VRF 1.3.0: proper error checking for asynchronous jobs, using logc(). Other fixes.

2015-09-06 12:58:50 +02:00 · 2015-09-06 12:58:50 +02:00 · 19cccb4a4c
commit 19cccb4a4c
parent be909a8f5b
1 changed files with 120 additions and 27 deletions
--- a/manage_ssh.sh
+++ b/manage_ssh.sh
@ -23,7 +23,7 @@
 # REQUIRES: check_config(), check_logging(), check_params(), check_root_user(),
 #           check_setup(), check_syntax(), count_fields(), die(), display_usage(), 
 #           distribute2host(), do_cleanup(), fix2host(), get_linux_version(), 
-#           log(), resolve_host(), sftp_file(), update2host(), 
+#           log(), logc(), resolve_host(), sftp_file(), update2host(), 
 #           update_fingerprints(), wait_for_children(), warn()
 #           For other pre-requisites see the documentation in display_usage()
 #
@ -43,6 +43,8 @@
 # @(#)             permissions do not allow (VRF 1.2.1) [Patrick Van der Veken]
 # @(#) 2015-08-28: check_config() update (VRF 1.2.2) [Patrick Van der Veken]
 # @(#) 2015-09-04: fix in wait_for_children (VRF 1.2.3) [Patrick Van der Veken]
 # @(#) 2015-09-06: proper error checking in fix2host(), update2host() by using
 # @(#)             logc() (VRF 1.3.0) [Patrick Van der Veken
 # -----------------------------------------------------------------------------
 # DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
 #******************************************************************************
@ -56,7 +58,7 @@
 # or LOCAL_CONFIG_FILE instead
 # define the V.R.F (version/release/fix)
-MY_VRF="1.2.3"
+MY_VRF="1.3.0"
 # name of the global configuration file (script)
 GLOBAL_CONFIG_FILE="manage_ssh.conf"
 # name of the local configuration file (script)
@ -79,6 +81,7 @@ KEY_2048_COUNT=0
 KEY_4096_COUNT=0
 KEY_OTHER_COUNT=0
 TMP_FILE="${TMP_DIR}/.${SCRIPT_NAME}.$$"
 TMP_RC_FILE="${TMP_DIR}/.${SCRIPT_NAME}.rc.$$"
 # command-line parameters
 ARG_ACTION=0            # default is nothing
 ARG_FIX_DIR=""          # location of SSH controls directory
@ -475,6 +478,7 @@ return 0
 function distribute2host
 {
 SERVER="$1"
 ERROR_COUNT=0
 # convert line to hostname
 SERVER=${SERVER%%;*}
@ -502,6 +506,7 @@ do
        log "transferred ${FILE%!*} to ${SERVER}:${REMOTE_DIR}"
    else
        warn "failed to transfer ${FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
        ERROR_COUNT=$(( ERROR_COUNT + 1 ))
    fi
 done
 # 2) keys files
@ -526,6 +531,7 @@ then
        log "transferred ${TMP_MERGE_FILE} to ${SERVER}:${REMOTE_DIR}"
    else
        warn "failed to transfer ${TMP_MERGE_FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
        ERROR_COUNT=$(( ERROR_COUNT + 1 ))
    fi
    [[ -d ${TMP_WORK_DIR} ]] && rm -rf ${TMP_WORK_DIR} 2>/dev/null
 else
@ -536,6 +542,7 @@ else
        log "transferred ${KEYS_FILE} to ${SERVER}:${REMOTE_DIR}"
    else
        warn "failed to transfer ${KEYS_FILE} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
        ERROR_COUNT = $(( ERROR_COUNT + 1 ))
    fi
 fi
 # discover a keys blacklist file, also copy it across if we find one
@ -555,11 +562,12 @@ then
            log "transferred ${BLACKLIST_FILE} to ${SERVER}:${REMOTE_DIR}"
        else
            warn "failed to transfer ${BLACKLIST_FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
            ERROR_COUNT = $(( ERROR_COUNT + 1 ))
        fi
    fi
 fi
-return 0
+return ${ERROR_COUNT}
 }
 # -----------------------------------------------------------------------------
@ -567,10 +575,10 @@ function do_cleanup
 {
 log "performing cleanup ..."
-# remove temporary file
+# remove temporary file(s)
 [[ -f ${TMP_FILE} ]] && rm -f ${TMP_FILE} >/dev/null 2>&1
 [[ -f ${TMP_MERGE_FILE} ]] && rm -f ${TMP_MERGE_FILE} >/dev/null 2>&1
-
+[[ -f ${TMP_RC_FILE} ]] && rm -f ${TMP_RC_FILE} >/dev/null 2>&1
 log "*** finish of ${SCRIPT_NAME} [${CMD_LINE}] ***"
 return 0
@ -597,18 +605,26 @@ log "fixing ssh controls on ${SERVER} ..."
