starlingx
/
integ
Code Issues Proposed changes

Relocated some packages to repo 'utilities' 

List of relocated subdirectories:

ceph/ceph-manager
ceph/python-cephclient
filesystem/nfscheck
logging/logmgmt
security/tpm2-openssl-engine
security/wrs-ssl
tools/collector
tools/engtools/hostdata-collectors
utilities/build-info
utilities/namespace-utils
utilities/pci-irq-affinity-agent
utilities/platform-util
utilities/tis-extensions
utilities/update-motd

Story: 2006166
Task: 35687
Depends-On: I665dc7fabbfffc798ad57843eb74dca16e7647a3
Change-Id: I2bf543a235507a4eff644a7feabd646a99d1474f
Signed-off-by: Scott Little <scott.little@windriver.com>
Depends-On: I85dda6d09028f57c1fb0f96e4bcd73ab9b9550be
Signed-off-by: Scott Little <scott.little@windriver.com>
This commit is contained in:
Scott Little 2019-09-04 10:14:28 -04:00 committed by Don Penney
parent edb9f64aec
commit 062ec89dbb
208 changed files with 3 additions and 28939 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.zuul.yaml
View File

@ -159,21 +159,6 @@
q-svc: false
# Try this as a tox-based job with a minimal functional target in tox.ini
- job:
name: flock-devstack-integ
parent: flock-devstack-tox-base-min
timeout: 7800
required-projects:
- starlingx/update
vars:
tox_envlist: functional
devstack_services:
# StarlingX services
platform-util: true
devstack_plugins:
integ: https://opendev.org/starlingx/integ
update: https://opendev.org/starlingx/update
- job:
name: stx-integ-pylint
parent: openstack-tox-pylint

6
ceph/ceph-manager/.gitignore vendored
View File

@ -1,6 +0,0 @@
!.distro
.distro/centos7/rpmbuild/RPMS
.distro/centos7/rpmbuild/SRPMS
.distro/centos7/rpmbuild/BUILD
.distro/centos7/rpmbuild/BUILDROOT
.distro/centos7/rpmbuild/SOURCES/ceph-manager*tar.gz

202
ceph/ceph-manager/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

13
ceph/ceph-manager/PKG-INFO
View File

@ -1,13 +0,0 @@
Metadata-Version: 1.1
Name: ceph-manager
Version: 1.0
Summary: Handle Ceph API calls and provide status updates via alarms
Home-page:
Author: Windriver
Author-email: info@windriver.com
License: Apache-2.0
Description: Handle Ceph API calls and provide status updates via alarms
Platform: UNKNOWN

3
ceph/ceph-manager/centos/build_srpm.data
View File

@ -1,3 +0,0 @@
SRC_DIR="ceph-manager"
COPY_LIST_TO_TAR="files scripts"
TIS_PATCH_VER=5

84
ceph/ceph-manager/centos/ceph-manager.spec
View File

@ -1,84 +0,0 @@
Summary: Handle Ceph API calls and provide status updates via alarms
Name: ceph-manager
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}-%{version}.tar.gz
BuildRequires: python-setuptools
BuildRequires: python2-pip
BuildRequires: python2-wheel
BuildRequires: systemd-units
BuildRequires: systemd-devel
Requires: sysinv
%description
Handle Ceph API calls and provide status updates via alarms.
Handle sysinv RPC calls for long running Ceph API operations:
- cache tiering enable
- cache tiering disable
%define local_bindir /usr/bin/
%define local_etc_initd /etc/init.d/
%define local_etc_logrotated /etc/logrotate.d/
%define pythonroot /usr/lib64/python2.7/site-packages
%define debug_package %{nil}
%prep
%setup
%build
%{__python} setup.py build
%py2_build_wheel
%install
%{__python} setup.py install --root=$RPM_BUILD_ROOT \
--install-lib=%{pythonroot} \
--prefix=/usr \
--install-data=/usr/share \
--single-version-externally-managed
mkdir -p $RPM_BUILD_ROOT/wheels
install -m 644 dist/*.whl $RPM_BUILD_ROOT/wheels/
install -d -m 755 %{buildroot}%{local_etc_initd}
install -p -D -m 700 scripts/init.d/ceph-manager %{buildroot}%{local_etc_initd}/ceph-manager
install -d -m 755 %{buildroot}%{local_bindir}
install -p -D -m 700 scripts/bin/ceph-manager %{buildroot}%{local_bindir}/ceph-manager
install -d -m 755 %{buildroot}%{local_etc_logrotated}
install -p -D -m 644 files/ceph-manager.logrotate %{buildroot}%{local_etc_logrotated}/ceph-manager.logrotate
install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 -p -D files/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
%clean
rm -rf $RPM_BUILD_ROOT
# Note: The package name is ceph-manager but the import name is ceph_manager so
# can't use '%{name}'.
%files
%defattr(-,root,root,-)
%doc LICENSE
%{local_bindir}/*
%{local_etc_initd}/*
%{_unitdir}/%{name}.service
%dir %{local_etc_logrotated}
%{local_etc_logrotated}/*
%dir %{pythonroot}/ceph_manager
%{pythonroot}/ceph_manager/*
%dir %{pythonroot}/ceph_manager-%{version}.0-py2.7.egg-info
%{pythonroot}/ceph_manager-%{version}.0-py2.7.egg-info/*
%package wheels
Summary: %{name} wheels
%description wheels
Contains python wheels for %{name}
%files wheels
/wheels/*

202
ceph/ceph-manager/ceph-manager/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
ceph/ceph-manager/ceph-manager/ceph_manager/__init__.py
View File

@ -1,5 +0,0 @@
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

161
ceph/ceph-manager/ceph-manager/ceph_manager/ceph.py
View File

@ -1,161 +0,0 @@
#
# Copyright (c) 2016-2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from ceph_manager import exception
from ceph_manager.i18n import _LI
# noinspection PyUnresolvedReferences
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
def osd_pool_set_quota(ceph_api, pool_name, max_bytes=0, max_objects=0):
"""Set the quota for an OSD pool_name
Setting max_bytes or max_objects to 0 will disable that quota param
:param pool_name: OSD pool_name
:param max_bytes: maximum bytes for OSD pool_name
:param max_objects: maximum objects for OSD pool_name
"""
# Update quota if needed
prev_quota = osd_pool_get_quota(ceph_api, pool_name)
if prev_quota["max_bytes"] != max_bytes:
resp, b = ceph_api.osd_set_pool_quota(pool_name, 'max_bytes',
max_bytes, body='json')
if resp.ok:
LOG.info(_LI("Set OSD pool_name quota: "
"pool_name={}, max_bytes={}").format(
pool_name, max_bytes))
else:
e = exception.CephPoolSetQuotaFailure(
pool=pool_name, name='max_bytes',
value=max_bytes, reason=resp.reason)
LOG.error(e)
raise e
if prev_quota["max_objects"] != max_objects:
resp, b = ceph_api.osd_set_pool_quota(pool_name, 'max_objects',
max_objects,
body='json')
if resp.ok:
LOG.info(_LI("Set OSD pool_name quota: "
"pool_name={}, max_objects={}").format(
pool_name, max_objects))
else:
e = exception.CephPoolSetQuotaFailure(
pool=pool_name, name='max_objects',
value=max_objects, reason=resp.reason)
LOG.error(e)
raise e
def osd_pool_get_quota(ceph_api, pool_name):
resp, quota = ceph_api.osd_get_pool_quota(pool_name, body='json')
if not resp.ok:
e = exception.CephPoolGetQuotaFailure(
pool=pool_name, reason=resp.reason)
LOG.error(e)
raise e
else:
return {"max_objects": quota["output"]["quota_max_objects"],
"max_bytes": quota["output"]["quota_max_bytes"]}
def osd_pool_exists(ceph_api, pool_name):
response, body = ceph_api.osd_pool_get(
pool_name, "pg_num", body='json')
if response.ok:
return True
return False
def osd_pool_create(ceph_api, pool_name, pg_num, pgp_num):
# ruleset 0: is the default ruleset if no crushmap is loaded or
# the ruleset for the backing tier if loaded:
# Name: storage_tier_ruleset
ruleset = 0
response, body = ceph_api.osd_pool_create(
pool_name, pg_num, pgp_num, pool_type="replicated",
ruleset=ruleset, body='json')
if response.ok:
LOG.info(_LI("Created OSD pool: "
"pool_name={}, pg_num={}, pgp_num={}, "
"pool_type=replicated, ruleset={}").format(
pool_name, pg_num, pgp_num, ruleset))
else:
e = exception.CephPoolCreateFailure(
name=pool_name, reason=response.reason)
LOG.error(e)
raise e
# Explicitly assign the ruleset to the pool on creation since it is
# ignored in the create call
response, body = ceph_api.osd_set_pool_param(
pool_name, "crush_ruleset", ruleset, body='json')
if response.ok:
LOG.info(_LI("Assigned crush ruleset to OS pool: "
"pool_name={}, ruleset={}").format(
pool_name, ruleset))
else:
e = exception.CephPoolRulesetFailure(
name=pool_name, reason=response.reason)
LOG.error(e)
ceph_api.osd_pool_delete(
pool_name, pool_name,
sure='--yes-i-really-really-mean-it',
body='json')
raise e
def osd_pool_delete(ceph_api, pool_name):
"""Delete an osd pool
:param pool_name: pool name
"""
response, body = ceph_api.osd_pool_delete(
pool_name, pool_name,
sure='--yes-i-really-really-mean-it',
body='json')
if response.ok:
LOG.info(_LI("Deleted OSD pool {}").format(pool_name))
else:
e = exception.CephPoolDeleteFailure(
name=pool_name, reason=response.reason)
LOG.warn(e)
raise e
def osd_set_pool_param(ceph_api, pool_name, param, value):
response, body = ceph_api.osd_set_pool_param(
pool_name, param, value,
force=None, body='json')
if response.ok:
LOG.info('OSD set pool param: '
'pool={}, name={}, value={}'.format(
pool_name, param, value))
else:
raise exception.CephPoolSetParamFailure(
pool_name=pool_name,
param=param,
value=str(value),
reason=response.reason)
return response, body
def osd_get_pool_param(ceph_api, pool_name, param):
response, body = ceph_api.osd_get_pool_param(
pool_name, param, body='json')
if response.ok:
LOG.debug('OSD get pool param: '
'pool={}, name={}, value={}'.format(
pool_name, param, body['output'][param]))
else:
raise exception.CephPoolGetParamFailure(
pool_name=pool_name,
param=param,
reason=response.reason)
return body['output'][param]

90
ceph/ceph-manager/ceph-manager/ceph_manager/constants.py
View File

@ -1,90 +0,0 @@
#
# Copyright (c) 2016-2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from ceph_manager.i18n import _
# noinspection PyUnresolvedReferences
from sysinv.common import constants as sysinv_constants
CEPH_POOL_OBJECT_GATEWAY_NAME_JEWEL = \
sysinv_constants.CEPH_POOL_OBJECT_GATEWAY_NAME_JEWEL
CEPH_POOL_OBJECT_GATEWAY_NAME_HAMMER = \
sysinv_constants.CEPH_POOL_OBJECT_GATEWAY_NAME_HAMMER
CEPH_POOLS = sysinv_constants.CEPH_POOLS
CEPH_REPLICATION_FACTOR = sysinv_constants.CEPH_REPLICATION_FACTOR_DEFAULT
# Cache flush parameters
CACHE_FLUSH_OBJECTS_THRESHOLD = 1000
CACHE_FLUSH_MIN_WAIT_OBJ_COUNT_DECREASE_SEC = 1
CACHE_FLUSH_MAX_WAIT_OBJ_COUNT_DECREASE_SEC = 128
FM_ALARM_REASON_MAX_SIZE = 256
# TODO this will later change based on parsed health
# clock skew is vm malfunction, mon or osd is equipment mal
ALARM_CAUSE = 'equipment-malfunction'
ALARM_TYPE = 'equipment'
# Ceph health check interval (in seconds)
CEPH_HEALTH_CHECK_INTERVAL = 60
# Ceph health statuses
CEPH_HEALTH_OK = 'HEALTH_OK'
CEPH_HEALTH_WARN = 'HEALTH_WARN'
CEPH_HEALTH_ERR = 'HEALTH_ERR'
CEPH_HEALTH_DOWN = 'CEPH_DOWN'
# Statuses not reported by Ceph
CEPH_STATUS_CUSTOM = [CEPH_HEALTH_DOWN]
SEVERITY = {CEPH_HEALTH_DOWN: 'critical',
CEPH_HEALTH_ERR: 'critical',
CEPH_HEALTH_WARN: 'warning'}
SERVICE_AFFECTING = {CEPH_HEALTH_DOWN: True,
CEPH_HEALTH_ERR: True,
CEPH_HEALTH_WARN: False}
# TODO this will later change based on parsed health
ALARM_REASON_NO_OSD = _('no OSDs')
ALARM_REASON_OSDS_DOWN = _('OSDs are down')
ALARM_REASON_OSDS_OUT = _('OSDs are out')
ALARM_REASON_OSDS_DOWN_OUT = _('OSDs are down/out')
ALARM_REASON_PEER_HOST_DOWN = _('peer host down')
REPAIR_ACTION_MAJOR_CRITICAL_ALARM = _(
'Ensure storage hosts from replication group are unlocked and available.'
'Check if OSDs of each storage host are up and running.'
'If problem persists, contact next level of support.')
REPAIR_ACTION = _('If problem persists, contact next level of support.')
SYSINV_CONDUCTOR_TOPIC = 'sysinv.conductor_manager'
CEPH_MANAGER_TOPIC = 'sysinv.ceph_manager'
SYSINV_CONFIG_FILE = '/etc/sysinv/sysinv.conf'
# Titanium Cloud version strings
TITANIUM_SERVER_VERSION_18_03 = '18.03'
CEPH_HEALTH_WARN_REQUIRE_JEWEL_OSDS_NOT_SET = (
"all OSDs are running jewel or later but the "
"'require_jewel_osds' osdmap flag is not set")
UPGRADE_COMPLETED = \
sysinv_constants.UPGRADE_COMPLETED
UPGRADE_ABORTING = \
sysinv_constants.UPGRADE_ABORTING
UPGRADE_ABORT_COMPLETING = \
sysinv_constants.UPGRADE_ABORT_COMPLETING
UPGRADE_ABORTING_ROLLBACK = \
sysinv_constants.UPGRADE_ABORTING_ROLLBACK
CEPH_FLAG_REQUIRE_JEWEL_OSDS = 'require_jewel_osds'
# Tiers
CEPH_CRUSH_TIER_SUFFIX = sysinv_constants.CEPH_CRUSH_TIER_SUFFIX
SB_TIER_TYPE_CEPH = sysinv_constants.SB_TIER_TYPE_CEPH
SB_TIER_SUPPORTED = sysinv_constants.SB_TIER_SUPPORTED
SB_TIER_DEFAULT_NAMES = sysinv_constants.SB_TIER_DEFAULT_NAMES
SB_TIER_CEPH_POOLS = sysinv_constants.SB_TIER_CEPH_POOLS

79
ceph/ceph-manager/ceph-manager/ceph_manager/exception.py
View File

@ -1,79 +0,0 @@
#
# Copyright (c) 2016-2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# noinspection PyUnresolvedReferences
from ceph_manager.i18n import _
from ceph_manager.i18n import _LW
# noinspection PyUnresolvedReferences
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
class CephManagerException(Exception):
message = _("An unknown exception occurred.")
def __init__(self, message=None, **kwargs):
self.kwargs = kwargs
if not message:
try:
message = self.message % kwargs
except TypeError:
LOG.warn(_LW('Exception in string format operation'))
for name, value in kwargs.items():
LOG.error("%s: %s" % (name, value))
# at least get the core message out if something happened
message = self.message
super(CephManagerException, self).__init__(message)
class CephPoolSetQuotaFailure(CephManagerException):
message = _("Error seting the OSD pool "
"quota %(name)s for %(pool)s to "
"%(value)s") + ": %(reason)s"
class CephPoolGetQuotaFailure(CephManagerException):
message = _("Error geting the OSD pool quota for "
"%(pool)s") + ": %(reason)s"
class CephPoolCreateFailure(CephManagerException):
message = _("Creating OSD pool %(name)s failed: %(reason)s")
class CephPoolDeleteFailure(CephManagerException):
message = _("Deleting OSD pool %(name)s failed: %(reason)s")
class CephPoolRulesetFailure(CephManagerException):
message = _("Assigning crush ruleset to OSD "
"pool %(name)s failed: %(reason)s")
class CephPoolSetParamFailure(CephManagerException):
message = _("Cannot set Ceph OSD pool parameter: "
"pool_name=%(pool_name)s, param=%(param)s, value=%(value)s. "
"Reason: %(reason)s")
class CephPoolGetParamFailure(CephManagerException):
message = _("Cannot get Ceph OSD pool parameter: "
"pool_name=%(pool_name)s, param=%(param)s. "
"Reason: %(reason)s")
class CephSetKeyFailure(CephManagerException):
message = _("Error setting the Ceph flag "
"'%(flag)s' %(extra)s: "
"response=%(response_status_code)s:%(response_reason)s, "
"status=%(status)s, output=%(output)s")
class CephApiFailure(CephManagerException):
message = _("API failure: "
"call=%(call)s, reason=%(reason)s")

15
ceph/ceph-manager/ceph-manager/ceph_manager/i18n.py
View File

@ -1,15 +0,0 @@
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import oslo_i18n
DOMAIN = 'ceph-manager'
_translators = oslo_i18n.TranslatorFactory(domain=DOMAIN)
_ = _translators.primary
_LI = _translators.log_info
_LW = _translators.log_warning
_LE = _translators.log_error

