--- loncom/loncron 2024/07/10 04:11:41 1.103.2.15 +++ loncom/loncron 2018/11/24 16:19:09 1.115 @@ -2,7 +2,7 @@ # Housekeeping program, started by cron, loncontrol and loncron.pl # -# $Id: loncron,v 1.103.2.15 2024/07/10 04:11:41 raeburn Exp $ +# $Id: loncron,v 1.115 2018/11/24 16:19:09 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -37,18 +37,13 @@ use LONCAPA; use Apache::lonnet; use Apache::loncommon; -use LWP::UserAgent(); -use HTTP::Request(); use IO::File; use IO::Socket; use HTML::Entities; use Getopt::Long; -use GDBM_File qw(GDBM_READER); +use GDBM_File; use Storable qw(thaw); use File::ReadBackwards; -use File::Copy; -use Sys::Hostname::FQDN(); - #globals use vars qw (%perlvar %simplestatus $errors $warnings $notices $totalcount); @@ -81,14 +76,14 @@ sub rotate_logfile { rename("$file.2","$file.3"); rename("$file.1","$file.2"); rename("$file","$file.1"); - } + } } sub start_daemon { my ($fh,$daemon,$pidfile,$args) = @_; my $progname=$daemon; if ($daemon eq 'lonc') { - $progname='loncnew'; + $progname='loncnew'; } my $error_fname="$perlvar{'lonDaemons'}/logs/${daemon}_errors"; &rotate_logfile($error_fname,$fh,'error logs'); @@ -122,7 +117,7 @@ sub checkon_daemon { if ($fh) { if (-e "$perlvar{'lonDaemons'}/logs/$daemon.log"){ if (open(DFH,"tail -n25 $perlvar{'lonDaemons'}/logs/$daemon.log|")) { - while (my $line=) { + while (my $line=) { &log($fh,"$line"); if ($line=~/INFO/) { $notices++; } if ($line=~/WARNING/) { $notices++; } @@ -133,9 +128,9 @@ sub checkon_daemon { } &log($fh,"

"); } - + my $pidfile="$perlvar{'lonDaemons'}/logs/$daemon.pid"; - + my $restartflag=1; my $daemonpid; if (-e $pidfile) { @@ -174,6 +169,9 @@ sub checkon_daemon { &log($fh,unlink($pidfile).' - '. `killall -9 $kadaemon 2>&1`. '
'); + if ($kadaemon eq 'loncnew') { + &clean_lonc_childpids(); + } &log($fh,"

$daemon not running, trying to start

"); if (&start_daemon($fh,$daemon,$pidfile,$args)) { @@ -212,10 +210,10 @@ sub checkon_daemon { close (DFH); } &log($fh,"

"); - } - } + } + } } - + my $fname="$perlvar{'lonDaemons'}/logs/$daemon.log"; &rotate_logfile($fname,$fh,'logs'); @@ -228,34 +226,19 @@ sub log_machine_info { my ($fh)=@_; &log($fh,'

Machine Information

'); &log($fh,"

loadavg

"); - - my $cpucount; - if (open(PIPE,"lscpu |grep '^CPU(s)' 2>&1 |")) { - my $info = ; - chomp($info); - ($cpucount) = ($info =~ /^\QCPU(s):\E\s+(\d+)$/); - close(PIPE); - } - if (!$cpucount) { - $cpucount = 1; - } - my %loadtarget = ( - error => 4.0*$cpucount, - warn => 2.0*$cpucount, - note => 1.0*$cpucount, - ); + open (LOADAVGH,"/proc/loadavg"); my $loadavg=; close (LOADAVGH); - + &log($fh,"$loadavg"); - + my @parts=split(/\s+/,$loadavg); - if ($parts[1]>$loadtarget{'error'}) { + if ($parts[1]>4.0) { $errors++; - } elsif ($parts[1]>$loadtarget{'warn'}) { + } elsif ($parts[1]>2.0) { $warnings++; - } elsif ($parts[1]>$loadtarget{'note'}) { + } elsif ($parts[1]>1.0) { $notices++; } @@ -263,14 +246,14 @@ sub log_machine_info { &log($fh,"
");
 
