def postrun():
if listener.baseConfig.has_key('nfsserver/ha/master') and listener.baseConfig['nfsserver/ha/master']:
initscript='/etc/heartbeat/resource.d/nfs-kernel-server'
else:
initscript='/etc/init.d/nfs-kernel-server'
listener.run(initscript, ['nfs-kernel-server', 'start'], uid=0)
listener.run(initscript, ['nfs-kernel-server', 'reload'], uid=0)
def clean():
global slave
if not slave:
return 1
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'removing replica\'s cache')
#init_slapd('stop')
#FIXME
listener.run('/usr/bin/killall', ['killall', '-9', 'slapd'], uid=0)
time.sleep(1) #FIXME
dir='/var/lib/univention-ldap/ldap'
listener.setuid(0)
try:
for f in os.listdir(dir):
file=os.path.join(dir, f)
try:
os.unlink(file)
except OSError:
pass
if os.path.exists(LDIF_FILE):
os.unlink(LDIF_FILE)
finally:
listener.unsetuid()
listener.run('/usr/sbin/univention-config-registry', ['univention-config-registry','commit', '/var/lib/univention-ldap/ldap/DB_CONFIG'], uid=0)
def run(aconfig, acity):
global myconfig
global fromCity
myconfig = aconfig
fromCity = acity
#.........................
# Call the listener.run function, which will run in a loop indefinitely and listen for
# data from the _changes feed. It will use the filter specified to return only
# lines from the _changes feed for docs that return true from the filter function.
# The filter function is defined in the _design document on the database. (See the
# design.process.json file or the couchapp.)
# When a new line is returned, the callback, above, is executed.
try:
listener.run(
callback=callback,
anAppConfig=myconfig,
changes_filter='passport/control&lastport=%s' % fromCity
)
except KeyboardInterrupt: #don't print the traceback
pass
def postrun():
"""handle changes after at least 15s of no-changes"""
ud.debug(ud.LISTENER, ud.INFO, "postrun: plucs-groups running")
global changed
if not changed:
ud.debug(ud.LISTENER, ud.INFO,
"plucs-groups: nothing changed, not restarting daemon.")
return
changed = False
ud.debug(
ud.LISTENER, ud.PROCESS,
"plucs-groups: reloading ACLs (%d users, %d groups)" %
(len(_cache['users']), len(_cache['groups'].keys())))
# TODO: set UID 0 and run the to-be-found-command to reload ACLs into an Erlang node
# Currently: reload eJabberd.
try:
listener.run('/usr/sbin/invoke-rc.d',
['invoke-rc.d', 'plucs', 'restart'],
uid=0)
except Exception, e:
ud.debug(ud.ADMIN, ud.WARN,
'The restart of the PLUCS server failed: %s' % str(e))
def handler(dn, new, old, cmd):
ud.debug(ud.LISTENER, ud.INFO, '2 master2 handler')
if cmd == 'n':
return
name = new.get('cn', [None])[0]
port = new.get('univentionOpenvpnPort', [None])[0]
addr = new.get('univentionOpenvpnAddress', [None])[0]
if not name or not port or not addr:
return
listener.setuid(0)
lo = ul.getMachineConnection()
vpnusers = lo.search('(univentionOpenvpnAccount=1)')
if not univention_openvpn_common.check_user_count(2):
return # do nothing
for user in vpnusers:
uid = user[1].get('uid', [None])[0]
home = user[1].get('homeDirectory', ['/dev/null'])[0]
ud.debug(ud.LISTENER, ud.INFO, '2 Create new certificate for %s in %s' % (uid, home))
proto = 'udp6' if addr and addr.count(':') else 'udp'
if uid and home:
# update bundle for this openvpn server with new config
try:
listener.run('/usr/lib/openvpn-int/create-bundle', ['create-bundle', 'no', uid, home, name, addr, port, proto], uid=0)
finally:
listener.unsetuid()
listener.unsetuid()
def clean():
global slave
if not slave:
return 1
ud.debug(ud.LISTENER, ud.INFO, 'replication: removing cache')
# init_slapd('stop')
# FIXME
listener.run('/usr/bin/killall', ['killall', '-9', 'slapd'], uid=0)
time.sleep(1) # FIXME
dirname = '/var/lib/univention-ldap/ldap'
listener.setuid(0)
try:
for f in os.listdir(dirname):
filename = os.path.join(dirname, f)
try:
os.unlink(filename)
except OSError:
pass
if os.path.exists(LDIF_FILE):
os.unlink(LDIF_FILE)
finally:
listener.unsetuid()
listener.run('/usr/sbin/univention-config-registry', [
'univention-config-registry', 'commit',
'/var/lib/univention-ldap/ldap/DB_CONFIG'
],
uid=0)
def postrun():
ud.debug(ud.LISTENER, ud.INFO, "postrun: plucs running")
global changed
if not changed:
ud.debug(ud.LISTENER, ud.INFO,
"plucs: nothing changed, not restarting daemon.")
return
changed = False
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
if ucr.is_true("plucs/autostart", False):
if ucr.is_true('plucs/restart/listener', False):
ud.debug(ud.LISTENER, ud.INFO, 'PLUCS: Restarting server')
try:
listener.run('/usr/sbin/invoke-rc.d',
['invoke-rc.d', 'plucs', 'restart'],
uid=0)
except Exception, e:
ud.debug(ud.ADMIN, ud.WARN,
'The restart of the PLUCS server failed: %s' % str(e))
else:
ud.debug(
ud.ADMIN, ud.INFO,
'PLUCS: the automatic restart of the PLUCS server by the listener is disabled. Set plucs/restart/listener to true to enable this option.'
