--- loncom/loncron 2021/02/01 01:33:17 1.103.2.10
+++ loncom/loncron 2018/10/29 02:57:30 1.112
@@ -2,7 +2,7 @@
# Housekeeping program, started by cron, loncontrol and loncron.pl
#
-# $Id: loncron,v 1.103.2.10 2021/02/01 01:33:17 raeburn Exp $
+# $Id: loncron,v 1.112 2018/10/29 02:57:30 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -37,16 +37,12 @@ use LONCAPA;
use Apache::lonnet;
use Apache::loncommon;
-use LWP::UserAgent();
-use HTTP::Request();
use IO::File;
use IO::Socket;
use HTML::Entities;
use Getopt::Long;
-use File::ReadBackwards;
-use File::Copy;
-use Sys::Hostname::FQDN();
-
+use GDBM_File;
+use Storable qw(thaw);
#globals
use vars qw (%perlvar %simplestatus $errors $warnings $notices $totalcount);
@@ -79,14 +75,14 @@ sub rotate_logfile {
rename("$file.2","$file.3");
rename("$file.1","$file.2");
rename("$file","$file.1");
- }
+ }
}
sub start_daemon {
my ($fh,$daemon,$pidfile,$args) = @_;
my $progname=$daemon;
if ($daemon eq 'lonc') {
- $progname='loncnew';
+ $progname='loncnew';
}
my $error_fname="$perlvar{'lonDaemons'}/logs/${daemon}_errors";
&rotate_logfile($error_fname,$fh,'error logs');
@@ -120,7 +116,7 @@ sub checkon_daemon {
if ($fh) {
if (-e "$perlvar{'lonDaemons'}/logs/$daemon.log"){
if (open(DFH,"tail -n25 $perlvar{'lonDaemons'}/logs/$daemon.log|")) {
- while (my $line=
"); open (DFH,"df|"); - while (my $line=) { - &log($fh,&encode_entities($line,'<>&"')); + while (my $line= ) { + &log($fh,&encode_entities($line,'<>&"')); @parts=split(/\s+/,$line); my $usage=$parts[4]; $usage=~s/\W//g; - if ($usage>90) { + if ($usage>90) { $warnings++; - $notices++; + $notices++; } elsif ($usage>80) { $warnings++; } elsif ($usage>60) { @@ -285,8 +269,8 @@ sub log_machine_info { my $psproc=0; open (PSH,"ps aux --cols 140 |"); - while (my $line= ) { - &log($fh,&encode_entities($line,'<>&"')); + while (my $line= ) { + &log($fh,&encode_entities($line,'<>&"')); $psproc++; } close (PSH); @@ -308,7 +292,7 @@ sub start_logging { my %simplestatus=(); my $now=time; my $date=localtime($now); - + &log($fh,(< @@ -424,12 +408,12 @@ sub recursive_clean_tmp { ($cleaned,$old,$removed) = &recursive_clean_tmp($innerdir,$cleaned,$old,$removed,$errors); my @doms = &Apache::lonnet::current_machine_domains(); - + if (open(my $dirhandle,$fname)) { unless (($innerdir eq 'helprequests') || (($innerdir =~ /^addcourse/) && ($innerdir !~ m{/\d+$}))) { my @contents = grep {!/^\.\.?$/} readdir($dirhandle); - join('&&',@contents)."\n"; + join('&&',@contents)."\n"; if (scalar(grep {!/^\.\.?$/} readdir($dirhandle)) == 0) { closedir($dirhandle); if ($fname =~ m{^\Q$perlvar{'lonDaemons'}\E/tmp/}) { @@ -482,7 +466,7 @@ sub recursive_clean_tmp { } } } elsif (ref($errors->{failopen}) eq 'ARRAY') { - push(@{$errors->{failopen}},$fname); + push(@{$errors->{failopen}},$fname); } } else { if (unlink($fname)) { @@ -508,71 +492,24 @@ sub clean_lonIDs { my $cleaned=0; my $active=0; while (my $fname=<$perlvar{'lonIDsDir'}/*>) { - my $now=time; - if (-l $fname) { - my $linkfname = readlink($fname); - if (-f $linkfname) { - if ($linkfname =~ m{^$perlvar{'lonIDsDir'}/[^/]+\.id$}) { - my @data = stat($linkfname); - my $mtime = $data[9]; - my $since=$now-$mtime; - if ($since>$perlvar{'lonExpire'}) { - if (unlink($linkfname)) { - $cleaned++; - &log($fh,"Unlinking $linkfname
"); - unlink($fname); - } - } - } - } else { - unlink($fname); - } - } elsif (-f $fname) { - my @data = stat($fname); - my $mtime = $data[9]; - my $since=$now-$mtime; - if ($since>$perlvar{'lonExpire'}) { - if (unlink($fname)) { - $cleaned++; - &log($fh,"Unlinking $fname
"); - } - } else { - $active++; - } - } + my ($dev,$ino,$mode,$nlink, + $uid,$gid,$rdev,$size, + $atime,$mtime,$ctime, + $blksize,$blocks)=stat($fname); + my $now=time; + my $since=$now-$mtime; + if ($since>$perlvar{'lonExpire'}) { + $cleaned++; + &log($fh,"Unlinking $fname
"); + unlink("$fname"); + } else { + $active++; + } } &log($fh,"Cleaned up ".$cleaned." stale session token(s).
