def remove_unused_from(dirname, fileutil, grace_seconds):
'''
Get a list of all files in the given directory that aren't opened and delete
them.
fileutil - full path of fileutil
grace_seconds - Even if a file isn't currently opened we consider it being
in-use if it has been accessed recently (less this many
seconds ago)
'''
if not dirname:
logging.error("Not given a directory to cleanup")
return
open_files_cmd = ("lsof +D %s -Fn" % dirname)
(status, output) = E.getstatusoutput(open_files_cmd)
#if status != E.ERR_OK:
# return
# lsof doesn't return 0 even on success, so ignore it
# lsof returns several lines for each file because multiple threads in a
# process could have it open. Get a list of unique files.
open_files = {}
for line in output.split():
if line[0] == 'n':
file = line[1:]
open_files[file] = 1
# Get a list of all files in the directory - not starting with .
all_files = glob.glob("%s/*" % dirname)
# Delete all unused files.
for file in all_files:
if file not in open_files:
try:
age = int(time.time()) - os.stat(file)[stat.ST_ATIME]
if age > grace_seconds:
logging.info('Removing unused file %s' % file)
(s,
o) = E.getstatusoutput("%s rm -f %s" % (fileutil, file))
# If fileutil can't delete it for any reason, nuke it directly
# And its attribute file.
if os.path.exists(file):
os.remove(file)
os.remove(
'%s/.attr.plain.%s' %
(os.path.dirname(file), os.path.basename(file)))
else:
logging.info('Ignoring unused file %s of age %s seconds' %
(file, age))
continue
except OSError:
# File got deleted since we ran glob? Ignore away.
continue
def remove_unused_from(dirname, fileutil, grace_seconds):
'''
Get a list of all files in the given directory that aren't opened and delete
them.
fileutil - full path of fileutil
grace_seconds - Even if a file isn't currently opened we consider it being
in-use if it has been accessed recently (less this many
seconds ago)
'''
if not dirname:
logging.error("Not given a directory to cleanup")
return
open_files_cmd = ("lsof +D %s -Fn" % dirname)
(status, output) = E.getstatusoutput(open_files_cmd)
#if status != E.ERR_OK:
# return
# lsof doesn't return 0 even on success, so ignore it
# lsof returns several lines for each file because multiple threads in a
# process could have it open. Get a list of unique files.
open_files = {}
for line in output.split():
if line[0] == 'n':
file = line[1:]
open_files[file] = 1
# Get a list of all files in the directory - not starting with .
all_files = glob.glob("%s/*" % dirname)
# Delete all unused files.
for file in all_files:
if file not in open_files:
try:
age = int(time.time()) - os.stat(file)[stat.ST_ATIME]
if age > grace_seconds:
logging.info('Removing unused file %s' % file)
(s, o) = E.getstatusoutput("%s rm -f %s" % (fileutil, file))
# If fileutil can't delete it for any reason, nuke it directly
# And its attribute file.
if os.path.exists(file):
os.remove(file)
os.remove('%s/.attr.plain.%s' %
(os.path.dirname(file), os.path.basename(file)))
else:
logging.info('Ignoring unused file %s of age %s seconds' % (file, age))
continue
except OSError:
