Merge lp:~darkmuggle-deactivatedaccount/ubuntu/quantal/walinuxagent/lp1077148 into lp:ubuntu/quantal/walinuxagent
- Quantal (12.10)
- lp1077148
- Merge into quantal
Proposed by
Ben Howard
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | James Page | ||||
Merged at revision: | not available | ||||
Proposed branch: | lp:~darkmuggle-deactivatedaccount/ubuntu/quantal/walinuxagent/lp1077148 | ||||
Merge into: | lp:ubuntu/quantal/walinuxagent | ||||
Diff against target: |
8316 lines (+2824/-5015) 22 files modified
.pc/.quilt_patches (+0/-1) .pc/.quilt_series (+0/-1) .pc/.version (+0/-1) .pc/000_ubuntu_init_resolvconf.patch/waagent (+0/-2335) .pc/000_use_package_upstart.patch/waagent (+2473/-0) .pc/001_ubuntu_agent_startup.patch/waagent (+0/-2395) .pc/applied-patches (+0/-2) Changelog (+25/-0) debian/changelog (+60/-0) debian/control (+10/-0) debian/patches/000_ubuntu_init_resolvconf.patch (+0/-153) debian/patches/000_use_package_upstart.patch (+16/-0) debian/patches/001_ubuntu_agent_startup.patch (+0/-22) debian/patches/series (+0/-2) debian/postinst (+7/-2) debian/preinst (+16/-0) debian/prerm (+2/-3) debian/rules (+3/-4) debian/upstart (+24/-0) debian/walinuxagent-data-saver.lintian-overrides (+10/-0) debian/walinuxagent-data-saver.preinst (+16/-0) waagent (+162/-94) |
||||
To merge this branch: | bzr merge lp:~darkmuggle-deactivatedaccount/ubuntu/quantal/walinuxagent/lp1077148 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
James Page | Needs Fixing | ||
Review via email: mp+139716@code.launchpad.net |
Commit message
Description of the change
This package fixes the following issues:
- Added - load ata_piix.ko module loaded if needed for CDROM device support
- Additional logging for DoDhcpWork()
- Update sock.recv timeout from 30 to 10 seconds
- Fix: Linux waagent deprovision, user is not deleted properly
- Fix: Make LBProbeResponder construction more robust
- Fix: Agent fails to provision user with public/private key pairs
- Fix: DHCP broadcast response not received
- Fix: Linux agent fails to delete root user password
- Fix: Linux agent should report error messages to Fabric when
passed an invalid hostname.
To post a comment you must log in.
- 8. By Ben Howard
-
Correction of version number
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === added directory '.pc' |
2 | === removed directory '.pc' |
3 | === added file '.pc/.quilt_patches' |
4 | --- .pc/.quilt_patches 1970-01-01 00:00:00 +0000 |
5 | +++ .pc/.quilt_patches 2012-12-13 16:29:21 +0000 |
6 | @@ -0,0 +1,1 @@ |
7 | +debian/patches |
8 | |
9 | === removed file '.pc/.quilt_patches' |
10 | --- .pc/.quilt_patches 2012-06-22 09:10:22 +0000 |
11 | +++ .pc/.quilt_patches 1970-01-01 00:00:00 +0000 |
12 | @@ -1,1 +0,0 @@ |
13 | -debian/patches |
14 | |
15 | === added file '.pc/.quilt_series' |
16 | --- .pc/.quilt_series 1970-01-01 00:00:00 +0000 |
17 | +++ .pc/.quilt_series 2012-12-13 16:29:21 +0000 |
18 | @@ -0,0 +1,1 @@ |
19 | +series |
20 | |
21 | === removed file '.pc/.quilt_series' |
22 | --- .pc/.quilt_series 2012-06-22 09:10:22 +0000 |
23 | +++ .pc/.quilt_series 1970-01-01 00:00:00 +0000 |
24 | @@ -1,1 +0,0 @@ |
25 | -series |
26 | |
27 | === added file '.pc/.version' |
28 | --- .pc/.version 1970-01-01 00:00:00 +0000 |
29 | +++ .pc/.version 2012-12-13 16:29:21 +0000 |
30 | @@ -0,0 +1,1 @@ |
31 | +2 |
32 | |
33 | === removed file '.pc/.version' |
34 | --- .pc/.version 2012-06-22 09:10:22 +0000 |
35 | +++ .pc/.version 1970-01-01 00:00:00 +0000 |
36 | @@ -1,1 +0,0 @@ |
37 | -2 |
38 | |
39 | === removed directory '.pc/000_ubuntu_init_resolvconf.patch' |
40 | === removed file '.pc/000_ubuntu_init_resolvconf.patch/waagent' |
41 | --- .pc/000_ubuntu_init_resolvconf.patch/waagent 2012-06-22 09:10:22 +0000 |
42 | +++ .pc/000_ubuntu_init_resolvconf.patch/waagent 1970-01-01 00:00:00 +0000 |
43 | @@ -1,2335 +0,0 @@ |
44 | -#!/usr/bin/python |
45 | -# |
46 | -# Windows Azure Linux Agent |
47 | -# |
48 | -# Copyright 2012 Microsoft Corporation |
49 | -# |
50 | -# Licensed under the Apache License, Version 2.0 (the "License"); |
51 | -# you may not use this file except in compliance with the License. |
52 | -# You may obtain a copy of the License at |
53 | -# |
54 | -# http://www.apache.org/licenses/LICENSE-2.0 |
55 | -# |
56 | -# Unless required by applicable law or agreed to in writing, software |
57 | -# distributed under the License is distributed on an "AS IS" BASIS, |
58 | -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
59 | -# See the License for the specific language governing permissions and |
60 | -# limitations under the License. |
61 | -# |
62 | -# Requires Python 2.4+ and Openssl 1.0+ |
63 | -# |
64 | -# Implements parts of RFC 2131, 1541, 1497 and |
65 | -# http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx |
66 | -# http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx |
67 | -# |
68 | - |
69 | -import array |
70 | -import base64 |
71 | -import httplib |
72 | -import os |
73 | -import os.path |
74 | -import platform |
75 | -import pwd |
76 | -import re |
77 | -import shutil |
78 | -import socket |
79 | -import SocketServer |
80 | -import struct |
81 | -import sys |
82 | -import tempfile |
83 | -import textwrap |
84 | -import threading |
85 | -import time |
86 | -import traceback |
87 | -import xml.dom.minidom |
88 | - |
89 | -GuestAgentName = "WALinuxAgent" |
90 | -GuestAgentLongName = "Windows Azure Linux Agent" |
91 | -GuestAgentVersion = "rd_wala.120504-1323" |
92 | -ProtocolVersion = "2011-12-31" |
93 | - |
94 | -Config = None |
95 | -LinuxDistro = "UNKNOWN" |
96 | -Verbose = False |
97 | -WaAgent = None |
98 | -DiskActivated = False |
99 | -Openssl = "openssl" |
100 | - |
101 | -PossibleEthernetInterfaces = ["seth0", "seth1", "eth0", "eth1"] |
102 | -RulesFiles = [ "/lib/udev/rules.d/75-persistent-net-generator.rules", |
103 | - "/etc/udev/rules.d/70-persistent-net.rules" ] |
104 | -VarLibDhcpDirectories = ["/var/lib/dhclient", "/var/lib/dhcpcd", "/var/lib/dhcp"] |
105 | -EtcDhcpClientConfFiles = ["/etc/dhcp/dhclient.conf", "/etc/dhcp3/dhclient.conf"] |
106 | -LibDir = "/var/lib/waagent" |
107 | - |
108 | -# This lets us index into a string or an array of integers transparently. |
109 | -def Ord(a): |
110 | - if type(a) == type("a"): |
111 | - a = ord(a) |
112 | - return a |
113 | - |
114 | -def IsWindows(): |
115 | - return (platform.uname()[0] == "Windows") |
116 | - |
117 | -def IsLinux(): |
118 | - return (platform.uname()[0] == "Linux") |
119 | - |
120 | -def DetectLinuxDistro(): |
121 | - global LinuxDistro |
122 | - if os.path.isfile("/etc/redhat-release"): |
123 | - LinuxDistro = "RedHat" |
124 | - return True |
125 | - if os.path.isfile("/etc/lsb-release") and "Ubuntu" in GetFileContents("/etc/lsb-release"): |
126 | - LinuxDistro = "Ubuntu" |
127 | - return True |
128 | - if os.path.isfile("/etc/debian_version"): |
129 | - LinuxDistro = "Debian" |
130 | - return True |
131 | - if os.path.isfile("/etc/SuSE-release"): |
132 | - LinuxDistro = "Suse" |
133 | - return True |
134 | - return False |
135 | - |
136 | -def IsRedHat(): |
137 | - return "RedHat" in LinuxDistro |
138 | - |
139 | -def IsUbuntu(): |
140 | - return "Ubuntu" in LinuxDistro |
141 | - |
142 | -def IsDebian(): |
143 | - return IsUbuntu() or "Debian" in LinuxDistro |
144 | - |
145 | -def IsSuse(): |
146 | - return "Suse" in LinuxDistro |
147 | - |
148 | -def UsesRpm(): |
149 | - return IsRedHat() or IsSuse() |
150 | - |
151 | -def UsesDpkg(): |
152 | - return IsDebian() |
153 | - |
154 | -def GetLastPathElement(path): |
155 | - return path.rsplit('/', 1)[1] |
156 | - |
157 | -def GetFileContents(filepath): |
158 | - file = None |
159 | - try: |
160 | - file = open(filepath) |
161 | - except: |
162 | - return None |
163 | - if file == None: |
164 | - return None |
165 | - try: |
166 | - return file.read() |
167 | - finally: |
168 | - file.close() |
169 | - |
170 | -def SetFileContents(filepath, contents): |
171 | - file = open(filepath, "w") |
172 | - try: |
173 | - file.write(contents) |
174 | - finally: |
175 | - file.close() |
176 | - |
177 | -def AppendFileContents(filepath, contents): |
178 | - file = open(filepath, "a") |
179 | - try: |
180 | - file.write(contents) |
181 | - finally: |
182 | - file.close() |
183 | - |
184 | -def ReplaceFileContentsAtomic(filepath, contents): |
185 | - handle, temp = tempfile.mkstemp(dir = os.path.dirname(filepath)) |
186 | - try: |
187 | - os.write(handle, contents) |
188 | - finally: |
189 | - os.close(handle) |
190 | - try: |
191 | - os.rename(temp, filepath) |
192 | - return |
193 | - except: |
194 | - pass |
195 | - os.remove(filepath) |
196 | - os.rename(temp, filepath) |
197 | - |
198 | -def GetLineStartingWith(prefix, filepath): |
199 | - for line in GetFileContents(filepath).split('\n'): |
200 | - if line.startswith(prefix): |
201 | - return line |
202 | - return None |
203 | - |
204 | -def Run(a): |
205 | - LogIfVerbose(a) |
206 | - return os.system(a) |
207 | - |
208 | -def GetNodeTextData(a): |
209 | - for b in a.childNodes: |
210 | - if b.nodeType == b.TEXT_NODE: |
211 | - return b.data |
212 | - |
213 | -def GetHome(): |
214 | - home = None |
215 | - try: |
216 | - home = GetLineStartingWith("HOME", "/etc/default/useradd").split('=')[1].strip() |
217 | - except: |
218 | - pass |
219 | - if (home == None) or (home.startswith("/") == False): |
220 | - home = "/home" |
221 | - return home |
222 | - |
223 | -def ChangeOwner(filepath, user): |
224 | - p = None |
225 | - try: |
226 | - p = pwd.getpwnam(user) |
227 | - except: |
228 | - pass |
229 | - if p != None: |
230 | - os.chown(filepath, p[2], p[3]) |
231 | - |
232 | -def CreateDir(dirpath, user, mode): |
233 | - try: |
234 | - os.makedirs(dirpath, mode) |
235 | - except: |
236 | - pass |
237 | - ChangeOwner(dirpath, user) |
238 | - |
239 | -def CreateAccount(user, password, expiration, thumbprint): |
240 | - if IsWindows(): |
241 | - Log("Skipping CreateAccount on Windows") |
242 | - return None |
243 | - userentry = None |
244 | - try: |
245 | - userentry = pwd.getpwnam(user) |
246 | - except: |
247 | - pass |
248 | - uidmin = None |
249 | - try: |
250 | - uidmin = int(GetLineStartingWith("UID_MIN", "/etc/login.defs").split()[1]) |
251 | - except: |
252 | - pass |
253 | - if uidmin == None: |
254 | - uidmin = 100 |
255 | - if userentry != None and userentry[2] < uidmin: |
256 | - Error("CreateAccount: " + user + " is a system user. Will not set password.") |
257 | - return "Failed to set password for system user: " + user + " (0x06)." |
258 | - if userentry == None: |
259 | - command = "useradd -m " + user |
260 | - if expiration != None: |
