def read_taskserver_port(cls):
try:
jvmopts = jvm_options.read()
taskServerPort = jvm_options.get_property(jvmopts, cls.taskserverPortProperty, cls.taskserverPortRegex)
if taskServerPort:
return taskServerPort
else:
return cls.defaultPort
except Exception as ex:
logger.error('unable to read vmopts file, use default port 8080, error info: [%s]' % ex)
return cls.defaultPort
def handler_wrapper(url, message, **kwargs):
logger.debug('action=sending_request url=%s message=%s kwargs=%s',
url, message, kwargs)
try:
return custom_handler(url, message, **kwargs)
except ssl.SSLError:
message = 'Unable to communicate with Splunkd. ' \
'If you enable requireClientCert please make sure certs folder contains privkey.pem and cert.pem files. ' \
'Also make sure cert.pem has been signed by the root CA used by Splunkd.'
logger.error(message, exc_info=True)
raise ssl.SSLError(message)
def read_vmopts(self, content):
content['jvmOptions'] = ''
content['taskServerPort'] = self.defaultPort
try:
jvmopts = jvm_options.read()
content['jvmOptions'] = jvmopts
taskServerPort = jvm_options.get_property(jvmopts, self.taskserverPortProperty, self.taskserverPortRegex)
if taskServerPort:
content['taskServerPort'] = int(taskServerPort)
except Exception as ex:
logger.error('unable to read vmopts file [%s]' % ex)
raise
def get_private_key(key_path=None):
''' load local instance private key and return rsa instance '''
try:
if (key_path is None):
key_path = PRIV_KEY_PATH
logger.debug("Loading private key from: %s" %
os.path.expandvars(key_path))
return RSA.load_key(key_path)
except Exception, ex:
logger.error('unable to load private key %s' % key_path)
logger.debug(ex)
return None
def _update_server_log_level_in_file(self, server_log_level):
logger.debug("action=try_to_update_server_log_level %s" % str(server_log_level))
try:
jvmopts = jvm_options.read()
logger.debug("action=read_vmopts_from_file vmopts=%s" % jvmopts)
for (module, level) in server_log_level.items():
property = self.server_module_info[module]["property"]
regex = self.server_module_info[module]["regex"]
jvmopts = jvm_options.set_property(jvmopts, property, regex, level)
jvm_options.write(jvmopts)
except Exception as ex:
logger.error('unable to update vmopts file [%s]' % ex)
raise
def _execute(self, cmd):
process = subprocess.Popen(cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
(result, error) = process.communicate()
rc = process.wait()
if rc != 0:
logger.error("action=failed_to_execute_command:{} error={}".format(
cmd, error))
return rc, result
def _check_java_server_configuration_health(self):
# check if server.jar exists
final_status = Status.OK
final_details = []
logger.info("check the existence of server.jar")
path_to_server_jar = os.path.join(self.path_to_app, "jars",
"server.jar")
if not os.path.isfile(path_to_server_jar):
detail = "{} does not exist".format(path_to_server_jar)
final_status = Status.ERROR
final_details.append(detail)
return self._create_health_check_result(final_status,
final_details)
# check whether it can be successfully registered to Splunk
logger.info(
"check whether the [server://default] modular input is registered successfully"
)
input_url = "https://{}/services/data/modular-inputs/server".format(
self.hostPath)
try:
response = requests.get(
url=input_url,
headers={'Authorization': ('Splunk %s' % self.sessionKey)},
verify=False)
if response.status_code != 200:
final_status = Status.ERROR
final_details.append(
"The modular input to start the Java Server failed to be registered to Splunk"
)
return self._create_health_check_result(
final_status, final_details)
except Exception as ex:
logger.error(
"action=fail_to_send_request_to_get_health_check_result", ex)
final_status = Status.ERROR
final_details.append(
"The modular input to start the Java Server failed to be registered to Splunk"
)
return self._create_health_check_result(final_status,
final_details)
# check the availability of java server
logger.debug("check the availability of java server")
status, result = self._check_java_server_availability()
if status != Status.OK:
return self._create_health_check_result(status, result)
return self._create_health_check_result(final_status, final_details)
def update_vmopts(self, content):
try:
jvmopts = content.pop('jvmOptions', '') # jvmOptions may contain taskServerPort settings
taskServerPort = content.pop('taskServerPort', self.defaultPort)
logger.debug('action=get_vmopts_from_postdata, jvmOptions: [%s], taskServerPort: [%s]'
% (jvmopts, taskServerPort))
if not isinstance(taskServerPort, int):
raise Exception("task server port must be a int value")
if taskServerPort < 1024 or taskServerPort > 65535:
raise Exception('task server port must be a number in [1024, 65535]')
jvmopts = jvm_options.set_property(jvmopts, self.taskserverPortProperty, self.taskserverPortRegex, str(taskServerPort))
jvm_options.write(jvmopts)
except Exception as ex:
logger.error('unable to update vmopts file [%s]' % ex)
raise
def call_peer(remote_host, remote_user, local_host, local_user, ts, nonce,
