github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add watchdog changes

Browse Source
This commit is contained in:
Ned Wright 2024-04-16 14:06:43 +00:00
parent 942b2ef8b4
commit 1a1580081c
2 changed files with 234 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
components/security_apps/orchestration/orchestration_comp.cc
View File

@ -1963,6 +1963,10 @@ private:
<< update_config.getErr(); << update_config.getErr();
return; return;
} }
auto policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
if (getOrchestrationMode() == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative") {
Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOnApplyPolicyFlag();
}
auto policy_version = i_service_controller->getPolicyVersion(); auto policy_version = i_service_controller->getPolicyVersion();
if (!policy_version.empty()) { if (!policy_version.empty()) {

291
nodes/orchestration/package/watchdog/watchdog
View File

@ -1,17 +1,36 @@
#!/bin/sh #!/bin/sh
[ -z ${FILESYSTEM_PATH} ] && FILESYSTEM_PATH="/etc/cp" SCRIPT_FOLDER=$(dirname "$0")
LOG_FILE_PATH="/var/log" PARENT_FOLDER=$(dirname "$SCRIPT_FOLDER")
FILESYSTEM_PATH=$PARENT_FOLDER
VS_ID_PATTERN="vs[0-9]\+$"
VS_ID=
TMP_FOLDER="/tmp"
USR_LIB_PATH="/usr/lib" USR_LIB_PATH="/usr/lib"
NGEN_LIB_PATH=${USR_LIB_PATH}/cpnano/
if echo "$PARENT_FOLDER" | grep -q "$VS_ID_PATTERN"; then
VS_ID="${PARENT_FOLDER##*vs}"
TMP_FOLDER="/tmp/${VS_ID}"
mkdir -p ${TMP_FOLDER}
NGEN_LIB_PATH=${USR_LIB_PATH}/cpnano/vs${VS_ID}/
if [ -f "/etc/bashrc" ]; then
. /etc/bashrc
vsenv ${VS_ID}
fi
fi
LOG_FILE_PATH="/var/log"
INIT_D_PATH="/etc/init.d" INIT_D_PATH="/etc/init.d"
WATCHDOG_PROCESS_RESTART_COUNTER="/etc/cp/watchdog/watchdog_process_restart" WATCHDOG_PROCESS_RESTART_COUNTER="${FILESYSTEM_PATH}/watchdog/watchdog_process_restart"
LOG_FILE=nano_agent/cp-nano-watchdog.dbg LOG_FILE=nano_agent/cp-nano-watchdog.dbg
AGENT_RUN_STATUS_FILE=/tmp/agent-status.txt AGENT_RUN_STATUS_FILE=${TMP_FOLDER}/agent-status.txt
SRVS_FILE=watchdog/wd.services SRVS_FILE=watchdog/wd.services
STARTUP_SRVS_FILE=watchdog/wd.services.startup
TMP_SRVS_FILE=watchdog/wd.temp TMP_SRVS_FILE=watchdog/wd.temp
VOL_SRVS_FILE=watchdog/wd.volatile_services VOL_SRVS_FILE=watchdog/wd.volatile_services
SRVS_CONTAINER_FILE=watchdog/wd.container_services_startup SRVS_CONTAINER_FILE=watchdog/wd.container_services_startup
