X-Git-Url: https://code.grnet.gr/git/ganeti-local/blobdiff_plain/e7323b5e55c623198ecfdb74acaf77a7f0d1ff11..a6682fdcc173998be87b77043bfa56c0d12b1ca4:/lib/daemon.py diff --git a/lib/daemon.py b/lib/daemon.py index 5346e47..c26a176 100644 --- a/lib/daemon.py +++ b/lib/daemon.py @@ -25,9 +25,7 @@ import asyncore import asynchat import collections -import grp import os -import pwd import signal import logging import sched @@ -41,10 +39,7 @@ from ganeti import constants from ganeti import errors from ganeti import netutils from ganeti import ssconf - - -_DEFAULT_RUN_USER = "root" -_DEFAULT_RUN_GROUP = "root" +from ganeti import runtime class SchedulerBreakout(Exception): @@ -143,7 +138,7 @@ class AsyncStreamServer(GanetiBaseAsyncoreDispatcher): # is passed in from accept anyway client_address = netutils.GetSocketCredentials(connected_socket) logging.info("Accepted connection from %s", - netutils.FormatAddress(self.family, client_address)) + netutils.FormatAddress(client_address, family=self.family)) self.handle_connection(connected_socket, client_address) def handle_connection(self, connected_socket, client_address): @@ -274,7 +269,7 @@ class AsyncTerminatedMessageStream(asynchat.async_chat): def close_log(self): logging.info("Closing connection from %s", - netutils.FormatAddress(self.family, self.peer_address)) + netutils.FormatAddress(self.peer_address, family=self.family)) self.close() # this method is overriding an asyncore.dispatcher method @@ -493,10 +488,61 @@ class Mainloop(object): self._signal_wait.append(owner) -def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn, +def _VerifyDaemonUser(daemon_name): + """Verifies the process uid matches the configured uid. + + This method verifies that a daemon is started as the user it is + intended to be run + + @param daemon_name: The name of daemon to be started + @return: A tuple with the first item indicating success or not, + the second item current uid and third with expected uid + + """ + getents = runtime.GetEnts() + running_uid = os.getuid() + daemon_uids = { + constants.MASTERD: getents.masterd_uid, + constants.RAPI: getents.rapi_uid, + constants.NODED: getents.noded_uid, + constants.CONFD: getents.confd_uid, + } + + return (daemon_uids[daemon_name] == running_uid, running_uid, + daemon_uids[daemon_name]) + + +def _BeautifyError(err): + """Try to format an error better. + + Since we're dealing with daemon startup errors, in many cases this + will be due to socket error and such, so we try to format these cases better. + + @param err: an exception object + @rtype: string + @return: the formatted error description + + """ + try: + if isinstance(err, socket.error): + return "Socket-related error: %s (errno=%s)" % (err.args[1], err.args[0]) + elif isinstance(err, EnvironmentError): + if err.filename is None: + return "%s (errno=%s)" % (err.strerror, err.errno) + else: + return "%s (file %s) (errno=%s)" % (err.strerror, err.filename, + err.errno) + else: + return str(err) + except Exception: # pylint: disable-msg=W0703 + logging.exception("Error while handling existing error %s", err) + return "%s" % str(err) + + +def GenericMain(daemon_name, optionparser, + check_fn, prepare_fn, exec_fn, multithreaded=False, console_logging=False, - default_ssl_cert=None, default_ssl_key=None, - user=_DEFAULT_RUN_USER, group=_DEFAULT_RUN_GROUP): + default_ssl_cert=None, default_ssl_key=None): """Shared main function for daemons. @type daemon_name: string @@ -504,13 +550,14 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn, @type optionparser: optparse.OptionParser @param optionparser: initialized optionparser with daemon-specific options (common -f -d options will be handled by this module) - @type dirs: list of (string, integer) - @param dirs: list of directories that must be created if they don't exist, - and the permissions to be used to create them @type check_fn: function which accepts (options, args) @param check_fn: function that checks start conditions and exits if they're not met - @type exec_fn: function which accepts (options, args) + @type prepare_fn: function