)
def reload_daemon(daemon, prefix):
script = os.path.join ('/etc/init.d', daemon)
if os.path.exists(script):
ud.debug(ud.LISTENER, ud.INFO, "%s %s reload" % (prefix, daemon) )
listener.run(script, [daemon,'reload'], uid=0)
else:
ud.debug(ud.LISTENER, ud.INFO, "%s no %s to reload found" % (prefix, daemon) )
def check_file_system_space():
if not listener.baseConfig.is_true('ldap/replication/filesystem/check'):
return
stat = os.statvfs(LDAP_DIR)
free_space = stat.f_bavail * stat.f_frsize
limit = float(listener.baseConfig.get('ldap/replication/filesystem/limit', '10')) * 1024.0 * 1024.0
if free_space >= limit:
return
fqdn = '%(hostname)s.%(domainname)s' % listener.baseConfig
ud.debug(ud.LISTENER, ud.ERROR, 'replication: Critical disk space. The Univention LDAP Listener was stopped')
msg = MIMEText(
'The Univention LDAP Listener process was stopped on %s.\n\n\n'
'The result of statvfs(%s):\n'
' %r\n\n'
'Please free up some disk space and restart the Univention LDAP Listener with the following command:\n'
' /etc/init.d/univention-directory-listener start' % (fqdn, LDAP_DIR, stat))
msg['Subject'] = 'Alert: Critical disk space on %s' % (fqdn,)
sender = 'root'
recipient = listener.baseConfig.get('ldap/replication/filesystem/recipient', sender)
msg['From'] = sender
msg['To'] = recipient
s = smtplib.SMTP()
s.connect()
s.sendmail(sender, [recipient], msg.as_string())
s.close()
listener.run('/etc/init.d/univention-directory-listener', ['univention-directory-listener', 'stop'], uid=0, wait=True)
def postrun():
global __reload
if __reload:
global __initscript
initscript = __initscript
# restart nagios if not running and nagios/server/autostart is set to yes/true/1
# otherwise if nagios is running, ask nagios to reload config
p = subprocess.Popen(
('pidof', '/usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2'),
stdout=subprocess.PIPE)
pidlist, stderr = p.communicate()
listener.setuid(0)
null = open(os.path.devnull, 'w')
try:
retcode = subprocess.call(('icinga2', 'daemon', '-C'),
stdout=null,
stderr=null)
finally:
null.close()
listener.unsetuid()
if not pidlist.strip():
if retcode == 0:
if listener.baseConfig.is_true("icinga2/server/autostart",
False):
univention.debug.debug(
univention.debug.LISTENER, univention.debug.INFO,
'ICINGA2-SERVER: icinga2 not running - restarting server'
)
listener.setuid(0)
try:
listener.run(initscript, ['icinga2', 'restart'], uid=0)
finally:
listener.unsetuid()
else:
univention.debug.debug(
univention.debug.LISTENER, univention.debug.ERROR,
'ICINGA2-SERVER: icinga2 reported an error. Please restart icinga2 manually: "systemctl restart icinga2.service".'
)
listener.unsetuid()
else:
if retcode == 0:
univention.debug.debug(univention.debug.LISTENER,
univention.debug.INFO,
'ICINGA2-SERVER: reloading server')
listener.setuid(0)
try:
listener.run(initscript, ['icinga2', 'reload'], uid=0)
finally:
listener.unsetuid()
else:
univention.debug.debug(
univention.debug.LISTENER, univention.debug.ERROR,
'ICINGA2-SERVER: icinga2 reported an error. Please restart icinga2 manually: "systemctl restart icinga2.service".'
)
listener.unsetuid()
__reload = False
def postrun():
global __reload
if __reload:
global __initscript
initscript = __initscript
# restart nagios if not running and nagios/server/autostart is set to yes/true/1
# otherwise if nagios is running, ask nagios to reload config
p = subprocess.Popen(('pidof', '/usr/sbin/nagios3'),
stdout=subprocess.PIPE)
pidlist, stderr = p.communicate()
listener.setuid(0)
null = open(os.path.devnull, 'w')
try:
retcode = subprocess.call(
('nagios3', '-v', '/etc/nagios3/nagios.cfg'),
stdout=null,
stderr=null)
finally:
null.close()
listener.unsetuid()
if not pidlist.strip():
if retcode == 0:
if listener.baseConfig.is_true("nagios/server/autostart",
False):
univention.debug.debug(
univention.debug.LISTENER, univention.debug.INFO,
'NAGIOS-SERVER: nagios3 not running - restarting server'
)
listener.setuid(0)
try:
listener.run(initscript, ['nagios3', 'restart'], uid=0)
finally:
listener.unsetuid()
else:
univention.debug.debug(
univention.debug.LISTENER, univention.debug.ERROR,
'NAGIOS-SERVER: nagios3 reported an error in configfile /etc/nagios3/nagios.cfg. Please restart nagios3 manually: "%s restart".'
% initscript)
listener.unsetuid()
else:
if retcode == 0:
univention.debug.debug(univention.debug.LISTENER,
univention.debug.INFO,
'NAGIOS-SERVER: reloading server')
listener.setuid(0)
try:
listener.run(initscript, ['nagios3', 'reload'], uid=0)
finally:
listener.unsetuid()
else:
univention.debug.debug(
univention.debug.LISTENER, univention.debug.ERROR,
'NAGIOS-SERVER: nagios3 reported an error in configfile /etc/nagios3/nagios.cfg. Please restart nagios3 manually: "%s restart".'
