Author: arkurth
Date: Fri Oct 31 19:46:25 2014
New Revision: 1635849
URL: http://svn.apache.org/r1635849
Log:
VCL-706
In vcl.sql, changed connectmethodport.protocol definition default value to TCP.
Added connectmethodport.connectmethodid constraint.
Updated utils.pm::get_connect_method_info to retrieve connectmethodport
information.
Changed all locations calling utils.pm::get_connect_method_info to
$self->data->get_connect_methods for consistency.
Moved firewall_compare_update from Windows.pm, Linux.pm, and Ubuntu.pm to OS.pm
since the code was duplicated.
Updated all locations which were using the protocol an port information to use
the new multivalued connectmethodport information:
OS.pm::process_connect_methods
OS.pm::is_user_connected
OS.pm::get_connect_method_remote_ip_addresses
OS.pm::firewall_compare_update
Windows.pm::check_rdp_port_configuration
Other
Added additional registry keys to Windows.pm::clean_hard_drive. These allow the
cleanup process to handle more items. Changed the cleanmgr.exe timeout from 120
seconds to 900. Newer versions seem to take a longer time.
Removed Linux.pm::sanitize_firewall. It was not called from anywhere and was
not doing anything.
Cleaned up Ubuntu.pm's enable_firewall_port and disable_firewall_port.
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
vcl/trunk/managementnode/lib/VCL/utils.pm
vcl/trunk/mysql/vcl.sql
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Fri Oct 31 19:46:25 2014
@@ -2038,7 +2038,13 @@ sub get_file_contents {
notify($ERRORS{'DEBUG'}, 0, "retrieved " . scalar(@$output) . "
lines from file on $computer_short_name: '$path'");
map { s/[\r\n]+$//g; } (@$output);
- return @$output;
+
+ if (wantarray) {
+ return @$output;
+ }
+ else {
+ return join("\n", @$output);
+ }
}
}
@@ -2647,12 +2653,11 @@ sub process_connect_methods {
}
my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
# Retrieve the connect method info hash
- my $connect_method_info = get_connect_method_info($imagerevision_id);
+ my $connect_method_info = $self->data->get_connect_methods();
if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "failed to retrieve connect
method info for image revision $imagerevision_id");
+ notify($ERRORS{'WARNING'}, 0, "failed to retrieve connect
method info");
return;
}
@@ -2675,48 +2680,37 @@ sub process_connect_methods {
$overwrite = 0;
}
- my $state = $self->data->get_request_state_name();
- notify($ERRORS{'DEBUG'}, 0, "state = $state");
-
+ my $request_state = $self->data->get_request_state_name();
CONNECT_METHOD: for my $connect_method_id (sort keys
%{$connect_method_info} ) {
+ my $connect_method = $connect_method_info->{$connect_method_id};
#notify($ERRORS{'DEBUG'}, 0, "processing connect method:\n" .
format_data($connect_method_info->{$connect_method_id}));
- my $name =
$connect_method_info->{$connect_method_id}{name};
- my $description =
$connect_method_info->{$connect_method_id}{description};
- my $protocol =
$connect_method_info->{$connect_method_id}{protocol} || 'TCP';
- my $port =
$connect_method_info->{$connect_method_id}{port};
- my $service_name =
$connect_method_info->{$connect_method_id}{servicename};
- my $startup_script =
$connect_method_info->{$connect_method_id}{startupscript};
- my $install_script =
$connect_method_info->{$connect_method_id}{installscript};
- my $disabled =
$connect_method_info->{$connect_method_id}{connectmethodmap}{disabled};
+ my $name = $connect_method->{name};
+ my $description = $connect_method->{description};
+ my $service_name = $connect_method->{servicename};
+ my $startup_script = $connect_method->{startupscript};
+ my $install_script = $connect_method->{installscript};
+ my $disabled =
$connect_method->{connectmethodmap}{disabled};
- if( $state =~ /deleted|timeout/) {
- $disabled = 1;
- }
- if ($disabled) {
+ if ($disabled || $request_state =~ /deleted|timeout/) {
if ($self->service_exists($service_name)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to stop '$service_name'
service for '$name' connect method on $computer_node_name");
- if ($self->stop_service($service_name)) {
- notify($ERRORS{'OK'}, 0, "'$service_name' stop on
$computer_node_name");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed to stop
'$service_name' service for '$name' connect method on $computer_node_name");
- }
- }
-
- #Disable firewall port
- if (defined($port)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to close firewall port
$port on $computer_node_name for '$name' connect method");
- if ($self->disable_firewall_port($protocol, $port, $remote_ip, 1))
{
- notify($ERRORS{'OK'}, 0, "closing firewall port $port on
$computer_node_name for $remote_ip $name connect method");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed to close firewall port
$port on $computer_node_name for $remote_ip $name connect method");
- }
+ if (!$self->stop_service($service_name)) {
+ notify($ERRORS{'WARNING'}, 0, "failed