SRVS_TO_RESTART_FILE=watchdog/wd.services.restart SRVS_TO_RESTART_FILE=watchdog/wd.services.restart
SRVS_TO_STOP_FILE=watchdog/wd.services.stop
TMP_SRVS_TO_STOP_FILE=watchdog/wd.stop.temp
TMP_VOL_SRVS_FILE_PRE_STOP=watchdog/wd.volatile_services.stop TMP_VOL_SRVS_FILE_PRE_STOP=watchdog/wd.volatile_services.stop
TMP_VOL_SRVS_FILE_PRE_DEL=watchdog/wd.volatile_services.del TMP_VOL_SRVS_FILE_PRE_DEL=watchdog/wd.volatile_services.del
SRVS_HALTED=watchdog/wd.services.halt SRVS_HALTED=watchdog/wd.services.halt
@ -24,7 +43,10 @@ env_details_file=conf/environment-details.cfg
DEFAULT_MAX_FILE_SIZE=4096 DEFAULT_MAX_FILE_SIZE=4096
#default amount of archived log files to rotate #default amount of archived log files to rotate
DEFAULT_MAX_ROTATION=10 DEFAULT_MAX_ROTATION=10
VS_EVAL_PREFIX=
var_service_startup=
var_upgarde=false
get_basename() get_basename()
{ {
@ -50,8 +72,18 @@ load_paths()
if [ -n "${CP_ENV_LOG_FILE}" ]; then if [ -n "${CP_ENV_LOG_FILE}" ]; then
LOG_FILE_PATH=$CP_ENV_LOG_FILE LOG_FILE_PATH=$CP_ENV_LOG_FILE
fi fi
if [ -n "${CP_VS_ID}" ]; then
VS_ID=${CP_VS_ID}
VS_EVAL_PREFIX="ip netns exec CTX0000${VS_ID} env"
NGEN_LIB_PATH=${USR_LIB_PATH}/cpnano/vs${VS_ID}/
fi
if [ -n "${CP_USR_LIB_PATH}" ]; then if [ -n "${CP_USR_LIB_PATH}" ]; then
USR_LIB_PATH=$CP_USR_LIB_PATH USR_LIB_PATH=$CP_USR_LIB_PATH
if [ -z "${VS_ID}" ]; then
NGEN_LIB_PATH=${USR_LIB_PATH}/cpnano/
else
NGEN_LIB_PATH=${USR_LIB_PATH}/cpnano/vs${VS_ID}/
fi
fi fi
if [ -n "${CP_INIT_D_PATH}" ]; then if [ -n "${CP_INIT_D_PATH}" ]; then
INIT_D_PATH=$CP_INIT_D_PATH INIT_D_PATH=$CP_INIT_D_PATH
@ -63,12 +95,11 @@ load_paths()
if [ -z "${MAX_ROTATION}" ]; then if [ -z "${MAX_ROTATION}" ]; then
MAX_ROTATION=$DEFAULT_MAX_ROTATION MAX_ROTATION=$DEFAULT_MAX_ROTATION
fi fi
} }
load_paths load_paths
NGEN_LIB_PATH=${USR_LIB_PATH}/cpnano/
pidof_cmd="pidof -x" pidof_cmd="pidof -x"
if command -v pidof > /dev/null 2>&1; then if command -v pidof > /dev/null 2>&1; then
PIDOF_CMD_EXISTS=1 PIDOF_CMD_EXISTS=1
@ -102,7 +133,6 @@ alpine_pid()
ps -ef | grep $1 | grep -v grep | awk '{printf $1 " "}' ps -ef | grep $1 | grep -v grep | awk '{printf $1 " "}'
} }
ls -l /etc/ | grep release > /dev/null 2>&1 ls -l /etc/ | grep release > /dev/null 2>&1
retval=$? retval=$?