261 | - command += " -e " + expiration.split('.')[0] |
262 | - if Run(command): |
263 | - Error("Failed to create user account: " + user) |
264 | - return "Failed to create user account: " + user + " (0x07)." |
265 | - else: |
266 | - Log("CreateAccount: " + user + " already exists. Will update password.") |
267 | - if password != None: |
268 | - os.popen("chpasswd", "w").write(user + ":" + password + "\n") |
269 | - try: |
270 | - if password == None: |
271 | - SetFileContents("/etc/sudoers.d/waagent", user + " ALL = (ALL) NOPASSWD: ALL\n") |
272 | - else: |
273 | - SetFileContents("/etc/sudoers.d/waagent", user + " ALL = (ALL) ALL\n") |
274 | - os.chmod("/etc/sudoers.d/waagent", 0440) |
275 | - except: |
276 | - Error("CreateAccount: Failed to configure sudo access for user.") |
277 | - return "Failed to configure sudo privileges (0x08)." |
278 | - home = GetHome() |
279 | - if thumbprint != None: |
280 | - dir = home + "/" + user + "/.ssh" |
281 | - CreateDir(dir, user, 0700) |
282 | - pub = dir + "/id_rsa.pub" |
283 | - prv = dir + "/id_rsa" |
284 | - Run("ssh-keygen -y -f " + thumbprint + ".prv > " + pub) |
285 | - SetFileContents(prv, GetFileContents(thumbprint + ".prv")) |
286 | - for f in [pub, prv]: |
287 | - os.chmod(f, 0600) |
288 | - ChangeOwner(f, user) |
289 | - SetFileContents(dir + "/authorized_keys", GetFileContents(pub)) |
290 | - ChangeOwner(dir + "/authorized_keys", user) |
291 | - Log("Created user account: " + user) |
292 | - return None |
293 | - |
294 | -def DeleteAccount(user): |
295 | - if IsWindows(): |
296 | - Log("Skipping DeleteAccount on Windows") |
297 | - return |
298 | - userentry = None |
299 | - try: |
300 | - userentry = pwd.getpwnam(user) |
301 | - except: |
302 | - pass |
303 | - if userentry == None: |
304 | - Error("DeleteAccount: " + user + " not found.") |
305 | - return |
306 | - uidmin = None |
307 | - try: |
308 | - uidmin = int(GetLineStartingWith("UID_MIN", "/etc/login.defs").split()[1]) |
309 | - except: |
310 | - pass |
311 | - if uidmin == None: |
312 | - uidmin = 100 |
313 | - if userentry[2] < uidmin: |
314 | - Error("DeleteAccount: " + user + " is a system user. Will not delete account.") |
315 | - return |
316 | - Run("userdel -f -r " + user) |
317 | - try: |
318 | - os.remove("/etc/sudoers.d/waagent") |
319 | - except: |
320 | - pass |
321 | - return |
322 | - |
323 | -def ReloadSshd(): |
324 | - name = None |
325 | - if IsRedHat() or IsSuse(): |
326 | - name = "sshd" |
327 | - if IsDebian(): |
328 | - name = "ssh" |
329 | - if name == None: |
330 | - return |
331 | - if not Run("service " + name + " status | grep running"): |
332 | - Run("service " + name + " reload") |
333 | - |
334 | -def IsInRangeInclusive(a, low, high): |
335 | - return (a >= low and a <= high) |
336 | - |
337 | -def IsPrintable(ch): |
338 | - return IsInRangeInclusive(ch, Ord('A'), Ord('Z')) or IsInRangeInclusive(ch, Ord('a'), Ord('z')) or IsInRangeInclusive(ch, Ord('0'), Ord('9')) |
339 | - |
340 | -def HexDump(buffer, size): |
341 | - if size < 0: |
342 | - size = len(buffer) |
343 | - result = "" |
344 | - for i in range(0, size): |
345 | - if (i % 16) == 0: |
346 | - result += "%06X: " % i |
347 | - byte = struct.unpack("B", buffer[i])[0] |
348 | - result += "%02X " % byte |
349 | - if (i & 15) == 7: |
350 | - result += " " |
351 | - if ((i + 1) % 16) == 0 or (i + 1) == size: |
352 | - j = i |
353 | - while ((j + 1) % 16) != 0: |
354 | - result += " " |
355 | - if (j & 7) == 7: |
356 | - result += " " |
357 | - j += 1 |
358 | - result += " " |
359 | - for j in range(i - (i % 16), i + 1): |
360 | - byte = struct.unpack("B", buffer[j])[0] |
361 | - k = '.' |
362 | - if IsPrintable(byte): |
363 | - k = chr(byte) |
364 | - result += k |
365 | - if (i + 1) != size: |
366 | - result += "\n" |
367 | - return result |
368 | - |
369 | -def ThrottleLog(counter): |
370 | - # Log everything up to 10, every 10 up to 100, then every 100. |
371 | - return (counter < 10) or ((counter < 100) and ((counter % 10) == 0)) or ((counter % 100) == 0) |
372 | - |
373 | -def Logger(): |
374 | - class T(object): |
375 | - def __init__(self): |
376 | - self.File = None |
377 | - |
378 | - self = T() |
379 | - |
380 | - def LogToFile(message): |
381 | - FilePath = ["/var/log/waagent.log", "waagent.log"][IsWindows()] |
382 | - if not os.path.isfile(FilePath) and self.File != None: |
383 | - self.File.close() |
384 | - self.File = None |
385 | - if self.File == None: |
386 | - self.File = open(FilePath, "a") |
387 | - self.File.write(message + "\n") |
388 | - self.File.flush() |
389 | - |
390 | - def Log(message): |
391 | - LogWithPrefix("", message) |
392 | - |
393 | - def LogWithPrefix(prefix, message): |
394 | - t = time.localtime() |
395 | - t = "%04u/%02u/%02u %02u:%02u:%02u " % (t.tm_year, t.tm_mon, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec) |
396 | - t += prefix |
397 | - for line in message.split('\n'): |
398 | - line = t + line |
399 | - print(line) |
400 | - LogToFile(line) |
401 | - |
402 | - return Log, LogWithPrefix |
403 | - |
404 | -Log, LogWithPrefix = Logger() |
405 | - |
406 | -def NoLog(message): |
407 | - pass |
408 | - |
409 | -def LogIfVerbose(message): |
410 | - if Verbose == True: |
411 | - Log(message) |
412 | - |
413 | -def LogWithPrefixIfVerbose(prefix, message): |
414 | - if Verbose == True: |
415 | - LogWithPrefix(prefix, message) |
416 | - |
417 | -def Warn(message): |
418 | - LogWithPrefix("WARNING:", message) |
419 | - |
420 | -def Error(message): |
421 | - LogWithPrefix("ERROR:", message) |
422 | - |
423 | -def ErrorWithPrefix(prefix, message): |
424 | - LogWithPrefix("ERROR:" + prefix, message) |
425 | - |
426 | -def Linux_ioctl_GetIpv4Address(ifname): |
427 | - import fcntl |
428 | - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
429 | - return socket.inet_ntoa(fcntl.ioctl(s.fileno(), 0x8915, struct.pack('256s', ifname[:15]))[20:24]) |
430 | - |
431 | -def Linux_ioctl_GetInterfaceMac(ifname): |
432 | - import fcntl |
433 | - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
434 | - info = fcntl.ioctl(s.fileno(), 0x8927, struct.pack('256s', ifname[:15])) |
435 | - return ''.join(['%02X' % Ord(char) for char in info[18:24]]) |
436 | - |
437 | -def GetIpv4Address(): |
438 | - if IsLinux(): |
439 | - for ifname in PossibleEthernetInterfaces: |
440 | - try: |
441 | - return Linux_ioctl_GetIpv4Address(ifname) |
442 | - except IOError, e: |
443 | - pass |
444 | - else: |
445 | - try: |
446 | - return socket.gethostbyname(socket.gethostname()) |
447 | - except Exception, e: |
448 | - ErrorWithPrefix("GetIpv4Address:", str(e)) |
449 | - ErrorWithPrefix("GetIpv4Address:", traceback.format_exc()) |
450 | - |
451 | -def HexStringToByteArray(a): |
452 | - b = "" |
453 | - for c in range(0, len(a) / 2): |
454 | - b += struct.pack("B", int(a[c * 2:c * 2 + 2], 16)) |
455 | - return b |
456 | - |
457 | -def GetMacAddress(): |
458 | - if IsWindows(): |
459 | - # Windows: Physical Address. . . . . . . . . : 00-15-17-79-00-7F\n |
460 | - a = "ipconfig /all | findstr /c:\"Physical Address\" | findstr /v \"00-00-00-00-00-00-00\"" |
461 | - a = os.popen(a).read() |
462 | - a = re.sub("\s+$", "", a) |
463 | - a = re.sub(".+ ", "", a) |
464 | - a = re.sub(":", "", a) |
465 | - a = re.sub("-", "", a) |
466 | - else: |
467 | - for ifname in PossibleEthernetInterfaces: |
468 | - try: |
469 | - a = Linux_ioctl_GetInterfaceMac(ifname) |
470 | - break |
471 | - except IOError, e: |
472 | - pass |
473 | - return HexStringToByteArray(a) |
474 | - |
475 | -def DeviceForIdePort(n): |
476 | - if n > 3: |
477 | - return None |
478 | - g0 = "00000000" |
479 | - if n > 1: |
480 | - g0 = "00000001" |
481 | - n = n - 2 |
482 | - device = None |
483 | - path="/sys/bus/vmbus/devices/" |
484 | - for vmbus in os.listdir(path): |
485 | - guid=GetFileContents(path + vmbus + "/device_id").lstrip('{').split('-') |
486 | - if guid[0] == g0 and guid[1] == "000" + str(n): |
487 | - for root, dirs, files in os.walk(path + vmbus): |
488 | - if root.endswith("/block"): |
489 | - device = dirs[0] |
490 | - break |
491 | - break |
492 | - return device |
493 | - |
494 | -class Util(object): |
495 | - def _HttpGet(self, url, headers): |
496 | - LogIfVerbose("HttpGet(" + url + ")") |
497 | - maxRetry = 2 |
498 | - if url.startswith("http://"): |
499 | - url = url[7:] |
500 | - url = url[url.index("/"):] |
501 | - for retry in range(0, maxRetry + 1): |
502 | - strRetry = str(retry) |
503 | - log = [NoLog, Log][retry > 0] |
504 | - log("retry HttpGet(" + url + "),retry=" + strRetry) |
505 | - response = None |
506 | - strStatus = "None" |
507 | - try: |
508 | - httpConnection = httplib.HTTPConnection(self.Endpoint) |
509 | - if headers == None: |
510 | - request = httpConnection.request("GET", url) |
511 | - else: |
512 | - request = httpConnection.request("GET", url, None, headers) |
513 | - response = httpConnection.getresponse() |
514 | - strStatus = str(response.status) |
515 | - except: |
516 | - pass |
517 | - log("response HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
518 | - if response == None or response.status != httplib.OK: |
519 | - Error("HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
520 | - if retry == maxRetry: |
521 | - Log("return HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
522 | - return None |
523 | - else: |
524 | - Log("sleep 10 seconds HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
525 | - time.sleep(10) |
526 | - else: |
527 | - log("return HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
528 | - return response.read() |
529 | - |
530 | - def HttpGetWithoutHeaders(self, url): |
531 | - return self._HttpGet(url, None) |
532 | - |
533 | - def HttpGetWithHeaders(self, url): |
534 | - return self._HttpGet(url, {"x-ms-agent-name": GuestAgentName, "x-ms-version": ProtocolVersion}) |
535 | - |
536 | - def HttpSecureGetWithHeaders(self, url, transportCert): |
537 | - return self._HttpGet(url, {"x-ms-agent-name": GuestAgentName, |
538 | - "x-ms-version": ProtocolVersion, |
539 | - "x-ms-cipher-name": "DES_EDE3_CBC", |
540 | - "x-ms-guest-agent-public-x509-cert": transportCert}) |
541 | - |
542 | - def HttpPost(self, url, data): |
543 | - LogIfVerbose("HttpPost(" + url + ")") |
544 | - maxRetry = 2 |
545 | - for retry in range(0, maxRetry + 1): |
546 | - strRetry = str(retry) |
547 | - log = [NoLog, Log][retry > 0] |
548 | - log("retry HttpPost(" + url + "),retry=" + strRetry) |
549 | - response = None |
550 | - strStatus = "None" |
551 | - try: |
552 | - httpConnection = httplib.HTTPConnection(self.Endpoint) |
553 | - request = httpConnection.request("POST", url, data, {"x-ms-agent-name": GuestAgentName, |