883
ceph/ceph-manager/ceph-manager/ceph_manager/monitor.py
View File

@ -1,883 +0,0 @@
#
# Copyright (c) 2013-2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import time
# noinspection PyUnresolvedReferences
from fm_api import fm_api
# noinspection PyUnresolvedReferences
from fm_api import constants as fm_constants
# noinspection PyUnresolvedReferences
from oslo_log import log as logging
# noinspection PyProtectedMember
from ceph_manager.i18n import _
from ceph_manager.i18n import _LI
from ceph_manager.i18n import _LW
from ceph_manager.i18n import _LE
from ceph_manager import constants
from ceph_manager import exception
LOG = logging.getLogger(__name__)
# In 18.03 R5, ceph cache tiering was disabled and prevented from being
# re-enabled. When upgrading from 18.03 (R5) to R6 we need to remove the
# cache-tier from the crushmap ceph-cache-tiering
#
# This class is needed only when upgrading from R5 to R6
# TODO: remove it after 1st R6 release
#
class HandleUpgradesMixin(object):
def __init__(self, service):
self.service = service
self.wait_for_upgrade_complete = False
def setup(self, config):
self._set_upgrade(self.service.retry_get_software_upgrade_status())
def _set_upgrade(self, upgrade):
state = upgrade.get('state')
from_version = upgrade.get('from_version')
if (state
and state != constants.UPGRADE_COMPLETED
and from_version == constants.TITANIUM_SERVER_VERSION_18_03):
LOG.info(_LI("Wait for ceph upgrade to complete "
"before monitoring cluster."))
self.wait_for_upgrade_complete = True
def set_flag_require_jewel_osds(self):
try:
response, body = self.service.ceph_api.osd_set_key(
constants.CEPH_FLAG_REQUIRE_JEWEL_OSDS,
body='json')
LOG.info(_LI("Set require_jewel_osds flag"))
except IOError as e:
raise exception.CephApiFailure(
call="osd_set_key",
reason=str(e))
else:
if not response.ok:
raise exception.CephSetKeyFailure(
flag=constants.CEPH_FLAG_REQUIRE_JEWEL_OSDS,
extra=_("needed to complete upgrade to Jewel"),
response_status_code=response.status_code,
response_reason=response.reason,
status=body.get('status'),
output=body.get('output'))
def filter_health_status(self, health):
health = self.auto_heal(health)
# filter out require_jewel_osds warning
#
if not self.wait_for_upgrade_complete:
return health
if health['health'] != constants.CEPH_HEALTH_WARN:
return health
if (constants.CEPH_HEALTH_WARN_REQUIRE_JEWEL_OSDS_NOT_SET
not in health['detail']):
return health
return self._remove_require_jewel_osds_warning(health)
def _remove_require_jewel_osds_warning(self, health):
reasons_list = []
for reason in health['detail'].split(';'):
reason = reason.strip()
if len(reason) == 0:
continue
if constants.CEPH_HEALTH_WARN_REQUIRE_JEWEL_OSDS_NOT_SET \
in reason:
continue
reasons_list.append(reason)
if len(reasons_list) == 0:
health = {
'health': constants.CEPH_HEALTH_OK,
'detail': ''}
else:
health['detail'] = '; '.join(reasons_list)
return health
def auto_heal(self, health):
if (health['health'] == constants.CEPH_HEALTH_WARN
and (constants.CEPH_HEALTH_WARN_REQUIRE_JEWEL_OSDS_NOT_SET
in health['detail'])):
try:
upgrade = self.service.get_software_upgrade_status()
except Exception as ex:
LOG.warn(_LW(
"Getting software upgrade status failed "
"with: %s. Skip auto-heal attempt "
"(will retry on next ceph status poll).") % str(ex))
return health
state = upgrade.get('state')
# surpress require_jewel_osds in case upgrade is
# in progress but not completed or aborting
if (not self.wait_for_upgrade_complete
and (upgrade.get('from_version')
== constants.TITANIUM_SERVER_VERSION_18_03)
and state not in [
None,
constants.UPGRADE_COMPLETED,
constants.UPGRADE_ABORTING,
constants.UPGRADE_ABORT_COMPLETING,
constants.UPGRADE_ABORTING_ROLLBACK]):
self.wait_for_upgrade_complete = True
# set require_jewel_osds in case upgrade is
# not in progress or completed
if (state in [None, constants.UPGRADE_COMPLETED]):
LOG.warn(_LW(
"No upgrade in progress or update completed "
"and require_jewel_osds health warning raised. "
"Set require_jewel_osds flag."))
self.set_flag_require_jewel_osds()
health = self._remove_require_jewel_osds_warning(health)
LOG.info(_LI("Unsurpress require_jewel_osds health warning"))
self.wait_for_upgrade_complete = False
# unsurpress require_jewel_osds in case upgrade
# is aborting
if (state in [
constants.UPGRADE_ABORTING,
constants.UPGRADE_ABORT_COMPLETING,
constants.UPGRADE_ABORTING_ROLLBACK]):
self.wait_for_upgrade_complete = False
return health
class Monitor(HandleUpgradesMixin):
def __init__(self, service):
self.service = service
self.current_ceph_health = ""
self.tiers_size = {}
self.known_object_pool_name = None
self.primary_tier_name = constants.SB_TIER_DEFAULT_NAMES[
constants.SB_TIER_TYPE_CEPH] + constants.CEPH_CRUSH_TIER_SUFFIX
self.cluster_is_up = False
super(Monitor, self).__init__(service)
def setup(self, config):
super(Monitor, self).setup(config)
def run(self):
# Wait until Ceph cluster is up and we can get the fsid
while True:
try:
self.ceph_get_fsid()
except Exception:
LOG.exception(
"Error getting fsid, will retry in %ss"
% constants.CEPH_HEALTH_CHECK_INTERVAL)
if self.service.entity_instance_id:
break
time.sleep(constants.CEPH_HEALTH_CHECK_INTERVAL)
# Start monitoring ceph status
while True:
try:
self.ceph_poll_status()
self.ceph_poll_quotas()
except Exception:
LOG.exception(
"Error running periodic monitoring of ceph status, "
"will retry in %ss"
% constants.CEPH_HEALTH_CHECK_INTERVAL)
time.sleep(constants.CEPH_HEALTH_CHECK_INTERVAL)
def ceph_get_fsid(self):
# Check whether an alarm has already been raised
self._get_current_alarms()
if self.current_health_alarm:
LOG.info(_LI("Current alarm: %s") %
str(self.current_health_alarm.__dict__))
fsid = self._get_fsid()
if not fsid:
# Raise alarm - it will not have an entity_instance_id
self._report_fault({'health': constants.CEPH_HEALTH_DOWN,
'detail': 'Ceph cluster is down.'},
fm_constants.FM_ALARM_ID_STORAGE_CEPH)
else:
# Clear alarm with no entity_instance_id
self._clear_fault(fm_constants.FM_ALARM_ID_STORAGE_CEPH)
self.service.entity_instance_id = 'cluster=%s' % fsid
def ceph_poll_status(self):
# get previous data every time in case:
# * daemon restarted
# * alarm was cleared manually but stored as raised in daemon
self._get_current_alarms()
if self.current_health_alarm:
LOG.info(_LI("Current alarm: %s") %
str(self.current_health_alarm.__dict__))
# get ceph health
health = self._get_health()
LOG.info(_LI("Current Ceph health: "
"%(health)s detail: %(detail)s") % health)
health = self.filter_health_status(health)
if health['health'] != constants.CEPH_HEALTH_OK:
self._report_fault(health, fm_constants.FM_ALARM_ID_STORAGE_CEPH)
self._report_alarm_osds_health()
else:
self._clear_fault(fm_constants.FM_ALARM_ID_STORAGE_CEPH)
self.clear_all_major_critical()
def filter_health_status(self, health):
return super(Monitor, self).filter_health_status(health)
def ceph_poll_quotas(self):
self._get_current_alarms()
if self.current_quota_alarms:
LOG.info(_LI("Current quota alarms %s") %
self.current_quota_alarms)
# Get current current size of each tier
previous_tiers_size = self.tiers_size
self.tiers_size = self._get_tiers_size()
# Make sure any removed tiers have the alarms cleared
for t in (set(previous_tiers_size) - set(self.tiers_size)):
self._clear_fault(fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE,
"{0}.tier={1}".format(
self.service.entity_instance_id,
t[:-len(constants.CEPH_CRUSH_TIER_SUFFIX)]))
# Check the quotas on each tier
for tier in self.tiers_size:
# Extract the tier name from the crush equivalent
tier_name = tier[:-len(constants.CEPH_CRUSH_TIER_SUFFIX)]
if self.tiers_size[tier] == 0:
LOG.info(_LI("'%s' tier cluster size not yet available")
% tier_name)
continue
pools_quota_sum = 0
if tier == self.primary_tier_name:
for pool in constants.CEPH_POOLS:
if (pool['pool_name'] ==
constants.CEPH_POOL_OBJECT_GATEWAY_NAME_JEWEL or
pool['pool_name'] ==
constants.CEPH_POOL_OBJECT_GATEWAY_NAME_HAMMER):
object_pool_name = self._get_object_pool_name()
if object_pool_name is None:
LOG.error("Rados gateway object data pool does "
"not exist.")
else:
pools_quota_sum += \
self._get_osd_pool_quota(object_pool_name)
else:
pools_quota_sum += self._get_osd_pool_quota(
pool['pool_name'])
else:
for pool in constants.SB_TIER_CEPH_POOLS:
pool_name = "{0}-{1}".format(pool['pool_name'], tier_name)
pools_quota_sum += self._get_osd_pool_quota(pool_name)
# Currently, there is only one pool on the addtional tier(s),
# therefore allow a quota of 0
if (pools_quota_sum != self.tiers_size[tier] and
pools_quota_sum != 0):
self._report_fault(
{'tier_name': tier_name,
'tier_eid': "{0}.tier={1}".format(
self.service.entity_instance_id,
tier_name)},
fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE)
else:
self._clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE,
"{0}.tier={1}".format(self.service.entity_instance_id,
tier_name))
# CEPH HELPERS
def _get_fsid(self):
try:
response, fsid = self.service.ceph_api.fsid(
body='text', timeout=30)
except IOError as e:
LOG.warning(_LW("ceph_api.fsid failed: %s") % str(e))
self.cluster_is_up = False
return None
if not response.ok:
LOG.warning(_LW("Get fsid failed: %s") % response.reason)
self.cluster_is_up = False
return None
self.cluster_is_up = True
return fsid.strip()
def _get_health(self):
try:
# we use text since it has all info
response, body = self.service.ceph_api.health(
body='text', timeout=30)
except IOError as e:
LOG.warning(_LW("ceph_api.health failed: %s") % str(e))
self.cluster_is_up = False
return {'health': constants.CEPH_HEALTH_DOWN,
'detail': 'Ceph cluster is down.'}
if not response.ok:
LOG.warning(_LW("CEPH health check failed: %s") % response.reason)
health_info = [constants.CEPH_HEALTH_DOWN, response.reason]
self.cluster_is_up = False
else:
health_info = body.split(' ', 1)
self.cluster_is_up = True
health = health_info[0]
if len(health_info) > 1:
detail = health_info[1]
else:
detail = health_info[0]
return {'health': health.strip(),
'detail': detail.strip()}
def _get_object_pool_name(self):
if self.known_object_pool_name is None:
response, body = self.service.ceph_api.osd_pool_get(
constants.CEPH_POOL_OBJECT_GATEWAY_NAME_JEWEL,
"pg_num",
body='json')
if response.ok:
self.known_object_pool_name = \
constants.CEPH_POOL_OBJECT_GATEWAY_NAME_JEWEL
return self.known_object_pool_name
response, body = self.service.ceph_api.osd_pool_get(
constants.CEPH_POOL_OBJECT_GATEWAY_NAME_HAMMER,
"pg_num",
body='json')
if response.ok:
self.known_object_pool_name = \
constants.CEPH_POOL_OBJECT_GATEWAY_NAME_HAMMER
return self.known_object_pool_name
return self.known_object_pool_name
def _get_osd_pool_quota(self, pool_name):
try:
resp, quota = self.service.ceph_api.osd_get_pool_quota(
pool_name, body='json')
except IOError:
return 0
if not resp.ok:
LOG.error(_LE("Getting the quota for "
"%(name)s pool failed:%(reason)s)") %
{"name": pool_name, "reason": resp.reason})
return 0
else:
try:
quota_gib = int(quota["output"]["quota_max_bytes"]) / (1024**3)
return quota_gib
except IOError:
return 0
# we have two root nodes 'cache-tier' and 'storage-tier'
# to calculate the space that is used by the pools, we must only
# use 'storage-tier'
# this function determines if a certain node is under a certain
# tree
def host_is_in_root(self, search_tree, node, root_name):
if node['type'] == 'root':
if node['name'] == root_name:
return True
else:
return False
return self.host_is_in_root(search_tree,
search_tree[node['parent']],
root_name)
# The information received from ceph is not properly
# structured for efficient parsing and searching, so
# it must be processed and transformed into a more
# structured form.
#
# Input received from ceph is an array of nodes with the
# following structure:
# [{'id':<node_id>, 'children':<array_of_children_ids>, ....},
# ...]
#
# We process this array and transform it into a dictionary
# (for efficient access) The transformed "search tree" is a
# dictionary with the following structure:
# {<node_id> : {'children':<array_of_children_ids>}
def _get_tiers_size(self):
try:
resp, body = self.service.ceph_api.osd_df(
body='json',
output_method='tree')
except IOError:
return 0
if not resp.ok:
LOG.error(_LE("Getting the cluster usage "
"information failed: %(reason)s - "
"%(body)s") % {"reason": resp.reason,
"body": body})
return {}
# A node is a crushmap element: root, chassis, host, osd. Create a
# dictionary for the nodes with the key as the id used for efficient
# searching through nodes.
#
# For example: storage-0's node has one child node => OSD 0
# {
# "id": -4,
# "name": "storage-0",
# "type": "host",
# "type_id": 1,
# "reweight": -1.000000,
# "kb": 51354096,
# "kb_used": 1510348,
# "kb_avail": 49843748,
# "utilization": 2.941047,
# "var": 1.480470,
# "pgs": 0,
# "children": [
# 0
# ]
# },
search_tree = {}
for node in body['output']['nodes']:
search_tree[node['id']] = node
# Extract the tiers as we will return a dict for the size of each tier
tiers = {k: v for k, v in search_tree.items() if v['type'] == 'root'}
# For each tier, traverse the heirarchy from the root->chassis->host.
# Sum the host sizes to determine the overall size of the tier
tier_sizes = {}
for tier in tiers.values():
tier_size = 0
for chassis_id in tier['children']:
chassis_size = 0
chassis = search_tree[chassis_id]
for host_id in chassis['children']:
host = search_tree[host_id]
if (chassis_size == 0 or
chassis_size > host['kb']):
chassis_size = host['kb']
tier_size += chassis_size / (1024**2)
tier_sizes[tier['name']] = tier_size
return tier_sizes
# ALARM HELPERS
@staticmethod
def _check_storage_group(osd_tree, group_id,
hosts, osds, fn_report_alarm):
reasons = set()
degraded_hosts = set()
severity = fm_constants.FM_ALARM_SEVERITY_CRITICAL
for host_id in hosts:
if len(osds[host_id]) == 0:
reasons.add(constants.ALARM_REASON_NO_OSD)
degraded_hosts.add(host_id)
else:
for osd_id in osds[host_id]:
if osd_tree[osd_id]['status'] == 'up':
if osd_tree[osd_id]['reweight'] == 0.0:
reasons.add(constants.ALARM_REASON_OSDS_OUT)
degraded_hosts.add(host_id)
else:
severity = fm_constants.FM_ALARM_SEVERITY_MAJOR
elif osd_tree[osd_id]['status'] == 'down':
reasons.add(constants.ALARM_REASON_OSDS_DOWN)
degraded_hosts.add(host_id)
if constants.ALARM_REASON_OSDS_OUT in reasons \
and constants.ALARM_REASON_OSDS_DOWN in reasons:
reasons.add(constants.ALARM_REASON_OSDS_DOWN_OUT)
reasons.remove(constants.ALARM_REASON_OSDS_OUT)
if constants.ALARM_REASON_OSDS_DOWN in reasons \
and constants.ALARM_REASON_OSDS_DOWN_OUT in reasons:
reasons.remove(constants.ALARM_REASON_OSDS_DOWN)
reason = "/".join(list(reasons))
if severity == fm_constants.FM_ALARM_SEVERITY_CRITICAL:
reason = "{} {}: {}".format(
fm_constants.ALARM_CRITICAL_REPLICATION,
osd_tree[group_id]['name'],
reason)
elif severity == fm_constants.FM_ALARM_SEVERITY_MAJOR:
reason = "{} {}: {}".format(
fm_constants.ALARM_MAJOR_REPLICATION,
osd_tree[group_id]['name'],
reason)
if len(degraded_hosts) == 0:
if len(hosts) < 2:
fn_report_alarm(
osd_tree[group_id]['name'],
"{} {}: {}".format(
fm_constants.ALARM_MAJOR_REPLICATION,
osd_tree[group_id]['name'],
constants.ALARM_REASON_PEER_HOST_DOWN),
fm_constants.FM_ALARM_SEVERITY_MAJOR)
elif len(degraded_hosts) == 1:
fn_report_alarm(
"{}.host={}".format(
osd_tree[group_id]['name'],
osd_tree[list(degraded_hosts)[0]]['name']),
reason, severity)
else:
fn_report_alarm(
osd_tree[group_id]['name'],
reason, severity)
def _check_storage_tier(self, osd_tree, tier_name, fn_report_alarm):
for tier_id in osd_tree:
if osd_tree[tier_id]['type'] != 'root':
continue
if osd_tree[tier_id]['name'] != tier_name:
continue
for group_id in osd_tree[tier_id]['children']:
if osd_tree[group_id]['type'] != 'chassis':
continue
if not osd_tree[group_id]['name'].startswith('group-'):
continue
hosts = []
osds = {}
for host_id in osd_tree[group_id]['children']:
if osd_tree[host_id]['type'] != 'host':
continue
hosts.append(host_id)
osds[host_id] = []
for osd_id in osd_tree[host_id]['children']:
if osd_tree[osd_id]['type'] == 'osd':
osds[host_id].append(osd_id)
self._check_storage_group(osd_tree, group_id, hosts,
osds, fn_report_alarm)
break
def _current_health_alarm_equals(self, reason, severity):
if not self.current_health_alarm:
return False
if getattr(self.current_health_alarm, 'severity', None) != severity:
return False
if getattr(self.current_health_alarm, 'reason_text', None) != reason:
return False
return True
def _report_alarm_osds_health(self):
response, osd_tree = self.service.ceph_api.osd_tree(body='json')
if not response.ok:
LOG.error(_LE("Failed to retrieve Ceph OSD tree: "
"status_code: %(status_code)s, reason: %(reason)s") %
{"status_code": response.status_code,
"reason": response.reason})
return
osd_tree = dict([(n['id'], n) for n in osd_tree['output']['nodes']])
alarms = []
self._check_storage_tier(osd_tree, "storage-tier",
lambda *args: alarms.append(args))
old_alarms = {}
for alarm_id in [
fm_constants.FM_ALARM_ID_STORAGE_CEPH_MAJOR,
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL]:
alarm_list = self.service.fm_api.get_faults_by_id(alarm_id)
if not alarm_list:
continue
for alarm in alarm_list:
if alarm.entity_instance_id not in old_alarms:
old_alarms[alarm.entity_instance_id] = []
old_alarms[alarm.entity_instance_id].append(
(alarm.alarm_id, alarm.reason_text))
for peer_group, reason, severity in alarms:
if self._current_health_alarm_equals(reason, severity):
continue
alarm_critical_major = fm_constants.FM_ALARM_ID_STORAGE_CEPH_MAJOR
if severity == fm_constants.FM_ALARM_SEVERITY_CRITICAL:
alarm_critical_major = (
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL)
entity_instance_id = (
self.service.entity_instance_id + '.peergroup=' + peer_group)
alarm_already_exists = False
if entity_instance_id in old_alarms:
for alarm_id, old_reason in old_alarms[entity_instance_id]:
if (reason == old_reason and
alarm_id == alarm_critical_major):
# if the alarm is exactly the same, we don't need
# to recreate it
old_alarms[entity_instance_id].remove(
(alarm_id, old_reason))
alarm_already_exists = True
elif (alarm_id == alarm_critical_major):
# if we change just the reason, then we just remove the
# alarm from the list so we don't remove it at the
# end of the function
old_alarms[entity_instance_id].remove(
(alarm_id, old_reason))
if (len(old_alarms[entity_instance_id]) == 0):
del old_alarms[entity_instance_id]
# in case the alarm is exactly the same, we skip the alarm set
if alarm_already_exists is True:
continue
major_repair_action = constants.REPAIR_ACTION_MAJOR_CRITICAL_ALARM
fault = fm_api.Fault(
alarm_id=alarm_critical_major,
alarm_type=fm_constants.FM_ALARM_TYPE_4,
alarm_state=fm_constants.FM_ALARM_STATE_SET,
entity_type_id=fm_constants.FM_ENTITY_TYPE_CLUSTER,
entity_instance_id=entity_instance_id,
severity=severity,
reason_text=reason,
probable_cause=fm_constants.ALARM_PROBABLE_CAUSE_15,
proposed_repair_action=major_repair_action,
service_affecting=constants.SERVICE_AFFECTING['HEALTH_WARN'])
alarm_uuid = self.service.fm_api.set_fault(fault)
if alarm_uuid:
LOG.info(_LI(
"Created storage alarm %(alarm_uuid)s - "
"severity: %(severity)s, reason: %(reason)s, "
"service_affecting: %(service_affecting)s") % {
"alarm_uuid": str(alarm_uuid),
"severity": str(severity),
"reason": reason,
"service_affecting": str(
constants.SERVICE_AFFECTING['HEALTH_WARN'])})
else:
LOG.error(_LE(
"Failed to create storage alarm - "
"severity: %(severity)s, reason: %(reason)s, "
"service_affecting: %(service_affecting)s") % {
"severity": str(severity),
"reason": reason,
"service_affecting": str(
constants.SERVICE_AFFECTING['HEALTH_WARN'])})
for entity_instance_id in old_alarms:
for alarm_id, old_reason in old_alarms[entity_instance_id]:
self.service.fm_api.clear_fault(alarm_id, entity_instance_id)
@staticmethod
def _parse_reason(health):
"""Parse reason strings received from Ceph"""
if health['health'] in constants.CEPH_STATUS_CUSTOM:
# Don't parse reason messages that we added
return "Storage Alarm Condition: %(health)s. %(detail)s" % health
reasons_lst = health['detail'].split(';')
parsed_reasons_text = ""
# Check if PGs have issues - we can't safely store the entire message
# as it tends to be long
for reason in reasons_lst:
if "pgs" in reason:
parsed_reasons_text += "PGs are degraded/stuck or undersized"
break
# Extract recovery status
parsed_reasons = [r.strip() for r in reasons_lst if 'recovery' in r]
if parsed_reasons:
parsed_reasons_text += ";" + ";".join(parsed_reasons)
# We need to keep the most important parts of the messages when storing
# them to fm alarms, therefore text between [] brackets is truncated if
# max size is reached.
# Add brackets, if needed
if len(parsed_reasons_text):
lbracket = " ["
rbracket = "]"
else:
lbracket = ""
rbracket = ""
msg = {"head": "Storage Alarm Condition: ",
"tail": ". Please check 'ceph -s' for more details."}
max_size = constants.FM_ALARM_REASON_MAX_SIZE - \
len(msg["head"]) - len(msg["tail"])
return (
msg['head'] +
(health['health'] + lbracket
+ parsed_reasons_text)[:max_size - 1] +
rbracket + msg['tail'])
def _report_fault(self, health, alarm_id):
if alarm_id == fm_constants.FM_ALARM_ID_STORAGE_CEPH:
new_severity = constants.SEVERITY[health['health']]
new_reason_text = self._parse_reason(health)
new_service_affecting = \
constants.SERVICE_AFFECTING[health['health']]
# Raise or update alarm if necessary
if ((not self.current_health_alarm) or
(self.current_health_alarm.__dict__['severity'] !=
new_severity) or
(self.current_health_alarm.__dict__['reason_text'] !=
new_reason_text) or
(self.current_health_alarm.__dict__['service_affecting'] !=
str(new_service_affecting))):
fault = fm_api.Fault(
alarm_id=fm_constants.FM_ALARM_ID_STORAGE_CEPH,
alarm_type=fm_constants.FM_ALARM_TYPE_4,
alarm_state=fm_constants.FM_ALARM_STATE_SET,
entity_type_id=fm_constants.FM_ENTITY_TYPE_CLUSTER,
entity_instance_id=self.service.entity_instance_id,
severity=new_severity,
reason_text=new_reason_text,
probable_cause=fm_constants.ALARM_PROBABLE_CAUSE_15,
proposed_repair_action=constants.REPAIR_ACTION,
service_affecting=new_service_affecting)
alarm_uuid = self.service.fm_api.set_fault(fault)
if alarm_uuid:
LOG.info(_LI(
"Created storage alarm %(alarm_uuid)s - "
"severity: %(severity)s, reason: %(reason)s, "
"service_affecting: %(service_affecting)s") % {
"alarm_uuid": alarm_uuid,
"severity": new_severity,
"reason": new_reason_text,
"service_affecting": new_service_affecting})
else:
LOG.error(_LE(
"Failed to create storage alarm - "
"severity: %(severity)s, reason: %(reason)s "
"service_affecting: %(service_affecting)s") % {
"severity": new_severity,
"reason": new_reason_text,
"service_affecting": new_service_affecting})
# Log detailed reason for later analysis
if (self.current_ceph_health != health['health'] or
self.detailed_health_reason != health['detail']):
LOG.info(_LI("Ceph status changed: %(health)s "
"detailed reason: %(detail)s") % health)
self.current_ceph_health = health['health']
self.detailed_health_reason = health['detail']
elif (alarm_id == fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE and
not health['tier_eid'] in self.current_quota_alarms):
quota_reason_text = ("Quota/Space mismatch for the %s tier. The "
"sum of Ceph pool quotas does not match the "
"tier size." % health['tier_name'])
fault = fm_api.Fault(
alarm_id=fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE,
alarm_state=fm_constants.FM_ALARM_STATE_SET,
entity_type_id=fm_constants.FM_ENTITY_TYPE_CLUSTER,
entity_instance_id=health['tier_eid'],
severity=fm_constants.FM_ALARM_SEVERITY_MINOR,
reason_text=quota_reason_text,
alarm_type=fm_constants.FM_ALARM_TYPE_7,
probable_cause=fm_constants.ALARM_PROBABLE_CAUSE_75,
proposed_repair_action=(
"Update ceph storage pool quotas to use all available "
"cluster space for the %s tier." % health['tier_name']),
service_affecting=False)
alarm_uuid = self.service.fm_api.set_fault(fault)
if alarm_uuid:
LOG.info(_LI(
"Created storage quota storage alarm %(alarm_uuid)s. "
"Reason: %(reason)s") % {
"alarm_uuid": alarm_uuid, "reason": quota_reason_text})
else:
LOG.error(_LE("Failed to create quota "
"storage alarm. Reason: %s") % quota_reason_text)
def _clear_fault(self, alarm_id, entity_instance_id=None):
# Only clear alarm if there is one already raised
if (alarm_id == fm_constants.FM_ALARM_ID_STORAGE_CEPH and
self.current_health_alarm):
LOG.info(_LI("Clearing health alarm"))
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH,
self.service.entity_instance_id)
elif (alarm_id == fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE and
entity_instance_id in self.current_quota_alarms):
LOG.info(_LI("Clearing quota alarm with entity_instance_id %s")
% entity_instance_id)
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE,
entity_instance_id)
def clear_critical_alarm(self, group_name):
alarm_list = self.service.fm_api.get_faults_by_id(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL)
if alarm_list:
for alarm in range(len(alarm_list)):
group_id = alarm_list[alarm].entity_instance_id.find("group-")
group_instance_name = (
"group-" +
alarm_list[alarm].entity_instance_id[group_id + 6])
if group_name == group_instance_name:
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL,
alarm_list[alarm].entity_instance_id)
def clear_all_major_critical(self, group_name=None):
# clear major alarms
alarm_list = self.service.fm_api.get_faults_by_id(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_MAJOR)
if alarm_list:
for alarm in range(len(alarm_list)):
if group_name is not None:
group_id = (
alarm_list[alarm].entity_instance_id.find("group-"))
group_instance_name = (
"group-" +
alarm_list[alarm].entity_instance_id[group_id + 6])
if group_name == group_instance_name:
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_MAJOR,
alarm_list[alarm].entity_instance_id)
else:
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_MAJOR,
alarm_list[alarm].entity_instance_id)
# clear critical alarms
alarm_list = self.service.fm_api.get_faults_by_id(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL)
if alarm_list:
for alarm in range(len(alarm_list)):
if group_name is not None:
group_id = (
alarm_list[alarm].entity_instance_id.find("group-"))
group_instance_name = (
"group-" +
alarm_list[alarm].entity_instance_id[group_id + 6])
if group_name == group_instance_name:
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL,
alarm_list[alarm].entity_instance_id)
else:
self.service.fm_api.clear_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_CRITICAL,
alarm_list[alarm].entity_instance_id)
def _get_current_alarms(self):
"""Retrieve currently raised alarm"""
self.current_health_alarm = self.service.fm_api.get_fault(
fm_constants.FM_ALARM_ID_STORAGE_CEPH,
self.service.entity_instance_id)
quota_faults = self.service.fm_api.get_faults_by_id(
fm_constants.FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE)
if quota_faults:
self.current_quota_alarms = [f.entity_instance_id
for f in quota_faults]
else:
self.current_quota_alarms = []

173
ceph/ceph-manager/ceph-manager/ceph_manager/server.py
View File

@ -1,173 +0,0 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
#
# Copyright (c) 2016-2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# https://chrigl.de/posts/2014/08/27/oslo-messaging-example.html
# http://docs.openstack.org/developer/oslo.messaging/server.html
import sys
# noinspection PyUnresolvedReferences
import eventlet
# noinspection PyUnresolvedReferences
import oslo_messaging as messaging
# noinspection PyUnresolvedReferences
from fm_api import fm_api
# noinspection PyUnresolvedReferences
from oslo_config import cfg
# noinspection PyUnresolvedReferences
from oslo_log import log as logging
# noinspection PyUnresolvedReferences
from oslo_service import service
# noinspection PyUnresolvedReferences
from oslo_service.periodic_task import PeriodicTasks
# noinspection PyUnresolvedReferences
from cephclient import wrapper
from ceph_manager.monitor import Monitor
from ceph_manager import constants
from ceph_manager.i18n import _LI
from ceph_manager.i18n import _LW
from retrying import retry
eventlet.monkey_patch(all=True)
CONF = cfg.CONF
CONF.register_opts([
cfg.StrOpt('sysinv_api_bind_ip',
default='0.0.0.0',
help='IP for the Ceph Manager server to bind to')])
CONF.logging_default_format_string = (
'%(asctime)s.%(msecs)03d %(process)d '
'%(levelname)s %(name)s [-] %(message)s')
logging.register_options(CONF)
logging.setup(CONF, __name__)
LOG = logging.getLogger(__name__)
CONF.rpc_backend = 'rabbit'
class RpcEndpoint(PeriodicTasks):
def __init__(self, service=None):
self.service = service
def get_primary_tier_size(self, _):
"""Get the ceph size for the primary tier.
returns: an int for the size (in GB) of the tier
"""
tiers_size = self.service.monitor.tiers_size
primary_tier_size = tiers_size.get(
self.service.monitor.primary_tier_name, 0)
LOG.debug(_LI("Ceph cluster primary tier size: %s GB") %
str(primary_tier_size))
return primary_tier_size
def get_tiers_size(self, _):
"""Get the ceph cluster tier sizes.
returns: a dict of sizes (in GB) by tier name
"""
tiers_size = self.service.monitor.tiers_size
LOG.debug(_LI("Ceph cluster tiers (size in GB): %s") %
str(tiers_size))
return tiers_size
def is_cluster_up(self, _):
"""Report if the last health check was successful.
This is an independent view of the cluster accessibility that can be
used by the sysinv conductor to gate ceph API calls which would timeout
and potentially block other operations.
This view is only updated at the rate the monitor checks for a cluster
uuid or a health check (CEPH_HEALTH_CHECK_INTERVAL)
returns: boolean True if last health check was successful else False
"""
return self.service.monitor.cluster_is_up
class SysinvConductorUpgradeApi(object):
def __init__(self):
self.sysinv_conductor = None
super(SysinvConductorUpgradeApi, self).__init__()
def get_software_upgrade_status(self):
LOG.info(_LI("Getting software upgrade status from sysinv"))
cctxt = self.sysinv_conductor.prepare(timeout=2)
upgrade = cctxt.call({}, 'get_software_upgrade_status')
LOG.info(_LI("Software upgrade status: %s") % str(upgrade))
return upgrade
@retry(wait_fixed=1000,
retry_on_exception=lambda e:
LOG.warn(_LW(
"Getting software upgrade status failed "
"with: %s. Retrying... ") % str(e)) or True)
def retry_get_software_upgrade_status(self):
return self.get_software_upgrade_status()
class Service(SysinvConductorUpgradeApi, service.Service):
def __init__(self, conf):
super(Service, self).__init__()
self.conf = conf
self.rpc_server = None
self.sysinv_conductor = None
self.ceph_api = None
self.entity_instance_id = ''
self.fm_api = fm_api.FaultAPIs()
self.monitor = Monitor(self)
self.config = None
self.config_desired = None
self.config_applied = None
def start(self):
super(Service, self).start()
transport = messaging.get_transport(self.conf)
self.sysinv_conductor = messaging.RPCClient(
transport,
messaging.Target(
topic=constants.SYSINV_CONDUCTOR_TOPIC))
self.ceph_api = wrapper.CephWrapper(
endpoint='https://localhost:5001')
# Get initial config from sysinv and send it to
# services that need it before starting them
self.rpc_server = messaging.get_rpc_server(
transport,
messaging.Target(topic=constants.CEPH_MANAGER_TOPIC,
server=self.conf.sysinv_api_bind_ip),
[RpcEndpoint(self)],
executor='eventlet')
self.rpc_server.start()
eventlet.spawn_n(self.monitor.run)
def stop(self):
try:
self.rpc_server.stop()
self.rpc_server.wait()
except Exception:
pass
super(Service, self).stop()
def run_service():
CONF(sys.argv[1:])
logging.setup(CONF, "ceph-manager")
launcher = service.launch(CONF, Service(CONF), workers=1)
launcher.wait()
if __name__ == "__main__":
run_service()