% initscript)
listener.unsetuid()
__reload = False
def reload_cups_daemon(): script = '/etc/init.d/cups' daemon = 'cups' if os.path.exists(script): ud.debug(ud.LISTENER, ud.PROCESS, "cups-printers: cups reload") listener.run(script, [daemon, 'reload'], uid=0) else: ud.debug(ud.LISTENER, ud.PROCESS, "cups-printers: no %s to init script found")
def reload_daemon(daemon, prefix):
script = os.path.join('/etc/init.d', daemon)
if os.path.exists(script):
ud.debug(ud.LISTENER, ud.INFO, "%s %s reload" % (prefix, daemon))
listener.run(script, [daemon, 'reload'], uid=0)
else:
ud.debug(ud.LISTENER, ud.INFO,
"%s no %s to reload found" % (prefix, daemon))
def flush_auth_cache():
try:
listener.setuid(0)
listener.run('/usr/bin/doveadm',
["/usr/bin/doveadm", "auth", "cache", "flush"],
uid=0)
finally:
listener.unsetuid()
def postrun():
if listener.baseConfig.has_key(
'nfsserver/ha/master'
) and listener.baseConfig['nfsserver/ha/master']:
initscript = '/etc/heartbeat/resource.d/nfs-kernel-server'
else:
initscript = '/etc/init.d/nfs-kernel-server'
listener.run(initscript, ['nfs-kernel-server', 'start'], uid=0)
listener.run(initscript, ['nfs-kernel-server', 'reload'], uid=0)
def postrun(): global __initscript initscript = __initscript univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'Restarting fetchmail-daemon') listener.setuid(0) try: listener.run(initscript, ['fetchmail', 'restart'], uid=0) finally: listener.unsetuid()
def postrun(): global __initscript initscript = __initscript univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'Restarting fetchmail-daemon') listener.setuid(0) try: listener.run(initscript, ['fetchmail', 'restart'], uid=0) finally: listener.unsetuid()
def handler(dn, new, old):
if new and old:
if __login_is_locked(old) and not __login_is_locked(new):
# reset local bad password count
listener.setuid(0)
try:
ud.debug(ud.LISTENER, ud.PROCESS, 'Reset faillog for user %s' % new['uid'][0])
listener.run('/sbin/pam_tally', ['pam_tally', '--user', new['uid'][0], '--reset'])
finally:
listener.unsetuid()
def postrun():
global __initscript
initscript = __initscript
if listener.baseConfig.has_key("nagios/client/autostart") and ( listener.baseConfig["nagios/client/autostart"] in ["yes", "true", '1']):
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'NRPED: Restarting server')
listener.setuid(0)
try:
listener.run(initscript, ['nagios-nrpe-server', 'restart'], uid=0)
finally:
listener.unsetuid()
def postrun():
# type: () -> None
global __initscript
initscript = __initscript
ud.debug(ud.LISTENER, ud.INFO, 'Restarting fetchmail-daemon')
listener.setuid(0)
try:
listener.run(initscript, ['fetchmail', 'restart'], uid=0)
finally:
listener.unsetuid()
def serve_http_requests_forever(self):
"""Start HTTP service.
SIDE-EFFECTS: never returns but handles KeyboardInterrupt
"""
print('Listening on {}:{} ...'.format(self.address or '*', self.port))
try:
listener.run(self, address=self.address, port=self.port)
except KeyboardInterrupt:
print("\nCaught keyboard interrupt. Exiting.")
sys.exit(0)
def callPkusers(cmd):
cmd.insert(0, "pkusers")
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, '%s: calling pkusers with %s' % (name, cmd))
listener.setuid(0)
try:
listener.run('/usr/bin/pkusers', cmd, uid=0, wait=1)
finally:
listener.unsetuid()
return 0
def postrun():
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
if ucr.is_true('nss/group/cachefile', False) and ucr.is_true('nss/group/cachefile/invalidate_on_changes', True):
listener.setuid(0)
param = ['ldap-group-to-file.py']
if ucr.is_true('nss/group/cachefile/check_member', True):
param.append('--check_member')
listener.run('/usr/lib/univention-pam/ldap-group-to-file.py', param, uid=0)
listener.unsetuid()
def callPkusers(cmd):
cmd.insert(0, "pkusers")
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, '%s: calling pkusers with %s' % (name, cmd))
listener.setuid(0)
try:
listener.run('/usr/bin/pkusers', cmd, uid=0, wait=1)
finally:
listener.unsetuid()
return 0
def postrun():
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
if ucr.is_true('nss/group/cachefile', False) and ucr.is_true('nss/group/cachefile/invalidate_on_changes', True):
listener.setuid(0)
param = ['ldap-group-to-file.py']
if ucr.is_true('nss/group/cachefile/check_member', True):
param.append('--check_member')
listener.run('/usr/lib/univention-pam/ldap-group-to-file.py', param, uid=0)
listener.unsetuid()
def postrun():
global reload
if reload:
# reload cyrus-imapd if UCR variable changed
listener.setuid(0)
try:
for fn in ['/etc/init.d/cyrus-imapd', '/etc/init.d/cyrus2.2']:
if os.path.isfile(fn):
listener.run(fn, [os.path.basename(fn), 'reload'], uid=0)
finally:
listener.unsetuid()
reload = False
def postrun():
baseConfig = ConfigRegistry()
baseConfig.load()
if baseConfig.is_true('nscd/group/invalidate_cache_on_changes', False) and baseConfig.is_false('nss/group/cachefile', True):
listener.setuid(0)
try:
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, "calling 'nscd -i group'")
listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0)