"); &log($fh,"$active open session(s)
"); } -# -------------------------------------------------------- clean out balanceIDs - -sub clean_balanceIDs { - my ($fh)=@_; - &log($fh,'Session Tokens
'); - my $cleaned=0; - my $active=0; - if (-d $perlvar{'lonBalanceDir'}) { - while (my $fname=<$perlvar{'lonBalanceDir'}/*.id>) { - my ($dev,$ino,$mode,$nlink, - $uid,$gid,$rdev,$size, - $atime,$mtime,$ctime, - $blksize,$blocks)=stat($fname); - my $now=time; - my $since=$now-$mtime; - if ($since>$perlvar{'lonExpire'}) { - $cleaned++; - &log($fh,"Unlinking $fname
"); - unlink("$fname"); - } else { - $active++; - } - } - } - &log($fh,"Cleaned up ".$cleaned." stale balancer files
"); - &log($fh,"$active unexpired balancer files
"); -} - # ------------------------------------------------ clean out webDAV Session IDs sub clean_webDAV_sessionIDs { my ($fh)=@_; @@ -636,16 +573,16 @@ sub rotate_lonnet_logs { print "Checking logs.\n"; if (-e "$perlvar{'lonDaemons'}/logs/lonnet.log"){ open (DFH,"tail -n50 $perlvar{'lonDaemons'}/logs/lonnet.log|"); - while (my $line=) { + while (my $line= ) { &log($fh,&encode_entities($line,'<>&"')); } close (DFH); } &log($fh,"
"); - + if (-e "$perlvar{'lonDaemons'}/logs/lonnet.perm.log") { open(DFH,"tail -n10 $perlvar{'lonDaemons'}/logs/lonnet.perm.log|"); - while (my $line=) { + while (my $line= ) { &log($fh,&encode_entities($line,'<>&"')); } close (DFH); @@ -709,199 +646,35 @@ sub test_connections { # ------------------------------------------------------------ Delayed messages sub check_delayed_msg { - my ($fh,$weightsref,$exclusionsref)=@_; + my ($fh)=@_; &log($fh,' Delayed Messages
'); print "Checking buffers.\n"; &log($fh,'Scanning Permanent Log
'); my $unsend=0; - my $ignored=0; my %hostname = &Apache::lonnet::all_hostnames(); my $numhosts = scalar(keys(%hostname)); - my $checkbackwards = 0; - my $checkfrom = 0; - my $checkexcluded = 0; - my (%bymachine,%weights,%exclusions,%serverhomes); - if (ref($weightsref) eq 'HASH') { - %weights = %{$weightsref}; - } - if (ref($exclusionsref) eq 'HASH') { - %exclusions = %{$exclusionsref}; - if (keys(%exclusions)) { - $checkexcluded = 1; - %serverhomes = &read_serverhomeIDs(); - } - } - -# -# For LON-CAPA 1.2.0 to 2.1.3 (release dates: 8/31/2004 and 3/31/2006) any -# entry logged in lonnet.perm.log for completion of a delayed (critical) -# transaction lacked the hostID for the remote node to which the command -# to be completed was sent. -# -# Because of this, exclusion of items in lonnet.perm.log for nodes which are -# no longer part of the cluster from adding to the overall "unsend" count -# needs additional effort besides the changes made in loncron rev. 1.105. -# -# For "S" (completion) events logging in LON-CAPA 1.2.0 through 2.1.3 included -# "LondTransaction=HASH(hexadecimal)->getClient() :$cmd, where the hexadecimal -# is a memory location, and $cmd is the command sent to the remote node. -# -# Starting with 2.2.0 (released 8/21/2006) logging for "S" (completion) events -# had sethost:$host_id:$cmd after LondTransaction=HASH(hexadecimal)->getClient() -# -# Starting with 2.4.1 (released 6/13/2007) logging for "S" replaced echoing the -# getClient() call with the result of the Transaction->getClient() call itself -# undef for completion of delivery of a delayed message. -# -# The net effect of these changes is that lonnet.perm.log is now accessed three -# times: (a) oldest record is checked, if earlier than release date for 2.5.0 -# then (b) file is read backwards, with