--- loncom/loncron 2021/01/30 22:25:53 1.103.2.9
+++ loncom/loncron 2024/10/24 19:48:51 1.134
@@ -2,7 +2,7 @@
# Housekeeping program, started by cron, loncontrol and loncron.pl
#
-# $Id: loncron,v 1.103.2.9 2021/01/30 22:25:53 raeburn Exp $
+# $Id: loncron,v 1.134 2024/10/24 19:48:51 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -34,15 +34,16 @@ use lib '/home/httpd/lib/perl/';
use LONCAPA::Configuration;
use LONCAPA::Checksumming;
use LONCAPA;
+use LONCAPA::LWPReq;
use Apache::lonnet;
use Apache::loncommon;
-use LWP::UserAgent();
-use HTTP::Request();
use IO::File;
use IO::Socket;
use HTML::Entities;
use Getopt::Long;
+use GDBM_File qw(GDBM_READER);
+use Storable qw(thaw);
use File::ReadBackwards;
use File::Copy;
use Sys::Hostname::FQDN();
@@ -172,6 +173,9 @@ sub checkon_daemon {
&log($fh,unlink($pidfile).' - '.
`killall -9 $kadaemon 2>&1`.
'
');
+ if ($kadaemon eq 'loncnew') {
+ &clean_lonc_childpids();
+ }
&log($fh,"
$daemon not running, trying to start
");
if (&start_daemon($fh,$daemon,$pidfile,$args)) {
@@ -210,8 +214,8 @@ sub checkon_daemon {
close (DFH);
}
&log($fh,"");
- }
- }
+ }
+ }
}
my $fname="$perlvar{'lonDaemons'}/logs/$daemon.log";
@@ -227,18 +231,33 @@ sub log_machine_info {
&log($fh,'
Machine Information
');
&log($fh,"loadavg
");
+ my $cpucount;
+ if (open(PIPE,"lscpu |grep '^CPU(s)' 2>&1 |")) {
+ my $info = ;
+ chomp($info);
+ ($cpucount) = ($info =~ /^\QCPU(s):\E\s+(\d+)$/);
+ close(PIPE);
+ }
+ if (!$cpucount) {
+ $cpucount = 1;
+ }
+ my %loadtarget = (
+ error => 4.0*$cpucount,
+ warn => 2.0*$cpucount,
+ note => 1.0*$cpucount,
+ );
open (LOADAVGH,"/proc/loadavg");
my $loadavg=;
close (LOADAVGH);
-
+
&log($fh,"$loadavg");
my @parts=split(/\s+/,$loadavg);
- if ($parts[1]>4.0) {
+ if ($parts[1]>$loadtarget{'error'}) {
$errors++;
- } elsif ($parts[1]>2.0) {
+ } elsif ($parts[1]>$loadtarget{'warn'}) {
$warnings++;
- } elsif ($parts[1]>1.0) {
+ } elsif ($parts[1]>$loadtarget{'note'}) {
$notices++;
}
@@ -290,10 +309,10 @@ sub log_machine_info {
sub start_logging {
my $fh=IO::File->new(">$statusdir/newstatus.html");
- my %simplestatus=();
+ %simplestatus=();
my $now=time;
my $date=localtime($now);
-
+
&log($fh,(<
@@ -318,6 +337,7 @@ sub start_logging {
lonc
lonnet
Connections
+bash readline config
Delayed Messages
Error Count
@@ -584,6 +604,34 @@ sub clean_webDAV_sessionIDs {
}
}
+# ------------------------------------------------------------ clean out ltiIDs
+
+sub clean_ltiIDs {
+ my ($fh)=@_;
+ &log($fh,'
LTI Session Pointers
');
+ my $cleaned=0;
+ my $active=0;
+ if (-d $perlvar{'ltiIDsDir'}) {
+ while (my $fname=<$perlvar{'ltiIDsDir'}/*>) {
+ my ($dev,$ino,$mode,$nlink,
+ $uid,$gid,$rdev,$size,
+ $atime,$mtime,$ctime,
+ $blksize,$blocks)=stat($fname);
+ my $now=time;
+ my $since=$now-$mtime;
+ if ($since>$perlvar{'lonExpire'}) {
+ $cleaned++;
+ &log($fh,"Unlinking $fname
");
+ unlink("$fname");
+ } else {
+ $active++;
+ }
+ }
+ }
+ &log($fh,"Cleaned up ".$cleaned." old LTI session pointers.