     open (DFH,"df|");
-    while (my $line=) {
-	&log($fh,&encode_entities($line,'<>&"'));
+    while (my $line=) { 
+	&log($fh,&encode_entities($line,'<>&"')); 
 	@parts=split(/\s+/,$line);
 	my $usage=$parts[4];
 	$usage=~s/\W//g;
-	if ($usage>90) {
+	if ($usage>90) { 
 	    $warnings++;
-	    $notices++;
+	    $notices++; 
 	} elsif ($usage>80) {
 	    $warnings++;
 	} elsif ($usage>60) {
@@ -287,8 +270,8 @@ sub log_machine_info {
     my $psproc=0;
 
     open (PSH,"ps aux --cols 140 |");
-    while (my $line=) {
-	&log($fh,&encode_entities($line,'<>&"'));
+    while (my $line=) { 
+	&log($fh,&encode_entities($line,'<>&"')); 
 	$psproc++;
     }
     close (PSH);
@@ -310,7 +293,7 @@ sub start_logging {
     my %simplestatus=();
     my $now=time;
     my $date=localtime($now);
-
+    
 
     &log($fh,(<
@@ -335,7 +318,6 @@ sub start_logging {
 
  • lonc
  • lonnet
  • Connections
  • -
  • bash readline config
  • Delayed Messages
  • Error Count
  • @@ -427,12 +409,12 @@ sub recursive_clean_tmp { ($cleaned,$old,$removed) = &recursive_clean_tmp($innerdir,$cleaned,$old,$removed,$errors); my @doms = &Apache::lonnet::current_machine_domains(); - + if (open(my $dirhandle,$fname)) { unless (($innerdir eq 'helprequests') || (($innerdir =~ /^addcourse/) && ($innerdir !~ m{/\d+$}))) { my @contents = grep {!/^\.\.?$/} readdir($dirhandle); - join('&&',@contents)."\n"; + join('&&',@contents)."\n"; if (scalar(grep {!/^\.\.?$/} readdir($dirhandle)) == 0) { closedir($dirhandle); if ($fname =~ m{^\Q$perlvar{'lonDaemons'}\E/tmp/}) { @@ -485,7 +467,7 @@ sub recursive_clean_tmp { } } } elsif (ref($errors->{failopen}) eq 'ARRAY') { - push(@{$errors->{failopen}},$fname); + push(@{$errors->{failopen}},$fname); } } else { if (unlink($fname)) { @@ -511,38 +493,19 @@ sub clean_lonIDs { my $cleaned=0; my $active=0; while (my $fname=<$perlvar{'lonIDsDir'}/*>) { - my $now=time; - if (-l $fname) { - my $linkfname = readlink($fname); - if (-f $linkfname) { - if ($linkfname =~ m{^$perlvar{'lonIDsDir'}/[^/]+\.id$}) { - my @data = stat($linkfname); - my $mtime = $data[9]; - my $since=$now-$mtime; - if ($since>$perlvar{'lonExpire'}) { - if (unlink($linkfname)) { - $cleaned++; - &log($fh,"Unlinking $linkfname
    "); - unlink($fname); - } - } - } - } else { - unlink($fname); - } - } elsif (-f $fname) { - my @data = stat($fname); - my $mtime = $data[9]; - my $since=$now-$mtime; - if ($since>$perlvar{'lonExpire'}) { - if (unlink($fname)) { - $cleaned++; - &log($fh,"Unlinking $fname
    "); - } - } else { - $active++; - } - } + my ($dev,$ino,$mode,$nlink, + $uid,$gid,$rdev,$size, + $atime,$mtime,$ctime, + $blksize,$blocks)=stat($fname); + my $now=time; + my $since=$now-$mtime; + if ($since>$perlvar{'lonExpire'}) { + $cleaned++; + &log($fh,"Unlinking $fname
    "); + unlink("$fname"); + } else { + $active++; + } } &log($fh,"

    Cleaned up ".$cleaned." stale session token(s).

