You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by ar...@apache.org on 2014/10/31 20:46:26 UTC
svn commit: r1635849 - in /vcl/trunk: managementnode/lib/VCL/Module/OS.pm
managementnode/lib/VCL/Module/OS/Linux.pm
managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
managementnode/lib/VCL/Module/OS/Windows.pm managementnode/lib/VCL/utils.pm
mysql/vcl.sql
Author: arkurth
Date: Fri Oct 31 19:46:25 2014
New Revision: 1635849
URL: http://svn.apache.org/r1635849
Log:
VCL-706
In vcl.sql, changed connectmethodport.protocol definition default value to TCP. Added connectmethodport.connectmethodid constraint.
Updated utils.pm::get_connect_method_info to retrieve connectmethodport information.
Changed all locations calling utils.pm::get_connect_method_info to $self->data->get_connect_methods for consistency.
Moved firewall_compare_update from Windows.pm, Linux.pm, and Ubuntu.pm to OS.pm since the code was duplicated.
Updated all locations which were using the protocol an port information to use the new multivalued connectmethodport information:
OS.pm::process_connect_methods
OS.pm::is_user_connected
OS.pm::get_connect_method_remote_ip_addresses
OS.pm::firewall_compare_update
Windows.pm::check_rdp_port_configuration
Other
Added additional registry keys to Windows.pm::clean_hard_drive. These allow the cleanup process to handle more items. Changed the cleanmgr.exe timeout from 120 seconds to 900. Newer versions seem to take a longer time.
Removed Linux.pm::sanitize_firewall. It was not called from anywhere and was not doing anything.
Cleaned up Ubuntu.pm's enable_firewall_port and disable_firewall_port.
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
vcl/trunk/managementnode/lib/VCL/utils.pm
vcl/trunk/mysql/vcl.sql
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Fri Oct 31 19:46:25 2014
@@ -2038,7 +2038,13 @@ sub get_file_contents {
notify($ERRORS{'DEBUG'}, 0, "retrieved " . scalar(@$output) . " lines from file on $computer_short_name: '$path'");
map { s/[\r\n]+$//g; } (@$output);
- return @$output;
+
+ if (wantarray) {
+ return @$output;
+ }
+ else {
+ return join("\n", @$output);
+ }
}
}
@@ -2647,12 +2653,11 @@ sub process_connect_methods {
}
my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
# Retrieve the connect method info hash
- my $connect_method_info = get_connect_method_info($imagerevision_id);
+ my $connect_method_info = $self->data->get_connect_methods();
if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "failed to retrieve connect method info for image revision $imagerevision_id");
+ notify($ERRORS{'WARNING'}, 0, "failed to retrieve connect method info");
return;
}
@@ -2675,48 +2680,37 @@ sub process_connect_methods {
$overwrite = 0;
}
- my $state = $self->data->get_request_state_name();
- notify($ERRORS{'DEBUG'}, 0, "state = $state");
-
+ my $request_state = $self->data->get_request_state_name();
CONNECT_METHOD: for my $connect_method_id (sort keys %{$connect_method_info} ) {
+ my $connect_method = $connect_method_info->{$connect_method_id};
#notify($ERRORS{'DEBUG'}, 0, "processing connect method:\n" . format_data($connect_method_info->{$connect_method_id}));
- my $name = $connect_method_info->{$connect_method_id}{name};
- my $description = $connect_method_info->{$connect_method_id}{description};
- my $protocol = $connect_method_info->{$connect_method_id}{protocol} || 'TCP';
- my $port = $connect_method_info->{$connect_method_id}{port};
- my $service_name = $connect_method_info->{$connect_method_id}{servicename};
- my $startup_script = $connect_method_info->{$connect_method_id}{startupscript};
- my $install_script = $connect_method_info->{$connect_method_id}{installscript};
- my $disabled = $connect_method_info->{$connect_method_id}{connectmethodmap}{disabled};
+ my $name = $connect_method->{name};
+ my $description = $connect_method->{description};
+ my $service_name = $connect_method->{servicename};
+ my $startup_script = $connect_method->{startupscript};
+ my $install_script = $connect_method->{installscript};
+ my $disabled = $connect_method->{connectmethodmap}{disabled};
- if( $state =~ /deleted|timeout/) {
- $disabled = 1;
- }
- if ($disabled) {
+ if ($disabled || $request_state =~ /deleted|timeout/) {
if ($self->service_exists($service_name)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to stop '$service_name' service for '$name' connect method on $computer_node_name");
- if ($self->stop_service($service_name)) {
- notify($ERRORS{'OK'}, 0, "'$service_name' stop on $computer_node_name");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed to stop '$service_name' service for '$name' connect method on $computer_node_name");
- }
- }
-
- #Disable firewall port
- if (defined($port)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to close firewall port $port on $computer_node_name for '$name' connect method");
- if ($self->disable_firewall_port($protocol, $port, $remote_ip, 1)) {