if [ $retval -eq 0 ]; then if [ $retval -eq 0 ]; then
@ -173,9 +203,11 @@ sigterm()
stop_instance $service $instance_id $family stop_instance $service $instance_id $family
done done
rm ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP} rm ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP}
# wait for kill_process_by_pid that is run async by stop_instance
wait
fi fi
echo "down" >>$AGENT_RUN_STATUS_FILE echo "down" > $AGENT_RUN_STATUS_FILE
log "sigterm" "cp-nano-agent watchdog service was successfully stopped " log "sigterm" "cp-nano-agent watchdog service was successfully stopped "
exit 0 exit 0
@ -189,6 +221,111 @@ stop()
trap 'sigterm' TERM trap 'sigterm' TERM
trap 'sigterm' INT trap 'sigterm' INT
run_service()
{
service=$1
execution_flags=
srv_debug_file=
srv_err_file=
gaia_ld_path=$2
run_in_vs=
log "run_service" "Running the service: $service"
if [ -f ${service}.cfg ]; then
. "${service}.cfg"
fi
if [ -z ${srv_debug_file} ]; then
base_name=$(get_basename $service)
srv_debug_file=${LOG_FILE_PATH}/nano_agent/${base_name}.dbg
fi
if [ -z ${srv_err_file} ]; then
base_name=$(get_basename $service)
srv_err_file=${LOG_FILE_PATH}/nano_agent/${base_name}.err
fi
if ! [ -z ${gaia_ld_path} ]; then
if [ -n "$VS_ID" ]; then
NGEN_LIB_PATH="${USR_LIB_PATH}/cpnano/vs${VS_ID}/:${gaia_ld_path}"
else
NGEN_LIB_PATH="${USR_LIB_PATH}/cpnano/:${gaia_ld_path}"
fi
fi
if [ -n "$VS_ID" ]; then
run_in_vs="ip netns exec CTX0000${VS_ID}"
fi
if [ "${service}" = "${FILESYSTEM_PATH}/agentCache/cp-nano-agent-cache" ] || [ "${service}" = "${FILESYSTEM_PATH}/agentIntelligence/redis/redis-server" ] || [ "${service}" = "${FILESYSTEM_PATH}/crowdsecAux/cp-nano-crowdsec-aux" ]; then
LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${run_in_vs} ${service} ${execution_flags} 2>${srv_err_file} 1>/dev/null &
else
LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${run_in_vs} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} --service_startup=${var_service_startup} 2>${srv_err_file} 1>/dev/null &
fi
}
run_volatile_service()
{
service_line=$1
service=$(echo $service_line | cut -f1 -d ';')
family=$(echo $service_line | cut -f2 -d ';')
instance_id=$(echo $service_line | cut -f3 -d ';')
already_running="0"
execution_flags=
srv_debug_file=
srv_err_file=
gaia_ld_path=$2
log "run_volatile_service" "Running the service: ${service} ($family : $instance_id)"
if [ -f ${service}.cfg ]; then
. "${service}.cfg"
fi
if [ -z $family ]; then
debug_file_suffix=${instance_id}
else
debug_file_suffix=${family}_${instance_id}
fi
if [ -z ${srv_debug_file} ]; then
base_name=$(get_basename $service)
srv_debug_file=${LOG_FILE_PATH}/nano_agent/$base_name.dbg${debug_file_suffix}
fi
if [ -z ${srv_err_file} ]; then
base_name=$(get_basename $service)
srv_err_file=${LOG_FILE_PATH}/nano_agent/$base_name.err${debug_file_suffix}
fi
if ! [ -z ${gaia_ld_path} ]; then
if [ -n "$VS_ID" ]; then
NGEN_LIB_PATH="${USR_LIB_PATH}/cpnano/vs${VS_ID}/:${gaia_ld_path}"
else
NGEN_LIB_PATH="${USR_LIB_PATH}/cpnano/:${gaia_ld_path}"
fi
if [ "$is_smb" = "1" -a "$SUB_HW_VER" = "THX2" ]; then
NGEN_LIB_PATH="/lib64:/pfrm2.0/lib64:${NGEN_LIB_PATH}"
fi
fi
if [ -n "$VS_ID" ]; then
run_in_vs="ip netns exec CTX0000${VS_ID}"
fi
family_arg=""
if [ -n "${family}" ]; then
family_arg="--family=${family}"
fi
base_name=$(get_basename $service)
srv_err_file=${LOG_FILE_PATH}/nano_agent/$base_name.err${debug_file_suffix}
echo -en "["$(date)"]" >> ${srv_debug_file}
LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${run_in_vs} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} --service_startup=${var_service_startup} ${family_arg} --id=${instance_id} 2>${srv_err_file} &
}
register() register()
{ {
log "register" "enter" log "register" "enter"
@ -198,6 +335,7 @@ register()
family_name=$3 family_name=$3
if [ -z $service_name ]; then if [ -z $service_name ]; then
log "register" "Error! no service provided for registration"
echo "Error! no service provided for registration" echo "Error! no service provided for registration"
exit 1 exit 1
fi fi
@ -210,15 +348,30 @@ register()
if [ -z $family_size ]; then if [ -z $family_size ]; then
#handle single instance services #handle single instance services
if ! [ -z "$(cat ${FILESYSTEM_PATH}/${SRVS_FILE} | grep ^${service_name}$)" ]; then if ! [ -z "$(cat ${FILESYSTEM_PATH}/${SRVS_FILE} | grep ^${service_name}$)" ]; then
log "register" "Warning! service '$service_name' is already registered"
echo "Warning! service '$service_name' is already registered" echo "Warning! service '$service_name' is already registered"
exit 0 exit 0
fi fi
if echo "$service_name" | grep -q "orchestration"; then
temp_file=${FILESYSTEM_PATH}/${SRVS_FILE}.tmp
echo "$service_name" | cat - ${FILESYSTEM_PATH}/${SRVS_FILE} > $temp_file
mv $temp_file ${FILESYSTEM_PATH}/${SRVS_FILE}
else
echo "$service_name" >>${FILESYSTEM_PATH}/${SRVS_FILE} echo "$service_name" >>${FILESYSTEM_PATH}/${SRVS_FILE}
fi
if [ $var_upgarde = false ]; then
log "register" "The service $service_name is running for the first time."
echo "$service_name" >>${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}
fi
else else
touch ${FILESYSTEM_PATH}/${VOL_SRVS_FILE} touch ${FILESYSTEM_PATH}/${VOL_SRVS_FILE}
# handle multiple instances services # handle multiple instances services
family_prev_size=$(cat ${FILESYSTEM_PATH}/${VOL_SRVS_FILE} | grep "^$service_name;${family_name};" | wc -l) family_prev_size=$(cat ${FILESYSTEM_PATH}/${VOL_SRVS_FILE} | grep "^$service_name;${family_name};" | wc -l)
if [ $family_size -eq $family_prev_size ]; then if [ $family_size -eq $family_prev_size ]; then
log "register" "Service '$service_name' already registered with $family_size instances for family '${family_name}'"
echo "Service '$service_name' already registered with $family_size instances for family '${family_name}'" echo "Service '$service_name' already registered with $family_size instances for family '${family_name}'"
exit 0 exit 0
fi fi
@ -228,9 +381,15 @@ register()
stop_instance $service_name ${i} ${family_name} stop_instance $service_name ${i} ${family_name}
done done
fi fi
# wait for kill_process_by_pid that is run async by stop_instance
wait
grep -v -e "^${service_name};${family_name};" ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP} >${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_DEL} grep -v -e "^${service_name};${family_name};" ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP} >${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_DEL}
for i in $(seq 1 ${family_size}); do for i in $(seq 1 ${family_size}); do
echo "$service_name;$family_name;$i" >>${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_DEL} echo "$service_name;$family_name;$i" >>${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_DEL}
if [ $var_upgarde = false ]; then
log "register" "The service $service_name is running for the first time."