554 | - "Content-Type": "text/xml; charset=utf-8", |
555 | - "x-ms-version": ProtocolVersion}) |
556 | - response = httpConnection.getresponse() |
557 | - strStatus = str(response.status) |
558 | - except: |
559 | - pass |
560 | - log("response HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
561 | - if response == None or (response.status != httplib.OK and response.status != httplib.ACCEPTED): |
562 | - Error("HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
563 | - if retry == maxRetry: |
564 | - Log("return HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
565 | - return None |
566 | - else: |
567 | - Log("sleep 10 seconds HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
568 | - time.sleep(10) |
569 | - else: |
570 | - log("return HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
571 | - return response |
572 | - |
573 | -def LoadBalancerProbeServer(port): |
574 | - |
575 | - class T(object): |
576 | - def __init__(self, port): |
577 | - enabled = Config.get("LBProbeResponder") |
578 | - if enabled != None and enabled.lower().startswith("n"): |
579 | - return |
580 | - self.ProbeCounter = 0 |
581 | - self.server = SocketServer.TCPServer((GetIpv4Address(), port), TCPHandler) |
582 | - self.server_thread = threading.Thread(target = self.server.serve_forever) |
583 | - self.server_thread.setDaemon(True) |
584 | - self.server_thread.start() |
585 | - |
586 | - def shutdown(self): |
587 | - global EnableLoadBalancerProbes |
588 | - if not EnableLoadBalancerProbes: |
589 | - return |
590 | - self.server.shutdown() |
591 | - |
592 | - class TCPHandler(SocketServer.BaseRequestHandler): |
593 | - def GetHttpDateTimeNow(self): |
594 | - # Date: Fri, 25 Mar 2011 04:53:10 GMT |
595 | - return time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime()) |
596 | - |
597 | - def handle(self): |
598 | - context.ProbeCounter = (context.ProbeCounter + 1) % 1000000 |
599 | - log = [NoLog, LogIfVerbose][ThrottleLog(context.ProbeCounter)] |
600 | - strCounter = str(context.ProbeCounter) |
601 | - if context.ProbeCounter == 1: |
602 | - Log("Receiving LB probes.") |
603 | - log("Received LB probe # " + strCounter) |
604 | - self.request.recv(1024) |
605 | - self.request.send("HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: text/html\r\nDate: " + self.GetHttpDateTimeNow() + "\r\n\r\nOK") |
606 | - |
607 | - context = T(port) |
608 | - return context |
609 | - |
610 | -class ConfigurationProvider(object): |
611 | - def __init__(self): |
612 | - self.values = dict() |
613 | - if os.path.isfile("/etc/waagent.conf") == False: |
614 | - raise Exception("Missing configuration in /etc/waagent.conf") |
615 | - try: |
616 | - for line in GetFileContents("/etc/waagent.conf").split('\n'): |
617 | - if not line.startswith("#") and "=" in line: |
618 | - parts = line.split()[0].split('=') |
619 | - value = parts[1].strip("\" ") |
620 | - if value != "None": |
621 | - self.values[parts[0]] = value |
622 | - else: |
623 | - self.values[parts[0]] = None |
624 | - except: |
625 | - Error("Unable to parse /etc/waagent.conf") |
626 | - raise |
627 | - return |
628 | - |
629 | - def get(self, key): |
630 | - return self.values.get(key) |
631 | - |
632 | -class EnvMonitor(object): |
633 | - def __init__(self): |
634 | - self.shutdown = False |
635 | - self.HostName = socket.gethostname() |
636 | - self.server_thread = threading.Thread(target = self.monitor) |
637 | - self.server_thread.setDaemon(True) |
638 | - self.server_thread.start() |
639 | - self.published = False |
640 | - |
641 | - def monitor(self): |
642 | - publish = Config.get("Provisioning.MonitorHostName") |
643 | - dhcpcmd = "pidof dhclient" |
644 | - if IsSuse(): |
645 | - dhcpcmd = "pidof dhcpcd" |
646 | - if IsDebian(): |
647 | - dhcpcmd = "pidof dhclient3" |
648 | - dhcppid = os.popen(dhcpcmd).read() |
649 | - while not self.shutdown: |
650 | - for a in RulesFiles: |
651 | - if os.path.isfile(a): |
652 | - if os.path.isfile(GetLastPathElement(a)): |
653 | - os.remove(GetLastPathElement(a)) |
654 | - shutil.move(a, ".") |
655 | - Log("EnvMonitor: Moved " + a + " -> " + LibDir) |
656 | - if publish != None and publish.lower().startswith("y"): |
657 | - try: |
658 | - if socket.gethostname() != self.HostName: |
659 | - Log("EnvMonitor: Detected host name change: " + self.HostName + " -> " + socket.gethostname()) |
660 | - self.HostName = socket.gethostname() |
661 | - WaAgent.UpdateAndPublishHostName(self.HostName) |
662 | - dhcppid = os.popen(dhcpcmd).read() |
663 | - self.published = True |
664 | - except: |
665 | - pass |
666 | - else: |
667 | - self.published = True |
668 | - pid = "" |
669 | - if not os.path.isdir("/proc/" + dhcppid.strip()): |
670 | - pid = os.popen(dhcpcmd).read() |
671 | - if pid != "" and pid != dhcppid: |
672 | - Log("EnvMonitor: Detected dhcp client restart. Restoring routing table.") |
673 | - WaAgent.RestoreRoutes() |
674 | - dhcppid = pid |
675 | - time.sleep(5) |
676 | - |
677 | - def SetHostName(self, name): |
678 | - if socket.gethostname() == name: |
679 | - self.published = True |
680 | - else: |
681 | - Run("hostname " + name) |
682 | - |
683 | - def IsNamePublished(self): |
684 | - return self.published |
685 | - |
686 | - def shutdown(self): |
687 | - self.shutdown = True |
688 | - self.server_thread.join() |
689 | - |
690 | -class Certificates(object): |
691 | -# |
692 | -# <CertificateFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="certificates10.xsd"> |
693 | -# <Version>2010-12-15</Version> |
694 | -# <Incarnation>2</Incarnation> |
695 | -# <Format>Pkcs7BlobWithPfxContents</Format> |
696 | -# <Data>MIILTAY... |
697 | -# </Data> |
698 | -# </CertificateFile> |
699 | -# |
700 | - def __init__(self): |
701 | - self.reinitialize() |
702 | - |
703 | - def reinitialize(self): |
704 | - self.Incarnation = None |
705 | - self.Role = None |
706 | - |
707 | - def Parse(self, xmlText): |
708 | - self.reinitialize() |
709 | - SetFileContents("Certificates.xml", xmlText) |
710 | - dom = xml.dom.minidom.parseString(xmlText) |
711 | - for a in [ "CertificateFile", "Version", "Incarnation", |
712 | - "Format", "Data", ]: |
713 | - if not dom.getElementsByTagName(a): |
714 | - Error("Certificates.Parse: Missing " + a) |
715 | - return None |
716 | - node = dom.childNodes[0] |
717 | - if node.localName != "CertificateFile": |
718 | - Error("Certificates.Parse: root not CertificateFile") |
719 | - return None |
720 | - SetFileContents("Certificates.p7m", |
721 | - "MIME-Version: 1.0\n" |
722 | - + "Content-Disposition: attachment; filename=\"Certificates.p7m\"\n" |
723 | - + "Content-Type: application/x-pkcs7-mime; name=\"Certificates.p7m\"\n" |
724 | - + "Content-Transfer-Encoding: base64\n\n" |
725 | - + GetNodeTextData(dom.getElementsByTagName("Data")[0])) |
726 | - if Run(Openssl + " cms -decrypt -in Certificates.p7m -inkey TransportPrivate.pem -recip TransportCert.pem | " + Openssl + " pkcs12 -nodes -password pass: -out Certificates.pem"): |
727 | - Error("Certificates.Parse: Failed to extract certificates from CMS message.") |
728 | - return self |
729 | - # There may be multiple certificates in this package. Split them. |
730 | - file = open("Certificates.pem") |
731 | - pindex = 1 |
732 | - cindex = 1 |
733 | - output = open("temp.pem", "w") |
734 | - for line in file.readlines(): |
735 | - output.write(line) |
736 | - if line.startswith("-----END PRIVATE KEY-----") or line.startswith("-----END CERTIFICATE-----"): |
737 | - output.close() |
738 | - if line.startswith("-----END PRIVATE KEY-----"): |
739 | - os.rename("temp.pem", str(pindex) + ".prv") |
740 | - pindex += 1 |
741 | - else: |
742 | - os.rename("temp.pem", str(cindex) + ".crt") |
743 | - cindex += 1 |
744 | - output = open("temp.pem", "w") |
745 | - output.close() |
746 | - os.remove("temp.pem") |
747 | - keys = dict() |
748 | - index = 1 |
749 | - filename = str(index) + ".crt" |
750 | - while os.path.isfile(filename): |
751 | - thumbprint = os.popen(Openssl + " x509 -in " + filename + " -fingerprint -noout").read().rstrip().split('=')[1].replace(':', '').upper() |
752 | - pubkey=os.popen(Openssl + " x509 -in " + filename + " -pubkey -noout").read() |
753 | - keys[pubkey] = thumbprint |
754 | - os.rename(filename, thumbprint + ".crt") |
755 | - os.chmod(thumbprint + ".crt", 0600) |
756 | - if IsRedHat(): |
757 | - Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + thumbprint + ".crt") |
758 | - index += 1 |
759 | - filename = str(index) + ".crt" |
760 | - index = 1 |
761 | - filename = str(index) + ".prv" |
762 | - while os.path.isfile(filename): |
763 | - pubkey = os.popen(Openssl + " rsa -in " + filename + " -pubout").read() |
764 | - os.rename(filename, keys[pubkey] + ".prv") |
765 | - os.chmod(keys[pubkey] + ".prv", 0600) |
766 | - if IsRedHat(): |
767 | - Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + keys[pubkey] + ".prv") |
768 | - index += 1 |
769 | - filename = str(index) + ".prv" |
770 | - return self |
771 | - |
772 | -class SharedConfig(object): |
773 | -# |
774 | -# <SharedConfig version="1.0.0.0" goalStateIncarnation="1"> |
775 | -# <Deployment name="db00a7755a5e4e8a8fe4b19bc3b330c3" guid="{ce5a036f-5c93-40e7-8adf-2613631008ab}" incarnation="2"> |
776 | -# <Service name="MyVMRoleService" guid="{00000000-0000-0000-0000-000000000000}" /> |
777 | -# <ServiceInstance name="db00a7755a5e4e8a8fe4b19bc3b330c3.1" guid="{d113f4d7-9ead-4e73-b715-b724b5b7842c}" /> |
778 | -# </Deployment> |
779 | -# <Incarnation number="1" instance="MachineRole_IN_0" guid="{a0faca35-52e5-4ec7-8fd1-63d2bc107d9b}" /> |
780 | -# <Role guid="{73d95f1c-6472-e58e-7a1a-523554e11d46}" name="MachineRole" settleTimeSeconds="10" /> |
781 | -# <LoadBalancerSettings timeoutSeconds="0" waitLoadBalancerProbeCount="8"> |
782 | -# <Probes> |
783 | -# <Probe name="MachineRole" /> |
784 | -# <Probe name="55B17C5E41A1E1E8FA991CF80FAC8E55" /> |
785 | -# <Probe name="3EA4DBC19418F0A766A4C19D431FA45F" /> |
786 | -# </Probes> |
787 | -# </LoadBalancerSettings> |
788 | -# <OutputEndpoints> |
789 | -# <Endpoint name="MachineRole:Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" type="SFS"> |
790 | -# <Target instance="MachineRole_IN_0" endpoint="Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" /> |
791 | -# </Endpoint> |
792 | -# </OutputEndpoints> |
793 | -# <Instances> |
794 | -# <Instance id="MachineRole_IN_0" address="10.115.153.75"> |
795 | -# <FaultDomains randomId="0" updateId="0" updateCount="0" /> |
796 | -# <InputEndpoints> |
797 | -# <Endpoint name="a" address="10.115.153.75:80" protocol="http" isPublic="true" loadBalancedPublicAddress="70.37.106.197:80" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false"> |