which accepts (options, args) + @param prepare_fn: function that is run before forking, or None; + it's result will be passed as the third parameter to exec_fn, or + if None was passed in, we will just pass None to exec_fn + @type exec_fn: function which accepts (options, args, prepare_results) @param exec_fn: function that's executed with the daemon's pid file held, and runs the daemon itself. @type multithreaded: bool @@ -522,10 +569,6 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn, @param default_ssl_cert: Default SSL certificate path @type default_ssl_key: string @param default_ssl_key: Default SSL key path - @param user: Default user to run as - @type user: string - @param group: Default group to run as - @type group: string """ optionparser.add_option("-f", "--foreground", dest="fork", @@ -543,15 +586,12 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn, if daemon_name in constants.DAEMONS_PORTS: default_bind_address = constants.IP4_ADDRESS_ANY - try: - family = ssconf.SimpleStore().GetPrimaryIPFamily() - if family == netutils.IP6Address.family: - default_bind_address = constants.IP6_ADDRESS_ANY - except errors.ConfigurationError: - # This case occurs when adding a node, as there is no ssconf available - # when noded is first started. In that case, however, the correct - # bind_address must be passed - pass + family = ssconf.SimpleStore().GetPrimaryIPFamily() + # family will default to AF_INET if there is no ssconf file (e.g. when + # upgrading a cluster from 2.2 -> 2.3. This is intended, as Ganeti clusters + # <= 2.2 can not be AF_INET6 + if family == netutils.IP6Address.family: + default_bind_address = constants.IP6_ADDRESS_ANY default_port = netutils.GetDaemonPort(daemon_name) @@ -580,7 +620,8 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn, metavar="SSL_CERT_PATH") # Disable the use of fork(2) if the daemon uses threads - utils.no_fork = multithreaded + if multithreaded: + utils.DisableFork() options, args = optionparser.parse_args() @@ -599,31 +640,46 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn, # once and have a proper validation (isfile returns False on directories) # at the same time. + result, running_uid, expected_uid = _VerifyDaemonUser(daemon_name) + if not result: + msg = ("%s started using wrong user ID (%d), expected %d" % + (daemon_name, running_uid, expected_uid)) + print >> sys.stderr, msg + sys.exit(constants.EXIT_FAILURE) + if check_fn is not None: check_fn(options, args) - utils.EnsureDirs(dirs) - if options.fork: - try: - uid = pwd.getpwnam(user).pw_uid - gid = grp.getgrnam(group).gr_gid - except KeyError: - raise errors.ConfigurationError("User or group not existing on system:" - " %s:%s" % (user, group)) utils.CloseFDs() - utils.Daemonize(constants.DAEMONS_LOGFILES[daemon_name], uid, gid) + wpipe = utils.Daemonize(logfile=constants.DAEMONS_LOGFILES[daemon_name]) + else: + wpipe = None - utils.WritePidFile(daemon_name) + utils.WritePidFile(utils.DaemonPidFileName(daemon_name)) try: - utils.SetupLogging(logfile=constants.DAEMONS_LOGFILES[daemon_name], - debug=options.debug, - stderr_logging=not options.fork, - multithreaded=multithreaded, - program=daemon_name, - syslog=options.syslog, - console_logging=console_logging) - logging.info("%s daemon startup", daemon_name) - exec_fn(options, args) + try: + utils.SetupLogging(logfile=constants.DAEMONS_LOGFILES[daemon_name], + debug=options.debug, + stderr_logging=not options.fork, + multithreaded=multithreaded, + program=daemon_name, + syslog=options.syslog, + console_logging=console_logging) + if callable(prepare_fn): + prep_results = prepare_fn(options, args) + else: + prep_results = None + logging.info("%s daemon startup", daemon_name) + except Exception, err: + utils.WriteErrorToFD(wpipe, _BeautifyError(err)) + raise + + if wpipe is not None: + # we're done with the preparation phase, we close the pipe to + # let the parent know it's safe to exit + os.close(wpipe) + + exec_fn(options, args, prep_results) finally: - utils.RemovePidFile(daemon_name) + utils.RemoveFile(utils.DaemonPidFileName(daemon_name))