echo "$service_name" >>${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}
fi
done done
mv ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_DEL} ${FILESYSTEM_PATH}/${VOL_SRVS_FILE} mv ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_DEL} ${FILESYSTEM_PATH}/${VOL_SRVS_FILE}
rm ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP} rm ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP}
@ -265,7 +424,7 @@ stop_instance()
cmd_pid=$(ps -eo pid,cmd,args | grep -- "${family_arg}" | grep -- "--id=$instance_id" | awk -v srv=${1} '{if($2 ~ srv || $3 ~ srv) print $1}') cmd_pid=$(ps -eo pid,cmd,args | grep -- "${family_arg}" | grep -- "--id=$instance_id" | awk -v srv=${1} '{if($2 ~ srv || $3 ~ srv) print $1}')
fi fi
if ! [ "${cmd_pid:-null}" = null ]; then if ! [ "${cmd_pid:-null}" = null ]; then
log "stop_instance" "stopping $service_name (pid=$cmd_pid)" log "stop_instance" "Stopping registered service '$service_name', family $family_name, instance $instance_id with pid=$cmd_pid"
echo "Stopping registered service '$service_name', family $family_name, instance $instance_id with pid=$cmd_pid" echo "Stopping registered service '$service_name', family $family_name, instance $instance_id with pid=$cmd_pid"
kill_processes_by_pid $cmd_pid & kill_processes_by_pid $cmd_pid &
fi fi
@ -326,6 +485,7 @@ unregister()
kill_flag=1 kill_flag=1
if [ -z $service_name ]; then if [ -z $service_name ]; then
log "unregister" "Error! no service provided for un-registration"
echo "Error! no service provided for un-registration" echo "Error! no service provided for un-registration"
exit 1 exit 1
fi fi
@ -366,6 +526,7 @@ unregister()
done done
fi fi
rm ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP} rm ${FILESYSTEM_PATH}/${TMP_VOL_SRVS_FILE_PRE_STOP}
wait
else else
# unregister standard service # unregister standard service
service="$(cat ${FILESYSTEM_PATH}/${SRVS_FILE} | grep ^${service_name}$)" service="$(cat ${FILESYSTEM_PATH}/${SRVS_FILE} | grep ^${service_name}$)"
@ -373,6 +534,11 @@ unregister()
log "unregister" "Warning! service '$service_name' is already un-registered" log "unregister" "Warning! service '$service_name' is already un-registered"
exit 0 exit 0
fi fi
if [ -z "$(cat ${FILESYSTEM_PATH}/${SRVS_TO_STOP_FILE} | grep ^${service_name}$)" ]; then
echo $service >> ${FILESYSTEM_PATH}/${SRVS_TO_STOP_FILE}
fi
if [ $ARCH = "arm" ]; then if [ $ARCH = "arm" ]; then
cmd_pid=$(ps | awk -v srv=${service} '{if($5==srv) print $1}') cmd_pid=$(ps | awk -v srv=${service} '{if($5==srv) print $1}')
if [ "${cmd_pid:-null}" = null ] && [ $PIDOF_CMD_EXISTS -eq 1 ]; then if [ "${cmd_pid:-null}" = null ] && [ $PIDOF_CMD_EXISTS -eq 1 ]; then
@ -386,14 +552,18 @@ unregister()
fi fi
if ! [ "${cmd_pid:-null}" = null ]; then if ! [ "${cmd_pid:-null}" = null ]; then
log "unregister" "Unregistering $service (pid=$cmd_pid)" log "unregister" "Unregistering $service (pid=$cmd_pid)"
echo "Unregistering $service (pid=$cmd_pid)"
if [ ${kill_flag} -eq 1 ]; then if [ ${kill_flag} -eq 1 ]; then
echo "Stopping registered service '$service' with pid=$cmd_pid" log "unregister" "Stopping registered service '$service' with pid=$cmd_pid"
kill_processes_by_pid $cmd_pid kill_processes_by_pid $cmd_pid
fi fi
fi fi
grep -v -e "^$service_name$" ${FILESYSTEM_PATH}/${SRVS_FILE} >${FILESYSTEM_PATH}/${TMP_SRVS_FILE} grep -v -e "^$service_name$" ${FILESYSTEM_PATH}/${SRVS_FILE} >${FILESYSTEM_PATH}/${TMP_SRVS_FILE}