798 | -# <LocalPorts> |
799 | -# <LocalPortRange from="80" to="80" /> |
800 | -# </LocalPorts> |
801 | -# </Endpoint> |
802 | -# <Endpoint name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" address="10.115.153.75:3389" protocol="tcp" isPublic="false" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false"> |
803 | -# <LocalPorts> |
804 | -# <LocalPortRange from="3389" to="3389" /> |
805 | -# </LocalPorts> |
806 | -# </Endpoint> |
807 | -# <Endpoint name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.RdpInput" address="10.115.153.75:20000" protocol="tcp" isPublic="true" loadBalancedPublicAddress="70.37.106.197:3389" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false"> |
808 | -# <LocalPorts> |
809 | -# <LocalPortRange from="20000" to="20000" /> |
810 | -# </LocalPorts> |
811 | -# </Endpoint> |
812 | -# </InputEndpoints> |
813 | -# </Instance> |
814 | -# </Instances> |
815 | -# </SharedConfig> |
816 | -# |
817 | - def __init__(self): |
818 | - self.reinitialize() |
819 | - |
820 | - def reinitialize(self): |
821 | - self.Deployment = None |
822 | - self.Incarnation = None |
823 | - self.Role = None |
824 | - self.LoadBalancerSettings = None |
825 | - self.OutputEndpoints = None |
826 | - self.Instances = None |
827 | - |
828 | - def Parse(self, xmlText): |
829 | - self.reinitialize() |
830 | - SetFileContents("SharedConfig.xml", xmlText) |
831 | - dom = xml.dom.minidom.parseString(xmlText) |
832 | - for a in [ "SharedConfig", "Deployment", "Service", |
833 | - "ServiceInstance", "Incarnation", "Role", ]: |
834 | - if not dom.getElementsByTagName(a): |
835 | - Error("SharedConfig.Parse: Missing " + a) |
836 | - return None |
837 | - node = dom.childNodes[0] |
838 | - if node.localName != "SharedConfig": |
839 | - Error("SharedConfig.Parse: root not SharedConfig") |
840 | - return None |
841 | - program = Config.get("Role.TopologyConsumer") |
842 | - if program != None: |
843 | - os.spawnl(os.P_NOWAIT, program, program, LibDir + "/SharedConfig.xml") |
844 | - return self |
845 | - |
846 | -class HostingEnvironmentConfig(object): |
847 | -# |
848 | -# <HostingEnvironmentConfig version="1.0.0.0" goalStateIncarnation="1"> |
849 | -# <StoredCertificates> |
850 | -# <StoredCertificate name="Stored0Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" certificateId="sha1:C093FA5CD3AAE057CB7C4E04532B2E16E07C26CA" storeName="My" configurationLevel="System" /> |
851 | -# </StoredCertificates> |
852 | -# <Deployment name="db00a7755a5e4e8a8fe4b19bc3b330c3" guid="{ce5a036f-5c93-40e7-8adf-2613631008ab}" incarnation="2"> |
853 | -# <Service name="MyVMRoleService" guid="{00000000-0000-0000-0000-000000000000}" /> |
854 | -# <ServiceInstance name="db00a7755a5e4e8a8fe4b19bc3b330c3.1" guid="{d113f4d7-9ead-4e73-b715-b724b5b7842c}" /> |
855 | -# </Deployment> |
856 | -# <Incarnation number="1" instance="MachineRole_IN_0" guid="{a0faca35-52e5-4ec7-8fd1-63d2bc107d9b}" /> |
857 | -# <Role guid="{73d95f1c-6472-e58e-7a1a-523554e11d46}" name="MachineRole" hostingEnvironmentVersion="1" software="" softwareType="ApplicationPackage" entryPoint="" parameters="" settleTimeSeconds="10" /> |
858 | -# <HostingEnvironmentSettings name="full" Runtime="rd_fabric_stable.110217-1402.RuntimePackage_1.0.0.8.zip"> |
859 | -# <CAS mode="full" /> |
860 | -# <PrivilegeLevel mode="max" /> |
861 | -# <AdditionalProperties><CgiHandlers></CgiHandlers></AdditionalProperties> |
862 | -# </HostingEnvironmentSettings> |
863 | -# <ApplicationSettings> |
864 | -# <Setting name="__ModelData" value="<m role="MachineRole" xmlns="urn:azure:m:v1"><r name="MachineRole"><e name="a" /><e name="b" /><e name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" /><e name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.RdpInput" /></r></m>" /> |
865 | -# <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=osimages;AccountKey=DNZQ..." /> |
866 | -# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="MIIBnQYJKoZIhvcN..." /> |
867 | -# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2022-07-23T23:59:59.0000000-07:00" /> |
868 | -# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="test" /> |
869 | -# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> |
870 | -# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" /> |
871 | -# <Setting name="Certificate|Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" value="sha1:C093FA5CD3AAE057CB7C4E04532B2E16E07C26CA" /> |
872 | -# </ApplicationSettings> |
873 | -# <ResourceReferences> |
874 | -# <Resource name="DiagnosticStore" type="directory" request="Microsoft.Cis.Fabric.Controller.Descriptions.ServiceDescription.Data.Policy" sticky="true" size="1" path="db00a7755a5e4e8a8fe4b19bc3b330c3.MachineRole.DiagnosticStore\" disableQuota="false" /> |
875 | -# </ResourceReferences> |
876 | -# </HostingEnvironmentConfig> |
877 | -# |
878 | - def __init__(self): |
879 | - self.reinitialize() |
880 | - |
881 | - def reinitialize(self): |
882 | - self.StoredCertificates = None |
883 | - self.Deployment = None |
884 | - self.Incarnation = None |
885 | - self.Role = None |
886 | - self.HostingEnvironmentSettings = None |
887 | - self.ApplicationSettings = None |
888 | - self.Certificates = None |
889 | - self.ResourceReferences = None |
890 | - |
891 | - def Parse(self, xmlText): |
892 | - self.reinitialize() |
893 | - SetFileContents("HostingEnvironmentConfig.xml", xmlText) |
894 | - dom = xml.dom.minidom.parseString(xmlText) |
895 | - for a in [ "HostingEnvironmentConfig", "Deployment", "Service", |
896 | - "ServiceInstance", "Incarnation", "Role", ]: |
897 | - if not dom.getElementsByTagName(a): |
898 | - Error("HostingEnvironmentConfig.Parse: Missing " + a) |
899 | - return None |
900 | - node = dom.childNodes[0] |
901 | - if node.localName != "HostingEnvironmentConfig": |
902 | - Error("HostingEnvironmentConfig.Parse: root not HostingEnvironmentConfig") |
903 | - return None |
904 | - self.ApplicationSettings = dom.getElementsByTagName("Setting") |
905 | - self.Certificates = dom.getElementsByTagName("StoredCertificate") |
906 | - return self |
907 | - |
908 | - def DecryptPassword(self, e): |
909 | - SetFileContents("password.p7m", |
910 | - "MIME-Version: 1.0\n" |
911 | - + "Content-Disposition: attachment; filename=\"password.p7m\"\n" |
912 | - + "Content-Type: application/x-pkcs7-mime; name=\"password.p7m\"\n" |
913 | - + "Content-Transfer-Encoding: base64\n\n" |
914 | - + textwrap.fill(e, 64)) |
915 | - return os.popen(Openssl + " cms -decrypt -in password.p7m -inkey Certificates.pem -recip Certificates.pem").read() |
916 | - |
917 | - def ActivateResourceDisk(self): |
918 | - global DiskActivated |
919 | - if IsWindows(): |
920 | - DiskActivated = True |
921 | - Log("Skipping ActivateResourceDisk on Windows") |
922 | - return |
923 | - format = Config.get("ResourceDisk.Format") |
924 | - if format == None or format.lower().startswith("n"): |
925 | - DiskActivated = True |
926 | - return |
927 | - device = DeviceForIdePort(1) |
928 | - if device == None: |
929 | - Error("ActivateResourceDisk: Unable to detect disk topology.") |
930 | - return |
931 | - device = "/dev/" + device |
932 | - for entry in os.popen("mount").read().split(): |
933 | - if entry.startswith(device + "1"): |
934 | - Log("ActivateResourceDisk: " + device + "1 is already mounted.") |
935 | - DiskActivated = True |
936 | - return |
937 | - mountpoint = Config.get("ResourceDisk.MountPoint") |
938 | - if mountpoint == None: |
939 | - mountpoint = "/mnt/resource" |
940 | - CreateDir(mountpoint, "root", 0755) |
941 | - fs = Config.get("ResourceDisk.Filesystem") |
942 | - if fs == None: |
943 | - fs = "ext3" |
944 | - if os.popen("sfdisk -q -c " + device + " 1").read().rstrip() == "7" and fs != "ntfs": |
945 | - Run("sfdisk -c " + device + " 1 83") |
946 | - Run("mkfs." + fs + " " + device + "1") |
947 | - if Run("mount " + device + "1 " + mountpoint): |
948 | - Error("ActivateResourceDisk: Failed to mount resource disk (" + device + "1).") |
949 | - return |
950 | - Log("Resource disk (" + device + "1) is mounted at " + mountpoint + " with fstype " + fs) |
951 | - DiskActivated = True |
952 | - swap = Config.get("ResourceDisk.EnableSwap") |
953 | - if swap == None or swap.lower().startswith("n"): |
954 | - return |
955 | - sizeKB = int(Config.get("ResourceDisk.SwapSizeMB")) * 1024 |
956 | - if os.path.isfile(mountpoint + "/swapfile") and os.path.getsize(mountpoint + "/swapfile") != (sizeKB * 1024): |
957 | - os.remove(mountpoint + "/swapfile") |
958 | - if not os.path.isfile(mountpoint + "/swapfile"): |
959 | - Run("dd if=/dev/zero of=" + mountpoint + "/swapfile bs=1024 count=" + str(sizeKB)) |
960 | - Run("mkswap " + mountpoint + "/swapfile") |
961 | - if not Run("swapon " + mountpoint + "/swapfile"): |
962 | - Log("Enabled " + str(sizeKB) + " KB of swap at " + mountpoint + "/swapfile") |
963 | - else: |
964 | - Error("ActivateResourceDisk: Failed to activate swap at " + mountpoint + "/swapfile") |
965 | - |
966 | - def Process(self): |
967 | - if DiskActivated == False: |
968 | - diskThread = threading.Thread(target = self.ActivateResourceDisk) |
969 | - diskThread.start() |
970 | - User = None |
971 | - Pass = None |
972 | - Expiration = None |
973 | - Thumbprint = None |
974 | - for b in self.ApplicationSettings: |
975 | - sname = b.getAttribute("name") |
976 | - svalue = b.getAttribute("value") |
977 | - if sname == "Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword": |
978 | - Pass = self.DecryptPassword(svalue) |
979 | - elif sname == "Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername": |
980 | - User = svalue |
981 | - elif sname == "Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration": |
982 | - Expiration = svalue |
983 | - elif sname == "Certificate|Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption": |
984 | - Thumbprint = svalue.split(':')[1].upper() |
985 | - if User != None and Pass != None: |
986 | - if User != "root" and User != "" and Pass != "": |
987 | - CreateAccount(User, Pass, Expiration, Thumbprint) |
988 | - else: |
989 | - Error("Not creating user account: user=" + User + " pass=" + Pass) |
990 | - for c in self.Certificates: |
991 | - cname = c.getAttribute("name") |
992 | - csha1 = c.getAttribute("certificateId").split(':')[1].upper() |
993 | - cpath = c.getAttribute("storeName") |
994 | - clevel = c.getAttribute("configurationLevel") |
995 | - if os.path.isfile(csha1 + ".prv"): |
996 | - Log("Private key with thumbprint: " + csha1 + " was retrieved.") |
997 | - if os.path.isfile(csha1 + ".crt"): |
