VRF 1.3.0: proper error checking for asynchronous jobs, using logc(). Other fixes.
This commit is contained in:
patvdv
parent
be909a8f5b
commit
19cccb4a4c
147
manage_ssh.sh
147
manage_ssh.sh
@ -23,7 +23,7 @@
|
|||||||
# REQUIRES: check_config(), check_logging(), check_params(), check_root_user(),
|
# REQUIRES: check_config(), check_logging(), check_params(), check_root_user(),
|
||||||
# check_setup(), check_syntax(), count_fields(), die(), display_usage(),
|
# check_setup(), check_syntax(), count_fields(), die(), display_usage(),
|
||||||
# distribute2host(), do_cleanup(), fix2host(), get_linux_version(),
|
# distribute2host(), do_cleanup(), fix2host(), get_linux_version(),
|
||||||
# log(), resolve_host(), sftp_file(), update2host(),
|
# log(), logc(), resolve_host(), sftp_file(), update2host(),
|
||||||
# update_fingerprints(), wait_for_children(), warn()
|
# update_fingerprints(), wait_for_children(), warn()
|
||||||
# For other pre-requisites see the documentation in display_usage()
|
# For other pre-requisites see the documentation in display_usage()
|
||||||
#
|
#
|
||||||
@ -43,6 +43,8 @@
|
|||||||
# @(#) permissions do not allow (VRF 1.2.1) [Patrick Van der Veken]
|
# @(#) permissions do not allow (VRF 1.2.1) [Patrick Van der Veken]
|
||||||
# @(#) 2015-08-28: check_config() update (VRF 1.2.2) [Patrick Van der Veken]
|
# @(#) 2015-08-28: check_config() update (VRF 1.2.2) [Patrick Van der Veken]
|
||||||
# @(#) 2015-09-04: fix in wait_for_children (VRF 1.2.3) [Patrick Van der Veken]
|
# @(#) 2015-09-04: fix in wait_for_children (VRF 1.2.3) [Patrick Van der Veken]
|
||||||
|
# @(#) 2015-09-06: proper error checking in fix2host(), update2host() by using
|
||||||
|
# @(#) logc() (VRF 1.3.0) [Patrick Van der Veken
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
# DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
|
# DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
|
||||||
#******************************************************************************
|
#******************************************************************************
|
||||||
@ -56,7 +58,7 @@
|
|||||||
# or LOCAL_CONFIG_FILE instead
|
# or LOCAL_CONFIG_FILE instead
|
||||||
|
|
||||||
# define the V.R.F (version/release/fix)
|
# define the V.R.F (version/release/fix)
|
||||||
MY_VRF="1.2.3"
|
MY_VRF="1.3.0"
|
||||||
# name of the global configuration file (script)
|
# name of the global configuration file (script)
|
||||||
GLOBAL_CONFIG_FILE="manage_ssh.conf"
|
GLOBAL_CONFIG_FILE="manage_ssh.conf"
|
||||||
# name of the local configuration file (script)
|
# name of the local configuration file (script)
|
||||||
@ -79,6 +81,7 @@ KEY_2048_COUNT=0
|
|||||||
KEY_4096_COUNT=0
|
KEY_4096_COUNT=0
|
||||||
KEY_OTHER_COUNT=0
|
KEY_OTHER_COUNT=0
|
||||||
TMP_FILE="${TMP_DIR}/.${SCRIPT_NAME}.$$"
|
TMP_FILE="${TMP_DIR}/.${SCRIPT_NAME}.$$"
|
||||||
|
TMP_RC_FILE="${TMP_DIR}/.${SCRIPT_NAME}.rc.$$"
|
||||||
# command-line parameters
|
# command-line parameters
|
||||||
ARG_ACTION=0 # default is nothing
|
ARG_ACTION=0 # default is nothing
|
||||||
ARG_FIX_DIR="" # location of SSH controls directory
|
ARG_FIX_DIR="" # location of SSH controls directory
|
||||||
@ -475,6 +478,7 @@ return 0
|
|||||||
function distribute2host
|
function distribute2host