");
+ &log($fh,"$active unexpired LTI session pointers
");
+}
+
# ----------------------------------------------------------- clean out sockets
sub clean_sockets {
my ($fh)=@_;
@@ -761,14 +809,14 @@ sub check_delayed_msg {
my $dfh=IO::File->new("$perlvar{'lonDaemons'}/logs/lonnet.perm.log","r");
if (defined($dfh)) {
while (my $line=<$dfh>) {
- my ($time,$sdf,$rest)=split(/:/,$line,3);
+ my ($time,$sdf,$rest)=split(/:/,$line,3);
if ($time < 1541185772) {
$checkbackwards = 1;
}
last;
}
undef $dfh;
- }
+ }
if ($checkbackwards) {
if (tie *BW, 'File::ReadBackwards', "$perlvar{'lonDaemons'}/logs/lonnet.perm.log") {
@@ -950,11 +998,13 @@ sub log_simplestatus {
rename("$statusdir/newstatus.html","$statusdir/index.html");
my $sfh=IO::File->new(">$statusdir/loncron_simple.txt");
- foreach (keys %simplestatus) {
- print $sfh $_.'='.$simplestatus{$_}.'&';
+ if (defined($sfh)) {
+ foreach my $key (keys(%simplestatus)) {
+ print $sfh $key.'='.$simplestatus{$key}.'&';
+ }
+ print $sfh "\n";
+ $sfh->close();
}
- print $sfh "\n";
- $sfh->close();
}
sub write_loncaparevs {
@@ -1133,6 +1183,91 @@ sub write_hostips {
return;
}
+sub clean_nosslverify {
+ my ($fh) = @_;
+ my %unlinked;
+ if (-d "$perlvar{'lonSockDir'}/nosslverify") {
+ if (opendir(my $dh,"$perlvar{'lonSockDir'}/nosslverify")) {
+ while (my $fname=readdir($dh)) {
+ next if ($fname =~ /^\.+$/);
+ if (unlink("/home/httpd/sockets/nosslverify/$fname")) {
+ &log($fh,"Unlinking $fname
");
+ $unlinked{$fname} = 1;
+ }
+ }
+ closedir($dh);
+ }
+ }
+ &log($fh,"Removed ".scalar(keys(%unlinked))." nosslverify clients
");
+ return %unlinked;
+}
+sub clean_lonc_childpids {
+ my $childpiddir = "$perlvar{'lonDocRoot'}/lon-status/loncchld";
+ if (-d $childpiddir) {
+ if (opendir(my $dh,$childpiddir)) {
+ while (my $fname=readdir($dh)) {
+ next if ($fname =~ /^\.+$/);
+ unlink("$childpiddir/$fname");
+ }
+ closedir($dh);
+ }
+ }
+}
+
+sub write_connection_config {
+ my ($domconf,%connectssl,%changes);
+ $domconf = &get_domain_config();
+ if (ref($domconf) eq 'HASH') {
+ if (ref($domconf->{'ssl'}) eq 'HASH') {
+ foreach my $connect ('connto','connfrom') {
+ if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') {
+ my ($sslreq,$sslnoreq,$currsetting);
+ my %contypes;
+ foreach my $type ('dom','intdom','other') {
+ $connectssl{$connect.'_'.$type} = $domconf->{'ssl'}->{$connect}->{$type};
+ }
+ }
+ }
+ }
+ if (keys(%connectssl)) {
+ my %currconf;
+ if (open(my $fh,'<',"$perlvar{'lonTabDir'}/connectionrules.tab")) {
+ while (my $line = <$fh>) {
+ chomp($line);
+ my ($name,$value) = split(/=/,$line);
+ if ($value =~ /^(?:no|yes|req)$/) {
+ if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) {
+ $currconf{$name} = $value;
+ }
+ }
+ }
+ close($fh);
+ }
+ if (open(my $fh,'>',"$perlvar{'lonTabDir'}/connectionrules.tab")) {
+ my $count = 0;
+ foreach my $key (sort(keys(%connectssl))) {