998 | - Log("Public cert with thumbprint: " + csha1 + " was retrieved.") |
999 | - program = Config.get("Role.ConfigurationConsumer") |
1000 | - if program != None: |
1001 | - os.spawnl(os.P_NOWAIT, program, program, LibDir + "/HostingEnvironmentConfig.xml") |
1002 | - |
1003 | -class GoalState(Util): |
1004 | -# |
1005 | -# <GoalState xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="goalstate10.xsd"> |
1006 | -# <Version>2010-12-15</Version> |
1007 | -# <Incarnation>1</Incarnation> |
1008 | -# <Machine> |
1009 | -# <ExpectedState>Started</ExpectedState> |
1010 | -# <LBProbePorts> |
1011 | -# <Port>16001</Port> |
1012 | -# </LBProbePorts> |
1013 | -# </Machine> |
1014 | -# <Container> |
1015 | -# <ContainerId>c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2</ContainerId> |
1016 | -# <RoleInstanceList> |
1017 | -# <RoleInstance> |
1018 | -# <InstanceId>MachineRole_IN_0</InstanceId> |
1019 | -# <State>Started</State> |
1020 | -# <Configuration> |
1021 | -# <HostingEnvironmentConfig>http://10.115.153.40:80/machine/c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2/MachineRole%5FIN%5F0?comp=config&type=hostingEnvironmentConfig&incarnation=1</HostingEnvironmentConfig> |
1022 | -# <SharedConfig>http://10.115.153.40:80/machine/c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2/MachineRole%5FIN%5F0?comp=config&type=sharedConfig&incarnation=1</SharedConfig> |
1023 | -# <Certificates>http://10.115.153.40:80/machine/c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2/MachineRole%5FIN%5F0?comp=certificates&incarnation=1</Certificates> |
1024 | -# </Configuration> |
1025 | -# </RoleInstance> |
1026 | -# </RoleInstanceList> |
1027 | -# </Container> |
1028 | -# </GoalState> |
1029 | -# |
1030 | -# There is only one Role for VM images. |
1031 | -# |
1032 | -# Of primary interest is: |
1033 | -# Machine/ExpectedState -- this is how shutdown is requested |
1034 | -# LBProbePorts -- an http server needs to run here |
1035 | -# We also note Container/ContainerID and RoleInstance/InstanceId to form the health report. |
1036 | -# And of course, Incarnation |
1037 | -# |
1038 | - def __init__(self, Agent): |
1039 | - self.Agent = Agent |
1040 | - self.Endpoint = Agent.Endpoint |
1041 | - self.TransportCert = Agent.TransportCert |
1042 | - self.reinitialize() |
1043 | - |
1044 | - def reinitialize(self): |
1045 | - self.Incarnation = None # integer |
1046 | - self.ExpectedState = None # "Started" or "Stopped" |
1047 | - self.HostingEnvironmentConfigUrl = None |
1048 | - self.HostingEnvironmentConfigXml = None |
1049 | - self.HostingEnvironmentConfig = None |
1050 | - self.SharedConfigUrl = None |
1051 | - self.SharedConfigXml = None |
1052 | - self.SharedConfig = None |
1053 | - self.CertificatesUrl = None |
1054 | - self.CertificatesXml = None |
1055 | - self.Certificates = None |
1056 | - self.RoleInstanceId = None |
1057 | - self.ContainerId = None |
1058 | - self.LoadBalancerProbePort = None # integer, ?list of integers |
1059 | - |
1060 | - def Parse(self, xmlText): |
1061 | - self.reinitialize() |
1062 | - node = xml.dom.minidom.parseString(xmlText).childNodes[0] |
1063 | - if node.localName != "GoalState": |
1064 | - Error("GoalState.Parse: root not GoalState") |
1065 | - return None |
1066 | - for a in node.childNodes: |
1067 | - if a.nodeType == node.ELEMENT_NODE: |
1068 | - if a.localName == "Incarnation": |
1069 | - self.Incarnation = GetNodeTextData(a) |
1070 | - elif a.localName == "Machine": |
1071 | - for b in a.childNodes: |
1072 | - if b.nodeType == node.ELEMENT_NODE: |
1073 | - if b.localName == "ExpectedState": |
1074 | - self.ExpectedState = GetNodeTextData(b) |
1075 | - Log("ExpectedState: " + self.ExpectedState) |
1076 | - elif b.localName == "LBProbePorts": |
1077 | - for c in b.childNodes: |
1078 | - if c.nodeType == node.ELEMENT_NODE and c.localName == "Port": |
1079 | - self.LoadBalancerProbePort = int(GetNodeTextData(c)) |
1080 | - elif a.localName == "Container": |
1081 | - for b in a.childNodes: |
1082 | - if b.nodeType == node.ELEMENT_NODE: |
1083 | - if b.localName == "ContainerId": |
1084 | - self.ContainerId = GetNodeTextData(b) |
1085 | - Log("ContainerId: " + self.ContainerId) |
1086 | - elif b.localName == "RoleInstanceList": |
1087 | - for c in b.childNodes: |
1088 | - if c.localName == "RoleInstance": |
1089 | - for d in c.childNodes: |
1090 | - if d.nodeType == node.ELEMENT_NODE: |
1091 | - if d.localName == "InstanceId": |
1092 | - self.RoleInstanceId = GetNodeTextData(d) |
1093 | - Log("RoleInstanceId: " + self.RoleInstanceId) |
1094 | - elif d.localName == "State": |
1095 | - pass |
1096 | - elif d.localName == "Configuration": |
1097 | - for e in d.childNodes: |
1098 | - if e.nodeType == node.ELEMENT_NODE: |
1099 | - if e.localName == "HostingEnvironmentConfig": |
1100 | - self.HostingEnvironmentConfigUrl = GetNodeTextData(e) |
1101 | - LogIfVerbose("HostingEnvironmentConfigUrl:" + self.HostingEnvironmentConfigUrl) |
1102 | - self.HostingEnvironmentConfigXml = self.HttpGetWithHeaders(self.HostingEnvironmentConfigUrl) |
1103 | - self.HostingEnvironmentConfig = HostingEnvironmentConfig().Parse(self.HostingEnvironmentConfigXml) |
1104 | - elif e.localName == "SharedConfig": |
1105 | - self.SharedConfigUrl = GetNodeTextData(e) |
1106 | - LogIfVerbose("SharedConfigUrl:" + self.SharedConfigUrl) |
1107 | - self.SharedConfigXml = self.HttpGetWithHeaders(self.SharedConfigUrl) |
1108 | - self.SharedConfig = SharedConfig().Parse(self.SharedConfigXml) |
1109 | - elif e.localName == "Certificates": |
1110 | - self.CertificatesUrl = GetNodeTextData(e) |
1111 | - LogIfVerbose("CertificatesUrl:" + self.CertificatesUrl) |
1112 | - self.CertificatesXml = self.HttpSecureGetWithHeaders(self.CertificatesUrl, self.TransportCert) |
1113 | - self.Certificates = Certificates().Parse(self.CertificatesXml) |
1114 | - if self.Incarnation == None: |
1115 | - Error("GoalState.Parse: Incarnation missing") |
1116 | - return None |
1117 | - if self.ExpectedState == None: |
1118 | - Error("GoalState.Parse: ExpectedState missing") |
1119 | - return None |
1120 | - if self.RoleInstanceId == None: |
1121 | - Error("GoalState.Parse: RoleInstanceId missing") |
1122 | - return None |
1123 | - if self.ContainerId == None: |
1124 | - Error("GoalState.Parse: ContainerId missing") |
1125 | - return None |
1126 | - SetFileContents("GoalState." + self.Incarnation + ".xml", xmlText) |
1127 | - return self |
1128 | - |
1129 | - def Process(self): |
1130 | - self.HostingEnvironmentConfig.Process() |
1131 | - |
1132 | -class OvfEnv(object): |
1133 | -# |
1134 | -# <?xml version="1.0" encoding="utf-8"?> |
1135 | -# <Environment xmlns="http://schemas.dmtf.org/ovf/environment/1" xmlns:oe="http://schemas.dmtf.org/ovf/environment/1" xmlns:wa="http://schemas.microsoft.com/windowsazure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> |
1136 | -# <wa:ProvisioningSection> |
1137 | -# <wa:Version>1.0</wa:Version> |
1138 | -# <LinuxProvisioningConfigurationSet xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> |
1139 | -# <ConfigurationSetType>LinuxProvisioningConfiguration</ConfigurationSetType> |
1140 | -# <HostName>HostName</HostName> |
1141 | -# <UserName>UserName</UserName> |
1142 | -# <UserPassword>UserPassword</UserPassword> |
1143 | -# <DisableSshPasswordAuthentication>false</DisableSshPasswordAuthentication> |
1144 | -# <SSH> |
1145 | -# <PublicKeys> |
1146 | -# <PublicKey> |
1147 | -# <Fingerprint>EB0C0AB4B2D5FC35F2F0658D19F44C8283E2DD62</Fingerprint> |
1148 | -# <Path>$HOME/UserName/.ssh/authorized_keys</Path> |
1149 | -# </PublicKey> |
1150 | -# </PublicKeys> |
1151 | -# <KeyPairs> |
1152 | -# <KeyPair> |
1153 | -# <Fingerprint>EB0C0AB4B2D5FC35F2F0658D19F44C8283E2DD62</Fingerprint> |
1154 | -# <Path>$HOME/UserName/.ssh/id_rsa</Path> |
1155 | -# </KeyPair> |
1156 | -# </KeyPairs> |
1157 | -# </SSH> |
1158 | -# </LinuxProvisioningConfigurationSet> |
1159 | -# </wa:ProvisioningSection> |
1160 | -# </Environment> |
1161 | -# |
1162 | - def __init__(self): |
1163 | - self.reinitialize() |
1164 | - |
1165 | - def reinitialize(self): |
1166 | - self.WaNs = "http://schemas.microsoft.com/windowsazure" |
1167 | - self.OvfNs = "http://schemas.dmtf.org/ovf/environment/1" |
1168 | - self.MajorVersion = 1 |
1169 | - self.MinorVersion = 0 |
1170 | - self.ComputerName = None |
1171 | - self.AdminPassword = None |
1172 | - self.UserName = None |
1173 | - self.UserPassword = None |
1174 | - self.DisableSshPasswordAuthentication = True |
1175 | - self.SshPublicKeys = [] |
1176 | - self.SshKeyPairs = [] |
1177 | - |
1178 | - def Parse(self, xmlText): |
1179 | - self.reinitialize() |
1180 | - dom = xml.dom.minidom.parseString(xmlText) |
1181 | - if len(dom.getElementsByTagNameNS(self.OvfNs, "Environment")) != 1: |
1182 | - Error("Unable to parse OVF XML.") |
1183 | - section = None |
1184 | - newer = False |
1185 | - for p in dom.getElementsByTagNameNS(self.WaNs, "ProvisioningSection"): |
1186 | - for n in p.childNodes: |
1187 | - if n.localName == "Version": |
1188 | - verparts = GetNodeTextData(n).split('.') |
1189 | - major = int(verparts[0]) |
1190 | - minor = int(verparts[1]) |
1191 | - if major > self.MajorVersion: |
1192 | - newer = True |
1193 | - if major != self.MajorVersion: |
1194 | - break |
1195 | - if minor > self.MinorVersion: |
1196 | - newer = True |
1197 | - section = p |
1198 | - if newer == True: |
1199 | - Warn("Newer provisioning configuration detected. Please consider updating waagent.") |
1200 | - if section == None: |
1201 | - Error("Could not find ProvisioningSection with major version=" + str(self.MajorVersion)) |
1202 | - return None |
1203 | - self.ComputerName = GetNodeTextData(section.getElementsByTagNameNS(self.WaNs, "HostName")[0]) |
1204 | - self.UserName = GetNodeTextData(section.getElementsByTagNameNS(self.WaNs, "UserName")[0]) |
1205 | - try: |
1206 | - self.UserPassword = GetNodeTextData(section.getElementsByTagNameNS(self.WaNs, "UserPassword")[0]) |
1207 | - except: |
1208 | - pass |
1209 | - disableSshPass = section.getElementsByTagNameNS(self.WaNs, "DisableSshPasswordAuthentication") |
1210 | - if len(disableSshPass) != 0: |
1211 | - self.DisableSshPasswordAuthentication = (GetNodeTextData(disableSshPass[0]).lower() == "true") |
1212 | - for pkey in section.getElementsByTagNameNS(self.WaNs, "PublicKey"): |
1213 | - fp = None |
1214 | - path = None |
1215 | - for c in pkey.childNodes: |
1216 | - if c.localName == "Fingerprint": |
1217 | - fp = GetNodeTextData(c).upper() |
1218 | - if c.localName == "Path": |
1219 | - path = GetNodeTextData(c) |
1220 | - self.SshPublicKeys += [[fp, path]] |
1221 | - for keyp in section.getElementsByTagNameNS(self.WaNs, "KeyPair"): |