mv ${FILESYSTEM_PATH}/${TMP_SRVS_FILE} ${FILESYSTEM_PATH}/${SRVS_FILE} mv ${FILESYSTEM_PATH}/${TMP_SRVS_FILE} ${FILESYSTEM_PATH}/${SRVS_FILE}
grep -v -e "^$service_name$" ${FILESYSTEM_PATH}/${SRVS_TO_STOP_FILE} >${FILESYSTEM_PATH}/${TMP_SRVS_TO_STOP_FILE}
mv ${FILESYSTEM_PATH}/${TMP_SRVS_TO_STOP_FILE} ${FILESYSTEM_PATH}/${SRVS_TO_STOP_FILE}
fi fi
} }
@ -446,6 +616,9 @@ rotate_service_log()
rotate_service_file ${srv_log_file} rotate_service_file ${srv_log_file}
done done
fi fi
if [ -f ${LOG_FILE_PATH}/nano_agent/cp-nano-init-agent.dbg ]; then
rotate_service_file ${LOG_FILE_PATH}/nano_agent/cp-nano-init-agent.dbg
fi
rotate_service_file ${LOG_FILE_PATH}/$LOG_FILE rotate_service_file ${LOG_FILE_PATH}/$LOG_FILE
} }
@ -518,9 +691,9 @@ is_service_running()
cmd_pid=$(pidof $base_name) cmd_pid=$(pidof $base_name)
fi fi
elif [ $ARCH = "alpine" ]; then elif [ $ARCH = "alpine" ]; then
cmd_pid=$(ps -ef | awk -v srv="$service" '{if(($4 ~ srv || $3 ~ srv || $6 ~ srv) && ($4 != "awk" && $4 != "grep" )) print $1}') cmd_pid=$(ps -ef | awk -v srv="$service$" '{if(($4 ~ srv || $3 ~ srv || $6 ~ srv) && ($4 != "awk" && $4 != "grep" )) print $1}')
else else
cmd_pid=$(ps -eo pid,cmd | awk -v srv="$service" '{if($2 ~ srv || $3 ~ srv) print $1}') cmd_pid=$(ps -eo pid,cmd | awk -v srv="$service$" '{if($2 ~ srv || $3 ~ srv) print $1}')
fi fi
if [ "${cmd_pid:-null}" = null ]; then if [ "${cmd_pid:-null}" = null ]; then
@ -576,8 +749,6 @@ load_volatile_services()
family=$(echo $service_line | cut -f2 -d ';') family=$(echo $service_line | cut -f2 -d ';')
instance_id=$(echo $service_line | cut -f3 -d ';') instance_id=$(echo $service_line | cut -f3 -d ';')
already_running="0" already_running="0"
execution_flags=
srv_debug_file=
gaia_ld_path= gaia_ld_path=
if [ -n "$(cat ${FILESYSTEM_PATH}/$SRVS_HALTED | grep $service)" ]; then if [ -n "$(cat ${FILESYSTEM_PATH}/$SRVS_HALTED | grep $service)" ]; then
@ -588,39 +759,22 @@ load_volatile_services()
. "${service}.cfg" . "${service}.cfg"
fi fi
if [ -z $family ]; then
debug_file_suffix=${instance_id}
else
debug_file_suffix=${family}_${instance_id}
fi
if [ -z ${srv_debug_file} ]; then
base_name=$(get_basename $service)
srv_debug_file=${LOG_FILE_PATH}/nano_agent/$base_name.dbg${debug_file_suffix}
fi
if ! [ -z ${gaia_ld_path} ]; then
NGEN_LIB_PATH="${USR_LIB_PATH}/cpnano/:${gaia_ld_path}"
if [ "$is_smb" = "1" -a "$SUB_HW_VER" = "THX2" ]; then
NGEN_LIB_PATH="/lib64:/pfrm2.0/lib64:${NGEN_LIB_PATH}"
fi
fi
if test "$(is_volatile_service_running $service $instance_id $family)" = "false"; then if test "$(is_volatile_service_running $service $instance_id $family)" = "false"; then
family_arg="" if [ -n "$(cat ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE} | grep $service)" ]; then
if [ -n "${family}" ]; then var_service_startup=true
family_arg="--family=${family}" grep -v -e "^$service$" ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE} >${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}.tmp
mv ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}.tmp ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}
else
var_service_startup=false
fi fi
log "load_volatile_services" "Respawn ${service} ($family : $instance_id)" run_volatile_service $service_line $gaia_ld_path
echo -en "["$(date)"]" >> ${srv_debug_file}
eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} ${family_arg} --id=${instance_id} &"
