X-Git-Url: http://git.onelab.eu/?p=nodeupdate.git;a=blobdiff_plain;f=NodeUpdate.py;h=fc123c49b97b77b6d59af7a2e5276d6c2545229c;hp=41d5880cc529c9b75772e7df600757ec51e532f0;hb=HEAD;hpb=1063256ed65e62c07e12328d0a75d3b06ba27aac diff --git a/NodeUpdate.py b/NodeUpdate.py old mode 100644 new mode 100755 index 41d5880..fc123c4 --- a/NodeUpdate.py +++ b/NodeUpdate.py @@ -1,70 +1,31 @@ -#!/usr/bin/python2 - -# Copyright (c) 2003 Intel Corporation -# All rights reserved. - -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: - -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. - -# * Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials provided -# with the distribution. - -# * Neither the name of the Intel Corporation nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. - -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INTEL OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -# EXPORT LAWS: THIS LICENSE ADDS NO RESTRICTIONS TO THE EXPORT LAWS OF -# YOUR JURISDICTION. It is licensee's responsibility to comply with any -# export regulations applicable in licensee's jurisdiction. Under -# CURRENT (May 2000) U.S. export regulations this software is eligible -# for export from the U.S. and can be downloaded by or otherwise -# exported or reexported worldwide EXCEPT to U.S. embargoed destinations -# which include Cuba, Iraq, Libya, North Korea, Iran, Syria, Sudan, -# Afghanistan and any other country to which the U.S. has embargoed -# goods and services. - - -import sys, os -from random import Random -import string +#!/usr/bin/env python3 -# not needed now -#PLANETLAB_BIN = "/usr/local/planetlab/bin/" -#sys.path.append(PLANETLAB_BIN) -#import BootServerRequest +import sys +import os +import os.path +import string +from random import Random +from types import StringTypes +from time import strftime +TIMEFORMAT = "%Y-%m-%d %H:%M:%S" -NODEUPDATE_PID_FILE= "/var/run/NodeUpdate.pid" +NODEUPDATE_PID_FILE = "/var/run/NodeUpdate.pid" # variables for cron file creation -TARGET_SCRIPT = '(echo && date && echo && /usr/local/planetlab/bin/NodeUpdate.py start) >>/var/log/NodeUpdate.log 2>&1' +TARGET_SCRIPT = '(echo && date && echo && /usr/bin/NodeUpdate.py start) >> /var/log/NodeUpdate.log 2>&1' TARGET_DESC = 'Update node RPMs periodically' TARGET_USER = 'root' TARGET_SHELL = '/bin/bash' CRON_FILE = '/etc/cron.d/NodeUpdate.cron' YUM_PATH = "/usr/bin/yum" +DNF_PATH = "/usr/bin/dnf" +HAS_DNF = os.path.exists(DNF_PATH) RPM_PATH = "/bin/rpm" +RPM_GPG_PATH = "/etc/pki/rpm-gpg" # location of file containing http/https proxy info, if needed PROXY_FILE = '/etc/planetlab/http_proxy' @@ -75,175 +36,321 @@ PROXY_FILE = '/etc/planetlab/http_proxy' REBOOT_FLAG = '/etc/planetlab/update-reboot' # location of directory containing boot server ssl certs -SSL_CERT_DIR='/mnt/cdrom/bootme/cacert/' +SSL_CERT_DIR = '/mnt/cdrom/bootme/cacert/' -# file containing list of extra groups to attempt to update, -# if necessary. -EXTRA_GROUPS_FILE= '/etc/planetlab/extra-node-groups' +# file containing the list of extensions this node has, each +# correspond to a package group in yum repository. +# this is expected to be updated from the 'extensions tag' +# through the 'extensions.php' nodeconfig script +EXTENSIONS_FILE = '/etc/planetlab/extensions' # file containing a list of rpms that we should attempt to delete -# before we updating everything else. this list is not -# removed with 'yum remove', because that could accidently remove -# dependency rpms that were not intended to be deleted. -DELETE_RPM_LIST_FILE= '/etc/planetlab/delete-rpm-list' - +# before updating everything else. This list is not removed with +# 'yum remove', because that could accidently remove dependency rpms +# that were not intended to be deleted. +DELETE_RPM_LIST_FILE = '/etc/planetlab/delete-rpm-list' + +# ok, so the logic should be simple, just yum update the world +# however there are many cases in the real life where this +# just does not work, because of a glitch somewhere +# so, we force the update of crucial pkgs independently, as +# the whole group is sometimes too much to swallow +# this one is builtin +CRUCIAL_PACKAGES_BUILTIN = [ + 'NodeUpdate', + 'nodemanager-lib', + 'nodemanager-lxc', + 'nodemanager-vs', +] +# and operations can also try to push a list through a conf_file +# should