1222 | - fp = None |
1223 | - path = None |
1224 | - for c in keyp.childNodes: |
1225 | - if c.localName == "Fingerprint": |
1226 | - fp = GetNodeTextData(c).upper() |
1227 | - if c.localName == "Path": |
1228 | - path = GetNodeTextData(c) |
1229 | - self.SshKeyPairs += [[fp, path]] |
1230 | - return self |
1231 | - |
1232 | - def PrepareDir(self, filepath): |
1233 | - home = GetHome() |
1234 | - # Expand HOME variable if present in path |
1235 | - path = os.path.normpath(filepath.replace("$HOME", home)) |
1236 | - if (path.startswith("/") == False) or (path.endswith("/") == True): |
1237 | - return None |
1238 | - dir = path.rsplit('/', 1)[0] |
1239 | - if dir != "": |
1240 | - CreateDir(dir, "root", 0700) |
1241 | - if path.startswith(os.path.normpath(home + "/" + self.UserName + "/")): |
1242 | - ChangeOwner(dir, self.UserName) |
1243 | - return path |
1244 | - |
1245 | - def NumberToBytes(self, i): |
1246 | - result = [] |
1247 | - while i: |
1248 | - result.append(chr(i&0xFF)) |
1249 | - i >>= 8 |
1250 | - result.reverse() |
1251 | - return ''.join(result) |
1252 | - |
1253 | - def BitsToString(self, a): |
1254 | - index=7 |
1255 | - s = "" |
1256 | - c = 0 |
1257 | - for bit in a: |
1258 | - c = c | (bit << index) |
1259 | - index = index - 1 |
1260 | - if index == -1: |
1261 | - s = s + struct.pack('>B', c) |
1262 | - c = 0 |
1263 | - index = 7 |
1264 | - return s |
1265 | - |
1266 | - def OpensslToSsh(self, file): |
1267 | - from pyasn1.codec.der import decoder as der_decoder |
1268 | - try: |
1269 | - f = open(file).read().replace('\n','').split("KEY-----")[1].split('-')[0] |
1270 | - k=der_decoder.decode(self.BitsToString(der_decoder.decode(base64.b64decode(f))[0][1]))[0] |
1271 | - n=k[0] |
1272 | - e=k[1] |
1273 | - keydata="" |
1274 | - keydata += struct.pack('>I',len("ssh-rsa")) |
1275 | - keydata += "ssh-rsa" |
1276 | - keydata += struct.pack('>I',len(self.NumberToBytes(e))) |
1277 | - keydata += self.NumberToBytes(e) |
1278 | - keydata += struct.pack('>I',len(self.NumberToBytes(n)) + 1) |
1279 | - keydata += "\0" |
1280 | - keydata += self.NumberToBytes(n) |
1281 | - except Exception, e: |
1282 | - print("OpensslToSsh: Exception " + str(e)) |
1283 | - return None |
1284 | - return "ssh-rsa " + base64.b64encode(keydata) + "\n" |
1285 | - |
1286 | - def Process(self): |
1287 | - error = None |
1288 | - WaAgent.EnvMonitor.SetHostName(self.ComputerName) |
1289 | - if self.DisableSshPasswordAuthentication: |
1290 | - filepath = "/etc/ssh/sshd_config" |
1291 | - # Disable RFC 4252 and RFC 4256 authentication schemes. |
1292 | - ReplaceFileContentsAtomic(filepath, "\n".join(filter(lambda a: not |
1293 | - (a.startswith("PasswordAuthentication") or a.startswith("ChallengeResponseAuthentication")), |
1294 | - GetFileContents(filepath).split('\n'))) + "PasswordAuthentication no\nChallengeResponseAuthentication no\n") |
1295 | - Log("Disabled SSH password-based authentication methods.") |
1296 | - if self.AdminPassword != None: |
1297 | - os.popen("chpasswd", "w").write("root:" + self.AdminPassword + "\n") |
1298 | - if self.UserName != None: |
1299 | - error = CreateAccount(self.UserName, self.UserPassword, None, None) |
1300 | - sel = os.popen("getenforce").read().startswith("Enforcing") |
1301 | - if sel == True and IsRedHat(): |
1302 | - Run("setenforce 0") |
1303 | - home = GetHome() |
1304 | - for pkey in self.SshPublicKeys: |
1305 | - if not os.path.isfile(pkey[0] + ".crt"): |
1306 | - Error("PublicKey not found: " + pkey[0]) |
1307 | - error = "Failed to deploy public key (0x09)." |
1308 | - continue |
1309 | - path = self.PrepareDir(pkey[1]) |
1310 | - if path == None: |
1311 | - Error("Invalid path: " + pkey[1] + " for PublicKey: " + pkey[0]) |
1312 | - error = "Invalid path for public key (0x03)." |
1313 | - continue |
1314 | - Run(Openssl + " x509 -in " + pkey[0] + ".crt -noout -pubkey > " + pkey[0] + ".pub") |
1315 | - if IsRedHat(): |
1316 | - Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + pkey[0] + ".pub") |
1317 | - if IsUbuntu(): |
1318 | - # Only supported in new SSH releases |
1319 | - Run("ssh-keygen -i -m PKCS8 -f " + pkey[0] + ".pub >> " + path) |
1320 | - else: |
1321 | - SshPubKey = self.OpensslToSsh(pkey[0] + ".pub") |
1322 | - if SshPubKey != None: |
1323 | - AppendFileContents(path, SshPubKey) |
1324 | - else: |
1325 | - Error("Failed: " + pkey[0] + ".crt -> " + path) |
1326 | - error = "Failed to deploy public key (0x04)." |
1327 | - if IsRedHat(): |
1328 | - Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + path) |
1329 | - if path.startswith(os.path.normpath(home + "/" + self.UserName + "/")): |
1330 | - ChangeOwner(path, self.UserName) |
1331 | - for keyp in self.SshKeyPairs: |
1332 | - if not os.path.isfile(keyp[0] + ".prv"): |
1333 | - Error("KeyPair not found: " + keyp[0]) |
1334 | - error = "Failed to deploy key pair (0x0A)." |
1335 | - continue |
1336 | - path = self.PrepareDir(keyp[1]) |
1337 | - if path == None: |
1338 | - Error("Invalid path: " + keyp[1] + " for KeyPair: " + keyp[0]) |
1339 | - error = "Invalid path for key pair (0x05)." |
1340 | - continue |
1341 | - SetFileContents(path, GetFileContents(keyp[0] + ".prv")) |
1342 | - os.chmod(path, 0600) |
1343 | - Run("ssh-keygen -y -f " + keyp[0] + ".prv > " + path + ".pub") |
1344 | - if IsRedHat(): |
1345 | - Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + path) |
1346 | - Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + path + ".pub") |
1347 | - if path.startswith(os.path.normpath(home + "/" + self.UserName + "/")): |
1348 | - ChangeOwner(path, self.UserName) |
1349 | - ChangeOwner(path + ".pub", self.UserName) |
1350 | - if sel == True and IsRedHat(): |
1351 | - Run("setenforce 1") |
1352 | - while not WaAgent.EnvMonitor.IsNamePublished(): |
1353 | - time.sleep(1) |
1354 | - ReloadSshd() |
1355 | - return error |
1356 | - |
1357 | -def UpdateAndPublishHostNameCommon(name): |
1358 | - # RedHat |
1359 | - if IsRedHat(): |
1360 | - filepath = "/etc/sysconfig/network" |
1361 | - if os.path.isfile(filepath): |
1362 | - ReplaceFileContentsAtomic(filepath, "HOSTNAME=" + name + "\n" |
1363 | - + "\n".join(filter(lambda a: not a.startswith("HOSTNAME"), GetFileContents(filepath).split('\n')))) |
1364 | - |
1365 | - for ethernetInterface in PossibleEthernetInterfaces: |
1366 | - filepath = "/etc/sysconfig/network-scripts/ifcfg-" + ethernetInterface |
1367 | - if os.path.isfile(filepath): |
1368 | - ReplaceFileContentsAtomic(filepath, "DHCP_HOSTNAME=" + name + "\n" |
1369 | - + "\n".join(filter(lambda a: not a.startswith("DHCP_HOSTNAME"), GetFileContents(filepath).split('\n')))) |
1370 | - |
1371 | - # Debian |
1372 | - if IsDebian(): |
1373 | - SetFileContents("/etc/hostname", name) |
1374 | - |
1375 | - for filepath in EtcDhcpClientConfFiles: |
1376 | - if os.path.isfile(filepath): |
1377 | - ReplaceFileContentsAtomic(filepath, "send host-name \"" + name + "\";\n" |
1378 | - + "\n".join(filter(lambda a: not a.startswith("send host-name"), GetFileContents(filepath).split('\n')))) |
1379 | - |
1380 | - # Suse |
1381 | - if IsSuse(): |
1382 | - SetFileContents("/etc/HOSTNAME", name) |
1383 | - |
1384 | -class Agent(Util): |
1385 | - def __init__(self): |
1386 | - self.GoalState = None |
1387 | - self.Endpoint = None |
1388 | - self.LoadBalancerProbeServer = None |
1389 | - self.HealthReportCounter = 0 |
1390 | - self.TransportCert = "" |
1391 | - self.EnvMonitor = None |
1392 | - self.SendData = None |
1393 | - self.DhcpResponse = None |
1394 | - |
1395 | - def CheckVersions(self): |
1396 | - #<?xml version="1.0" encoding="utf-8"?> |
1397 | - #<Versions> |
1398 | - # <Preferred> |
1399 | - # <Version>2010-12-15</Version> |
1400 | - # </Preferred> |
1401 | - # <Supported> |
1402 | - # <Version>2010-12-15</Version> |
1403 | - # <Version>2010-28-10</Version> |
1404 | - # </Supported> |
1405 | - #</Versions> |
1406 | - global ProtocolVersion |
1407 | - protocolVersionSeen = False |
1408 | - node = xml.dom.minidom.parseString(self.HttpGetWithoutHeaders("/?comp=versions")).childNodes[0] |
1409 | - if node.localName != "Versions": |
1410 | - Error("CheckVersions: root not Versions") |
1411 | - return False |
1412 | - for a in node.childNodes: |
1413 | - if a.nodeType == node.ELEMENT_NODE and a.localName == "Supported": |
1414 | - for b in a.childNodes: |
1415 | - if b.nodeType == node.ELEMENT_NODE and b.localName == "Version": |
1416 | - v = GetNodeTextData(b) |
1417 | - LogIfVerbose("Fabric supported wire protocol version: " + v) |
1418 | - if v == ProtocolVersion: |
1419 | - protocolVersionSeen = True |
1420 | - if a.nodeType == node.ELEMENT_NODE and a.localName == "Preferred": |
1421 | - v = GetNodeTextData(a.getElementsByTagName("Version")[0]) |
1422 | - LogIfVerbose("Fabric preferred wire protocol version: " + v) |
1423 | - if ProtocolVersion < v: |
1424 | - Warn("Newer wire protocol version detected. Please consider updating waagent.") |
1425 | - if not protocolVersionSeen: |
1426 | - Warn("Agent supported wire protocol version: " + ProtocolVersion + " was not advertised by Fabric.") |
1427 | - ProtocolVersion = "2011-08-31" |
1428 | - Log("Negotiated wire protocol version: " + ProtocolVersion) |
1429 | - return True |
1430 | - |
1431 | - def Unpack(self, buffer, offset, range): |
1432 | - result = 0 |
1433 | - for i in range: |
1434 | - result = (result << 8) | Ord(buffer[offset + i]) |
1435 | - return result |
1436 | - |
1437 | - def UnpackLittleEndian(self, buffer, offset, length): |
1438 | - return self.Unpack(buffer, offset, range(length - 1, -1, -1)) |
1439 | - |
1440 | - def UnpackBigEndian(self, buffer, offset, length): |
1441 | - return self.Unpack(buffer, offset, range(0, length)) |
1442 | - |
1443 | - def HexDump3(self, buffer, offset, length): |
1444 | - return ''.join(['%02X' % Ord(char) for char in buffer[offset:offset + length]]) |
1445 | - |
1446 | - def HexDump2(self, buffer): |
1447 | - return self.HexDump3(buffer, 0, len(buffer)) |
1448 | - |
1449 | - def BuildDhcpRequest(self): |
1450 | - # |
1451 | - # typedef struct _DHCP { |
1452 | - # UINT8 Opcode; /* op: BOOTREQUEST or BOOTREPLY */ |
1453 | - # UINT8 HardwareAddressType; /* htype: ethernet */ |
1454 | - # UINT8 HardwareAddressLength; /* hlen: 6 (48 bit mac address) */ |
1455 | - # UINT8 Hops; /* hops: 0 */ |
1456 | - # UINT8 TransactionID[4]; /* xid: random */ |
1457 | - # UINT8 Seconds[2]; /* secs: 0 */ |
1458 | - # UINT8 Flags[2]; /* flags: 0 or 0x8000 for broadcast */ |
1459 | - # UINT8 ClientIpAddress[4]; /* ciaddr: 0 */ |
1460 | - # UINT8 YourIpAddress[4]; /* yiaddr: 0 */ |
1461 | - # UINT8 ServerIpAddress[4]; /* siaddr: 0 */ |