- notify($ERRORS{'OK'}, 0, "closing firewall port $port on $computer_node_name for $remote_ip $name connect method");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed to close firewall port $port on $computer_node_name for $remote_ip $name connect method");
- }
+ if (!$self->stop_service($service_name)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to stop '$service_name' service for '$name' connect method on $computer_node_name");
+ }
}
+ # Close the firewall ports
+ if ($self->can('disable_firewall_port')) {
+ for my $protocol (keys %{$connect_method->{connectmethodport}}) {
+ for my $port (keys %{$connect_method->{connectmethodport}{$protocol}}) {
+ if (!$self->disable_firewall_port($protocol, $port, $remote_ip, 1)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to close firewall port $port on $computer_node_name for $remote_ip $name connect method");
+ }
+ }
+ }
+ }
}
else {
# Attempt to start and configure the connect method
@@ -2724,12 +2718,8 @@ sub process_connect_methods {
# Attempt to start the service if the service name has been defined for the connect method
if ($service_name) {
- # Check if service exists
- notify($ERRORS{'DEBUG'}, 0, "checking if '$service_name' service exists for '$name' connect method on $computer_node_name");
if ($self->service_exists($service_name)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to start '$service_name' service for '$name' connect method on $computer_node_name");
if ($self->start_service($service_name)) {
- notify($ERRORS{'OK'}, 0, "'$service_name' started on $computer_node_name");
$service_started = 1;
}
else {
@@ -2740,29 +2730,35 @@ sub process_connect_methods {
notify($ERRORS{'WARNING'}, 0, "'$service_name' service for '$name' connect method does NOT exist on $computer_node_name, connect method install script is not defined");
}
}
+
# Run the startup script if the service is not started
if (!$service_started && defined($startup_script)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to run startup script '$startup_script' for '$name' connect method on $computer_node_name");
- my ($startup_exit_status, $startup_output) = $self->execute($startup_script, 1);
- if (!defined($startup_output)) {
- notify($ERRORS{'WARNING'}, 0, "failed to run command to execute startup script '$startup_script' for '$name' connect method on $computer_node_name, command: '$startup_script'");
- }
- elsif ($startup_exit_status == 0){
- notify($ERRORS{'OK'}, 0, "executed startup script '$startup_script' for '$name' connect method on $computer_node_name, command: '$startup_script', exit status: $startup_exit_status, output:\n" . join("\n", @$startup_output));
+ if (!$self->file_exists($startup_script)) {
+ notify($ERRORS{'WARNING'}, 0, "'$service_name' service startup script for '$name' connect method does not exist on $computer_node_name: $startup_script");
}
else {
- notify($ERRORS{'WARNING'}, 0, "failed to execute startup script '$startup_script' for '$name' connect method on $computer_node_name, command: '$startup_script', exit status: $startup_exit_status, output:\n" . join("\n", @$startup_output));
+ notify($ERRORS{'DEBUG'}, 0, "attempting to run startup script '$startup_script' for '$name' connect method on $computer_node_name");
+ my ($startup_exit_status, $startup_output) = $self->execute($startup_script, 1);
+ if (!defined($startup_output)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to run command to execute startup script '$startup_script' for '$name' connect method on $computer_node_name, command: '$startup_script'");
+ }
+ elsif ($startup_exit_status == 0){
+ notify($ERRORS{'OK'}, 0, "executed startup script '$startup_script' for '$name' connect method on $computer_node_name, command: '$startup_script', exit status: $startup_exit_status, output:\n" . join("\n", @$startup_output));
+ }
+ else {
+ notify($ERRORS{'WARNING'}, 0, "failed to execute startup script '$startup_script' for '$name' connect method on $computer_node_name, command: '$startup_script', exit status: $startup_exit_status, output:\n" . join("\n", @$startup_output));
+ }
}
}
- # Open the firewall port
- if (defined($port)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to open firewall port $port on $computer_node_name for '$name' connect method");
- if ($self->enable_firewall_port($protocol, $port, $remote_ip, 1)) {
- notify($ERRORS{'OK'}, 0, "opened firewall port $port on $computer_node_name for $remote_ip $name connect method");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed to open firewall port $port on $computer_node_name for $remote_ip $name connect method");
+ # Open the firewall ports
+ if ($self->can('enable_firewall_port')) {
+ for my $protocol (keys %{$connect_method->{connectmethodport}}) {
+ for my $port (keys %{$connect_method->{connectmethodport}{$protocol}}) {
+ if (!$self->enable_firewall_port($protocol, $port, $remote_ip, 1)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to open firewall port $port on $computer_node_name for $remote_ip $name connect method");
+ }
+ }
}
}
