![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server
index 250e0080b376831bdaced8405381f5de7cfee7bb..9d0f7ad9935303f3d141d8cb1486d9942fe25890 100755 (executable)
--- a/gosa-si/gosa-si-server
+++ b/gosa-si/gosa-si-server
our (%cfg_defaults, $log_file, $pid_file,
$server_ip, $server_port, $ClientPackages_key,
$arp_activ, $gosa_unit_tag,
- $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
+ $GosaPackages_key, $gosa_timeout,
$foreign_server_string, $server_domain, $ServerPackages_key, $foreign_servers_register_delay,
$wake_on_lan_passwd, $job_synchronization, $modified_jobs_loop_delay,
+ $arp_enabled, $arp_interface,
+ $opsi_enabled, $opsi_server, $opsi_admin, $opsi_password,
);
# additional variable which should be globaly accessable
our $cfg_file;
our ($ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $ldap_server_dn);
-# dak variables
-our $dak_base_directory;
-our $dak_signing_keys_directory;
-our $dak_queue_directory;
-our $dak_user;
-
# specifies the verbosity of the daemon_log
$verbose = 0 ;
my $max_children = 2;
+# loop delay for job queue to look for opsi jobs
+my $job_queue_opsi_delay = 10;
+our $opsi_client;
+our $opsi_url;
+
+
+
%cfg_defaults = (
"general" => {
"log-file" => [\$log_file, "/var/run/".$prg.".log"],
"pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
},
"server" => {
+ "ip" => [\$server_ip, "0.0.0.0"],
"port" => [\$server_port, "20081"],
"known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
"known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
"wol-password" => [\$wake_on_lan_passwd, ""],
},
"GOsaPackages" => {
- "ip" => [\$gosa_ip, "0.0.0.0"],
- "port" => [\$gosa_port, "20082"],
"job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
"job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
"messaging-db-loop-delay" => [\$messaging_db_loop_delay, 3],
"key" => [\$GosaPackages_key, "none"],
- "dak-base" => [\$dak_base_directory, "/srv/archive"],
- "dak-keyring" => [\$dak_signing_keys_directory, "/srv/archive/keyrings"],
- "dak-queue" => [\$dak_queue_directory, "/srv/archive/queue"],
- "dak-user" => [\$dak_user, "deb-dak"],
},
"ClientPackages" => {
"key" => [\$ClientPackages_key, "none"],
"key-lifetime" => [\$foreign_servers_register_delay, 120],
"job-synchronization-enabled" => [\$job_synchronization, "true"],
"synchronization-loop" => [\$modified_jobs_loop_delay, 5],
-}
+ },
+"ArpHandler" => {
+ "enabled" => [\$arp_enabled, "true"],
+ "interface" => [\$arp_interface, "all"],
+ },
+"Opsi" => {
+ "enabled" => [\$opsi_enabled, "false"],
+ "server" => [\$opsi_server, "localhost"],
+ "admin" => [\$opsi_admin, "opsi-admin"],
+ "password" => [\$opsi_password, "secret"],
+ },
+
);
}
-#=== FUNCTION ================================================================
-# NAME: read_configfile
-# PARAMETERS: cfg_file - string -
-# RETURNS: nothing
-# DESCRIPTION: read cfg_file and set variables
-#===============================================================================
-sub read_configfile {
- my $cfg;
- if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
- if( -r $cfg_file ) {
- $cfg = Config::IniFiles->new( -file => $cfg_file );
- } else {
- print STDERR "Couldn't read config file!\n";
- }
- } else {
- $cfg = Config::IniFiles->new() ;
- }
- foreach my $section (keys %cfg_defaults) {
- foreach my $param (keys %{$cfg_defaults{ $section }}) {
- my $pinfo = $cfg_defaults{ $section }{ $param };
- ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
- }
- }
-}
-
-