timestamp recorded for most recent -# instance of logged "S" event for "update" command without "sethost:$host_id:" -# then (c) file is read forward with records ignored which predate the timestamp -# recorded in (b), if one was found. -# -# In (c), when calculating the unsend total, i.e., the difference between delayed -# transactions ("D") and sent transactions ("S"), transactions are ignored if the -# target node is no longer in the cluster, and also (for "update" commands), if -# the target node is in the list of nodes excluded from the count, in the domain -# configuration for this machine's default domain. The idea here is to remove -# delayed "update" commands for nodes for which inbound access to port 5663, -# is blocked, but are still part of the LON-CAPA network, (i.e., they can still -# replicate content from other nodes). -# - my $dfh=IO::File->new("$perlvar{'lonDaemons'}/logs/lonnet.perm.log","r"); - if (defined($dfh)) { - while (my $line=<$dfh>) { - my ($time,$sdf,$rest)=split(/:/,$line,3); - if ($time < 1541185772) { - $checkbackwards = 1; - } - last; - } - undef $dfh; - } - - if ($checkbackwards) { - if (tie *BW, 'File::ReadBackwards', "$perlvar{'lonDaemons'}/logs/lonnet.perm.log") { - while(my $line=) { - if ($line =~ /\QLondTransaction=HASH\E[^:]+:update:/) { - ($checkfrom) = split(/:/,$line,2); - last; - } - } - close(BW); - } + my $dfh=IO::File->new("$perlvar{'lonDaemons'}/logs/lonnet.perm.log"); + while (my $line=<$dfh>) { + my ($time,$sdf,$dserv,$dcmd)=split(/:/,$line); + if ($numhosts) { + next unless ($hostname{$dserv}); + } + if ($sdf eq 'F') { + my $local=localtime($time); + &log($fh,"Failed: $time, $dserv, $dcmd
"); + $warnings++; + } + if ($sdf eq 'S') { $unsend--; } + if ($sdf eq 'D') { $unsend++; } } - $dfh=IO::File->new("$perlvar{'lonDaemons'}/logs/lonnet.perm.log","r"); - if (defined($dfh)) { - while (my $line=<$dfh>) { - my ($time,$sdf,$rest)=split(/:/,$line,3); - next unless (($sdf eq 'F') || ($sdf eq 'S') || ($sdf eq 'D')); - next if (($checkfrom) && ($time <= $checkfrom)); - my ($dserv,$dcmd); - if ($sdf eq 'S') { - my ($serva,$cmda,$servb,$cmdb) = split(/:/,$rest); - if ($cmda eq 'sethost') { - chomp($cmdb); - $dcmd = $cmdb; - } else { - $dcmd = $cmda; - } - if (($serva =~ /^LondTransaction/) || ($serva eq '')) { - unless (($servb eq '') || ($servb =~ m{^/})) { - $dserv = $servb; - } - } else { - $dserv = $serva; - } - } else { - ($dserv,$dcmd) = split(/:/,$rest); - } - if ($sdf eq 'F') { - my $local=localtime($time); - &log($fh,"Failed: $time, $dserv, $dcmd
"); - $warnings++; - } - next if ((($dserv eq '') || ($dcmd eq '')) && ($sdf ne 'F')); - if ($sdf eq 'S') { - if ($dcmd eq 'update') { - if ($hostname{$dserv}) { - if ($exclusions{$serverhomes{$hostname{$dserv}}}) { - $ignored --; - } else { - $unsend --; - } - } - if (exists($bymachine{$dserv})) { - $bymachine{$dserv} --; - } else { - $bymachine{$dserv} = -1; - } - } else { - if ($hostname{$dserv}) { - $unsend --; - } - } - } elsif ($sdf eq 'D') { - if ($dcmd eq 'update') { - if ($hostname{$dserv}) { - if ($exclusions{$serverhomes{$hostname{$dserv}}}) { - $ignored ++; - } else { - $unsend ++; - } - } - if (exists($bymachine{$dserv})) { - $bymachine{$dserv} ++; - } else { - $bymachine{$dserv} = 1; - } - } else { - if ($hostname{$dserv}) { - $unsend ++; - } - } - } - } - undef $dfh; - my $nodest = 0; - my $retired = 0; - my %active; - if (keys(%bymachine)) { - unless ($checkexcluded) { - %serverhomes = &read_serverhomeIDs(); - } - foreach my $key (keys(%bymachine)) { - if ($bymachine{$key} > 0) { - if ($hostname{$key}) { - $active{$serverhomes{$hostname{$key}}} += $bymachine{$key}; - } else { - $retired ++; - $nodest += $bymachine{$key}; - } - } - } - } - if (keys(%active)) { - &log($fh,"Unsend messages by node, active (undegraded) nodes in cluster
