From d23ae53628ab3409f3a43e6be18a9a037655c724 Mon Sep 17 00:00:00 2001 From: Michael Stanclift Date: Fri, 2 Oct 2020 14:01:17 -0500 Subject: [PATCH] 2.2.3 (#98) * feat: add option to override file owner setting (#94) * Merge changes * Change beta updater * Dev branch changes * Add check for SQLite3 * SQLite message formattitng * sqlite * repo checks * sudoers file * add sudo file * sudoer auto * overwrite not append * sudo docs * sudo instructions * SUDO instructions Co-authored-by: Dylan Praul Co-authored-by: Michael Stanclift --- ADVANCED.md | 14 ++---- CHANGELOG.md | 17 +++++-- README.md | 35 ++++++++++++-- VERSION | 2 +- gravity-sync.conf.example | 4 +- gravity-sync.sh | 99 +++++++++++++++++++++++++++++++-------- gs-nopasswd.sudo | 1 + 7 files changed, 133 insertions(+), 39 deletions(-) create mode 100644 gs-nopasswd.sudo diff --git a/ADVANCED.md b/ADVANCED.md index c6bf7cb6..58dd660c 100644 --- a/ADVANCED.md +++ b/ADVANCED.md @@ -18,8 +18,8 @@ Download the latest release from [GitHub](https://github.com/vmstan/gravity-sync ```bash cd ~ -wget https://github.com/vmstan/gravity-sync/archive/v2.2.2.zip -unzip v2.2.1.zip -d gravity-sync +wget https://github.com/vmstan/gravity-sync/archive/v2.2.3.zip +unzip v2.2.3.zip -d gravity-sync cd gravity-sync ``` @@ -220,15 +220,9 @@ At the very least, I would recommend backing up your existing `gravity-sync` fol ### Development Builds -Starting in v1.7.2, you can easily flag if you want to receive the development branch of Gravity Sync when running the built in `./gravity-sync.sh update` function. Beginning in v1.7.4 `./gravity-sync.sh dev` will now toggle the dev flag on/off. No `touch` required, although it still works that way under the covers. +Starting in v1.7.2, you can easily flag if you want to receive the development branch of Gravity Sync when running the built in `./gravity-sync.sh update` function. Beginning in v1.7.4 `./gravity-sync.sh dev` will now toggle the dev flag on/off. Starting in v2.2.3, it will prompt you to select the development branch you want to use. -To manually adjust the flag, create an empty file in the `gravity-sync` folder called `dev` and afterwards the standard `./gravity-sync.sh update` function will apply the correct updates. - -```bash -cd gravity-sync -touch dev -./gravity-sync.sh update -``` +To manually adjust the flag, create an empty file in the `gravity-sync` folder called `dev` and then edit the file to include only one line `BRANCH='origin/x.x.x'` (where x.x.x is the development version you want to use) afterwards the standard `./gravity-sync.sh update` function will apply the correct updates. Delete the `dev` file and update again to revert back to the stable/master branch. diff --git a/CHANGELOG.md b/CHANGELOG.md index d595441c..f3750eb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,16 +13,25 @@ This release also adds the `./gravity-sync.sh purge` function that will totally - I found a markdown spellcheck utility for Visual Studio Code, and ran it against all my markdown files. I'm sorry, I don't spell good. 🤷‍♂️ - New Star Trek references. -#### 2.2.2 - -- Corrects another logical problem that prevented `custom.list` from being backed up and replicated, if it didn't already exist on the local Pi-hole. - #### 2.2.1 - Corrects issue with Smart Sync where it would fail if there was no `custom.list` already present on the local Pi-hole. - Adds Pi-hole default directories to `gravity-sync.conf.example` file. - Adds `RIHOLE_BIN` variable to specify different Pi-hole binary location on remote server. +#### 2.2.2 + +- Corrects another logical problem that prevented `custom.list` from being backed up and replicated, if it didn't already exist on the local Pi-hole. + +#### 2.2.3 + +- Adds variable to easily override database/binary file owners, useful for container deployments. (Thanks @dpraul) +- Adds variable to easily override Pi-hole binary directory