except:
univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "nscd -i group was not successful")
listener.unsetuid()
def postrun():
baseConfig = univention_baseconfig.baseConfig()
baseConfig.load()
if baseConfig.is_true('nscd/group/invalidate_cache_on_changes', False) and baseConfig.is_false('nss/group/cachefile', True):
listener.setuid(0)
try:
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, "calling 'nscd -i group'")
listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0)
except:
univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "nscd -i group was not successfull")
listener.unsetuid()
def postrun(): global reload if reload: # reload cyrus-imapd if UCR variable changed listener.setuid(0) try: for fn in [ '/etc/init.d/cyrus-imapd', '/etc/init.d/cyrus2.2' ]: if os.path.isfile(fn): listener.run(fn, [os.path.basename(fn), 'reload'], uid=0) finally: listener.unsetuid() reload = False
def handler(dn, new, old):
if new and old:
new_password = new.get('userPassword', [None])[0]
old_password = old.get('userPassword', [None])[0]
if new_password and old_password:
if __pwd_is_locked(old_password) and not __pwd_is_locked(new_password):
#reset bad password cound
listener.setuid(0)
try:
ud.debug(ud.LISTENER, ud.PROCESS, 'Reset faillog for user %s' % new['uid'][0])
listener.run('/sbin/pam_tally', ['pam_tally', '--user', new['uid'][0], '--reset'])
finally:
listener.unsetuid()
def postrun():
ucr = ConfigRegistry()
ucr.load()
if ucr.is_true("dhcpd/autostart", False):
if ucr.is_true('dhcpd/restart/listener', False):
ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server')
try:
listener.run('/etc/init.d/univention-dhcp', ['univention-dhcp', 'restart'], uid=0)
except Exception, e:
ud.debug(ud.ADMIN, ud.WARN, 'The restart of the DHCP server failed: %s' % str(e))
else:
ud.debug(ud.ADMIN, ud.INFO, 'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.')
def postrun():
# type: () -> None
global __initscript
initscript = __initscript
if listener.configRegistry.is_true("nagios/client/autostart"):
univention.debug.debug(univention.debug.LISTENER,
univention.debug.INFO,
'NRPED: Restarting server')
listener.setuid(0)
try:
listener.run(initscript, ['nagios-nrpe-server', 'restart'], uid=0)
finally:
listener.unsetuid()
def handler(dn, new, old):
# type: (str, dict, dict) -> None
if new and old:
if __login_is_locked(old) and not __login_is_locked(new):
# reset local bad password count
ud.debug(
ud.LISTENER, ud.PROCESS,
'Reset faillog for user %s' % new['uid'][0].decode('UTF-8'))
listener.setuid(0)
try:
listener.run('/sbin/pam_tally', [
'pam_tally', '--user', new['uid'][0].decode('UTF-8'),
'--reset'
])
finally:
listener.unsetuid()
def postrun():
global action
if not action:
return
ud.debug(ud.LISTENER, ud.INFO, '3 OpenVPN-Server %s' % (action))
if action == 'stop':
# deactivate config
try:
listener.setuid(0)
os.rename (fn_serverconf, fn_serverconf + '-disabled')
listener.run('/etc/init.d/display_users', ['display_users', 'stop'], uid=0)
except Exception, e:
listener.unsetuid()
ud.debug(ud.LISTENER, ud.ERROR, '3 Failed to deactivate server config: %s' % str(e))
return
def postrun():
# type: () -> None
configRegistry = ConfigRegistry() # TODO: why not listener.configRegistry?
configRegistry.load()
if configRegistry.is_true('nscd/group/invalidate_cache_on_changes',
False) and configRegistry.is_false(
'nss/group/cachefile', True):
listener.setuid(0)
try:
ud.debug(ud.LISTENER, ud.INFO, "calling 'nscd -i group'")
listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0)
except Exception:
ud.debug(ud.LISTENER, ud.ERROR, "nscd -i group was not successful")
finally:
listener.unsetuid()
def handler(dn, new, old):
"""Called on each change."""
uuids = set()
if old:
uuids |= set(old.get('univentionVirtualMachineUUID', []))
if new:
uuids |= set(new.get('univentionVirtualMachineUUID', []))
for uuid in uuids:
# Bug #21534: listener breaks pickle, using external CLI instead
rc = listener.run("/usr/sbin/univention-virtual-machine-manager", [
"univention-virtual-machine-manager", "domain_update", uuid, "-T",
"5"
], 0, False)
debug.debug(debug.LISTENER, debug.INFO,
"Requested update for %s: %d" % (', '.join(uuids), rc))
continue
try:
r = uvmm_p.Request_DOMAIN_UPDATE(domain=uuid)
listener.setuid(0)
try:
uvmm_c.uvmm_cmd(request=r, managers=[])
finally:
listener.unsetuid()
debug.debug(debug.LISTENER, debug.INFO,
"Requested update for %s" % ', '.join(uuids))
except uvmm_c.ClientError, e:
debug.debug(
debug.LISTENER, debug.INFO,
"Failed request for update of %s: %s" % (', '.join(uuids), e))
def lpadmin(args):
args = map(lambda x: '%s' % x.replace('"', '').strip(), args)
args = map(lambda x: '%s' % x.replace("'", '').strip(), args)
# Show this info message by default
ud.debug(ud.LISTENER, ud.WARN,
"cups-printers: info: univention-lpadmin %s" % ' '.join(args))
rc = listener.run('/usr/sbin/univention-lpadmin',
['univention-lpadmin'] + args,
uid=0)
if rc != 0:
ud.debug(
ud.LISTENER, ud.ERROR,
"cups-printers: Failed to execute the univention-lpadmin command. Please check the cups state."
