version 1.103.2.2, 2019/02/10 03:02:10
|
version 1.110, 2018/10/25 03:27:22
|
Line 41 use IO::File;
|
Line 41 use IO::File;
|
use IO::Socket; |
use IO::Socket; |
use HTML::Entities; |
use HTML::Entities; |
use Getopt::Long; |
use Getopt::Long; |
|
use GDBM_File; |
|
use Storable qw(thaw); |
#globals |
#globals |
use vars qw (%perlvar %simplestatus $errors $warnings $notices $totalcount); |
use vars qw (%perlvar %simplestatus $errors $warnings $notices $totalcount); |
|
|
Line 114 sub checkon_daemon {
|
Line 116 sub checkon_daemon {
|
if ($fh) { |
if ($fh) { |
if (-e "$perlvar{'lonDaemons'}/logs/$daemon.log"){ |
if (-e "$perlvar{'lonDaemons'}/logs/$daemon.log"){ |
if (open(DFH,"tail -n25 $perlvar{'lonDaemons'}/logs/$daemon.log|")) { |
if (open(DFH,"tail -n25 $perlvar{'lonDaemons'}/logs/$daemon.log|")) { |
while (my $line=<DFH>) { |
while (my $line=<DFH>) { |
&log($fh,"$line"); |
&log($fh,"$line"); |
if ($line=~/INFO/) { $notices++; } |
if ($line=~/INFO/) { $notices++; } |
if ($line=~/WARNING/) { $notices++; } |
if ($line=~/WARNING/) { $notices++; } |
Line 125 sub checkon_daemon {
|
Line 127 sub checkon_daemon {
|
} |
} |
&log($fh,"</tt></p>"); |
&log($fh,"</tt></p>"); |
} |
} |
|
|
my $pidfile="$perlvar{'lonDaemons'}/logs/$daemon.pid"; |
my $pidfile="$perlvar{'lonDaemons'}/logs/$daemon.pid"; |
|
|
my $restartflag=1; |
my $restartflag=1; |
Line 166 sub checkon_daemon {
|
Line 168 sub checkon_daemon {
|
&log($fh,unlink($pidfile).' - '. |
&log($fh,unlink($pidfile).' - '. |
`killall -9 $kadaemon 2>&1`. |
`killall -9 $kadaemon 2>&1`. |
'</font><br />'); |
'</font><br />'); |
|
if ($kadaemon eq 'loncnew') { |
|
&clean_lonc_childpids(); |
|
} |
&log($fh,"<h3>$daemon not running, trying to start</h3>"); |
&log($fh,"<h3>$daemon not running, trying to start</h3>"); |
|
|
if (&start_daemon($fh,$daemon,$pidfile,$args)) { |
if (&start_daemon($fh,$daemon,$pidfile,$args)) { |
Line 204 sub checkon_daemon {
|
Line 209 sub checkon_daemon {
|
close (DFH); |
close (DFH); |
} |
} |
&log($fh,"</pre></p>"); |
&log($fh,"</pre></p>"); |
} |
} |
} |
} |
} |
} |
|
|
my $fname="$perlvar{'lonDaemons'}/logs/$daemon.log"; |
my $fname="$perlvar{'lonDaemons'}/logs/$daemon.log"; |
Line 824 sub write_checksums {
|
Line 829 sub write_checksums {
|
return; |
return; |
} |
} |
|
|
|
sub clean_nosslverify { |
|
my ($fh) = @_; |
|
my %unlinked; |
|
if (-d "$perlvar{'lonSockDir'}/nosslverify") { |
|
if (opendir(my $dh,"$perlvar{'lonSockDir'}/nosslverify")) { |
|
while (my $fname=readdir($dh)) { |
|
next if ($fname =~ /^\.+$/); |
|
if (unlink("/home/httpd/sockets/nosslverify/$fname")) { |
|
&log($fh,"Unlinking $fname<br />"); |
|
$unlinked{$fname} = 1; |
|
} |
|
} |
|
closedir($dh); |
|
} |
|
} |
|
&log($fh,"<p>Removed ".scalar(keys(%unlinked))." nosslverify clients</p>"); |
|
return %unlinked; |
|
} |
|
sub clean_lonc_childpids { |
|
my $childpiddir = "$perlvar{'lonDocRoot'}/lon-status/loncchld"; |
|
if (-d $childpiddir) { |
|
if (opendir(my $dh,$childpiddir)) { |
|
while (my $fname=readdir($dh)) { |
|
next if ($fname =~ /^\.+$/); |
|
unlink("$childpiddir/$fname"); |
|
} |
|
closedir($dh); |
|
} |
|
} |
|
} |
|
|
|