to stop '$service_name' service for '$name' connect method on
$computer_node_name");
+ }
}
+ # Close the firewall ports
+ if ($self->can('disable_firewall_port')) {
+ for my $protocol (keys
%{$connect_method->{connectmethodport}}) {
+ for my $port (keys
%{$connect_method->{connectmethodport}{$protocol}}) {
+ if
(!$self->disable_firewall_port($protocol, $port, $remote_ip, 1)) {
+
notify($ERRORS{'WARNING'}, 0, "failed to close firewall port $port on
$computer_node_name for $remote_ip $name connect method");
+ }
+ }
+ }
+ }
}
else {
# Attempt to start and configure the connect method
@@ -2724,12 +2718,8 @@ sub process_connect_methods {
# Attempt to start the service if the service name has
been defined for the connect method
if ($service_name) {
- # Check if service exists
- notify($ERRORS{'DEBUG'}, 0, "checking if
'$service_name' service exists for '$name' connect method on
$computer_node_name");
if ($self->service_exists($service_name)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting
to start '$service_name' service for '$name' connect method on
$computer_node_name");
if
($self->start_service($service_name)) {
- notify($ERRORS{'OK'}, 0,
"'$service_name' started on $computer_node_name");
$service_started = 1;
}
else {
@@ -2740,29 +2730,35 @@ sub process_connect_methods {
notify($ERRORS{'WARNING'}, 0,
"'$service_name' service for '$name' connect method does NOT exist on
$computer_node_name, connect method install script is not defined");
}
}
+
# Run the startup script if the service is not started
if (!$service_started && defined($startup_script)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to run
startup script '$startup_script' for '$name' connect method on
$computer_node_name");
- my ($startup_exit_status, $startup_output) =
$self->execute($startup_script, 1);
- if (!defined($startup_output)) {
- notify($ERRORS{'WARNING'}, 0, "failed
to run command to execute startup script '$startup_script' for '$name' connect
method on $computer_node_name, command: '$startup_script'");
- }
- elsif ($startup_exit_status == 0){
- notify($ERRORS{'OK'}, 0, "executed
startup script '$startup_script' for '$name' connect method on
$computer_node_name, command: '$startup_script', exit status:
$startup_exit_status, output:\n" . join("\n", @$startup_output));
+ if (!$self->file_exists($startup_script)) {
+ notify($ERRORS{'WARNING'}, 0,
"'$service_name' service startup script for '$name' connect method does not
exist on $computer_node_name: $startup_script");
}
else {
- notify($ERRORS{'WARNING'}, 0, "failed
to execute startup script '$startup_script' for '$name' connect method on
$computer_node_name, command: '$startup_script', exit status:
$startup_exit_status, output:\n" . join("\n", @$startup_output));
+ notify($ERRORS{'DEBUG'}, 0, "attempting
to run startup script '$startup_script' for '$name' connect method on
$computer_node_name");
+ my ($startup_exit_status,
$startup_output) = $self->execute($startup_script, 1);
+ if (!defined($startup_output)) {
+ notify($ERRORS{'WARNING'}, 0,
"failed to run command to execute startup script '$startup_script' for '$name'
connect method on $computer_node_name, command: '$startup_script'");
+ }
+ elsif ($startup_exit_status == 0){
+ notify($ERRORS{'OK'}, 0,
"executed startup script '$startup_script' for '$name' connect method on
$computer_node_name, command: '$startup_script', exit status:
$startup_exit_status, output:\n" . join("\n", @$startup_output));
+ }
+ else {
+ notify($ERRORS{'WARNING'}, 0,
"failed to execute startup script '$startup_script' for '$name' connect method
on $computer_node_name, command: '$startup_script', exit status:
$startup_exit_status, output:\n" . join("\n", @$startup_output));
+ }
}
}
- # Open the firewall port
- if (defined($port)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to open
firewall port $port on $computer_node_name for '$name' connect method");
- if ($self->enable_firewall_port($protocol,
$port, $remote_ip, 1)) {
- notify($ERRORS{'OK'}, 0, "opened
firewall port $port on $computer_node_name for $remote_ip $name connect
method");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed
to open firewall port $port on $computer_node_name for $remote_ip $name connect
method");
+ # Open the firewall ports
+ if ($self->can('enable_firewall_port')) {
+ for my $protocol (keys
%{$connect_method->{connectmethodport}}) {
+ for my $port (keys
%{$connect_method->{connectmethodport}{$protocol}}) {
+ if
(!$self->enable_firewall_port($protocol, $port, $remote_ip, 1)) {
+
notify($ERRORS{'WARNING'}, 0, "failed to open firewall port $port on
$computer_node_name for $remote_ip $name connect method");
+ }
+ }
}
}
}
@@ -2793,24 +2789,26 @@ sub is_user_connected {
my $user_login_id = $self->data->get_user_login_id();
my $connect_methods = $self->data->get_connect_methods();
+ if (!$self->can("check_connection_on_port")) {
+ notify($ERRORS{'CRITICAL'}, 0, ref($self) . " OS module does
