Local modifications to ClusterLabs/Anvil by Alteeve
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

395 lines
13 KiB

#!/usr/bin/perl
#
# This removes a bad key from a
#
# This program is setuid 'admin' and calls a (new) peer to read its hostname and system UUID. It takes the
# target's password in via a file.
#
# Exit codes;
# 0 = Normal exit.
# 1 = No database connection.
# 2 = Job not found.
# 3 = No offending keys found.
#
# TODO: We might want to offer an option to remove all keys found for a given target. Somehow, at least in
# testing, multiple keys got into a single known_hosts file.
#
use strict;
use warnings;
use Anvil::Tools;
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0];
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
if (($running_directory =~ /^\./) && ($ENV{PWD}))
{
$running_directory =~ s/^\./$ENV{PWD}/;
}
# Turn off buffering so that the pinwheel will display while waiting for the SSH call(s) to complete.
$| = 1;
my $anvil = Anvil::Tools->new();
$anvil->Log->level({set => 2});
$anvil->Log->secure({set => 1});
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }});
# Read switches (target ([user@]host[:port]) and the file with the target's password. If the password is
# passed directly, it will be used. Otherwise, the password will be read from the database.
$anvil->Get->switches;
$anvil->Database->connect();
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 3, secure => 0, key => "log_0132"});
if (not $anvil->data->{sys}{database}{connections})
{
# No databases, update the job, sleep for a bit and then exit. The daemon will pick it up and try
# again after we exit.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0077"});
sleep 10;
$anvil->nice_exit({exit_code => 1});
}
# Pick up the job details
$anvil->data->{switches}{'job-uuid'} = "";
$anvil->Get->switches;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
'switches::job-uuid' => $anvil->data->{switches}{'job-uuid'},
}});
# Load data.
load_job_data($anvil);
# Process the bad keys
process_keys($anvil);
# Done.
update_progress($anvil, 100, "job_0051");
$anvil->nice_exit({code => 0});
#############################################################################################################
# Functions #
#############################################################################################################
sub process_keys
{
my ($anvil) = @_;
foreach my $state_uuid (@{$anvil->data->{state_uuids}})
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { state_uuid => $state_uuid }});
my $query = "
SELECT
state_host_uuid,
state_name,
state_note
FROM
states
WHERE
state_uuid = ".$anvil->Database->quote($state_uuid)."
;";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { query => $query }});
my $results = $anvil->Database->query({query => $query, source => $THIS_FILE, line => __LINE__});
my $count = @{$results};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
results => $results,
count => $count,
}});
if (not $count)
{
# No bad keys found on this host.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0078"});
sleep 10;
$anvil->nice_exit({exit_code => 2});
}
foreach my $row (@{$results})
{
my $state_host_uuid = $row->[0];
my $state_name = $row->[1];
my $state_note = $row->[2];
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
's1:sys::host_uuid' => $anvil->data->{sys}{host_uuid},
's2:state_host_uuid' => $state_host_uuid,
's3:state_name' => $state_name,
's4:state_note' => $state_note,
}});
# Is this meant for us?
if ($state_host_uuid ne $anvil->data->{sys}{host_uuid})
{
# Um...
$anvil->data->{job}{progress} += 10;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0058,!!state_uuid!".$state_uuid."!!,!!host_uuid!".$state_host_uuid."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0058", variables => {
state_uuid => $state_uuid,
host_uuid => $state_host_uuid,
}});
next;
}
### NOTE: We don't need the line anymore, but we're not removing it yet.
# Pull out the details.
my $bad_file = "";
my $bad_line = "";
foreach my $pair (split/,/, $state_note)
{
my ($variable, $value) = ($pair =~ /^(.*?)=(.*)$/);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
pair => $pair,
variable => $variable,
value => $value,
}});
if ($variable eq "file")
{
$bad_file = $value;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { bad_file => $bad_file }});
}
if ($variable eq "line")
{
$bad_line = $value;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { bad_line => $bad_line }});
}
}
my ($target, $user) = ($state_name =~ /host_key_changed::(.*)::(.*)$/);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
target => $target,
user => $user,
bad_file => $bad_file,
bad_line => $bad_line,
}});
$anvil->data->{job}{progress} += 5;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0049,!!line!:".$bad_line."!!,!!file!".$bad_file."!!,!!target!".$target."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0049", variables => {
line => $bad_line,
file => $bad_file,
target => $target,
}});
# Read in the file, if it exists.
if (not -e $bad_file)
{
$anvil->data->{job}{progress} += 10;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0050,!!file!".$bad_file."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0050", variables => { file => $bad_file }});
# Remove this job and go on to the next bad key (if any).
delete_state($anvil, $state_uuid);
next;
}
# Read in the file
my ($old_body) = $anvil->Storage->read_file({file => $bad_file});
if ($old_body eq "!!error!!")