}
@@ -2793,24 +2789,26 @@ sub is_user_connected {
my $user_login_id = $self->data->get_user_login_id();
my $connect_methods = $self->data->get_connect_methods();
+ if (!$self->can("check_connection_on_port")) {
+ notify($ERRORS{'CRITICAL'}, 0, ref($self) . " OS module does not implement check_connection_on_port subroutine");
+ return;
+ }
+
notify($ERRORS{'OK'}, 0, "checking for connection by $user_login_id on $computer_node_name");
foreach my $connect_method_id (keys %$connect_methods) {
- my $name = $connect_methods->{$connect_method_id}{name};
- my $port = $connect_methods->{$connect_method_id}{port};
- my $protocol = $connect_methods->{$connect_method_id}{protocol} || 'TCP';
-
- notify($ERRORS{'DEBUG'}, 0, "checking '$name' connect method, protocol: $protocol, port: $port");
-
- if (!$self->can("check_connection_on_port")) {
- notify($ERRORS{'CRITICAL'}, 0, ref($self) . " OS module does not implement check_connection_on_port subroutine");
- return;
- }
-
- my $result = $self->check_connection_on_port($port);
- if ($result && $result !~ /no/i) {
- notify($ERRORS{'OK'}, 0, "$user_login_id is connected to $computer_node_name using $name connect method, result: $result");
- return 1;
+ my $connect_method = $connect_methods->{$connect_method_id};
+ my $name = $connect_method->{name};
+ for my $protocol (keys %{$connect_method->{connectmethodport}}) {
+ for my $port (keys %{$connect_method->{connectmethodport}{$protocol}}) {
+ notify($ERRORS{'DEBUG'}, 0, "checking '$name' connect method, protocol: $protocol, port: $port");
+
+ my $result = $self->check_connection_on_port($port);
+ if ($result && $result !~ /no/i) {
+ notify($ERRORS{'OK'}, 0, "$user_login_id is connected to $computer_node_name using $name connect method, result: $result");
+ return 1;
+ }
+ }
}
}
@@ -3044,7 +3042,7 @@ sub find_files {
$command .= " -maxdepth 1";
}
- notify($ERRORS{'DEBUG'}, 0, "attempting to find files on $computer_node_name, base directory path: '$base_directory_path', pattern: $file_pattern, command: $command");
+ #notify($ERRORS{'DEBUG'}, 0, "attempting to find files on $computer_node_name, base directory path: '$base_directory_path', pattern: $file_pattern, command: $command");
my ($exit_status, $output) = $self->execute($command, 0);
if (!defined($output)) {
@@ -3072,7 +3070,7 @@ sub find_files {
my $file_count = scalar(@files);
- notify($ERRORS{'DEBUG'}, 0, "files found: $file_count, base directory: '$base_directory_path', pattern: '$file_pattern'\ncommand: '$command'");
+ notify($ERRORS{'DEBUG'}, 0, "files found under $base_directory_path matching '$file_pattern': $file_count");
#notify($ERRORS{'DEBUG'}, 0, "files found: $file_count, base directory: '$base_directory_path', pattern: '$file_pattern'\ncommand: '$command', output:\n" . join("\n", @$output));
return @files;
}
@@ -3526,7 +3524,6 @@ sub get_connect_method_remote_ip_address
}
my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
# Get the management node's IP addresses - these will be ignored
my $mn_private_ip_address = $self->mn_os->get_private_ip_address();
@@ -3545,54 +3542,57 @@ sub get_connect_method_remote_ip_address
my @remote_ip_addresses = ();
- my $connect_method_info = get_connect_method_info($imagerevision_id);
+ my $connect_method_info = $self->data->get_connect_methods();
foreach my $connect_method_id (keys %$connect_method_info) {
- my $connect_method_name = $connect_method_info->{$connect_method_id}{name};
- my $connect_method_protocol = $connect_method_info->{$connect_method_id}{protocol} || 'any';
- my $connect_method_port = $connect_method_info->{$connect_method_id}{port};
-
- notify($ERRORS{'DEBUG'}, 0, "checking connect method: '$connect_method_name', protocol: $connect_method_protocol, port: $connect_method_port");
-
- CONNECTION_PROTOCOL: for my $connection_protocol (keys %$connection_info) {
- # Check if the protocol defined for the connect method matches the established connection
- if (!$connect_method_protocol || $connect_method_protocol =~ /(\*|any|all)/i) {
- #notify($ERRORS{'DEBUG'}, 0, "skipping validation of connect method protocol: $connect_method_protocol");
- }
- else {
- if ($connect_method_protocol =~ /$connection_protocol/i || $connection_protocol =~ /$connect_method_protocol/i) {
- notify($ERRORS{'DEBUG'}, 0, "connect method protocol matches established connection protocol: $connection_protocol");
- }
- else {
- notify($ERRORS{'DEBUG'}, 0, "connect method protocol $connect_method_protocol does NOT match established connection protocol $connection_protocol");
- next CONNECTION_PROTOCOL;
- }
- }
-
- CONNECTION_PORT: for my $connection_port (keys %{$connection_info->{$connection_protocol}}) {
- # Check if the port defined for the connect method matches the established connection
- if ($connect_method_port eq $connection_port) {
- notify($ERRORS{'DEBUG'}, 0, "connect method port matches established connection port: $connection_port");
-
- for my $connection (@{$connection_info->{$connection_protocol}{$connection_port}}) {