0
ceph/ceph-manager/ceph-manager/ceph_manager/tests/__init__.py
View File

19
ceph/ceph-manager/ceph-manager/setup.py
View File

@ -1,19 +0,0 @@
#!/usr/bin/env python
#
# Copyright (c) 2013-2014, 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import setuptools
setuptools.setup(
name='ceph_manager',
version='1.0.0',
description='CEPH manager',
license='Apache-2.0',
packages=['ceph_manager'],
entry_points={
}
)

10
ceph/ceph-manager/ceph-manager/test-requirements.txt
View File

@ -1,10 +0,0 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
mock
flake8
eventlet
pytest
oslo.log
oslo.i18n

24
ceph/ceph-manager/ceph-manager/tox.ini
View File

@ -1,24 +0,0 @@
# adapted from glance tox.ini
[tox]
minversion = 1.6
envlist = py27,pep8
skipsdist = True
# tox does not work if the path to the workdir is too long, so move it to /tmp
toxworkdir = /tmp/{env:USER}_ceph_manager_tox
[testenv]
setenv = VIRTUAL_ENV={envdir}
usedevelop = True
install_command = pip install -U --force-reinstall {opts} {packages}
deps = -r{toxinidir}/test-requirements.txt
commands = py.test {posargs}
whitelist_externals = bash
passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
[testenv:pep8]
commands =
flake8 {posargs}
[flake8]
exclude = .venv,.git,.tox,dist,doc,etc,*glance/locale*,*lib/python*,*egg,build

11
ceph/ceph-manager/files/ceph-manager.logrotate
View File

@ -1,11 +0,0 @@
/var/log/ceph-manager.log {
nodateext
size 10M
start 1
rotate 10
missingok
notifempty
compress
delaycompress
copytruncate
}

17
ceph/ceph-manager/files/ceph-manager.service
View File

@ -1,17 +0,0 @@
[Unit]
Description=Handle Ceph API calls and provide status updates via alarms
After=ceph.target
[Service]
Type=forking
Restart=no
KillMode=process
RemainAfterExit=yes
ExecStart=/etc/rc.d/init.d/ceph-manager start
ExecStop=/etc/rc.d/init.d/ceph-manager stop
ExecReload=/etc/rc.d/init.d/ceph-manager reload
PIDFile=/var/run/ceph/ceph-manager.pid
[Install]
WantedBy=multi-user.target

17
ceph/ceph-manager/scripts/bin/ceph-manager
View File

@ -1,17 +0,0 @@
#!/usr/bin/env python
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import sys
try:
from ceph_manager.server import run_service
except EnvironmentError as e:
print >> sys.stderr, "Error importing ceph_manager: ", str(e)
sys.exit(1)
run_service()

103
ceph/ceph-manager/scripts/init.d/ceph-manager
View File

@ -1,103 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2013-2014, 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
### BEGIN INIT INFO
# Provides: ceph-manager
# Required-Start: $ceph
# Required-Stop: $ceph
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Daemon for polling ceph status
# Description: Daemon for polling ceph status
### END INIT INFO
DESC="ceph-manager"
DAEMON="/usr/bin/ceph-manager"
RUNDIR="/var/run/ceph"
PIDFILE=$RUNDIR/$DESC.pid
CONFIGFILE="/etc/sysinv/sysinv.conf"
LOGFILE="/var/log/ceph-manager.log"
start()
{
if [ -e $PIDFILE ]; then
PIDDIR=/proc/$(cat $PIDFILE)
if [ -d ${PIDDIR} ]; then
echo "$DESC already running."
exit 0
else
echo "Removing stale PID file $PIDFILE"
rm -f $PIDFILE
fi
fi
echo -n "Starting $DESC..."
mkdir -p $RUNDIR
start-stop-daemon --start --quiet \
--pidfile ${PIDFILE} --exec ${DAEMON} \
--make-pidfile --background \
-- --log-file=$LOGFILE --config-file=$CONFIGFILE
if [ $? -eq 0 ]; then
echo "done."
else
echo "failed."
exit 1
fi
}
stop()
{
echo -n "Stopping $DESC..."
start-stop-daemon --stop --quiet --pidfile $PIDFILE --retry 60
if [ $? -eq 0 ]; then
echo "done."
else
echo "failed."
fi
rm -f $PIDFILE
}
status()
{
pid=`cat $PIDFILE 2>/dev/null`
if [ -n "$pid" ]; then
if ps -p $pid &> /dev/null ; then
echo "$DESC is running"
exit 0
else
echo "$DESC is not running but has pid file"
exit 1
fi
fi
echo "$DESC is not running"
exit 3
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload|reload)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|force-reload|restart|reload|status}"
exit 1
;;
esac
exit 0

2
ceph/python-cephclient/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
SRC_DIR="python-cephclient"
TIS_PATCH_VER=0

65
ceph/python-cephclient/centos/python-cephclient.spec
View File

@ -1,65 +0,0 @@
Summary: Handle Ceph API calls and provide status updates via alarms
Name: python-cephclient
Version: 13.2.2.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: https://github.com/openstack/stx-integ/tree/master/ceph/python-cephclient/python-cephclient'
Source0: %{name}-%{version}.tar.gz
BuildArch: noarch
BuildRequires: python
BuildRequires: python2-pip
BuildRequires: python2-wheel
Requires: python
Requires: python-ipaddress
Requires: python2-six
Requires: python2-requests
Provides: python-cephclient
%description
A client library in Python for Ceph Mgr RESTful plugin providing REST API
access to the cluster over an SSL-secured connection. Python API is compatible
with the old Python Ceph client at
https://github.com/dmsimard/python-cephclient that no longer works in Ceph
mimic because Ceph REST API component was removed.
%define debug_package %{nil}
%prep
%autosetup -p 1 -n %{name}-%{version}
rm -rf .pytest_cache
rm -rf python_cephclient.egg-info
rm -f requirements.txt
%build
%{__python} setup.py build
%py2_build_wheel
%install
%{__python2} setup.py install --skip-build --root %{buildroot}
mkdir -p $RPM_BUILD_ROOT/wheels
install -m 644 dist/*.whl $RPM_BUILD_ROOT/wheels/
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%license LICENSE
%{python2_sitelib}/cephclient
%{python2_sitelib}/*.egg-info
%package wheels
Summary: %{name} wheels
%description wheels
Contains python wheels for %{name}
%files wheels
/wheels/*

2
ceph/python-cephclient/python-cephclient/.gitignore vendored
View File

@ -1,2 +0,0 @@
.pytest_cache
*.egg-info

202
ceph/python-cephclient/python-cephclient/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2019 Wind River Systems, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
ceph/python-cephclient/python-cephclient/cephclient/__init__.py
View File

@ -1,5 +0,0 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

5793
ceph/python-cephclient/python-cephclient/cephclient/client.py
View File

File diff suppressed because it is too large Load Diff

100
ceph/python-cephclient/python-cephclient/cephclient/exception.py
View File

@ -1,100 +0,0 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
class CephClientException(Exception):
message = "generic ceph client exception"
def __init__(self, *args, **kwargs):
if "message" not in kwargs:
try:
message = self.message.format(*args, **kwargs)
except Exception: # noqa
message = '{}, args:{}, kwargs: {}'.format(
self.message, args, kwargs)
else:
message = kwargs["message"]
super(CephClientException, self).__init__(message)
class CephMonRestfulListKeysError(CephClientException):
message = "Failed to get ceph-mgr restful plugin keys. {}"
class CephMonRestfulJsonError(CephClientException):
message = "Failed to decode ceph-mgr restful plugin JSON response: {}"
class CephMonRestfulMissingUserCredentials(CephClientException):
message = "Failed to get ceph-mgr restful plugin credentials for user: {}"
class CephMgrDumpError(CephClientException):
message = "Failed to get ceph manager info. {}"
class CephMgrJsonError(CephClientException):
message = "Failed to decode ceph manager JSON response: {}"
class CephMgrMissingRestfulService(CephClientException):
message = "Missing restful service. Available services: {}"
class CephClientFormatNotSupported(CephClientException):
message = "Command '{prefix}' does not support request format '{format}'"
class CephClientResponseFormatNotImplemented(CephClientException):
message = ("Can't decode response. Support for '{format}' format "
"is not implemented. Response: {reason}")
class CephClientFunctionNotImplemented(CephClientException):
message = "Function '{name}' is not implemented"
class CephClientInvalidChoice(CephClientException):
message = ("Function '{function}' does not support option "
"{option}='{value}'. Supported values are: {supported}")
class CephClientTypeError(CephClientException):
message = ("Expecting option '{name}' of type {expected}. "
"Got {actual} instead")
class CephClientValueOutOfBounds(CephClientException):
message = ("Argument '{name}' should be within range: {min} .. {max} "
". Got value '{actual}' instead")
class CephClientInvalidPgid(CephClientException):
message = ("Argument '{name}' is not a valid Ceph PG id. Expected "
"n.xxx where n is an int > 0, xxx is a hex number > 0. "
"Got value '{actual}' instead")
class CephClientInvalidIPAddr(CephClientException):
message = ("Argument '{name}' should be a valid IPv4 or IPv6 address. "
"Got value '{actual}' instead")
class CephClientInvalidOsdIdValue(CephClientException):
message = ("Invalid OSD ID value '{osdid}'. Should start with 'osd.'")
class CephClientInvalidOsdIdType(CephClientException):
message = ("Invalid OSD ID type for '{osdid}'. "
"Expected integer or 'osd.NNN'")
class CephClientNoSuchUser(CephClientException):
message = ("No such user '{user}'.")
class CephClientIncorrectPassword(CephClientException):
message = ("Incorrect password for user '{user}'.")

5
ceph/python-cephclient/python-cephclient/cephclient/tests/__init__.py
View File

@ -1,5 +0,0 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

268
ceph/python-cephclient/python-cephclient/cephclient/wrapper.py
View File

@ -1,268 +0,0 @@
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import six
from cephclient.client import CephClient
from cephclient.exception import CephClientFunctionNotImplemented
from cephclient.exception import CephClientInvalidOsdIdValue
from cephclient.exception import CephClientTypeError
class CephWrapper(CephClient):
def __init__(self, endpoint=''):
super(CephWrapper, self).__init__()
def auth_import(self, body='json', timeout=None):
raise CephClientFunctionNotImplemented(name='auth_import')
def _sanitize_osdid_to_str(self, _id):
if isinstance(_id, six.string_types):
prefix = 'osd.'
if not _id.startswith(prefix):
try:
int(_id)
except ValueError:
raise CephClientInvalidOsdIdValue(
osdid=_id)
_id = prefix + _id
elif isinstance(_id, six.integer_types):
_id = 'osd.{}'.format(_id)
else:
raise CephClientInvalidOsdIdValue(
osdid=_id)
return _id
def _sanitize_osdid_to_int(self, _id):
if isinstance(_id, six.string_types):
prefix = 'osd.'
if _id.startswith(prefix):
_id = _id[len(prefix):]
try:
_id = int(_id)
except ValueError:
raise CephClientInvalidOsdIdValue(
osdid=_id)
elif not isinstance(_id, six.integer_types):
raise CephClientInvalidOsdIdValue(
osdid=_id)
return _id
def osd_create(self, uuid, body='json', timeout=None, params=None):
"""create new osd (with optional UUID and ID)
Notes:
1. osd create declares it accepts osd id as string but only works when
given an integer value; it automatically generates an ID otherwise
instead of using the one provided by 'osd create id=...'
2. old cephclient passes osd id through params dictionary
"""
kwargs = dict(uuid=uuid, body=body, timeout=timeout)
try:
kwargs['id'] = self._sanitize_osdid_to_int(params['id'])
except (KeyError, TypeError):
pass
return self._request('osd create', **kwargs)
def osd_rm(self, ids, body='json', timeout=None):
"""remove osd(s) <id> [<id>...], or use <any|all> to remove all osds """
if isinstance(ids, list):
ids = [self._sanitize_osdid_to_str(_id)
for _id in ids]
else:
ids = self._sanitize_osdid_to_str(ids)
return super(CephWrapper, self).osd_rm(
ids=ids, body=body, timeout=timeout)
def osd_remove(self, ids, body='json', timeout=None):
return self.osd_rm(ids, body=body, timeout=timeout)
def osd_down(self, ids, body='json', timeout=None):
"""set osd(s) <id> [<id>...] down, or use <any|all> to set all osds down """
if isinstance(ids, list):
ids = [self._sanitize_osdid_to_str(_id)
for _id in ids]
else:
ids = self._sanitize_osdid_to_str(ids)
return super(CephWrapper, self).osd_down(
ids=ids, body=body, timeout=timeout)
OSD_CRUSH_TREE_CONVERTED_FIELDS = [
'crush_weight', 'depth', 'id', 'name', 'type', 'type_id']
def _osd_crush_tree_convert_node(self, node):
return {k: node[k] for k in self.OSD_CRUSH_TREE_CONVERTED_FIELDS
if k in node}
def _osd_crush_tree_populate_tree(self, node, node_map):
children = node.get('children')
node = self._osd_crush_tree_convert_node(node)
if node['type'] != 'osd':
node['items'] = []
for _id in children:
node['items'].append(
self._osd_crush_tree_populate_tree(
node_map[_id], node_map))
return node
def osd_crush_tree(self, shadow=None, body='json', timeout=None):
"""dump crush buckets and items in a tree view """
response, _body = super(CephWrapper, self).osd_crush_tree(
shadow=shadow, body=body, timeout=timeout)
trees = []
if response.ok and body == 'json' \
and 'output' in _body:
node_map = {}
root_nodes = []
for node in _body['output']:
node_map[node['id']] = node
if node['type'] == 'root':
root_nodes.append(node)
for root in root_nodes:
trees.append(
self._osd_crush_tree_populate_tree(
root, node_map))
_body['output'] = trees
return response, _body
def _osd_crush_rule_by_ruleset(self, ruleset, timeout=None):
response, _body = self.osd_crush_rule_dump(
body='json', timeout=timeout)
if not response.ok:
return response, _body
name = None
for rule in _body['output']:
if rule.get('ruleset') == ruleset:
name = rule.get('rule_name')
_body['output'] = dict(rule=name)
return response, _body
def _osd_crush_ruleset_by_rule(self, rule, timeout=None):
response, _body = self.osd_crush_rule_dump(
name=rule, body='json', timeout=timeout)
return response, _body
def osd_pool_create(self, pool, pg_num, pgp_num=None, pool_type=None,
erasure_code_profile=None, ruleset=None,
expected_num_objects=None, body='json', timeout=None):
"""create pool
Notes:
1. map 'ruleset' to 'rule' (assuming 1:1 correspondence)
"""
response, _body = self._osd_crush_rule_by_ruleset(ruleset)
if not response.ok:
return response, _body
rule = _body['output']['rule']
return super(CephWrapper, self).osd_pool_create(
pool, pg_num, pgp_num=pgp_num, pool_type=pool_type,
erasure_code_profile=erasure_code_profile, rule=rule,
expected_num_objects=expected_num_objects, body=body,
timeout=timeout)
def osd_get_pool_param(self, pool, var, body='json', timeout=None):
"""get pool parameter <var> """
if var == 'crush_ruleset':
response, _body = super(CephWrapper, self).osd_pool_get(
pool, 'crush_rule', body='json', timeout=timeout)
if response.ok:
rule = _body['output']['crush_rule']
del _body['output']['crush_rule']
response, _body = self._osd_crush_ruleset_by_rule(
rule, timeout=timeout)
if response.ok:
_body['output'] = dict(
crush_ruleset=_body['output']['ruleset'])
return response, _body
else:
return super(CephWrapper, self).osd_pool_get(
pool, var, body=body, timeout=timeout)
def osd_pool_set(self, pool, var, val, force=None,
body='json', timeout=None):
"""set pool parameter <var> to <val> """
return super(CephWrapper, self).osd_pool_set(
pool=pool, var=var, val=str(val),
force=force, body=body, timeout=timeout)
def osd_set_pool_param(self, pool, var, val, force=None,
body='json', timeout=None):
"""set pool parameter <var> to <val> """
if var == 'crush_ruleset':
var = 'crush_rule'
response, _body = self._osd_crush_rule_by_ruleset(
val, timeout=timeout)
if not response.ok:
return response, _body
val = _body['output']['rule']
return super(CephWrapper, self).osd_pool_set(
pool, var, str(val), force=None,
body=body, timeout=timeout)
def osd_get_pool_quota(self, pool, body='json', timeout=None):
"""obtain object or byte limits for pool """
return super(CephWrapper, self).osd_pool_get_quota(
pool, body=body, timeout=timeout)
def osd_set_pool_quota(self, pool, field, val, body='json', timeout=None):
"""set object or byte limit on pool """
return super(CephWrapper, self).osd_pool_set_quota(
pool, field, str(val), body=body, timeout=timeout)
def osd_pool_set_quota(self, pool, field, val,
body='json', timeout=None):
"""set object or byte limit on pool """
return super(CephWrapper, self).osd_pool_set_quota(
pool=pool, field=field, val=str(val),
body=body, timeout=timeout)
def _auth_convert_caps(self, caps):
if caps:
if not isinstance(caps, dict):
raise CephClientTypeError(
name='caps',
actual=type(caps),
expected=dict)
_caps = []
for key, value in list(caps.items()):
_caps.append(key)
_caps.append(value)
caps = _caps
return caps
def auth_add(self, entity, caps=None, body='json', timeout=None):
"""add auth info for <entity> from input file, or random key if no input is given, and/or any caps specified in the command """
caps = self._auth_convert_caps(caps)
return super(CephWrapper, self).auth_add(
entity, caps=caps, body=body, timeout=timeout)
def auth_caps(self, entity, caps, body='json', timeout=None):
"""update caps for <name> from caps specified in the command """
caps = self._auth_convert_caps(caps)
return super(CephWrapper, self).auth_caps(
entity, caps=caps, body=body, timeout=timeout)
def auth_get_or_create(self, entity, caps=None, body='json', timeout=None):
"""add auth info for <entity> from input file, or random key if no input given, and/or any caps specified in the command """
caps = self._auth_convert_caps(caps)
return super(CephWrapper, self).auth_get_or_create(
entity, caps, body=body, timeout=timeout)
def auth_get_or_create_key(self, entity, caps=None,
body='json', timeout=None):
"""get, or add, key for <name> from system/caps pairs specified in the command. If key already exists, any given caps must match the existing caps for that key. """
caps = self._auth_convert_caps(caps)
response, _body = super(CephWrapper, self).auth_get_or_create_key(
entity, caps, body=body, timeout=timeout)
if response.ok:
_body['output'] = _body['output']
return response, _body
def osd_set_key(self, key, sure=None, body='json', timeout=None):
"""set <key> """
return self.osd_set(key, sure=sure, body=body, timeout=timeout)

3
ceph/python-cephclient/python-cephclient/requirements.txt
View File

@ -1,3 +0,0 @@
ipaddress
requests
six

34
ceph/python-cephclient/python-cephclient/setup.py
View File

@ -1,34 +0,0 @@
#!/usr/bin/env python
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import setuptools
setuptools.setup(
name='python-cephclient',
packages=['cephclient'],
version='13.2.2.0',
url='https://github.com/openstack/stx-integ/tree/master/ceph/python-cephclient/python-cephclient', # noqa E501
author='Daniel Badea',
author_email='daniel.badea@windriver.com',
description=(
'A client library in Python for Ceph Mgr RESTful plugin '
'providing REST API access to the cluster over an SSL-secured '
'connection. Python API is compatible with the old Python '
'Ceph client at https://github.com/dmsimard/python-cephclient '
'that no longer works in Ceph mimic because Ceph REST API '
'component was removed.'),
license='Apache-2.0',
keywords='ceph rest api ceph-rest-api client library',
install_requires=['ipaddress', 'requests', 'six'],
classifiers=[
'License :: OSI Approved :: Apache Software License',
'Development Status :: 1 - Alpha',
'Intended Audience :: Developers',
'Intended Audience :: System Administrators',
'Intended Audience :: Information Technology',
'Programming Language :: Python',
'Topic :: Utilities'
])

6
ceph/python-cephclient/python-cephclient/test-requirements.txt
View File

@ -1,6 +0,0 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
flake8
pytest

19
ceph/python-cephclient/python-cephclient/tox.ini
View File

@ -1,19 +0,0 @@
[tox]
envlist = py27,pep8
skipsdist = True
toxworkdir = /tmp/{env:USER}_ceph_manager_tox
[testenv]
setenv = VIRTUAL_ENV={envdir}
usedevelop = True
install_command = pip install --no-binary --upgrade --force-reinstall {opts} {packages}
deps = -r{toxinidir}/test-requirements.txt
commands = py.test {posargs}
whitelist_externals = bash
[testenv:pep8]
commands =
flake8 {posargs}
[flake8]
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build

31
devstack/lib/integ
View File

@ -19,8 +19,6 @@ set -o xtrace
STXINTEG_DIR=${GITDIR[$STX_INTEG_NAME]}
PLATFORM_UTIL_DIR=$STXINTEG_DIR/utilities/platform-util
# STX_INST_DIR should be a non-root-writable place to install build artifacts
STX_INST_DIR=${STX_INST_DIR:-/usr/local}
STX_BIN_DIR=${STX_BIN_DIR:-$STX_INST_DIR/bin}
@ -49,34 +47,7 @@ function init_integ {
function install_integ {
# Install the service
if is_service_enabled platform-util; then
install_platform_util
fi
}
function install_platform_util {
pushd $PLATFORM_UTIL_DIR/platform-util
sudo python setup.py install \
--root=/ \
--install-lib=$PYTHON_SITE_DIR \
--prefix=/usr \
--install-data=/usr/share \
--single-version-externally-managed
popd
local systemddir=/etc/systemd
$STX_SUDO install -m 755 -d ${STX_SBIN_DIR}
$STX_SUDO install -m 755 $PLATFORM_UTIL_DIR/scripts/patch-restart-mtce ${STX_SBIN_DIR}
$STX_SUDO install -m 755 $PLATFORM_UTIL_DIR/scripts/patch-restart-processes ${STX_SBIN_DIR}
$STX_SUDO install -m 755 $PLATFORM_UTIL_DIR/scripts/patch-restart-haproxy ${STX_SBIN_DIR}
$STX_SUDO install -m 755 $PLATFORM_UTIL_DIR/scripts/cgcs_tc_setup.sh ${STX_BIN_DIR}
$STX_SUDO install -m 755 $PLATFORM_UTIL_DIR/scripts/remotelogging_tc_setup.sh ${STX_BIN_DIR}
$STX_SUDO install -m 755 $PLATFORM_UTIL_DIR/scripts/connectivity_test ${STX_BIN_DIR}
# sudo install -m 755 $PLATFORM_UTIL_DIR/scripts/opt-platform.mount ${systemddir}/system
# sudo install -m 755 $PLATFORM_UTIL_DIR/scripts/opt-platform.service ${systemddir}/system
# sudo install -m 755 $PLATFORM_UTIL_DIR/scripts/memcached.service ${systemddir}/system
:
}
function start_integ {

1
devstack/settings
View File

@ -6,7 +6,6 @@
# https://docs.openstack.org/devstack/latest/plugins.html#plugin-sh-contract
# Services
# platform-util
# Defaults
# --------

202
filesystem/nfscheck/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

14
filesystem/nfscheck/PKG-INFO
View File

@ -1,14 +0,0 @@
Metadata-Version: 1.1
Name: nfscheck
Version: 1.0
Summary: NFS Audit
Home-page:
Author:
Author-email:
License: Apache-2.0
Description:
NFS Audit
Platform: UNKNOWN

2
filesystem/nfscheck/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
COPY_LIST="LICENSE files/*"
TIS_PATCH_VER=0

43
filesystem/nfscheck/centos/nfscheck.spec
View File

@ -1,43 +0,0 @@
Name: nfscheck
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
Summary: NFS Audit
Group: base
License: Apache-2.0
URL: unknown
Source0: nfscheck.sh
Source1: nfscheck.service
Source2: LICENSE
Requires: systemd
Requires: util-linux
%description
NFS Audit
%prep
%build
%install
install -d -m 755 %{buildroot}/usr/bin/
install -m 755 %{SOURCE0} %{buildroot}/usr/bin/nfscheck.sh
install -d -m 755 %{buildroot}/usr/lib/systemd/system/
install -m 664 %{SOURCE1} %{buildroot}/usr/lib/systemd/system/nfscheck.service
%post
/usr/bin/systemctl enable nfscheck.service >/dev/null 2>&1
%files
%license ../SOURCES/LICENSE
/usr/bin/*
/usr/lib/systemd/system/*
%changelog

202
filesystem/nfscheck/files/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

79
filesystem/nfscheck/files/nfscheck-init.sh
View File

@ -1,79 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# chkconfig: 345 99 10
### BEGIN INIT INFO
# Provides: nfscheck
# Required-Start: $syslog
# Required-Stop: $syslog
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Short-Description: nfscheck
# Description: NFS Audit
### END INIT INFO
DESC="nfscheck"
DAEMON="/usr/bin/nfscheck"
PIDFILE="/var/run/nfscheck.pid"
start()
{
if [ -e $PIDFILE ]; then
PIDDIR=/proc/$(cat $PIDFILE)
if [ -d ${PIDDIR} ]; then
echo "$DESC already running."
exit 1
else
echo "Removing stale PID file $PIDFILE"
rm -f $PIDFILE
fi
fi
echo -n "Starting $DESC..."
start-stop-daemon --start --quiet --background \
--pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON}
if [ $? -eq 0 ]; then
echo "done."
else
echo "failed."
fi
}
stop()
{
echo -n "Stopping $DESC..."
start-stop-daemon --stop --quiet --pidfile $PIDFILE
if [ $? -eq 0 ]; then
echo "done."
else
echo "failed."
fi
rm -f $PIDFILE
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload)
stop
start
;;
*)
echo "Usage: $0 {start|stop|force-reload|restart}"
exit 1
;;
esac
exit 0