use the second one for consistency, try the first one as well for legacy +CRUCIAL_PACKAGES_OPTIONAL_PATHS = [ + # this is a legacy name, please avoid using this one + '/etc/planetlab/NodeUpdate.packages', + # file to use with a hand-written conf_file + '/etc/planetlab/crucial-rpm-list', + # this one could some day be maintained by a predefined config_file + '/etc/planetlab/sliceimage-rpm-list', +] # print out a message only if we are displaying output -def Message(Str): + + +def Message(*messages): if displayOutput: - print Str + print(5*'*', strftime(TIMEFORMAT), *messages) +# always print errors -# print out a message only if we are displaying output -def Error(Str): - print Str + +def Error(*messages): + print(10*'!', strftime(TIMEFORMAT), *messages) +class YumDnf: + def __init__(self): + command = DNF_PATH if HAS_DNF else YUM_PATH + self.command = command + + options = "" + # --verbose option + Message("Checking if {} supports --verbose".format(command)) + if os.system("{} --help | grep -q verbose".format(command)) == 0: + Message("It does, using --verbose option") + options += " --verbose" + else: + Message("Unsupported, not using --verbose option") + # --sslcertdir option + Message("Checking if {} supports SSL certificate checks" + .format(command)) + if os.system("{} --help | grep -q sslcertdir".format(command)) == 0: + Message("It does, using --sslcertdir option") + sslcertdir = "--sslcertdir=" + SSL_CERT_DIR + else: + Message("Unsupported, not using --sslcertdir option") + sslcertdir = "" + self.options = options + + # one individual package + def handle_package(self, package): + if not self.is_packaged_installed(package): + return self.do_package(package, "install") + else: + return self.do_package(package, "update") + + def is_packaged_installed(self, package): + cmd = "rpm -q {} > /dev/null".format(package) + return os.system(cmd) == 0 + + def do_package(self, package, subcommand): + cmd = \ + "{} {} -y {} {}".format(self.command, self.options, + subcommand, package) + Message("Invoking {}".format(cmd)) + return os.system(cmd) == 0 + + # update one group + def update_group(self, group): + # it is important to invoke dnf group *upgrade* and not *update* + # because the semantics of groups has changed within dnf + overall = True + if HAS_DNF: + cmd = "{} {} -y group install {}".format( + self.command, self.options, group) + Message("Invoking {}".format(cmd)) + if os.system(cmd) != 0: + overall = False + cmd = "{} {} -y group upgrade {}".format( + self.command, self.options, group) + Message("Invoking {}".format(cmd)) + if os.system(cmd) != 0: + overall = False + else: + cmd = "{} {} -y groupinstall {}".format( + self.command, self.options, group) + Message("Invoking {}".format(cmd)) + if os.system(cmd) != 0: + overall = False + return overall + + # update the whole system + def update_system(self): + cmd = "{} {} -y update".format(self.command, self.options) + Message("Invoking {}".format(cmd)) + return os.system(cmd) == 0 + + def clean_all(self): + cmd = "{} clean all".format(self.command) + Message("Invoking {}".format(cmd)) + return os.system(cmd) == 0 + # create an entry in /etc/cron.d so we run periodically. # we will be run once a day at a 0-59 minute random offset # into a 0-23 random hour + + def UpdateCronFile(): try: - - randomMinute= Random().randrange( 0, 59, 1 ); - randomHour= Random().randrange( 0, 23, 1 ); - - f = open( CRON_FILE, 'w' ); - f.write( "# %s\n" % (TARGET_DESC) ); - f.write( "MAILTO=%s\n" % (TARGET_USER) ); - f.write( "SHELL=%s\n" % (TARGET_SHELL) ); - f.write( "%s %s * * * %s %s\n\n" % - (randomMinute, randomHour, TARGET_USER, TARGET_SCRIPT) ); + + randomMinute = Random().randrange(0, 59, 1) + randomHour = Random().randrange(0, 11, 1) + + f = open(CRON_FILE, 'w') + f.write("# {}\n".format(TARGET_DESC)) + # xxx is root aliased to the support mailing list ? + f.write("MAILTO={}\n".format(TARGET_USER)) + f.write("SHELL={}\n".format(TARGET_SHELL)) + f.write("{} {},{} * * * {} {}\n\n" + .format(randomMinute, randomHour, + randomHour + 12, TARGET_USER, TARGET_SCRIPT)) f.close() - - print( "Created new cron.d entry." ) + + print("Created new cron.d entry.") except: - print( "Unable to create cron.d entry." ) + print("Unable to create cron.d entry.") # simply remove the cron file we created def