- my $remote_ip_address = $connection->{remote_ip};
- if (!$remote_ip_address) {
- notify($ERRORS{'WARNING'}, 0, "connection does NOT contain remote IP address (remote_ip) key:\n" . format_data($connection));
+ my $connect_method = $connect_method_info->{$connect_method_id};
+ my $connect_method_name = $connect_method->{name};
+
+ for my $connect_method_protocol (keys %{$connect_method->{connectmethodport}}) {
+ for my $connect_method_port (keys %{$connect_method->{connectmethodport}{$connect_method_protocol}}) {
+ notify($ERRORS{'DEBUG'}, 0, "checking connect method: '$connect_method_name', protocol: $connect_method_protocol, port: $connect_method_port");
+
+ CONNECTION_PROTOCOL: for my $connection_protocol (keys %$connection_info) {
+ # Check if the protocol defined for the connect method matches the established connection
+ if (!$connect_method_protocol || $connect_method_protocol =~ /(\*|any|all)/i) {
+ #notify($ERRORS{'DEBUG'}, 0, "skipping validation of connect method protocol: $connect_method_protocol");
+ }
+ else {
+ if ($connect_method_protocol =~ /$connection_protocol/i || $connection_protocol =~ /$connect_method_protocol/i) {
+ notify($ERRORS{'DEBUG'}, 0, "connect method protocol matches established connection protocol: $connection_protocol");
}
- elsif ($remote_ip_address eq $mn_private_ip_address || $remote_ip_address eq $mn_public_ip_address) {
- notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from management node: $remote_ip_address");
+ else {
+ notify($ERRORS{'DEBUG'}, 0, "connect method protocol $connect_method_protocol does NOT match established connection protocol $connection_protocol");
+ next CONNECTION_PROTOCOL;
}
- elsif (my ($ignored_remote_ip_address) = grep { $remote_ip_address =~ /($_)/ } @ignored_remote_ip_addresses) {
- notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from ignored remote IP address ($ignored_remote_ip_address): $remote_ip_address");
+ }
+
+ CONNECTION_PORT: for my $connection_port (keys %{$connection_info->{$connection_protocol}}) {
+ # Check if the port defined for the connect method matches the established connection
+ if ($connect_method_port eq $connection_port) {
+ notify($ERRORS{'DEBUG'}, 0, "connect method port matches established connection port: $connection_port");
+
+ for my $connection (@{$connection_info->{$connection_protocol}{$connection_port}}) {
+ my $remote_ip_address = $connection->{remote_ip};
+ if (!$remote_ip_address) {
+ notify($ERRORS{'WARNING'}, 0, "connection does NOT contain remote IP address (remote_ip) key:\n" . format_data($connection));
+ }
+ elsif ($remote_ip_address eq $mn_private_ip_address || $remote_ip_address eq $mn_public_ip_address) {
+ notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from management node: $remote_ip_address");
+ }
+ elsif (my ($ignored_remote_ip_address) = grep { $remote_ip_address =~ /($_)/ } @ignored_remote_ip_addresses) {
+ notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from ignored remote IP address ($ignored_remote_ip_address): $remote_ip_address");
+ }
+ else {
+ push @remote_ip_addresses, $remote_ip_address;
+ }
+ }
}
else {
- push @remote_ip_addresses, $remote_ip_address;
+ notify($ERRORS{'DEBUG'}, 0, "connect method port $connect_method_port does NOT match established connection port $connection_port");
+ next CONNECTION_PORT;
}
}
}
- else {
- notify($ERRORS{'DEBUG'}, 0, "connect method port $connect_method_port does NOT match established connection port $connection_port");
- next CONNECTION_PORT;
- }
}
}
}
@@ -3608,6 +3608,61 @@ sub get_connect_method_remote_ip_address
}
}
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 firewall_compare_update
+
+ Parameters : none
+ Returns : boolean
+ Description : Opens the firewall port for the remote IP address for each
+ connect method.
+
+=cut
+
+sub firewall_compare_update {
+ my $self = shift;
+ if (ref($self) !~ /VCL::Module/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
+ return;
+ }
+
+ # Make sure the OS module implements an enable_firewall_port subroutine
+ return 1 unless $self->can('enable_firewall_port');
+
+ my $computer_node_name = $self->data->get_computer_node_name();
+ my $remote_ip = $self->data->get_reservation_remote_ip();
+ if (!$remote_ip) {
+ notify($ERRORS{'WARNING'}, 0, "unable to update firewall on $computer_node_name, remote IP could not be retrieved for reservation");
+ return;
+ }
+
+ # Retrieve the connect method info
+ my $connect_method_info = $self->data->get_connect_methods();
+ if (!$connect_method_info) {
+ notify($ERRORS{'WARNING'}, 0, "failed to retrieve connect method information");
+ return;
+ }
+
+ # Loop through the connect methods, check to make sure firewall is open for remote IP
+ my $error_encountered = 0;
+ for my $connect_method_id (sort keys %{$connect_method_info}) {
+ my $connect_method_name = $connect_method_info->{$connect_method_id}{name};
+ for my $protocol (keys %{$connect_method_info->{$connect_method_id}{connectmethodport}}) {