#=== FUNCTION ================================================================
# NAME: logging
# PARAMETERS: level - string - default 'info'
return
}
chomp($msg);
- $msg =~s/\n//g; # no newlines are allowed in log messages, this is important for later log parsing
+ #$msg =~s/\n//g; # no newlines are allowed in log messages, this is important for later log parsing
if($level <= $verbose){
my ($seconds, $minutes, $hours, $monthday, $month,
$year, $weekday, $yearday, $sommertime) = localtime(time);
}
my $mod_name = $1;
+ # ArpHandler switch
if( $file =~ /ArpHandler.pm/ ) {
- if( $no_arp > 0 ) {
- next;
- }
+ if( $arp_enabled eq "false" ) { next; }
}
eval { require $file; };
}
}
}
+
close (DIR);
}
+#=== FUNCTION ================================================================
+# NAME: password_check
+# PARAMETERS: nothing
+# RETURNS: nothing
+# DESCRIPTION: escalates an critical error if two modules exist which are avaialable by
+# the same password
+#===============================================================================
+sub password_check {
+ my $passwd_hash = {};
+ while (my ($mod_name, $mod_info) = each %$known_modules) {
+ my $mod_passwd = @$mod_info[1];
+ if (not defined $mod_passwd) { next; }
+ if (not exists $passwd_hash->{$mod_passwd}) {
+ $passwd_hash->{$mod_passwd} = $mod_name;
+
+ # escalates critical error
+ } else {
+ &daemon_log("0 ERROR: two loaded modules do have the same password. Please modify the 'key'-parameter in config file");
+ &daemon_log("0 ERROR: module='$mod_name' and module='".$passwd_hash->{$mod_passwd}."'");
+ exit( -1 );
+ }
+ }
+
+}
+
#=== FUNCTION ================================================================
# NAME: sig_int_handler
# PARAMETERS: signal - string - signal arose from system
-# RETURNS: noting
+# RETURNS: nothing
# DESCRIPTION: handels tasks to be done befor signal becomes active
#===============================================================================
sub sig_int_handler {
}
};
if($@) {
- daemon_log("$session_id DEBUG: do not understand the message: $@", 7);
+ daemon_log("$session_id ERROR: do not understand the message: $@", 1);
$msg = undef;
$msg_hash = undef;
}
}
};
if($@) {
- daemon_log("$session_id WARNING: outgoing msg is not gosa-si envelope conform: ", 5);
- daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 5);
+ daemon_log("$session_id ERROR: outgoing msg is not gosa-si envelope conform: $@", 1);
+ daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 1);
$msg_hash = undef;
}
}
}
} else {
- daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
+ daemon_log("0 WARNING: get_local_ip_for_remote_ip() was called with a non-ip parameter: '$remote_ip'", 1);
}
return $result;
}
# opensocket
my $socket = &open_socket($address);
if( !$socket ) {
- daemon_log("$session_id ERROR: cannot send ".$header."msg to $address , host not reachable", 1);
+ daemon_log("$session_id WARNING: cannot send ".$header."msg to $address , host not reachable", 3);
$error++;
}
if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
# if an incoming msg could not be decrypted (maybe a wrong key), send client a ping. If the client
# could not understand a msg from its server the client cause a re-registering process
- daemon_log("$session_id INFO cannot understand incoming msg, send 'ping'-msg to all host with ip '".$heap->{remote_ip}.
- "' to cause a re-registering of the client if necessary", 5);
+ daemon_log("$session_id WARNING cannot understand incoming msg, send 'ping'-msg to all host with ip '".$heap->{remote_ip}.