increment_watchdog_process_restart_counter increment_watchdog_process_restart_counter
echo "running" >> $AGENT_RUN_STATUS_FILE echo "running" > $AGENT_RUN_STATUS_FILE
already_running="1" already_running="1"
fi fi
if test "$already_running" = "0" && [ -f /tmp/agent-status.txt ]; then if test "$already_running" = "0" && [ -f $AGENT_RUN_STATUS_FILE ]; then
echo "already running" >>$AGENT_RUN_STATUS_FILE echo "already running" > $AGENT_RUN_STATUS_FILE
fi fi
done done
fi fi
@ -629,6 +783,8 @@ load_volatile_services()
load_services() load_services()
{ {
load_paths load_paths
all_running=true
is_startup_mode=false is_startup_mode=false
if [ -f ${FILESYSTEM_PATH}/watchdog/wd.startup ]; then if [ -f ${FILESYSTEM_PATH}/watchdog/wd.startup ]; then
rm -f ${FILESYSTEM_PATH}/watchdog/wd.startup rm -f ${FILESYSTEM_PATH}/watchdog/wd.startup
@ -638,28 +794,21 @@ load_services()
already_running="0" already_running="0"
for service in $(cat ${FILESYSTEM_PATH}/${SRVS_FILE}); do for service in $(cat ${FILESYSTEM_PATH}/${SRVS_FILE}); do
execution_flags=
srv_debug_file=
gaia_ld_path=
if test "$is_startup_mode" = "false" && [ -n "$(cat ${FILESYSTEM_PATH}/$SRVS_HALTED | grep $service)" ]; then if test "$is_startup_mode" = "false" && [ -n "$(cat ${FILESYSTEM_PATH}/$SRVS_HALTED | grep $service)" ]; then
continue continue
fi fi
if [ -n "$(cat ${FILESYSTEM_PATH}/${SRVS_TO_STOP_FILE} | grep $service)" ]; then
continue
fi
if [ -f ${service}.cfg ]; then if [ -f ${service}.cfg ]; then
. "${service}.cfg" . "${service}.cfg"
fi fi
if [ -z ${srv_debug_file} ]; then
base_name=$(get_basename $service)
srv_debug_file=${LOG_FILE_PATH}/nano_agent/${base_name}.dbg
fi
if ! [ -z ${gaia_ld_path} ]; then
NGEN_LIB_PATH="${USR_LIB_PATH}/cpnano/:${gaia_ld_path}"
fi
if test "$(is_service_running $service)" = "false"; then if test "$(is_service_running $service)" = "false"; then
all_running=false
if [ ! -z $IS_CONTAINER_ENV ] && [ -f ${FILESYSTEM_PATH}/$SRVS_CONTAINER_FILE ]; then if [ ! -z $IS_CONTAINER_ENV ] && [ -f ${FILESYSTEM_PATH}/$SRVS_CONTAINER_FILE ]; then
if grep -q "$service" ${FILESYSTEM_PATH}/$SRVS_CONTAINER_FILE; then if grep -q "$service" ${FILESYSTEM_PATH}/$SRVS_CONTAINER_FILE; then
sed -i "/$service/d" ${FILESYSTEM_PATH}/$SRVS_CONTAINER_FILE sed -i "/$service/d" ${FILESYSTEM_PATH}/$SRVS_CONTAINER_FILE
@ -668,25 +817,35 @@ load_services()
fi fi
if [ ! -z $IS_CONTAINER_ENV ] && test "$is_startup_mode" = "false"; then if [ ! -z $IS_CONTAINER_ENV ] && test "$is_startup_mode" = "false"; then
log "load_services" "Error: Nano service $service stopped running"
echo "Error: Nano service $service stopped running" echo "Error: Nano service $service stopped running"
exit 1 exit 1
fi fi
log "load_services" "Respawn ${service}" log "load_services" "Respawn ${service}"
if [ "${service}" = "${FILESYSTEM_PATH}/agentCache/cp-nano-agent-cache" ] || [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ] || [ "${service}" = "/etc/cp/crowdsecAux/cp-nano-crowdsec-aux" ]; then if [ -n "$(cat ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE} | grep $service)" ]; then
eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} &" var_service_startup=true
grep -v -e "^$service$" ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE} >${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}.tmp
mv ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}.tmp ${FILESYSTEM_PATH}/${STARTUP_SRVS_FILE}