|
||||||
{
|
{
|
||||||
SERVER="$1"
|
SERVER="$1"
|
||||||
|
ERROR_COUNT=0
|
||||||
|
|
||||||
# convert line to hostname
|
# convert line to hostname
|
||||||
SERVER=${SERVER%%;*}
|
SERVER=${SERVER%%;*}
|
||||||
@ -502,6 +506,7 @@ do
|
|||||||
log "transferred ${FILE%!*} to ${SERVER}:${REMOTE_DIR}"
|
log "transferred ${FILE%!*} to ${SERVER}:${REMOTE_DIR}"
|
||||||
else
|
else
|
||||||
warn "failed to transfer ${FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
warn "failed to transfer ${FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
||||||
|
ERROR_COUNT=$(( ERROR_COUNT + 1 ))
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
# 2) keys files
|
# 2) keys files
|
||||||
@ -526,6 +531,7 @@ then
|
|||||||
log "transferred ${TMP_MERGE_FILE} to ${SERVER}:${REMOTE_DIR}"
|
log "transferred ${TMP_MERGE_FILE} to ${SERVER}:${REMOTE_DIR}"
|
||||||
else
|
else
|
||||||
warn "failed to transfer ${TMP_MERGE_FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
warn "failed to transfer ${TMP_MERGE_FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
||||||
|
ERROR_COUNT=$(( ERROR_COUNT + 1 ))
|
||||||
fi
|
fi
|
||||||
[[ -d ${TMP_WORK_DIR} ]] && rm -rf ${TMP_WORK_DIR} 2>/dev/null
|
[[ -d ${TMP_WORK_DIR} ]] && rm -rf ${TMP_WORK_DIR} 2>/dev/null
|
||||||
else
|
else
|
||||||
@ -536,6 +542,7 @@ else
|
|||||||
log "transferred ${KEYS_FILE} to ${SERVER}:${REMOTE_DIR}"
|
log "transferred ${KEYS_FILE} to ${SERVER}:${REMOTE_DIR}"
|
||||||
else
|
else
|
||||||
warn "failed to transfer ${KEYS_FILE} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
warn "failed to transfer ${KEYS_FILE} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
||||||
|
ERROR_COUNT = $(( ERROR_COUNT + 1 ))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# discover a keys blacklist file, also copy it across if we find one
|
# discover a keys blacklist file, also copy it across if we find one
|
||||||
@ -555,11 +562,12 @@ then
|
|||||||
log "transferred ${BLACKLIST_FILE} to ${SERVER}:${REMOTE_DIR}"
|
log "transferred ${BLACKLIST_FILE} to ${SERVER}:${REMOTE_DIR}"
|
||||||
else
|
else
|
||||||
warn "failed to transfer ${BLACKLIST_FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
warn "failed to transfer ${BLACKLIST_FILE%!*} to ${SERVER}:${REMOTE_DIR} [RC=${COPY_RC}]"
|
||||||
|
ERROR_COUNT = $(( ERROR_COUNT + 1 ))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return 0
|
return ${ERROR_COUNT}
|
||||||
}
|
}
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
@ -567,10 +575,10 @@ function do_cleanup
|
|||||||
{
|
{
|
||||||
log "performing cleanup ..."
|
log "performing cleanup ..."
|
||||||
|
|
||||||
# remove temporary file
|
# remove temporary file(s)
|
||||||
[[ -f ${TMP_FILE} ]] && rm -f ${TMP_FILE} >/dev/null 2>&1
|
[[ -f ${TMP_FILE} ]] && rm -f ${TMP_FILE} >/dev/null 2>&1
|
||||||
[[ -f ${TMP_MERGE_FILE} ]] && rm -f ${TMP_MERGE_FILE} >/dev/null 2>&1
|
[[ -f ${TMP_MERGE_FILE} ]] && rm -f ${TMP_MERGE_FILE} >/dev/null 2>&1
|
||||||
|
[[ -f ${TMP_RC_FILE} ]] && rm -f ${TMP_RC_FILE} >/dev/null 2>&1
|
||||||
log "*** finish of ${SCRIPT_NAME} [${CMD_LINE}] ***"
|
log "*** finish of ${SCRIPT_NAME} [${CMD_LINE}] ***"
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
@ -597,18 +605,26 @@ log "fixing ssh controls on ${SERVER} ..."
