diff --git a/confluent_client/bin/confetty b/confluent_client/bin/confetty index 3844f6b8..043881a4 100755 --- a/confluent_client/bin/confetty +++ b/confluent_client/bin/confetty @@ -76,6 +76,11 @@ import confluent.termhandler as termhandler import confluent.tlvdata as tlvdata import confluent.client as client +try: + unicode +except NameError: + unicode = str + conserversequence = '\x05c' # ctrl-e, c clearpowermessage = False @@ -299,8 +304,11 @@ currchildren = None def print_result(res): + global exitcode if 'errorcode' in res or 'error' in res: print(res['error']) + if 'errorcode' in res: + exitcode |= res['errorcode'] return if 'databynode' in res: print_result(res['databynode']) diff --git a/confluent_client/bin/nodebmcreset b/confluent_client/bin/nodebmcreset index ae253e77..09a6221b 100755 --- a/confluent_client/bin/nodebmcreset +++ b/confluent_client/bin/nodebmcreset @@ -47,6 +47,8 @@ exitcode = 0 errorNodes = set([]) session.stop_if_noderange_over(noderange, options.maxnodes) success = session.simple_noderange_command(noderange, 'configuration/management_controller/reset', 'reset', key='state', errnodes=errorNodes) # = 0 if successful +if success != 0: + sys.exit(success) # Determine which nodes were successful and print them diff --git a/confluent_server/bin/confluent b/confluent_server/bin/confluent index 62d6ab3d..db66e587 100755 --- a/confluent_server/bin/confluent +++ b/confluent_server/bin/confluent @@ -32,7 +32,7 @@ import confluent.main import multiprocessing if __name__ == '__main__': multiprocessing.freeze_support() - confluent.main.run() + confluent.main.run(sys.argv) #except: # pass #p.disable() diff --git a/confluent_server/confluent/main.py b/confluent_server/confluent/main.py index 50978a95..c009198e 100644 --- a/confluent_server/confluent/main.py +++ b/confluent_server/confluent/main.py @@ -77,13 +77,16 @@ def _daemonize(): print('confluent server starting as pid {0}'.format(thispid)) os._exit(0) os.closerange(0, 2) - os.umask(63) os.open(os.devnull, os.O_RDWR) os.dup2(0, 1) os.dup2(0, 2) + log.daemonized = True + + +def _redirectoutput(): + os.umask(63) sys.stdout = log.Logger('stdout', buffered=False) sys.stderr = log.Logger('stderr', buffered=False) - log.daemonized = True def _updatepidfile(): @@ -206,7 +209,7 @@ def setlimits(): pass -def run(): +def run(args): setlimits() try: signal.signal(signal.SIGUSR1, dumptrace) @@ -232,7 +235,10 @@ def run(): except (OSError, IOError) as e: print(repr(e)) sys.exit(1) - _daemonize() + if '-f' not in args: + _daemonize() + if '-o' not in args: + _redirectoutput() if havefcntl: _updatepidfile() signal.signal(signal.SIGINT, terminate) diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py index cf3d4707..3fc63b8e 100644 --- a/confluent_server/confluent/messages.py +++ b/confluent_server/confluent/messages.py @@ -545,9 +545,21 @@ class InputFirmwareUpdate(ConfluentMessage): raise Exception('User requested substitutions, but code is ' 'written against old api, code must be fixed or ' 'skip {} expansion') + if self.filebynode[node].startswith('/etc/confluent'): + raise Exception( + 'File transfer with /etc/confluent is not supported') + if self.filebynode[node].startswith('/var/log/confluent'): + raise Exception( + 'File transfer with /var/log/confluent is not supported') return self._filename def nodefile(self, node): + if self.filebynode[node].startswith('/etc/confluent'): + raise Exception( + 'File transfer with /etc/confluent is not supported') + if self.filebynode[node].startswith('/var/log/confluent'): + raise Exception( + 'File transfer with /var/log/confluent is not supported') return self.filebynode[node] class InputMedia(InputFirmwareUpdate): diff --git a/confluent_server/confluent_server.spec.tmpl b/confluent_server/confluent_server.spec.tmpl index e86313a4..e65cfe5b 100644 --- a/confluent_server/confluent_server.spec.tmpl +++ b/confluent_server/confluent_server.spec.tmpl @@ -13,9 +13,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot Prefix: %{_prefix} BuildArch: noarch %if "%{dist}" == ".el8" -Requires: python3-pyghmi >= 