+ print $fh "$key=$connectssl{$key}\n";
+ if (exists($currconf{$key})) {
+ unless ($currconf{$key} eq $connectssl{$key}) {
+ $changes{$key} = 1;
+ }
+ } else {
+ $changes{$key} = 1;
+ }
+ $count ++;
+ }
+ close($fh);
+ print "Completed writing SSL options for lonc/lond for $count items.\n";
+ }
+ } else {
+ print "Writing of SSL options skipped - no connection rules in domain configuration.\n";
+ }
+ } else {
+ print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n";
+ }
+ return %changes;
+}
+
sub get_domain_config {
my ($dom,$primlibserv,$isprimary,$url,%confhash);
$dom = $perlvar{'lonDefDomain'};
@@ -1166,10 +1301,8 @@ sub get_domain_config {
}
}
} else {
- my $ua=new LWP::UserAgent;
- $ua->timeout(5);
my $request=new HTTP::Request('GET',$url);
- my $response=$ua->request($request);
+ my $response=&LONCAPA::LWPReq::makerequest($primlibserv,$request,'',\%perlvar,5);
unless ($response->is_error()) {
my $content = $response->content;
if ($content) {
@@ -1190,6 +1323,121 @@ sub get_domain_config {
return \%confhash;
}
+sub write_hosttypes {
+ my %intdom = &Apache::lonnet::all_host_intdom();
+ my %hostdom = &Apache::lonnet::all_host_domain();
+ my $dom = $hostdom{$perlvar{'lonHostID'}};
+ my $internetdom = $intdom{$perlvar{'lonHostID'}};
+ my %changes;
+ if (($dom ne '') && ($internetdom ne '')) {
+ if (keys(%hostdom)) {
+ my %currhosttypes;
+ if (open(my $fh,'<',"$perlvar{'lonTabDir'}/hosttypes.tab")) {
+ while (my $line = <$fh>) {
+ chomp($line);
+ my ($name,$value) = split(/:/,$line);
+ if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) {
+ $currhosttypes{$name} = $value;
+ }
+ }
+ close($fh);
+ }
+ if (open(my $fh,'>',"$perlvar{'lonTabDir'}/hosttypes.tab")) {
+ my $count = 0;
+ foreach my $lonid (sort(keys(%hostdom))) {
+ my $type = 'other';
+ if ($hostdom{$lonid} eq $dom) {
+ $type = 'dom';
+ } elsif ($intdom{$lonid} eq $internetdom) {
+ $type = 'intdom';
+ }
+ print $fh "$lonid:$type\n";
+ if (exists($currhosttypes{$lonid})) {
+ if ($type ne $currhosttypes{$lonid}) {
+ $changes{$lonid} = 1;
+ }
+ } else {
+ $changes{$lonid} = 1;
+ }
+ $count ++;
+ }
+ close($fh);
+ print "Completed writing host type data for $count hosts.\n";
+ }
+ } else {
+ print "Writing of host types skipped - no hosts found.\n";
+ }
+ } else {
+ print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n";
+ }
+ return %changes;
+}
+
+sub update_revocation_list {
+ my ($result,$changed) = &Apache::lonnet::fetch_crl_pemfile();
+ if ($result eq 'ok') {
+ print "Certificate Revocation List (from CA) updated.\n";
+ } else {
+ print "Certificate Revocation List from (CA) not updated.\n";
+ }
+ return $changed;
+}
+
+sub reset_nosslverify_pids {
+ my ($fh,%sslrem) = @_;
+ &checkon_daemon($fh,'lond',40000,'USR2');
+ my $loncpidfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
+ my $loncppid;