else else
eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} &" var_service_startup=false
fi fi
run_service $service $gaia_ld_path
increment_watchdog_process_restart_counter increment_watchdog_process_restart_counter
echo "running" >> $AGENT_RUN_STATUS_FILE echo "running" > $AGENT_RUN_STATUS_FILE
already_running="1" already_running="1"
fi fi
if test "$already_running" = "0" && [ -f /tmp/agent-status.txt ]; then if test "$already_running" = "0" && [ -f $AGENT_RUN_STATUS_FILE ]; then
echo "already running" >>$AGENT_RUN_STATUS_FILE echo "already running" > $AGENT_RUN_STATUS_FILE
fi fi
done done
if test "$all_running" = "false"; then
rm -f /tmp/wd.all_running
else
touch /tmp/wd.all_running
fi
} }
get_service_status() get_service_status()
@ -716,6 +875,7 @@ get_service_status()
shift shift
done done
if [ -z $service ]; then if [ -z $service ]; then
log "get_service_status" "Error: service name was not provided"
echo "Error: service name was not provided" echo "Error: service name was not provided"
exit 1 exit 1
fi fi
@ -732,6 +892,7 @@ get_service_status()
if [ "$verbose" = "true" ]; then if [ "$verbose" = "true" ]; then
echo "service '$service' is ${registration_status} and ${running_status}" echo "service '$service' is ${registration_status} and ${running_status}"
else else
log "get_service_status" "service '$service' is ${registration_status}"
echo "service '$service' is ${registration_status}" echo "service '$service' is ${registration_status}"
fi fi
else else
@ -746,8 +907,10 @@ get_service_status()
# handle multiple instances services # handle multiple instances services
if [ "$verbose" = "true" ]; then if [ "$verbose" = "true" ]; then
log "get_service_status" "service '$service' (Family '$fid', uid '$uid') is ${registration_status} and ${running_status}"
echo "service '$service' (Family '$fid', uid '$uid') is ${registration_status} and ${running_status}" echo "service '$service' (Family '$fid', uid '$uid') is ${registration_status} and ${running_status}"
else else
log "get_service_status" "service '$service' (Family '$fid', uid '$uid') is ${registration_status}"
echo "service '$service' (Family '$fid', uid '$uid') is ${registration_status}" echo "service '$service' (Family '$fid', uid '$uid') is ${registration_status}"
fi fi
fi fi
@ -770,6 +933,10 @@ elif test "$1" = "--restart_count" || test "$1" = "-rc"; then
echo ${counter} echo ${counter}
exit 0 exit 0
elif test "$1" = "--register" || test "$1" = "-r"; then elif test "$1" = "--register" || test "$1" = "-r"; then
if test "$2" = "--upgrade"; then
var_upgarde=true
shift
fi
if test "$3" = "--family" || test "$3" = "-f"; then if test "$3" = "--family" || test "$3" = "-f"; then
family_name=$4 family_name=$4
if test "$5" = "--count" || test "$5" = "-c"; then if test "$5" = "--count" || test "$5" = "-c"; then
@ -844,8 +1011,8 @@ fi
IS_SERVICE_STARTED=false IS_SERVICE_STARTED=false
echo "" >${FILESYSTEM_PATH}/$SRVS_HALTED echo "" >${FILESYSTEM_PATH}/$SRVS_HALTED
while $(true); do while $(true); do
if [ -z $IS_CONTAINER_ENV ] && [ -f /tmp/restart_watchdog ]; then if [ -z $IS_CONTAINER_ENV ] && [ -f ${FILESYSTEM_PATH}/orchestration/restart_watchdog ]; then
rm -f /tmp/restart_watchdog rm -f ${FILESYSTEM_PATH}/orchestration/restart_watchdog
if [ $ARCH = "arm" ]; then if [ $ARCH = "arm" ]; then
cp_exec "$INIT_D_PATH/nano_agent.init restart" cp_exec "$INIT_D_PATH/nano_agent.init restart"
else else