)
filename = os.path.join('/var/cache/univention-printserver/',
'%f.sh' % time.time())
f = open(filename, 'w+')
os.chmod(filename, 0o755)
print >> f, '#!/bin/sh'
print >> f, '/usr/sbin/univention-lpadmin ' + ' '.join(
map(lambda x: "'%s'" % x, args))
f.close()
def postrun():
global reload
if reload:
initFile = "/etc/init.d/cyrus2.2"
if os.path.exists("/etc/init.d/cyrus-imapd"):
initFile = "/etc/init.d/cyrus-imapd"
listener.setuid(0)
try:
listener.run(initFile, [os.path.basename(initFile), 'reload'], uid=0, wait=1)
finally:
listener.unsetuid
reload = False
return
def postrun():
global reload
if reload:
initFile = "/etc/init.d/cyrus2.2"
if os.path.exists("/etc/init.d/cyrus-imapd"):
initFile = "/etc/init.d/cyrus-imapd"
listener.setuid(0)
try:
listener.run(initFile, [os.path.basename(initFile), 'reload'],
uid=0,
wait=1)
finally:
listener.unsetuid
reload = False
return
def postrun():
global __reload
if __reload:
global __initscript
initscript = __initscript
# restart nagios if not running and nagios/server/autostart is set to yes/true/1
# otherwise if nagios is running, ask nagios to reload config
p = subprocess.Popen(('pidof', '/usr/sbin/nagios3'), stdout=subprocess.PIPE)
pidlist, stderr = p.communicate()
listener.setuid(0)
null = open(os.path.devnull, 'w')
try:
retcode = subprocess.call(('nagios3', '-v', '/etc/nagios3/nagios.cfg'), stdout=null, stderr=null)
finally:
null.close()
listener.unsetuid()
if not pidlist.strip():
if retcode == 0:
if listener.baseConfig.is_true("nagios/server/autostart", False):
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'NAGIOS-SERVER: nagios3 not running - restarting server')
listener.setuid(0)
try:
listener.run(initscript, ['nagios3', 'restart'], uid=0)
finally:
listener.unsetuid()
else:
univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, 'NAGIOS-SERVER: nagios3 reported an error in configfile /etc/nagios3/nagios.cfg. Please restart nagios3 manually: "%s restart".' % initscript)
listener.unsetuid()
else:
if retcode == 0:
univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'NAGIOS-SERVER: reloading server')
listener.setuid(0)
try:
listener.run(initscript, ['nagios3', 'reload'], uid=0)
finally:
listener.unsetuid()
else:
univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, 'NAGIOS-SERVER: nagios3 reported an error in configfile /etc/nagios3/nagios.cfg. Please restart nagios3 manually: "%s restart".' % initscript)
listener.unsetuid()
__reload = False
def handler(dn, new, old):
"""Called on each change."""
uuids = set()
if old:
uuids |= set(old.get('univentionVirtualMachineUUID', []))
if new:
uuids |= set(new.get('univentionVirtualMachineUUID', []))
for uuid in uuids:
rc = listener.run("/usr/sbin/univention-virtual-machine-manager", ["univention-virtual-machine-manager", "-T", "5", "domain_update", uuid], 0, False)
debug.debug(debug.LISTENER, debug.INFO, "Requested update for %s: %d" % (', '.join(uuids), rc))
def postrun():
"""handle changes after at least 15s of no-changes"""
ud.debug(ud.LISTENER, ud.INFO, "postrun: plucs-groups running")
global changed
if not changed:
ud.debug(ud.LISTENER, ud.INFO, "plucs-groups: nothing changed, not restarting daemon.")
return
changed = False
ud.debug(ud.LISTENER, ud.PROCESS, "plucs-groups: reloading ACLs (%d users, %d groups)" % (len(_cache['users']),len(_cache['groups'].keys())))
# TODO: set UID 0 and run the to-be-found-command to reload ACLs into an Erlang node
# Currently: reload eJabberd.
try:
listener.run('/usr/sbin/invoke-rc.d', ['invoke-rc.d', 'plucs', 'restart'], uid=0)
except Exception, e:
ud.debug(ud.ADMIN, ud.WARN, 'The restart of the PLUCS server failed: %s' % str(e))
def postrun():
ud.debug(ud.LISTENER, ud.INFO, "postrun: plucs running")
global changed
if not changed:
ud.debug(ud.LISTENER, ud.INFO, "plucs: nothing changed, not restarting daemon.")
return
changed = False
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
if ucr.is_true("plucs/autostart", False):
if ucr.is_true('plucs/restart/listener', False):
ud.debug(ud.LISTENER, ud.INFO, 'PLUCS: Restarting server')
try:
listener.run('/usr/sbin/invoke-rc.d', ['invoke-rc.d', 'plucs', 'restart'], uid=0)
except Exception, e:
ud.debug(ud.ADMIN, ud.WARN, 'The restart of the PLUCS server failed: %s' % str(e))
else:
ud.debug(ud.ADMIN, ud.INFO, 'PLUCS: the automatic restart of the PLUCS server by the listener is disabled. Set plucs/restart/listener to true to enable this option.')
def postrun():
# type: () -> None
if ucr.is_true("dhcpd/autostart", False):
if ucr.is_true('dhcpd/restart/listener', False):
ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server')
try:
run('/bin/systemctl', [
'systemctl', 'try-reload-or-restart', '--',
'isc-dhcp-server.service'
],
uid=0)
except Exception as ex:
ud.debug(ud.ADMIN, ud.WARN,
'The restart of the DHCP server failed: %s' % (ex, ))
else:
ud.debug(
ud.ADMIN, ud.INFO,
'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.'