sub write_connection_config { |
|
my ($isprimary,$domconf,$url,%connectssl,%changes); |
|
my $primaryLibServer = &Apache::lonnet::domain($perlvar{'lonDefDomain'},'primary'); |
|
if ($primaryLibServer eq $perlvar{'lonHostID'}) { |
|
$isprimary = 1; |
|
} elsif ($primaryLibServer ne '') { |
|
my $protocol = $Apache::lonnet::protocol{$primaryLibServer}; |
|
my $hostname = &Apache::lonnet::hostname($primaryLibServer); |
|
unless ($protocol eq 'https') { |
|
$protocol = 'http'; |
|
} |
|
$url = $protocol.'://'.$hostname.'/cgi-bin/listdomconfig.pl'; |
|
} |
|
my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary, |
|
$url); |
|
if (ref($domconf) eq 'HASH') { |
|
if (ref($domconf->{'ssl'}) eq 'HASH') { |
|
foreach my $connect ('connto','connfrom') { |
|
if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { |
|
my ($sslreq,$sslnoreq,$currsetting); |
|
my %contypes; |
|
foreach my $type ('dom','intdom','other') { |
|
$connectssl{$connect.'_'.$type} = $domconf->{'ssl'}->{$connect}->{$type}; |
|
} |
|
} |
|
} |
|
} |
|
if (keys(%connectssl)) { |
|
my %currconf; |
|
if (open(my $fh,'<',"$perlvar{'lonTabDir'}/connectionrules.tab")) { |
|
while (my $line = <$fh>) { |
|
chomp($line); |
|
my ($name,$value) = split(/=/,$line); |
|
if ($value =~ /^(?:no|yes|req)$/) { |
|
if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) { |
|
$currconf{$name} = $value; |
|
} |
|
} |
|
} |
|
close($fh); |
|
} |
|
if (open(my $fh,'>',"$perlvar{'lonTabDir'}/connectionrules.tab")) { |
|
my $count = 0; |
|
foreach my $key (sort(keys(%connectssl))) { |
|
print $fh "$key=$connectssl{$key}\n"; |
|
if (exists($currconf{$key})) { |
|
unless ($currconf{$key} eq $connectssl{$key}) { |
|
$changes{$key} = 1; |
|
} |
|
} else { |
|
$changes{$key} = 1; |
|
} |
|
$count ++; |
|
} |
|
close($fh); |
|
print "Completed writing SSL options for lonc/lond for $count items.\n"; |
|
} |
|
} else { |
|
print "Writing of SSL options skipped - no connection rules in domain configuration.\n"; |
|
} |
|
} else { |
|
print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n"; |
|
} |
|
return %changes; |
|
} |
|
|
|
sub get_domain_config { |
|
my ($dom,$primlibserv,$isprimary,$url) = @_; |
|
my %confhash; |
|
if ($isprimary) { |
|
my $lonusersdir = $perlvar{'lonUsersDir'}; |
|
my $fname = $lonusersdir.'/'.$dom.'/configuration.db'; |
|
if (-e $fname) { |
|
my $dbref=&LONCAPA::locking_hash_tie($fname,&GDBM_READER()); |
|
if (ref($dbref) eq 'HASH') { |
|
foreach my $key (sort(keys(%{$dbref}))) { |
|
my $value = $dbref->{$key}; |
|
if ($value =~ s/^__FROZEN__//) { |
|
$value = thaw(&LONCAPA::unescape($value)); |
|
} else { |
|
$value = &LONCAPA::unescape($value); |
|
} |
|
$confhash{$key} = $value; |
|
} |
|
&LONCAPA::locking_hash_untie($dbref); |
|
} |
|
} |
|
} else { |
|
if (open(PIPE,"wget --no-check-certificate '$url?primary=$primlibserv&format=raw' |")) { |
|
my $config = ''; |
|
while (<PIPE>) { |
|
$config .= $_; |
|
} |
|
close(PIPE); |
|
if ($config) { |
|
my @pairs=split(/\&/,$config); |
|
foreach my $item (@pairs) { |
|
my ($key,$value)=split(/=/,$item,2); |
|
my $what = &LONCAPA::unescape($key); |
|
if ($value =~ s/^__FROZEN__//) { |