10
filesystem/nfscheck/files/nfscheck.service
View File

@ -1,10 +0,0 @@
[Unit]
Description=nfscheck
After=syslog.target network.target nfs-mountd.service sw-patch.service
[Service]
Type=simple
ExecStart=/bin/sh /usr/bin/nfscheck.sh
[Install]
WantedBy=multi-user.target

48
filesystem/nfscheck/files/nfscheck.sh
View File

@ -1,48 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# The following script tests the NFS mount in order to log when it is hung
MOUNT=/opt/platform
previous=1
delay=60
while : ; do
# First, check that it's actually an NFS mount
mount | grep -q $MOUNT
if [ $? -ne 0 ]; then
logger -t NFSCHECK "$MOUNT is not mounted"
previous=1
sleep $delay
continue
fi
ls $MOUNT >/dev/null 2>&1 &
sleep $delay
# At this point, jobs will either report no jobs (empty) or Done,
# unless the job is still running/hung
rc=$(jobs)
if [[ -z "$rc" || $rc =~ "Done" ]]; then
# NFS is successful
if [ $previous -ne 0 ]; then
logger -t NFSCHECK "NFS test of $MOUNT is ok"
previous=0
fi
else
# Keep waiting until the job is done
while ! [[ -z "$rc" || $rc =~ "Done" ]]; do
logger -t NFSCHECK "NFS test of $MOUNT is failed"
previous=1
sleep $delay
rc=$(jobs)
done
fi
done

6
logging/logmgmt/.gitignore vendored
View File

@ -1,6 +0,0 @@
!.distro
.distro/centos7/rpmbuild/RPMS
.distro/centos7/rpmbuild/SRPMS
.distro/centos7/rpmbuild/BUILD
.distro/centos7/rpmbuild/BUILDROOT
.distro/centos7/rpmbuild/SOURCES/logmgmt*tar.gz

202
logging/logmgmt/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

13
logging/logmgmt/PKG-INFO
View File

@ -1,13 +0,0 @@
Metadata-Version: 1.1
Name: logmgmt
Version: 1.0
Summary: Management of /var/log filesystem
Home-page:
Author: Windriver
Author-email: info@windriver.com
License: Apache-2.0
Description: Management of /var/log filesystem
Platform: UNKNOWN

4
logging/logmgmt/centos/build_srpm.data
View File

@ -1,4 +0,0 @@
SRC_DIR="logmgmt"
COPY_LIST_TO_TAR="scripts"
COPY_LIST="$SRC_DIR/LICENSE"
TIS_PATCH_VER=4

87
logging/logmgmt/centos/logmgmt.spec
View File

@ -1,87 +0,0 @@
Summary: Management of /var/log filesystem
Name: logmgmt
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}-%{version}.tar.gz
Source1: LICENSE
BuildRequires: python-setuptools
BuildRequires: python2-pip
BuildRequires: python2-wheel
BuildRequires: systemd-devel
Requires: systemd
Requires: python-daemon
%description
Management of /var/log filesystem
%define local_bindir /usr/bin/
%define local_etc_initd /etc/init.d/
%define local_etc_pmond /etc/pmon.d/
%define pythonroot /usr/lib64/python2.7/site-packages
%define debug_package %{nil}
%prep
%setup
# Remove bundled egg-info
rm -rf *.egg-info
%build
%{__python} setup.py build
%py2_build_wheel
%install
%{__python} setup.py install --root=$RPM_BUILD_ROOT \
--install-lib=%{pythonroot} \
--prefix=/usr \
--install-data=/usr/share \
--single-version-externally-managed
mkdir -p $RPM_BUILD_ROOT/wheels
install -m 644 dist/*.whl $RPM_BUILD_ROOT/wheels/
install -d -m 755 %{buildroot}%{local_bindir}
install -p -D -m 700 scripts/bin/logmgmt %{buildroot}%{local_bindir}/logmgmt
install -p -D -m 700 scripts/bin/logmgmt_postrotate %{buildroot}%{local_bindir}/logmgmt_postrotate
install -p -D -m 700 scripts/bin/logmgmt_prerotate %{buildroot}%{local_bindir}/logmgmt_prerotate
install -d -m 755 %{buildroot}%{local_etc_initd}
install -p -D -m 700 scripts/init.d/logmgmt %{buildroot}%{local_etc_initd}/logmgmt
install -d -m 755 %{buildroot}%{local_etc_pmond}
install -p -D -m 644 scripts/pmon.d/logmgmt %{buildroot}%{local_etc_pmond}/logmgmt
install -p -D -m 664 scripts/etc/systemd/system/logmgmt.service %{buildroot}%{_unitdir}/logmgmt.service
%post
/usr/bin/systemctl enable logmgmt.service >/dev/null 2>&1
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc LICENSE
%{local_bindir}/*
%{local_etc_initd}/*
%dir %{local_etc_pmond}
%{local_etc_pmond}/*
%{_unitdir}/logmgmt.service
%dir %{pythonroot}/%{name}
%{pythonroot}/%{name}/*
%dir %{pythonroot}/%{name}-%{version}.0-py2.7.egg-info
%{pythonroot}/%{name}-%{version}.0-py2.7.egg-info/*
%package wheels
Summary: %{name} wheels
%description wheels
Contains python wheels for %{name}
%files wheels
/wheels/*

202
logging/logmgmt/logmgmt/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

6
logging/logmgmt/logmgmt/logmgmt/__init__.py
View File

@ -1,6 +0,0 @@
"""
Copyright (c) 2014 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""

271
logging/logmgmt/logmgmt/logmgmt/logmgmt.py
View File

@ -1,271 +0,0 @@
"""
Copyright (c) 2014 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
###################
# IMPORTS
###################
from __future__ import absolute_import
import logging
import logging.handlers
import time
import os
import subprocess
import glob
import re
import sys
from daemon import runner
from logmgmt import prepostrotate
###################
# CONSTANTS
###################
LOG_DIR = '/var/lib/logmgmt'
LOG_FILE = LOG_DIR + '/logmgmt.log'
PID_FILE = '/var/run/logmgmt.pid'
LOG_FILE_MAX_BYTES = 1024 * 1024
LOG_FILE_BACKUP_COUNT = 5
PERCENT_FREE_CRITICAL = 10
PERCENT_FREE_MAJOR = 20
LOGROTATE_PERIOD = 600 # Every ten minutes
###################
# METHODS
###################
def start_polling():
logmgmt_daemon = LogMgmtDaemon()
logmgmt_runner = runner.DaemonRunner(logmgmt_daemon)
logmgmt_runner.daemon_context.umask = 0o022
logmgmt_runner.do_action()
def handle_exception(exc_type, exc_value, exc_traceback):
"""Exception handler to log any uncaught exceptions"""
logging.error("Uncaught exception",
exc_info=(exc_type, exc_value, exc_traceback))
sys.__excepthook__(exc_type, exc_value, exc_traceback)
###################
# CLASSES
###################
class LogMgmtDaemon():
"""Daemon process representation of the /var/log monitoring program"""
def __init__(self):
# Daemon-specific init
self.stdin_path = '/dev/null'
self.stdout_path = '/dev/null'
self.stderr_path = '/dev/null'
self.pidfile_path = PID_FILE
self.pidfile_timeout = 5
self.monitored_files = []
self.unmonitored_files = []
self.last_logrotate = 0
self.last_check = 0
def configure_logging(self, level=logging.DEBUG):
my_exec = os.path.basename(sys.argv[0])
if not os.path.exists(LOG_DIR):
os.mkdir(LOG_DIR, 0o755)
log_format = '%(asctime)s: ' \
+ my_exec + '[%(process)s]: ' \
+ '%(filename)s(%(lineno)s): ' \
+ '%(levelname)s: %(message)s'
fmt = logging.Formatter(fmt=log_format)
# Use python's log rotation, rather than logrotate
handler = logging.handlers.RotatingFileHandler(
LOG_FILE,
maxBytes=LOG_FILE_MAX_BYTES,
backupCount=LOG_FILE_BACKUP_COUNT)
my_logger = logging.getLogger()
my_logger.setLevel(level)
handler.setFormatter(fmt)
handler.setLevel(level)
my_logger.addHandler(handler)
# Log uncaught exceptions to file
sys.excepthook = handle_exception
def run(self):
self.configure_logging()
while True:
self.check_var_log()
# run/poll every 1 min
time.sleep(60)
def get_percent_free(self):
usage = os.statvfs('/var/log')
return ((usage.f_bavail * 100) / usage.f_blocks)
def get_monitored_files(self):
self.monitored_files = []
try:
output = subprocess.check_output(['/usr/sbin/logrotate', '-d', '/etc/logrotate.conf'],
stderr=subprocess.STDOUT)
for line in output.split('\n'):
fields = line.split()
if len(fields) > 0 and fields[0] == "considering":
self.monitored_files.extend(glob.glob(fields[2]))
self.monitored_files.extend(glob.glob(fields[2] + '.[0-9].gz'))
self.monitored_files.extend(glob.glob(fields[2] + '.[0-9][0-9].gz'))
self.monitored_files.extend(glob.glob(fields[2] + '.[0-9]'))
self.monitored_files.extend(glob.glob(fields[2] + '.[0-9][0-9]'))
except:
logging.error('Failed to determine monitored files')
raise
def get_unmonitored_files(self):
self.unmonitored_files = []
try:
output = subprocess.check_output(['find', '/var/log', '-type', 'f'])
for fname in output.split('\n'):
if fname in self.monitored_files:
continue
# Ignore some files
if ('/var/log/puppet' in fname
or '/var/log/dmesg' in fname
or '/var/log/rabbitmq' in fname
or '/var/log/lastlog' in fname):
continue
if os.path.exists(fname):
self.unmonitored_files.append(fname)
except:
logging.error('Failed to determine unmonitored files')
def purge_files(self, index):
pattern = re.compile('.*\.([0-9]*)\.gz')
for fname in sorted(self.monitored_files):
result = pattern.match(fname)
if result:
if int(result.group(1)) >= index:
logging.info("Purging file: %s" % fname)
try:
os.remove(fname)
except OSError as e:
logging.error('Failed to remove file: %s', e)
def run_logrotate(self):
self.last_logrotate = int(time.time())
try:
subprocess.check_call(['/usr/sbin/logrotate', '/etc/logrotate.conf'])
except:
logging.error('Failed logrotate')
def run_logrotate_forced(self):
self.last_logrotate = int(time.time())
try:
subprocess.check_call(['/usr/sbin/logrotate', '-f', '/etc/logrotate.conf'])
except:
logging.error('Failed logrotate -f')
def timecheck(self):
# If we're more than a couple of mins since the last timecheck,
# there could have been a large time correction, which would skew
# our timing. Reset the logrotate timestamp to ensure we don't miss anything
now = int(time.time())
if self.last_check > now or (now - self.last_check) > 120:
self.last_logrotate = 0
self.last_check = now
def check_var_log(self):
self.timecheck()
try:
prepostrotate.ensure_bash_log_locked_down()
except Exception as e:
logging.exception('Failed to ensure bash.log locked', e)
pf = self.get_percent_free()
if pf > PERCENT_FREE_CRITICAL:
# We've got more than 10% free space, so just run logrotate every ten minutes
now = int(time.time())
if self.last_logrotate > now or (now - self.last_logrotate) > LOGROTATE_PERIOD:
logging.info("Running logrotate")
self.run_logrotate()
return
logging.warning("Reached critical disk usage for /var/log: %d%% free" % pf)
# We're running out of disk space, so we need to start deleting files
try:
for index in range(20, 11, -1):
logging.info("/var/log is %d%% free. Purging rotated .%d.gz files to free space" % (pf, index))
self.get_monitored_files()
self.purge_files(index)
pf = self.get_percent_free()
if pf >= PERCENT_FREE_MAJOR:
# We've freed up enough space. Do a logrotate and leave
logging.info("/var/log is %d%% free. Running logrotate" % pf)
self.run_logrotate()
return
except Exception as e:
logging.exception('Failed purging rotated files', e)
# We still haven't freed up enough space, so try a logrotate
logging.info("/var/log is %d%% free. Running logrotate" % pf)
self.run_logrotate()
pf = self.get_percent_free()
if pf >= PERCENT_FREE_MAJOR:
return
# Try a forced rotate
logging.info("/var/log is %d%% free. Running forced logrotate" % pf)
self.run_logrotate_forced()
pf = self.get_percent_free()
if pf >= PERCENT_FREE_MAJOR:
return
# Start deleting unmonitored files
try:
self.get_monitored_files()
self.get_unmonitored_files()
logging.info("/var/log is %d%% free. Deleting unmonitored files to free space" % pf)
for fname in sorted(self.unmonitored_files, key=os.path.getsize, reverse=True):
logging.info("Deleting unmonitored file: %s" % fname)
try:
os.remove(fname)
except OSError as e:
logging.error('Failed to remove file: %s', e)
pf = self.get_percent_free()
if pf >= PERCENT_FREE_MAJOR:
logging.info("/var/log is %d%% free." % pf)
return
except Exception as e:
logging.exception('Failed checking unmonitored files', e)
# Nothing else to be done
logging.info("/var/log is %d%% free." % pf)
return

60
logging/logmgmt/logmgmt/logmgmt/prepostrotate.py
View File

@ -1,60 +0,0 @@
"""
Copyright (c) 2017 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
###################
# IMPORTS
###################
import array
import fcntl
import struct
import glob
EXT2_APPEND_FL = 0x00000020
EXT4_EXTENTS_FL = 0x00080000
EXT_IOC_SETFLAGS = 0x40086602
EXT_IOC_GETFLAGS = 0x80086601
def _is_file_append_only(filename):
buf = array.array('h', [0])
with open(filename, 'r') as f:
fcntl.ioctl(f.fileno(), EXT_IOC_GETFLAGS, buf)
has_append_only = (buf.tolist()[0] & EXT2_APPEND_FL) == EXT2_APPEND_FL
return has_append_only
def _set_file_attrs(filename, attrs):
flags = struct.pack('i', attrs)
with open(filename, 'r') as f:
fcntl.ioctl(f.fileno(), EXT_IOC_SETFLAGS, flags)
def chattr_add_append_only(filename):
_set_file_attrs(filename, EXT2_APPEND_FL | EXT4_EXTENTS_FL)
def chattr_remove_append_only(filename):
_set_file_attrs(filename, EXT4_EXTENTS_FL)
def prerotate():
for filename in glob.glob("/var/log/bash.log*"):
if _is_file_append_only(filename):
chattr_remove_append_only(filename)
def postrotate():
for filename in glob.glob("/var/log/bash.log*"):
if not _is_file_append_only(filename):
chattr_add_append_only(filename)
def ensure_bash_log_locked_down():
# need the same functionality as postrotate
postrotate()

18
logging/logmgmt/logmgmt/setup.py
View File

@ -1,18 +0,0 @@
#!/usr/bin/env python
"""
Copyright (c) 2014 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
import setuptools
setuptools.setup(name='logmgmt',
version='1.0.0',
description='logmgmt',
license='Apache-2.0',
packages=['logmgmt'],
entry_points={}
)

18
logging/logmgmt/scripts/bin/logmgmt
View File

@ -1,18 +0,0 @@
#!/usr/bin/env python
"""
Copyright (c) 2014 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
import sys
try:
from logmgmt import logmgmt
except EnvironmentError as e:
print >> sys.stderr, "Error importing logmgmt: ", str(e)
sys.exit(1)
logmgmt.start_polling()

19
logging/logmgmt/scripts/bin/logmgmt_postrotate
View File

@ -1,19 +0,0 @@
#!/usr/bin/env python
"""
Copyright (c) 2014 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
import sys
try:
from logmgmt import prepostrotate
except EnvironmentError as e:
print >> sys.stderr, "Error importing prepostrotate: ", str(e)
sys.exit(1)
prepostrotate.postrotate()

19
logging/logmgmt/scripts/bin/logmgmt_prerotate
View File

@ -1,19 +0,0 @@
#!/usr/bin/env python
"""
Copyright (c) 2014 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
import sys
try:
from logmgmt import prepostrotate
except EnvironmentError as e:
print >> sys.stderr, "Error importing prepostrotate: ", str(e)
sys.exit(1)
prepostrotate.prerotate()

14
logging/logmgmt/scripts/etc/systemd/system/logmgmt.service
View File

@ -1,14 +0,0 @@
[Unit]
Description=Titanium Cloud Log Management
After=network.target syslog-ng.service iscsid.service sw-patch.service
Before=config.service pmon.service
[Service]
Type=forking
ExecStart=/etc/init.d/logmgmt start
ExecStop=/etc/init.d/logmgmt stop
ExecReload=/etc/init.d/logmgmt restart
PIDFile=/var/run/logmgmt.pid
[Install]
WantedBy=multi-user.target

97
logging/logmgmt/scripts/init.d/logmgmt
View File

@ -1,97 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
### BEGIN INIT INFO
# Provides: logmgmt
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Daemon for /var/log management
# Description: Daemon for /var/log management
### END INIT INFO
DESC="logmgmt"
DAEMON="/usr/bin/logmgmt"
RUNDIR="/var/run"
PIDFILE=$RUNDIR/$DESC.pid
start()
{
if [ -e $PIDFILE ]; then
PID=$(cat $PIDFILE)
PIDDIR=/proc/${PID}
if [ -n "${PID}" -a -d ${PIDDIR} ]; then
echo "$DESC already running."
exit 0
else
echo "Removing stale PID file $PIDFILE"
rm -f $PIDFILE
fi
fi
echo -n "Starting $DESC..."
mkdir -p $RUNDIR
start-stop-daemon --start --quiet \
--pidfile ${PIDFILE} --exec ${DAEMON} start
#--make-pidfile
if [ $? -eq 0 ]; then
echo "done."
else
echo "failed."
exit 1
fi
}
stop()
{
echo -n "Stopping $DESC..."
start-stop-daemon --stop --quiet --pidfile $PIDFILE
if [ $? -eq 0 ]; then
echo "done."
else
echo "failed."
fi
rm -f $PIDFILE
}
status()
{
pid=`cat $PIDFILE 2>/dev/null`
if [ -n "$pid" ]; then
if ps -p $pid &>/dev/null ; then
echo "$DESC is running"
exit 0
else
echo "$DESC is not running but has pid file"
exit 1
fi
fi
echo "$DESC is not running"
exit 3
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload|reload)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|force-reload|restart|reload|status}"
exit 1
;;
esac
exit 0

24
logging/logmgmt/scripts/pmon.d/logmgmt
View File

@ -1,24 +0,0 @@
;
; Copyright (c) 2014-2016 Wind River Systems, Inc.
;
; SPDX-License-Identifier: Apache-2.0
;
[process]
process = logmgmt
pidfile = /var/run/logmgmt.pid
script = /etc/init.d/logmgmt
style = lsb ; ocf or lsb
severity = minor ; Process failure severity
; critical : host is failed
; major : host is degraded
; minor : log is generated
restarts = 5 ; Number of back to back unsuccessful restarts before severity assertion
interval = 10 ; Number of seconds to wait between back-to-back unsuccessful restarts
debounce = 20 ; Number of seconds the process needs to run before declaring
; it as running O.K. after a restart.
; Time after which back-to-back restart count is cleared.
startuptime = 10 ; Seconds to wait after process start before starting the debounce monitor
mode = passive ; Monitoring mode: passive (default) or active
; passive: process death monitoring (default: always)
; active: heartbeat monitoring, i.e. request / response messaging

14
security/tpm2-openssl-engine/PKG_INFO
View File

@ -1,14 +0,0 @@
Metadata-Version: 1.1
Name: tpm2-openssl-engine
Version: 1.0
Summary: TPM 2.0 Openssl Engine
Home-page:
Author: Windriver
Author-email: info@windriver.com
License: openssl
Description: Titanium Control's TPM 2.0 OpenSSL Engine. Leveraged by
Titanium applications to provide secure TLS Decryption and Signing
capabilities to Titanium host applications.
Platform: UNKNOWN

2
security/tpm2-openssl-engine/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
SRC_DIR="tpm2-openssl-engine"
TIS_PATCH_VER=2

39
security/tpm2-openssl-engine/centos/tpm2-openssl-engine.spec
View File

@ -1,39 +0,0 @@
Name: tpm2-openssl-engine
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
Summary: TPM 2.0 Openssl Engine
License: openssl
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}-%{version}.tar.gz
BuildRequires: openssl-devel
BuildRequires: openssl
BuildRequires: tss2-devel
Requires: tss2
%description
TPM 2.0 OpenSSL engine. Leveraged by applications
to provide secure TLS Decryption and Signing capabilities
%prep
%setup -q
%build
make %{?_smp_mflags}
%install
make install ENGINEDIR=%{buildroot}/%{_libdir}/openssl/engines UTILDIR=%{buildroot}/usr/sbin
%files
%license LICENSE
%defattr(-,root,root,-)
%{_libdir}/openssl/engines/libtpm2.so
/usr/sbin/create_tpm2_key

57
security/tpm2-openssl-engine/tpm2-openssl-engine/LICENSE
View File

@ -1,57 +0,0 @@
OpenSSL License
====================================================================
Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this
software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
endorse or promote products derived from this software without
prior written permission. For written permission, please contact
openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL"
nor may "OpenSSL" appear in their names without prior written
permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following
acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
====================================================================
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com). This product includes software written by Tim
Hudson (tjh@cryptsoft.com).
This product is inspired by the original TPM 1.2 openssl engine written
by Kent Yoder <kyoder@users.sf.net> for the Trousers Project. This product
includes TPM key blob ASN-1 encoding scheme from James Bottomley
<james.bottomley@HansenPartnership.com>

54
security/tpm2-openssl-engine/tpm2-openssl-engine/Makefile
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2013-2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#### Installation options
ENGINEDIR=
UTILDIR=
#### Toolchain options
CC = gcc
LD = $(CC)
#### Debug flags (typically "-g").
# Those flags only feed CFLAGS so it is not mandatory to use this form.
DEBUG_CFLAGS = -g -O2 -Werror -Wno-unused-parameter -Wno-missing-braces
#### Compiler-specific flags that may be used to disable some negative over-
# optimization or to silence some warnings. -fno-strict-aliasing is needed with
# gcc >= 4.4.
SPEC_CFLAGS = -fno-strict-aliasing
#### Common CFLAGS
CFLAGS = $(DEBUG_CFLAGS) $(SPEC_CFLAGS)
#### Common LDFLAGS
LDFLAGS = -g
DYNAMIC_ENGINE=libtpm2.so
UTIL=create_tpm2_key
INCLUDES+=-I${SYSTEM_DIR}/usr/include/
LDFLAGS +=-lcrypto -lc -ltss
SRCS += e_tpm2.c e_tpm2_err.c
HEADERS += e_tpm2.h
OBJS = $(SRCS:.c=.o)
all: $(DYNAMIC_ENGINE) ${UTIL}
${UTIL}: $(OBJS)
$(CC) -Wall ${CFLAGS} ${INCLUDES} create_tpm2_key.c ${LDFLAGS} -o ${UTIL}
$(DYNAMIC_ENGINE): $(OBJS)
$(CC) -Wall ${CFLAGS} ${INCLUDES} ${LDFLAGS} -fPIC -c ${SRCS}
$(CC) -shared -Wl,-soname,${DYNAMIC_ENGINE} ${LDFLAGS} -o ${DYNAMIC_ENGINE} $(OBJS)
install: all
install -D -m 755 ${DYNAMIC_ENGINE} ${ENGINEDIR}/${DYNAMIC_ENGINE}
install -D -m 755 ${UTIL} ${UTILDIR}/${UTIL}
clean:
$(RM) *.o *.so *.so.0