not implement check_connection_on_port subroutine");
+ return;
+ }
+
notify($ERRORS{'OK'}, 0, "checking for connection by $user_login_id on
$computer_node_name");
foreach my $connect_method_id (keys %$connect_methods) {
- my $name = $connect_methods->{$connect_method_id}{name};
- my $port = $connect_methods->{$connect_method_id}{port};
- my $protocol = $connect_methods->{$connect_method_id}{protocol}
|| 'TCP';
-
- notify($ERRORS{'DEBUG'}, 0, "checking '$name' connect method,
protocol: $protocol, port: $port");
-
- if (!$self->can("check_connection_on_port")) {
- notify($ERRORS{'CRITICAL'}, 0, ref($self) . " OS module
does not implement check_connection_on_port subroutine");
- return;
- }
-
- my $result = $self->check_connection_on_port($port);
- if ($result && $result !~ /no/i) {
- notify($ERRORS{'OK'}, 0, "$user_login_id is connected
to $computer_node_name using $name connect method, result: $result");
- return 1;
+ my $connect_method = $connect_methods->{$connect_method_id};
+ my $name = $connect_method->{name};
+ for my $protocol (keys %{$connect_method->{connectmethodport}})
{
+ for my $port (keys
%{$connect_method->{connectmethodport}{$protocol}}) {
+ notify($ERRORS{'DEBUG'}, 0, "checking '$name'
connect method, protocol: $protocol, port: $port");
+
+ my $result =
$self->check_connection_on_port($port);
+ if ($result && $result !~ /no/i) {
+ notify($ERRORS{'OK'}, 0,
"$user_login_id is connected to $computer_node_name using $name connect method,
result: $result");
+ return 1;
+ }
+ }
}
}
@@ -3044,7 +3042,7 @@ sub find_files {
$command .= " -maxdepth 1";
}
- notify($ERRORS{'DEBUG'}, 0, "attempting to find files on
$computer_node_name, base directory path: '$base_directory_path', pattern:
$file_pattern, command: $command");
+ #notify($ERRORS{'DEBUG'}, 0, "attempting to find files on
$computer_node_name, base directory path: '$base_directory_path', pattern:
$file_pattern, command: $command");
my ($exit_status, $output) = $self->execute($command, 0);
if (!defined($output)) {
@@ -3072,7 +3070,7 @@ sub find_files {
my $file_count = scalar(@files);
- notify($ERRORS{'DEBUG'}, 0, "files found: $file_count, base
directory: '$base_directory_path', pattern: '$file_pattern'\ncommand:
'$command'");
+ notify($ERRORS{'DEBUG'}, 0, "files found under
$base_directory_path matching '$file_pattern': $file_count");
#notify($ERRORS{'DEBUG'}, 0, "files found: $file_count, base
directory: '$base_directory_path', pattern: '$file_pattern'\ncommand:
'$command', output:\n" . join("\n", @$output));
return @files;
}
@@ -3526,7 +3524,6 @@ sub get_connect_method_remote_ip_address
}
my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
# Get the management node's IP addresses - these will be ignored
my $mn_private_ip_address = $self->mn_os->get_private_ip_address();
@@ -3545,54 +3542,57 @@ sub get_connect_method_remote_ip_address
my @remote_ip_addresses = ();
- my $connect_method_info = get_connect_method_info($imagerevision_id);
+ my $connect_method_info = $self->data->get_connect_methods();
foreach my $connect_method_id (keys %$connect_method_info) {
- my $connect_method_name =
$connect_method_info->{$connect_method_id}{name};
- my $connect_method_protocol =
$connect_method_info->{$connect_method_id}{protocol} || 'any';
- my $connect_method_port =
$connect_method_info->{$connect_method_id}{port};
-
- notify($ERRORS{'DEBUG'}, 0, "checking connect method:
'$connect_method_name', protocol: $connect_method_protocol, port:
$connect_method_port");
-
- CONNECTION_PROTOCOL: for my $connection_protocol (keys
%$connection_info) {
- # Check if the protocol defined for the connect method
matches the established connection
- if (!$connect_method_protocol ||
$connect_method_protocol =~ /(\*|any|all)/i) {
- #notify($ERRORS{'DEBUG'}, 0, "skipping
validation of connect method protocol: $connect_method_protocol");
- }
- else {
- if ($connect_method_protocol =~
/$connection_protocol/i || $connection_protocol =~ /$connect_method_protocol/i)
{
- notify($ERRORS{'DEBUG'}, 0, "connect
method protocol matches established connection protocol: $connection_protocol");
- }
- else {
- notify($ERRORS{'DEBUG'}, 0, "connect
method protocol $connect_method_protocol does NOT match established connection
protocol $connection_protocol");
- next CONNECTION_PROTOCOL;
- }
- }
-
- CONNECTION_PORT: for my $connection_port (keys
%{$connection_info->{$connection_protocol}}) {
- # Check if the port defined for the connect
method matches the established connection
- if ($connect_method_port eq $connection_port) {
- notify($ERRORS{'DEBUG'}, 0, "connect
method port matches established connection port: $connection_port");
-
- for my $connection
(@{$connection_info->{$connection_protocol}{$connection_port}}) {
- my $remote_ip_address =
$connection->{remote_ip};
- if (!$remote_ip_address) {
-
notify($ERRORS{'WARNING'}, 0, "connection does NOT contain remote IP address