+ for my $port (keys %{$connect_method_info->{$connect_method_id}{connectmethodport}{$protocol}}) {
+ if ($self->enable_firewall_port($protocol, $port, $remote_ip, 0)) {
+ notify($ERRORS{'DEBUG'}, 0, "$connect_method_name: processed firewall port $protocol $port on $computer_node_name for remote IP address: $remote_ip");
+ }
+ else {
+ $error_encountered = 1;
+ notify($ERRORS{'WARNING'}, 0, "$connect_method_name: failed to process firewall port $protocol $port on $computer_node_name for remote IP address: $remote_ip");
+ }
+ }
+ }
+ }
+
+ return !$error_encountered;
+}
+
#///////////////////////////////////////////////////////////////////////////
1;
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Fri Oct 31 19:46:25 2014
@@ -3399,41 +3399,6 @@ sub get_total_memory {
#/////////////////////////////////////////////////////////////////////////////
-=head2 sanitize_firewall
-
- Parameters : $scope (optional),
- Returns : boolean
- Description : Removes all entries for INUPT chain and Sets iptables firewall for private management node IP
-
-=cut
-
-sub sanitize_firewall {
- my $self = shift;
- if (ref($self) !~ /VCL::Module/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
- return;
- }
-
- my $scope = shift;
- if (!defined($scope)) {
- notify($ERRORS{'CRITICAL'}, 0, "scope variable was not passed in as an arguement");
- return;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $mn_private_ip = $self->mn_os->get_private_ip_address();
-
- my $firewall_configuration = $self->get_firewall_configuration() || return;
- my $chain;
- my $iptables_del_cmd;
- my $INPUT_CHAIN = "INPUT";
-
- for my $num (sort keys %{$firewall_configuration->{$INPUT_CHAIN}}) {
- }
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 enable_firewall_port
Parameters : $protocol, $port, $scope (optional), $overwrite_existing (optional)
@@ -3469,11 +3434,8 @@ sub enable_firewall_port {
my $computer_node_name = $self->data->get_computer_node_name();
- # Make sure iptables service exists
- if (!$self->service_exists("iptables")) {
- notify($ERRORS{'DEBUG'}, 0, "iptables service does NOT exist on $computer_node_name");
- return 1;
- }
+ # Check to see if this OS has iptables
+ return 1 unless $self->service_exists("iptables");
# Check the protocol argument
if (!defined($protocol)) {
@@ -4185,102 +4147,6 @@ sub parse_firewall_scope {
}
}
-
-#/////////////////////////////////////////////////////////////////////////////
-
-=head2 firewall_compare_update
-
- Parameters : @scope_strings
- Returns : 0 , 1
- Description : Compare iptables for listed remote IP address in reservation
-
-=cut
-
-sub firewall_compare_update {
- my $self = shift;
- if (ref($self) !~ /linux/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
- return;
- }
-
- # Check to see if this distro has iptables
- # If not return 1 so it does not fail
- if (!($self->service_exists("iptables"))) {
- notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this OS");
- return 1;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
- my $remote_ip = $self->data->get_reservation_remote_ip();
-
- # collect connection_methods
- # collect firewall_config
- # For each port defined in connection_methods
- # compare rule source address with remote_IP address
-
- # Retrieve the connect method info hash
- my $connect_method_info = get_connect_method_info($imagerevision_id);
- if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "no connect methods are configured for image revision $imagerevision_id");
- return;
- }
-
- # Retrieve the firewall configuration
- my $INPUT_CHAIN = "INPUT";
- my $firewall_configuration = $self->get_firewall_configuration() || return;
-
- for my $connect_method_id (sort keys %{$connect_method_info}) {
-
- my $name = $connect_method_info->{$connect_method_id}{name};
- my $description = $connect_method_info->{$connect_method_id}{description};
- my $protocol = $connect_method_info->{$connect_method_id}{protocol} || 'TCP';
- my $port = $connect_method_info->{$connect_method_id}{port};
- my $scope;
-
- $protocol = lc($protocol);
-
- for my $num (sort keys %{$firewall_configuration->{$INPUT_CHAIN}}) {
- my $existing_scope = $firewall_configuration->{$INPUT_CHAIN}{$num}{$protocol}{$port}{scope} || '';
- if (!$existing_scope) {
-
- }
- else {
- my $parsed_existing_scope = $self->parse_firewall_scope($existing_scope);
- if (!$parsed_existing_scope) {
- notify($ERRORS{'WARNING'}, 0, "failed to parse existing firewall scope: '$existing_scope'");
- return;
- }
- $scope = $self->parse_firewall_scope("$remote_ip,$existing_scope");
- if (!$scope) {
- notify($ERRORS{'WARNING'}, 0, "failed to parse firewall scope argument appended with existing scope: '$remote_ip,$existing_scope'");
- return;
- }
-
- if ($scope eq $parsed_existing_scope) {
- notify($ERRORS{'DEBUG'}, 0, "firewall is already open on $computer_node_name, existing scope matches scope argument:\n" .
- "name: '$name'\n" .
- "protocol: $protocol\n" .
- "port/type: $port\n" .