# File got deleted since we ran glob? Ignore away.
continue
def getcertinfo(self, whichcert):
""" returns information about the currently installed,
or the staging certificate whichCert is "staging", or "installed"
returns
0
hostname
organizational unit
organization
locality
state
country
email
notValidBefore date
notValidAfter date
on success, or
1
on failure"""
retcode, result = E.getstatusoutput(
"%s getcertinfo %s %s" % (self.sslWrapperPath, whichcert, self.cfg.getGlobalParam("ENTERPRISE_HOME"))
)
if retcode == 0:
return "0\n%s" % result
else:
logging.info("Couldn't get cert info for %s: %s" % (whichcert, result))
return "1"
def run(self):
i = self.n
while i < len(self.jobs):
(cfg, gwssers, site, testwords, epochs, num) = self.jobs[i]
i = i + NUM_THREADS
# do the tests on all gwssers - do 2 tries, 15 seconds apart
max_epoch_site = -1
for (gws, port) in gwssers:
cmd = ". %s; cd %s/local/google3/enterprise/legacy/checks && "\
"./gws_production_check.py %s %d %s %s %s %d" % (
cfg.getGlobalParam('ENTERPRISE_BASHRC'),
cfg.entHome,
commands.mkarg(gws),
port,
commands.mkarg(site),
commands.mkarg(testwords),
commands.mkarg(string.join(map(str, epochs), ",")),
num)
logging.info("Executing %s" % cmd)
(err, msgs) = E.getstatusoutput(cmd)
max_epoch = None; errors = None
exec("(max_epoch, errors) = %s" % msgs)
if max_epoch > max_epoch_site:
max_epoch_site = max_epoch
if errors:
self.errors[site] = errors
self.max_epochs[site] = max_epoch_site
os.remove(testwords)
def getcertinfo(self, whichcert):
""" returns information about the currently installed,
or the staging certificate whichCert is "staging", or "installed"
returns
0
hostname
organizational unit
organization
locality
state
country
email
notValidBefore date
notValidAfter date
on success, or
1
on failure"""
retcode, result = E.getstatusoutput(
"%s getcertinfo %s %s" %
(self.sslWrapperPath, whichcert,
self.cfg.getGlobalParam("ENTERPRISE_HOME")))
if retcode == 0:
return "0\n%s" % result
else:
logging.info("Couldn't get cert info for %s: %s" % (whichcert, result))
return "1"
def gencert(self, hostname, orgunit, organization, locality, state, country, emailaddr):
""" Generates a self-signed SSL certificate
returns:
0
on success, or
1
on failure
"""
self.updatelock.acquire()
try:
retcode, result = E.getstatusoutput(
"secure_script_wrapper -p2 %s gencert %s %s %s %s %s %s %s %s"
% (
self.sslWrapperPath,
self.cfg.getGlobalParam("ENTERPRISE_HOME"),
# orgunit always starts with an X because it can be empty
commands.mkarg(hostname),
commands.mkarg(orgunit[1:]),
commands.mkarg(organization),
commands.mkarg(locality),
commands.mkarg(state),
commands.mkarg(country),
commands.mkarg(emailaddr),
)
)
finally:
self.updatelock.release()
if retcode != 0:
logging.error("Couldn't generate certificate for host %s: %s" % (hostname, result))
return retcode != 0
def gencert(self, hostname, orgunit, organization, locality, state, country,
emailaddr):
""" Generates a self-signed SSL certificate
returns:
0
on success, or
1
on failure
"""
self.updatelock.acquire()
try:
retcode, result = E.getstatusoutput(
"secure_script_wrapper -p2 %s gencert %s %s %s %s %s %s %s %s" %
(self.sslWrapperPath,
self.cfg.getGlobalParam("ENTERPRISE_HOME"),
# orgunit always starts with an X because it can be empty
commands.mkarg(hostname), commands.mkarg(orgunit[1:]),
commands.mkarg(organization), commands.mkarg(locality),
commands.mkarg(state), commands.mkarg(country),
commands.mkarg(emailaddr)))
finally:
self.updatelock.release()
if retcode != 0:
logging.error("Couldn't generate certificate for host %s: %s" %
(hostname, result))
return retcode != 0
def Reconnect(self):
"""Disconnect and then connect all the federated sessions.
Returns:
0 for Success (inclduing result string).
1 for Error.
"""
fed_client_reactivate_cmd = (
'/etc/rc.d/init.d/fed_network_client_%s restart' % (
self.cfg.getGlobalParam('VERSION')))
logging.info('Executing Client Reconnect Command: %s' % (
fed_client_reactivate_cmd))
# Executing command fed_network_client restart to
# reconnect federated client network.
retcode, result = E.getstatusoutput(
'secure_script_wrapper -e %s' % (
fed_client_reactivate_cmd)
)
if not retcode:
logging.info('0\n%s' % (result))
else:
logging.info('Could not reconnect Federation Network: %s' % (result))
return '1'
fed_server_reactivate_cmd = '/etc/rc.d/init.d/fed_network_%s stop' % (
self.cfg.getGlobalParam('VERSION'))
logging.info('Executing server stop command: %s' % (
fed_server_reactivate_cmd))