479
security/tpm2-openssl-engine/tpm2-openssl-engine/create_tpm2_key.c
View File

@ -1,479 +0,0 @@
/*
* Copyright (c) 2017 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*
*/
/* ====================================================================
*
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* This product is inspired by the original TPM 1.2 openssl engine written
* by Kent Yoder <kyoder@users.sf.net> for the Trousers Project. This product
* includes TPM key blob ASN-1 encoding scheme from James Bottomley
* <james.bottomley@HansenPartnership.com>
*
*/
#include <stdio.h>
#include <getopt.h>
#include <string.h>
#include <strings.h>
#include <errno.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <tss2/tss.h>
#include <tss2/tssutils.h>
#include <tss2/tssmarshal.h>
#include <tss2/tssresponsecode.h>
#include "tpm2-asn.h"
static struct option long_options[] = {
{"auth", 0, 0, 'a'},
{"help", 0, 0, 'h'},
{"name-scheme", 1, 0, 'n'},
{"parent-handle", 1, 0, 'p'},
{"wrap", 1, 0, 'w'},
{0, 0, 0, 0}
};
static TPM_ALG_ID name_alg = TPM_ALG_SHA256;
static int name_alg_size = SHA256_DIGEST_SIZE;
void
usage(char *argv0)
{
fprintf(stderr, "\t%s: create a TPM key and write it to disk\n"
"\tusage: %s [options] <filename>\n\n"
"\tOptions:\n"
"\t\t-a|--auth require a password for the key [NO]\n"
"\t\t-h|--help print this help message\n"
"\t\t-n|--name-scheme name algorithm to use sha1 [sha256] sha384 sha512\n"
"\t\t-p|--parent-handle persistent handle of parent key\n"
"\t\t-w|--wrap [file] wrap an existing openssl PEM key\n",
argv0, argv0);
exit(-1);
}
void tpm2_error(TPM_RC rc, const char *reason)
{
const char *msg, *submsg, *num;
fprintf(stderr, "%s failed with %d\n", reason, rc);
TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
fprintf(stderr, "%s%s%s\n", msg, submsg, num);
}
void
openssl_print_errors()
{
ERR_load_ERR_strings();
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
}
int
openssl_write_tpmfile(const char *file, BYTE *pubkey, int pubkey_len,
BYTE *privkey, int privkey_len, int empty_auth,
TPM_HANDLE parent)
{
TSSLOADABLE tssl;
BIO *outb;
/* clear structure so as not to have to set optional parameters */
memset(&tssl, 0, sizeof(tssl));
if ((outb = BIO_new_file(file, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", file);
return 1;
}
tssl.type = OBJ_txt2obj(OID_loadableKey, 1);
tssl.emptyAuth = empty_auth;
if ((parent & 0xff000000) == 0x81000000) {
tssl.parent = ASN1_INTEGER_new();
ASN1_INTEGER_set(tssl.parent, parent);
}
tssl.pubkey = ASN1_OCTET_STRING_new();
ASN1_STRING_set(tssl.pubkey, pubkey, pubkey_len);
tssl.privkey = ASN1_OCTET_STRING_new();
ASN1_STRING_set(tssl.privkey, privkey, privkey_len);
PEM_write_bio_TSSLOADABLE(outb, &tssl);
BIO_free(outb);
return 0;
}
EVP_PKEY *
openssl_read_key(char *filename)
{
BIO *b = NULL;
EVP_PKEY *pkey;
b = BIO_new_file(filename, "r");
if (b == NULL) {
fprintf(stderr, "Error opening file for read: %s\n", filename);
return NULL;
}
if ((pkey = PEM_read_bio_PrivateKey(b, NULL, PEM_def_callback, NULL)) == NULL) {
fprintf(stderr, "Reading key %s from disk failed.\n", filename);
openssl_print_errors();
}
BIO_free(b);
return pkey;
}
void tpm2_public_template_rsa(TPMT_PUBLIC *pub)
{
pub->type = TPM_ALG_RSA;
pub->nameAlg = name_alg;
/* note: all our keys are decrypt only. This is because
* we use the TPM2_RSA_Decrypt operation for both signing
* and decryption (see e_tpm2.c for details) */
pub->objectAttributes.val = TPMA_OBJECT_NODA |
TPMA_OBJECT_DECRYPT |
TPMA_OBJECT_SIGN |
TPMA_OBJECT_USERWITHAUTH;
pub->authPolicy.t.size = 0;
pub->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
pub->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
}
TPM_RC openssl_to_tpm_public_rsa(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
{
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
BIGNUM *n, *e;
int size = RSA_size(rsa);
unsigned long exp;
if (size > MAX_RSA_KEY_BYTES)
return TPM_RC_KEY_SIZE;
#if OPENSSL_VERSION_NUMBER < 0x10100000
n = rsa->n;
e = rsa->e;
#else
RSA_get0_key(&n, &e, NULL);
#endif
exp = BN_get_word(e);
/* TPM limitations means exponents must be under a word in size */
if (exp == 0xffffffffL)
return TPM_RC_KEY_SIZE;
tpm2_public_template_rsa(pub);
pub->parameters.rsaDetail.keyBits = size*8;
if (exp == 0x10001)
pub->parameters.rsaDetail.exponent = 0;
else
pub->parameters.rsaDetail.exponent = exp;
pub->unique.rsa.t.size = BN_bn2bin(n, pub->unique.rsa.t.buffer);
return 0;
}
TPM_RC openssl_to_tpm_public(TPM2B_PUBLIC *pub, EVP_PKEY *pkey)
{
TPMT_PUBLIC *tpub = &pub->publicArea;
pub->size = sizeof(*pub);
switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_RSA:
return openssl_to_tpm_public_rsa(tpub, pkey);
default:
break;
}
return TPM_RC_ASYMMETRIC;
}
TPM_RC openssl_to_tpm_private_rsa(TPMT_SENSITIVE *s, EVP_PKEY *pkey)
{
BIGNUM *q;
TPM2B_PRIVATE_KEY_RSA *t2brsa = &s->sensitive.rsa;
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
#if OPENSSL_VERSION_NUMBER < 0x10100000
q = rsa->q;
#else
BIGNUM *p;
RSA_get0_factors(rsa, &p, &q);
#endif
if (!q)
return TPM_RC_ASYMMETRIC;
s->sensitiveType = TPM_ALG_RSA;
s->seedValue.b.size = 0;
t2brsa->t.size = BN_bn2bin(q, t2brsa->t.buffer);
return 0;
}
TPM_RC openssl_to_tpm_private(TPMT_SENSITIVE *priv, EVP_PKEY *pkey)
{
switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_RSA:
return openssl_to_tpm_private_rsa(priv, pkey);
default:
break;
}
return TPM_RC_ASYMMETRIC;
}
TPM_RC wrap_key(TPM2B_PRIVATE *priv, const char *password, EVP_PKEY *pkey)
{
TPMT_SENSITIVE s;
TPM2B_SENSITIVE b;
BYTE *buf;
int32_t size;
TPM_RC rc;
memset(&b, 0, sizeof(b));
memset(&s, 0, sizeof(s));
openssl_to_tpm_private(&s, pkey);
if (password) {
int len = strlen(password);
memcpy(s.authValue.b.buffer, password, len);
s.authValue.b.size = len;
} else {
s.authValue.b.size = 0;
}
size = sizeof(s);
buf = b.b.buffer;
rc = TSS_TPMT_SENSITIVE_Marshal(&s, &b.b.size, &buf, &size);
if (rc)
tpm2_error(rc, "TSS_TPMT_SENSITIVE_Marshal");
size = sizeof(*priv);
buf = priv->b.buffer;
priv->b.size = 0;
/* no encryption means innerIntegrity and outerIntegrity are
* absent, so the TPM2B_PRIVATE is a TPMT_SENSITIVE*/
rc = TSS_TPM2B_PRIVATE_Marshal((TPM2B_PRIVATE *)&b, &priv->b.size, &buf, &size);
if (rc)
tpm2_error(rc, "TSS_TPM2B_PRIVATE_Marshal");
return TPM_RC_ASYMMETRIC;
}
int main(int argc, char **argv)
{
char *filename, c, *wrap = NULL, *auth = NULL;
int option_index;
const char *reason;
TSS_CONTEXT *tssContext = NULL;
TPM_HANDLE parent = 0;
TPM_RC rc = 0;
BYTE pubkey[sizeof(TPM2B_PUBLIC)],privkey[sizeof(TPM2B_PRIVATE)], *buffer;
uint16_t pubkey_len, privkey_len;
int32_t size = 0;
TPM2B_PUBLIC *pub;
TPM2B_PRIVATE *priv;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "n:ap:hw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
auth = malloc(128);
break;
case 'h':
usage(argv[0]);
break;
case 'n':
if (!strcasecmp("sha1", optarg)) {
name_alg = TPM_ALG_SHA1;
name_alg_size = SHA1_DIGEST_SIZE;
} else if (strcasecmp("sha256", optarg)) {
/* default, do nothing */
} else if (strcasecmp("sha384", optarg)) {
name_alg = TPM_ALG_SHA384;
name_alg_size = SHA384_DIGEST_SIZE;
#ifdef TPM_ALG_SHA512
} else if (strcasecmp("sha512", optarg)) {
name_alg = TPM_ALG_SHA512;
name_alg_size = SHA512_DIGEST_SIZE;
#endif
} else {
usage(argv[0]);
}
break;
case 'p':
parent = strtol(optarg, NULL, 16);
break;
case 'w':
wrap = optarg;
break;
default:
usage(argv[0]);
break;
}
}
filename = argv[argc - 1];
if (argc < 2)
usage(argv[0]);
if (!wrap) {
fprintf(stderr, "wrap is a compulsory option\n");
usage(argv[0]);
}
if (!parent) {
fprintf(stderr, "parent handle is a compulsory option\n");
usage(argv[0]);
}
if (parent && (parent & 0xff000000) != 0x81000000) {
fprintf(stderr, "you must specify a persistent parent handle\n");
usage(argv[0]);
}
if (auth) {
if (EVP_read_pw_string(auth, 128, "Enter TPM key authority: ", 1)) {
fprintf(stderr, "Passwords do not match\n");
exit(1);
}
}
rc = TSS_Create(&tssContext);
if (rc) {
reason = "TSS_Create";
goto out_err;
}
/*
* avoid using the device TCTI as that will bind
* exclusively to the TPM device. Instead
* use the Kernel TPM Resource Manager as that
* allows concurrent access
*
* N.B: This assumes that the kernel-modules-tpm
* pkg is installed with the modified tpm_crb KLM
*/
rc = TSS_SetProperty(tssContext, TPM_DEVICE, "/dev/tpmrm0");
if (rc) {
reason = "TSS_SetProperty: TPM_USE_RESOURCE_MANAGER";
goto out_err;
}
if (wrap) {
Import_In iin;
Import_Out iout;
EVP_PKEY *pkey;
/* may be needed to decrypt the key */
OpenSSL_add_all_ciphers();
pkey = openssl_read_key(wrap);
if (!pkey) {
reason = "unable to read key";
goto out_delete;
}
iin.parentHandle = parent;
iin.encryptionKey.t.size = 0;
openssl_to_tpm_public(&iin.objectPublic, pkey);
/* set random iin.symSeed */
iin.inSymSeed.t.size = 0;
iin.symmetricAlg.algorithm = TPM_ALG_NULL;
wrap_key(&iin.duplicate, auth, pkey);
openssl_to_tpm_public(&iin.objectPublic, pkey);
rc = TSS_Execute(tssContext,
(RESPONSE_PARAMETERS *)&iout,
(COMMAND_PARAMETERS *)&iin,
NULL,
TPM_CC_Import,
TPM_RS_PW, NULL, 0,
TPM_RH_NULL, NULL, 0,
TPM_RH_NULL, NULL, 0,
TPM_RH_NULL, NULL, 0);
if (rc) {
reason = "TPM2_Import";
goto out_flush;
}
pub = &iin.objectPublic;
priv = &iout.outPrivate;
}
buffer = pubkey;
pubkey_len = 0;
size = sizeof(pubkey);
TSS_TPM2B_PUBLIC_Marshal(pub, &pubkey_len, &buffer, &size);
buffer = privkey;
privkey_len = 0;
size = sizeof(privkey);
TSS_TPM2B_PRIVATE_Marshal(priv, &privkey_len, &buffer, &size);
openssl_write_tpmfile(filename, pubkey, pubkey_len, privkey, privkey_len, auth == NULL, parent);
TSS_Delete(tssContext);
exit(0);
out_flush:
out_delete:
TSS_Delete(tssContext);
out_err:
tpm2_error(rc, reason);
exit(1);
}

860
security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c
View File

@ -1,860 +0,0 @@
/*
* Copyright (c) 2017 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* This product is inspired by the original TPM 1.2 openssl engine written
* by Kent Yoder <kyoder@users.sf.net> for the Trousers Project. This product
* includes TPM key blob ASN-1 encoding scheme from James Bottomley
* <james.bottomley@HansenPartnership.com>
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/sha.h>
#include <openssl/bn.h>
#include <openssl/asn1.h>
#include <openssl/pem.h>
#include "e_tpm2.h"
#include "tpm2-asn.h"
//IMPLEMENT_ASN1_FUNCTIONS(TSSLOADABLE)
/* IBM TSS2 library functions */
static const char *TPM_F_File_ReadStructure = "TSS_File_ReadStructure";
static const char *TPM_F_Context_Create = "TSS_Create";
static const char *TPM_F_Context_Close = "TSS_Delete";
static const char *TPM_F_TPM_Execute = "TSS_Execute";
static const char *TPM_F_Hash_Generate = "TSS_Hash_Generate";
static const char *TPM_F_Structure_Marshal = "TSS_Structure_Marshal";
static const char *TPM_F_PrivateKey_Unmarshal = "TPM2B_PRIVATE_Unmarshal";
static const char *TPM_F_PublicKey_Unmarshal = "TPM2B_PUBLIC_Unmarshal";
static const char *TPM_F_Set_Property = "TSS_SetProperty";
/* engine specific functions */
static int tpm_engine_destroy(ENGINE *);
static int tpm_engine_init(ENGINE *);
static int tpm_engine_finish(ENGINE *);
static int tpm_engine_ctrl(ENGINE *, int, long, void *, void (*)());
static EVP_PKEY *tpm_engine_load_key(ENGINE *, const char *, UI_METHOD *, void *);
static int tpm_engine_flush_key_context(TPMI_DH_OBJECT hKey);
#ifndef OPENSSL_NO_RSA
/* rsa functions */
static int tpm_rsa_init(RSA *rsa);
static int tpm_rsa_finish(RSA *rsa);
static int tpm_rsa_priv_dec(int, const unsigned char *, unsigned char *, RSA *, int);
static int tpm_rsa_priv_enc(int, const unsigned char *, unsigned char *, RSA *, int);
#endif
/* The definitions for control commands specific to this engine */
#define TPM_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
{TPM_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the libtpm2.so shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
// for now we will only overwrite the RSA decryption
// operation to go over TPM 2.0.
// Add additional hooks as new use cases pop up
#ifndef OPENSSL_NO_RSA
static RSA_METHOD tpm_rsa = {
"TPM 2.0 RSA method", // name
NULL, // rsa_pub_enc (encrypt)
NULL, // rsa_pub_dec (verify arbitrary data)
tpm_rsa_priv_enc, // rsa_priv_enc (sign)
tpm_rsa_priv_dec, // rsa_priv_dec (decrypt)
NULL, // rsa_mod_exp
BN_mod_exp_mont, // bn_mod_exp
tpm_rsa_init, // init
tpm_rsa_finish, // free
(RSA_FLAG_SIGN_VER | RSA_FLAG_NO_BLINDING | RSA_FLAG_EXT_PKEY),
NULL, // app_data
NULL, /* sign */ // rsa_sign
NULL, /* verify */ // rsa_verify
NULL // rsa_keygen
};
#endif
/* Constants used when creating the ENGINE */
static const char *engine_tpm_id = "tpm2";
static const char *engine_tpm_name = "TPM 2.0 hardware engine support for";
static const char *TPM_LIBNAME = "tpm2";
static TSS_CONTEXT *hContext = NULL_HCONTEXT;
static TPMI_DH_OBJECT hKey = NULL_HKEY;
/* varibles used to get/set CRYPTO_EX_DATA values */
int ex_app_data = TPM_ENGINE_EX_DATA_UNINIT;
/* This is a process-global DSO handle used for loading and unloading
* the TSS library. NB: This is only set (or unset) during an
* init() or finish() call (reference counts permitting) and they're
* operating with global locks, so this should be thread-safe
* implicitly. */
static DSO *tpm_dso = NULL;
/* These are the function pointers that are (un)set when the library has
* successfully (un)loaded. */
static unsigned int (*p_tpm2_File_ReadStructure)();
static unsigned int (*p_tpm2_Context_Create)();
static unsigned int (*p_tpm2_Context_Close)();
static unsigned int (*p_tpm2_TPM_Execute)();
static unsigned int (*p_tpm2_Hash_Generate)();
static unsigned int (*p_tpm2_Structure_Marshal)();
static unsigned int (*p_tpm2_TPM_PrivateKey_Unmarshal)();
static unsigned int (*p_tpm2_TPM_PublicKey_Unmarshal)();
static unsigned int (*p_tpm2_Set_Property)();
/* This internal function is used by ENGINE_tpm() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE * e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
if (!ENGINE_set_id(e, engine_tpm_id) ||
!ENGINE_set_name(e, engine_tpm_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &tpm_rsa) ||
#endif
!ENGINE_set_destroy_function(e, tpm_engine_destroy) ||
!ENGINE_set_init_function(e, tpm_engine_init) ||
!ENGINE_set_finish_function(e, tpm_engine_finish) ||
!ENGINE_set_ctrl_function(e, tpm_engine_ctrl) ||
!ENGINE_set_load_privkey_function(e, tpm_engine_load_key) ||
!ENGINE_set_cmd_defns(e, tpm_cmd_defns))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the tpm-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
if (meth1)
{
tpm_rsa.rsa_mod_exp = meth1->rsa_mod_exp;
tpm_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
tpm_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
}
#endif
/* Ensure the tpm error handling is set up */
ERR_load_TPM_strings();
return 1;
}
static ENGINE *engine_tpm(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_tpm(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_tpm();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
/* Destructor (complements the "ENGINE_tpm()" constructor) */
static int tpm_engine_destroy(ENGINE * e)
{
/* Unload the tpm error strings so any error state including our
* functs or reasons won't lead to a segfault (they simply get displayed
* without corresponding string data because none will be found). */
ERR_unload_TPM_strings();
return 1;
}
/* initialisation function */
static int tpm_engine_init(ENGINE * e)
{
void (*p1) ();
void (*p2) ();
void (*p3) ();
void (*p4) ();
void (*p5) ();
void (*p6) ();
void (*p7) ();
void (*p8) ();
void (*p9) ();
TPM_RC result;
if (tpm_dso != NULL) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_ALREADY_LOADED);
return 1;
}
if ((tpm_dso = DSO_load(NULL, TPM_LIBNAME, NULL, 0)) == NULL) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
goto err;
}
if (!(p1 = DSO_bind_func(tpm_dso, TPM_F_File_ReadStructure)) ||
!(p2 = DSO_bind_func(tpm_dso, TPM_F_Context_Create)) ||
!(p3 = DSO_bind_func(tpm_dso, TPM_F_Context_Close)) ||
!(p4 = DSO_bind_func(tpm_dso, TPM_F_TPM_Execute)) ||
!(p5 = DSO_bind_func(tpm_dso, TPM_F_Hash_Generate)) ||
!(p6 = DSO_bind_func(tpm_dso, TPM_F_Structure_Marshal)) ||
!(p7 = DSO_bind_func(tpm_dso, TPM_F_PrivateKey_Unmarshal)) ||
!(p8 = DSO_bind_func(tpm_dso, TPM_F_PublicKey_Unmarshal)) ||
!(p9 = DSO_bind_func(tpm_dso, TPM_F_Set_Property))
) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_tpm2_File_ReadStructure = (unsigned int (*) ()) p1;
p_tpm2_Context_Create = (unsigned int (*) ()) p2;
p_tpm2_Context_Close = (unsigned int (*) ()) p3;
p_tpm2_TPM_Execute = (unsigned int (*) ()) p4;
p_tpm2_Hash_Generate = (unsigned int (*) ()) p5;
p_tpm2_Structure_Marshal = (unsigned int (*) ()) p6;
p_tpm2_TPM_PrivateKey_Unmarshal = (unsigned int (*) ()) p7;
p_tpm2_TPM_PublicKey_Unmarshal = (unsigned int (*) ()) p8;
p_tpm2_Set_Property = (unsigned int (*) ()) p9;
if ((result = p_tpm2_Context_Create(&hContext))) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
/*
* avoid using the tpm0 device TCTI as that will bind
* exclusively to the TPM device. Instead
* use the Kernel TPM Resource Manager as that
* allows concurrent access
*
* N.B: This assumes that the kernel-modules-tpm
* pkg is installed with the modified tpm_crb KLM
*/
if ((result = p_tpm2_Set_Property(hContext,
TPM_INTERFACE_TYPE, "dev"))) {
DBG("Failed to set Resource Manager in context (%p): rc %d",
hContext, (int)result);
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
if ((result = p_tpm2_Set_Property(hContext,
TPM_DEVICE, "/dev/tpmrm0"))) {
DBG("Failed to set Resource Manager in context (%p): rc %d",
hContext, (int)result);
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
return 1;
err:
if (hContext != NULL_HCONTEXT) {
p_tpm2_Context_Close(hContext);
hContext = NULL_HCONTEXT;
}
if (tpm_dso) {
DSO_free(tpm_dso);
tpm_dso = NULL;
}
p_tpm2_File_ReadStructure = NULL;
p_tpm2_Context_Create = NULL;
p_tpm2_Context_Close = NULL;
p_tpm2_TPM_Execute = NULL;
p_tpm2_Hash_Generate = NULL;
p_tpm2_Structure_Marshal = NULL;
p_tpm2_TPM_PrivateKey_Unmarshal = NULL;
p_tpm2_TPM_PublicKey_Unmarshal = NULL;
p_tpm2_Set_Property = NULL;
return 0;
}
static int tpm_engine_finish(ENGINE * e)
{
if (tpm_dso == NULL) {
TSSerr(TPM_F_TPM_ENGINE_FINISH, TPM_R_NOT_LOADED);
return 0;
}
if (hKey != NULL_HKEY) {
tpm_engine_flush_key_context(hKey);
hKey = NULL_HKEY;
}
if (hContext != NULL_HCONTEXT) {
p_tpm2_Context_Close(hContext);
hContext = NULL_HCONTEXT;
}
if (!DSO_free(tpm_dso)) {
TSSerr(TPM_F_TPM_ENGINE_FINISH, TPM_R_DSO_FAILURE);
return 0;
}
tpm_dso = NULL;
return 1;
}
int fill_out_rsa_object(RSA *rsa, TPMT_PUBLIC *pub, TPMI_DH_OBJECT hKey)
{
struct rsa_app_data *app_data;
unsigned long exp;
if ((app_data = OPENSSL_malloc(sizeof(struct rsa_app_data))) == NULL) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
/* set e in the RSA object */
if (!rsa->e && ((rsa->e = BN_new()) == NULL)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
if (pub->parameters.rsaDetail.exponent == 0)
exp = 65537;
else
exp = pub->parameters.rsaDetail.exponent;
if (!BN_set_word(rsa->e, exp)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
BN_free(rsa->e);
return 0;
}
/* set n in the RSA object */
if (!rsa->n && ((rsa->n = BN_new()) == NULL)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
BN_free(rsa->e);
return 0;
}
if (!BN_bin2bn(pub->unique.rsa.t.buffer, pub->unique.rsa.t.size,
rsa->n)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
BN_free(rsa->e);
BN_free(rsa->n);
return 0;
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000
RSA_set0_key(rsa, rsa->n, rsa->e, NULL);
#endif
DBG("Setting hKey(0x%x) in RSA object", hKey);
memset(app_data, 0, sizeof(struct rsa_app_data));
app_data->hKey = hKey;
RSA_set_ex_data(rsa, ex_app_data, app_data);
return 1;
}
static int tpm_engine_flush_key_context(TPMI_DH_OBJECT hKey)
{
TPM_RC rc;
FlushContext_In input;
if (hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_FLUSH_OBJECT_CONTEXT, TPM_R_INVALID_KEY);
return -1;
}
input.flushHandle = hKey;
if ((rc = p_tpm2_TPM_Execute(hContext,
NULL,
(COMMAND_PARAMETERS *)&input,
NULL,
TPM_CC_FlushContext,
TPM_RH_NULL, NULL, 0))) {
DBG("Context Flush Failed: Ret code %d", rc);
TSSerr(TPM_F_TPM_FLUSH_OBJECT_CONTEXT,
TPM_R_REQUEST_FAILED);
return -1;
}
return 0;
}
static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
UI_METHOD *ui, void *cb_data)
{
RSA *rsa;
EVP_PKEY *pkey;
BIO *bf;
char oid[128];
TPM_RC rc;
TSSLOADABLE *tssl; // the TPM key
Load_In input;
Load_Out output;
const char *parentPassword = NULL;
TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW;
unsigned int sessionAttributes0 = 0;
TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL;
unsigned int sessionAttributes1 = 0;
TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL;
unsigned int sessionAttributes2 = 0;
if (!key_id) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
// check if the file exists
if ((bf = BIO_new_file(key_id, "r")) == NULL) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_FILE_NOT_FOUND);
return NULL;
}
tssl = PEM_read_bio_TSSLOADABLE(bf, NULL, NULL, NULL);
BIO_free(bf);
if (!tssl) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_FILE_READ_FAILED);
goto load_err;
}
if (OBJ_obj2txt(oid, sizeof(oid), tssl->type, 1) == 0) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_READ_FAILED);
goto load_err;
}
if (strcmp(OID_loadableKey, oid) == 0) {
DBG ("TSSL key type is of format that can be loaded in TPM 2.0");
} else if (strcmp(OID_12Key, oid) == 0) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_TPM_1_2_KEY);
goto load_err;
} else if (strcmp(OID_importableKey, oid) == 0) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_KEY_UNSUPPORTED);
goto load_err;
} else {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_KEY_UNRECOGNIZED);
goto err;
}
// since this TPM key was wrapped in the Endorsement
// Key hierarchy and its handle was persisted, we will
// specify that as the Parent Handle for the Load operation
if (!tssl->parent) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_KEY_NO_PARENT_HANDLE);
goto load_err;
}
input.parentHandle = ASN1_INTEGER_get(tssl->parent);
DBG ("Got parent handle 0x%x", input.parentHandle);
// unmarshal the public and private key portions from
// within the TPM ASN1 key blob
p_tpm2_TPM_PrivateKey_Unmarshal(&input.inPrivate,
&(tssl->privkey->data),
&(tssl->privkey->length));
p_tpm2_TPM_PublicKey_Unmarshal(&input.inPublic,
&(tssl->pubkey->data),
&(tssl->pubkey->length),
FALSE);
if ((rc = p_tpm2_TPM_Execute(hContext,
(RESPONSE_PARAMETERS *)&output,
(COMMAND_PARAMETERS *)&input,
NULL,
TPM_CC_Load,
sessionHandle0,
parentPassword,
sessionAttributes0,
sessionHandle1,
NULL,
sessionAttributes1,
sessionHandle2,
NULL,
sessionAttributes2,
TPM_RH_NULL, NULL, 0))) {
DBG("Context Load Failed: Ret code %08x", rc);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_REQUEST_FAILED);
goto load_err;
}
hKey = output.objectHandle;
/* create the new objects to return */
if ((pkey = EVP_PKEY_new()) == NULL) {
goto err;
}
pkey->type = EVP_PKEY_RSA;
if ((rsa = RSA_new()) == NULL) {
EVP_PKEY_free(pkey);
goto err;
}
rsa->meth = &tpm_rsa;
/* call our local init function here */
rsa->meth->init(rsa);
pkey->pkey.rsa = rsa;
if (!fill_out_rsa_object(rsa,
&input.inPublic.publicArea,
hKey)) {
EVP_PKEY_free(pkey);
RSA_free(rsa);
goto err;
}
EVP_PKEY_assign_RSA(pkey, rsa);
return pkey;
err:
tpm_engine_flush_key_context(hKey);
hKey = NULL_HKEY;
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
load_err:
//TSSLOADABLE_free(tssl);
return NULL;
}
static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
{
int initialised = ((tpm_dso == NULL) ? 0 : 1);
switch (cmd) {
case TPM_CMD_SO_PATH:
if (p == NULL) {
TSSerr(TPM_F_TPM_ENGINE_CTRL,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
TSSerr(TPM_F_TPM_ENGINE_CTRL,
TPM_R_ALREADY_LOADED);
return 0;
}
TPM_LIBNAME = (const char *) p;
return 1;
default:
break;
}
TSSerr(TPM_F_TPM_ENGINE_CTRL, TPM_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int tpm_rsa_init(RSA *rsa)
{
if (ex_app_data == TPM_ENGINE_EX_DATA_UNINIT)
ex_app_data = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL);
if (ex_app_data == TPM_ENGINE_EX_DATA_UNINIT) {
TSSerr(TPM_F_TPM_RSA_INIT, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
static int tpm_rsa_finish(RSA *rsa)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
OPENSSL_free(app_data);
return 1;
}
static int tpm_rsa_priv_dec(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TPM_RC result;
UINT32 out_len;
int rv;
RSA_Decrypt_In input;
RSA_Decrypt_Out output;
// the parent object is not passwod protected
// but it may be in the future.
const char *parentPassword = NULL;
TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW;
unsigned int sessionAttributes0 = 0;
TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL;
unsigned int sessionAttributes1 = 0;
TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL;
unsigned int sessionAttributes2 = 0;
if (!app_data) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_NO_APP_DATA);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_dec(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
}
return rv;
}
// hKey is the handle of the private key that is used for decrypt
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_KEY);
return 0;
}
/* handler of the private key that will perform rsa decrypt */
input.keyHandle = app_data->hKey;
// fill in the TPM2RB_PUBLIC_KEY_RSA structure with the
// cipher text and cipher lenght
{
input.label.t.size = 0;
input.cipherText.t.size = flen;
memcpy(input.cipherText.t.buffer, from, flen);
}
/*
* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure:
* we MAY set the input scheme to TPM_ALG_NULL to allow
* for the encryption algorithm prescribed in the digital
* certificate to be used for encryption
*/
input.inScheme.scheme = TPM_ALG_RSAES; /* TPM_ALG_NULL; */
// decrypt this cipher text using the private key stored inside
// tpm and referenced by hKey
if ((result = p_tpm2_TPM_Execute(hContext,
(RESPONSE_PARAMETERS *)&output,
(COMMAND_PARAMETERS *)&input,
NULL,
TPM_CC_RSA_Decrypt,
sessionHandle0,
parentPassword,
sessionAttributes0,
sessionHandle1,
NULL,
sessionAttributes1,
sessionHandle2,
NULL,
sessionAttributes2,
TPM_RH_NULL, NULL, 0))) {
DBG("RSA Decrypt Failed: Ret code %d", result);
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG ("Doing RSA Decryption");
// Unmarshal the output data and return decrypted cipher text
// and output length
rv = p_tpm2_Structure_Marshal(&to, &out_len,
&output.message,
(MarshalFunction_t)
TSS_TPM2B_PUBLIC_KEY_RSA_Marshal);
if (rv == 0) {
DBG("writing out %d bytes as a signature", out_len);
return out_len;
}
return 0;
}
static int tpm_rsa_priv_enc(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TPM_RC result = 0;
UINT32 sig_len;
int rv;
RSA_Decrypt_In input;
RSA_Decrypt_Out output;
// the parent object is not passwod protected
// but it may be in the future.
const char *parentPassword = NULL;
TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW;
unsigned int sessionAttributes0 = 0;
TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL;
unsigned int sessionAttributes1 = 0;
TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL;
unsigned int sessionAttributes2 = 0;
if (!app_data) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_NO_APP_DATA);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_enc(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (padding != RSA_PKCS1_PADDING) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_PADDING_TYPE);
return 0;
}
// hKey is the handle to the private key that is used for hashing
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_KEY);
return 0;
}
/* handler of the private key that will perform signing */
input.keyHandle = app_data->hKey;
/*
* Table 145 - Definition of TPMT_SIG_SCHEME inscheme:
* we will set the input scheme to TPM_ALG_NULL to allow
* for the hash algorithm prescribed in the digital certificate
* to be used for signing.
*
* Note that we are using a Decryption operation instead of ]
* a TPM 2.0 Sign operation because of a serious limitation in the
* IBM TSS that it will only sign digests which it has hashed itself,
* i.e. the hash has a corresponding TPM_ST_HASHCHECK validation
* ticket in TPM memory. Long story short, TPM will only sign
* stuff it knows the OID to.
*
* We will therefore specify a Decyrption operation with our
* own padding applied upto the RSA block size and specify
* a TPM_ALG_NULL hashing scheme so that a decrypt operation
* essentially becomes an encrypt op
*/
input.inScheme.scheme = TPM_ALG_NULL;
/* digest to be signed */
int size = RSA_size(rsa);
input.cipherText.t.size = size;
RSA_padding_add_PKCS1_type_1(input.cipherText.t.buffer,
size, from, flen);
input.label.t.size = 0;
// sign this digest using the private key stored inside
// tpm and referenced by hKey
if ((result = p_tpm2_TPM_Execute(hContext,
(RESPONSE_PARAMETERS *)&output,
(COMMAND_PARAMETERS *)&input,
NULL,
TPM_CC_RSA_Decrypt,
sessionHandle0,
parentPassword,
sessionAttributes0,
sessionHandle1,
NULL,
sessionAttributes1,
sessionHandle2,
NULL,
sessionAttributes2,
TPM_RH_NULL, NULL, 0))) {
DBG("RSA Sign Failed: Ret code %d", result);
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
// thats right son!!! finally signed
sig_len = output.message.t.size;
memcpy(to, output.message.t.buffer, sig_len);
DBG("writing out %d bytes as a signature", sig_len);
return sig_len;
}
/* This stuff is needed if this ENGINE is being compiled into a self-contained
* shared-library. */
static int bind_fn(ENGINE * e, const char *id)
{
if (id && (strcmp(id, engine_tpm_id) != 0)) {
TSSerr(TPM_F_TPM_BIND_FN, TPM_R_ID_INVALID);
return 0;
}
if (!bind_helper(e)) {
TSSerr(TPM_F_TPM_BIND_FN, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