RemoveCronFile(): try: - os.unlink( CRON_FILE ) - print( "Deleted cron.d entry." ) + os.unlink(CRON_FILE) + print("Deleted cron.d entry.") except: - print( "Unable to delete cron.d entry." ) - + print("Unable to delete cron.d entry.") class NodeUpdate: - def __init__( self, doReboot ): + def __init__(self, doReboot): if self.CheckProxy(): - os.environ['http_proxy']= self.HTTP_PROXY - os.environ['HTTP_PROXY']= self.HTTP_PROXY - - self.doReboot= doReboot + os.environ['http_proxy'] = self.HTTP_PROXY + os.environ['HTTP_PROXY'] = self.HTTP_PROXY + self.doReboot = doReboot - - - def CheckProxy( self ): - Message( "Checking existance of proxy config file..." ) - + def CheckProxy(self): + Message("Checking existence of proxy config file...") if os.access(PROXY_FILE, os.R_OK) and os.path.isfile(PROXY_FILE): - self.HTTP_PROXY= string.strip(file(PROXY_FILE,'r').readline()) - Message( "Using proxy %s." % self.HTTP_PROXY ) + self.HTTP_PROXY = string.strip(file(PROXY_FILE, 'r').readline()) + Message("Using proxy {}".format(self.HTTP_PROXY)) return 1 else: - Message( "Not using any proxy." ) + Message("Not using any proxy.") return 0 + def InstallKeys(self): + Message("Removing any existing GPG signing keys from the RPM database") + os.system("{} --allmatches -e gpg-pubkey".format(RPM_PATH)) + Message("Installing all GPG signing keys in {}".format(RPM_GPG_PATH)) + os.system("{} --import {}/*".format(RPM_PATH, RPM_GPG_PATH)) - def ClearRebootFlag( self ): - os.system( "/bin/rm -rf %s" % REBOOT_FLAG ) - + def ClearRebootFlag(self): + os.system("/bin/rm -rf {}".format(REBOOT_FLAG)) - def CheckForUpdates( self ): - - Message( "\nRemoving any existing reboot flags" ) + def CheckForUpdates(self): + Message("Removing any existing reboot flags") self.ClearRebootFlag() - if self.doReboot == 0: - Message( "\nIgnoring any reboot flags set by RPMs" ); - - Message( "\nUpdating PlanetLab group" ) - os.system( "%s -y groupupdate \"PlanetLab\"" % - (YUM_PATH) ) - - Message( "\nUpdating rest of system" ) - os.system( "%s -y update" % - (YUM_PATH) ) - - Message( "\nChecking for extra groups to update" ) - if os.access(EXTRA_GROUPS_FILE, os.R_OK) and \ - os.path.isfile(EXTRA_GROUPS_FILE): - extra_groups_contents= file(EXTRA_GROUPS_FILE).read() - extra_groups_contents= string.strip(extra_groups_contents) - if extra_groups_contents == "": - Message( "No extra groups found in file." ) + Message("Ignoring any reboot flags set by RPMs") + + yum_dnf = YumDnf() + + # this of course is quite suboptimal, but proved to be safer + yum_dnf.clean_all() + + # a configurable list of packages to try and update independently + # cautious.. + try: + crucial_packages = [] + for package in CRUCIAL_PACKAGES_BUILTIN: + crucial_packages.append(package) + for path in CRUCIAL_PACKAGES_OPTIONAL_PATHS: + try: + crucial_packages += file(path).read().split() + except: + pass + Message("List of crucial packages: {}".format(crucial_packages)) + for package in crucial_packages: + yum_dnf.handle_package(package) + except: + + pass + + Message("Updating PlanetLab group") + yum_dnf.update_group("PlanetLab") + + Message("Updating rest of system") + yum_dnf.update_system() + + Message("Checking for extra groups (extensions) to update") + if os.access(EXTENSIONS_FILE, os.R_OK) and \ + os.path.isfile(EXTENSIONS_FILE): + extensions_contents = file(EXTENSIONS_FILE).read() + extensions_contents = string.strip(extensions_contents) + if extensions_contents == "": + Message("No extra groups found in file.") else: - for group in string.split(extra_groups_contents,"\n"): - Message( "\nUpdating %s group" % group ) - os.system( "%s -y groupupdate \"%s\"" % - (YUM_PATH,group) ) + extensions_contents.strip() + for extension in extensions_contents.split(): + group = "extension{}".format(extension) + yum_dnf.update_group(group) else: - Message( "No extra groups file found" ) - + Message("No extensions file found") + if os.access(REBOOT_FLAG, os.R_OK) and os.path.isfile(REBOOT_FLAG) and self.doReboot: - Message( "\nAt least one update requested the system be rebooted" ) + Message("At least one update requested the system be rebooted") self.ClearRebootFlag() - os.system( "/sbin/shutdown -r now" ) - - - def RemoveRPMS( self ): - - Message( "\nLooking for RPMs to be deleted." ) + os.system("/sbin/shutdown -r now") + + def RebuildRPMdb(self): + Message("Rebuilding RPM Database.") + try: + os.system("rm /var/lib/rpm/__db.