def execCrontab(self, path):
"""
function : Get the crontab
input : string
output: True or False
"""
if not os.path.exists(path):
raise Exception(ErrorCode.GAUSS_502["GAUSS_50201"] % path)
filePath = os.path.dirname(path)
fileName = os.path.basename(path)
cmd = g_Platform.getCdCmd(filePath)
cmd += " && "
cmd += g_Platform.getCrontabCmd()
cmd += (" ./%s" % fileName)
cmd += " && %s" % g_Platform.getCdCmd("-")
# if cmd failed, then exit
(status, output) = subprocess.getstatusoutput(cmd)
if status != 0:
raise Exception(ErrorCode.GAUSS_514["GAUSS_51400"] % cmd +
" Error:\n%s" % output)
return True
def doDNSSLCertRollback(self):
"""
function: rollback SSL cert file in DN instance directory
input: NA
output: NA
"""
self.context.clusterInfo = dbClusterInfo()
self.context.clusterInfo.initFromStaticConfig(
pwd.getpwuid(os.getuid()).pw_name)
self.sshTool = SshTool(self.context.clusterInfo.getClusterNodeNames(),
self.logger.logFile)
backupList = DefaultValue.CERT_FILES_LIST[:]
allDnNodeDict = self.getDnNodeDict()
noBackupList = []
temp = "tempDir"
if self.context.g_opts.localMode:
if ((DefaultValue.GetHostIpOrName() in allDnNodeDict.keys())
and os.path.isfile(
os.path.join(
allDnNodeDict[DefaultValue.GetHostIpOrName()],
DefaultValue.CERT_BACKUP_FILE))):
localDnDir = allDnNodeDict[DefaultValue.GetHostIpOrName()]
tempDir = os.path.join(localDnDir, temp)
if (os.path.exists(tempDir)):
g_file.removeDirectory(tempDir)
os.mkdir(tempDir, DefaultValue.KEY_DIRECTORY_PERMISSION)
for certFile in backupList:
realCertFile = os.path.join(localDnDir, certFile)
if (os.path.exists(realCertFile)):
g_file.moveFile(realCertFile, tempDir)
cmd = "cd '%s' && if [ -f '%s' ];then tar -zxvf %s;fi" % \
(localDnDir, DefaultValue.CERT_BACKUP_FILE,
DefaultValue.CERT_BACKUP_FILE)
(status, output) = subprocess.getstatusoutput(cmd)
if (status != 0):
cmd = "cp '%s'/* '%s' && rm -rf '%s'" % (
tempDir, localDnDir, tempDir)
(status, output) = subprocess.getstatusoutput(cmd)
raise Exception((ErrorCode.GAUSS_514["GAUSS_51400"] %
cmd) +
"Failed uncompression SSL backup file." +
"Error: \n%s" % output)
# remove temp directory
if (os.path.exists(tempDir)):
g_file.removeDirectory(tempDir)
# set guc option
if (os.path.isfile(
os.path.join(localDnDir, DefaultValue.SSL_CRL_FILE))):
cmd = \
"gs_guc set -D %s " \
"-c \"ssl_crl_file=\'%s\'\"" \
% (localDnDir, DefaultValue.SSL_CRL_FILE)
else:
cmd = \
"gs_guc set -D %s " \
"-c \"ssl_crl_file=\'\'\"" % localDnDir
(status, output) = subprocess.getstatusoutput(cmd)
if (status != 0):
raise Exception(ErrorCode.GAUSS_514["GAUSS_51400"] % cmd +
"Error: \n%s" % output)
if (os.path.isfile(os.path.join(localDnDir, EMPTY_CERT))):
os.remove(os.path.join(localDnDir, EMPTY_CERT))
self.logger.log(
"Successfully rollback SSL cert files with local mode.")
return
else:
self.logger.log("There is not exists backup files.")