    "); &log($fh,"

    $active open session(s)

    "); @@ -556,7 +519,7 @@ sub clean_balanceIDs { my $cleaned=0; my $active=0; if (-d $perlvar{'lonBalanceDir'}) { - while (my $fname=<$perlvar{'lonBalanceDir'}/*.id>) { + while (my $fname=<$perlvar{'balanceDir'}/*.id>) { my ($dev,$ino,$mode,$nlink, $uid,$gid,$rdev,$size, $atime,$mtime,$ctime, @@ -639,16 +602,16 @@ sub rotate_lonnet_logs { print "Checking logs.\n"; if (-e "$perlvar{'lonDaemons'}/logs/lonnet.log"){ open (DFH,"tail -n50 $perlvar{'lonDaemons'}/logs/lonnet.log|"); - while (my $line=) { + while (my $line=) { &log($fh,&encode_entities($line,'<>&"')); } close (DFH); } &log($fh,"

    Perm Log

    ");
    -
    +    
         if (-e "$perlvar{'lonDaemons'}/logs/lonnet.perm.log") {
     	open(DFH,"tail -n10 $perlvar{'lonDaemons'}/logs/lonnet.perm.log|");
    -	while (my $line=) {
    +	while (my $line=) { 
     	    &log($fh,&encode_entities($line,'<>&"'));
     	}
     	close (DFH);
    @@ -779,14 +742,14 @@ sub check_delayed_msg {
         my $dfh=IO::File->new("$perlvar{'lonDaemons'}/logs/lonnet.perm.log","r");
         if (defined($dfh)) {
             while (my $line=<$dfh>) {
    -	    my ($time,$sdf,$rest)=split(/:/,$line,3);
    +            my ($time,$sdf,$rest)=split(/:/,$line,3);
                 if ($time < 1541185772) {
                     $checkbackwards = 1;
                 }
                 last;
             }
             undef $dfh;
    -    }
    +    } 
     
         if ($checkbackwards) {
             if (tie *BW, 'File::ReadBackwards', "$perlvar{'lonDaemons'}/logs/lonnet.perm.log") {
    @@ -1018,7 +981,7 @@ sub write_serverhomeIDs {
                     eval {
                         local $SIG{ ALRM } = sub { die "TIMEOUT" };
                         alarm(10);
    -                    $serverhomeID =
    +                    $serverhomeID = 
                             &Apache::lonnet::get_server_homeID($name,1,'loncron');
                         alarm(0);
                     };
    @@ -1063,92 +1026,89 @@ sub write_checksums {
         return;
     }
     