signature):
#DBX-2442
if not utils.validateHostName(remote_host):
logger.debug("invalid remote_host")
return None
if not utils.validateHostName(local_host):
logger.debug("invalid local_host")
return None
if not utils.validateUserName(remote_user):
logger.debug("invalid remote_user")
return None
if not utils.validateUserName(local_user):
logger.debug("invalid local_user")
return None
''' make remote REST call to retreive foreign sessionKey '''
postargs = {
'name': '_create',
USERID: local_user,
PEERNAME: local_host,
USERNAME: remote_user,
TS: ts,
NONCE: nonce,
SIGNATURE: signature
}
logger.debug('call peer: remote_host=%s postargs=%s' %
(remote_host, postargs))
resp, cont = rest.simpleRequest(remote_host + AUTH_TOKENS_ENDPOINT,
postargs=postargs)
if resp.status not in [200, 201]:
logger.error('unable to get session key from remote peer %s' %
remote_host)
return None
try:
atomEntry = rest.format.parseFeedDocument(cont)
logger.debug('response from peer:\n%s' % atomEntry.toPrimitive())
ret = atomEntry.toPrimitive()[remote_user][remote_user]
return ret
except Exception, ex:
logger.error('unable to parse response from remote peer %s' %
remote_host)
logger.exception(ex)
return None
def update_dbx_java_home(self, javaHome):
app_dir = get_app_path()
java_path_darwin = os.path.join(app_dir, "darwin_x86_64", "bin",
self.customized_java_path)
java_path_linux32 = os.path.join(app_dir, "linux_x86", "bin",
self.customized_java_path)
java_path_linux64 = os.path.join(app_dir, "linux_x86_64", "bin",
self.customized_java_path)
java_path_win32 = os.path.join(app_dir, "windows_x86", "bin",
self.customized_java_path)
java_path_win64 = os.path.join(app_dir, "windows_x86_64", "bin",
self.customized_java_path)
java_home_files = [{
"filename": java_path_darwin,
"suffix": "/bin/java"
}, {
"filename": java_path_linux32,
"suffix": "/bin/java"
}, {
"filename": java_path_linux64,
"suffix": "/bin/java"
}, {
"filename": java_path_win32,
"suffix": "\\bin\\java.exe"
}, {
"filename": java_path_win64,
"suffix": "\\bin\\java.exe"
}]
for java_home_file in java_home_files:
try:
with open(java_home_file["filename"], "w") as file:
file.write(javaHome + java_home_file["suffix"])
logger.info('update java path file [%s]' %
java_home_file["filename"])
except IOError as er:
logger.error('unable to update java path file [%s]' %
java_home_file["filename"])
raise
def set_certificate(remote_host, local_host, local_cert, sessionKey):
#DBX-2442
if not utils.validateHostName(remote_host):
raise Exception("invalid remote_host")
if not utils.validateHostName(local_host):
raise Exception("invalid local_host")
postargs = {PEERNAME: local_host, CERTIFICATE: local_cert}
logger.debug('set_certificate: remote_host=%s postargs=%s' %
(remote_host, postargs))
resp, cont = rest.simpleRequest(remote_host + AUTH_CERT_ENDPOINT + '/' +
local_host,
sessionKey=sessionKey,
postargs=postargs)
if resp.status not in [200, 201]:
logger.error('unable to post certificate to remote peer %s %d' %
(remote_host, resp.status))
raise Exception('posting certificate to remote peer failed')
return
def _check_java_server_availability(self):
taskserver_status_url = "https://{}/servicesNS/{}/splunk_app_db_connect/db_connect/dbxproxy/taskserver" \
.format(self.hostPath, self.userName)
status = Status.OK
detail = ''
try:
response = requests.get(
url=taskserver_status_url,
headers={'Authorization': ('Splunk %s' % self.sessionKey)},
verify=False)
if response.status_code != 200:
logger.error(
"action=check_java_server_availability_failed error={}".
format(taskserver_status_url, response.content))
status = Status.ERROR
detail = response.content
except Exception as ex:
logger.error("action=check_java_server_availability_failed", ex)
status = Status.ERROR
detail = ex
return status, detail
def _forward_request_to_proxy(self):
status, result = self._check_java_server_availability()
if status != Status.OK:
return self._create_health_check_result(status, result)
forward_url = "https://{}/servicesNS/{}/splunk_app_db_connect/{}/dbxproxy/{}" \
.format(self.hostPath, self.userName, self.pathParts[1], "/".join(self.pathParts[2:]))
try:
response = requests.get(
url=forward_url,
headers={'Authorization': ('Splunk %s' % self.sessionKey)},
verify=False)
if response.status_code != 200:
logger.warn(
"action=fail_to_send_request_to_get_health_check_result url={} status_code={} content={}"
.format(forward_url, response.status_code,
response.content))
raise Exception(
"fail to get health check result from server url={} status_code={} content={}"
.format(forward_url, response.status_code,
response.content))
result = response.json()
if isinstance(result, list):
return [
self._create_health_check_result(entry['severity_level'],
entry['details'])
for entry in result
]
else:
return self._create_health_check_result(
result['severity_level'], result['details'])
except Exception as ex:
logger.error(
"action=fail_to_send_request_to_get_health_check_result", ex)
return "unhealthy", str(ex)