# Executing command fed_network restart to start the server.
retcode, result = E.getstatusoutput(
'secure_script_wrapper -e %s' % (
fed_server_reactivate_cmd)
)
if not retcode:
return '0\n%s' % result
else:
logging.info('Could not start Federated Network Server: %s' % (result))
return '1'
def getcommonnames(self):
''' This return the concatenation of trusted CA\'s common names'''
retcode, result = E.getstatusoutput(
'%s getcommonnames %s' %
(self.sslWrapperPath, self.cfg.getGlobalParam('TRUSTED_CA_DIRNAME')))
retcode = retcode / 256
if retcode == 0:
return '0\n%s' % result
else:
logging.info('Error in getcommonnames %s' % result)
return '1'
def start(self, boxId):
""" start support call
"""
cmd = '%s --command=dstart' % self.supportWrapperPath
os.system(cmd)
# wait till daemon is ready
cmd = '%s --command=ready' % self.supportWrapperPath
while commands.getoutput(cmd) == '0':
pass
cmd = '%s --command=start --id=%s' % (self.supportWrapperPath, boxId);
retcode, output = E.getstatusoutput(cmd)
return output
def Reconnect(self):
"""Disconnect and then connect all the federated sessions.
Returns:
0 for Success (inclduing result string).
1 for Error.
"""
fed_client_reactivate_cmd = (
'/etc/rc.d/init.d/fed_network_client_%s restart' %
(self.cfg.getGlobalParam('VERSION')))
logging.info('Executing Client Reconnect Command: %s' %
(fed_client_reactivate_cmd))
# Executing command fed_network_client restart to
# reconnect federated client network.
retcode, result = E.getstatusoutput('secure_script_wrapper -e %s' %
(fed_client_reactivate_cmd))
if not retcode:
logging.info('0\n%s' % (result))
else:
logging.info('Could not reconnect Federation Network: %s' %
(result))
return '1'
fed_server_reactivate_cmd = '/etc/rc.d/init.d/fed_network_%s stop' % (
self.cfg.getGlobalParam('VERSION'))
logging.info('Executing server stop command: %s' %
(fed_server_reactivate_cmd))
# Executing command fed_network restart to start the server.
retcode, result = E.getstatusoutput('secure_script_wrapper -e %s' %
(fed_server_reactivate_cmd))
if not retcode:
return '0\n%s' % result
else:
logging.info('Could not start Federated Network Server: %s' %
(result))
return '1'
def GetInitState(entcfg):
"""Returns System's initialization state. For oneway, it is the value of
C.ENT_SYSTEM_INIT_STATE and for clusters, it is the value stored in chubby
file /ls/ent<version>/ENT_SYTEM_INIT_STATE.
If chubby file is non existent, it returns state C.FRESH.
@param entcfg - of type googleconfig.
@return - state
"""
# oneway?
if 1 == len(core_utils.GetNodes()):
return entcfg.var(C.ENT_SYSTEM_INIT_STATE)
# For cluster, get the state from chubby.
version = entcfg.var('VERSION')
lockserv_cmd_prefix = core_utils.GetLSClientCmd(version, is_test(version))
chubby_root_dir = '/ls/%s' % core_utils.GetCellName(version)
# Verify that chubby is functional. We do not want to accidentally return
# FRESH state that can result in total wipe out of data.
ls_cmd = '%s ls %s' % (lockserv_cmd_prefix, chubby_root_dir)
(status, output) = E.getstatusoutput(ls_cmd)
if E.ERR_OK != status:
logging.fatal('GetInitState: Could not talk to chubby.')
return None
cat_cmd = '%s cat %s/%s' % (lockserv_cmd_prefix, chubby_root_dir,
'ENT_SYSTEM_INIT_STATE')
(status, state) = E.getstatusoutput(cat_cmd)
if E.ERR_OK != status:
# For fresh install, file init_state won't exist in chubby yet.
# Hence, consider this as a FRESH state.
state = C.FRESH
logging.info('current system init state: %s', state)
return state
def getcsr(self):
""" Returns a certificate request
returns:
0
numbytes
content
on success, and
1
on failure
"""
retcode, result = E.getstatusoutput(
"secure_script_wrapper -p2 %s getcsr %s" % (self.sslWrapperPath, self.cfg.getGlobalParam("ENTERPRISE_HOME"))
)
if retcode != 0:
logging.error("Couldn't generate CSR: %s" % result)
return "1"
return "0\n%d\n%s" % (len(result), result)
def getcsr(self):
""" Returns a certificate request
returns:
0
numbytes
content
on success, and
1
on failure
"""
retcode, result = E.getstatusoutput(
"secure_script_wrapper -p2 %s getcsr %s" %
(self.sslWrapperPath,
self.cfg.getGlobalParam("ENTERPRISE_HOME")))
if retcode != 0:
logging.error("Couldn't generate CSR: %s" % result)
return "1"
return "0\n%d\n%s" % (len(result), result)
def hascrl(self, hashData):
''' Check if has CRL with given issuer hash '''
answer = []
for hash in hashData.split('\n'):
if hash == '':
break
retcode, result = E.getstatusoutput(
'%s hascrl %s %s' %
(self.sslWrapperPath, hash,
self.cfg.getGlobalParam('CRL_DIRNAME')))
retcode = retcode / 256
if retcode != -1:
answer.append('%d' % retcode)
else:
logging.error(result)
return '1'
return '0\n%s' % '\n'.join(answer)
def importcrl(self, crldata):
'''Import a CRL'''
if not os.path.exists(self.cfg.getGlobalParam('CRL_DIRNAME')):
os.mkdir(self.cfg.getGlobalParam('CRL_DIRNAME'))
tempfilename = os.path.join(
self.cfg.getGlobalParam('CRL_DIRNAME'), 'temp')
retcode = 0
self.updatelock.acquire()
try:
try:
open(tempfilename, 'w').write(crldata)
except IOError:
logging.error('Could not write CRL data to [%s]' % tempfilename)
return '-4'
retcode, result = E.getstatusoutput(
'%s importcrl %s %s %s' %
(self.sslWrapperPath, tempfilename,
self.cfg.getGlobalParam('TRUSTED_CA_DIRNAME'),
self.cfg.getGlobalParam('CRL_DIRNAME')
))
retcode = retcode / 256
if retcode != 0:
return result
retcode = self._distributeFiles(self.cfg.getGlobalParam('CRL_DIRNAME'))
if retcode != 0:
logging.error('Error distributing CRL file: %d' % retcode)
return str(retcode)
finally:
if os.path.exists(tempfilename):
E.rm(['localhost'], tempfilename)
self.updatelock.release()
return '0'
def importcas(self, cadata):
''' This will import the list of trusted CAs in @cadata'''
trusted_ca_dir = self.cfg.getGlobalParam('TRUSTED_CA_DIRNAME')
if not os.path.exists(trusted_ca_dir):
os.mkdir(trusted_ca_dir)
## write cadata to a temp file
tempfilename = os.path.join(trusted_ca_dir, 'temp')
self.updatelock.acquire()
try:
try:
open(tempfilename, 'w').write(cadata)
except IOError:
logging.error('Could not write CA data to [%s]' % tempfilename)
return '-4'
retcode, result = E.getstatusoutput(
'%s importcas %s %s' %
(self.sslWrapperPath, tempfilename, trusted_ca_dir))
retcode = retcode / 256
if retcode != 0:
return result
# distribute CA files to all nodes in the network.
retcode = self._distributeFiles(trusted_ca_dir)
if retcode != 0:
logging.error('Error distributing CA file: %d' % retcode)
return str(retcode)
finally:
## check for existence?
E.rm(['localhost'], tempfilename)
self.updatelock.release()
return '0'
def diagnosenet(self, diagTasks):
"""
read in a bunch of items to diagnose, perform the tests and then
return the results on the output stream.
"""
# TODO: not unittested diagnosenet
lines = string.split(diagTasks, "\n")
svr_mgr = self.cfg.globalParams.GetServerManager()
fsgw_set = svr_mgr.Set('fsgw')
fsgw_hosts = fsgw_set.Hosts()
fsgw_host = 'localhost'
if fsgw_hosts:
fsgw_host = fsgw_hosts[0]
cmd = DIAGNOSE_COMMAND % (
self.cfg.entHome,
commands.mkarg("%s\n%s" % (len(lines), diagTasks)),
self.cfg.entHome,
fsgw_host,
commands.mkarg("%s/networkdiag_out" %
(self.cfg.getGlobalParam("LOGDIR"))),
)
executed = 0
while not executed:
try:
err, out = E.getstatusoutput(cmd)
executed = 1
except IOError:
pass
# diagnoseIt! The script returns data (post-CommandPipe processing)
# in the form "status\ntuple1\ntuple2\n..." We're not concerned with
# faulty script output, and pass the response for the UI to deal with it.
return out
def diagnosenet(self, diagTasks):
"""
read in a bunch of items to diagnose, perform the tests and then
return the results on the output stream.