    -sub write_hostips {
    -    my $lontabdir = $perlvar{'lonTabDir'};
    -    my $defdom = $perlvar{'lonDefDomain'};
    -    my $lonhost = $perlvar{'lonHostID'};
    -    my $newfile = "$lontabdir/currhostips.tab";
    -    my $oldfile = "$lontabdir/prevhostips.tab";
    -    my (%prevhosts,%currhosts,%ipchange);
    -    if ((-e $newfile) && (-s $newfile)) {
    -        move($newfile,$oldfile);
    -        chmod(0644,$oldfile);
    -        if (open(my $fh,'<',$oldfile)) {
    -            while (my $line=<$fh>) {
    -                chomp($line);
    -                if ($line =~ /^([^:]+):([\d.]+)$/) {
    -                    $prevhosts{$1} = $2;
    +sub clean_nosslverify {
    +    my ($fh) = @_;
    +    my %unlinked; 
    +    if (-d "$perlvar{'lonSockDir'}/nosslverify") {
    +        if (opendir(my $dh,"$perlvar{'lonSockDir'}/nosslverify")) {
    +            while (my $fname=readdir($dh)) {
    +                next if ($fname =~ /^\.+$/);
    +                if (unlink("/home/httpd/sockets/nosslverify/$fname")) {
    +                    &log($fh,"Unlinking $fname
    "); + $unlinked{$fname} = 1; } } - close($fh); + closedir($dh); } } - my ($ip_info,$cached) = - &Apache::lonnet::is_cached_new('iphost','iphost'); - if (!$cached) { - &Apache::lonnet::get_iphost(); - ($ip_info,$cached) = - &Apache::lonnet::is_cached_new('iphost','iphost'); - } - if (ref($ip_info) eq 'ARRAY') { - %currhosts = %{$ip_info->[1]}; - if (open(my $fh,'>',$newfile)) { - foreach my $key (keys(%currhosts)) { - print $fh "$key:$currhosts{$key}\n"; + &log($fh,"