|
|||||||
if [[ -z "${SSH_UPDATE_USER}" ]]
|
if [[ -z "${SSH_UPDATE_USER}" ]]
|
||||||
then
|
then
|
||||||
# own user w/ sudo
|
# own user w/ sudo
|
||||||
log "$(ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR})"
|
( RC=0; ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR};
|
||||||
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
|
) 2>&1 | logc
|
||||||
elif [[ "${SSH_UPDATE_USER}" != "root" ]]
|
elif [[ "${SSH_UPDATE_USER}" != "root" ]]
|
||||||
then
|
then
|
||||||
# other user w/ sudo
|
# other user w/ sudo
|
||||||
log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR})"
|
( RC=0; ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR};
|
||||||
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
|
) 2>&1 | logc
|
||||||
else
|
else
|
||||||
# root user w/o sudo
|
# root user w/o sudo
|
||||||
log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR})"
|
( RC=0; ssh ${SSH_ARGS} root@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --fix-local --fix-dir=${SERVER_DIR};
|
||||||
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
|
) 2>&1 | logc
|
||||||
fi
|
fi
|
||||||
# no error checking possible here due to log(), done in called script
|
|
||||||
|
|
||||||
return 0
|
# fetch return code from subshell
|
||||||
|
RC="$(< ${TMP_RC_FILE})"
|
||||||
|
|
||||||
|
return ${RC}
|
||||||
}
|
}
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
@ -640,11 +656,14 @@ else
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
|
# log an INFO: message (via ARG).
|
||||||
function log
|
function log
|
||||||
{
|
{
|
||||||
NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
||||||
|
|
||||||
|
# log an INFO: message (via ARG).
|
||||||
if [[ -n "$1" ]]
|
if [[ -n "$1" ]]
|
||||||
then
|
then
|
||||||
if (( ARG_LOG ))
|
if (( ARG_LOG ))
|
||||||
@ -670,6 +689,63 @@ fi
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
# log an INFO: message (via STDIN). Do not use when STDIN is still open
|
||||||
|
function logc
|
||||||
|
{
|
||||||
|
NOW="$(date '+%d-%h-%Y %H:%M:%S')"
|
||||||
|
LOG_STDIN=""
|
||||||
|
|
||||||
|
# process STDIN (if any)
|
||||||
|
[[ ! -t 0 ]] && LOG_STDIN="$(cat)"
|
||||||
|
if [[ -n "${LOG_STDIN}" ]]
|
||||||
|
then
|
||||||
|
if (( ARG_LOG ))
|
||||||
|
then
|
||||||
|
print - "${LOG_STDIN}" | while read LOG_LINE
|
||||||
|
do
|
||||||
|
# filter leading 'INFO:'
|
||||||
|
LOG_LINE="${LOG_LINE#INFO: *}"
|
||||||
|
print "${NOW}: INFO: [$$]:" "${LOG_LINE}" >> ${LOG_FILE}
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if (( ARG_VERBOSE ))
|
||||||
|
then
|
||||||
|
print - "${LOG_STDIN}" | while read LOG_LINE
|
||||||
|
do
|
||||||
|
# filter leading 'INFO:'
|
||||||
|
LOG_LINE="${LOG_LINE#INFO: *}"
|
||||||
|
print "INFO:" "${LOG_LINE}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# process ARG (if any)
|
||||||
|
if [[ -n "$1" ]]
|
||||||
|
then
|
||||||
|
if (( ARG_LOG != 0 ))
|
||||||
|
then
|
||||||
|
print - "$*" | while read LOG_LINE
|
||||||
|
do
|
||||||
|
# filter leading 'INFO:'
|
||||||
|
LOG_LINE="${LOG_LINE#INFO: *}"
|
||||||
|
print "${NOW}: INFO: [$$]:" "${LOG_LINE}" >> ${LOG_FILE}
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if (( ARG_VERBOSE != 0 ))
|
||||||
|
then
|
||||||
|
print - "$*" | while read LOG_LINE
|
||||||
|
do
|
||||||
|
# filter leading 'INFO:'
|
||||||
|
LOG_LINE="${LOG_LINE#INFO: *}"
|
||||||
|
print "INFO:" "${LOG_LINE}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
# resolve a host (check)
|
# resolve a host (check)
|
||||||
function resolve_host
|
function resolve_host
|
||||||
@ -738,18 +814,26 @@ log "setting ssh controls on ${SERVER} ..."
