def lookup(cls, ldap_filter):
"""Lookup groups that match some filter criterium. Note that this will reaquire a second access later on.
@ldap_filter: LdapFilter instance or string describing such a filter.
@returns: list of cls instances that match the given filter criteria
"""
ldap_query = LdapQuery() # This should have been initialised earlier/elsewhere!
groups = ldap_query.group_filter_search(ldap_filter, attributes=['cn'])
return [cls(g['cn']) for g in groups if 'cn' in g]
def lookup(cls, ldap_filter):
"""Lookup groups that match some filter criterium. Note that this will reaquire a second access later on.
@ldap_filter: LdapFilter instance or string describing such a filter.
@returns: list of cls instances that match the given filter criteria
"""
ldap_query = LdapQuery(None) # This should have been initialised earlier/elsewhere!
groups = ldap_query.group_filter_search(ldap_filter, attributes=['cn'])
return [cls(g['cn']) for g in groups if 'cn' in g]
def main():
"""Main script."""
options = {
'nagios-check-interval-threshold':
NAGIOS_CHECK_INTERVAL_THRESHOLD,
'mail-report':
('mail a report to the hpc-admin list with job list for gracing or inactive users',
None, 'store_true', False),
}
opts = ExtendedSimpleOption(options)
try:
vsc_config = VscConfiguration(VSC_CONF_DEFAULT_FILENAME)
LdapQuery(vsc_config)
grace_users = get_user_with_status('grace')
inactive_users = get_user_with_status('inactive')
pbs_query = PBSQuery()
t = time.ctime()
jobs = pbs_query.getjobs() # we just get them all
removed_queued = remove_queued_jobs(jobs, grace_users, inactive_users)
removed_running = remove_running_jobs(jobs, inactive_users)
if opts.options.mail_report and not opts.options.dry_run:
if len(removed_queued) > 0 or len(removed_running) > 0:
mail_report(t, removed_queued, removed_running)
except Exception, err:
logger.exception("critical exception caught: %s" % (err))
opts.critical("Script failed in a horrible way")
sys.exit(NAGIOS_EXIT_CRITICAL)
def main():
options = {
'nagios-check-interval-threshold':
NAGIOS_CHECK_INTERVAL_THRESHOLD,
'start-timestamp':
("The timestamp form which to start, otherwise use the cached value",
None, "store", None),
'access_token':
('OAuth2 token identifying the user with the accountpage', None,
'store', None),
'account_page_url': ('url for the account page', None, 'store', None),
'start_timestamp':
('Timestamp to start the sync from', str, 'store', None),
}
# get access_token from conf file
ExtendedSimpleOption.CONFIGFILES_INIT = ['/etc/account_page.conf']
opts = ExtendedSimpleOption(options)
stats = {}
# Creating this here because this is a singleton class
_ = LdapQuery(VscConfiguration(VSC_CONF_DEFAULT_FILENAME))
(last_timestamp, start_time) = retrieve_timestamp_with_default(
SYNC_TIMESTAMP_FILENAME, start_timestamp=opts.options.start_timestamp)
logging.info("Using timestamp %s", last_timestamp)
logging.info("Using startime %s", start_time)
try:
parent_pid = os.fork()
logging.info("Forked.")
except OSError:
logging.exception("Could not fork")
parent_pid = 1
except Exception:
logging.exception("Oops")
parent_pid = 1
if parent_pid == 0:
try:
global logger
logger = fancylogger.getLogger(NAGIOS_HEADER)
# drop privileges in the child
try:
apache_uid = pwd.getpwnam('apache').pw_uid
apache_gid = grp.getgrnam('apache').gr_gid
os.setgroups([])
os.setgid(apache_gid)
os.setuid(apache_uid)
logging.info("Now running as %s" % (os.geteuid(), ))
except OSError:
logger.raiseException("Could not drop privileges")
client = AccountpageClient(token=opts.options.access_token,
url=opts.options.account_page_url +
'/api/')
syncer = LdapSyncer(client)
last = last_timestamp
altered_accounts = syncer.sync_altered_accounts(
last, opts.options.dry_run)
logging.debug("Altered accounts: %s", altered_accounts)
altered_groups = syncer.sync_altered_groups(
last, opts.options.dry_run)
logging.debug("Altered groups: %s" % altered_groups)
if not altered_accounts[ERROR] \
and not altered_groups[ERROR]:
logging.info("Child process exiting correctly")
sys.exit(0)
else:
logging.info("Child process exiting with status -1")