(remote_ip) key:\n" . format_data($connection));
+ my $connect_method = $connect_method_info->{$connect_method_id};
+ my $connect_method_name = $connect_method->{name};
+
+ for my $connect_method_protocol (keys
%{$connect_method->{connectmethodport}}) {
+ for my $connect_method_port (keys
%{$connect_method->{connectmethodport}{$connect_method_protocol}}) {
+ notify($ERRORS{'DEBUG'}, 0, "checking connect
method: '$connect_method_name', protocol: $connect_method_protocol, port:
$connect_method_port");
+
+ CONNECTION_PROTOCOL: for my
$connection_protocol (keys %$connection_info) {
+ # Check if the protocol defined for the
connect method matches the established connection
+ if (!$connect_method_protocol ||
$connect_method_protocol =~ /(\*|any|all)/i) {
+ #notify($ERRORS{'DEBUG'}, 0,
"skipping validation of connect method protocol: $connect_method_protocol");
+ }
+ else {
+ if ($connect_method_protocol =~
/$connection_protocol/i || $connection_protocol =~ /$connect_method_protocol/i)
{
+
notify($ERRORS{'DEBUG'}, 0, "connect method protocol matches established
connection protocol: $connection_protocol");
}
- elsif ($remote_ip_address eq
$mn_private_ip_address || $remote_ip_address eq $mn_public_ip_address) {
-
notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from
management node: $remote_ip_address");
+ else {
+
notify($ERRORS{'DEBUG'}, 0, "connect method protocol $connect_method_protocol
does NOT match established connection protocol $connection_protocol");
+ next
CONNECTION_PROTOCOL;
}
- elsif (my
($ignored_remote_ip_address) = grep { $remote_ip_address =~ /($_)/ }
@ignored_remote_ip_addresses) {
-
notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from
ignored remote IP address ($ignored_remote_ip_address): $remote_ip_address");
+ }
+
+ CONNECTION_PORT: for my
$connection_port (keys %{$connection_info->{$connection_protocol}}) {
+ # Check if the port defined for
the connect method matches the established connection
+ if ($connect_method_port eq
$connection_port) {
+
notify($ERRORS{'DEBUG'}, 0, "connect method port matches established connection
port: $connection_port");
+
+ for my $connection
(@{$connection_info->{$connection_protocol}{$connection_port}}) {
+ my
$remote_ip_address = $connection->{remote_ip};
+ if
(!$remote_ip_address) {
+
notify($ERRORS{'WARNING'}, 0, "connection does NOT contain remote IP address
(remote_ip) key:\n" . format_data($connection));
+ }
+ elsif
($remote_ip_address eq $mn_private_ip_address || $remote_ip_address eq
$mn_public_ip_address) {
+
notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from
management node: $remote_ip_address");
+ }
+ elsif (my
($ignored_remote_ip_address) = grep { $remote_ip_address =~ /($_)/ }
@ignored_remote_ip_addresses) {
+
notify($ERRORS{'DEBUG'}, 0, "ignoring connection to port $connection_port from
ignored remote IP address ($ignored_remote_ip_address): $remote_ip_address");
+ }
+ else {
+ push
@remote_ip_addresses, $remote_ip_address;
+ }
+ }
}
else {
- push
@remote_ip_addresses, $remote_ip_address;
+
notify($ERRORS{'DEBUG'}, 0, "connect method port $connect_method_port does NOT
match established connection port $connection_port");
+ next CONNECTION_PORT;
}
}
}
- else {
- notify($ERRORS{'DEBUG'}, 0, "connect
method port $connect_method_port does NOT match established connection port
$connection_port");
- next CONNECTION_PORT;
- }
}
}
}
@@ -3608,6 +3608,61 @@ sub get_connect_method_remote_ip_address
}
}
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 firewall_compare_update
+
+ Parameters : none
+ Returns : boolean
+ Description : Opens the firewall port for the remote IP address for each
+ connect method.
+
+=cut
+
+sub firewall_compare_update {
+ my $self = shift;
+ if (ref($self) !~ /VCL::Module/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it
must be called as a class method");
+ return;
+ }
+
+ # Make sure the OS module implements an enable_firewall_port subroutine
+ return 1 unless $self->can('enable_firewall_port');
+
+ my $computer_node_name = $self->data->get_computer_node_name();
+ my $remote_ip = $self->data->get_reservation_remote_ip();
+ if (!$remote_ip) {
+ notify($ERRORS{'WARNING'}, 0, "unable to update firewall on
$computer_node_name, remote IP could not be retrieved for reservation");
+ return;
+ }
+
+ # Retrieve the connect method info
+ my $connect_method_info = $self->data->get_connect_methods();
+ if (!$connect_method_info) {
+ notify($ERRORS{'WARNING'}, 0, "failed to retrieve connect method
information");
+ return;
+ }
+
+ # Loop through the connect methods, check to make sure firewall is open for
remote IP
+ my $error_encountered = 0;
+ for my $connect_method_id (sort keys %{$connect_method_info}) {
+ my $connect_method_name =
$connect_method_info->{$connect_method_id}{name};
+ for my $protocol (keys
%{$connect_method_info->{$connect_method_id}{connectmethodport}}) {
+ for my $port (keys