    Removed ".scalar(keys(%unlinked))." nosslverify clients

    "); + return %unlinked; +} +sub clean_lonc_childpids { + my $childpiddir = "$perlvar{'lonDocRoot'}/lon-status/loncchld"; + if (-d $childpiddir) { + if (opendir(my $dh,$childpiddir)) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + unlink("$childpiddir/$fname"); } - close($fh); - chmod(0644,$newfile); + closedir($dh); } } - if (keys(%prevhosts) && keys(%currhosts)) { - foreach my $key (keys(%prevhosts)) { - unless ($currhosts{$key} eq $prevhosts{$key}) { - $ipchange{$key} = $prevhosts{$key}.' | '.$currhosts{$key}; - } - } - foreach my $key (keys(%currhosts)) { - unless ($currhosts{$key} eq $prevhosts{$key}) { - $ipchange{$key} = $prevhosts{$key}.' | '.$currhosts{$key}; +} + +sub write_connection_config { + my ($domconf,%connectssl,%changes); + $domconf = &get_domain_config(); + if (ref($domconf) eq 'HASH') { + if (ref($domconf->{'ssl'}) eq 'HASH') { + foreach my $connect ('connto','connfrom') { + if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { + my ($sslreq,$sslnoreq,$currsetting); + my %contypes; + foreach my $type ('dom','intdom','other') { + $connectssl{$connect.'_'.$type} = $domconf->{'ssl'}->{$connect}->{$type}; + } + } } } - } - if (&Apache::lonnet::domain($defdom,'primary') eq $lonhost) { - if (keys(%ipchange)) { - if (open(my $fh,'>>',$perlvar{'lonDaemons'}.'/logs/hostip.log')) { - print $fh "********************\n".localtime(time).' Changes --'."\n". - "| Hostname | Previous IP | New IP |\n". - " --------------------------------- \n"; - foreach my $hostname (sort(keys(%ipchange))) { - print $fh "| $hostname | $ipchange{$hostname} |\n"; + if (keys(%connectssl)) { + my %currconf; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/=/,$line); + if ($value =~ /^(?:no|yes|req)$/) { + if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) { + $currconf{$name} = $value; + } + } } - print $fh "\n*******************\n\n"; close($fh); } - my $emailto = &Apache::loncommon::build_recipient_list(undef, - 'hostipmail',$defdom); - if ($emailto) { - my $subject = "LON-CAPA Hostname to IP change ($perlvar{'lonHostID'})"; - my $chgmail = "To: $emailto\n". - "Subject: $subject\n". - "Content-type: text/plain\; charset=UTF-8\n". - "MIME-Version: 1.0\n\n". - "Host/IP changes\n". - " \n". - "| Hostname | Previous IP | New IP |\n". - " --------------------------------- \n"; - foreach my $hostname (sort(keys(%ipchange))) { - $chgmail .= "| $hostname | $ipchange{$hostname} |\n"; - } - $chgmail .= "\n\n"; - if (open(my $mailh, "|/usr/lib/sendmail -oi -t -odb")) { - print $mailh $chgmail; - close($mailh); - print "Sending mail notification of hostname/IP changes.\n"; + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + my $count = 0; + foreach my $key (sort(keys(%connectssl))) { + print $fh "$key=$connectssl{$key}\n"; + if (exists($currconf{$key})) { + unless ($currconf{$key} eq $connectssl{$key}) { + $changes{$key} = 1; + } + } else { + $changes{$key} = 1; + } + $count ++; } + close($fh); + print "Completed writing SSL options for lonc/lond for $count items.\n"; } + } else { + print "Writing of SSL options skipped - no connection rules in domain configuration.\n"; } + } else { + print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n"; } - return; + return %changes; } sub get_domain_config { @@ -1163,7 +1123,7 @@ sub get_domain_config { unless ($protocol eq 'https') { $protocol = 'http'; } - $url = $protocol.'://'.$hostname.'/cgi-bin/listdomconfig.pl?primary='.$primlibserv.'&format=raw'; + $url = $protocol.'://'.$hostname.'/cgi-bin/listdomconfig.pl'; } if ($isprimary) { my $lonusersdir = $perlvar{'lonUsersDir'}; @@ -1184,14 +1144,14 @@ sub get_domain_config { } } } else { - my $ua=new LWP::UserAgent; - $ua->timeout(5); - my $request=new HTTP::Request('GET',$url); - my $response=$ua->request($request); - unless ($response->is_error()) { - my $content = $response->content; - if ($content) { - my @pairs=split(/\&/,$content); + if (open(PIPE,"wget --no-check-certificate '$url?primary=$primlibserv&format=raw' |")) { + my $config = ''; + while () { + $config .