return
# 1.check backup file "gsql_cert_backup.tar.gz" on all dbnodes.
for node in allDnNodeDict.keys():
backupGzFile = os.path.join(allDnNodeDict[node],
DefaultValue.CERT_BACKUP_FILE)
status = self.sshTool.checkRemoteFileExist(
node, backupGzFile, self.context.g_opts.mpprcFile)
if not status:
noBackupList.append(node)
if (len(noBackupList) > 0):
raise Exception((ErrorCode.GAUSS_502["GAUSS_50201"] %
DefaultValue.CERT_BACKUP_FILE) +
"Can't rollback SSL cert files on %s." %
noBackupList)
# 2.perform rollback on all dbnodes.
for node in allDnNodeDict.keys():
backupGzFile = os.path.join(allDnNodeDict[node],
DefaultValue.CERT_BACKUP_FILE)
# 2-1.move SSL cert files in dn directory to temp directory.
sshcmd = "cd '%s' && if [ -d '%s' ];then rm -rf '%s'" \
" && mkdir '%s';else mkdir '%s';fi" % \
(allDnNodeDict[node], temp, temp, temp, temp)
self.sshTool.executeCommand(sshcmd, "Make temp directory.",
DefaultValue.SUCCESS, \
[node], self.context.g_opts.mpprcFile)
for certFile in backupList:
realCertFile = os.path.join(allDnNodeDict[node], certFile)
sshcmd = " %s && " % g_Platform.getCdCmd(
os.path.join(allDnNodeDict[node], temp))
sshcmd += g_file.SHELL_CMD_DICT["renameFile"] % (
realCertFile, realCertFile, "./")
self.sshTool.executeCommand(
sshcmd, "Backup cert files to temp directory.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
# 2-2.uncompression "gsql_cert_backup.tar.gz" file
sshcmd = "cd '%s' && if [ -f '%s' ];then tar -zxvf %s;fi" % \
(allDnNodeDict[node], DefaultValue.CERT_BACKUP_FILE,
DefaultValue.CERT_BACKUP_FILE)
self.sshTool.executeCommand(sshcmd, "Unzip backup file.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
# 2-3.clear temp directory
sshcmd = " %s && " % g_Platform.getCdCmd(allDnNodeDict[node])
sshcmd += g_file.SHELL_CMD_DICT["deleteDir"] % (temp, temp)
self.sshTool.executeCommand(sshcmd, "Clear backup cert files.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
# 2-4.is have "sslcrl-file.crl",config 'ssl_crl_file' option
status = self.sshTool.checkRemoteFileExist(
node,
os.path.join(allDnNodeDict[node], DefaultValue.SSL_CRL_FILE),
self.context.g_opts.mpprcFile)
# exists 'sslcrl-file.crl' file ,config option of 'postgresql.conf'
if (status):
if node == DefaultValue.GetHostIpOrName():
sshcmd = \
"gs_guc set -D %s " \
"-c \"ssl_crl_file='%s'\"" \
% (allDnNodeDict[node], DefaultValue.SSL_CRL_FILE)
else:
sshcmd = "gs_guc set -D %s " \
"-c \"ssl_crl_file=\\\\\\'%s\\\\\\'\"" \
% (allDnNodeDict[node], DefaultValue.SSL_CRL_FILE)
self.sshTool.executeCommand(sshcmd, "Exist 'ssl_crl_file'",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
else:
if (node == DefaultValue.GetHostIpOrName()):
sshcmd = "gs_guc set " \
"-D %s -c \"ssl_crl_file=''\"" % (
allDnNodeDict[node])
else:
sshcmd = "gs_guc set " \
"-D %s -c \"ssl_crl_file=\\\\\\'\\\\\\'\"" \
% (allDnNodeDict[node])
self.sshTool.executeCommand(sshcmd, "No exist 'ssl_crl_file'",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
# Clear empty file.
if (self.isDnEmpty(node)):
sshcmd = g_file.SHELL_CMD_DICT["deleteFile"] % (os.path.join(
allDnNodeDict[node],
EMPTY_CERT), os.path.join(allDnNodeDict[node], EMPTY_CERT))
self.sshTool.executeCommand(sshcmd, "Clear empty file.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
self.logger.log("Successfully rollback SSL cert files on [%s]." %
node)
def doDNBackup(self):
"""
function: backup SSL cert files on single_inst cluster.
input: backupFlag is a flag of exist DB in node
output: NA
"""
self.logger.log("Backing up old ssl cert files.")
backupList = DefaultValue.CERT_FILES_LIST[:]
allDnNodeDict = self.getDnNodeDict()
normalNodeList = []
tarBackupList = []
if (self.context.g_opts.localMode):
self.logger.debug("Backing up database node SSL cert files.")
nodeDnDir = allDnNodeDict[DefaultValue.GetHostIpOrName()]
backupFlagFile = os.path.join(nodeDnDir, "certFlag")
if (os.path.isfile(backupFlagFile)):
self.logger.log("There is no need to backup ssl cert files.")