\n"); - foreach my $key (sort(keys(%active))) { - &log($fh,&encode_entities("$key => $active{$key}",'<>&"')."\n"); - } - } - &log($fh,"Total unsend messages: $unsend for ".scalar(keys(%active))." active (undegraded) nodes in cluster.
\n"); - if (keys(%exclusions) > 0) { - &log($fh,"Total incomplete updates $ignored for ".scalar(keys(%exclusions))." degraded nodes in cluster.
\n"); - } - if ($retired) { - &log($fh,"Total unsent $nodest for $retired nodes no longer in cluster.
\n"); - } - if ($unsend > 0) { - $warnings=$warnings+$weights{'U'}*$unsend; - } + + &log($fh,"Total unsend messages: $unsend
\n"); + if ($unsend > 0) { + $warnings=$warnings+5*$unsend; } if ($unsend) { $simplestatus{'unsend'}=$unsend; } @@ -940,13 +713,9 @@ sub check_delayed_msg { } sub finish_logging { - my ($fh,$weightsref)=@_; - my %weights; - if (ref($weightsref) eq 'HASH') { - %weights = %{$weightsref}; - } + my ($fh)=@_; &log($fh,"\n"); - $totalcount=($weights{'N'}*$notices)+($weights{'W'}*$warnings)+($weights{'E'}*$errors); + $totalcount=$notices+4*$warnings+100*$errors; &errout($fh); &log($fh,"Total Error Count: $totalcount
"); my $now=time; @@ -1015,7 +784,7 @@ sub write_serverhomeIDs { eval { local $SIG{ ALRM } = sub { die "TIMEOUT" }; alarm(10); - $serverhomeID = + $serverhomeID = &Apache::lonnet::get_server_homeID($name,1,'loncron'); alarm(0); }; @@ -1060,108 +829,106 @@ sub write_checksums { return; } -sub write_hostips { - my $lontabdir = $perlvar{'lonTabDir'}; - my $defdom = $perlvar{'lonDefDomain'}; - my $lonhost = $perlvar{'lonHostID'}; - my $newfile = "$lontabdir/currhostips.tab"; - my $oldfile = "$lontabdir/prevhostips.tab"; - my (%prevhosts,%currhosts,%ipchange); - if ((-e $newfile) && (-s $newfile)) { - move($newfile,$oldfile); - chmod(0644,$oldfile); - if (open(my $fh,'<',$oldfile)) { - while (my $line=<$fh>) { - chomp($line); - if ($line =~ /^([^:]+):([\d.]+)$/) { - $prevhosts{$1} = $2; +sub clean_nosslverify { + my ($fh) = @_; + my %unlinked; + if (-d "$perlvar{'lonSockDir'}/nosslverify") { + if (opendir(my $dh,"$perlvar{'lonSockDir'}/nosslverify")) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + if (unlink("/home/httpd/sockets/nosslverify/$fname")) { + &log($fh,"Unlinking $fname
"); + $unlinked{$fname} = 1; } } - close($fh); + closedir($dh); } } - my ($ip_info,$cached) = - &Apache::lonnet::is_cached_new('iphost','iphost'); - if (!$cached) { - &Apache::lonnet::get_iphost(); - ($ip_info,$cached) = - &Apache::lonnet::is_cached_new('iphost','iphost'); - } - if (ref($ip_info) eq 'ARRAY') { - %currhosts = %{$ip_info->[1]}; - if (open(my $fh,'>',$newfile)) { - foreach my $key (keys(%currhosts)) { - print $fh "$key:$currhosts{$key}\n"; + &log($fh,"Removed ".scalar(keys(%unlinked))." nosslverify clients