= $_; + } + close(PIPE); + if ($config) { + my @pairs=split(/\&/,$config); foreach my $item (@pairs) { my ($key,$value)=split(/=/,$item,2); my $what = &LONCAPA::unescape($key); @@ -1208,6 +1168,121 @@ sub get_domain_config { return \%confhash; } +sub write_hosttypes { + my %intdom = &Apache::lonnet::all_host_intdom(); + my %hostdom = &Apache::lonnet::all_host_domain(); + my $dom = $hostdom{$perlvar{'lonHostID'}}; + my $internetdom = $intdom{$perlvar{'lonHostID'}}; + my %changes; + if (($dom ne '') && ($internetdom ne '')) { + if (keys(%hostdom)) { + my %currhosttypes; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/:/,$line); + if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) { + $currhosttypes{$name} = $value; + } + } + close($fh); + } + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + my $count = 0; + foreach my $lonid (sort(keys(%hostdom))) { + my $type = 'other'; + if ($hostdom{$lonid} eq $dom) { + $type = 'dom'; + } elsif ($intdom{$lonid} eq $internetdom) { + $type = 'intdom'; + } + print $fh "$lonid:$type\n"; + if (exists($currhosttypes{$lonid})) { + if ($type ne $currhosttypes{$lonid}) { + $changes{$lonid} = 1; + } + } else { + $changes{$lonid} = 1; + } + $count ++; + } + close($fh); + print "Completed writing host type data for $count hosts.\n"; + } + } else { + print "Writing of host types skipped - no hosts found.\n"; + } + } else { + print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n"; + } + return %changes; +} + +sub update_revocation_list { + my ($result,$changed) = &Apache::lonnet::fetch_crl_pemfile(); + if ($result eq 'ok') { + print "Certificate Revocation List (from CA) updated.\n"; + } else { + print "Certificate Revocation List from (CA) not updated.\n"; + } + return $changed; +} + +sub reset_nosslverify_pids { + my ($fh,%sslrem) = @_; + &checkon_daemon($fh,'lond',40000,'USR2'); + my $loncpidfile="$perlvar{'lonDaemons'}/logs/lonc.pid"; + my $loncppid; + if ((-e $loncpidfile) && (open(my $pfh,'<',$loncpidfile))) { + $loncppid=<$pfh>; + chomp($loncppid); + close($pfh); + if ($loncppid =~ /^\d+$/) { + my %pids_by_host; + my $docdir = $perlvar{'lonDocRoot'}; + if (-d "$docdir/lon-status/loncchld") { + if (opendir(my $dh,"$docdir/lon-status/loncchld")) { + while (my $file = readdir($dh)) { + next if ($file =~ /^\./); + if (open(my $fh,'<',"$docdir/lon-status/loncchld/$file")) { + my $record = <$fh>; + chomp($record); + close($fh); + my ($remotehost,$authmode) = split(/:/,$record); + $pids_by_host{$remotehost}{$authmode}{$file} = 1; + } + } + closedir($dh); + if (keys(%pids_by_host)) { + foreach my $host (keys(%pids_by_host)) { + if ($sslrem{$host}) { + if (ref($pids_by_host{$host}) eq 'HASH') { + if (ref($pids_by_host{$host}{'insecure'}) eq 'HASH') { + if (keys(%{$pids_by_host{$host}{'insecure'}})) { + foreach my $pid (keys(%{$pids_by_host{$host}{'insecure'}})) { + if (open(PIPE,"ps -o ppid= -p $pid |")) { + my $ppid = ; + chomp($ppid); + close(PIPE); + $ppid =~ s/(^\s+|\s+$)//g; + if (($ppid == $loncppid) && (kill 0 => $pid)) { + kill QUIT => $pid; + } + } + } + } + } + } + } + } + } + } + } + } + } + return; +} + sub get_permcount_settings { my ($domconf) = @_; my ($defaults,$names) = &Apache::loncommon::lon_status_items(); @@ -1264,98 +1339,6 @@ sub read_serverhomeIDs { return %server; } -sub check_bash_settings { - my $distro = &LONCAPA::distro(); - my ($check_bracketed_paste,$bracketed_warning); - if ($distro =~ /^debian(\d+)$/) { - if ($1 >= 12) { - $check_bracketed_paste = 1; - } - } elsif ($distro =~ /^ubuntu(\d+)$/) { - if ($1 >= 22) { - $check_bracketed_paste = 1; - } - } elsif ($distro =~ /^(?:redhat|oracle|alma|rocky|centos-stream)(\d+)$/) { - if ($1 >= 9) { - $check_bracketed_paste = 1; - } - } elsif ($distro =~ /^fedora(\d+)/) { - if ($1 >= 34) { - $check_bracketed_paste = 1; - } - } - if ($check_bracketed_paste) { - if (open(PIPE,"bind -V 2>&1 | grep enable-bracketed-paste |")) { - my $info = ; - chomp($info); - my ($bracketed) = ($info =~ /^\Qenable-bracketed-paste\E\s+is\s+set\s+to\s+\W(on|off)\W$/); - close(PIPE); - if ($bracketed eq 'on') { - $bracketed_warning = 1; - } - } else { - print "Unable to check if bracketed paste is set to off for www user's shell\n"; - } - } - return ($bracketed_warning,$check_bracketed_paste); -} - -sub set_bracketed_paste_off { - my $bash_www_cnf = '/home/www/.inputrc'; - my $result; - if (!-e $bash_www_cnf) { - system("touch $bash_www_cnf"); - if (open(my $cfh,'>',$bash_www_cnf)) { - print $cfh "set enable-bracketed-paste off\n"; - close($cfh); - $result = "Updated $bash_www_cnf"; - } else { - $result = "Could not open $bash_www_cnf to add 'set enable-bracketed-paste to off'"; - } - my $wwwuid = getpwnam('www'); - my $wwwgid = getgrnam('www'); - if ($wwwuid!=$<) { - chown($wwwuid,$wwwgid,$bash_www_cnf); - } - } else { - my ($bracketed_paste_on,$bracketed_paste_off,@preserve); - if (open(my $cfh,'<',$bash_www_cnf)) { - while (my $line=<$cfh>) { - chomp($line); - if ($line =~ /^\s*set\s+enable\-bracketed\-paste\s+(off|on)\s*$/) { - if ($1 eq 'off') { - $bracketed_paste_off = 1; - } else { - $bracketed_paste_on = 1; - } - } else { - push(@preserve,$line); - } - } - close($cfh); - if ($bracketed_paste_on || !