for remote host, seperate from local host. (Thanks @dpraul) +- Rewritten `dev` option now lets you select the branch to pull code against, allowing for more flexibility in updating against test versions of the code. The `beta` function introduced in 2.1.5 has now been removed. +- Validates existance of SQLite installation on local Pi-hole. +- Adds Gravity Sync permissions for running user to local `/etc/sudoer.d` file during `config` operation. +- Adds `./gravity-sync.sh sudo` function to create above file for existing setups, or to configure the remote Pi-hole by placing the installer files on that system. This is not required for existing functional installs, but this should also negate the need to give the Gravity Sync user NOPASSWD permissions to the entire system. + ## 2.1 ### The Backup Release diff --git a/README.md b/README.md index 857efad8..9b862728 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,9 @@ Gravity Sync is not developed by or affiliated with the Pi-hole project. This is - Pi-hole 5.0 (or higher) must already be installed on at least two systems, using any of the Linux distribution that Pi-hole is [certified to run on](https://docs.pi-hole.net/main/prerequesites/#supported-operating-systems). - While it is possible to leverage container/Docker deployments of Pi-hole and Gravity Sync, this configuration is currently not officially supported. Instructions here assume a "native" installation of Pi-hole. -- You will need to make sure that you have password-less `SUDO` enabled for the user accounts on both the primary and secondary Pi-hole. Most of the pre-built images available for the Raspberry Pi already have this configured, but if you have your Pi-hole running in a virtual machine built from a generic ISO, you may need to [adjust this manually](https://linuxize.com/post/how-to-run-sudo-command-without-password/). +- You will need to make sure that you have `SUDO` enabled for the user accounts on both the primary and secondary Pi-hole. Most of the pre-built images available for the Raspberry Pi already have this configured. During configuration you will be prompted to enable this for your Gravity Sync user. - Make sure `SSH` and `RSYNC` are installed on both the primary and secondary Pi-hole prior to installation. These two binaries are what does the heavy lifting between your Pi-hole nodes. In the past, Dropbear was supported but this has proven problematic. If you're using a ultra-lightweight Pi distribution (such as DietPi) that uses Dropbear by default, you will need to convert to OpenSSH as of Gravity Sync version 2.2. +- You will need to make sure that `SQLite3` is installed on both Pi-hole systems, in order for the backup and restore functions against the databases to completely successfully. This should be covered by the installation of Pi-hole or already installed on most Linux distros. ### Pi-hole Architecture @@ -53,7 +54,31 @@ Starting with version 2.0, Gravity Sync will attempt to sync the Adlist database ## Installation -Login to your *secondary* Pi-hole, and run: +### Primary Pi-Hole + +Minimal preperation is required (as of version 2.2.3) on your primary Pi-hole. + +Login to your *primary* Pi-hole, and install a copy of the software there: + +```bash +git clone https://github.com/vmstan/gravity-sync.git $HOME/gravity-sync +``` + +From your home directory, you should run `./gravity-sync/gravity-sync.sh sudo` + +**Once this process has completed, you can remove the entire `gravity-sync` directory from the primary Pi-hole.