{
# Failed to read the file
$anvil->data->{job}{progress} += 10;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0052,!!file!".$bad_file."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0052", variables => { file => $bad_file }});
# Remove this job and go on to the next bad key (if any).
delete_state($anvil, $state_uuid);
next;
}
# Find our key
my $line_number = 0;
my $new_body = "";
my $update = 0;
foreach my $line (split/\n/, $old_body)
{
$line_number++;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
's1:line_number' => $line_number,
's2:bad_line' => $bad_line,
's3:line' => $line,
}});
# If the line starts with our target, remove it.
if ($line =~ /^$target /)
{
# Found it!
$anvil->data->{job}{progress} += 5;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0053,!!line!".$line_number."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0053", variables => { line => $line_number }});
$update = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { update => $update }});
}
else
{
$new_body .= $line."\n";
}
}
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
's1:old_body' => $old_body,
's2:new_body' => $new_body,
's3:update' => $update,
}});
if ($update)
{
# Write the file out.
$anvil->data->{job}{progress} += 5;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0055,!!file!".$bad_file."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0055", variables => { file => $bad_file }});
# Get the owning user and group.
my ($owning_uid, $owning_gid) = (stat($bad_file))[4,5];
my $owning_user = getpwuid($owning_uid);
my $owning_group = getpwuid($owning_gid);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
owning_uid => $owning_uid,
owning_gid => $owning_gid,
owning_user => $owning_user,
owning_group => $owning_group,
}});
my $error = $anvil->Storage->write_file({
body => $new_body,
debug => 2,
file => $bad_file,
overwrite => 1,
user => $owning_user,
group => $owning_group
});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, list => { error => $error }});
if ($error)
{
$anvil->data->{job}{progress} += 5;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0059,!!file!".$bad_file."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0059", variables => { file => $bad_file }});
}
else
{
# Success!
delete_state($anvil, $state_uuid);
$anvil->data->{job}{progress} += 5;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0060,!!file!".$bad_file."!!");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0060", variables => { file => $bad_file }});
}
}
}
}
return(0);
}
# Load the job data or exit
sub load_job_data
{
my ($anvil) = @_;
if (not $anvil->data->{switches}{'job-uuid'})
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0080"});
$anvil->nice_exit({exit_code => 1});
}
my $query = "SELECT job_data FROM jobs WHERE job_uuid = ".$anvil->Database->quote($anvil->data->{switches}{'job-uuid'}).";";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { query => $query }});
my $results = $anvil->Database->query({query => $query, source => $THIS_FILE, line => __LINE__});
my $count = @{$results};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
results => $results,
count => $count,
}});
if (not $count)
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0079", variables => {
job_uuid => $anvil->data->{switches}{'job-uuid'},
}});
$anvil->nice_exit({exit_code => 1});
}
# Pick up the data.
my $job_data = $results->[0]->[0];
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { job_data => $job_data }});
if (not $job_data)
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0081", variables => {
job_uuid => $anvil->data->{switches}{'job-uuid'},
}});
$anvil->nice_exit({exit_code => 1});
}
# Pick up the job.
$anvil->data->{job}{progress} = 0;
update_progress($anvil, 0, "clear");
$anvil->data->{job}{progress} += 5;
update_progress($anvil, $anvil->data->{job}{progress}, "job_0048");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "job_0048"});
# Break the job up.
$anvil->data->{state_uuids} = [];
foreach my $state_uuid (split/,/, $job_data)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { state_uuid => $state_uuid }});
if ($anvil->Validate->is_uuid({uuid => $state_uuid}))
{
push @{$anvil->data->{state_uuids}}, $state_uuid;
}
else
{
# Invalid, skip it.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, priority => "err", key => "error_0082", variables => {
state_uuid => $state_uuid,
}});
}
}
my $uuid_count = @{$anvil->data->{state_uuids}};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { uuid_count => $uuid_count }});
# Did I find any actual UUIDs?
if (not $uuid_count)
{
# Nope.
update_progress($anvil, 100, "error_0083");
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 2, key => "error_0083"});
}
return(0);
}
# This deletes a state entry.
sub delete_state
{
my ($anvil, $state_uuid) = @_;
# Delete it so long as we have a UUID.
if ($state_uuid)
{
my $query = "DELETE FROM states WHERE state_uuid = ".$anvil->Database->quote($state_uuid).";";
$anvil->Database->write({debug => 2, query => $query, source => $THIS_FILE, line => __LINE__});
}
return(0);
}
# This updates the progress if we were called with a job UUID.
sub update_progress
{
my ($anvil, $progress, $message) = @_;
$progress = 95 if $progress > 100;
# Log the progress percentage.
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
progress => $progress,
message => $message,
}});
$anvil->Job->update_progress({
debug => 3,
progress => $progress,
message => $message,
job_uuid => $anvil->data->{switches}{'job-uuid'},
});
return(0);
}