%{$connect_method_info->{$connect_method_id}{connectmethodport}{$protocol}}) {
+ if ($self->enable_firewall_port($protocol,
$port, $remote_ip, 0)) {
+ notify($ERRORS{'DEBUG'}, 0,
"$connect_method_name: processed firewall port $protocol $port on
$computer_node_name for remote IP address: $remote_ip");
+ }
+ else {
+ $error_encountered = 1;
+ notify($ERRORS{'WARNING'}, 0,
"$connect_method_name: failed to process firewall port $protocol $port on
$computer_node_name for remote IP address: $remote_ip");
+ }
+ }
+ }
+ }
+
+ return !$error_encountered;
+}
+
#///////////////////////////////////////////////////////////////////////////
1;
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Fri Oct 31 19:46:25 2014
@@ -3399,41 +3399,6 @@ sub get_total_memory {
#/////////////////////////////////////////////////////////////////////////////
-=head2 sanitize_firewall
-
- Parameters : $scope (optional),
- Returns : boolean
- Description : Removes all entries for INUPT chain and Sets iptables firewall
for private management node IP
-
-=cut
-
-sub sanitize_firewall {
- my $self = shift;
- if (ref($self) !~ /VCL::Module/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
- return;
- }
-
- my $scope = shift;
- if (!defined($scope)) {
- notify($ERRORS{'CRITICAL'}, 0, "scope variable was not passed
in as an arguement");
- return;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $mn_private_ip = $self->mn_os->get_private_ip_address();
-
- my $firewall_configuration = $self->get_firewall_configuration() ||
return;
- my $chain;
- my $iptables_del_cmd;
- my $INPUT_CHAIN = "INPUT";
-
- for my $num (sort keys %{$firewall_configuration->{$INPUT_CHAIN}}) {
- }
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 enable_firewall_port
Parameters : $protocol, $port, $scope (optional), $overwrite_existing
(optional)
@@ -3469,11 +3434,8 @@ sub enable_firewall_port {
my $computer_node_name = $self->data->get_computer_node_name();
- # Make sure iptables service exists
- if (!$self->service_exists("iptables")) {
- notify($ERRORS{'DEBUG'}, 0, "iptables service does NOT exist on
$computer_node_name");
- return 1;
- }
+ # Check to see if this OS has iptables
+ return 1 unless $self->service_exists("iptables");
# Check the protocol argument
if (!defined($protocol)) {
@@ -4185,102 +4147,6 @@ sub parse_firewall_scope {
}
}
-
-#/////////////////////////////////////////////////////////////////////////////
-
-=head2 firewall_compare_update
-
- Parameters : @scope_strings
- Returns : 0 , 1
- Description : Compare iptables for listed remote IP address in reservation
-
-=cut
-
-sub firewall_compare_update {
- my $self = shift;
- if (ref($self) !~ /linux/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
- return;
- }
-
- # Check to see if this distro has iptables
- # If not return 1 so it does not fail
- if (!($self->service_exists("iptables"))) {
- notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this
OS");
- return 1;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
- my $remote_ip = $self->data->get_reservation_remote_ip();
-
- # collect connection_methods
- # collect firewall_config
- # For each port defined in connection_methods
- # compare rule source address with remote_IP address
-
- # Retrieve the connect method info hash
- my $connect_method_info = get_connect_method_info($imagerevision_id);
- if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "no connect methods are
configured for image revision $imagerevision_id");
- return;
- }
-
- # Retrieve the firewall configuration
- my $INPUT_CHAIN = "INPUT";
- my $firewall_configuration = $self->get_firewall_configuration() ||
return;
-
- for my $connect_method_id (sort keys %{$connect_method_info}) {
-
- my $name =
$connect_method_info->{$connect_method_id}{name};
- my $description =
$connect_method_info->{$connect_method_id}{description};
- my $protocol =
$connect_method_info->{$connect_method_id}{protocol} || 'TCP';
- my $port =
$connect_method_info->{$connect_method_id}{port};
- my $scope;
-
- $protocol = lc($protocol);
-
- for my $num (sort keys
%{$firewall_configuration->{$INPUT_CHAIN}}) {
- my $existing_scope =
$firewall_configuration->{$INPUT_CHAIN}{$num}{$protocol}{$port}{scope} || '';
- if (!$existing_scope) {
-
- }
- else {
- my $parsed_existing_scope =
$self->parse_firewall_scope($existing_scope);
- if (!$parsed_existing_scope) {
- notify($ERRORS{'WARNING'}, 0, "failed
to parse existing firewall scope: '$existing_scope'");
- return;
- }
- $scope =
$self->parse_firewall_scope("$remote_ip,$existing_scope");
- if (!$scope) {
- notify($ERRORS{'WARNING'}, 0, "failed
to parse firewall scope argument appended with existing scope:
'$remote_ip,$existing_scope'");
- return;
- }
-
- if ($scope eq $parsed_existing_scope) {
- notify($ERRORS{'DEBUG'}, 0, "firewall
is already open on $computer_node_name, existing scope matches scope
argument:\n" .
- "name: '$name'\n" .
- "protocol: $protocol\n" .
- "port/type: $port\n" .