+ if ((-e $loncpidfile) && (open(my $pfh,'<',$loncpidfile))) {
+ $loncppid=<$pfh>;
+ chomp($loncppid);
+ close($pfh);
+ if ($loncppid =~ /^\d+$/) {
+ my %pids_by_host;
+ my $docdir = $perlvar{'lonDocRoot'};
+ if (-d "$docdir/lon-status/loncchld") {
+ if (opendir(my $dh,"$docdir/lon-status/loncchld")) {
+ while (my $file = readdir($dh)) {
+ next if ($file =~ /^\./);
+ if (open(my $fh,'<',"$docdir/lon-status/loncchld/$file")) {
+ my $record = <$fh>;
+ chomp($record);
+ close($fh);
+ my ($remotehost,$authmode) = split(/:/,$record);
+ $pids_by_host{$remotehost}{$authmode}{$file} = 1;
+ }
+ }
+ closedir($dh);
+ if (keys(%pids_by_host)) {
+ foreach my $host (keys(%pids_by_host)) {
+ if ($sslrem{$host}) {
+ if (ref($pids_by_host{$host}) eq 'HASH') {
+ if (ref($pids_by_host{$host}{'insecure'}) eq 'HASH') {
+ if (keys(%{$pids_by_host{$host}{'insecure'}})) {
+ foreach my $pid (keys(%{$pids_by_host{$host}{'insecure'}})) {
+ if (open(PIPE,"ps -o ppid= -p $pid |")) {
+ my $ppid = ;
+ chomp($ppid);
+ close(PIPE);
+ $ppid =~ s/(^\s+|\s+$)//g;
+ if (($ppid == $loncppid) && (kill 0 => $pid)) {
+ kill QUIT => $pid;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return;
+}
+
sub get_permcount_settings {
my ($domconf) = @_;
my ($defaults,$names) = &Apache::loncommon::lon_status_items();
@@ -1246,6 +1494,158 @@ sub read_serverhomeIDs {
return %server;
}
+sub check_bash_settings {
+ my $distro = &LONCAPA::distro();
+ my ($check_bracketed_paste,$bracketed_warning);
+ if ($distro =~ /^debian(\d+)$/) {
+ if ($1 >= 12) {
+ $check_bracketed_paste = 1;
+ }
+ } elsif ($distro =~ /^ubuntu(\d+)$/) {
+ if ($1 >= 22) {
+ $check_bracketed_paste = 1;
+ }
+ } elsif ($distro =~ /^(?:redhat|oracle|alma|rocky|centos-stream)(\d+)$/) {
+ if ($1 >= 9) {
+ $check_bracketed_paste = 1;
+ }
+ } elsif ($distro =~ /^fedora(\d+)/) {
+ if ($1 >= 34) {
+ $check_bracketed_paste = 1;
+ }
+ }
+ if ($check_bracketed_paste) {
+ if (open(PIPE,"bind -V 2>&1 | grep enable-bracketed-paste |")) {
+ my $info = ;
+ chomp($info);
+ my ($bracketed) = ($info =~ /^\Qenable-bracketed-paste\E\s+is\s+set\s+to\s+\W(on|off)\W$/);
+ close(PIPE);
+ if ($bracketed eq 'on') {
+ $bracketed_warning = 1;
+ }
+ } else {
+ print "Unable to check if bracketed paste is set to off for www user's shell\n";
+ }
+ }
+ return ($bracketed_warning,$check_bracketed_paste);
+}
+
+sub set_bracketed_paste_off {
+ my $bash_www_cnf = '/home/www/.inputrc';
+ my $result;
+ if (!-e $bash_www_cnf) {
+ system("touch $bash_www_cnf");
+ if (open(my $cfh,'>',$bash_www_cnf)) {
+ print $cfh <<'END';
+$if R
+ set enable-bracketed-paste off
+$endif
+
+$if maxima
+ set enable-bracketed-paste off
+$endif
+END
+ close($cfh);
+ $result = "Updated $bash_www_cnf so enable-bracketed-paste is off for R bash shell";
+ } else {
+ $result = "Could not open $bash_www_cnf to add 'set enable-bracketed-paste to off'";