)
else:
ud.debug(ud.LISTENER, ud.INFO,
'DHCP: dcpd disabled in config_registry - not started.')
def handler(dn, new, old):
# create users homedir only on user creation
if not old and new:
# if homeDirectoy is not set OR ( homeDirectoy is missing and not '/dev/null' ) then ....
if not new.get('homeDirectory') or (
new.get('homeDirectory', ['/'])[0] != '/dev/null'
and not os.path.exists(new.get('homeDirectory', ['/'])[0])):
if not new.get('automountInformation'):
# check for uid
if new.get('uid'):
listener.setuid(0)
try:
univention.debug.debug(
univention.debug.LISTENER, univention.debug.INFO,
'%s: starting %s for %s %s' %
(name, PATH_SU, new.get('uid')[0],
str(new.get('homeDirectory', []))))
listener.run(
PATH_SU,
[PATH_SU, '-c', 'echo', '-',
new.get('uid')[0]])
univention.debug.debug(
univention.debug.LISTENER, univention.debug.WARN,
'%s: created home directory %s for user %s' %
(name, str(new.get('homeDirectory',
[])), new.get('uid')[0]))
finally:
listener.unsetuid()
elif ucr['hostname'] in new.get('automountInformation',
[ucr['hostname']])[0]:
if new.get('uid'):
listener.setuid(0)
path = new.get('automountInformation',
[ucr['hostname']])[0].split(':')[1]
listener.run(PATH_MKDIR, [PATH_MKDIR, path])
listener.run(
PATH_CHOWN,
[PATH_CHOWN, new.get('uid')[0], path])
listener.run(PATH_CHMOD, [PATH_CHMOD, '0700', path])
univention.debug.debug(
univention.debug.LISTENER, univention.debug.WARN,
'%s: created home directory %s on share for user %s' %
(name, str(new.get('homeDirectory',
[])), new.get('uid')[0]))
listener.unsetuid()
else:
# debuglevel changes temporary from info to warn
univention.debug.debug(univention.debug.LISTENER, univention.debug.WARN, '%s: created home directory %s for user %s on host %s' % (name, str(new.get('homeDirectory',[])), new.get('uid')[0],\
new.get('automountInformation',[ucr['hostname']])[0].split(' ')[1].split(':')[0]))
def postrun():
ucr = ConfigRegistry()
ucr.load()
if ucr.is_true("dhcpd/autostart", False):
if ucr.is_true('dhcpd/restart/listener', False):
ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server')
try:
listener.run('/etc/init.d/univention-dhcp',
['univention-dhcp', 'restart'],
uid=0)
except Exception as e:
ud.debug(ud.ADMIN, ud.WARN,
'The restart of the DHCP server failed: %s' % str(e))
else:
ud.debug(
ud.ADMIN, ud.INFO,
'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.'
)
else:
ud.debug(ud.LISTENER, ud.INFO,
'DHCP: dcpd disabled in config_registry - not started.')
def lpadmin(args):
args = map(lambda x: '%s' % x.replace('"', '').strip(), args)
args = map(lambda x: '%s' % x.replace("'", '').strip(), args)
# Show this info message by default
ud.debug(ud.LISTENER, ud.WARN, "cups-printers: info: univention-lpadmin %s" % ' '.join(args))
rc = listener.run('/usr/sbin/univention-lpadmin', ['univention-lpadmin']+args, uid=0)
if rc != 0:
ud.debug(ud.LISTENER, ud.ERROR, "cups-printers: Failed to execute the univention-lpadmin command. Please check the cups state.")
filename = os.path.join('/var/cache/univention-printserver/', '%f.sh' % time.time())
f = open(filename, 'w+')
os.chmod(filename, 0755)
print >>f, '#!/bin/sh'
print >>f, '/usr/sbin/univention-lpadmin ' + ' '.join(map(lambda x: "'%s'" % x, args))
f.close()
def handler(dn, new, old):
"""Called on each change."""
uuids = set()
if old:
uuids |= set(old.get('univentionVirtualMachineUUID', []))
if new:
uuids |= set(new.get('univentionVirtualMachineUUID', []))
for uuid in uuids:
# Bug #21534: listener breaks pickle, using external CLI instead
rc = listener.run("/usr/sbin/univention-virtual-machine-manager", ["univention-virtual-machine-manager", "domain_update", uuid, "-T", "5"], 0, False)
debug.debug(debug.LISTENER, debug.INFO, "Requested update for %s: %d" % (', '.join(uuids), rc))
continue
try:
r = uvmm_p.Request_DOMAIN_UPDATE(domain=uuid)
listener.setuid(0)
try:
uvmm_c.uvmm_cmd(request=r, managers=[])
finally:
listener.unsetuid()
debug.debug(debug.LISTENER, debug.INFO, "Requested update for %s" % ', '.join(uuids))
except uvmm_c.ClientError, e:
debug.debug(debug.LISTENER, debug.INFO, "Failed request for update of %s: %s" % (', '.join(uuids), e))
def initialize():
pass
def postrun():
global action
if not action:
return
ud.debug(ud.LISTENER, ud.INFO, '5 OpenVPN-Server Site-to-Site %s' % (action))
if action == 'stop':
# deactivate config
try:
listener.setuid(0)
os.rename (fn_sitetositeconf, fn_sitetositeconf + '-disabled')
except Exception, e:
listener.unsetuid()
ud.debug(ud.LISTENER, ud.ERROR, '5 Failed to deactivate site-to-site config: %s' % str(e))
return
try:
listener.setuid(0)
listener.run('/etc/init.d/openvpn', ['openvpn', 'restart', 'sitetosite'], uid=0)
listener.run('/etc/init.d/univention-firewall', ['univention-firewall', 'restart'], uid=0)
finally:
listener.unsetuid()
listener.unsetuid()
### end ###
def main():
listener.run()
headers=myconfig.headers
)
if rr.status_code not in (200, 201):
print 'bad status', rr.status_code, rr, row['id']
else:
print datetime.datetime.now(), 'updated', row['id']
#.........................