"""
# TODO: not unittested diagnosenet
lines = string.split(diagTasks, "\n")
svr_mgr = self.cfg.globalParams.GetServerManager()
fsgw_set = svr_mgr.Set('fsgw')
fsgw_hosts = fsgw_set.Hosts()
fsgw_host = 'localhost'
if fsgw_hosts:
fsgw_host = fsgw_hosts[0]
cmd = DIAGNOSE_COMMAND % (
self.cfg.entHome,
commands.mkarg("%s\n%s" % (len(lines), diagTasks)),
self.cfg.entHome,
fsgw_host,
commands.mkarg("%s/networkdiag_out" % (
self.cfg.getGlobalParam("LOGDIR"))),
)
executed = 0
while not executed:
try:
err, out = E.getstatusoutput(cmd)
executed = 1
except IOError:
pass
# diagnoseIt! The script returns data (post-CommandPipe processing)
# in the form "status\ntuple1\ntuple2\n..." We're not concerned with
# faulty script output, and pass the response for the UI to deal with it.
return out
def statusStr(self): """ get current status in string form """ cmd = '%s --command=statusStr' % self.supportWrapperPath retcode, output = E.getstatusoutput(cmd) return output
def status(self): """ get current status code """ cmd = '%s --command=status' % self.supportWrapperPath retcode, output = E.getstatusoutput(cmd) return output
def test(self): """ test suuport call connection """ cmd = '%s --command=test' % (self.supportWrapperPath); retcode, output = E.getstatusoutput(cmd) return output
def stop(self): """ stop support call """ cmd = '%s --command=stop' % self.supportWrapperPath retcode, output = E.getstatusoutput(cmd) return output
def mygetstatusoutput(self, cmd):
status, output = E.getstatusoutput(cmd)
if os.WIFEXITED(status):
return (os.WEXITSTATUS(status), output)
else:
return (status, output)
def main(argv):
# for cluster, gfs_aliases is passed as argv[6]
if len(argv) != 7 and len(argv) != 8:
sys.exit(__doc__)
# gse_kill_command is roughly based on the babysitter's kill code.
# The whole kill mechanism should be re-examined at some point.
gse_kill_command = (
'kill $(lsof -t -i :8000); sleep 3; '
'kill -9 $(lsof -t -i :8000); sleep 3; '
'kill -9 `ps axwwwwo pgid,pid,args | egrep "port=8000 " | egrep "java" | '
'fgrep -v "egrep" | cut -b1-6 | sort -n | uniq | sed "s/[0-9]/-&/"`; ')
if len(argv) == 8:
gfs_aliases = argv[7]
else:
gfs_aliases = ''
# LANG=en_US.utf-8 is specified so Java will use utf-8 as the default
# encoding.
# The maximum memory allowed for AdminConsole (-Xmx256m) directly
# limits the size of import/export files supported. However, if it
# set to 512m, other issues begin to appear, including adminrunner
# timing out while processing the request.
#
# For the 1GB Lite virtual GSA, we do not specify any -Xm? flags
# first, find out what product we are
config = {}
execfile('/etc/sysconfig/enterprise_config', config)
ent_product = config.get('ENT_CONFIG_TYPE', '')
gse_memory_flags = ' -Xms128m -Xmx256m '
if ent_product == 'LITE':
gse_memory_flags = ''
gse_restart_command = (
'su -c %s nobody' %
commands.mkarg(
'LD_LIBRARY_PATH=%s LANG=en_US.utf-8 '
'/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/bin/java '
'%s -Dswigdeps=EnterpriseAdminConsole_swigdeps.so '
'-classpath %s com.google.enterprise.servlets.EnterpriseAdminConsole '
'--port=8000 '
'--useripheader=X-User-Ip --secureheader=X-GFE-SSL --no_gwslog '
'--maxthreads=3 '
'--stderr_level=INFO %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s&')