"); + return %unlinked; +} +sub clean_lonc_childpids { + my $childpiddir = "$perlvar{'lonDocRoot'}/lon-status/loncchld"; + if (-d $childpiddir) { + if (opendir(my $dh,$childpiddir)) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + unlink("$childpiddir/$fname"); } - close($fh); - chmod(0644,$newfile); + closedir($dh); } } - if (keys(%prevhosts) && keys(%currhosts)) { - foreach my $key (keys(%prevhosts)) { - unless ($currhosts{$key} eq $prevhosts{$key}) { - $ipchange{$key} = $prevhosts{$key}.' | '.$currhosts{$key}; - } +} + +sub write_connection_config { + my ($isprimary,$domconf,$url,%connectssl,%changes); + my $primaryLibServer = &Apache::lonnet::domain($perlvar{'lonDefDomain'},'primary'); + if ($primaryLibServer eq $perlvar{'lonHostID'}) { + $isprimary = 1; + } elsif ($primaryLibServer ne '') { + my $protocol = $Apache::lonnet::protocol{$primaryLibServer}; + my $hostname = &Apache::lonnet::hostname($primaryLibServer); + unless ($protocol eq 'https') { + $protocol = 'http'; } - foreach my $key (keys(%currhosts)) { - unless ($currhosts{$key} eq $prevhosts{$key}) { - $ipchange{$key} = $prevhosts{$key}.' | '.$currhosts{$key}; + $url = $protocol.'://'.$hostname.'/cgi-bin/listdomconfig.pl'; + } + my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary, + $url); + if (ref($domconf) eq 'HASH') { + if (ref($domconf->{'ssl'}) eq 'HASH') { + foreach my $connect ('connto','connfrom') { + if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { + my ($sslreq,$sslnoreq,$currsetting); + my %contypes; + foreach my $type ('dom','intdom','other') { + $connectssl{$connect.'_'.$type} = $domconf->{'ssl'}->{$connect}->{$type}; + } + } } } - } - if (&Apache::lonnet::domain($defdom,'primary') eq $lonhost) { - if (keys(%ipchange)) { - if (open(my $fh,'>>',$perlvar{'lonDaemons'}.'/logs/hostip.log')) { - print $fh "********************\n".localtime(time).' Changes --'."\n". - "| Hostname | Previous IP | New IP |\n". - " --------------------------------- \n"; - foreach my $hostname (sort(keys(%ipchange))) { - print $fh "| $hostname | $ipchange{$hostname} |\n"; + if (keys(%connectssl)) { + my %currconf; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/=/,$line); + if ($value =~ /^(?:no|yes|req)$/) { + if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) { + $currconf{$name} = $value; + } + } } - print $fh "\n*******************\n\n"; close($fh); } - my $emailto = &Apache::loncommon::build_recipient_list(undef, - 'hostipmail',$defdom); - if ($emailto) { - my $subject = "LON-CAPA Hostname to IP change ($perlvar{'lonHostID'})"; - my $chgmail = "To: $emailto\n". - "Subject: $subject\n". - "Content-type: text/plain\; charset=UTF-8\n". - "MIME-Version: 1.0\n\n". - "Host/IP changes\n". - " \n". - "| Hostname | Previous IP | New IP |\n". - " --------------------------------- \n"; - foreach my $hostname (sort(keys(%ipchange))) { - $chgmail .= "| $hostname | $ipchange{$hostname} |\n"; - } - $chgmail .= "\n\n"; - if (open(my $mailh, "|/usr/lib/sendmail -oi -t -odb")) { - print $mailh $chgmail; - close($mailh); - print "Sending mail notification of hostname/IP changes.\n"; + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + my $count = 0; + foreach my $key (sort(keys(%connectssl))) { + print $fh "$key=$connectssl{$key}\n"; + if (exists($currconf{$key})) { + unless ($currconf{$key} eq $connectssl{$key}) { + $changes{$key} = 1; + } + } else { + $changes{$key} = 1; + } + $count ++; } + close($fh); + print "Completed writing SSL options for lonc/lond for $count items.\n"; } + } else { + print "Writing of SSL options skipped - no connection rules in domain configuration.\n"; } + } else { + print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n"; } - return; + return %changes; } sub get_domain_config { - my ($dom,$primlibserv,$isprimary,$url,%confhash); - $dom = $perlvar{'lonDefDomain'}; - $primlibserv = &Apache::lonnet::domain($dom,'primary'); - if ($primlibserv eq $perlvar{'lonHostID'}) { - $isprimary = 1; - } elsif ($primlibserv ne '') { - my $protocol = $Apache::lonnet::protocol{$primlibserv}; - my $hostname = &Apache::lonnet::hostname($primlibserv); - unless ($protocol eq 'https') { - $protocol = 'http'; - } - $url = $protocol.'://'.