** + +```bash +rm $HOME/gravity-sync +``` + +After you have completed this step, log out of the *primary* Pi-hole. + +### Secondary Pi-Hole + +From this point forward, all operations will take place on your secondary Pi-hole. + +Login to your *secondary* Pi-hole, and install a copy of the software there: ```bash git clone https://github.com/vmstan/gravity-sync.git $HOME/gravity-sync @@ -65,20 +90,22 @@ Proceed to the Configuration section. ## Configuration -After you install Gravity Sync to your server you will need to create a configuration file. +After you install Gravity Sync to your *secondary Pi-hole* you will need to create a configuration file. ```bash +cd $HOME/gravity-sync ./gravity-sync.sh config ``` This will guide you through the process of: -- Specifying the IP or DNS name of your primary Pi-hole. +- Specifying the IP or xDNS name of your primary Pi-hole. - Specifying the SSH username to connect to your primary Pi-hole. - Selecting the SSH authentication mechanism (key-pair or password.) - Configuring your key-pair and applying it to your primary Pi-hole. - Testing your authentication method, and testing RSYNC to the primary. - Perform a backup of the existing Pi-hole database. +- Adding your Gravity Sync user to the local SUDO configuration to run passwordless. The configuration will be saved as `gravity-sync.conf` in the same folder as the script. If you need to make adjustments to your settings in the future, you can edit this file or run the configuration tool to generate a new one. diff --git a/VERSION b/VERSION index 7e541aec..6b4d1577 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2.2 \ No newline at end of file +2.2.3 \ No newline at end of file diff --git a/gravity-sync.conf.example b/gravity-sync.conf.example index 4264d667..4247bde9 100644 --- a/gravity-sync.conf.example +++ b/gravity-sync.conf.example @@ -45,4 +45,6 @@ REMOTE_PASS='' # GRAVITY_FI='' # CUSTOM_DNS='' # PIHOLE_BIN='' -# RIHOLE_BIN='' \ No newline at end of file +# RIHOLE_BIN='' +# FILE_OWNER='' +# REMOTE_FILE_OWNER='' \ No newline at end of file diff --git a/gravity-sync.sh b/gravity-sync.sh index 9749c86f..99762b4c 100755 --- a/gravity-sync.sh +++ b/gravity-sync.sh @@ -3,7 +3,7 @@ SCRIPT_START=$SECONDS # GRAVITY SYNC BY VMSTAN ##################### PROGRAM='Gravity Sync' -VERSION='2.2.2' +VERSION='2.2.3' # Execute from the home folder of the user who owns it (ex: 'cd ~/gravity-sync') # For documentation or downloading updates visit https://github.com/vmstan/gravity-sync @@ -42,6 +42,8 @@ GRAVITY_FI='gravity.db' # default Pi-hole database file CUSTOM_DNS='custom.list' # default Pi-hole local DNS lookups PIHOLE_BIN='/usr/local/bin/pihole' # default Pi-hole binary directory (local) RIHOLE_BIN='/usr/local/bin/pihole' # default Pi-hole binary directory (remote) +FILE_OWNER='pihole:pihole' # default Pi-hole file owner and group (local) +REMOTE_FILE_OWNER='pihole:pihole' # default Pi-hole file owner and group (remote) # OS Settings BASH_PATH='/bin/bash' # default OS bash path @@ -114,17 +116,14 @@ function show_target { function update_gs { if [ -f "$HOME/${LOCAL_FOLDR}/dev" ] then - BRANCH='development' - elif [ -f "$HOME/${LOCAL_FOLDR}/beta" ] - then - BRANCH='beta' + source $HOME/${LOCAL_FOLDR}/dev else - BRANCH='master' + BRANCH='origin/master' fi - if [ "$BRANCH" = "development" ] + if [ "$BRANCH" != "origin/master" ] then - MESSAGE="Pulling from origin/${BRANCH}" + MESSAGE="Pulling from ${BRANCH}" echo_info fi @@ -141,7 +140,7 @@ function update_gs { error_validate MESSAGE="Applying Update" echo_stat - git reset --hard origin/${BRANCH} >/dev/null 2>&1 + git reset --hard ${BRANCH} >/dev/null 2>&1 error_validate fi } @@ -168,8 +167,8 @@ function pull_gs_grav { MESSAGE="Validating Settings of ${GRAVITY_FI}" echo_stat - GRAVDB_OWN=$(ls -ld ${PIHOLE_DIR}/${GRAVITY_FI} | awk '{print $3 $4}') - if [ "$GRAVDB_OWN" != "piholepihole" ] + GRAVDB_OWN=$(ls -ld ${PIHOLE_DIR}/${GRAVITY_FI} | awk 'OFS=":" {print $3,$4}') + if [ "$GRAVDB_OWN" != "$FILE_OWNER" ] then MESSAGE="Validating Ownership on ${GRAVITY_FI}" echo_fail @@ -179,7 +178,7 @@ function pull_gs_grav { MESSAGE="Setting Ownership on ${GRAVITY_FI}" echo_stat - sudo chown pihole:pihole ${PIHOLE_DIR}/${GRAVITY_FI} >/dev/null 2>&1 + sudo chown ${FILE_OWNER} ${PIHOLE_DIR}/${GRAVITY_FI} >/dev/null 