return
os.mknod(backupFlagFile, DefaultValue.KEY_FILE_PERMISSION)
for certFile in backupList:
realCertFile = os.path.join(nodeDnDir, certFile)
if (os.path.isfile(realCertFile)):
tarBackupList.append(certFile)
if (len(tarBackupList) == 0):
os.mknod(os.path.join(nodeDnDir, EMPTY_CERT))
cmd = " %s && " % g_Platform.getCdCmd(nodeDnDir)
cmd += g_Platform.getCompressFilesCmd(
DefaultValue.CERT_BACKUP_FILE, EMPTY_CERT)
else:
cmd = " %s && " % g_Platform.getCdCmd(nodeDnDir)
cmd += "tar -zcvf %s" % (DefaultValue.CERT_BACKUP_FILE)
for certFile in tarBackupList:
cmd += " %s" % certFile
(status, output) = DefaultValue.retryGetstatusoutput(cmd)
if (status != 0):
raise Exception(ErrorCode.GAUSS_514["GAUSS_51400"] % cmd +
"Failed backup gds cert files on local node." +
"Error: \n%s" % output)
# Clear empty file
if (os.path.isfile(os.path.join(nodeDnDir, EMPTY_CERT))):
os.remove(os.path.join(nodeDnDir, EMPTY_CERT))
self.logger.log("Successfully executed local backup.")
return
# 1 check backup flag file on all dbnodes.
for node in allDnNodeDict.keys():
nodeDnDir = allDnNodeDict[node]
backupFlagFile = os.path.join(nodeDnDir, "certFlag")
status = self.sshTool.checkRemoteFileExist(
node, backupFlagFile, self.context.g_opts.mpprcFile)
if not status:
normalNodeList.append(node)
# 2 if exists flag file on anyone node, there will be return.
if (len(normalNodeList) != len(allDnNodeDict.keys())):
self.logger.log("There is no need to backup on all dbnodes.")
return
# 3 backup cert files on all dbnodes.
for node in allDnNodeDict.keys():
nodeDnDir = allDnNodeDict[node]
backupFlagFile = os.path.join(nodeDnDir, "certFlag")
backupTar = os.path.join(nodeDnDir, DefaultValue.CERT_BACKUP_FILE)
sshcmd = g_file.SHELL_CMD_DICT["overWriteFile"] % (
"backupflagfile", backupFlagFile)
sshcmd += " && " + g_file.SHELL_CMD_DICT["changeMode"] % (
DefaultValue.KEY_FILE_MODE, backupFlagFile)
self.sshTool.executeCommand(sshcmd, "Make a flag file of backup.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
for certFile in backupList:
realCertFile = os.path.join(nodeDnDir, certFile)
status = self.sshTool.checkRemoteFileExist(
node, realCertFile, self.context.g_opts.mpprcFile)
if status:
tarBackupList.append(certFile)
# if no cert files,
# there will be create a file for '.tar' file.
if (len(tarBackupList) == 0):
sshcmd = g_Platform.getCreateFileCmd(
os.path.join(nodeDnDir, EMPTY_CERT))
self.sshTool.executeCommand(sshcmd,
"Backup empty cert file.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
sshcmd = " %s && " % g_Platform.getCdCmd(nodeDnDir)
sshcmd += g_Platform.getCompressFilesCmd(
DefaultValue.CERT_BACKUP_FILE, EMPTY_CERT)
else:
sshcmd = " %s && " % g_Platform.getCdCmd(nodeDnDir)
sshcmd += "tar -zcvf %s" % (DefaultValue.CERT_BACKUP_FILE)
for certDir in tarBackupList:
sshcmd += " %s" % certDir
self.sshTool.executeCommand(sshcmd, "Backup cert file.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
# Clear empty file
if (self.isDnEmpty(node)):
sshcmd = g_file.SHELL_CMD_DICT["deleteFile"] % (os.path.join(
nodeDnDir, EMPTY_CERT), os.path.join(
nodeDnDir, EMPTY_CERT))
self.sshTool.executeCommand(sshcmd, "Clear empty file.",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)
self.logger.log("Successfully backup SSL cert files on [%s]." %
node)
sshcmd = g_file.SHELL_CMD_DICT["changeMode"] % (
DefaultValue.KEY_FILE_MODE, backupTar)
self.sshTool.executeCommand(sshcmd, "Chmod back up cert",
DefaultValue.SUCCESS, [node],
self.context.g_opts.mpprcFile)