+ "' to cause a re-registering of the client if necessary", 3);
my $sql_statement = "SELECT * FROM $main::known_clients_tn WHERE (hostname LIKE '".$heap->{'remote_ip'}."%')";
my $query_res = $known_clients_db->select_dbentry( $sql_statement );
while( my ($hit_num, $hit) = each %{ $query_res } ) {
my $hostname = $res->{1}->{'hostname'};
$msg =~ s/<target>$target<\/target>/<target>$hostname<\/target>/;
#print STDERR "target is a client address in known_clients -> process here\n";
+ my $local_address = &get_local_ip_for_remote_ip($target_ip).":$server_port";
+ if ($source eq "GOSA") {
+ $msg =~ s/<\/xml>/<forward_to_gosa>$local_address,$session_id<\/forward_to_gosa><\/xml>/;
+ }
+
} else {
$not_found_in_known_clients_db = 1;
}
if(exists $heap->{'client'}) {
$msg = &encrypt_msg($msg, $GosaPackages_key);
$heap->{'client'}->put($msg);
+ &daemon_log("$session_id INFO: incoming '$header' message forwarded to GOsa", 5);
}
$done = 1;
#print STDERR "target is own address with forward_to_gosa-tag pointing at myself -> forward to gosa\n";
&update_jobdb_status_for_send_msgs($answer, $error);
}
- # target of msg is a mac address
+ # Target of msg is a mac address
elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
- daemon_log("$session_id INFO: target is mac address '$answer_target', looking for host in known_clients", 5);
+ daemon_log("$session_id INFO: target is mac address '$answer_target', looking for host in known_clients and foreign_clients", 5);
my $sql_statement = "SELECT * FROM known_clients WHERE macaddress LIKE '$answer_target'";
my $query_res = $known_clients_db->select_dbentry( $sql_statement );
my $found_ip_flag = 0;
&update_jobdb_status_for_send_msgs($answer, $error);
$found_ip_flag++ ;
}
+ if ($found_ip_flag == 0) {
+ my $sql = "SELECT * FROM $foreign_clients_tn WHERE macaddress LIKE '$answer_target'";
+ my $res = $foreign_clients_db->select_dbentry($sql);
+ while( my ($hit_num, $hit) = each %{ $res } ) {
+ my $host_name = $hit->{hostname};
+ my $reg_server = $hit->{regserver};
+ daemon_log("$session_id INFO: found host '$host_name' with mac '$answer_target', registered at '$reg_server'", 5);
+
+ # Fetch key for reg_server
+ my $reg_server_key;
+ my $sql = "SELECT * FROM $known_server_tn WHERE hostname='$reg_server'";
+ my $res = $known_server_db->select_dbentry($sql);
+ if (exists $res->{1}) {
+ $reg_server_key = $res->{1}->{'hostkey'};
+ } else {
+ daemon_log("$session_id ERROR: cannot find hostkey for '$host_name' in '$known_server_tn'", 1);
+ daemon_log("$session_id ERROR: unable to forward answer to correct registration server, processing is aborted!", 1);
+ $reg_server_key = undef;
+ }
+
+ # Send answer to server where client is registered
+ if (defined $reg_server_key) {
+ $answer =~ s/$answer_target/$host_name/g;
+ my $error = &send_msg_to_target($answer, $reg_server, $reg_server_key, $answer_header, $session_id);
+ &update_jobdb_status_for_send_msgs($answer, $error);
+ $found_ip_flag++ ;
+ }
+ }
+ }
if( $found_ip_flag == 0) {
daemon_log("$session_id WARNING: no host found in known_clients with mac address '$answer_target'", 3);
}
- # answer is for one specific host
+ # Answer is for one specific host
} else {
# get encrypt_key
my $encrypt_key = &get_encrypt_key($answer_target);
$kernel->delay_set('watch_for_done_messages', $messaging_db_loop_delay);
$kernel->delay_set('watch_for_old_known_clients', $job_queue_loop_delay);
+ # Start opsi check
+ if ($opsi_enabled eq "true") {
+ $kernel->delay_set('watch_for_opsi_jobs', $job_queue_opsi_delay);
+ }
}
}
-# if a job got an update or was modified anyway, send to all other si-server an update message
-# of this jobs
+sub watch_for_opsi_jobs {
+ my ($kernel) = $_[KERNEL];
+
+ # This is not very nice to look for opsi install jobs, but headertag has to be trigger_action_reinstall. The only way to identify a
+ # opsi install job is to parse the xml message. There is still the correct header.