*") + except Exception as err: + print("RebuildRPMdb: exception {}".format(err)) + try: + os.system("{} --rebuilddb".format(RPM_PATH)) + except Exception as err: + print("RebuildRPMdb: exception {}".format(err)) + + def RemoveRPMS(self): + Message("Looking for RPMs to be deleted.") if os.access(DELETE_RPM_LIST_FILE, os.R_OK) and \ os.path.isfile(DELETE_RPM_LIST_FILE): - rpm_list_contents= file(DELETE_RPM_LIST_FILE).read() - rpm_list_contents= string.strip(rpm_list_contents) + rpm_list_contents = file(DELETE_RPM_LIST_FILE).read().strip() if rpm_list_contents == "": - Message( "No RPMs listed in file to delete." ) + Message("No RPMs listed in file to delete.") return - rpm_list= string.join(string.split(rpm_list_contents)) - - Message( "Deleting these RPMs:" ) - Message( rpm_list_contents ) - - rc= os.system( "%s -ev %s" % (RPM_PATH, rpm_list) ) + rpm_list = string.split(rpm_list_contents) + + Message("Deleting RPMs from {}: {}".format( + DELETE_RPM_LIST_FILE, " ".join(rpm_list))) + + # invoke them separately as otherwise one faulty (e.g. already uninstalled) + # would prevent the other ones from uninstalling + for rpm in rpm_list: + # is it installed + is_installed = os.system("{} -q {}".format(RPM_PATH, rpm)) == 0 + if not is_installed: + Message( + "Ignoring rpm {} marked to delete, already uninstalled".format(rpm)) + continue + uninstalled = os.system("{} -ev {}".format(RPM_PATH, rpm)) == 0 + if uninstalled: + Message("Successfully removed RPM {}".format(rpm)) + continue + else: + Error("Unable to delete RPM {}, continuing. rc={}".format( + rpm, uninstalled)) - if rc != 0: - Error( "Unable to delete RPMs, continuing. rc=%d" % rc ) - else: - Message( "RPMs deleted successfully." ) - else: - Message( "No RPMs list file found." ) - + Message("No RPMs list file found.") +############################## if __name__ == "__main__": - # if we are invoked with 'start', display the output. this - # is usefull for running something under cron and as a service - # (at startup), so the cron only outputs errors and doesn't + # if we are invoked with 'start', display the output. + # this is useful for running something silently + # under cron and as a service (at startup), + # so the cron only outputs errors and doesn't # generate mail when it works correctly - displayOutput= 0 + displayOutput = 0 # if we hit an rpm that requests a reboot, do it if this is # set to 1. can be turned off by adding noreboot to command line # option - - doReboot= 1 - if "start" in sys.argv: - displayOutput= 1 + doReboot = 1 + + if "start" in sys.argv or "display" in sys.argv: + displayOutput = 1 + Message("\nTurning on messages") if "noreboot" in sys.argv: - doReboot= 0 + doReboot = 0 if "updatecron" in sys.argv: # simply update the /etc/cron.d file for us, and exit @@ -252,35 +359,34 @@ if __name__ == "__main__": if "removecron" in sys.argv: RemoveCronFile() - sys.exit(0) + sys.exit(0) - # see if we are already running by checking the existance # of a PID file, and if it exists, attempting a test kill # to see if the process really does exist. If both of these # tests pass, exit. - + if os.access(NODEUPDATE_PID_FILE, os.R_OK): - pid= string.strip(file(NODEUPDATE_PID_FILE).readline()) - if pid <> "": - if os.system("/bin/kill -0 %s > /dev/null 2>&1" % pid) == 0: - Message( "It appears we are already running, exiting." ) + pid = string.strip(file(NODEUPDATE_PID_FILE).readline()) + if pid != "": + if os.system("/bin/kill -0 {} > /dev/null 2>&1".format(pid)) == 0: + Message("It appears we are already running, exiting.") sys.exit(1) - + # write out our process id - pidfile= file( NODEUPDATE_PID_FILE, 'w' ) - pidfile.write( "%d\n" % os.getpid() ) + pidfile = file(NODEUPDATE_PID_FILE, 'w') + pidfile.write("{}\n".format(os.getpid())) pidfile.close() - - nodeupdate= NodeUpdate(doReboot) + nodeupdate = NodeUpdate(doReboot) if not nodeupdate: - Error( "Unable to initialize." ) + Error("Unable to initialize.") else: + nodeupdate.RebuildRPMdb() nodeupdate.RemoveRPMS() + nodeupdate.InstallKeys() nodeupdate.CheckForUpdates() - Message( "\nUpdate complete." ) + Message("Update complete.") # remove the PID file - os.unlink( NODEUPDATE_PID_FILE ) - + os.unlink(NODEUPDATE_PID_FILE)