$bracketed_paste_off) { - if (open(my $cfh,'>',$bash_www_cnf)) { - print $cfh "set enable-bracketed-paste off\n"; - if (@preserve) { - foreach my $entry (@preserve) { - print $cfh "$entry\n"; - } - } - close($cfh); - $result = "Updated $bash_www_cnf"; - } else { - $result = "Could not open $bash_www_cnf to add 'set enable-bracketed-paste to off'"; - } - } else { - $result = "No action needed; $bash_www_cnf already includes 'set enable-bracketed-paste to off'"; - } - } else { - $result = "Could not open $bash_www_cnf to check if a value is included for 'enable-bracketed-paste'."; - } - } - return $result; -} - sub send_mail { my ($sysmail,$reportstatus) = @_; my $defdom = $perlvar{'lonDefDomain'}; @@ -1415,23 +1398,19 @@ Options: do not send emails do not check if the daemons are running, do not generate lon-status - --justiptables Only update the dynamic iptables rules for the - lond port; do not send emails, do not - check if the daemons are running, do not - generate lon-status + USAGE } # ================================================================ Main Program sub main () { my ($help,$justcheckdaemons,$noemail,$justcheckconnections, - $justreload,$justiptables); + $justreload); &GetOptions("help" => \$help, "justcheckdaemons" => \$justcheckdaemons, "noemail" => \$noemail, "justcheckconnections" => \$justcheckconnections, - "justreload" => \$justreload, - "justiptables" => \$justiptables + "justreload" => \$justreload ); if ($help) { &usage(); return; } # --------------------------------- Read loncapa_apache.conf and loncapa.conf @@ -1446,10 +1425,9 @@ sub main () { if ('{[[[[lonHostID]]]]}' eq $perlvar{'lonHostID'}) { print("Unconfigured machine.\n"); my $emailto=$perlvar{'lonSysEMail'}; - my $hostname = Sys::Hostname::FQDN::fqdn(); - $hostname=~s/\.+/./g; - $hostname=~s/\-+/-/g; - $hostname=~s/[^\w\.-]//g; # make sure is safe to pass through shell + my $hostname=`/bin/hostname`; + chop $hostname; + $hostname=~s/[^\w\.]//g; # make sure is safe to pass through shell my $subj="LON: Unconfigured machine $hostname"; system("echo 'Unconfigured machine $hostname.' |". " mail -s '$subj' $emailto > /dev/null"); @@ -1460,7 +1438,7 @@ sub main () { my $wwwid=getpwnam('www'); if ($wwwid!=$<) { print("User ID mismatch. This program must be run as user 'www'.\n"); - my $emailto="$perlvar{'lonAdmEMail'} $perlvar{'lonSysEMail'}"; + my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}"; my $subj="LON: $perlvar{'lonHostID'} User ID mismatch"; system("echo 'User ID mismatch. loncron must be run as user www.' |". " mail -s '$subj' $emailto > /dev/null"); @@ -1482,13 +1460,11 @@ sub main () { } } } - if (!$justiptables) { - &Apache::lonnet::load_hosts_tab(1,$nomemcache); - &Apache::lonnet::load_domain_tab(1,$nomemcache); - &Apache::lonnet::get_iphost(1,$nomemcache); - } + &Apache::lonnet::load_hosts_tab(1,$nomemcache); + &Apache::lonnet::load_domain_tab(1,$nomemcache); + &Apache::lonnet::get_iphost(1,$nomemcache); -# ----------------------------------------- Force firewall update for lond port +# ----------------------------------------- Force firewall update for lond port if ((!$justcheckdaemons) && (!$justreload)) { my $now = time; @@ -1503,7 +1479,7 @@ sub main () { if (&LONCAPA::try_to_lock('/tmp/lock_lciptables')) { my $execpath = $perlvar{'lonDaemons'}.'/lciptables'; system("$execpath $tmpfile"); - unlink('/tmp/lock_lciptables'); # Remove the lock file. + unlink('/tmp/lock_lciptables'); # Remove the lock file. } unlink($tmpfile); } @@ -1515,9 +1491,9 @@ sub main () { $warnings=0; $notices=0; - + my $fh; - if (!$justcheckdaemons && !$justcheckconnections && !$justreload && !$justiptables) { + if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { $fh=&start_logging(); &log_machine_info($fh); @@ -1529,7 +1505,7 @@ sub main () { &rotate_lonnet_logs($fh); &rotate_other_logs($fh); } - if (!$justcheckconnections && !$justreload && !$justiptables) { + if (!$justcheckconnections && !$justreload) { &checkon_daemon($fh,'lonmemcached',40000); &checkon_daemon($fh,'lonsql',200000); if ( &checkon_daemon($fh,'lond',40000,'USR1') eq 'running') { @@ -1540,39 +1516,35 @@ sub main () { &checkon_daemon($fh,'lonr',40000); } if ($justreload) { + &clean_nosslverify($fh); + &write_connection_config(); + &write_hosttypes(); + &update_revocation_list(); &checkon_daemon($fh,'lond',40000,'USR2'); &checkon_daemon($fh,'lonc',40000,'USR2'); } if ($justcheckconnections) { &test_connections($fh); } - if (!$justcheckdaemons && !$justcheckconnections && !$justreload && !$justiptables) { - my ($bracketed_warning,$check_bracketed_paste) = &check_bash_settings(); - if ($check_bracketed_paste) { - &log($fh,'