+ my $sql_statement = "SELECT * FROM ".$job_queue_tn." WHERE ((xmlmessage LIKE '%opsi_install_client</header>%') AND (status='processing') AND (siserver='localhost'))";
+ my $res = $job_db->select_dbentry( $sql_statement );
+
+ # Ask OPSI for an update of the running jobs
+ while (my ($id, $hit) = each %$res ) {
+ # Determine current parameters of the job
+ my $hostId = $hit->{'plainname'};
+ my $macaddress = $hit->{'macaddress'};
+ my $progress = $hit->{'progress'};
+
+ my $result= {};
+
+ # For hosts, only return the products that are or get installed
+ my $callobj;
+ $callobj = {
+ method => 'getProductStates_hash',
+ params => [ $hostId ],
+ id => 1,
+ };
+
+ my $hres = $opsi_client->call($opsi_url, $callobj);
+ #my ($hres_err, $hres_err_string) = &check_opsi_res($hres);
+ if (not &check_opsi_res($hres)) {
+ my $htmp= $hres->result->{$hostId};
+
+ # Check state != not_installed or action == setup -> load and add
+ my $products= 0;
+ my $installed= 0;
+ my $installing = 0;
+ my $error= 0;
+ my @installed_list;
+ my @error_list;
+ my $act_status = "none";
+ foreach my $product (@{$htmp}){
+
+ if ($product->{'installationStatus'} ne "not_installed" or
+ $product->{'actionRequest'} eq "setup"){
+
+ # Increase number of products for this host
+ $products++;
+
+ if ($product->{'installationStatus'} eq "failed"){
+ $result->{$product->{'productId'}}= "error";
+ unshift(@error_list, $product->{'productId'});
+ $error++;
+ }
+ if ($product->{'installationStatus'} eq "installed" && $product->{'actionRequest'} eq "none"){
+ $result->{$product->{'productId'}}= "installed";
+ unshift(@installed_list, $product->{'productId'});
+ $installed++;
+ }
+ if ($product->{'installationStatus'} eq "installing"){
+ $result->{$product->{'productId'}}= "installing";
+ $installing++;
+ $act_status = "installing - ".$product->{'productId'};
+ }
+ }
+ }
+
+ # Estimate "rough" progress, avoid division by zero
+ if ($products == 0) {
+ $result->{'progress'}= 0;
+ } else {
+ $result->{'progress'}= int($installed * 100 / $products);
+ }
+
+ # Set updates in job queue
+ if ((not $error) && (not $installing) && ($installed)) {
+ $act_status = "installed - ".join(", ", @installed_list);
+ }
+ if ($error) {
+ $act_status = "error - ".join(", ", @error_list);
+ }
+ if ($progress ne $result->{'progress'} ) {
+ # Updating progress and result
+ my $update_statement = "UPDATE $job_queue_tn SET modified='1', progress='".$result->{'progress'}."', result='$act_status' WHERE macaddress='$macaddress' AND siserver='localhost'";
+ my $update_res = $job_db->update_dbentry($update_statement);
+ }
+ if ($progress eq 100) {
+ # Updateing status
+ my $done_statement = "UPDATE $job_queue_tn SET modified='1', ";
+ if ($error) {
+ $done_statement .= "status='error'";
+ } else {
+ $done_statement .= "status='done'";
+ }
+ $done_statement .= " WHERE macaddress='$macaddress' AND siserver='localhost'";
+ my $done_res = $job_db->update_dbentry($done_statement);
+ }
+
+
+ }
+ }
+
+ $kernel->delay_set('watch_for_opsi_jobs', $job_queue_opsi_delay);
+}
+
+
+# If a job got an update or was modified anyway, send to all other si-server an update message of this jobs.