- "scope: $scope\n"
- );
- return 1;
- }
- else {
- if ($self->enable_firewall_port($protocol, $port, "$remote_ip/24", 0)) {
- notify($ERRORS{'OK'}, 0, "opened firewall port $port on $computer_node_name for $remote_ip $name connect method");
- }
- }
-
-
- }
- }
- }
-
- return 1;
-
-}
-
#/////////////////////////////////////////////////////////////////////////////
=head2 clean_iptables
@@ -4299,10 +4165,7 @@ sub clean_iptables {
}
# Check if iptables service exists
- if (!$self->service_exists("iptables")) {
- notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this OS");
- return 1;
- }
+ return 1 unless $self->service_exists("iptables");
my $computer_node_name = $self->data->get_computer_node_name();
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Fri Oct 31 19:46:25 2014
@@ -390,9 +390,9 @@ sub get_network_configuration {
=head2 enable_firewall_port
- Parameters : $protocol, $port, $scope (optional), $overwrite_existing (optional), $name (optional), $description (optional)
- Returns : boolean
- Description : Updates iptables for given port for collect IPaddress range and mode
+ Parameters : none
+ Returns : 1
+ Description : Shell subroutine. Not currently implemented.
=cut
@@ -402,30 +402,8 @@ sub enable_firewall_port {
notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
return;
}
-
- # Check to see if this distro has iptables
- if (!$self->service_exists("iptables")) {
- notify($ERRORS{'WARNING'}, 0, "iptables service does not exist on this OS");
- return 1;
- }
-
- my ($protocol, $port, $scope_argument, $overwrite_existing, $name, $description) = @_;
- if (!defined($protocol) || !defined($port)) {
- notify($ERRORS{'WARNING'}, 0, "protocol and port arguments were not supplied");
- return;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $mn_private_ip = $self->mn_os->get_private_ip_address();
-
- $protocol = lc($protocol);
-
- $scope_argument = '' if (!defined($scope_argument));
-
- my $scope;
return 1;
-
}
#/////////////////////////////////////////////////////////////////////////////
@@ -433,8 +411,8 @@ sub enable_firewall_port {
=head2 disable_firewall_port
Parameters : none
- Returns : 1 successful, 0 failed
- Description : updates iptables for given port for collect IPaddress range and mode
+ Returns : 1
+ Description : Shell subroutine. Not currently implemented.
=cut
@@ -444,33 +422,8 @@ sub disable_firewall_port {
notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
return;
}
-
- # Check to see if this distro has iptables
- if (!$self->service_exists("ufw")) {
- notify($ERRORS{'WARNING'}, 0, "iptables service does not exist on this OS");
- return 1;
- }
-
- my ($protocol, $port, $scope_argument, $overwrite_existing, $name, $description) = @_;
- if (!defined($protocol) || !defined($port)) {
- notify($ERRORS{'WARNING'}, 0, "protocol and port arguments were not supplied");
- return;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $mn_private_ip = $self->mn_os->get_private_ip_address();
-
- $protocol = lc($protocol);
-
- $scope_argument = '' if (!defined($scope_argument));
-
- $name = '' if !$name;
- $description = '' if !$description;
-
- my $scope;
-
+
return 1;
-
}
#/////////////////////////////////////////////////////////////////////////////
@@ -872,98 +825,6 @@ sub restart_network_interface {
#/////////////////////////////////////////////////////////////////////////////
-=head2 firewall_compare_update
-
- Parameters : @scope_strings
- Returns : 0 , 1
- Description : Compare iptables for listed remote IP address in reservation
-
-=cut
-
-sub firewall_compare_update {
- my $self = shift;
- if (ref($self) !~ /linux/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
- return;
- }
-
- # Check to see if this distro has iptables
- # If not return 1 so it does not fail
- if (!($self->service_exists("ufw"))) {
- notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this OS");
- return 1;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
- my $remote_ip = $self->data->get_reservation_remote_ip();
-
- # collect connection_methods
- # collect firewall_config
- # For each port defined in connection_methods
- # compare rule source address with remote_IP address
-
- # Retrieve the connect method info hash
- my $connect_method_info = get_connect_method_info($imagerevision_id);
- if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "no connect methods are configured for image revision $imagerevision_id");
- return;
- }
-
- # Retrieve the firewall configuration
- my $INPUT_CHAIN = "INPUT";
- my $firewall_configuration = $self->get_firewall_configuration() || return;
-
- for my $connect_method_id (sort keys %{$connect_method_info}) {
-
- my $name = $connect_method_info->{$connect_method_id}{name};
- my $description = $connect_method_info->{$connect_method_id}{description};
- my $protocol = $connect_method_info->{$connect_method_id}{protocol} || 'TCP';
- my $port = $connect_method_info->{$connect_method_id}{port};
- my $scope;
-
- $protocol = lc($protocol);
-
- for my $num (sort keys %{$firewall_configuration->{$INPUT_CHAIN}}) {
- my $existing_scope = $firewall_configuration->{$INPUT_CHAIN}{$num}{$protocol}{$port}{scope} || '';
- if (!$existing_scope) {
-
- }
- else {
- my $parsed_existing_scope = $self->parse_firewall_scope($existing_scope);
- if (!$parsed_existing_scope) {
- notify($ERRORS{'WARNING'}, 0, "failed to parse existing firewall scope: '$existing_scope'");
- return;
- }
- $scope = $self->parse_firewall_scope("$remote_ip,$existing_scope");
- if (!$scope) {
- notify($ERRORS{'WARNING'}, 0, "failed to parse firewall scope argument appended with existing scope: '$remote_ip,$existing_scope'");
- return;
- }
-
- if ($scope eq $parsed_existing_scope) {
- notify($ERRORS{'DEBUG'}, 0, "firewall is already open on $computer_node_name, existing scope matches scope argument:\n" .