|
|||||||
if [[ -z "${SSH_UPDATE_USER}" ]]
|
if [[ -z "${SSH_UPDATE_USER}" ]]
|
||||||
then
|
then
|
||||||
# own user w/ sudo
|
# own user w/ sudo
|
||||||
log "$(ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update)"
|
( RC=0; ssh ${SSH_ARGS} ${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update;
|
||||||
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
|
) 2>&1 | logc
|
||||||
elif [[ "${SSH_UPDATE_USER}" != "root" ]]
|
elif [[ "${SSH_UPDATE_USER}" != "root" ]]
|
||||||
then
|
then
|
||||||
# other user w/ sudo
|
# other user w/ sudo
|
||||||
log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update)"
|
( RC=0; ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} sudo -n ${REMOTE_DIR}/${SCRIPT_NAME} --update;
|
||||||
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
|
) 2>&1 | logc
|
||||||
else
|
else
|
||||||
# root user w/o sudo
|
# root user w/o sudo
|
||||||
log "$(ssh ${SSH_ARGS} ${SSH_UPDATE_USER}@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --update)"
|
( RC=0; ssh ${SSH_ARGS} root@${SERVER} ${REMOTE_DIR}/${SCRIPT_NAME} --update;
|
||||||
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
|
) 2>&1 | logc
|
||||||
fi
|
fi
|
||||||
# no error checking possible here due to log(), done in called script
|
|
||||||
|
|
||||||
return 0
|
# fetch return code from subshell
|
||||||
|
RC="$(< ${TMP_RC_FILE})"
|
||||||
|
|
||||||
|
return ${RC}
|
||||||
}
|
}
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
@ -819,15 +903,16 @@ do
|
|||||||
# wait for sigchild, catching child exit codes is unreliable because
|
# wait for sigchild, catching child exit codes is unreliable because
|
||||||
# the child might have already ended before we get here (caveat emptor)
|
# the child might have already ended before we get here (caveat emptor)
|
||||||
else
|
else
|
||||||
wait ${PID}
|
wait ${PID}
|
||||||
if (( $? ))
|
RC=$?
|
||||||
then
|
if (( ${RC} ))
|
||||||
log "child process ${PID} exited [NOK]"
|
then
|
||||||
WAIT_ERRORS=$(( WAIT_ERRORS + 1 ))
|
log "child process ${PID} exited [RC=${RC}]"
|
||||||
else
|
WAIT_ERRORS=$(( WAIT_ERRORS + 1 ))
|
||||||
log "child process ${PID} exited [OK]"
|
else
|
||||||
fi
|
log "child process ${PID} exited [RC=${RC}]"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
# break loop if we have no child PIDs left
|
# break loop if we have no child PIDs left
|
||||||
(($# > 0)) || break
|
(($# > 0)) || break
|
||||||
@ -1091,9 +1176,17 @@ case ${ARG_ACTION} in
|
|||||||
;;
|
;;
|
||||||
4) # apply SSH controls locally (root user)
|
4) # apply SSH controls locally (root user)
|
||||||
log "ACTION: apply SSH controls locally"
|
log "ACTION: apply SSH controls locally"
|
||||||
log "$(sudo -n ${LOCAL_DIR}/update_ssh.pl ${SSH_UPDATE_OPTS})"
|
( RC=0; ${LOCAL_DIR}/update_ssh.pl ${SSH_UPDATE_OPTS};
|
||||||
# no error checking possible here due to log(), done in called script
|
print "$?" > ${TMP_RC_FILE}; exit
|
||||||
log "finished applying SSH controls locally"
|
) 2>&1 | logc
|
||||||
|
# fetch return code from subshell
|
||||||
|
RC="$(< ${TMP_RC_FILE})"
|
||||||
|
if (( RC ))
|
||||||
|
then
|
||||||
|
log "failed to apply SSH controls locally [RC=${RC}]"
|
||||||
|
else
|
||||||
|
log "finished applying SSH controls locally [RC=${RC}]"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
5) # fix local directory structure/perms/ownerships
|
5) # fix local directory structure/perms/ownerships
|
||||||
log "ACTION: fix local SSH controls repository"
|
log "ACTION: fix local SSH controls repository"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user