logging.warning("Error occured in %s" % ([
"%s: %s\n" % (k, v) for (k, v) in [
("altered accounts", altered_accounts[ERROR]),
("altered groups", altered_groups[ERROR]),
]
]))
sys.exit(-1)
except Exception:
logging.exception("Child caught an exception")
sys.exit(-1)
else:
# parent
(_, result) = os.waitpid(parent_pid, 0)
logging.info("Child exited with exit code %d" % (result, ))
if not result and not opts.options.dry_run:
(_, ldap_timestamp) = convert_timestamp(start_time)
write_timestamp(SYNC_TIMESTAMP_FILENAME, ldap_timestamp)
opts.epilogue("Synchronised LDAP users to the Django DB", stats)
else:
sys.exit(NAGIOS_EXIT_CRITICAL)
def main():
options = {
'nagios-check-interval-threshold':
NAGIOS_CHECK_INTERVAL_THRESHOLD,
'start-timestamp':
("The timestamp form which to start, otherwise use the cached value",
None, "store", None),
'access_token':
('OAuth2 token identifying the user with the accountpage', None,
'store', None),
'account_page_url': ('url for the account page', None, 'store', None),
}
# get access_token from conf file
ExtendedSimpleOption.CONFIGFILES_INIT = ['/etc/account_page.conf']
opts = ExtendedSimpleOption(options)
stats = {}
# Creating this here because this is a singleton class
_ = LdapQuery(VscConfiguration(VSC_CONF_DEFAULT_FILENAME))
last_timestamp = opts.options.start_timestamp
if not last_timestamp:
try:
last_timestamp = read_timestamp(SYNC_TIMESTAMP_FILENAME)
except Exception:
_log.warning("Something broke reading the timestamp from %s",
SYNC_TIMESTAMP_FILENAME)
last_timestamp = "201710230000Z"
_log.warning(
"We will resync from a hardcoded know working sync a while back : %s",
last_timestamp)
_log.info("Using timestamp %s", last_timestamp)
# record starttime before starting, and take a 10 sec safety buffer so we don't get gaps where users are approved
# in between the requesting of modified users and writing out the start time
start_time = datetime.datetime.now() + datetime.timedelta(seconds=-10)
_log.info("startime %s", start_time)
try:
parent_pid = os.fork()
_log.info("Forked.")
except OSError:
_log.exception("Could not fork")
parent_pid = 1
except Exception:
_log.exception("Oops")
parent_pid = 1
if parent_pid == 0:
try:
global _log
_log = fancylogger.getLogger(NAGIOS_HEADER)
# drop privileges in the child
try:
apache_uid = pwd.getpwnam('apache').pw_uid
apache_gid = grp.getgrnam('apache').gr_gid
os.setgroups([])
os.setgid(apache_gid)
os.setuid(apache_uid)
_log.info("Now running as %s" % (os.geteuid(), ))
except OSError:
_log.raiseException("Could not drop privileges")
client = AccountpageClient(token=opts.options.access_token,
url=opts.options.account_page_url +
'/api/')
syncer = LdapSyncer(client)
last = int(
(datetime.datetime.strptime(last_timestamp, "%Y%m%d%H%M%SZ") -
datetime.datetime(1970, 1, 1)).total_seconds())
altered_accounts = syncer.sync_altered_accounts(
last, opts.options.dry_run)
_log.debug("Altered accounts: %s", altered_accounts)
altered_groups = syncer.sync_altered_groups(
last, opts.options.dry_run)
_log.debug("Altered groups: %s" % altered_groups)
if not altered_accounts[ERROR] \
and not altered_groups[ERROR]:
_log.info("Child process exiting correctly")
sys.exit(0)
else:
_log.info("Child process exiting with status -1")
_log.warning("Error occured in %s" % ([
"%s: %s\n" % (k, v) for (k, v) in [
("altered accounts", altered_accounts[ERROR]),
("altered groups", altered_groups[ERROR]),
]
]))
sys.exit(-1)
except Exception:
_log.exception("Child caught an exception")
sys.exit(-1)
else:
# parent
(_, result) = os.waitpid(parent_pid, 0)
_log.info("Child exited with exit code %d" % (result, ))
if not result:
if not opts.options.start_timestamp:
(_, ldap_timestamp) = convert_timestamp(start_time)
if not opts.options.dry_run:
write_timestamp(SYNC_TIMESTAMP_FILENAME, ldap_timestamp)
else:
_log.info(
"Not updating the timestamp, since one was provided on the command line"
)
opts.epilogue("Synchronised LDAP users to the Django DB", stats)
else:
_log.info(
"Not updating the timestamp, since it was given on the command line for this run"
)
sys.exit(NAGIOS_EXIT_CRITICAL)