 if [[ -z "${SSH_UPDATE_USER}" ]]
 then
    # own user w/ sudo
-    log "$(ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR})"
+    ( RC=0; ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR};
      print "$?" > ${TMP_RC_FILE}; exit
    ) 2>&1 | logc
 elif [[ "${SSH_UPDATE_USER}" != "root" ]]
 then
    # other user w/ sudo
-    log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR})"
+    ( RC=0; ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR};
      print "$?" > ${TMP_RC_FILE}; exit
    ) 2>&1 | logc
 else
    # root user w/o sudo
-    log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR})"
+    ( RC=0; ssh ${SSH_ARGS} root@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR};
      print "$?" > ${TMP_RC_FILE}; exit
    ) 2>&1 | logc
 fi
 # no error checking possible here due to log(), done in called script
-return 0
+# fetch return code from subshell
 RC="$(< ${TMP_RC_FILE})"
 return ${RC}
 }
 # -----------------------------------------------------------------------------
@ -640,11 +656,14 @@ else
 fi
 }
 # -----------------------------------------------------------------------------
 # log an INFO: message (via ARG).
 function log
 {
 NOW="$(date '+%d-%h-%Y %H:%M:%S')"
 # log an INFO: message (via ARG).
 if [[ -n "$1" ]]
 then
    if (( ARG_LOG ))
@ -670,6 +689,63 @@ fi
 return 0
 }
 # -----------------------------------------------------------------------------
 # log an INFO: message (via STDIN). Do not use when STDIN is still open
 function logc
 {
 NOW="$(date '+%d-%h-%Y %H:%M:%S')"
 LOG_STDIN=""
 # process STDIN (if any)
 [[ ! -t 0 ]] && LOG_STDIN="$(cat)"
 if [[ -n "${LOG_STDIN}" ]]
 then
    if (( ARG_LOG ))
    then
        print - "${LOG_STDIN}" | while read LOG_LINE
        do
            # filter leading 'INFO:'
            LOG_LINE="${LOG_LINE#INFO: *}"
            print "${NOW}: INFO: [$$]:" "${LOG_LINE}" >> ${LOG_FILE}
        done
    fi
    if (( ARG_VERBOSE ))
    then
        print - "${LOG_STDIN}" | while read LOG_LINE
        do
            # filter leading 'INFO:'
            LOG_LINE="${LOG_LINE#INFO: *}"
            print "INFO:" "${LOG_LINE}"
        done
    fi
 fi
 # process ARG (if any)
 if [[ -n "$1" ]]
 then
    if (( ARG_LOG != 0 ))
    then
        print - "$*" | while read LOG_LINE
        do
            # filter leading 'INFO:'
            LOG_LINE="${LOG_LINE#INFO: *}"
            print "${NOW}: INFO: [$$]:" "${LOG_LINE}" >> ${LOG_FILE}
        done
    fi
    if (( ARG_VERBOSE != 0 ))
    then
        print - "$*" | while read LOG_LINE
        do
            # filter leading 'INFO:'
            LOG_LINE="${LOG_LINE#INFO: *}"
            print "INFO:" "${LOG_LINE}"
        done
    fi
 fi
 return 0
 }
 # -----------------------------------------------------------------------------
 # resolve a host (check)
 function resolve_host
@ -738,18 +814,26 @@ log "setting ssh controls on ${SERVER} ..."
 if [[ -z "${SSH_UPDATE_USER}" ]]
 then
    # own user w/ sudo
-    log "$(ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update)"
+    ( RC=0; ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update;
      print "$?" > ${TMP_RC_FILE}; exit
    ) 2>&1 | logc
 elif [[ "${SSH_UPDATE_USER}" != "root" ]]
 then
    # other user w/ sudo
-    log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update)"
+    ( RC=0; ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update;
      print "$?" > ${TMP_RC_FILE}; exit
    ) 2>&1 | logc
 else
    # root user w/o sudo
-    log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --update)"
+    ( RC=0; ssh ${SSH_ARGS} root@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --update;
      print "$?" > ${TMP_RC_FILE}; exit
    ) 2>&1 | logc
 fi
 # no error checking possible here due to log(), done in called script
-return 0
+# fetch return code from subshell
 RC="$(< ${TMP_RC_FILE})"
 return ${RC}
 }
 # -----------------------------------------------------------------------------
@ -820,12 +904,13 @@ do
        # the child might have already ended before we get here (caveat emptor)
        else
            wait ${PID}
-			if (( $? ))
+            RC=$?
            if (( ${RC} ))
            then
-				log "child process ${PID} exited [NOK]"
+                log "child process ${PID} exited [RC=${RC}]"
                WAIT_ERRORS=$(( WAIT_ERRORS + 1 ))
            else
-				log "child process ${PID} exited [OK]"
+                log "child process ${PID} exited [RC=${RC}]"
            fi
        fi
    done
@ -1091,9 +1176,17 @@ case ${ARG_ACTION} in
        ;;
    4)  # apply SSH controls locally (root user)
        log "ACTION: apply SSH controls locally"
-        log "$(sudo -n ${LOCAL_DIR}/update_ssh.pl ${SSH_UPDATE_OPTS})"
+        ( RC=0; ${LOCAL_DIR}/update_ssh.pl ${SSH_UPDATE_OPTS};
-        # no error checking possible here due to log(), done in called script
+          print "$?" > ${TMP_RC_FILE}; exit
-        log "finished applying SSH controls locally"
+        ) 2>&1 | logc
        # fetch return code from subshell
        RC="$(< ${TMP_RC_FILE})"
        if (( RC ))
        then
            log "failed to apply SSH controls locally [RC=${RC}]"
        else
            log "finished applying SSH controls locally [RC=${RC}]"     
        fi
        ;;
    5)  # fix local directory structure/perms/ownerships
        log "ACTION: fix local SSH controls repository"