1462 | - # UINT8 RelayAgentIpAddress[4]; /* giaddr: 0 */ |
1463 | - # UINT8 ClientHardwareAddress[16]; /* chaddr: 6 byte ethernet MAC address */ |
1464 | - # UINT8 ServerName[64]; /* sname: 0 */ |
1465 | - # UINT8 BootFileName[128]; /* file: 0 */ |
1466 | - # UINT8 MagicCookie[4]; /* 99 130 83 99 */ |
1467 | - # /* 0x63 0x82 0x53 0x63 */ |
1468 | - # /* options -- hard code ours */ |
1469 | - # |
1470 | - # UINT8 MessageTypeCode; /* 53 */ |
1471 | - # UINT8 MessageTypeLength; /* 1 */ |
1472 | - # UINT8 MessageType; /* 1 for DISCOVER */ |
1473 | - # UINT8 End; /* 255 */ |
1474 | - # } DHCP; |
1475 | - # |
1476 | - |
1477 | - # tuple of 244 zeros |
1478 | - # (struct.pack_into would be good here, but requires Python 2.5) |
1479 | - sendData = [0] * 244 |
1480 | - |
1481 | - transactionID = os.urandom(4) |
1482 | - macAddress = GetMacAddress() |
1483 | - |
1484 | - # Opcode = 1 |
1485 | - # HardwareAddressType = 1 (ethernet/MAC) |
1486 | - # HardwareAddressLength = 6 (ethernet/MAC/48 bits) |
1487 | - for a in range(0, 3): |
1488 | - sendData[a] = [1, 1, 6][a] |
1489 | - |
1490 | - # fill in transaction id (random number to ensure response matches request) |
1491 | - for a in range(0, 4): |
1492 | - sendData[4 + a] = Ord(transactionID[a]) |
1493 | - |
1494 | - LogIfVerbose("BuildDhcpRequest: transactionId:%s,%04X" % (self.HexDump2(transactionID), self.UnpackBigEndian(sendData, 4, 4))) |
1495 | - |
1496 | - # fill in ClientHardwareAddress |
1497 | - for a in range(0, 6): |
1498 | - sendData[0x1C + a] = Ord(macAddress[a]) |
1499 | - |
1500 | - # DHCP Magic Cookie: 99, 130, 83, 99 |
1501 | - # MessageTypeCode = 53 DHCP Message Type |
1502 | - # MessageTypeLength = 1 |
1503 | - # MessageType = DHCPDISCOVER |
1504 | - # End = 255 DHCP_END |
1505 | - for a in range(0, 8): |
1506 | - sendData[0xEC + a] = [99, 130, 83, 99, 53, 1, 1, 255][a] |
1507 | - return array.array("c", map(chr, sendData)) |
1508 | - |
1509 | - def IntegerToIpAddressV4String(self, a): |
1510 | - return "%u.%u.%u.%u" % ((a >> 24) & 0xFF, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF) |
1511 | - |
1512 | - def RouteAdd(self, net, mask, gateway): |
1513 | - if IsWindows(): |
1514 | - return |
1515 | - net = self.IntegerToIpAddressV4String(net) |
1516 | - mask = self.IntegerToIpAddressV4String(mask) |
1517 | - gateway = self.IntegerToIpAddressV4String(gateway) |
1518 | - Run("/sbin/route add -net " + net + " netmask " + mask + " gw " + gateway) |
1519 | - |
1520 | - def HandleDhcpResponse(self, sendData, receiveBuffer): |
1521 | - LogIfVerbose("HandleDhcpResponse") |
1522 | - bytesReceived = len(receiveBuffer) |
1523 | - if bytesReceived < 0xF6: |
1524 | - Error("HandleDhcpResponse: Too few bytes received " + str(bytesReceived)) |
1525 | - return None |
1526 | - |
1527 | - LogIfVerbose("BytesReceived: " + hex(bytesReceived)) |
1528 | - LogWithPrefixIfVerbose("DHCP response:", HexDump(receiveBuffer, bytesReceived)) |
1529 | - |
1530 | - # check transactionId, cookie, MAC address |
1531 | - # cookie should never mismatch |
1532 | - # transactionId and MAC address may mismatch if we see a response meant from another machine |
1533 | - |
1534 | - for offsets in [range(4, 4 + 4), range(0x1C, 0x1C + 6), range(0xEC, 0xEC + 4)]: |
1535 | - for offset in offsets: |
1536 | - sentByte = Ord(sendData[offset]) |
1537 | - receivedByte = Ord(receiveBuffer[offset]) |
1538 | - if sentByte != receivedByte: |
1539 | - LogIfVerbose("HandleDhcpResponse: sent cookie:" + self.HexDump3(sendData, 0xEC, 4)) |
1540 | - LogIfVerbose("HandleDhcpResponse: rcvd cookie:" + self.HexDump3(receiveBuffer, 0xEC, 4)) |
1541 | - LogIfVerbose("HandleDhcpResponse: sent transactionID:" + self.HexDump3(sendData, 4, 4)) |
1542 | - LogIfVerbose("HandleDhcpResponse: rcvd transactionID:" + self.HexDump3(receiveBuffer, 4, 4)) |
1543 | - LogIfVerbose("HandleDhcpResponse: sent ClientHardwareAddress:" + self.HexDump3(sendData, 0x1C, 6)) |
1544 | - LogIfVerbose("HandleDhcpResponse: rcvd ClientHardwareAddress:" + self.HexDump3(receiveBuffer, 0x1C, 6)) |
1545 | - LogIfVerbose("HandleDhcpResponse: transactionId, cookie, or MAC address mismatch") |
1546 | - return None |
1547 | - endpoint = None |
1548 | - |
1549 | - # |
1550 | - # Walk all the returned options, parsing out what we need, ignoring the others. |
1551 | - # We need the custom option 245 to find the the endpoint we talk to, |
1552 | - # as well as, to handle some Linux DHCP client incompatibilities, |
1553 | - # options 3 for default gateway and 249 for routes. And 255 is end. |
1554 | - # |
1555 | - |
1556 | - i = 0xF0 # offset to first option |
1557 | - while i < bytesReceived: |
1558 | - option = Ord(receiveBuffer[i]) |
1559 | - length = 0 |
1560 | - if (i + 1) < bytesReceived: |
1561 | - length = Ord(receiveBuffer[i + 1]) |
1562 | - LogIfVerbose("DHCP option " + hex(option) + " at offset:" + hex(i) + " with length:" + hex(length)) |
1563 | - if option == 255: |
1564 | - LogIfVerbose("DHCP packet ended at offset " + hex(i)) |
1565 | - break |
1566 | - elif option == 249: |
1567 | - # http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx |
1568 | - LogIfVerbose("Routes at offset:" + hex(i) + " with length:" + hex(length)) |
1569 | - if length < 5: |
1570 | - Error("Data too small for option " + option) |
1571 | - j = i + 2 |
1572 | - while j < (i + length + 2): |
1573 | - maskLengthBits = Ord(receiveBuffer[j]) |
1574 | - maskLengthBytes = (((maskLengthBits + 7) & ~7) >> 3) |
1575 | - mask = 0xFFFFFFFF & (0xFFFFFFFF << (32 - maskLengthBits)) |
1576 | - j += 1 |
1577 | - net = self.UnpackBigEndian(receiveBuffer, j, maskLengthBytes) |
1578 | - net <<= (32 - maskLengthBytes * 8) |
1579 | - net &= mask |
1580 | - j += maskLengthBytes |
1581 | - gateway = self.UnpackBigEndian(receiveBuffer, j, 4) |
1582 | - j += 4 |
1583 | - self.RouteAdd(net, mask, gateway) |
1584 | - if j != (i + length + 2): |
1585 | - Error("HandleDhcpResponse: Unable to parse routes") |
1586 | - elif option == 3 or option == 245: |
1587 | - if i + 5 < bytesReceived: |
1588 | - if length != 4: |
1589 | - Error("HandleDhcpResponse: Endpoint or Default Gateway not 4 bytes") |
1590 | - return None |
1591 | - gateway = self.UnpackBigEndian(receiveBuffer, i + 2, 4) |
1592 | - IpAddress = self.IntegerToIpAddressV4String(gateway) |
1593 | - if option == 3: |
1594 | - self.RouteAdd(0, 0, gateway) |
1595 | - name = "DefaultGateway" |
1596 | - else: |
1597 | - endpoint = IpAddress |
1598 | - name = "Windows Azure wire protocol endpoint" |
1599 | - LogIfVerbose(name + ": " + IpAddress + " at " + hex(i)) |
1600 | - else: |
1601 | - Error("HandleDhcpResponse: Data too small for option " + option) |
1602 | - else: |
1603 | - LogIfVerbose("Skipping DHCP option " + hex(option) + " at " + hex(i) + " with length " + hex(length)) |
1604 | - i += length + 2 |
1605 | - return endpoint |
1606 | - |
1607 | - def DoDhcpWork(self): |
1608 | - # |
1609 | - # Discover the wire server via DHCP option 245. |
1610 | - # And workaround incompatibility with Windows Azure DHCP servers. |
1611 | - # |
1612 | - ShortSleep = False # Sleep 1 second before retrying DHCP queries. |
1613 | - |
1614 | - if not IsWindows(): |
1615 | - Run("iptables -D INPUT -p udp --dport 68 -j ACCEPT") |
1616 | - Run("iptables -I INPUT -p udp --dport 68 -j ACCEPT") |
1617 | - |
1618 | - sleepDurations = [0, 5, 10, 30, 60, 60, 60, 60] |
1619 | - maxRetry = len(sleepDurations) |
1620 | - lastTry = (maxRetry - 1) |
1621 | - for retry in range(0, maxRetry): |
1622 | - try: |
1623 | - strRetry = str(retry) |
1624 | - prefix = "DoDhcpWork: try=" + strRetry |
1625 | - LogIfVerbose(prefix) |
1626 | - sendData = self.BuildDhcpRequest() |
1627 | - LogWithPrefixIfVerbose("DHCP request:", HexDump(sendData, len(sendData))) |
1628 | - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) |
1629 | - sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) |
1630 | - sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) |
1631 | - if IsSuse(): |
1632 | - # This is required because sending after binding to 0.0.0.0 fails with |
1633 | - # network unreachable when the default gateway is not set up. |
1634 | - sock.bind((GetIpv4Address(), 68)) |
1635 | - else: |
1636 | - sock.bind(("0.0.0.0", 68)) |
1637 | - sock.sendto(sendData, ("<broadcast>", 67)) |
1638 | - receiveBuffer = sock.recv(1024) |
1639 | - sock.close() |
1640 | - endpoint = self.HandleDhcpResponse(sendData, receiveBuffer) |
1641 | - if endpoint == None: |
1642 | - LogIfVerbose("DoDhcpWork: No endpoint found") |
1643 | - if endpoint != None or retry == lastTry: |
1644 | - if endpoint != None: |
1645 | - self.SendData = sendData |
1646 | - self.DhcpResponse = receiveBuffer |
1647 | - if retry == lastTry: |
1648 | - LogIfVerbose("DoDhcpWork: try=" + strRetry) |
1649 | - return endpoint |
1650 | - sleepDuration = [sleepDurations[retry % len(sleepDurations)], 1][ShortSleep] |
1651 | - LogIfVerbose("DoDhcpWork: sleep=" + str(sleepDuration)) |
1652 | - time.sleep(sleepDuration) |
1653 | - except Exception, e: |
1654 | - ErrorWithPrefix(prefix, str(e)) |
1655 | - ErrorWithPrefix(prefix, traceback.format_exc()) |
1656 | - return None |
1657 | - |
1658 | - def UpdateAndPublishHostName(self, name): |
1659 | - # Set hostname locally and publish to iDNS |
1660 | - Log("Setting host name: " + name) |
1661 | - UpdateAndPublishHostNameCommon(name) |
1662 | - for ethernetInterface in PossibleEthernetInterfaces: |
1663 | - if IsSuse(): |
1664 | - Run("ifrenew " + ethernetInterface) |
1665 | - else: |
1666 | - Run("ifdown " + ethernetInterface + " && ifup " + ethernetInterface) |
1667 | - self.RestoreRoutes() |
1668 | - |
1669 | - def RestoreRoutes(self): |
1670 | - if self.SendData != None and self.DhcpResponse != None: |
1671 | - self.HandleDhcpResponse(self.SendData, self.DhcpResponse) |
1672 | - |
1673 | - def UpdateGoalState(self): |
1674 | - goalStateXml = None |
1675 | - maxRetry = 9 |
1676 | - log = NoLog |
1677 | - for retry in range(1, maxRetry + 1): |
1678 | - strRetry = str(retry) |
1679 | - log("retry UpdateGoalState,retry=" + strRetry) |
1680 | - goalStateXml = self.HttpGetWithHeaders("/machine/?comp=goalstate") |
1681 | - if goalStateXml != None: |
1682 | - break |
1683 | - log = Log |
1684 | - time.sleep(retry) |
1685 | - if not goalStateXml: |
1686 | - Error("UpdateGoalState failed.") |
1687 | - return |
1688 | - Log("Retrieved GoalState from Windows Azure Fabric.") |
1689 | - self.GoalState = GoalState(self).Parse(goalStateXml) |
1690 | - return self.GoalState |
1691 | - |
1692 | - def ReportReady(self): |
1693 | - counter = (self.HealthReportCounter + 1) % 1000000 |