2>&1 error_validate MESSAGE="Continuing Validation of ${GRAVITY_FI}" @@ -332,7 +331,7 @@ function push_gs_grav { MESSAGE="Setting Ownership on ${GRAVITY_FI}" echo_stat CMD_TIMEOUT='15' - CMD_REQUESTED="sudo chown pihole:pihole ${PIHOLE_DIR}/${GRAVITY_FI}" + CMD_REQUESTED="sudo chown ${RFILE_OWNER} ${PIHOLE_DIR}/${GRAVITY_FI}" create_sshcmd } @@ -626,8 +625,8 @@ function restore_gs { MESSAGE="Validating Ownership on ${GRAVITY_FI}" echo_stat - GRAVDB_OWN=$(ls -ld ${PIHOLE_DIR}/${GRAVITY_FI} | awk '{print $3 $4}') - if [ "$GRAVDB_OWN" == "piholepihole" ] + GRAVDB_OWN=$(ls -ld ${PIHOLE_DIR}/${GRAVITY_FI} | awk 'OFS=":" {print $3,$4}') + if [ "$GRAVDB_OWN" == "$FILE_OWNER" ] then echo_good else @@ -638,7 +637,7 @@ function restore_gs { MESSAGE="Setting Ownership on ${GRAVITY_FI}" echo_stat - sudo chown pihole:pihole ${PIHOLE_DIR}/${GRAVITY_FI} >/dev/null 2>&1 + sudo chown ${FILE_OWNER} ${PIHOLE_DIR}/${GRAVITY_FI} >/dev/null 2>&1 error_validate fi @@ -872,6 +871,26 @@ function validate_ph_folders { echo_good } +## Validate SQLite3 +function validate_sqlite3 { + MESSAGE="Validating SQLITE Installed on $HOSTNAME" + echo_stat + if hash sqlite3 2>/dev/null + then + MESSAGE="SQLITE3 Utility Detected" + echo_good + else + MESSAGE="SQLITE3 Utility Missing" + echo_warn + + MESSAGE="Installing SQLLITE3 with ${PKG_MANAGER}" + echo_stat + + ${PKG_INSTALL} sqllite3 >/dev/null 2>&1 + error_validate + fi +} + ## Validate SSHPASS function validate_os_sshpass { SSHPASSWORD='' @@ -1376,6 +1395,8 @@ function intent_validate { # Configuration Management ## Generate New Configuration function config_generate { + task_sudo + detect_ssh MESSAGE="Creating ${CONFIG_FILE} from Template" @@ -1492,6 +1513,7 @@ function config_generate { echo_info validate_os_sshpass + validate_sqlite3 detect_remotersync } @@ -1768,6 +1790,14 @@ function task_devmode { echo_stat touch $HOME/${LOCAL_FOLDR}/dev error_validate + + git branch -r + + MESSAGE="Select Branch to Update Against" + echo_need + read INPUT_BRANCH + + echo -e "BRANCH='${INPUT_BRANCH}'" >> $HOME/${LOCAL_FOLDR}/dev fi MESSAGE="Run UPDATE to apply changes" @@ -1944,6 +1974,26 @@ function task_purge { update_gs } +## Sudo Creation Task +function task_sudo { + TASKTYPE='SUDO' + MESSAGE="${MESSAGE}: ${TASKTYPE} Requested" + echo_good + + MESSAGE="Creating Sudoer.d Template" + echo_stat + + NEW_SUDO_USER=$(whoami) + echo -e "${NEW_SUDO_USER} ALL=(ALL) NOPASSWD: ${PIHOLE_DIR}" > gs-nopasswd.sudo + error_validate + + MESSAGE="Installing Sudoer.d File" + echo_stat + + sudo install -m 0440 gs-nopasswd.sudo /etc/sudoers.d/gs-nopasswd + error_validate +} + ## Backup Task function task_backup { TASKTYPE='BACKUP' @@ -2086,6 +2136,7 @@ case $# in show_target validate_gs_folders validate_ph_folders + validate_sqlite3 validate_os_sshpass smart_gs @@ -2103,6 +2154,7 @@ case $# in show_target validate_gs_folders validate_ph_folders + validate_sqlite3 validate_os_sshpass smart_gs @@ -2118,6 +2170,7 @@ case $# in show_target validate_gs_folders validate_ph_folders + validate_sqlite3 validate_os_sshpass smart_gs @@ -2133,6 +2186,7 @@ case $# in show_target validate_gs_folders validate_ph_folders + validate_sqlite3 validate_os_sshpass pull_gs @@ -2148,6 +2202,7 @@ case $# in show_target validate_gs_folders validate_ph_folders + validate_sqlite3 validate_os_sshpass push_gs @@ -2163,6 +2218,7 @@ case $# in show_target validate_gs_folders validate_ph_folders + validate_sqlite3 restore_gs exit @@ -2184,9 +2240,9 @@ case $# in task_devmode ;; - beta) - task_betamode - ;; + # beta) + # task_betamode + # ;; devmode) task_devmode @@ -2232,6 +2288,11 @@ case $# in task_purge ;; + sudo) + task_sudo + exit_withchange + ;; + *) task_invalid ;; diff --git a/gs-nopasswd.sudo b/gs-nopasswd.sudo new file mode 100644 index 00000000..707678ce --- /dev/null +++ b/gs-nopasswd.sudo @@ -0,0 +1 @@ +pi ALL=NOPASSWD: /etc/pihole \ No newline at end of file