- "name: '$name'\n" .
- "protocol: $protocol\n" .
- "port/type: $port\n" .
- "scope: $scope\n"
- );
- return 1;
- }
- else {
- if ($self->enable_firewall_port($protocol, $port, "$remote_ip/24", 0)) {
- notify($ERRORS{'OK'}, 0, "opened firewall port $port on $computer_node_name for $remote_ip $name connect method");
- }
- }
- }
- }
- }
-
- return 1;
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 update_hostname_file
Parameters : hostname
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm Fri Oct 31 19:46:25 2014
@@ -6913,6 +6913,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Content Indexer Cleaner]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Device Driver Packages]
+"StateFlags0001"=dword:00000002
+
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Downloaded Program Files]
"StateFlags0001"=dword:00000002
@@ -6937,6 +6940,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Recycle Bin]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Service Pack Cleanup]
+"StateFlags0001"=dword:00000000
+
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Setup Log Files]
"StateFlags0001"=dword:00000000
@@ -6958,6 +6964,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Thumbnail Cache]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Update Cleanup]
+"StateFlags0001"=dword:00000002
+
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Upgrade Discarded Files]
"StateFlags0001"=dword:00000002
@@ -6973,6 +6982,11 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Windows Error Reporting System Queue Files]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Windows ESD installation files]
+"StateFlags0001"=dword:00000002
+
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Windows Upgrade Log Files]
+"StateFlags0001"=dword:00000002
EOF
# Import the string into the registry
@@ -6995,9 +7009,9 @@ EOF
notify($ERRORS{'OK'}, 0, "cleanmgr.exe is not present on $computer_node_name, this is usually because the Desktop Experience feature is not installed");
}
else {
- # Wait for cleanmgr.exe to finish
+ # Wait for cleanmgr.exe to finish - may take a long time
my $message = 'waiting for cleanmgr.exe to finish';
- my $total_wait_seconds = 120;
+ my $total_wait_seconds = 900;
notify($ERRORS{'OK'}, 0, "started cleanmgr.exe, waiting up to $total_wait_seconds seconds for it to finish");
if ($self->code_loop_timeout(sub{!$self->is_process_running(@_)}, ['cleanmgr.exe'], $message, $total_wait_seconds, 15)) {
@@ -11693,29 +11707,45 @@ sub check_rdp_port_configuration {
return;
}
- my $imagerevision_id = $self->data->get_imagerevision_id();
my $computer_name = $self->data->get_computer_short_name();
- my $connect_method_info = get_connect_method_info($imagerevision_id);
+ my $connect_method_info = $self->data->get_connect_methods();
if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "unable to check RDP port, connect method info could not be retrieved for image ID $imagerevision_id");
+ notify($ERRORS{'WARNING'}, 0, "unable to check RDP port, connect method info could not be retrieved");
return;
}
# Find the RDP method, retrieve the port
- my $connect_method_rdp_port;
+ my $connect_method;
for my $connect_method_id (keys %$connect_method_info) {
my $connect_method_name = $connect_method_info->{$connect_method_id}{name};
if ($connect_method_name =~ /^rdp$/i) {
- $connect_method_rdp_port = $connect_method_info->{$connect_method_id}{port};
+ $connect_method = $connect_method_info->{$connect_method_id};
last;
}
}
- if (!defined($connect_method_rdp_port)) {
+ if (!defined($connect_method)) {
notify($ERRORS{'DEBUG'}, 0, "no connect method exists named 'rdp':\n" . format_data($connect_method_info));
return 1;
}
+ # Get the port information
+ my $connect_method_port_info = $connect_method->{connectmethodport};
+ if (!defined($connect_method_port_info) || scalar keys %$connect_method_port_info == 0) {
+ notify($ERRORS{'WARNING'}, 0, "no ports are defined for connect method:\n" . format_data($connect_method_info));
+ return;
+ }
+
+ # Make sure only 1 port is defined
+ my @protocols = keys %{$connect_method_port_info};
+ my $protocol = $connect_method_port_info->{$protocols[0]};
+ my @ports = keys %$protocol;
+ my $connect_method_rdp_port = $ports[0];
+ if (scalar(@protocols) > 1 || scalar(@ports) > 1) {
+ notify($ERRORS{'WARNING'}, 0, "unable to determine which port is supposed to be used for RDP, multiple ports are defined for connect method:\n" . format_data($connect_method_port_info));
+ return;
+ }
+
my $rdp_port_key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp';
my $rdp_port_value = 'PortNumber';
Modified: vcl/trunk/managementnode/lib/VCL/utils.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/utils.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/utils.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/utils.pm Fri Oct 31 19:46:25 2014
@@ -9663,20 +9663,15 @@ sub get_connect_method_info {
}
}
- my $imagerevision_info = get_imagerevision_info($imagerevision_id);
-
- notify($ERRORS{'DEBUG'}, 0, "attempting to retrieve connect method info:\n" .