147
security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.h
View File

@ -1,147 +0,0 @@
/*
* Copyright (c) 2017 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* This product is inspired by the original TPM 1.2 openssl engine written
* by Kent Yoder <kyoder@users.sf.net> for the Trousers Project. This product
* includes TPM key blob ASN-1 encoding scheme from James Bottomley
* <james.bottomley@HansenPartnership.com>
*
*/
#ifndef _E_TPM_H
#define _E_TPM_H
#include <tss2/tss.h>
#include <tss2/tssutils.h>
#include <tss2/tssresponsecode.h>
#include <tss2/Unmarshal_fp.h>
#include <tss2/tssmarshal.h>
#include <tss2/tsscryptoh.h>
#define TPM_LIB_NAME "tpm2 engine"
#define NULL_HCONTEXT NULL
#define NULL_HKEY 0
void ERR_load_TPM_strings(void);
void ERR_unload_TPM_strings(void);
void ERR_TSS_error(int function, int reason, char *file, int line);
#define TSSerr(f,r) ERR_TSS_error((f),(r),__FILE__,__LINE__)
#define DBG(x, ...) fprintf(stderr, "DEBUG %s:%d %s " x "\n", __FILE__,__LINE__,__FUNCTION__,##__VA_ARGS__)
/* Error codes for the TPM functions. */
/* Function codes. */
#define TPM_F_TPM_ENGINE_CTRL 100
#define TPM_F_TPM_ENGINE_FINISH 101
#define TPM_F_TPM_ENGINE_INIT 102
#define TPM_F_TPM_RSA_PRIV_ENC 103
#define TPM_F_TPM_RSA_PRIV_DEC 104
#define TPM_F_TPM_RSA_FINISH 105
#define TPM_F_TPM_RSA_INIT 106
#define TPM_F_TPM_ENGINE_LOAD_KEY 107
#define TPM_F_TPM_BIND_FN 108
#define TPM_F_TPM_FILL_RSA_OBJECT 109
#define TPM_F_TPM_FLUSH_OBJECT_CONTEXT 110
/* Reason codes. */
#define TPM_R_ALREADY_LOADED 100
#define TPM_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
#define TPM_R_DSO_FAILURE 102
#define TPM_R_MEXP_LENGTH_TO_LARGE 103
#define TPM_R_MISSING_KEY_COMPONENTS 104
#define TPM_R_NOT_INITIALISED 105
#define TPM_R_NOT_LOADED 106
#define TPM_R_OPERANDS_TOO_LARGE 107
#define TPM_R_OUTLEN_TO_LARGE 108
#define TPM_R_REQUEST_FAILED 109
#define TPM_R_UNDERFLOW_CONDITION 110
#define TPM_R_UNDERFLOW_KEYRECORD 111
#define TPM_R_UNIT_FAILURE 112
#define TPM_R_INVALID_KEY_SIZE 113
#define TPM_R_BN_CONVERSION_FAILED 114
#define TPM_R_INVALID_EXPONENT 115
#define TPM_R_REQUEST_TOO_BIG 116
#define TPM_R_NO_APP_DATA 117
#define TPM_R_INVALID_ENC_SCHEME 118
#define TPM_R_INVALID_MSG_SIZE 119
#define TPM_R_INVALID_PADDING_TYPE 120
#define TPM_R_INVALID_KEY 121
#define TPM_R_FILE_NOT_FOUND 122
#define TPM_R_FILE_READ_FAILED 123
#define TPM_R_ID_INVALID 124
#define TPM_R_TPM_1_2_KEY 125
#define TPM_R_KEY_UNSUPPORTED 126
#define TPM_R_KEY_UNRECOGNIZED 127
#define TPM_R_KEY_NO_PARENT_HANDLE 128
/* structure pointed to by the RSA object's app_data pointer.
* this is used to tag TPM meta data in the RSA object and
* use that to distinguish between a vanilla Openssl RSA object
* and a TPM RSA object
*/
struct rsa_app_data
{
TPMI_DH_OBJECT hKey;
// add additional meta data as need be
};
#define TPM_ENGINE_EX_DATA_UNINIT -1
#define RSA_PKCS1_OAEP_PADDING_SIZE (2 * SHA_DIGEST_LENGTH + 2)
#endif

170
security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2_err.c
View File

@ -1,170 +0,0 @@
/*
* Copyright (c) 2017 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* This product is inspired by the original TPM 1.2 openssl engine written
* by Kent Yoder <kyoder@users.sf.net> for the Trousers Project. This product
* includes TPM key blob ASN-1 encoding scheme from James Bottomley
* <james.bottomley@HansenPartnership.com>
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#include "e_tpm2.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA TPM_str_functs[] = {
{ERR_PACK(0, TPM_F_TPM_ENGINE_CTRL, 0), "TPM_ENGINE_CTRL"},
{ERR_PACK(0, TPM_F_TPM_ENGINE_FINISH, 0), "TPM_ENGINE_FINISH"},
{ERR_PACK(0, TPM_F_TPM_ENGINE_INIT, 0), "TPM_ENGINE_INIT"},
{ERR_PACK(0, TPM_F_TPM_RSA_PRIV_ENC, 0), "TPM_RSA_PRIV_ENC"},
{ERR_PACK(0, TPM_F_TPM_RSA_PRIV_DEC, 0), "TPM_RSA_PRIV_DEC"},
{ERR_PACK(0, TPM_F_TPM_RSA_FINISH, 0), "TPM_RSA_FINISH"},
{ERR_PACK(0, TPM_F_TPM_RSA_INIT, 0), "TPM_RSA_INIT"},
{ERR_PACK(0, TPM_F_TPM_ENGINE_LOAD_KEY, 0), "TPM_ENGINE_LOAD_KEY"},
{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
{ERR_PACK(0, TPM_F_TPM_FLUSH_OBJECT_CONTEXT, 0), "TPM_FLUSH_OBJECT_CONTEXT"},
{0, NULL}
};
static ERR_STRING_DATA TPM_str_reasons[] = {
{TPM_R_ALREADY_LOADED, "already loaded"},
{TPM_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{TPM_R_DSO_FAILURE, "dso failure"},
{TPM_R_MISSING_KEY_COMPONENTS, "missing key components"},
{TPM_R_NOT_INITIALISED, "not initialised"},
{TPM_R_NOT_LOADED, "not loaded"},
{TPM_R_OPERANDS_TOO_LARGE, "operands too large"},
{TPM_R_OUTLEN_TO_LARGE, "outlen to large"},
{TPM_R_REQUEST_FAILED, "request failed"},
{TPM_R_REQUEST_TOO_BIG, "requested number of random bytes > 4096"},
{TPM_R_UNDERFLOW_CONDITION, "underflow condition"},
{TPM_R_UNDERFLOW_KEYRECORD, "underflow keyrecord"},
{TPM_R_UNIT_FAILURE, "unit failure"},
{TPM_R_INVALID_KEY_SIZE, "invalid key size"},
{TPM_R_BN_CONVERSION_FAILED, "bn conversion failed"},
{TPM_R_INVALID_EXPONENT, "invalid exponent"},
{TPM_R_NO_APP_DATA, "no app data in RSA object"},
{TPM_R_INVALID_ENC_SCHEME, "invalid encryption scheme"},
{TPM_R_INVALID_MSG_SIZE, "invalid message size to sign"},
{TPM_R_INVALID_PADDING_TYPE, "invalid padding type"},
{TPM_R_INVALID_KEY, "invalid key"},
{TPM_R_FILE_NOT_FOUND, "file to load not found"},
{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
{TPM_R_ID_INVALID, "engine id doesn't match"},
{TPM_R_TPM_1_2_KEY, "tpm 1.2 key format not supported"},
{TPM_R_KEY_UNSUPPORTED, "unsupported TPM key format"},
{TPM_R_KEY_UNRECOGNIZED, "unrecognized TPM key format"},
{TPM_R_KEY_NO_PARENT_HANDLE, "TPM key has no parent handle"},
{0, NULL}
};
#endif
static ERR_STRING_DATA TPM_lib_name[] = {
{0, TPM_LIB_NAME},
{0, NULL}
};
static int TPM_lib_error_code = 0;
static int TPM_error_init = 1;
void ERR_load_TPM_strings(void)
{
if (TPM_lib_error_code == 0) {
TPM_lib_error_code = ERR_get_next_error_library();
DBG("TPM_lib_error_code is %d", TPM_lib_error_code);
}
if (TPM_error_init) {
TPM_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(TPM_lib_error_code, TPM_str_functs);
ERR_load_strings(TPM_lib_error_code, TPM_str_reasons);
#endif
TPM_lib_name[0].error = ERR_PACK(TPM_lib_error_code, 0, 0);
ERR_load_strings(0, TPM_lib_name);
}
}
void ERR_unload_TPM_strings(void)
{
if (TPM_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(TPM_lib_error_code, TPM_str_functs);
ERR_unload_strings(TPM_lib_error_code, TPM_str_reasons);
#endif
ERR_load_strings(0, TPM_lib_name);
TPM_error_init = 1;
}
}
void ERR_TSS_error(int function, int reason, char *file, int line)
{
if (TPM_lib_error_code == 0)
TPM_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(TPM_lib_error_code, function, reason, file, line);
}

121
security/tpm2-openssl-engine/tpm2-openssl-engine/tpm2-asn.h
View File

@ -1,121 +0,0 @@
/*
* Copyright (c) 2017 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* This product is inspired by the original TPM 1.2 openssl engine written
* by Kent Yoder <kyoder@users.sf.net> for the Trousers Project. This product
* includes TPM key blob ASN-1 encoding scheme from James Bottomley
* <james.bottomley@HansenPartnership.com>
*
*/
#ifndef _TPM2_ASN_H
#define _TPM2_ASN_H
#include <openssl/asn1t.h>
#include <openssl/pem.h>
/*
* Define the format of a TPM key file. The current format covers
* both TPM1.2 keys as well as symmetrically encrypted private keys
* produced by TSS2_Import and the TPM2 format public key which
* contains things like the policy but which is cryptographically tied
* to the private key.
*
* TPMKey ::= SEQUENCE {
* type OBJECT IDENTIFIER
* emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL
* parent [1] EXPLICIT INTEGER OPTIONAL
* pubkey [2] EXPLICIT OCTET STRING OPTIONAL
* privkey OCTET STRING
* }
*/
typedef struct {
ASN1_OBJECT *type;
ASN1_BOOLEAN emptyAuth;
ASN1_INTEGER *parent;
ASN1_OCTET_STRING *pubkey;
ASN1_OCTET_STRING *privkey;
} TSSLOADABLE;
/* the two type oids are in the TCG namespace 2.23.133; we choose an
* unoccupied child (10) for keytype file and two values:
* 1 : Key that is directly loadable
* 2 : Key that must first be imported then loaded
*/
#define OID_12Key "2.23.133.10.1"
#define OID_loadableKey "2.23.133.10.2"
#define OID_importableKey "2.23.133.10.3"
ASN1_SEQUENCE(TSSLOADABLE) = {
ASN1_SIMPLE(TSSLOADABLE, type, ASN1_OBJECT),
ASN1_EXP_OPT(TSSLOADABLE, emptyAuth, ASN1_BOOLEAN, 0),
ASN1_EXP_OPT(TSSLOADABLE, parent, ASN1_INTEGER, 1),
ASN1_EXP_OPT(TSSLOADABLE, pubkey, ASN1_OCTET_STRING, 2),
ASN1_SIMPLE(TSSLOADABLE, privkey, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(TSSLOADABLE)
IMPLEMENT_ASN1_FUNCTIONS(TSSLOADABLE)
//DECLARE_ASN1_FUNCTIONS(TSSLOADABLE)
/* This is the PEM guard tag */
#define TSSLOADABLE_PEM_STRING "TSS2 KEY BLOB"
static IMPLEMENT_PEM_write_bio(TSSLOADABLE, TSSLOADABLE, TSSLOADABLE_PEM_STRING, TSSLOADABLE)
static IMPLEMENT_PEM_read_bio(TSSLOADABLE, TSSLOADABLE, TSSLOADABLE_PEM_STRING, TSSLOADABLE)
#endif

202
security/wrs-ssl/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

2
security/wrs-ssl/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
COPY_LIST="$PKG_BASE/files/* $PKG_BASE/LICENSE $PKG_BASE/server-csr.conf"
TIS_PATCH_VER=13

41
security/wrs-ssl/centos/wrs-ssl.spec
View File

@ -1,41 +0,0 @@
Summary: wrs-ssl version 1.0.0-r2
Name: wrs-ssl
Version: 1.0.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
BuildRequires: openssl
Source0: LICENSE
Source1: server-csr.conf
Source2: tpmdevice-setup
%description
Wind River Security
%install
rm -rf $RPM_BUILD_ROOT
RPM_BUILD_DIR_PKG="%{name}-%{version}"
mkdir -p $RPM_BUILD_DIR_PKG
CSRCONF="$RPM_BUILD_DIR_PKG/server-csr.conf"
PEMFILE="$RPM_BUILD_DIR_PKG/self-signed-server-cert.pem"
cp %{SOURCE1} $CSRCONF
# generate a self signed default certificate
/usr/bin/openssl req -new -x509 -sha256 -keyout $PEMFILE -out $PEMFILE -days 365 -nodes -config $CSRCONF
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/ssl/private
install -m 400 $PEMFILE $RPM_BUILD_ROOT/%{_sysconfdir}/ssl/private/self-signed-server-cert.pem
mkdir -p $RPM_BUILD_ROOT/%{_sbindir}
install -m 700 %{SOURCE2} $RPM_BUILD_ROOT/%{_sbindir}/tpmdevice-setup
mkdir -p $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}-%{version}
install -m 644 %{SOURCE0} $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}-%{version}
%files
%defattr(-,root,root,-)
%{_sysconfdir}/*
%{_sbindir}/*
%{_defaultdocdir}/%{name}-%{version}

122
security/wrs-ssl/files/tpmdevice-setup
View File

@ -1,122 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2013-2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# TPM setup (both active controller and remote)
export TPM_INTERFACE_TYPE=dev
CERTIFICATE_FILE="server-cert.pem"
LOGFILE="/etc/ssl/private/.install.log"
ORIGINAL_KEY=$1
TPM_OBJECT_CONTEXT=$2
PUBLIC_KEY=$3
TPM_KEY_HIERARCHY_HANDLE=0x81010002
if [ -z "$ORIGINAL_KEY" ] || [ -z "$TPM_OBJECT_CONTEXT" ] || [ -z "$PUBLIC_KEY" ]; then
echo "ERROR: Missing required parameters"
echo "USAGE: $0 <privatekey> <tpm_context> <publickey>"
exit 1
fi
CERTIFICATE_DIR=$(dirname "${ORIGINAL_KEY}")
export TPM_DATA_DIR=$CERTIFICATE_DIR
# TPM specific environment
TPM_OBJECT_NAME="$CERTIFICATE_DIR/key.blob.name"
RESOURCEMGR_DEFAULT_PORT="2323"
### Helper functions ###
# Echo's an error and exits with provided error code
# Input : error message ($1), ret code ($2)
# Output : None
# Note : If no retcode is provided, exits with 1
error_exit () {
echo "$1"
# remove previous object context
rm -f $TPM_OBJECT_CONTEXT &> /dev/null
exit "${2:-1}"
}
# func: checkTPMTools
# check if the appropriate TPM2.0-tools are installed
#
# Input : None
# Output : None
checkTPMTools () {
declare -a helper_scripts=("tss2_createprimary"
"tss2_importpem"
"tss2_getcapability"
"tss2_load"
"tss2_contextsave"
"tss2_evictcontrol"
"tss2_flushcontext"
"create_tpm2_key")
for src in "${helper_scripts[@]}"; do
if ! type "$src" &>/dev/null; then
error_exit "ERROR: Cannot find $src. Needed for TPM configuration"
fi
done
}
### Main ###
# remove previous object context
rm -f $TPM_OBJECT_CONTEXT &> /dev/null
rm -f $CERTIFICATE_DIR/*.bin &> /dev/null
tpmCheck=`lsmod | grep "tpm" -c`
[ "$tpmCheck" -ne 0 ] || error_exit "TPM Kernel Module not found. Check BIOS/Kernel configuration"
# Ensure that the appropriate TPM tool utilities are
# installed on the system
checkTPMTools
# Confirm that this is a TPM 2.0 device
TPM_VERSION=`tss2_getcapability -cap 6 | grep TPM_PT_FAMILY_INDICATOR | awk '{print $4}' | xxd -r -p`
if [ "$TPM_VERSION" != "2.0" ]; then
error_exit "ERROR: TPM Device is not version 2.0 compatible"
fi
# Clear the NV
# as well as all stale transient handles in
# the endorsement hierarchy.
tss2_clear -hi l
# Create the Endorsement Primary Key hierarchy which will be used
# for wrapping the private key. Use RSA as the primary key encryption
# and SHA 256 for hashing. Allow TPM to output the object
# handle as a file context
PRIMARY_HANDLE=`tss2_createprimary -hi e -rsa -halg sha256 | grep "Handle" | awk '{print $2}'`
[ ! -z "$PRIMARY_HANDLE" ] || error_exit "Unable to create TPM Key Hierarchy"
PRIMARY_HANDLE="0x$PRIMARY_HANDLE"
# The object context will be lost over node reboots, and needs to
# be persistently stored in TPM NV.
# evict the persistent handle if it exists previously
tss2_evictcontrol -hi o -ho $TPM_KEY_HIERARCHY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE
tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE >> $LOGFILE
[ $? -eq 0 ] || error_exit "Unable to persist Key Hierarchy in TPM memory"
tss2_flushcontext -ha $PRIMARY_HANDLE
# wrap the original private key in TPM's Endorsement key hierarchy
# this will generate a TSS key blob in ASN 1 encoding
create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT >> $LOGFILE
[ $? -eq 0 ] || error_exit "Unable to wrap provided private key into TPM Key Hierarchy"
# the apps will also need to the public key, place it in
# the certificate dirpath
mv $PUBLIC_KEY $CERTIFICATE_DIR/$CERTIFICATE_FILE
# ensure that the TPM object and the public cert are only readable by root
chown root $CERTIFICATE_DIR/$CERTIFICATE_FILE $TPM_OBJECT_CONTEXT
chmod 0600 $CERTIFICATE_DIR/$CERTIFICATE_FILE $TPM_OBJECT_CONTEXT
# remove all sysinv key copy artifacts
rm -f $ORIGINAL_KEY "${ORIGINAL_KEY}.sysinv" "${PUBLIC_KEY}.sysinv" &> /dev/null
exit 0

8
security/wrs-ssl/server-csr.conf
View File

@ -1,8 +0,0 @@
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
CN = StarlingX

202
tools/collector/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

2
tools/collector/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
SRC_DIR="scripts"
TIS_PATCH_VER=30