sub watch_for_modified_jobs {
my ($kernel,$heap) = @_[KERNEL, HEAP];
}
-
sub watch_for_new_messages {
my ($kernel,$heap) = @_[KERNEL, HEAP];
my @coll_user_msg; # collection list of outgoing messages
);
$dt->add( seconds => 2 * int($hit->{'keylifetime'}) );
- $expired_timestamp = $dt->ymd('').$dt->hms('')."\n";
+ $expired_timestamp = $dt->ymd('').$dt->hms('');
if ($act_time > $expired_timestamp) {
my $hostname = $hit->{'hostname'};
my $del_sql = "DELETE FROM $known_clients_tn WHERE hostname='$hostname'";
sub run_recreate_packages_db {
my ($kernel, $session, $heap) = @_[KERNEL, SESSION, HEAP];
my $session_id = $session->ID;
- &main::daemon_log("$session_id INFO: Recreating FAI Packages DB ('$fai_release_tn', '$fai_server_tn', '$packages_list_tn')", 4);
- $kernel->yield('create_fai_release_db');
- $kernel->yield('create_fai_server_db');
+ &main::daemon_log("$session_id INFO: Recreating FAI Packages DB ('$fai_release_tn', '$fai_server_tn', '$packages_list_tn')", 5);
+ $kernel->yield('create_fai_release_db', $fai_release_tn);
+ $kernel->yield('create_fai_server_db', $fai_server_tn);
return;
}
close (CONFIG);
+
find(\&cleanup_and_extract, keys( %repo_dirs ));
&main::strip_packages_list_statements();
unshift @packages_list_statements, "VACUUM";
if( -f "$dir/DEBIAN/templates" ) {
- daemon_log("DEBUG: Found debconf templates in '$package' - $newver", 5);
+ daemon_log("DEBUG: Found debconf templates in '$package' - $newver", 7);
my $tmpl= "";
{
# read and set config parameters
&check_cmdline_param ;
-&read_configfile;
+&read_configfile($cfg_file, %cfg_defaults);
&check_pid;
$SIG{CHLD} = 'IGNORE';
# Try our DNS Searchlist
for my $domain(get_dns_domains()) {
chomp($domain);
- my @tmp_domains= &get_server_addresses($domain);
- if(@tmp_domains) {
- for my $tmp_server(@tmp_domains) {
+ my ($tmp_domains, $error_string) = &get_server_addresses($domain);
+ if(@$tmp_domains) {
+ for my $tmp_server(@$tmp_domains) {
push @tmp_servers, $tmp_server;
}
}
}
+# Import all modules
+&import_modules;
+
+# Check wether all modules are gosa-si valid passwd check
+&password_check;
+
+# Prepare for using Opsi
+if ($opsi_enabled eq "true") {
+ use JSON::RPC::Client;
+ use XML::Quote qw(:all);
+ $opsi_url= "https://".$opsi_admin.":".$opsi_password."@".$opsi_server.":4447/rpc";
+ $opsi_client = new JSON::RPC::Client;
+}
+
+
POE::Component::Server::TCP->new(
Alias => "TCP_SERVER",
Port => $server_port,
watch_for_new_jobs => \&watch_for_new_jobs,
watch_for_modified_jobs => \&watch_for_modified_jobs,
watch_for_done_jobs => \&watch_for_done_jobs,
+ watch_for_opsi_jobs => \&watch_for_opsi_jobs,
watch_for_old_known_clients => \&watch_for_old_known_clients,
create_packages_list_db => \&run_create_packages_list_db,
create_fai_server_db => \&run_create_fai_server_db,
);
-# import all modules
-&import_modules;
-
-# TODO
-# check wether all modules are gosa-si valid passwd check
-
-
-
POE::Kernel->run();
exit;