|
$value = thaw(&LONCAPA::unescape($value)); |
|
} else { |
|
$value = &LONCAPA::unescape($value); |
|
} |
|
$confhash{$what}=$value; |
|
} |
|
} |
|
} |
|
} |
|
return \%confhash; |
|
} |
|
|
|
sub write_hosttypes { |
|
my %intdom = &Apache::lonnet::all_host_intdom(); |
|
my %hostdom = &Apache::lonnet::all_host_domain(); |
|
my $dom = $hostdom{$perlvar{'lonHostID'}}; |
|
my $internetdom = $intdom{$perlvar{'lonHostID'}}; |
|
my %changes; |
|
if (($dom ne '') && ($internetdom ne '')) { |
|
if (keys(%hostdom)) { |
|
my %currhosttypes; |
|
if (open(my $fh,'<',"$perlvar{'lonTabDir'}/hosttypes.tab")) { |
|
while (my $line = <$fh>) { |
|
chomp($line); |
|
my ($name,$value) = split(/:/,$line); |
|
if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) { |
|
$currhosttypes{$name} = $value; |
|
} |
|
} |
|
close($fh); |
|
} |
|
if (open(my $fh,'>',"$perlvar{'lonTabDir'}/hosttypes.tab")) { |
|
my $count = 0; |
|
foreach my $lonid (sort(keys(%hostdom))) { |
|
my $type = 'other'; |
|
if ($hostdom{$lonid} eq $dom) { |
|
$type = 'dom'; |
|
} elsif ($intdom{$lonid} eq $internetdom) { |
|
$type = 'intdom'; |
|
} |
|
print $fh "$lonid:$type\n"; |
|
if (exists($currhosttypes{$lonid})) { |
|
if ($type ne $currhosttypes{$lonid}) { |
|
$changes{$lonid} = 1; |
|
} |
|
} else { |
|
$changes{$lonid} = 1; |
|
} |
|
$count ++; |
|
} |
|
close($fh); |
|
print "Completed writing host type data for $count hosts.\n"; |
|
} |
|
} else { |
|
print "Writing of host types skipped - no hosts found.\n"; |
|
} |
|
} else { |
|
print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n"; |
|
} |
|
return %changes; |
|
} |
|
|
|
sub update_revocation_list { |
|
my ($result,$changed) = &Apache::lonnet::fetch_crl_pemfile(); |
|
if ($result eq 'ok') { |
|
print "Certificate Revocation List (from CA) updated.\n"; |
|
} else { |
|
print "Certificate Revocation List from (CA) not updated.\n"; |
|
} |
|
return $changed; |
|
} |
|
|
|
sub reset_nosslverify_pids { |
|
my ($fh,%sslrem) = @_; |
|
&checkon_daemon($fh,'lond',40000,'USR2'); |
|
my $loncpidfile="$perlvar{'lonDaemons'}/logs/lonc.pid"; |
|
my $loncppid; |
|
if ((-e $loncpidfile) && (open(my $pfh,'<',$loncpidfile))) { |
|
$loncppid=<$pfh>; |
|
chomp($loncppid); |
|
close($pfh); |
|
if ($loncppid =~ /^\d+$/) { |
|
my %pids_by_host; |
|
my $docdir = $perlvar{'lonDocRoot'}; |
|
if (-d "$docdir/lon-status/loncchld") { |
|
if (opendir(my $dh,"$docdir/lon-status/loncchld")) { |
|
while (my $file = readdir($dh)) { |
|
next if ($file =~ /^\./); |
|
if (open(my $fh,'<',"$docdir/lon-status/loncchld/$file")) { |
|
my $record = <$fh>; |
|
chomp($record); |
|
close($fh); |
|
my ($remotehost,$authmode) = split(/:/,$record); |
|
$pids_by_host{$remotehost}{$authmode}{$file} = 1; |
|
} |
|
} |
|
closedir($dh); |
|
if (keys(%pids_by_host)) { |
|
foreach my $host (keys(%pids_by_host)) { |
|
if ($sslrem{$host}) { |
|
if (ref($pids_by_host{$host}) eq 'HASH') { |
|
if (ref($pids_by_host{$host}{'insecure'}) eq 'HASH') { |
|
if (keys(%{$pids_by_host{$host}{'insecure'}})) { |
|
foreach my $pid (keys(%{$pids_by_host{$host}{'insecure'}})) { |
|
if (open(PIPE,"ps -o ppid= -p $pid |")) { |
