관리-도구
편집 파일: utils.py
# -*- coding: utf-8 -*- # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT """ This module contains helpful utility functions for SSA Agent """ import datetime import dbm import logging import os import platform import re import xml.etree.ElementTree as ET from collections import namedtuple from contextlib import contextmanager from datetime import date, timedelta from distutils.version import LooseVersion from socket import socket, fromfd, AF_UNIX, SOCK_STREAM, AF_INET, AF_INET6, \ SOCK_DGRAM from typing import Optional, Union from urllib.parse import urlparse import sentry_sdk from sentry_sdk.integrations.atexit import AtexitIntegration from sentry_sdk.integrations.logging import LoggingIntegration from clcommon.const import Feature from clcommon.cpapi import ( is_panel_feature_supported, get_cp_description, is_throttling_supported, is_wp2_environment ) from clcommon.utils import get_kmodlve_module_version, get_username from clcommon.lib.cledition import get_cl_edition_readable from clcommon.lib.network import get_hostname from clcommon.utils import get_rhn_systemid_value from .constants import sentry_dsn from .exceptions import SSAError logger = logging.getLogger('utils') URL = namedtuple('URL', ['domain_name', 'uri_path']) # --------- FUNCTIONS --------- def url_split(url: str) -> URL: """ Split URL into domain_name and uripath including query string :param url: URL of format protocol://domain/path;parameters?query#fragment :return: namedtuple URL(domain_name, uripath) """ fragments = urlparse(url) qs = f'?{fragments.query}' if fragments.query else '' uri = f'{fragments.path}{qs}' if fragments.path else '/' # logger.info('Parsed %s into %s:%s', url, fragments.netloc, uri) return URL(fragments.netloc.replace('www.', ''), uri) def ssa_version() -> Optional[str]: """Get version of alt-php-ssa package""" return pkg_version('/usr/share/clos_ssa/version') def xray_version() -> Optional[str]: """Get version of alt-php-xray package""" return pkg_version('/usr/share/alt-php-xray/version') def sentry_init() -> None: """ Initialize Sentry client shutdown_timeout=0 disables Atexit integration as stated in docs: 'it’s easier to disable it by setting the shutdown_timeout to 0' https://docs.sentry.io/platforms/python/default-integrations/#atexit On the other hand, docs say, that 'Setting this value too low will most likely cause problems for sending events from command line applications' https://docs.sentry.io/error-reporting/configuration/?platform=python#shutdown-timeout """ def add_info(event: dict, hint: dict) -> dict: """ Add extra data into sentry event :param event: original event :param hint: additional data caught :return: updated event """ event['extra'].update({'ssa.version': '0.4-12.el8'}) return event def try_get_ip(address_family, private_ip): """ address_family - we can choose constants represent the address (and protocol) families (AF_INET for ipv4 and AF_INET6 for ipv6) private_ip - specify some private ip address. For instance: ipv4 -> 10.255.255.255 or ipv6 -> fc00:: """ try: with socket(address_family, SOCK_DGRAM) as s: s.connect((private_ip, 1)) return s.getsockname()[0] except Exception: logger.info('Cannot retrieve IP address') def get_ip(): """ We are trying to get an IPv4 or IPv6 address. In case of failure we'll return 127.0.0.1 """ ipversions = (AF_INET, '10.255.255.255'), (AF_INET6, 'fc00::') for addr_fam, priv_ip in ipversions: ip = try_get_ip(addr_fam, priv_ip) if ip: return ip return '127.0.0.1' def set_tags(sentry_scope): cp_description = get_cp_description() cp_version = cp_description.get('version') if cp_description else None cp_name = cp_description.get('name') if cp_description else None cp_product = 'WP2' if is_wp2_environment() else None tags = (('alt-php-xray', xray_version() or 'UNKNOWN'), ('Control Panel Name', cp_name), ('Control Panel Version', cp_version), ('Control Panel Product', cp_product), ('kernel', platform.release()), ('CloudLinux version', get_rhn_systemid_value("os_release")), ('Cloudlinux edition', get_cl_edition_readable()), ('Architecture', get_rhn_systemid_value("architecture")), ('ip_address', get_ip()), ('username', get_username()) ) # set_tags does not work in current version of sentry_sdk # https://github.com/getsentry/sentry-python/issues/1344 for tag in tags: sentry_scope.set_tag(*tag) def nope(pending, timeout) -> None: pass ssa_ver = ssa_version() or "alt-php-ssa@0.4-12.el8" sentry_logging = LoggingIntegration(level=logging.INFO, event_level=logging.WARNING) silent_atexit = AtexitIntegration(callback=nope) sentry_sdk.init(dsn=sentry_dsn, before_send=add_info, release=ssa_ver, max_value_length=10000, integrations=[sentry_logging, silent_atexit]) with sentry_sdk.configure_scope() as scope: scope.user = { "id": get_rhn_systemid_value("system_id") or get_ip() or get_hostname() or get_username() } try: set_tags(scope) except Exception: pass def set_logging_into_file(fname: str, as_error: bool = False) -> str: """ Try to configure logging into given fname If as_error True, log the exception as ERROR, otherwise -- as INFO """ try: logging.basicConfig(filename=fname, level=logging.INFO, format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') try: os.chmod(fname, 0o666) except PermissionError: pass return fname except OSError as e: logger.log(logging.ERROR if as_error else logging.INFO, 'No logging configuration applied: %s', str(e)) def configure_logging(logname: str) -> str: """ Configure logging :param logname: path to log :return: logpath """ sentry_init() if set_logging_into_file(logname) is None: try: os.makedirs(os.path.dirname(logname)) except Exception as e: logger.warning('Failed to create logdir %s', str(e)) return '' logname = set_logging_into_file(logname, as_error=True) return logname def create_socket(sock_location: str) -> 'socket object': """ Create world-writable socket in given sock_location or reuse existing one :param sock_location: socket address :return: socket object """ LISTEN_FDS = int(os.environ.get("LISTEN_FDS", 0)) if LISTEN_FDS == 0: with umask_0(): sockobj = socket(AF_UNIX) sockobj.bind(sock_location) sockobj.listen() else: sockobj = fromfd(3, AF_UNIX, SOCK_STREAM) sockobj.listen() return sockobj def previous_day_date() -> str: """ Returns date of previous day in a format "day.month.year" """ yesterday = date.today() - timedelta(days=1) return yesterday.strftime('%d.%m.%Y') def format_date(datestr: str, formatstr='%d.%m.%Y') -> str: """ Convert date to format YYYY-mm-dd """ _date = datetime.datetime.strptime(datestr, formatstr) return _date.strftime("%Y-%m-%d") def read_sys_id() -> str: """ Obtain system ID from /etc/sysconfig/rhn/systemid :return: system ID without ID- prefix """ try: tree = ET.parse('/etc/sysconfig/rhn/systemid') root = tree.getroot() whole_id = root.find(".//member[name='system_id']/value/string").text with sentry_sdk.configure_scope() as scope: scope.set_tag("system_id", whole_id) return whole_id.lstrip('ID-') except (OSError, ET.ParseError) as e: logger.warning('Failed to retrieve system_id: %s', str(e)) def duration_cast(duration: int) -> float: """ Cast duration from microseconds to seconds leaving 2 digits after point """ return float(format(duration/1000000, '0.2f')) def pkg_version(filepath: str) -> Optional[str]: """Get version of package from file. alt-php-ssa/alt-php-xray supported""" try: with open(filepath) as v_file: version = v_file.read().strip() except OSError: return # remove dist suffix return '.'.join(version.split('.')[:2]) or '0.0-0' def is_xray_version_supported() -> bool: """ Check version of alt-php-xray package. Autotracing in X-Ray is supported since 0.4-1 """ version_number = xray_version() if version_number is None: # no xray installed return False try: return LooseVersion(version_number) >= LooseVersion('0.4-1') except (TypeError, AttributeError): return False def is_xray_user_agent_active() -> bool: """Check if User Agent is listening""" user_agent_sock = '/opt/alt/php-xray/run/xray-user.sock' with socket(AF_UNIX, SOCK_STREAM) as s: try: s.connect(user_agent_sock) except (ConnectionError, OSError): return False return True def no_xray_active_tasks() -> bool: """Check if there are no active X-Ray tasks (== empty task storage)""" xray_tasks_storage = '/usr/share/alt-php-xray/tasks' if not os.path.isfile(xray_tasks_storage): # no tasks file usually means no X-Ray at all, thus no tasks return True try: with dbm.open(xray_tasks_storage, 'c') as xray_tasks: return len(xray_tasks.keys()) == 0 except dbm.error: # in case we somehow failed to open the file, but it exists, # suppose there are active tasks return False def switch_schedstats(enabled: bool) -> None: """ Switch on/off throttle statistics gathering by kmodlve :param enabled: True or