+ }
+ my $wwwuid = getpwnam('www');
+ my $wwwgid = getgrnam('www');
+ if ($wwwuid!=$<) {
+ chown($wwwuid,$wwwgid,$bash_www_cnf);
+ }
+ } else {
+ my (%bracketed_paste_on,%bracketed_paste_off,@preserve,$condition);
+ $condition = '';
+ if (open(my $cfh,'<',$bash_www_cnf)) {
+ while (my $line=<$cfh>) {
+ chomp($line);
+ if ($line =~ /^\$if\s+(\w+)\s*$/) {
+ if ($1 eq 'R') {
+ $condition = 'r';
+ } elsif ($1 eq 'maxima') {
+ $condition = 'maxima';
+ } else {
+ $condition = 'other';
+ }
+ } elsif ($line =~ /^\$endif\s*$/) {
+ $condition = '';
+ }
+ if ($line =~ /^\s*set\s+enable\-bracketed\-paste\s+(off|on)\s*$/) {
+ if ($1 eq 'off') {
+ if ($condition ne '') {
+ $bracketed_paste_off{$condition} = 1;
+ } else {
+ $bracketed_paste_off{all} = 1;
+ }
+ push(@preserve,$line);
+ } else {
+ if ($condition ne '') {
+ $bracketed_paste_on{$condition} = 1;
+ if (($condition eq 'r') || ($condition eq 'maxima')) {
+ push(@preserve,' set enable-bracketed-paste off');
+ } else {
+ push(@preserve,$line);
+ }
+ } else {
+ $bracketed_paste_on{all} = 1;
+ push(@preserve,$line);
+ }
+ }
+ } else {
+ push(@preserve,$line);
+ }
+ }
+ close($cfh);
+ } else {
+ $result = "Could not open $bash_www_cnf to check if a value is included for 'enable-bracketed-paste'.";
+ }
+ if (($bracketed_paste_on{r} || $bracketed_paste_on{maxima}) ||
+ (!exists($bracketed_paste_off{r}) && !exists($bracketed_paste_on{r}) &&
+ !exists($bracketed_paste_off{maxima}) && !exists($bracketed_paste_on{maxima}))) {
+ if (open(my $cfh,'>',$bash_www_cnf)) {
+ if (@preserve) {
+ foreach my $entry (@preserve) {
+ print $cfh "$entry\n";
+ }
+ if (!exists($bracketed_paste_off{r}) && !exists($bracketed_paste_on{r})) {
+print $cfh <<'END';
+$if R
+ set enable-bracketed-paste off
+$endif
+END
+ }
+ if (!exists($bracketed_paste_off{r}) && !exists($bracketed_paste_on{r})) {
+print $cfh <<'END';
+$if maxima
+ set enable-bracketed-paste off
+$endif
+END
+ }
+ } else {
+print $cfh <<'END';
+$if R
+ set enable-bracketed-paste off
+$endif
+
+$if maxima
+ set enable-bracketed-paste off
+$endif
+END
+ }
+ close($cfh);
+ $result = "Updated $bash_www_cnf";
+ } else {
+ $result = "Could not open $bash_www_cnf to add 'set enable-bracketed-paste to off'";
+ }
+ } else {
+ $result = "No action needed; $bash_www_cnf already includes 'set enable-bracketed-paste to off'";
+ }
+ }
+ return $result;
+}
+
sub send_mail {
my ($sysmail,$reportstatus) = @_;
my $defdom = $perlvar{'lonDefDomain'};
@@ -1350,7 +1750,7 @@ sub main () {
my $wwwid=getpwnam('www');
if ($wwwid!=$<) {
print("User ID mismatch. This program must be run as user 'www'.\n");
- my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+ my $emailto="$perlvar{'lonAdmEMail'} $perlvar{'lonSysEMail'}";
my $subj="LON: $perlvar{'lonHostID'} User ID mismatch";
system("echo 'User ID mismatch. loncron must be run as user www.' |".