|
my $ppid = <PIPE>; |
|
chomp($ppid); |
|
close(PIPE); |
|
$ppid =~ s/(^\s+|\s+$)//g; |
|
if (($ppid == $loncppid) && (kill 0 => $pid)) { |
|
kill QUIT => $pid; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
return; |
|
} |
|
|
sub send_mail { |
sub send_mail { |
my $defdom = $perlvar{'lonDefDomain'}; |
my $defdom = $perlvar{'lonDefDomain'}; |
my $origmail = $perlvar{'lonAdmEMail'}; |
my $origmail = $perlvar{'lonAdmEMail'}; |
Line 913 sub main () {
|
Line 1176 sub main () {
|
chop $hostname; |
chop $hostname; |
$hostname=~s/[^\w\.]//g; # make sure is safe to pass through shell |
$hostname=~s/[^\w\.]//g; # make sure is safe to pass through shell |
my $subj="LON: Unconfigured machine $hostname"; |
my $subj="LON: Unconfigured machine $hostname"; |
system("echo 'Unconfigured machine $hostname.' |". |
system("echo 'Unconfigured machine $hostname.' |\ |
" mail -s '$subj' $emailto > /dev/null"); |
mailto $emailto -s '$subj' > /dev/null"); |
exit 1; |
exit 1; |
} |
} |
|
|
Line 924 sub main () {
|
Line 1187 sub main () {
|
print("User ID mismatch. This program must be run as user 'www'.\n"); |
print("User ID mismatch. This program must be run as user 'www'.\n"); |
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}"; |
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}"; |
my $subj="LON: $perlvar{'lonHostID'} User ID mismatch"; |
my $subj="LON: $perlvar{'lonHostID'} User ID mismatch"; |
system("echo 'User ID mismatch. loncron must be run as user www.' |". |
system("echo 'User ID mismatch. loncron must be run as user www.' |\ |
" mail -s '$subj' $emailto > /dev/null"); |
mailto $emailto -s '$subj' > /dev/null"); |
exit 1; |
exit 1; |
} |
} |
|
|
Line 999 sub main () {
|
Line 1262 sub main () {
|
&checkon_daemon($fh,'lonr',40000); |
&checkon_daemon($fh,'lonr',40000); |
} |
} |
if ($justreload) { |
if ($justreload) { |
|
&clean_nosslverify($fh); |
|
&write_connection_config(); |
|
&write_hosttypes(); |
|
&update_revocation_list(); |
&checkon_daemon($fh,'lond',40000,'USR2'); |
&checkon_daemon($fh,'lond',40000,'USR2'); |
&checkon_daemon($fh,'lonc',40000,'USR2'); |
&checkon_daemon($fh,'lonc',40000,'USR2'); |
} |
} |
Line 1007 sub main () {
|
Line 1274 sub main () {
|
} |
} |
if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { |
if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { |
&check_delayed_msg($fh); |
&check_delayed_msg($fh); |
&finish_logging($fh); |
|
&log_simplestatus(); |
&log_simplestatus(); |
&write_loncaparevs(); |
&write_loncaparevs(); |
&write_serverhomeIDs(); |
&write_serverhomeIDs(); |
&write_checksums(); |
&write_checksums(); |
|
my %sslrem = &clean_nosslverify($fh); |
|
my %conchgs = &write_connection_config(); |
|
my %hosttypechgs = &write_hosttypes(); |
|
my $hadcrlchg = &update_revocation_list(); |
|
if ((keys(%conchgs) > 0) || (keys(%hosttypechgs) > 0) || |
|
$hadcrlchg || (keys(%sslrem) > 0)) { |
|
&checkon_daemon($fh,'lond',40000,'USR2'); |
|
&reset_nosslverify_pids($fh,%sslrem); |
|
} |
|
&finish_logging($fh); |
if ($totalcount>200 && !$noemail) { &send_mail(); } |
if ($totalcount>200 && !$noemail) { &send_mail(); } |
} |
} |
} |
} |