1.0.34, python3-eventlet, python3-greenlet, python3-pycryptodomex >= 3.4.7, confluent_client, python3-pyparsing, python3-paramiko, python3-dns, python3-netifaces, python3-pyasn1 >= 0.2.3, python3-pysnmp >= 4.3.4, python3-pyte, python3-lxml, python3-eficompressor, python3-setuptools, python3-dateutil, python3-enum34, python3-asn1crypto, python3-cffi, python3-pyOpenSSL, python3-monotonic, python3-websocket-client +Requires: python3-pyghmi >= 1.0.34, python3-eventlet, python3-greenlet, python3-pycryptodomex >= 3.4.7, confluent_client, python3-pyparsing, python3-paramiko, python3-dns, python3-netifaces, python3-pyasn1 >= 0.2.3, python3-pysnmp >= 4.3.4, python3-pyte, python3-lxml, python3-eficompressor, python3-setuptools, python3-dateutil, python3-enum34, python3-asn1crypto, python3-cffi, python3-pyOpenSSL, python3-monotonic, python3-websocket-client python3-msgpack %else -Requires: python-pyghmi >= 1.0.34, python-eventlet, python-greenlet, python-pycryptodomex >= 3.4.7, confluent_client, python-pyparsing, python-paramiko, python-dns, python-netifaces, python2-pyasn1 >= 0.2.3, python-pysnmp >= 4.3.4, python-pyte, python-lxml, python-eficompressor, python-setuptools, python-dateutil, python2-websocket-client +Requires: python-pyghmi >= 1.0.34, python-eventlet, python-greenlet, python-pycryptodomex >= 3.4.7, confluent_client, python-pyparsing, python-paramiko, python-dns, python-netifaces, python2-pyasn1 >= 0.2.3, python-pysnmp >= 4.3.4, python-pyte, python-lxml, python-eficompressor, python-setuptools, python-dateutil, python2-websocket-client python2-msgpack %endif Vendor: Jarrod Johnson Url: http://xcat.sf.net/ @@ -48,13 +48,33 @@ rmdir $RPM_BUILD_ROOT/etc/init.d rmdir $RPM_BUILD_ROOT/etc cat INSTALLED_FILES -%triggerin -- python-pyghmi +%triggerin -- python-pyghmi, python3-pyghmi, python2-pyghmi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl try-restart confluent >& /dev/null; fi true +%pre +getent group confluent > /dev/null || /usr/sbin/groupadd -r confluent +getent passwd confluent > /dev/null || /usr/sbin/useradd -r -g confluent -d /var/lib/confluent -s /sbin/nologin confluent +mkdir -p /etc/confluent /var/lib/confluent /var/run/confluent /var/log/confluent /var/cache/confluent +chown -R confluent:confluent /etc/confluent /var/lib/confluent /var/run/confluent /var/log/confluent /var/cache/confluent + %post sysctl -p /usr/lib/sysctl.d/confluent.conf >& /dev/null -if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl try-restart confluent >& /dev/null; fi +NEEDCHOWN=0 +NEEDSTART=0 +find /etc/confluent -uid 0 | egrep '.*' > /dev/null && NEEDCHOWN=1 +find /var/log/confluent -uid 0 | egrep '.*' > /dev/null && NEEDCHOWN=1 +find /var/run/confluent -uid 0 | egrep '.*' > /dev/null && NEEDCHOWN=1 +find /var/cache/confluent -uid 0 | egrep '.*' > /dev/null && NEEDCHOWN=1 +if [ $NEEDCHOWN = 1 ]; then + if systemctl is-active confluent > /dev/null; then + NEEDSTART=1 + systemctl stop confluent + fi + chown -R confluent:confluent /etc/confluent /var/lib/confluent /var/run/confluent /var/log/confluent /var/cache/confluent +fi +systemctl daemon-reload +if systemctl is-active confluent > /dev/null || [ $NEEDSTART = 1 ]; then /usr/bin/systemctl restart confluent >& /dev/null; fi if [ ! -e /etc/pam.d/confluent ]; then ln -s /etc/pam.d/sshd /etc/pam.d/confluent fi diff --git a/confluent_server/systemd/confluent.service b/confluent_server/systemd/confluent.service index 7a6f8fea..8ead8827 100644 --- a/confluent_server/systemd/confluent.service +++ b/confluent_server/systemd/confluent.service @@ -1,6 +1,7 @@ # IBM(c) 2015 Apache 2.0 +# Lenovo(c) 2020 Apache 2.0 [Unit] -Description=Confluent hardware manager +Description=Confluent hardware manager [Service] Type=forking @@ -8,6 +9,14 @@ Type=forking ExecStart=/opt/confluent/bin/confluent ExecStop=/opt/confluent/bin/confetty shutdown / Restart=on-failure +AmbientCapabilities=CAP_NET_BIND_SERVICE +User=confluent +Group=confluent +DevicePolicy=closed +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +PrivateDevices=true +ProtectControlGroups=true +ProtectSystem=true [Install] WantedBy=multi-user.target