- "scope: $scope\n"
- );
- return 1;
- }
- else {
- if
($self->enable_firewall_port($protocol, $port, "$remote_ip/24", 0)) {
- notify($ERRORS{'OK'}, 0,
"opened firewall port $port on $computer_node_name for $remote_ip $name connect
method");
- }
- }
-
-
- }
- }
- }
-
- return 1;
-
-}
-
#/////////////////////////////////////////////////////////////////////////////
=head2 clean_iptables
@@ -4299,10 +4165,7 @@ sub clean_iptables {
}
# Check if iptables service exists
- if (!$self->service_exists("iptables")) {
- notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this
OS");
- return 1;
- }
+ return 1 unless $self->service_exists("iptables");
my $computer_node_name = $self->data->get_computer_node_name();
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Fri Oct 31
19:46:25 2014
@@ -390,9 +390,9 @@ sub get_network_configuration {
=head2 enable_firewall_port
- Parameters : $protocol, $port, $scope (optional), $overwrite_existing
(optional), $name (optional), $description (optional)
- Returns : boolean
- Description : Updates iptables for given port for collect IPaddress range
and mode
+ Parameters : none
+ Returns : 1
+ Description : Shell subroutine. Not currently implemented.
=cut
@@ -402,30 +402,8 @@ sub enable_firewall_port {
notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it
must be called as a class method");
return;
}
-
- # Check to see if this distro has iptables
- if (!$self->service_exists("iptables")) {
- notify($ERRORS{'WARNING'}, 0, "iptables service does not exist on this
OS");
- return 1;
- }
-
- my ($protocol, $port, $scope_argument, $overwrite_existing, $name,
$description) = @_;
- if (!defined($protocol) || !defined($port)) {
- notify($ERRORS{'WARNING'}, 0, "protocol and port arguments were not
supplied");
- return;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $mn_private_ip = $self->mn_os->get_private_ip_address();
-
- $protocol = lc($protocol);
-
- $scope_argument = '' if (!defined($scope_argument));
-
- my $scope;
return 1;
-
}
#/////////////////////////////////////////////////////////////////////////////
@@ -433,8 +411,8 @@ sub enable_firewall_port {
=head2 disable_firewall_port
Parameters : none
- Returns : 1 successful, 0 failed
- Description : updates iptables for given port for collect IPaddress range
and mode
+ Returns : 1
+ Description : Shell subroutine. Not currently implemented.
=cut
@@ -444,33 +422,8 @@ sub disable_firewall_port {
notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it
must be called as a class method");
return;
}
-
- # Check to see if this distro has iptables
- if (!$self->service_exists("ufw")) {
- notify($ERRORS{'WARNING'}, 0, "iptables service does not exist on this
OS");
- return 1;
- }
-
- my ($protocol, $port, $scope_argument, $overwrite_existing, $name,
$description) = @_;
- if (!defined($protocol) || !defined($port)) {
- notify($ERRORS{'WARNING'}, 0, "protocol and port arguments were not
supplied");
- return;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $mn_private_ip = $self->mn_os->get_private_ip_address();
-
- $protocol = lc($protocol);
-
- $scope_argument = '' if (!defined($scope_argument));
-
- $name = '' if !$name;
- $description = '' if !$description;
-
- my $scope;
-
+
return 1;
-
}
#/////////////////////////////////////////////////////////////////////////////
@@ -872,98 +825,6 @@ sub restart_network_interface {
#/////////////////////////////////////////////////////////////////////////////
-=head2 firewall_compare_update
-
- Parameters : @scope_strings
- Returns : 0 , 1
- Description : Compare iptables for listed remote IP address in reservation
-
-=cut
-
-sub firewall_compare_update {
- my $self = shift;
- if (ref($self) !~ /linux/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
- return;
- }
-
- # Check to see if this distro has iptables
- # If not return 1 so it does not fail
- if (!($self->service_exists("ufw"))) {
- notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this
OS");
- return 1;
- }
-
- my $computer_node_name = $self->data->get_computer_node_name();
- my $imagerevision_id = $self->data->get_imagerevision_id();
- my $remote_ip = $self->data->get_reservation_remote_ip();
-
- # collect connection_methods
- # collect firewall_config
- # For each port defined in connection_methods
- # compare rule source address with remote_IP address
-
- # Retrieve the connect method info hash
- my $connect_method_info = get_connect_method_info($imagerevision_id);
- if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "no connect methods are
configured for image revision $imagerevision_id");
- return;
- }
-
- # Retrieve the firewall configuration
- my $INPUT_CHAIN = "INPUT";
- my $firewall_configuration = $self->get_firewall_configuration() ||
return;
-
- for my $connect_method_id (sort keys %{$connect_method_info}) {
-
- my $name =
$connect_method_info->{$connect_method_id}{name};
- my $description =
$connect_method_info->{$connect_method_id}{description};
- my $protocol =
$connect_method_info->{$connect_method_id}{protocol} || 'TCP';
- my $port =
$connect_method_info->{$connect_method_id}{port};
- my $scope;
-
- $protocol = lc($protocol);
-
- for my $num (sort keys
%{$firewall_configuration->{$INPUT_CHAIN}}) {
- my $existing_scope =
$firewall_configuration->{$INPUT_CHAIN}{$num}{$protocol}{$port}{scope} || '';
- if (!$existing_scope) {
-
- }
- else {
- my $parsed_existing_scope =
$self->parse_firewall_scope($existing_scope);
- if (!$parsed_existing_scope) {
- notify($ERRORS{'WARNING'}, 0, "failed
to parse existing firewall scope: '$existing_scope'");
- return;
- }
- $scope =
$self->parse_firewall_scope("$remote_ip,$existing_scope");
- if (!$scope) {
- notify($ERRORS{'WARNING'}, 0, "failed
to parse firewall scope argument appended with existing scope:
'$remote_ip,$existing_scope'");
- return;
- }
-
- if ($scope eq $parsed_existing_scope) {
- notify($ERRORS{'DEBUG'}, 0, "firewall
is already open on $computer_node_name, existing scope matches scope
argument:\n" .