False """ if not is_panel_feature_supported(Feature.LVE): # do nothing if there is no LVE feature return logger.info('Switching schedstats: %s', enabled) try: with open('/proc/sys/kernel/sched_schedstats', mode='wb', buffering=0) as f: f.write(b'1' if enabled else b'0') logger.info('Done OK') except OSError as e: logger.info('Failed to set sched_schedstats to %s: %s', enabled, str(e)) def is_io_throttling_detection_available() -> bool: """ Check kmodlve module version or kernel version in order to determine if it provides the detection of IO throttling """ kmod_min_version = LooseVersion('2.0-23') kernel_min_version = LooseVersion('1.5.58') kmod_current = get_kmodlve_module_version() if kmod_current: return compare_versions_ge(kmod_current, kmod_min_version) return compare_versions_ge(extract_kernel_version(), kernel_min_version) def extract_kernel_version() -> str: """ Get kernel version in the form of "major-minor" from current platform """ pattern = re.compile(r'lve([0-9]+(\.[0-9]+)+)\.el') release = platform.release() try: version_num = pattern.search(release).group(1) except AttributeError: return '0.0.0' return version_num def compare_versions_ge(first_version: str, second_version: Union[str, LooseVersion]) -> bool: """ Comparing two versions using the greater or equal operator. """ try: return LooseVersion(first_version) >= second_version except TypeError as e: raise SSAError( f'Unable to compare required versions: unexpected versions format "{first_version}" and "{second_version}"') def is_kernel_version_supported(): """ General check of kernel support (IO throttling availability is required) """ if not is_throttling_supported(): # no throttling at all return True return is_io_throttling_detection_available() # --------- CONTEXT MANAGERS --------- @contextmanager def umask_0(mask: int = 0) -> None: """ Context manager for dropping umask """ prev = os.umask(mask) yield os.umask(prev) @contextmanager def set_privileges(target_uid: int = None, target_gid: int = None, target_path='.', mask: int = None, with_check=True) -> None: """ Context manager to drop privileges during some operation and then restore them back. If target_uid or target_gid are given, use input values. Otherwise, stat target_uid and target_gid from given target_path. If no target_path given, use current directory. Use mask if given. :param target_uid: uid to set :param target_gid: gid to set :param target_path: directory or file to stat for privileges, default -- current directory :param mask: umask to use :param with_check: check the result of switching privileges """ prev_uid = os.getuid() prev_gid = os.getgid() try: stat_info = os.stat(target_path) except OSError: stat_info = None if target_uid is None: if stat_info is None: target_uid = prev_uid else: target_uid = stat_info.st_uid if target_gid is None: if stat_info is None: target_gid = prev_gid else: target_gid = stat_info.st_gid if mask is not None: prev = os.umask(mask) if prev_gid != target_gid: os.setegid(target_gid) logger.debug('Dropped GID privs to %s', target_gid) if with_check and os.getegid() != target_gid: # break operation if privileges dropping failed raise SSAError( 'Unable to execute required operation: permission issue') if prev_uid != target_uid: os.seteuid(target_uid) logger.debug('Dropped UID privs to %s', target_uid) if with_check and os.geteuid() != target_uid: if prev_gid != target_gid: # check if GID should be restored os.setegid(prev_gid) # break operation if privileges dropping failed raise SSAError( 'Unable to execute required operation: permission issue') yield if prev_uid != target_uid: os.seteuid(prev_uid) logger.debug('Restored UID privs to %s', prev_uid) if prev_gid != target_gid: os.setegid(prev_gid) logger.debug('Restored GID privs to %s', prev_gid) if mask is not None: os.umask(prev) # --------- DECORATORS --------- # for easy mocking in tests where # we don't need singleton IS_SINGLETON_ENABLED = True def singleton(some_cls): class __Singleton: """ A singleton wrapper class. Its instances would be created for each decorated class. """ def __init__(self, _cls): self._wrapped = _cls self._instance = None def __call__(self, *args, **kwargs): """Returns a single instance of decorated class""" if self._instance is None or not IS_SINGLETON_ENABLED: self._instance = self._wrapped(*args, **kwargs) return self._instance return __Singleton(some_cls)