% (('%(ENTERPRISE_HOME)s/local/google/bin/EnterpriseAdminConsole_libs'
% os.environ), # not mkarg, just a string for LD_LIBRARY_PATH
gse_memory_flags, # not mkarg, just a string for -Xm? flags
commands.mkarg(
'%(ENTERPRISE_HOME)s/local/google:'
'%(ENTERPRISE_HOME)s/local/google/bin/EnterpriseAdminConsole.jar'
% os.environ),
commands.mkarg(
'--propertyfile=%(ENTERPRISE_HOME)s/local/conf/config.txt'
% os.environ),
commands.mkarg(
'--contextbase=%(ENTERPRISE_HOME)s/local/googledata/html'
% os.environ),
commands.mkarg(
'--ipwhitelist=%(ENTERPRISE_HOME)s/local/conf/AdminConsole_ipwhitelist'
% os.environ),
'--nowhitelist_internal_networks --forbidden_code=404', # /varz security
commands.mkarg(
'--maxpostsize=%s'
% GSE_MAXPOSTSIZE),
commands.mkarg(
'--keystore=%(ENTERPRISE_HOME)s/local/conf/server.p12'
% os.environ),
commands.mkarg(
'--trustedca_path=%(ENTERPRISE_HOME)s/local/conf/certs'
% os.environ),
commands.mkarg(
'--crl_path=%(ENTERPRISE_HOME)s/local/conf/certs'
% os.environ),
commands.mkarg(
'--connector_config_dir=%(ENTERPRISE_HOME)s/local/conf/connector/'
% os.environ),
commands.mkarg('--sso_rules_log_file=%s' % argv[0]),
commands.mkarg('--sso_log_file=%s' % argv[1]),
commands.mkarg('--sso_serving_efe_log_file=%s' % argv[2]),
commands.mkarg('--sso_serving_headrequestor_log_file=%s' % argv[3]),
commands.mkarg('--gfs_aliases=%s' % gfs_aliases),
commands.mkarg('--bnsresolver_use_svelte=false'),
commands.mkarg('--external_web_ip=%s' % argv[4]),
commands.mkarg('--sitesearch_interface=%s' % argv[5]),
commands.mkarg('--license_notices=%s' % argv[6])))
# Check stunnel config
stunnel_config = ('''
cert = %(ENTERPRISE_HOME)s/local/conf/certs/server.crt
key = %(ENTERPRISE_HOME)s/local/conf/certs/server.key
chroot = %(ENTERPRISE_HOME)s/tmp
setuid = nobody
setgid = nobody
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = %(ENTERPRISE_HOME)s/logs/stunnel.log
ciphers = HIGH:MEDIUM:!MD5:!RC4:!RC2:!EXP:@STRENGTH
[https]
accept = 8443
connect = 8000
''' % os.environ)
stunnel_restart_command = (
'kill $(lsof -t -i :8443); sleep 3; '
'kill -9 $(lsof -t -i :8443); sleep 3; '
'echo %s | stunnel -fd 0 ' %
commands.mkarg(stunnel_config))
pidfile = E.GetPidFileName('loop_AdminConsole')
E.WritePidFile(pidfile)
while True:
# Check if GSE is running.
if not check_healthz.CheckHealthz(8000):
os.system(gse_kill_command)
os.system(gse_restart_command)
else:
# Check if stunnel is running.
stunnel_pid = E.ReadPidFile("%(ENTERPRISE_HOME)s/tmp/stunnel.pid" %
os.environ)
(status, output) = E.getstatusoutput("lsof -i:8443 -t")
if not output or int(output) != stunnel_pid:
os.system(stunnel_restart_command)
# Sleep for a while.
time.sleep(60)
def main(argv):
# for cluster, gfs_aliases is passed as argv[6]
if len(argv) != 7 and len(argv) != 8:
sys.exit(__doc__)
# gse_kill_command is roughly based on the babysitter's kill code.
# The whole kill mechanism should be re-examined at some point.
gse_kill_command = (
'kill $(lsof -t -i :8000); sleep 3; '
'kill -9 $(lsof -t -i :8000); sleep 3; '
'kill -9 `ps axwwwwo pgid,pid,args | egrep "port=8000 " | egrep "java" | '
'fgrep -v "egrep" | cut -b1-6 | sort -n | uniq | sed "s/[0-9]/-&/"`; ')
if len(argv) == 8:
gfs_aliases = argv[7]
else:
gfs_aliases = ''
