891, "public": False, },
 		{ "name": "OpenDMARC", "port": 8893, "public": False, },
-		{ "name": "Memcached", "port": 11211, "public": False, },
 		{ "name": "Mail-in-a-Box Management Daemon", "port": 10222, "public": False, },
 		{ "name": "SSH Login (ssh)", "port": get_ssh_port(), "public": True, },
 		{ "name": "Public DNS (nsd4)", "port": 53, "public": True, },