# Call the listener.run function, which will run in a loop indefinitely and listen for
# data from the _changes feed. It will use the filter specified below to return only
# lines from the _changes feed for docs that return true from that filter function.
# The filter function is defined in the _design document on the database. (See the
# design.process.json file or the couchapp.)
# When a new line is returned, the callback, above, is executed.
try:
listener.run(
changes_filter='process/with_process&last=move_to_sps',
callback=handle_signalprocessing,
anAppConfig=myconfig
)
except KeyboardInterrupt: #don't print the traceback
pass
def init_slapd(arg):
listener.run('/etc/init.d/slapd', ['slapd', arg], uid=0)
time.sleep(1)
def uvmm(mode, uri):
"""Invoke UVMM CLI as root."""
# Bug #21534: listener breaks pickle, using external CLI instead
return listener.run("/usr/sbin/univention-virtual-machine-manager", ["univention-virtual-machine-manager", mode, uri, "-T", "5"], 0, True)
def postrun():
global action
if not action:
return
ud.debug(ud.LISTENER, ud.INFO, '3 OpenVPN-Server %s' % (action))
if action == 'stop':
# deactivate config
try:
listener.setuid(0)
os.rename (fn_serverconf, fn_serverconf + '-disabled')
listener.run('/etc/init.d/display_users', ['display_users', 'stop'], uid=0)
except Exception, e:
listener.unsetuid()
ud.debug(ud.LISTENER, ud.ERROR, '3 Failed to deactivate server config: %s' % str(e))
return
try:
listener.setuid(0)
listener.run('/etc/init.d/openvpn', ['openvpn', 'restart', 'server'], uid=0)
listener.run('/etc/init.d/univention-firewall', ['univention-firewall', 'restart'], uid=0)
if action == 'restart':
listener.run('/etc/init.d/display_users', ['display_users', 'restart'], uid=0)
finally:
listener.unsetuid()
listener.unsetuid()
### end ###
def handler(dn, new, old, cmd):
ud.debug(ud.LISTENER, ud.INFO, '1 master handler')
if cmd == 'n':
return
uid = new.get('uid', [None])[0]
uid_old = old.get('uid', [None])[0]
home = new.get('homeDirectory', ['/dev/null'])[0]
home_old = old.get('homeDirectory', ['/dev/null'])[0]
trigger = new.get('univentionOpenvpnAccount', '0')[0] == '1'
trigger_old = old.get('univentionOpenvpnAccount', '0')[0] == '1'
flags = new.get('sambaAcctFlags', [None])[0]
flags_old = old.get('sambaAcctFlags', [None])[0]
if flags and ('L' in flags or not 'U' in flags):
locked = True
else:
locked = False
if flags_old and ('L' in flags_old or not 'U' in flags_old):
locked_old = True
else:
locked_old = False
listener.setuid(0)
lo = ul.getMachineConnection()
servers = lo.search('(univentionOpenvpnActive=1)')
if not univention_openvpn_common.check_user_count(1):
listener.unsetuid()
return # do nothing
if (trigger and not trigger_old and uid and home and not locked) or (locked_old and not locked and uid and home and trigger):
ud.debug(ud.LISTENER, ud.INFO, '1 Create new certificate for %s in %s' % (uid, home))
# create a bundle for each openvpn server
for server in servers:
name = server[1].get('cn', [None])[0]
port = server[1].get('univentionOpenvpnPort', [None])[0]
addr = server[1].get('univentionOpenvpnAddress', [None])[0]
proto = 'udp6' if addr and addr.count(':') else 'udp'
if not name or not port or not addr:
continue
try:
listener.run('/usr/lib/openvpn-int/create-bundle', ['create-bundle', 'yes', uid, home, name, addr, port, proto], uid=0)
finally:
listener.unsetuid()
if (trigger_old and not trigger and uid_old and home_old) or (cmd == 'd' and uid_old and home_old) or (not locked_old and locked and uid_old and home_old):
ud.debug(ud.LISTENER, ud.INFO, '1 Revoke certificate for %s' % (uid_old))
listener.setuid(0)
try:
listener.run('/usr/sbin/univention-certificate', ['univention-certificate', 'revoke', '-name', uid_old + '.openvpn'], uid=0)
finally:
listener.unsetuid()
# remove bundle for each openvpn server
for server in servers:
name = server[1].get('cn', [None])[0]
if not name:
continue
try:
listener.run('/usr/lib/openvpn-int/remove-bundle', ['remove-bundle', uid_old, home_old, name], uid=0)
finally:
listener.unsetuid()
listener.unsetuid()
def handler(dn, new, old):
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
listener.setuid(0)
try:
if dn == configRegistry['ldap/hostdn']:
if new:
samba4wins_dict = {}
if new.get('univentionSamba4WinsNetbiosName'):
samba4wins_dict['netbios/name'] = new['univentionSamba4WinsNetbiosName'][0]
if new.get('univentionSamba4WinsSecondaryIp'):
samba4wins_dict['address'] = new['univentionSamba4WinsSecondaryIp'][0]
## determine network interface to use
samba4wins_interface = None
if configRegistry.get('samba4wins/interface'):
samba4wins_interface = configRegistry['samba4wins/interface']