67
tools/collector/centos/collector.spec
View File

@ -1,67 +0,0 @@
Summary: CGCS Platform Data Collection Scripts Package
Name: collector
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}-%{version}.tar.gz
%description
This packages scripts that implement data and log collection that field
support can execute to gather current state and runtime history for off
platform analysis and debug.
%prep
%setup
%install
mkdir -p %{buildroot}
install -d 755 -d %{buildroot}%{_sysconfdir}/collect.d
install -d 755 -d %{buildroot}%{_sysconfdir}/collect
install -d 755 -d %{buildroot}/usr/local/sbin
install -d 755 -d %{buildroot}/usr/local/bin
install -d 755 -d %{buildroot}%{_sbindir}
install -m 755 collect %{buildroot}/usr/local/sbin/collect
install -m 755 collect_host %{buildroot}/usr/local/sbin/collect_host
install -m 755 collect_date %{buildroot}/usr/local/sbin/collect_date
install -m 755 collect_utils %{buildroot}/usr/local/sbin/collect_utils
install -m 755 collect_parms %{buildroot}/usr/local/sbin/collect_parms
install -m 755 collect_mask_passwords %{buildroot}/usr/local/sbin/collect_mask_passwords
install -m 755 expect_done %{buildroot}/usr/local/sbin/expect_done
install -m 755 collect_sysinv.sh %{buildroot}%{_sysconfdir}/collect.d/collect_sysinv
install -m 755 collect_psqldb.sh %{buildroot}%{_sysconfdir}/collect.d/collect_psqldb
install -m 755 collect_openstack.sh %{buildroot}%{_sysconfdir}/collect.d/collect_openstack
install -m 755 collect_networking.sh %{buildroot}%{_sysconfdir}/collect.d/collect_networking
install -m 755 collect_ceph.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ceph
install -m 755 collect_sm.sh %{buildroot}%{_sysconfdir}/collect.d/collect_sm
install -m 755 collect_tc.sh %{buildroot}%{_sysconfdir}/collect.d/collect_tc
install -m 755 collect_nfv_vim.sh %{buildroot}%{_sysconfdir}/collect.d/collect_nfv_vim
install -m 755 collect_ovs.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ovs
install -m 755 collect_patching.sh %{buildroot}%{_sysconfdir}/collect.d/collect_patching
install -m 755 collect_coredump.sh %{buildroot}%{_sysconfdir}/collect.d/collect_coredump
install -m 755 collect_crash.sh %{buildroot}%{_sysconfdir}/collect.d/collect_crash
install -m 755 collect_ima.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ima
install -m 755 collect_fm.sh %{buildroot}%{_sysconfdir}/collect.d/collect_fm
install -m 755 etc.exclude %{buildroot}%{_sysconfdir}/collect/etc.exclude
install -m 755 run.exclude %{buildroot}%{_sysconfdir}/collect/run.exclude
ln -sf /usr/local/sbin/collect %{buildroot}/usr/local/bin/collect
ln -sf /usr/local/sbin/collect %{buildroot}%{_sbindir}/collect
%clean
rm -rf %{buildroot}
%files
%license LICENSE
%defattr(-,root,root,-)
%{_sysconfdir}/collect/*
%{_sysconfdir}/collect.d/*
/usr/local/sbin/*
/usr/local/bin/collect
%{_sbindir}/collect

202
tools/collector/scripts/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1245
tools/collector/scripts/collect
View File

File diff suppressed because it is too large Load Diff

81
tools/collector/scripts/collect_ceph.sh
View File

@ -1,81 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="ceph"
LOGFILE="${extradir}/ceph.info"
echo "${hostname}: Ceph Info .........: ${LOGFILE}"
function is_service_active {
active=`sm-query service management-ip | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
function exit_if_timeout {
if [ "$?" = "124" ] ; then
echo "Exiting due to ceph command timeout" >> ${LOGFILE}
exit 0
fi
}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
# Using timeout with all ceph commands because commands can hang for
# minutes if the ceph cluster is down. If ceph is not configured, the
# commands return immediately.
delimiter ${LOGFILE} "ceph status"
timeout 30 ceph status >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
delimiter ${LOGFILE} "ceph mon dump"
timeout 30 ceph mon dump >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
delimiter ${LOGFILE} "ceph osd dump"
timeout 30 ceph osd dump >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
delimiter ${LOGFILE} "ceph osd tree"
timeout 30 ceph osd tree >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
delimiter ${LOGFILE} "ceph osd crush dump"
timeout 30 ceph osd crush dump >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
delimiter ${LOGFILE} "ceph df"
timeout 30 ceph df >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
delimiter ${LOGFILE} "ceph osd df tree"
timeout 30 ceph osd df tree >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
delimiter ${LOGFILE} "ceph health detail"
timeout 30 ceph health detail >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit_if_timeout
fi
exit 0

35
tools/collector/scripts/collect_coredump.sh
View File

@ -1,35 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="coredump"
LOGFILE="${extradir}/${SERVICE}.info"
COREDUMPDIR="/var/lib/systemd/coredump"
echo "${hostname}: Core Dump Info ....: ${LOGFILE}"
files=`ls ${COREDUMPDIR} | wc -l`
if [ "${files}" == "0" ] ; then
echo "No core dumps" >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
else
COMMAND="ls -lrtd ${COREDUMPDIR}/*"
delimiter ${LOGFILE} "${COMMAND}"
${COMMAND} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
COMMAND="md5sum ${COREDUMPDIR}/*"
delimiter ${LOGFILE} "${COMMAND}"
${COMMAND} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
exit 0

30
tools/collector/scripts/collect_crash.sh
View File

@ -1,30 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="crash"
LOGFILE="${extradir}/${SERVICE}.info"
CRASHDIR="/var/crash"
echo "${hostname}: Kernel Crash Info .: ${LOGFILE}"
COMMAND="find ${CRASHDIR}"
delimiter ${LOGFILE} "${COMMAND}"
${COMMAND} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
COMMAND="rsync -a --include=*.txt --include=*/ --exclude=* ${CRASHDIR} ${basedir}/var/"
delimiter ${LOGFILE} "${COMMAND}"
${COMMAND} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
exit 0

1064
tools/collector/scripts/collect_date
View File

File diff suppressed because it is too large Load Diff

41
tools/collector/scripts/collect_fm.sh
View File

@ -1,41 +0,0 @@
#! /bin/bash
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="alarms"
LOGFILE="${extradir}/${SERVICE}.info"
function is_service_active {
active=`sm-query service management-ip | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
echo "${hostname}: System Alarm List .: ${LOGFILE}"
# These go into the SERVICE.info file
delimiter ${LOGFILE} "fm alarm-list"
fm alarm-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
fi
exit 0

487
tools/collector/scripts/collect_host
View File

@ -1,487 +0,0 @@
#! /bin/bash
########################################################################
#
# Copyright (c) 2016-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
########################################################################
# make these platform.conf variables global.
# values are loaded in source_openrc_if_needed.
export nodetype=""
export subfunction=""
export system_type=""
export security_profile=""
export sdn_enabled=""
export region_config=""
export vswitch_type=""
export system_mode=""
export sw_version=""
# assume this is not the active controller until learned
export ACTIVE=false
#
# Import commands, variables and convenience functions available to
# all collectors ; common and user defined.
#
source /usr/local/sbin/collect_utils
source_openrc_if_needed
#
# parse input parameters
#
COLLECT_NAME="${1}"
DEBUG=${8}
set_debug_mode ${DEBUG}
# Calling parms
#
# 1 = collect name
# 2 = start date option
# 3 = start date
# 4 = "any" (ignored - no longer used ; kept to support upgrades/downgrades)
# 5 = end date option
# 6 = end date
# 7 = "any" (ignored - no longer used ; kept to support upgrades/downgrades)
# 8 = debug mode
logger -t ${COLLECT_TAG} "${0} ${1} ${2} ${3} ${4} ${5} ${6} ${7} ${8}"
# parse out the start data/time data if it is present
STARTDATE_RANGE=false
STARTDATE="any"
if [ "${2}" == "${STARTDATE_OPTION}" ] ; then
if [ "${3}" != "any" -a ${#3} -gt 7 ] ; then
STARTDATE_RANGE=true
STARTDATE="${3}"
fi
fi
# parse out the end date/time if it is present
ENDDATE_RANGE=false
ENDDATE="any"
if [ "${5}" == "${ENDDATE_OPTION}" ] ; then
if [ "${6}" != "any" -a ${#6} -gt 7 ] ; then
ENDDATE_RANGE=true
ENDDATE="${6}"
fi
fi
COLLECT_BASE_DIR="/scratch"
EXTRA="var/extra"
hostname="${HOSTNAME}"
COLLECT_NAME_DIR="${COLLECT_BASE_DIR}/${COLLECT_NAME}"
EXTRA_DIR="${COLLECT_NAME_DIR}/${EXTRA}"
TARBALL="${COLLECT_NAME_DIR}.tgz"
COLLECT_PATH="/etc/collect.d"
RUN_EXCLUDE="/etc/collect/run.exclude"
ETC_EXCLUDE="/etc/collect/etc.exclude"
COLLECT_INCLUDE="/var/run /etc /root"
FLIGHT_RECORDER_PATH="var/lib/sm/"
FLIGHT_RECORDER_FILE="sm.eru.v1"
VAR_LOG_INCLUDE_LIST="/tmp/${COLLECT_NAME}.lst"
COLLECT_DIR_PCENT_CMD="df --output=pcent ${COLLECT_BASE_DIR}"
COLLECT_DIR_USAGE_CMD="df -h ${COLLECT_BASE_DIR}"
COLLECT_DATE="/usr/local/sbin/collect_date"
function log_space()
{
local msg=${1}
space="`${COLLECT_DIR_USAGE_CMD}`"
space1=`echo "${space}" | grep -v Filesystem`
ilog "${COLLECT_BASE_DIR} ${msg} ${space1}"
}
function space_precheck()
{
space="`${COLLECT_DIR_PCENT_CMD}`"
space1=`echo "${space}" | grep -v Use`
size=`echo ${space1} | cut -f 1 -d '%'`
if [ ${size} -ge 0 -a ${size} -le 100 ] ; then
ilog "${COLLECT_BASE_DIR} is $size% full"
if [ ${size} -ge ${MIN_PERCENT_SPACE_REQUIRED} ] ; then
wlog "${HOSTNAME}:${COLLECT_BASE_DIR} does not have enough available space in to perform collect"
wlog "${HOSTNAME}:${COLLECT_BASE_DIR} must be below ${MIN_PERCENT_SPACE_REQUIRED}% to perform collect"
wlog "Increase available space in ${HOSTNAME}:${COLLECT_BASE_DIR} and retry operation."
echo "${FAIL_INSUFFICIENT_SPACE_STR}"
exit ${FAIL_INSUFFICIENT_SPACE}
fi
else
wlog "unable to parse available space from '${COLLECT_DIR_PCENT_CMD}' output"
fi
}
space_precheck
CURR_DIR=`pwd`
mkdir -p ${COLLECT_NAME_DIR}
cd ${COLLECT_NAME_DIR}
# create dump target extra-stuff directory
mkdir -p ${EXTRA_DIR}
RETVAL=0
# Remove any previous collect error log.
# Start this collect with an empty file.
#
# stderr is directed to this log during the collect process.
# By searching this log after collect_host is run we can find
# errors that occured during collect.
# The only real error that we care about right now is the
#
# "No space left on device" error
#
rm -f ${COLLECT_ERROR_LOG}
touch ${COLLECT_ERROR_LOG}
chmod 644 ${COLLECT_ERROR_LOG}
echo "`date '+%F %T'` :${COLLECT_NAME_DIR}" > ${COLLECT_ERROR_LOG}
ilog "creating local collect tarball ${COLLECT_NAME_DIR}.tgz"
################################################################################
# Run collect scripts to check system status
################################################################################
function collect_parts()
{
if [ -d ${COLLECT_PATH} ]; then
for i in ${COLLECT_PATH}/*; do
if [ -f $i ]; then
$i ${COLLECT_NAME_DIR} ${EXTRA_DIR} ${hostname}
fi
done
fi
}
function collect_extra()
{
# dump process lists
LOGFILE="${EXTRA_DIR}/process.info"
echo "${hostname}: Process Info ......: ${LOGFILE}"
delimiter ${LOGFILE} "ps -e -H -o ..."
${PROCESS_DETAIL_CMD} >> ${LOGFILE}
# Collect process and thread info (tree view)
delimiter ${LOGFILE} "pstree --arguments --ascii --long --show-pids"
pstree --arguments --ascii --long --show-pids >> ${LOGFILE}
# Collect process, thread and scheduling info (worker subfunction only)
# (also gets process 'affinity' which is useful on workers;
which ps-sched.sh >/dev/null 2>&1
if [ $? -eq 0 ]; then
delimiter ${LOGFILE} "ps-sched.sh"
ps-sched.sh >> ${LOGFILE}
fi
# Collect process, thread and scheduling, and elapsed time
# This has everything that ps-sched.sh does, except for cpu affinity mask,
# adds: stime,etime,time,wchan,tty).
delimiter ${LOGFILE} "ps -eL -o pid,lwp,ppid,state,class,nice,rtprio,priority,psr,stime,etime,time,wchan:16,tty,comm,command"
ps -eL -o pid,lwp,ppid,state,class,nice,rtprio,priority,psr,stime,etime,time,wchan:16,tty,comm,command >> ${LOGFILE}
# Various host attributes
LOGFILE="${EXTRA_DIR}/host.info"
echo "${hostname}: Host Info .........: ${LOGFILE}"
# CGCS build info
delimiter ${LOGFILE} "${BUILD_INFO_CMD}"
${BUILD_INFO_CMD} >> ${LOGFILE}
delimiter ${LOGFILE} "uptime"
uptime >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /proc/cmdline"
cat /proc/cmdline >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /proc/version"
cat /proc/version >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /proc/cpuinfo"
cat /proc/cpuinfo >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ip addr show"
ip addr show >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "lspci -nn"
lspci -nn >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "find /sys/kernel/iommu_groups/ -type l"
find /sys/kernel/iommu_groups/ -type l >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# networking totals
delimiter ${LOGFILE} "cat /proc/net/dev"
cat /proc/net/dev >> ${LOGFILE}
delimiter ${LOGFILE} "dmidecode"
dmidecode >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# summary of scheduler tunable settings
delimiter ${LOGFILE} "cat /proc/sched_debug | head -15"
cat /proc/sched_debug | head -15 >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
if [ "${SKIP_MASK}" = "true" ]; then
delimiter ${LOGFILE} "facter (excluding ssh info)"
facter | grep -iv '^ssh' >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
else
delimiter ${LOGFILE} "facter"
facter >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
if [[ "$nodetype" == "worker" || "$subfunction" == *"worker"* ]] ; then
delimiter ${LOGFILE} "topology"
topology >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
LOGFILE="${EXTRA_DIR}/memory.info"
echo "${hostname}: Memory Info .......: ${LOGFILE}"
delimiter ${LOGFILE} "cat /proc/meminfo"
cat /proc/meminfo >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /sys/devices/system/node/node?/meminfo"
cat /sys/devices/system/node/node?/meminfo >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /proc/slabinfo"
log_slabinfo ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ps -e -o ppid,pid,nlwp,rss:10,vsz:10,cmd --sort=-rss"
ps -e -o ppid,pid,nlwp,rss:10,vsz:10,cmd --sort=-rss >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# mounted hugepages
delimiter ${LOGFILE} "lsof | grep /mnt/huge"
lsof | awk '($3 !~ /^[0-9]+$/ && /\/mnt\/huge/) || NR==1 {print $0;}' >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# hugepages numa mapping
delimiter ${LOGFILE} "grep huge /proc/*/numa_maps"
grep -e " huge " /proc/*/numa_maps >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# rootfs and tmpfs usage
delimiter ${LOGFILE} "df -h -H -T --local -t rootfs -t tmpfs"
df -h -H -T --local -t rootfs -t tmpfs >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
LOGFILE="${EXTRA_DIR}/filesystem.info"
echo "${hostname}: Filesystem Info ...: ${LOGFILE}"
# disk inodes usage
delimiter ${LOGFILE} "df -h -H -T --local -t rootfs -t tmpfs"
df -h -H -T --local -t rootfs -t tmpfs >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# disk space usage
delimiter ${LOGFILE} "df -h -H -T --local -t ext2 -t ext3 -t ext4 -t xfs --total"
df -h -H -T --local -t ext2 -t ext3 -t ext4 -t xfs --total >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# disk inodes usage
delimiter ${LOGFILE} "df -h -H -T --local -i -t ext2 -t ext3 -t ext4 -t xfs --total"
df -h -H -T --local -i -t ext2 -t ext3 -t ext4 -t xfs --total >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# disks by-path values
delimiter ${LOGFILE} "ls -lR /dev/disk"
ls -lR /dev/disk >> ${LOGFILE}
# disk summary (requires sudo/root)
delimiter ${LOGFILE} "fdisk -l"
fdisk -l >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /proc/scsi/scsi"
cat /proc/scsi/scsi >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# Controller specific stuff
if [ "$nodetype" = "controller" ] ; then
delimiter ${LOGFILE} "cat /proc/drbd"
cat /proc/drbd >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "/sbin/drbdadm dump"
/sbin/drbdadm dump >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
# LVM summary
delimiter ${LOGFILE} "/usr/sbin/vgs --version ; /usr/sbin/pvs --version ; /usr/sbin/lvs --version"
/usr/sbin/vgs --version >> ${LOGFILE}
/usr/sbin/pvs --version >> ${LOGFILE}
/usr/sbin/lvs --version >> ${LOGFILE}
delimiter ${LOGFILE} "/usr/sbin/vgs --all --options all"
/usr/sbin/vgs --all --options all >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "/usr/sbin/pvs --all --options all"
/usr/sbin/pvs --all --options all >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "/usr/sbin/lvs --all --options all"
/usr/sbin/lvs --all --options all >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# iSCSI Information
LOGFILE="${EXTRA_DIR}/iscsi.info"
echo "${hostname}: iSCSI Information ......: ${LOGFILE}"
if [ "$nodetype" = "controller" ] ; then
# Controller- LIO exported initiators summary
delimiter ${LOGFILE} "targetcli ls"
targetcli ls >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# Controller - LIO sessions
delimiter ${LOGFILE} "targetcli sessions detail"
targetcli sessions detail >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
elif [[ "$nodetype" == "worker" || "$subfunction" == *"worker"* ]] ; then
# Worker - iSCSI initiator information
collect_dir=${EXTRA_DIR}/iscsi_initiator_info
mkdir -p ${collect_dir}
cp -rf /run/iscsi-cache/nodes/* ${collect_dir}
find ${collect_dir} -type d -exec chmod 750 {} \;
# Worker - iSCSI initiator active sessions
delimiter ${LOGFILE} "iscsiadm -m session"
iscsiadm -m session >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# Worker - iSCSI udev created nodes
delimiter ${LOGFILE} "ls -la /dev/disk/by-path | grep \"iqn\""
ls -la /dev/disk/by-path | grep "iqn" >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
LOGFILE="${EXTRA_DIR}/history.info"
echo "${hostname}: Bash History ......: ${LOGFILE}"
# history
delimiter ${LOGFILE} "cat /home/sysadmin/.bash_history"
cat /home/sysadmin/.bash_history >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
LOGFILE="${EXTRA_DIR}/interrupt.info"
echo "${hostname}: Interrupt Info ....: ${LOGFILE}"
# interrupts
delimiter ${LOGFILE} "cat /proc/interrupts"
cat /proc/interrupts >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /proc/softirqs"
cat /proc/softirqs >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# Controller specific stuff
if [ "$nodetype" = "controller" ] ; then
netstat -pan > ${EXTRA_DIR}/netstat.info
fi
LOGFILE="${EXTRA_DIR}/blockdev.info"
echo "${hostname}: Block Devices Info : ${LOGFILE}"
# Collect block devices - show all sda and cinder devices, and size
delimiter ${LOGFILE} "lsblk"
lsblk >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# Collect block device topology - show devices and which io-scheduler
delimiter ${LOGFILE} "lsblk --topology"
lsblk --topology >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
# Collect SCSI devices - show devices and cinder attaches, etc
delimiter ${LOGFILE} "lsblk --scsi"
lsblk --scsi >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
}
log_space "before collect ......:"
collect_extra
collect_parts
#
# handle collect collect-after and collect-range and then
# in elif clause collect-before
#
VAR_LOG="/var/log"
if [ -e /www/var/log ]; then
VAR_LOG="$VAR_LOG /www/var/log"
fi
rm -f ${VAR_LOG_INCLUDE_LIST}
if [ "${STARTDATE_RANGE}" == true ] ; then
if [ "${ENDDATE_RANGE}" == false ] ; then
ilog "collecting $VAR_LOG files containing logs after ${STARTDATE}"
${COLLECT_DATE} ${STARTDATE} ${ENDDATE} ${VAR_LOG_INCLUDE_LIST} ${DEBUG} ""
else
ilog "collecting $VAR_LOG files containing logs between ${STARTDATE} and ${ENDDATE}"
${COLLECT_DATE} ${STARTDATE} ${ENDDATE} ${VAR_LOG_INCLUDE_LIST} ${DEBUG} ""
fi
elif [ "${ENDDATE_RANGE}" == true ] ; then
STARTDATE="20130101"
ilog "collecting $VAR_LOG files containing logs before ${ENDDATE}"
${COLLECT_DATE} ${STARTDATE} ${ENDDATE} ${VAR_LOG_INCLUDE_LIST} ${DEBUG} ""
else
ilog "collecting all of $VAR_LOG"
find $VAR_LOG ! -empty > ${VAR_LOG_INCLUDE_LIST}
fi
# Add VM console.log
for i in /var/lib/nova/instances/*/console.log; do
if [ -e "$i" ]; then
tmp=`dirname $i`
mkdir -p ${COLLECT_NAME_DIR}/$tmp
cp $i ${COLLECT_NAME_DIR}/$tmp
fi
done
log_space "before first tar ....:"
(cd ${COLLECT_NAME_DIR} ; ${IONICE_CMD} ${NICE_CMD} ${TAR_CMD} ${COLLECT_NAME_DIR}/${COLLECT_NAME}.tar -T ${VAR_LOG_INCLUDE_LIST} -X ${RUN_EXCLUDE} -X ${ETC_EXCLUDE} ${COLLECT_INCLUDE} 2>>${COLLECT_ERROR_LOG} 1>>${COLLECT_ERROR_LOG} )
log_space "after first tar .....:"
(cd ${COLLECT_NAME_DIR} ; ${IONICE_CMD} ${NICE_CMD} ${UNTAR_CMD} ${COLLECT_NAME_DIR}/${COLLECT_NAME}.tar 2>>${COLLECT_ERROR_LOG} 1>>${COLLECT_ERROR_LOG} )
log_space "after first untar ...:"
rm -f ${COLLECT_NAME_DIR}/${COLLECT_NAME}.tar
log_space "after delete tar ....:"
if [ "${SKIP_MASK}" != "true" ]; then
# Run password masking before final tar
dlog "running /usr/local/sbin/collect_mask_passwords ${COLLECT_NAME_DIR} ${EXTRA_DIR}"
/usr/local/sbin/collect_mask_passwords ${COLLECT_NAME_DIR} ${EXTRA_DIR}
log_space "after passwd masking :"
fi
(cd ${COLLECT_BASE_DIR} ; ${IONICE_CMD} ${NICE_CMD} ${TAR_ZIP_CMD} ${COLLECT_NAME_DIR}.tgz ${COLLECT_NAME} 2>/dev/null 1>/dev/null )
log_space "after first tarball .:"
mkdir -p ${COLLECT_NAME_DIR}/${FLIGHT_RECORDER_PATH}
(cd /${FLIGHT_RECORDER_PATH} ; ${TAR_ZIP_CMD} ${COLLECT_NAME_DIR}/${FLIGHT_RECORDER_PATH}/${FLIGHT_RECORDER_FILE}.tgz ./${FLIGHT_RECORDER_FILE} 2>>${COLLECT_ERROR_LOG} 1>>${COLLECT_ERROR_LOG})
# Pull in an updated user.log which contains the most recent collect logs
# ... be sure to exclude any out of space logs
tail -30 /var/log/user.log | grep "COLLECT:" | grep -v "${FAIL_OUT_OF_SPACE_STR}" >> ${COLLECT_ERROR_LOG}
cp -a ${COLLECT_LOG} ${COLLECT_LOG}.last
cp -a ${COLLECT_ERROR_LOG} ${COLLECT_LOG}
cp -a ${COLLECT_LOG} ${COLLECT_NAME_DIR}/var/log
log_space "with flight data ....:"
(cd ${COLLECT_BASE_DIR} ; ${IONICE_CMD} ${NICE_CMD} ${TAR_ZIP_CMD} ${COLLECT_NAME_DIR}.tgz ${COLLECT_NAME} 2>>${COLLECT_ERROR_LOG} 1>>${COLLECT_ERROR_LOG} )
log_space "after collect .......:"
rm -rf ${COLLECT_NAME_DIR}
rm -f ${VAR_LOG_INCLUDE_LIST}
log_space "after cleanup .......:"
# Check for collect errors
# Only out of space error is enough to fail this hosts's collect
collect_errors ${HOSTNAME}
RC=${?}
rm -f ${COLLECT_ERROR_LOG}
if [ ${RC} -ne 0 ] ; then
rm -f ${COLLECT_NAME_DIR}.tgz
ilog "${FAIL_OUT_OF_SPACE_STR} ${COLLECT_BASE_DIR}"
else
ilog "collect of ${COLLECT_NAME_DIR}.tgz succeeded"
echo "${collect_done}"
fi

59
tools/collector/scripts/collect_ima.sh
View File

@ -1,59 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
function is_extended_profile {
if [ ! -n "${security_profile}" ] || [ "${security_profile}" != "extended" ]; then
return 0
else
return 1
fi
}
SERVICE="ima"
LOGFILE="${extradir}/${SERVICE}.info"
###############################################################################
# All Node Types
###############################################################################
is_extended_profile
if [ "$?" = "0" ] ; then
exit 0
fi
echo "${hostname}: IMA Info ..........: ${LOGFILE}"
delimiter ${LOGFILE} "IMA Kernel Modules"
lsmod | grep ima >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "Auditd status"
service auditd status >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
ps -aux | grep audit >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
mkdir -p ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "IMA Runtime Measurement and Violations cache"
if [ -d "/sys/kernel/security/ima" ]; then
ls /sys/kernel/security/ima >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
cp -rf /sys/kernel/security/ima ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
else
echo "ERROR: IMA Securityfs directory does not exist!" >> ${LOGFILE}
fi
cp -rf /etc/modprobe.d/ima.conf ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
cp -rf /etc/modprobe.d/integrity.conf ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
cp -rf /etc/ima.policy ${extradir}/integrity 2>>${COLLECT_ERROR_LOG}
# make sure all these collected files are world readible
chmod -R 755 ${extradir}/integrity
exit 0