- "imagerevision: $imagerevision_id - " . $imagerevision_info->{imagename} . "\n" .
- "OS: " . $imagerevision_info->{image}{OS}{id} . " - " . $imagerevision_info->{image}{OS}{name} . "\n" .
- "OS type: " . $imagerevision_info->{image}{OS}{OStype}{id} . " - " . $imagerevision_info->{image}{OS}{OStype}{name}
- );
+ notify($ERRORS{'DEBUG'}, 0, "attempting to retrieve connect method info for image revision $imagerevision_id");
# Get a hash ref containing the database column names
my $database_table_columns = get_database_table_columns();
my @tables = (
'connectmethod',
- 'connectmethodmap'
+ 'connectmethodport',
+ 'connectmethodmap',
);
# Construct the select statement
@@ -9697,6 +9692,7 @@ sub get_connect_method_info {
$select_statement .= <<EOF;
FROM
connectmethod,
+connectmethodport,
connectmethodmap,
imagerevision
@@ -9705,7 +9701,8 @@ LEFT JOIN OS ON (OS.id = image.OSid)
LEFT JOIN OStype ON (OStype.name = OS.type)
WHERE
-connectmethodmap.connectmethodid = connectmethod.id
+connectmethodport.connectmethodid = connectmethod.id
+AND connectmethodmap.connectmethodid = connectmethod.id
AND imagerevision.id = $imagerevision_id
AND connectmethodmap.autoprovisioned IS NULL
AND (
@@ -9730,13 +9727,6 @@ EOF
my $timestamp = time;
for my $row (@selected_rows) {
- notify($ERRORS{'DEBUG'}, 0, $row->{"connectmethod-name"} . ": " .
- "connectmethodid=" . $row->{"connectmethod-id"} . ", " .
- "OStypeid=" . ($row->{"connectmethodmap-OStypeid"} || 'NULL') . ", " .
- "OSid=" . ($row->{"connectmethodmap-OSid"} || 'NULL') . ", " .
- "imagerevisionid=" . ($row->{"connectmethodmap-imagerevisionid"} || 'NULL') . ", " .
- "disabled=" . $row->{"connectmethodmap-disabled"});
-
my $connectmethod_id = $row->{'connectmethod-id'};
# Loop through all the columns returned
@@ -9750,9 +9740,14 @@ EOF
# Add the values for the primary table to the hash
# Add values for other tables under separate keys
- if ($table eq $tables[0]) {
+ if ($table eq 'connectmethod') {
$connect_method_info->{$connectmethod_id}{$column} = $value;
}
+ elsif ($table eq 'connectmethodport') {
+ my $protocol = $row->{"connectmethodport-protocol"};
+ my $port = $row->{"connectmethodport-port"};
+ $connect_method_info->{$connectmethod_id}{$table}{$protocol}{$port} = 1;
+ }
else {
$connect_method_info->{$connectmethod_id}{$table}{$column} = $value;
}
@@ -9760,7 +9755,7 @@ EOF
$connect_method_info->{$connectmethod_id}{RETRIEVAL_TIME} = $timestamp;
}
- #notify($ERRORS{'DEBUG'}, 0, "retrieved connect method info:\n" . format_data($connect_method_info));
+ notify($ERRORS{'DEBUG'}, 0, "retrieved connect method info:\n" . format_data($connect_method_info));
$ENV{connect_method_info}{$imagerevision_id} = $connect_method_info;
return $ENV{connect_method_info}{$imagerevision_id};
}
Modified: vcl/trunk/mysql/vcl.sql
URL: http://svn.apache.org/viewvc/vcl/trunk/mysql/vcl.sql?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/mysql/vcl.sql (original)
+++ vcl/trunk/mysql/vcl.sql Fri Oct 31 19:46:25 2014
@@ -368,7 +368,7 @@ CREATE TABLE IF NOT EXISTS `connectmetho
`id` tinyint(3) unsigned NOT NULL auto_increment,
`connectmethodid` tinyint(3) unsigned NOT NULL,
`port` mediumint(8) unsigned NOT NULL,
- `protocol` enum('TCP','UDP') NOT NULL,
+ `protocol` enum('TCP','UDP') NOT NULL default 'TCP',
PRIMARY KEY (`id`),
KEY `connectmethodid` (`connectmethodid`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
@@ -2127,6 +2127,11 @@ ALTER TABLE `connectmethodmap`
ADD CONSTRAINT `connectmethodmap_ibfk_3` FOREIGN KEY (`OSid`) REFERENCES `OS` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `connectmethodmap_ibfk_4` FOREIGN KEY (`imagerevisionid`) REFERENCES `imagerevision` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
+--
+-- Constraints for table `connectmethodport`
+--
+ALTER TABLE `connectmethodport`
+ ADD CONSTRAINT `connectmethodport_ibfk_1` FOREIGN KEY (`connectmethodid`) REFERENCES `connectmethod` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
--
-- Constraints for table `connectlog`