- "name: '$name'\n" .
- "protocol: $protocol\n" .
- "port/type: $port\n" .
- "scope: $scope\n"
- );
- return 1;
- }
- else {
- if
($self->enable_firewall_port($protocol, $port, "$remote_ip/24", 0)) {
- notify($ERRORS{'OK'}, 0,
"opened firewall port $port on $computer_node_name for $remote_ip $name connect
method");
- }
- }
- }
- }
- }
-
- return 1;
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 update_hostname_file
Parameters : hostname
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm Fri Oct 31 19:46:25
2014
@@ -6913,6 +6913,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Content
Indexer Cleaner]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Device
Driver Packages]
+"StateFlags0001"=dword:00000002
+
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Downloaded
Program Files]
"StateFlags0001"=dword:00000002
@@ -6937,6 +6940,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Recycle
Bin]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Service
Pack Cleanup]
+"StateFlags0001"=dword:00000000
+
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Setup
Log Files]
"StateFlags0001"=dword:00000000
@@ -6958,6 +6964,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Thumbnail
Cache]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Update
Cleanup]
+"StateFlags0001"=dword:00000002
+
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Upgrade
Discarded Files]
"StateFlags0001"=dword:00000002
@@ -6973,6 +6982,11 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\explorer\\VolumeCaches\\Windows
Error Reporting System Queue Files]
"StateFlags0001"=dword:00000002
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Windows
ESD installation files]
+"StateFlags0001"=dword:00000002
+
+[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\VolumeCaches\\Windows
Upgrade Log Files]
+"StateFlags0001"=dword:00000002
EOF
# Import the string into the registry
@@ -6995,9 +7009,9 @@ EOF
notify($ERRORS{'OK'}, 0, "cleanmgr.exe is not present on
$computer_node_name, this is usually because the Desktop Experience feature is
not installed");
}
else {
- # Wait for cleanmgr.exe to finish
+ # Wait for cleanmgr.exe to finish - may take a long time
my $message = 'waiting for cleanmgr.exe to finish';
- my $total_wait_seconds = 120;
+ my $total_wait_seconds = 900;
notify($ERRORS{'OK'}, 0, "started cleanmgr.exe, waiting up to
$total_wait_seconds seconds for it to finish");
if
($self->code_loop_timeout(sub{!$self->is_process_running(@_)},
['cleanmgr.exe'], $message, $total_wait_seconds, 15)) {
@@ -11693,29 +11707,45 @@ sub check_rdp_port_configuration {
return;
}
- my $imagerevision_id = $self->data->get_imagerevision_id();
my $computer_name = $self->data->get_computer_short_name();
- my $connect_method_info = get_connect_method_info($imagerevision_id);
+ my $connect_method_info = $self->data->get_connect_methods();
if (!$connect_method_info) {
- notify($ERRORS{'WARNING'}, 0, "unable to check RDP port,
connect method info could not be retrieved for image ID $imagerevision_id");
+ notify($ERRORS{'WARNING'}, 0, "unable to check RDP port,
connect method info could not be retrieved");
return;
}
# Find the RDP method, retrieve the port
- my $connect_method_rdp_port;
+ my $connect_method;
for my $connect_method_id (keys %$connect_method_info) {
my $connect_method_name =
$connect_method_info->{$connect_method_id}{name};
if ($connect_method_name =~ /^rdp$/i) {
- $connect_method_rdp_port =
$connect_method_info->{$connect_method_id}{port};
+ $connect_method =
$connect_method_info->{$connect_method_id};
last;
}
}
- if (!defined($connect_method_rdp_port)) {
+ if (!defined($connect_method)) {
notify($ERRORS{'DEBUG'}, 0, "no connect method exists named
'rdp':\n" . format_data($connect_method_info));
return 1;
}
+ # Get the port information
+ my $connect_method_port_info = $connect_method->{connectmethodport};
+ if (!defined($connect_method_port_info) || scalar keys
%$connect_method_port_info == 0) {
+ notify($ERRORS{'WARNING'}, 0, "no ports are defined for connect
method:\n" . format_data($connect_method_info));
+ return;
+ }
+
+ # Make sure only 1 port is defined
+ my @protocols = keys %{$connect_method_port_info};
+ my $protocol = $connect_method_port_info->{$protocols[0]};
+ my @ports = keys %$protocol;
+ my $connect_method_rdp_port = $ports[0];
+ if (scalar(@protocols) > 1 || scalar(@ports) > 1) {
+ notify($ERRORS{'WARNING'}, 0, "unable to determine which port
is supposed to be used for RDP, multiple ports are defined for connect
method:\n" . format_data($connect_method_port_info));
+ return;
+ }
+
my $rdp_port_key =
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp';
my $rdp_port_value = 'PortNumber';
Modified: vcl/trunk/managementnode/lib/VCL/utils.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/utils.pm?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/utils.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/utils.pm Fri Oct 31 19:46:25 2014
@@ -9663,20 +9663,15 @@ sub get_connect_method_info {
}
}
- my $imagerevision_info = get_imagerevision_info($imagerevision_id);
-
- notify($ERRORS{'DEBUG'}, 0, "attempting to retrieve connect method
info:\n" .