else:
if configRegistry.get('samba/interfaces'):
for interface in configRegistry['samba/interfaces'].split():
if interface.startswith('eth'):
samba4wins_interface = interface
samba4wins_dict['interface'] = interface
break
if samba4wins_interface and samba4wins_dict.get('netbios/name') and samba4wins_dict.get('address'):
## determine netmask, network and broadcast from parent interface
parentinterface = configRegistry['samba/interfaces']
for rkey in ['netmask', 'network', 'broadcast']:
samba4wins_dict[rkey] = configRegistry.get('samba4wins/%s' % rkey) \
or configRegistry.get('interfaces/%s/%s' % (parentinterface, rkey) )
## setup network interface
ucrcmd = ['univention-config-registry','set']
for rkey in ['address', 'netmask', 'network', 'broadcast']:
ucrcmd.append('interfaces/%s/%s=%s' % (samba4wins_interface, rkey, samba4wins_dict[rkey]) )
listener.run('/usr/sbin/univention-config-registry', ucrcmd, uid=0)
## activate samba4wins variables
ucrcmd = ['univention-config-registry','set']
for key in ['address', 'netbios/name']:
ucrcmd.append('samba4wins/%s=%s' % (key, samba4wins_dict[key]) )
## and deactivate "wins support" in Samba3
ucrcmd.append('windows/wins-support=no')
ucrcmd.append('windows/wins-server=%s' % samba4wins_dict['address'] )
listener.run('/usr/sbin/univention-config-registry', ucrcmd, uid=0)
elif old:
## determine network interface
samba4wins_interface = None
if configRegistry.get('samba4wins/interface'):
samba4wins_interface = configRegistry['samba4wins/interface']
## reactivate "wins support" in Samba3 in case we are on a master
if configRegistry.get('server/role') == 'domaincontroller_master':
listener.run('/usr/sbin/univention-config-registry', ['univention-config-registry','set',
'wins/wins-support=yes'], uid=0)
## deactivate samba4wins variables
listener.run('/usr/sbin/univention-config-registry', ['univention-config-registry','unset',
'samba4wins/netbios/name', 'samba4wins/address'], uid=0)
## unset network interface
if samba4wins_interface:
ucrcmd = ['univention-config-registry','unset']
for rkey in ['address', 'netmask', 'network', 'broadcast']:
ucrcmd.append('interfaces/%s/%s' % (samba4wins_interface, rkey) )
listener.run('/usr/sbin/univention-config-registry', ucrcmd, uid=0)
else: # not my dn, so a Samba4WINS "Partner" server changed
if new:
## modify samba4wins ldb
samba4wins_dict = {}
if new.get('univentionSamba4WinsNetbiosName'):
samba4wins_dict['netbios/name'] = new['univentionSamba4WinsNetbiosName'][0]
if new.get('univentionSamba4WinsSecondaryIp'):
samba4wins_dict['address'] = new['univentionSamba4WinsSecondaryIp'][0]
ldbadd=True
if old:
old_name = None
old_ip = None
if old.get('univentionSamba4WinsNetbiosName'):
old_name= old['univentionSamba4WinsNetbiosName'][0]
if old.get('univentionSamba4WinsSecondaryIp'):
old_ip= old['univentionSamba4WinsSecondaryIp'][0]
if old_name and old_ip:
if samba4wins_dict.get('netbios/name') != old_name or samba4wins_dict.get('address') != old_ip:
listener.run('/usr/bin/ldbdel',
['ldbdel', '-d0', '-H', '/var/lib/samba4wins/private/wins_config.ldb',
'CN=%s,CN=PARTNERS' % old_name] , uid=0)
#else:
# ldbadd=False
if ldbadd and samba4wins_dict.get('netbios/name') and samba4wins_dict.get('address'):
ldif='dn: CN=%(netbios/name)s,CN=PARTNERS\nobjectClass: wreplPartner\naddress: %(address)s\n' % samba4wins_dict
pipe(ldif, ['/usr/bin/ldbadd', '-d0', '-H', '/var/lib/samba4wins/private/wins_config.ldb'] , uid=0)
elif old:
if old.get('univentionSamba4WinsNetbiosName'):
old_name= old['univentionSamba4WinsNetbiosName'][0]
listener.run('/usr/bin/ldbdel', ['ldbdel', '-d0', '-H', '/var/lib/samba4wins/private/wins_config.ldb',
'CN=%s,CN=PARTNERS' % old_name] , uid=0)
finally:
listener.unsetuid()
'%s/%s/%s' % (myconfig.server, myconfig.dbname, row['id']),
data=json.dumps(doc),
auth=myconfig.auth,
headers=myconfig.headers
)
if rr.status_code not in (200, 201):
print 'bad status', rr.status_code, rr, row['id']
else:
print datetime.datetime.now(), 'updated', row['id']
#.........................
# Call the listener.run function, which will run in a loop indefinitely and listen for
# data from the _changes feed. It will use the filter specified to return only
# lines from the _changes feed for docs that return true from the filter function.
# The filter function is defined in the _design document on the database. (See the
# design.process.json file or the couchapp.)
# When a new line is returned, the callback, above, is executed.
try:
listener.run(
changes_filter='process/with_process&last=0',
callback=handle_newfiles ,
anAppConfig=myconfig
)
except KeyboardInterrupt: #don't print the traceback
pass