123
tools/collector/scripts/collect_mask_passwords
View File

@ -1,123 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
COLLECT_NAME_DIR=$1
EXTRA_DIR=$2
# Strip the passwords from assorted config files
for conffile in \
${COLLECT_NAME_DIR}/etc/aodh/aodh.conf \
${COLLECT_NAME_DIR}/etc/barbican/barbican.conf \
${COLLECT_NAME_DIR}/etc/ceilometer/ceilometer.conf \
${COLLECT_NAME_DIR}/etc/cinder/cinder.conf \
${COLLECT_NAME_DIR}/etc/fm/fm.conf \
${COLLECT_NAME_DIR}/etc/glance/glance-api.conf \
${COLLECT_NAME_DIR}/etc/glance/glance-registry.conf \
${COLLECT_NAME_DIR}/etc/heat/heat.conf \
${COLLECT_NAME_DIR}/etc/ironic/ironic.conf \
${COLLECT_NAME_DIR}/etc/keystone/keystone.conf \
${COLLECT_NAME_DIR}/etc/magnum/magnum.conf \
${COLLECT_NAME_DIR}/etc/murano/murano.conf \
${COLLECT_NAME_DIR}/etc/neutron/metadata_agent.ini \
${COLLECT_NAME_DIR}/etc/neutron/neutron.conf \
${COLLECT_NAME_DIR}/etc/nfv/nfv_plugins/nfvi_plugins/config.ini \
${COLLECT_NAME_DIR}/etc/nova/nova.conf \
${COLLECT_NAME_DIR}/etc/nslcd.conf \
${COLLECT_NAME_DIR}/etc/openldap/slapd.conf.backup \
${COLLECT_NAME_DIR}/etc/openstack-dashboard/local_settings \
${COLLECT_NAME_DIR}/etc/panko/panko.conf \
${COLLECT_NAME_DIR}/etc/patching/patching.conf \
${COLLECT_NAME_DIR}/etc/proxy/nova-api-proxy.conf \
${COLLECT_NAME_DIR}/etc/rabbitmq/murano-rabbitmq.config \
${COLLECT_NAME_DIR}/etc/rabbitmq/rabbitmq.config \
${COLLECT_NAME_DIR}/etc/sysinv/api-paste.ini \
${COLLECT_NAME_DIR}/etc/sysinv/sysinv.conf \
${COLLECT_NAME_DIR}/var/extra/platform/sysinv/*/sysinv.conf.default \
${COLLECT_NAME_DIR}/etc/mtc.ini
do
if [ ! -f $conffile ]; then
continue
fi
sed -i -r 's/^(admin_password) *=.*/\1 = xxxxxx/;
s/^(auth_encryption_key) *=.*/\1 = xxxxxx/;
s/^(bindpw) .*/\1 xxxxxx/;
s/^(rootpw) .*/\1 xxxxxx/;
s/^(connection) *=.*/\1 = xxxxxx/;
s/^( *credentials) *=.*/\1 = xxxxxx/;
s/^(metadata_proxy_shared_secret) *=.*/\1 = xxxxxx/;
s/^(password) *=.*/\1 = xxxxxx/;
s/^(rabbit_password) *=.*/\1 = xxxxxx/;
s/^(sql_connection) *=.*/\1 = xxxxxx/;
s/^(stack_domain_admin_password) *=.*/\1 = xxxxxx/;
s/^(transport_url) *=.*/\1 = xxxxxx/;
s/^(SECRET_KEY) *=.*/\1 = xxxxxx/;
s/^(keystone_auth_pw) *=.*/\1 = xxxxxx/;
s/\{default_pass, <<\".*\">>\}/\{default_pass, <<\"xxxxxx\">>\}/' $conffile
done
find ${COLLECT_NAME_DIR} -name server-cert.pem | xargs --no-run-if-empty rm -f
rm -rf ${COLLECT_NAME_DIR}/var/extra/platform/config/*/ssh_config
rm -f ${COLLECT_NAME_DIR}/var/extra/platform/puppet/*/hieradata/secure*.yaml
# Mask user passwords in sysinv db dump
if [ -f ${COLLECT_NAME_DIR}/var/extra/database/sysinv.db.sql.txt ]; then
sed -i -r '/COPY i_user/, /^--/ s/^(([^\t]*\t){10})[^\t]*(\t.*)/\1xxxxxx\3/;
/COPY i_community/, /^--/ s/^(([^\t]*\t){5})[^\t]*(\t.*)/\1xxxxxx\3/;
/COPY i_trap_destination/, /^--/ s/^(([^\t]*\t){6})[^\t]*(\t.*)/\1xxxxxx\3/;
s/(identity\t[^\t]*\tpassword\t)[^\t]*/\1xxxxxx/' \
${COLLECT_NAME_DIR}/var/extra/database/sysinv.db.sql.txt
fi
# Mask passwords in host profiles
grep -rl '\"name\": \"password\"' ${COLLECT_NAME_DIR}/var/extra/platform/sysinv/ \
| xargs --no-run-if-empty perl -i -e '
$prev="";
while (<>)
{
if (/\"name\": \"password\"/)
{
$prev =~ s/\"value\": \".*\"/\"value\": \"xxxxxx\"/;
}
print $prev;
$prev=$_;
}
print $prev;'
# Cleanup snmp
sed -i -r 's/(rocommunity[^ ]*).*/\1 xxxxxx/' ${COLLECT_NAME_DIR}/var/extra/platform/config/*/snmp/*
sed -i -r 's/(trap2sink *[^ ]*).*/\1 xxxxxx/' ${COLLECT_NAME_DIR}/var/extra/platform/config/*/snmp/*
# Mask passwords in bash.log and history logs
USER_HISTORY_FILES=$(find ${COLLECT_NAME_DIR} -type f -name .bash_history 2>/dev/null)
sed -i -r 's/(snmp-comm-(delete|show)) *((\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*) *){1,}/\1 xxxxxx/;
s/(snmp.*) *(--community|-c) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
s/(password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
s/(openstack.*) *(--password) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
s/(ldapmodifyuser.*userPassword *)(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/' \
${USER_HISTORY_FILES} \
${COLLECT_NAME_DIR}/var/extra/history.info \
${COLLECT_NAME_DIR}/var/log/bash.log \
${COLLECT_NAME_DIR}/var/log/auth.log \
${COLLECT_NAME_DIR}/var/log/ldapscripts.log
for f in ${COLLECT_NAME_DIR}/var/log/bash.log.*.gz \
${COLLECT_NAME_DIR}/var/log/auth.log.*.gz \
${COLLECT_NAME_DIR}/var/log/ldapscripts.log.*.gz
do
zgrep -q 'snmp|password' $f || continue
gunzip $f
unzipped=${f%%.gz}
sed -i -r 's/(snmp-comm-(delete|show)) *((\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*) *){1,}/\1 xxxxxx/;
s/(snmp.*) *(--community|-c) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
s/(password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
s/(openstack.*) *(--password) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
s/(ldapmodifyuser.*userPassword *)(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/' $unzipped
gzip $unzipped
done

61
tools/collector/scripts/collect_networking.sh
View File

@ -1,61 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="networking"
LOGFILE="${extradir}/${SERVICE}.info"
echo "${hostname}: Networking Info ...: ${LOGFILE}"
###############################################################################
# All nodes
###############################################################################
delimiter ${LOGFILE} "ip -s link"
ip -s link >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ip -s addr"
ip -s addr >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ip -s neigh"
ip -s neigh >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ip rule"
ip rule >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ip route"
ip route >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "iptables -L -v -x -n"
iptables -L -v -x -n >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "iptables -L -v -x -n -t nat"
iptables -L -v -x -n -t nat >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "iptables -L -v -x -n -t mangle"
iptables -L -v -x -n -t mangle >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
###############################################################################
# Only Worker
###############################################################################
if [[ "$nodetype" = "worker" || "$subfunction" == *"worker"* ]] ; then
NAMESPACES=($(ip netns))
for NS in ${NAMESPACES[@]}; do
delimiter ${LOGFILE} "${NS}"
ip netns exec ${NS} ip -s link
ip netns exec ${NS} ip -s addr
ip netns exec ${NS} ip -s neigh
ip netns exec ${NS} ip route
ip netns exec ${NS} ip rule
done >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
exit 0

44
tools/collector/scripts/collect_nfv_vim.sh
View File

@ -1,44 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
LOGFILE="${extradir}/nfv-vim.info"
echo "${hostname}: NFV-Vim Info ......: ${LOGFILE}"
function is_service_active {
active=`sm-query service vim | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
# Assumes that database_dir is unique in /etc/nfv/vim/config.ini
DATABASE_DIR=$(awk -F "=" '/database_dir/ {print $2}' /etc/nfv/vim/config.ini)
SQLITE_DUMP="/usr/bin/sqlite3 ${DATABASE_DIR}/vim_db_v1 .dump"
delimiter ${LOGFILE} "dump database"
timeout 30 ${SQLITE_DUMP} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
exit 0

68
tools/collector/scripts/collect_openstack.sh
View File

@ -1,68 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
function is_service_active {
active=`sm-query service rabbit-fs | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
SERVICE="openstack"
LOGFILE="${extradir}/${SERVICE}.info"
echo "${hostname}: Openstack Info ....: ${LOGFILE}"
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
delimiter ${LOGFILE} "openstack project list"
openstack project list >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "openstack user list"
openstack user list >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
MQ_STATUS="rabbitmqctl status"
delimiter ${LOGFILE} "${MQ_STATUS} | grep -e '{memory' -A30"
${MQ_STATUS} 2>/dev/null | grep -e '{memory' -A30 >> ${LOGFILE}
delimiter ${LOGFILE} "RabbitMQ Queue Info"
num_queues=$(rabbitmqctl list_queues | wc -l); ((num_queues-=2))
num_bindings=$(rabbitmqctl list_bindings | wc -l); ((num_bindings-=2))
num_exchanges=$(rabbitmqctl list_exchanges | wc -l); ((num_exchanges-=2))
num_connections=$(rabbitmqctl list_connections | wc -l); ((num_connections-=2))
num_channels=$(rabbitmqctl list_channels | wc -l); ((num_channels-=2))
arr=($(rabbitmqctl list_queues messages consumers memory | \
awk '/^[0-9]/ {a+=$1; b+=$2; c+=$3} END {print a, b, c}'))
messages=${arr[0]}; consumers=${arr[1]}; memory=${arr[2]}
printf "%6s %8s %9s %11s %8s %8s %9s %10s\n" "queues" "bindings" "exchanges" "connections" "channels" "messages" "consumers" "memory" >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
printf "%6d %8d %9d %11d %8d %8d %9d %10d\n" $num_queues $num_bindings $num_exchanges $num_connections $num_channels $messages $consumers $memory >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
###############################################################################
# collect does not retrieve /etc/keystone dir
# Additional logic included to copy /etc/keystone directory
###############################################################################
mkdir -p ${extradir}/../../etc/
cp -R /etc/keystone/ ${extradir}/../../etc
chmod -R 755 ${extradir}/../../etc/keystone
exit 0

35
tools/collector/scripts/collect_ovs.sh
View File

@ -1,35 +0,0 @@
#! /bin/bash
########################################################################
#
# Copyright (c) 2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
########################################################################
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="ovs"
LOGFILE="${extradir}/${SERVICE}.info"
###############################################################################
# Only Worker Nodes
###############################################################################
if [[ "$nodetype" == "worker" || "$subfunction" == *"worker"* ]] ; then
if [[ "$vswitch_type" == *ovs* ]]; then
echo "${hostname}: OVS Info ..........: ${LOGFILE}"
delimiter ${LOGFILE} "ovsdb-client dump"
ovsdb-client dump >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ovs-vsctl show"
ovs-vsctl --timeout 10 show >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
fi
fi
exit 0

29
tools/collector/scripts/collect_parms
View File

@ -1,29 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#echo "defaults: $1-$2-$3-$4"
if [ -z ${1} ] ; then
basedir=/scratch
else
basedir=$1
fi
if [ -z ${2} ] ; then
extradir=$basedir/var/extra
else
extradir=$2
fi
if [ -z ${3} ] ; then
hostname=$HOSTNAME
else
hostname=$3
fi
mkdir -p ${extradir}

45
tools/collector/scripts/collect_patching.sh
View File

@ -1,45 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="patching"
LOGFILE="${extradir}/${SERVICE}.info"
echo "${hostname}: Patching Info .....: ${LOGFILE}"
###############################################################################
# All nodes
###############################################################################
delimiter ${LOGFILE} "smart channel --show"
smart channel --show 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
delimiter ${LOGFILE} "sw-patch query"
sw-patch query 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "sw-patch query-hosts"
sw-patch query-hosts 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "sw-patch query-hosts --debug"
sw-patch query-hosts --debug 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "find /opt/patching"
find /opt/patching 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "find /www/pages/updates"
find /www/pages/updates 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
fi
exit 0

117
tools/collector/scripts/collect_psqldb.sh
View File

@ -1,117 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
# postgres database commands
PSQL_CMD="sudo -u postgres psql --pset pager=off -q"
PG_DUMP_CMD="sudo -u postgres pg_dump"
SERVICE="database"
DB_DIR="${extradir}/database"
LOGFILE="${extradir}/database.info"
echo "${hostname}: Database Info .....: ${LOGFILE}"
function is_service_active {
active=`sm-query service postgres | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
###############################################################################
# All node types
###############################################################################
mkdir -p ${DB_DIR}
function log_database {
db_list=( $(${PSQL_CMD} -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") )
for db in "${db_list[@]}"; do
echo "postgres database: ${db}"
${PSQL_CMD} -d ${db} -c "
SELECT
table_schema,
table_name,
pg_size_pretty(table_size) AS table_size,
pg_size_pretty(indexes_size) AS indexes_size,
pg_size_pretty(total_size) AS total_size,
live_tuples,
dead_tuples
FROM (
SELECT
table_schema,
table_name,
pg_table_size(table_name) AS table_size,
pg_indexes_size(table_name) AS indexes_size,
pg_total_relation_size(table_name) AS total_size,
pg_stat_get_live_tuples(table_name::regclass) AS live_tuples,
pg_stat_get_dead_tuples(table_name::regclass) AS dead_tuples
FROM (
SELECT
table_schema,
table_name
FROM information_schema.tables
WHERE table_schema='public'
AND table_type='BASE TABLE'
) AS all_tables
ORDER BY total_size DESC
) AS pretty_sizes;
"
done >> ${1}
}
DB_EXT=db.sql.txt
function database_dump {
mkdir -p ${DB_DIR}
db_list=( $(${PSQL_CMD} -t -c "SELECT datname FROM pg_database WHERE datistemplate = false;") )
for DB in "${db_list[@]}"; do
if [ "$DB" != "keystone" -a "$DB" != "ceilometer" ] ; then
echo "${hostname}: Dumping Database ..: ${DB_DIR}/$DB.$DB_EXT"
(cd ${DB_DIR} ; sudo -u postgres pg_dump $DB > $DB.$DB_EXT)
fi
done
}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
# postgres DB sizes
delimiter ${LOGFILE} "formatted ${PSQL_CMD} -c"
${PSQL_CMD} -c "
SELECT
pg_database.datname,
pg_database_size(pg_database.datname),
pg_size_pretty(pg_database_size(pg_database.datname))
FROM pg_database
ORDER BY pg_database_size DESC;
" >> ${LOGFILE}
# Number of postgres connections
delimiter ${LOGFILE} "ps -C postgres -o cmd="
ps -C postgres -o cmd= >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "call to log_database"
log_database ${LOGFILE}
database_dump
fi
exit 0

26
tools/collector/scripts/collect_sm.sh
View File

@ -1,26 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="sm"
LOGFILE="${extradir}/sm.info"
echo "${hostname}: Service Management : ${LOGFILE}"
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
kill -SIGUSR1 $(</var/run/sm.pid)
sm-troubleshoot 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
fi
exit 0

72
tools/collector/scripts/collect_sysinv.sh
View File

@ -1,72 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="inventory"
LOGFILE="${extradir}/${SERVICE}.info"
RPMLOG="${extradir}/rpm.info"
function is_service_active {
active=`sm-query service management-ip | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
echo "${hostname}: Software Config ...: ${RPMLOG}"
# These go into the SERVICE.info file
delimiter ${RPMLOG} "rpm -qa"
rpm -qa >> ${RPMLOG}
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
echo "${hostname}: System Inventory ..: ${LOGFILE}"
# These go into the SERVICE.info file
delimiter ${LOGFILE} "system host-list"
system host-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "system service-list"
system service-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "nova service-list"
nova service-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "neutron host-list"
neutron host-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "system host-port-list controller-0"
system host-port-list controller-0 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "system host-port-list controller-1"
system host-port-list controller-1 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "Dump all Instances"
nova list --fields name,status,OS-EXT-SRV-ATTR:host --all-tenant 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
delimiter ${LOGFILE} "vm-topology"
timeout 60 vm-topology --show all 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
cp -a /opt/platform ${extradir}
fi
exit 0

82
tools/collector/scripts/collect_tc.sh
View File

@ -1,82 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="tc"
LOGFILE="${extradir}/tc.info"
echo "${hostname}: Traffic Controls . : ${LOGFILE}"
###############################################################################
# Interface Info
###############################################################################
delimiter ${LOGFILE} "cat /etc/network/interfaces"
if [ -f /etc/network/interfaces ]; then
cat /etc/network/interfaces >> ${LOGFILE}
else
echo "/etc/network/interfaces NOT FOUND" >> ${LOGFILE}
fi
delimiter ${LOGFILE} "ip link"
ip link >> ${LOGFILE}
for i in $(ip link | grep mtu | grep eth |awk '{print $2}' | sed 's#:##g'); do
delimiter ${LOGFILE} "ethtool ${i}"
ethtool ${i} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "cat /sys/class/net/${i}/speed"
cat /sys/class/net/${i}/speed >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "ethtool -S ${i}"
ethtool -S ${i} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
done
###############################################################################
# TC Configuration Script (/usr/local/bin/cgcs_tc_setup.sh)
###############################################################################
delimiter ${LOGFILE} "cat /usr/local/bin/cgcs_tc_setup.sh"
if [ -f /usr/local/bin/cgcs_tc_setup.sh ]; then
cat /usr/local/bin/cgcs_tc_setup.sh >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
else
echo "/usr/local/bin/cgcs_tc_setup.sh NOT FOUND" >> ${LOGFILE}
fi
###############################################################################
# TC Configuration
###############################################################################
delimiter ${LOGFILE} "tc qdisc show"
tc qdisc show >> ${LOGFILE}
for i in $(ip link | grep htb | awk '{print $2}' | sed 's#:##g'); do
delimiter ${LOGFILE} "tc class show dev ${i}"
tc class show dev ${i} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "tc filter show dev ${i}"
tc filter show dev ${i} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
done
###############################################################################
# TC Statistics
###############################################################################
delimiter ${LOGFILE} "tc -s qdisc show"
tc -s qdisc show >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
for i in $(ip link | grep htb | awk '{print $2}' | sed 's#:##g'); do
delimiter ${LOGFILE} "tc -s class show dev ${i}"
tc -s class show dev ${i} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
delimiter ${LOGFILE} "tc -s filter show dev ${i}"
tc -s filter show dev ${i} >> ${LOGFILE} 2>>${COLLECT_ERROR_LOG}
done
exit 0

237
tools/collector/scripts/collect_utils
View File

@ -1,237 +0,0 @@
#! /bin/bash
#
# Copyright (c) 2013-2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
##########################################################################################
DEBUG=false
# Fail Codes
PASS=0
FAIL=1
RETRY=2
FAIL_NODETYPE=3
FAIL_TIMEOUT=10
FAIL_TIMEOUT1=11
FAIL_TIMEOUT2=12
FAIL_TIMEOUT3=13
FAIL_TIMEOUT4=14
FAIL_TIMEOUT5=15
FAIL_TIMEOUT6=16
FAIL_TIMEOUT7=17
FAIL_TIMEOUT8=18
FAIL_TIMEOUT9=19
FAIL_PASSWORD=30
FAIL_PERMISSION=31
FAIL_CLEANUP=32
FAIL_UNREACHABLE=33
FAIL_HOSTNAME=34
FAIL_INACTIVE=35
FAIL_PERMISSION_SKIP=36
FAIL_OUT_OF_SPACE=37
FAIL_INSUFFICIENT_SPACE=38
FAIL_OUT_OF_SPACE_LOCAL=39
FAIL_CREATE=39
# Warnings are above 200
WARN_WARNING=200
WARN_HOSTNAME=201
# Failure Strings
FAIL_OUT_OF_SPACE_STR="No space left on device"
FAIL_TAR_OUT_OF_SPACE_STR="tar: Error is not recoverable"
FAIL_INSUFFICIENT_SPACE_STR="Not enough space on device"
# The minimum amount of % free space on /scratch to allow collect to proceed
MIN_PERCENT_SPACE_REQUIRED=75
# Log file path/names
COLLECT_LOG=/var/log/collect.log
COLLECT_ERROR_LOG=/tmp/collect_error.log
function source_openrc_if_needed
{
# get the node and subfunction types
nodetype=""
subfunction=""
PLATFORM_CONF=/etc/platform/platform.conf
if [ -e ${PLATFORM_CONF} ] ; then
source ${PLATFORM_CONF}
fi
if [ "${nodetype}" != "controller" -a "${nodetype}" != "worker" -a "${nodetype}" != "storage" ] ; then
logger -t ${COLLECT_TAG} "could not identify nodetype ($nodetype)"
exit $FAIL_NODETYPE
fi
ACTIVE=false
if [ "$nodetype" == "controller" ] ; then
# get local host activity state
OPENRC="/etc/platform/openrc"
if [ -e "${OPENRC}" ] ; then
OS_USERNAME=""
source ${OPENRC}
if [ "${OS_USERNAME}" != "" ] ; then
ACTIVE=true
fi
fi
fi
}
# Setup an expect command completion file.
# This is used to force serialization of expect
# sequences and highlight command completion
collect_done="collect done"
cmd_done_sig="expect done"
cmd_done_file="/usr/local/sbin/expect_done"
# Compression Commands
TAR_ZIP_CMD="tar -cvzf"
TAR_UZIP_CMD="tar -xvzf"
TAR_CMD="tar -cvhf"
UNTAR_CMD="tar -xvf"
ZIP_CMD="gzip"
NICE_CMD="/usr/bin/nice -n19"
IONICE_CMD="/usr/bin/ionice -c2 -n7"
COLLECT_TAG="COLLECT"
STARTDATE_OPTION="--start-date"
ENDDATE_OPTION="--end-date"
PROCESS_DETAIL_CMD="ps -e -H -o ruser,tid,pid,ppid,flags,stat,policy,rtprio,nice,priority,rss:10,vsz:10,sz:10,psr,stime,tty,cputime,wchan:14,cmd"
BUILD_INFO_CMD="cat /etc/build.info"
################################################################################
# Log Debug, Info or Error log message to syslog
################################################################################
function log
{
logger -t ${COLLECT_TAG} $@
}
function ilog
{
echo "$@"
logger -t ${COLLECT_TAG} $@
#logger -p local3.info -t ${COLLECT_TAG} $@
}
function elog
{
echo "Error: $@"
logger -t ${COLLECT_TAG} $@
}
function wlog
{
echo "Warning: $@"
logger -t ${COLLECT_TAG} $@
}
function set_debug_mode()
{
DEBUG=${1}
}
function dlog()
{
if [ "$DEBUG" == true ] ; then
logger -t ${COLLECT_TAG} $@
echo "Debug: $@"
fi
}
function delimiter()
{
echo "--------------------------------------------------------------------" >> ${1} 2>>${COLLECT_ERROR_LOG}
echo "`date` : ${myhostname} : ${2}" >> ${1} 2>>${COLLECT_ERROR_LOG}
echo "--------------------------------------------------------------------" >> ${1} 2>>${COLLECT_ERROR_LOG}
}
function log_slabinfo()
{
PAGE_SIZE=$(getconf PAGE_SIZE)
cat /proc/slabinfo | awk -v page_size_B=${PAGE_SIZE} '
BEGIN {page_KiB = page_size_B/1024; TOT_KiB = 0;}
(NF == 17) {
gsub(/[<>]/, "");
printf("%-22s %11s %8s %8s %10s %12s %1s %5s %10s %12s %1s %12s %9s %11s %8s\n",
$2, $3, $4, $5, $6, $7, $8, $10, $11, $12, $13, $15, $16, $17, "KiB");
}
(NF == 16) {
num_objs=$3; obj_per_slab=$5; pages_per_slab=$6;
KiB = (obj_per_slab > 0) ? page_KiB*num_objs/obj_per_slab*pages_per_slab : 0;
TOT_KiB += KiB;
printf("%-22s %11d %8d %8d %10d %12d %1s %5d %10d %12d %1s %12d %9d %11d %8d\n",
$1, $2, $3, $4, $5, $6, $7, $9, $10, $11, $12, $14, $15, $16, KiB);
}
END {
printf("%-22s %11s %8s %8s %10s %12s %1s %5s %10s %12s %1s %12s %9s %11s %8d\n",
"TOTAL", "-", "-", "-", "-", "-", ":", "-", "-", "-", ":", "-", "-", "-", TOT_KiB);
}
' >> ${1} 2>>${COLLECT_ERROR_LOG}
}
###########################################################################
#
# Name : collect_errors
#
# Description: search COLLECT_ERROR_LOG for "No space left on device" logs
# Return 0 if no such logs are found.
# Return 1 if such logs are found
#
# Assumptions: Caller should assume a non-zero return as an indication of
# a corrupt or incomplete collect log
#
# Create logs and screen echos that record the error for the user.
#
# May look for other errors in the future
#
###########################################################################
listOfOutOfSpaceErrors=(
"${FAIL_OUT_OF_SPACE_STR}"
"${FAIL_TAR_OUT_OF_SPACE_STR}"
"${FAIL_INSUFFICIENT_SPACE_STR}"
)
function collect_errors()
{
local host=${1}
local RC=0
if [ -e "${COLLECT_ERROR_LOG}" ] ; then
## now loop through known space related error strings
index=0
while [ "x${listOfOutOfSpaceErrors[index]}" != "x" ]
do
grep -q "${listOfOutOfSpaceErrors[index]}" ${COLLECT_ERROR_LOG}
if [ "$?" == "0" ] ; then
string="failed to collect from ${host} (reason:${FAIL_OUT_OF_SPACE}:${FAIL_OUT_OF_SPACE_STR})"
# /var/log/user.log it
logger -t ${COLLECT_TAG} "${string}"
# logs that show up in the foreground
echo "${string}"
echo "Increase available space in ${host}:${COLLECT_BASE_DIR} and retry operation."
# return error code
RC=1
break
fi
index=$(($index+1))
done
fi
return ${RC}
}

Some files were not shown because too many files have changed in this diff Show More