$hostname.'/cgi-bin/listdomconfig.pl?primary='.$primlibserv.'&format=raw'; - } + my ($dom,$primlibserv,$isprimary,$url) = @_; + my %confhash; if ($isprimary) { my $lonusersdir = $perlvar{'lonUsersDir'}; my $fname = $lonusersdir.'/'.$dom.'/configuration.db'; @@ -1181,14 +948,14 @@ sub get_domain_config { } } } else { - my $ua=new LWP::UserAgent; - $ua->timeout(5); - my $request=new HTTP::Request('GET',$url); - my $response=$ua->request($request); - unless ($response->is_error()) { - my $content = $response->content; - if ($content) { - my @pairs=split(/\&/,$content); + if (open(PIPE,"wget --no-check-certificate '$url?primary=$primlibserv&format=raw' |")) { + my $config = ''; + while () { + $config .= $_; + } + close(PIPE); + if ($config) { + my @pairs=split(/\&/,$config); foreach my $item (@pairs) { my ($key,$value)=split(/=/,$item,2); my $what = &LONCAPA::unescape($key); @@ -1205,69 +972,127 @@ sub get_domain_config { return \%confhash; } -sub get_permcount_settings { - my ($domconf) = @_; - my ($defaults,$names) = &Apache::loncommon::lon_status_items(); - my (%weights,$threshold,$sysmail,$reportstatus,%exclusions); - foreach my $type ('E','W','N','U') { - $weights{$type} = $defaults->{$type}; - } - $threshold = $defaults->{'threshold'}; - $sysmail = $defaults->{'sysmail'}; - $reportstatus = 1; - if (ref($domconf) eq 'HASH') { - if (ref($domconf->{'contacts'}) eq 'HASH') { - if ($domconf->{'contacts'}{'reportstatus'} == 0) { - $reportstatus = 0; - } - if (ref($domconf->{'contacts'}{'lonstatus'}) eq 'HASH') { - if (ref($domconf->{'contacts'}{'lonstatus'}{weights}) eq 'HASH') { - foreach my $type ('E','W','N','U') { - if (exists($domconf->{'contacts'}{'lonstatus'}{weights}{$type})) { - $weights{$type} = $domconf->{'contacts'}{'lonstatus'}{weights}{$type}; - } +sub write_hosttypes { + my %intdom = &Apache::lonnet::all_host_intdom(); + my %hostdom = &Apache::lonnet::all_host_domain(); + my $dom = $hostdom{$perlvar{'lonHostID'}}; + my $internetdom = $intdom{$perlvar{'lonHostID'}}; + my %changes; + if (($dom ne '') && ($internetdom ne '')) { + if (keys(%hostdom)) { + my %currhosttypes; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/:/,$line); + if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) { + $currhosttypes{$name} = $value; } } - if (ref($domconf->{'contacts'}{'lonstatus'}{'excluded'}) eq 'ARRAY') { - my @excluded = @{$domconf->{'contacts'}{'lonstatus'}{'excluded'}}; - if (@excluded) { - map { $exclusions{$_} = 1; } @excluded; + close($fh); + } + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + my $count = 0; + foreach my $lonid (sort(keys(%hostdom))) { + my $type = 'other'; + if ($hostdom{$lonid} eq $dom) { + $type = 'dom'; + } elsif ($intdom{$lonid} eq $internetdom) { + $type = 'intdom'; } + print $fh "$lonid:$type\n"; + if (exists($currhosttypes{$lonid})) { + if ($type ne $currhosttypes{$lonid}) { + $changes{$lonid} = 1; + } + } else { + $changes{$lonid} = 1; + } + $count ++; } - if (exists($domconf->{'contacts'}{'lonstatus'}{'threshold'})) { - $threshold = $domconf->{'contacts'}{'lonstatus'}{'threshold'}; - } - if (exists($domconf->{'contacts'}{'lonstatus'}{'sysmail'})) { - $sysmail = $domconf->{'contacts'}{'lonstatus'}{'sysmail'}; - } + close($fh); + print "Completed writing host type data for $count hosts.