" mail -s '$subj' $emailto > /dev/null");
@@ -1415,6 +1815,7 @@ sub main () {
&clean_lonIDs($fh);
&clean_balanceIDs($fh);
&clean_webDAV_sessionIDs($fh);
+ &clean_ltiIDs($fh);
&check_httpd_logs($fh);
&rotate_lonnet_logs($fh);
&rotate_other_logs($fh);
@@ -1430,6 +1831,10 @@ sub main () {
&checkon_daemon($fh,'lonr',40000);
}
if ($justreload) {
+ &clean_nosslverify($fh);
+ &write_connection_config();
+ &write_hosttypes();
+ &update_revocation_list();
&checkon_daemon($fh,'lond',40000,'USR2');
&checkon_daemon($fh,'lonc',40000,'USR2');
}
@@ -1437,16 +1842,51 @@ sub main () {
&test_connections($fh);
}
if (!$justcheckdaemons && !$justcheckconnections && !$justreload && !$justiptables) {
+ my ($bracketed_warning,$check_bracketed_paste) = &check_bash_settings();
+ if ($check_bracketed_paste) {
+ &log($fh,'
bash readline config
Bracketed Paste
'.
+ 'Distros using bash readline library 8.1 or later need bracketed paste disabled for the R bash shell for the www user so R commands sent to lonr daemon will be processed.
');
+ my $bash_www_cnf = '/home/www/.inputrc';
+ my $non_empty_conffile;
+ unless ($bracketed_warning) {
+ if (-e $bash_www_cnf) {
+ my $filesize = (stat($bash_www_cnf))[7];
+ if ($filesize > 0) {
+ $non_empty_conffile = 1;
+ }
+ }
+ }
+ if (($bracketed_warning) || ($non_empty_conffile)) {
+ my $bash_update = &set_bracketed_paste_off();
+ if ($bash_update) {
+ &log($fh,''.$bash_update.'
'."\n");
+ }
+ } else {
+ &log($fh,'No action needed; /home/www/.inputrc already set.
'."\n");
+ }
+ } else {
+ &log($fh,'
bash readline config
Bracketed Paste
'.
+ 'No action needed for distros using pre-8.1 bash readline library
'."\n");
+ }
my $domconf = &get_domain_config();
my ($threshold,$sysmail,$reportstatus,$weightsref,$exclusionsref) =
&get_permcount_settings($domconf);
&check_delayed_msg($fh,$weightsref,$exclusionsref);
- &finish_logging($fh,$weightsref);
- &log_simplestatus();
&write_loncaparevs();
&write_serverhomeIDs();
&write_checksums();
&write_hostips();
+ my %sslrem = &clean_nosslverify($fh);
+ my %conchgs = &write_connection_config();
+ my %hosttypechgs = &write_hosttypes();
+ my $hadcrlchg = &update_revocation_list();
+ if ((keys(%conchgs) > 0) || (keys(%hosttypechgs) > 0) ||
+ $hadcrlchg || (keys(%sslrem) > 0)) {
+ &checkon_daemon($fh,'lond',40000,'USR2');
+ &reset_nosslverify_pids($fh,%sslrem);
+ }
+ &finish_logging($fh,$weightsref);
+ &log_simplestatus();
if ($totalcount>$threshold && !$noemail) { &send_mail($sysmail,$reportstatus); }
}
}