- "imagerevision: $imagerevision_id - " .
$imagerevision_info->{imagename} . "\n" .
- "OS: " . $imagerevision_info->{image}{OS}{id} . " - " .
$imagerevision_info->{image}{OS}{name} . "\n" .
- "OS type: " . $imagerevision_info->{image}{OS}{OStype}{id} . "
- " . $imagerevision_info->{image}{OS}{OStype}{name}
- );
+ notify($ERRORS{'DEBUG'}, 0, "attempting to retrieve connect method info
for image revision $imagerevision_id");
# Get a hash ref containing the database column names
my $database_table_columns = get_database_table_columns();
my @tables = (
'connectmethod',
- 'connectmethodmap'
+ 'connectmethodport',
+ 'connectmethodmap',
);
# Construct the select statement
@@ -9697,6 +9692,7 @@ sub get_connect_method_info {
$select_statement .= <<EOF;
FROM
connectmethod,
+connectmethodport,
connectmethodmap,
imagerevision
@@ -9705,7 +9701,8 @@ LEFT JOIN OS ON (OS.id = image.OSid)
LEFT JOIN OStype ON (OStype.name = OS.type)
WHERE
-connectmethodmap.connectmethodid = connectmethod.id
+connectmethodport.connectmethodid = connectmethod.id
+AND connectmethodmap.connectmethodid = connectmethod.id
AND imagerevision.id = $imagerevision_id
AND connectmethodmap.autoprovisioned IS NULL
AND (
@@ -9730,13 +9727,6 @@ EOF
my $timestamp = time;
for my $row (@selected_rows) {
- notify($ERRORS{'DEBUG'}, 0, $row->{"connectmethod-name"} . ": "
.
- "connectmethodid=" . $row->{"connectmethod-id"} . ", " .
- "OStypeid=" . ($row->{"connectmethodmap-OStypeid"} || 'NULL') .
", " .
- "OSid=" . ($row->{"connectmethodmap-OSid"} || 'NULL') . ", " .
- "imagerevisionid=" .
($row->{"connectmethodmap-imagerevisionid"} || 'NULL') . ", " .
- "disabled=" . $row->{"connectmethodmap-disabled"});
-
my $connectmethod_id = $row->{'connectmethod-id'};
# Loop through all the columns returned
@@ -9750,9 +9740,14 @@ EOF
# Add the values for the primary table to the hash
# Add values for other tables under separate keys
- if ($table eq $tables[0]) {
+ if ($table eq 'connectmethod') {
$connect_method_info->{$connectmethod_id}{$column} = $value;
}
+ elsif ($table eq 'connectmethodport') {
+ my $protocol =
$row->{"connectmethodport-protocol"};
+ my $port = $row->{"connectmethodport-port"};
+
$connect_method_info->{$connectmethod_id}{$table}{$protocol}{$port} = 1;
+ }
else {
$connect_method_info->{$connectmethod_id}{$table}{$column} = $value;
}
@@ -9760,7 +9755,7 @@ EOF
$connect_method_info->{$connectmethod_id}{RETRIEVAL_TIME} =
$timestamp;
}
- #notify($ERRORS{'DEBUG'}, 0, "retrieved connect method info:\n" .
format_data($connect_method_info));
+ notify($ERRORS{'DEBUG'}, 0, "retrieved connect method info:\n" .
format_data($connect_method_info));
$ENV{connect_method_info}{$imagerevision_id} = $connect_method_info;
return $ENV{connect_method_info}{$imagerevision_id};
}
Modified: vcl/trunk/mysql/vcl.sql
URL:
http://svn.apache.org/viewvc/vcl/trunk/mysql/vcl.sql?rev=1635849&r1=1635848&r2=1635849&view=diff
==============================================================================
--- vcl/trunk/mysql/vcl.sql (original)
+++ vcl/trunk/mysql/vcl.sql Fri Oct 31 19:46:25 2014
@@ -368,7 +368,7 @@ CREATE TABLE IF NOT EXISTS `connectmetho
`id` tinyint(3) unsigned NOT NULL auto_increment,
`connectmethodid` tinyint(3) unsigned NOT NULL,
`port` mediumint(8) unsigned NOT NULL,
- `protocol` enum('TCP','UDP') NOT NULL,
+ `protocol` enum('TCP','UDP') NOT NULL default 'TCP',
PRIMARY KEY (`id`),
KEY `connectmethodid` (`connectmethodid`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
@@ -2127,6 +2127,11 @@ ALTER TABLE `connectmethodmap`
ADD CONSTRAINT `connectmethodmap_ibfk_3` FOREIGN KEY (`OSid`) REFERENCES
`OS` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `connectmethodmap_ibfk_4` FOREIGN KEY (`imagerevisionid`)
REFERENCES `imagerevision` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
+--
+-- Constraints for table `connectmethodport`
+--
+ALTER TABLE `connectmethodport`
+ ADD CONSTRAINT `connectmethodport_ibfk_1` FOREIGN KEY (`connectmethodid`)
REFERENCES `connectmethod` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
--
-- Constraints for table `connectlog`