\n"; } + } else { + print "Writing of host types skipped - no hosts found.\n"; } + } else { + print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n"; + } + return %changes; +} + +sub update_revocation_list { + my ($result,$changed) = &Apache::lonnet::fetch_crl_pemfile(); + if ($result eq 'ok') { + print "Certificate Revocation List (from CA) updated.\n"; + } else { + print "Certificate Revocation List from (CA) not updated.\n"; } - return ($threshold,$sysmail,$reportstatus,\%weights,\%exclusions); + return $changed; } -sub read_serverhomeIDs { - my %server; - if (-e "$perlvar{'lonTabDir'}/serverhomeIDs.tab") { - if (open(my $fh,'<',"$perlvar{'lonTabDir'}/serverhomeIDs.tab")) { - while (<$fh>) { - my($host,$id) = split(/:/); - chomp($id); - $server{$host} = $id; +sub reset_nosslverify_pids { + my ($fh,%sslrem) = @_; + &checkon_daemon($fh,'lond',40000,'USR2'); + my $loncpidfile="$perlvar{'lonDaemons'}/logs/lonc.pid"; + my $loncppid; + if ((-e $loncpidfile) && (open(my $pfh,'<',$loncpidfile))) { + $loncppid=<$pfh>; + chomp($loncppid); + close($pfh); + if ($loncppid =~ /^\d+$/) { + my %pids_by_host; + my $docdir = $perlvar{'lonDocRoot'}; + if (-d "$docdir/lon-status/loncchld") { + if (opendir(my $dh,"$docdir/lon-status/loncchld")) { + while (my $file = readdir($dh)) { + next if ($file =~ /^\./); + if (open(my $fh,'<',"$docdir/lon-status/loncchld/$file")) { + my $record = <$fh>; + chomp($record); + close($fh); + my ($remotehost,$authmode) = split(/:/,$record); + $pids_by_host{$remotehost}{$authmode}{$file} = 1; + } + } + closedir($dh); + if (keys(%pids_by_host)) { + foreach my $host (keys(%pids_by_host)) { + if ($sslrem{$host}) { + if (ref($pids_by_host{$host}) eq 'HASH') { + if (ref($pids_by_host{$host}{'insecure'}) eq 'HASH') { + if (keys(%{$pids_by_host{$host}{'insecure'}})) { + foreach my $pid (keys(%{$pids_by_host{$host}{'insecure'}})) { + if (open(PIPE,"ps -o ppid= -p $pid |")) { + my $ppid = ; + chomp($ppid); + close(PIPE); + $ppid =~ s/(^\s+|\s+$)//g; + if (($ppid == $loncppid) && (kill 0 => $pid)) { + kill QUIT => $pid; + } + } + } + } + } + } + } + } + } + } } - close($fh); } } - return %server; + return; } sub send_mail { - my ($sysmail,$reportstatus) = @_; my $defdom = $perlvar{'lonDefDomain'}; my $origmail = $perlvar{'lonAdmEMail'}; my $emailto = &Apache::loncommon::build_recipient_list(undef, 'lonstatusmail',$defdom,$origmail); - if (($totalcount>$sysmail) && ($reportstatus)) { + if ($totalcount>2500) { $emailto.=",$perlvar{'lonSysEMail'}"; } my $from; @@ -1320,23 +1145,19 @@ Options: do not send emails do not check if the daemons are running, do not generate lon-status - --justiptables Only update the dynamic iptables rules for the - lond port; do not send emails, do not - check if the daemons are running, do not - generate lon-status + USAGE } # ================================================================ Main Program sub main () { my ($help,$justcheckdaemons,$noemail,$justcheckconnections, - $justreload,$justiptables); + $justreload); &GetOptions("help" => \$help, "justcheckdaemons" => \$justcheckdaemons, "noemail" => \$noemail, "justcheckconnections" => \$justcheckconnections, - "justreload" => \$justreload, - "justiptables" => \$justiptables + "justreload" => \$justreload ); if ($help) { &usage(); return; } # --------------------------------- Read loncapa_apache.conf and loncapa.conf @@ -1351,10 +1172,9 @@ sub main () { if ('{[[[[lonHostID]]]]}' eq $perlvar{'lonHostID'}) { print("Unconfigured machine.