    bash readline config

    Bracketed Paste

    '. - '

    Distros using bash readline library 8.1 or later need bracketed paste disabled for www, so R commands sent to lon daemon will be processed.

    '); - if ($bracketed_warning) { - my $bash_update = &set_bracketed_paste_off(); - if ($bash_update) { - &log($fh,'

    '.$bash_update.'

    '."\n"); - } - } else { - &log($fh,'

    No action needed; /home/www/.inputrc already set.

    '."\n"); - } - } else { - &log($fh,'

    bash readline config

    Bracketed Paste

    '. - '

    No action needed for distros using pre-8.1 bash readline library

    '."\n"); - } + if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { my $domconf = &get_domain_config(); my ($threshold,$sysmail,$reportstatus,$weightsref,$exclusionsref) = &get_permcount_settings($domconf); &check_delayed_msg($fh,$weightsref,$exclusionsref); - &finish_logging($fh,$weightsref); - &log_simplestatus(); &write_loncaparevs(); &write_serverhomeIDs(); &write_checksums(); - &write_hostips(); + my %sslrem = &clean_nosslverify($fh); + my %conchgs = &write_connection_config(); + my %hosttypechgs = &write_hosttypes(); + my $hadcrlchg = &update_revocation_list(); + if ((keys(%conchgs) > 0) || (keys(%hosttypechgs) > 0) || + $hadcrlchg || (keys(%sslrem) > 0)) { + &checkon_daemon($fh,'lond',40000,'USR2'); + &reset_nosslverify_pids($fh,%sslrem); + } + &finish_logging($fh,$weightsref); + &log_simplestatus(); if ($totalcount>$threshold && !$noemail) { &send_mail($sysmail,$reportstatus); } } }