# LANG=en_US.utf-8 is specified so Java will use utf-8 as the default
# encoding.
# The maximum memory allowed for AdminConsole (-Xmx256m) directly
# limits the size of import/export files supported. However, if it
# set to 512m, other issues begin to appear, including adminrunner
# timing out while processing the request.
#
# For the 1GB Lite virtual GSA, we do not specify any -Xm? flags
# first, find out what product we are
config = {}
execfile('/etc/sysconfig/enterprise_config', config)
ent_product = config.get('ENT_CONFIG_TYPE', '')
gse_memory_flags = ' -Xms128m -Xmx256m '
if ent_product == 'LITE':
gse_memory_flags = ''
gse_restart_command = (
'su -c %s nobody' % commands.mkarg(
'LD_LIBRARY_PATH=%s LANG=en_US.utf-8 '
'/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/bin/java '
'%s -Dswigdeps=EnterpriseAdminConsole_swigdeps.so '
'-classpath %s com.google.enterprise.servlets.EnterpriseAdminConsole '
'--port=8000 '
'--useripheader=X-User-Ip --secureheader=X-GFE-SSL --no_gwslog '
'--maxthreads=3 '
'--stderr_level=INFO %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s&'
) % (
('%(ENTERPRISE_HOME)s/local/google/bin/EnterpriseAdminConsole_libs'
% os.environ), # not mkarg, just a string for LD_LIBRARY_PATH
gse_memory_flags, # not mkarg, just a string for -Xm? flags
commands.mkarg(
'%(ENTERPRISE_HOME)s/local/google:'
'%(ENTERPRISE_HOME)s/local/google/bin/EnterpriseAdminConsole.jar'
% os.environ),
commands.mkarg(
'--propertyfile=%(ENTERPRISE_HOME)s/local/conf/config.txt' %
os.environ),
commands.mkarg(
'--contextbase=%(ENTERPRISE_HOME)s/local/googledata/html' %
os.environ),
commands.mkarg(
'--ipwhitelist=%(ENTERPRISE_HOME)s/local/conf/AdminConsole_ipwhitelist'
% os.environ),
'--nowhitelist_internal_networks --forbidden_code=404', # /varz security
commands.mkarg('--maxpostsize=%s' % GSE_MAXPOSTSIZE),
commands.mkarg(
'--keystore=%(ENTERPRISE_HOME)s/local/conf/server.p12' %
os.environ),
commands.mkarg(
'--trustedca_path=%(ENTERPRISE_HOME)s/local/conf/certs' %
os.environ),
commands.mkarg('--crl_path=%(ENTERPRISE_HOME)s/local/conf/certs' %
os.environ),
commands.mkarg(
'--connector_config_dir=%(ENTERPRISE_HOME)s/local/conf/connector/'
% os.environ),
commands.mkarg('--sso_rules_log_file=%s' % argv[0]),
commands.mkarg('--sso_log_file=%s' % argv[1]),
commands.mkarg('--sso_serving_efe_log_file=%s' % argv[2]),
commands.mkarg(
'--sso_serving_headrequestor_log_file=%s' % argv[3]),
commands.mkarg('--gfs_aliases=%s' % gfs_aliases),
commands.mkarg('--bnsresolver_use_svelte=false'),
commands.mkarg('--external_web_ip=%s' % argv[4]),
commands.mkarg('--sitesearch_interface=%s' % argv[5]),
commands.mkarg('--license_notices=%s' % argv[6])))
# Check stunnel config
stunnel_config = ('''
cert = %(ENTERPRISE_HOME)s/local/conf/certs/server.crt
key = %(ENTERPRISE_HOME)s/local/conf/certs/server.key
chroot = %(ENTERPRISE_HOME)s/tmp
setuid = nobody
setgid = nobody
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = %(ENTERPRISE_HOME)s/logs/stunnel.log
ciphers = HIGH:MEDIUM:!MD5:!RC4:!RC2:!EXP:@STRENGTH
[https]
accept = 8443
connect = 8000
''' % os.environ)
stunnel_restart_command = ('kill $(lsof -t -i :8443); sleep 3; '
'kill -9 $(lsof -t -i :8443); sleep 3; '
'echo %s | stunnel -fd 0 ' %
commands.mkarg(stunnel_config))
pidfile = E.GetPidFileName('loop_AdminConsole')
E.WritePidFile(pidfile)
while True:
# Check if GSE is running.
if not check_healthz.CheckHealthz(8000):
os.system(gse_kill_command)
os.system(gse_restart_command)
else:
# Check if stunnel is running.
stunnel_pid = E.ReadPidFile("%(ENTERPRISE_HOME)s/tmp/stunnel.pid" %
os.environ)
(status, output) = E.getstatusoutput("lsof -i:8443 -t")
if not output or int(output) != stunnel_pid:
os.system(stunnel_restart_command)
# Sleep for a while.
time.sleep(60)