\n"); my $emailto=$perlvar{'lonSysEMail'}; - my $hostname = Sys::Hostname::FQDN::fqdn(); - $hostname=~s/\.+/./g; - $hostname=~s/\-+/-/g; - $hostname=~s/[^\w\.-]//g; # make sure is safe to pass through shell + my $hostname=`/bin/hostname`; + chop $hostname; + $hostname=~s/[^\w\.]//g; # make sure is safe to pass through shell my $subj="LON: Unconfigured machine $hostname"; system("echo 'Unconfigured machine $hostname.' |". " mail -s '$subj' $emailto > /dev/null"); @@ -1387,13 +1207,11 @@ sub main () { } } } - if (!$justiptables) { - &Apache::lonnet::load_hosts_tab(1,$nomemcache); - &Apache::lonnet::load_domain_tab(1,$nomemcache); - &Apache::lonnet::get_iphost(1,$nomemcache); - } + &Apache::lonnet::load_hosts_tab(1,$nomemcache); + &Apache::lonnet::load_domain_tab(1,$nomemcache); + &Apache::lonnet::get_iphost(1,$nomemcache); -# ----------------------------------------- Force firewall update for lond port +# ----------------------------------------- Force firewall update for lond port if ((!$justcheckdaemons) && (!$justreload)) { my $now = time; @@ -1408,7 +1226,7 @@ sub main () { if (&LONCAPA::try_to_lock('/tmp/lock_lciptables')) { my $execpath = $perlvar{'lonDaemons'}.'/lciptables'; system("$execpath $tmpfile"); - unlink('/tmp/lock_lciptables'); # Remove the lock file. + unlink('/tmp/lock_lciptables'); # Remove the lock file. } unlink($tmpfile); } @@ -1420,21 +1238,20 @@ sub main () { $warnings=0; $notices=0; - + my $fh; - if (!$justcheckdaemons && !$justcheckconnections && !$justreload && !$justiptables) { + if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { $fh=&start_logging(); &log_machine_info($fh); &clean_tmp($fh); &clean_lonIDs($fh); - &clean_balanceIDs($fh); &clean_webDAV_sessionIDs($fh); &check_httpd_logs($fh); &rotate_lonnet_logs($fh); &rotate_other_logs($fh); } - if (!$justcheckconnections && !$justreload && !$justiptables) { + if (!$justcheckconnections && !$justreload) { &checkon_daemon($fh,'lonmemcached',40000); &checkon_daemon($fh,'lonsql',200000); if ( &checkon_daemon($fh,'lond',40000,'USR1') eq 'running') { @@ -1445,24 +1262,33 @@ sub main () { &checkon_daemon($fh,'lonr',40000); } if ($justreload) { + &clean_nosslverify($fh); + &write_connection_config(); + &write_hosttypes(); + &update_revocation_list(); &checkon_daemon($fh,'lond',40000,'USR2'); &checkon_daemon($fh,'lonc',40000,'USR2'); } if ($justcheckconnections) { &test_connections($fh); } - if (!$justcheckdaemons && !$justcheckconnections && !$justreload && !$justiptables) { - my $domconf = &get_domain_config(); - my ($threshold,$sysmail,$reportstatus,$weightsref,$exclusionsref) = - &get_permcount_settings($domconf); - &check_delayed_msg($fh,$weightsref,$exclusionsref); - &finish_logging($fh,$weightsref); + if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { + &check_delayed_msg($fh); &log_simplestatus(); &write_loncaparevs(); &write_serverhomeIDs(); &write_checksums(); - &write_hostips(); - if ($totalcount>$threshold && !$noemail) { &send_mail($sysmail,$reportstatus); } + my %sslrem = &clean_nosslverify($fh); + my %conchgs = &write_connection_config(); + my %hosttypechgs = &write_hosttypes(); + my $hadcrlchg = &update_revocation_list(); + if ((keys(%conchgs) > 0) || (keys(%hosttypechgs) > 0) || + $hadcrlchg || (keys(%sslrem) > 0)) { + &checkon_daemon($fh,'lond',40000,'USR2'); + &reset_nosslverify_pids($fh,%sslrem); + } + &finish_logging($fh); + if ($totalcount>200 && !$noemail) { &send_mail(); } } }