1694 | - self.HealthReportCounter = counter |
1695 | - healthReport = ("<?xml version=\"1.0\" encoding=\"utf-8\"?><Health xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><GoalStateIncarnation>" |
1696 | - + self.GoalState.Incarnation |
1697 | - + "</GoalStateIncarnation><Container><ContainerId>" |
1698 | - + self.GoalState.ContainerId |
1699 | - + "</ContainerId><RoleInstanceList><Role><InstanceId>" |
1700 | - + self.GoalState.RoleInstanceId |
1701 | - + "</InstanceId><Health><State>Ready</State></Health></Role></RoleInstanceList></Container></Health>") |
1702 | - a = self.HttpPost("/machine?comp=health", healthReport) |
1703 | - if a != None: |
1704 | - return a.getheader("x-ms-latest-goal-state-incarnation-number") |
1705 | - return None |
1706 | - |
1707 | - def ReportNotReady(self, status, desc): |
1708 | - healthReport = ("<?xml version=\"1.0\" encoding=\"utf-8\"?><Health xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><GoalStateIncarnation>" |
1709 | - + self.GoalState.Incarnation |
1710 | - + "</GoalStateIncarnation><Container><ContainerId>" |
1711 | - + self.GoalState.ContainerId |
1712 | - + "</ContainerId><RoleInstanceList><Role><InstanceId>" |
1713 | - + self.GoalState.RoleInstanceId |
1714 | - + "</InstanceId><Health><State>NotReady</State>" |
1715 | - + "<Details><SubStatus>" + status + "</SubStatus><Description>" + desc + "</Description></Details>" |
1716 | - + "</Health></Role></RoleInstanceList></Container></Health>") |
1717 | - a = self.HttpPost("/machine?comp=health", healthReport) |
1718 | - if a != None: |
1719 | - return a.getheader("x-ms-latest-goal-state-incarnation-number") |
1720 | - return None |
1721 | - |
1722 | - def ReportRoleProperties(self, thumbprint): |
1723 | - roleProperties = ("<?xml version=\"1.0\" encoding=\"utf-8\"?><RoleProperties><Container>" |
1724 | - + "<ContainerId>" + self.GoalState.ContainerId + "</ContainerId>" |
1725 | - + "<RoleInstances><RoleInstance>" |
1726 | - + "<Id>" + self.GoalState.RoleInstanceId + "</Id>" |
1727 | - + "<Properties><Property name=\"CertificateThumbprint\" value=\"" + thumbprint + "\" /></Properties>" |
1728 | - + "</RoleInstance></RoleInstances></Container></RoleProperties>") |
1729 | - a = self.HttpPost("/machine?comp=roleProperties", roleProperties) |
1730 | - Log("Posted Role Properties. CertificateThumbprint=" + thumbprint) |
1731 | - return a |
1732 | - |
1733 | - def LoadBalancerProbeServer_Shutdown(self): |
1734 | - if self.LoadBalancerProbeServer != None: |
1735 | - self.LoadBalancerProbeServer.shutdown() |
1736 | - self.LoadBalancerProbeServer = None |
1737 | - |
1738 | - def GenerateTransportCert(self): |
1739 | - Run(Openssl + " req -x509 -nodes -subj /CN=LinuxTransport -days 32768 -newkey rsa:2048 -keyout TransportPrivate.pem -out TransportCert.pem") |
1740 | - cert = "" |
1741 | - for line in GetFileContents("TransportCert.pem").split('\n'): |
1742 | - if not "CERTIFICATE" in line: |
1743 | - cert += line.rstrip() |
1744 | - return cert |
1745 | - |
1746 | - def Provision(self): |
1747 | - if IsWindows(): |
1748 | - Log("Skipping Provision on Windows") |
1749 | - return |
1750 | - enabled = Config.get("Provisioning.Enabled") |
1751 | - if enabled != None and enabled.lower().startswith("n"): |
1752 | - return |
1753 | - Log("Provisioning image started.") |
1754 | - type = Config.get("Provisioning.SshHostKeyPairType") |
1755 | - if type == None: |
1756 | - type = "rsa" |
1757 | - regenerateKeys = Config.get("Provisioning.RegenerateSshHostKeyPair") |
1758 | - if regenerateKeys == None or regenerateKeys.lower().startswith("y"): |
1759 | - Run("rm -f /etc/ssh/ssh_host_*key*") |
1760 | - Run("ssh-keygen -N '' -t " + type + " -f /etc/ssh/ssh_host_" + type + "_key") |
1761 | - ReloadSshd() |
1762 | - SetFileContents(LibDir + "/provisioned", "") |
1763 | - dvd = "/dev/hdc" |
1764 | - if os.path.exists("/dev/sr0"): |
1765 | - dvd = "/dev/sr0" |
1766 | - if Run("fdisk -l " + dvd + " | grep Disk"): |
1767 | - return |
1768 | - CreateDir("/mnt/cdrom/secure", "root", 0700) |
1769 | - if Run("mount " + dvd + " /mnt/cdrom/secure"): |
1770 | - Error("Unable to provision: Failed to mount DVD.") |
1771 | - return "Failed to retrieve provisioning data (0x01)." |
1772 | - if not os.path.isfile("/mnt/cdrom/secure/ovf-env.xml"): |
1773 | - Error("Unable to provision: Missing ovf-env.xml on DVD.") |
1774 | - return "Failed to retrieve provisioning data (0x02)." |
1775 | - ovfxml = GetFileContents("/mnt/cdrom/secure/ovf-env.xml") |
1776 | - SetFileContents("ovf-env.xml", re.sub("<UserPassword>.*?<", "<UserPassword>*<", ovfxml)) |
1777 | - Run("umount /mnt/cdrom/secure") |
1778 | - error = None |
1779 | - if ovfxml != None: |
1780 | - Log("Provisioning image using OVF settings in the DVD.") |
1781 | - ovfobj = OvfEnv().Parse(ovfxml) |
1782 | - if ovfobj != None: |
1783 | - error = ovfobj.Process() |
1784 | - # This is done here because regenerated SSH host key pairs may be potentially overwritten when processing the ovfxml |
1785 | - fingerprint = os.popen("ssh-keygen -lf /etc/ssh/ssh_host_" + type + "_key.pub").read().rstrip().split()[1].replace(':','') |
1786 | - self.ReportRoleProperties(fingerprint) |
1787 | - delRootPass = Config.get("Provisioning.DeleteRootPassword") |
1788 | - if delRootPass != None and delRootPass.lower().startswith("y"): |
1789 | - DeleteRootPassword() |
1790 | - Log("Provisioning image completed.") |
1791 | - return error |
1792 | - |
1793 | - def Run(self): |
1794 | - if IsLinux(): |
1795 | - SetFileContents("/var/run/waagent.pid", str(os.getpid()) + "\n") |
1796 | - |
1797 | - if GetIpv4Address() == None: |
1798 | - Log("Waiting for network.") |
1799 | - while(GetIpv4Address() == None): |
1800 | - time.sleep(10) |
1801 | - |
1802 | - Log("IPv4 address: " + GetIpv4Address()) |
1803 | - Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in GetMacAddress()])) |
1804 | - |
1805 | - # Consume Entropy in ACPI table provided by Hyper-V |
1806 | - try: |
1807 | - SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) |
1808 | - except: |
1809 | - pass |
1810 | - |
1811 | - Log("Probing for Windows Azure environment.") |
1812 | - self.Endpoint = self.DoDhcpWork() |
1813 | - |
1814 | - if self.Endpoint == None: |
1815 | - Log("Windows Azure environment not detected.") |
1816 | - while True: |
1817 | - time.sleep(60) |
1818 | - |
1819 | - Log("Discovered Windows Azure endpoint: " + self.Endpoint) |
1820 | - if not self.CheckVersions(): |
1821 | - Error("Agent.CheckVersions failed") |
1822 | - sys.exit(1) |
1823 | - |
1824 | - self.EnvMonitor = EnvMonitor() |
1825 | - |
1826 | - # Set SCSI timeout on root device |
1827 | - try: |
1828 | - timeout = Config.get("OS.RootDeviceScsiTimeout") |
1829 | - if timeout != None: |
1830 | - SetFileContents("/sys/block/" + DeviceForIdePort(0) + "/device/timeout", timeout) |
1831 | - except: |
1832 | - pass |
1833 | - |
1834 | - global Openssl |
1835 | - Openssl = Config.get("OS.OpensslPath") |
1836 | - if Openssl == None: |
1837 | - Openssl = "openssl" |
1838 | - |
1839 | - self.TransportCert = self.GenerateTransportCert() |
1840 | - |
1841 | - incarnation = None # goalStateIncarnationFromHealthReport |
1842 | - currentPort = None # loadBalancerProbePort |
1843 | - goalState = None # self.GoalState, instance of GoalState |
1844 | - provisioned = os.path.exists(LibDir + "/provisioned") |
1845 | - program = Config.get("Role.StateConsumer") |
1846 | - provisionError = None |
1847 | - while True: |
1848 | - if (goalState == None) or (incarnation == None) or (goalState.Incarnation != incarnation): |
1849 | - goalState = self.UpdateGoalState() |
1850 | - |
1851 | - if provisioned == False: |
1852 | - self.ReportNotReady("Provisioning", "Starting") |
1853 | - |
1854 | - goalState.Process() |
1855 | - |
1856 | - if provisioned == False: |
1857 | - provisionError = self.Provision() |
1858 | - provisioned = True |
1859 | - |
1860 | - # |
1861 | - # only one port supported |
1862 | - # restart server if new port is different than old port |
1863 | - # stop server if no longer a port |
1864 | - # |
1865 | - goalPort = goalState.LoadBalancerProbePort |
1866 | - if currentPort != goalPort: |
1867 | - self.LoadBalancerProbeServer_Shutdown() |
1868 | - currentPort = goalPort |
1869 | - if currentPort != None: |
1870 | - self.LoadBalancerProbeServer = LoadBalancerProbeServer(currentPort) |
1871 | - |
1872 | - if program != None and DiskActivated == True: |
1873 | - os.spawnl(os.P_NOWAIT, program, program, "Ready") |
1874 | - program = None |
1875 | - |
1876 | - if goalState.ExpectedState == "Stopped": |
1877 | - program = Config.get("Role.StateConsumer") |
1878 | - if program != None: |
1879 | - Run(program + " Shutdown") |
1880 | - self.EnvMonitor.shutdown() |
1881 | - self.LoadBalancerProbeServer_Shutdown() |
1882 | - command = ["/sbin/shutdown -hP now", "shutdown /s /t 5"][IsWindows()] |
1883 | - Run(command) |
1884 | - return |
1885 | - |
1886 | - sleepToReduceAccessDenied = 3 |
1887 | - time.sleep(sleepToReduceAccessDenied) |
1888 | - i = None |
1889 | - if provisionError != None: |
1890 | - i = self.ReportNotReady("ProvisioningFailed", provisionError) |
1891 | - else: |
1892 | - i = self.ReportReady() |
1893 | - if i != None: |
1894 | - incarnation = i |
1895 | - time.sleep(25 - sleepToReduceAccessDenied) |
1896 | - |
1897 | -Init_Suse = """\ |
1898 | -#! /bin/sh |
1899 | - |
1900 | -### BEGIN INIT INFO |
1901 | -# Provides: WindowsAzureLinuxAgent |
1902 | -# Required-Start: $network sshd |
1903 | -# Required-Stop: $network sshd |
1904 | -# Default-Start: 3 5 |
1905 | -# Default-Stop: 0 1 2 6 |
1906 | -# Description: Start the WindowsAzureLinuxAgent |
1907 | -### END INIT INFO |
1908 | - |
1909 | -WAZD_BIN=/usr/sbin/waagent |
1910 | -test -x $WAZD_BIN || exit 5 |
1911 | - |
1912 | -case "$1" in |
1913 | - start) |
1914 | - echo "Starting WindowsAzureLinuxAgent" |
1915 | - ## Start daemon with startproc(8). If this fails |
1916 | - ## the echo return value is set appropriate. |
1917 | - |
1918 | - startproc -f $WAZD_BIN -daemon |
1919 | - exit $? |
1920 | - ;; |
1921 | - stop) |
1922 | - echo "Shutting down WindowsAzureLinuxAgent" |
1923 | - ## Stop daemon with killproc(8) and if this fails |
1924 | - ## set echo the echo return value. |
1925 | - |
1926 | - killproc -p /var/run/waagent.pid $WAZD_BIN |
1927 | - exit $? |
1928 | - ;; |
1929 | - try-restart) |
1930 | - ## Stop the service and if this succeeds (i.e. the |
1931 | - ## service was running before), start it again. |
1932 | - $0 status >/dev/null && $0 restart |
1933 | - ;; |
1934 | - restart) |
1935 | - ## Stop the service and regardless of whether it was |
1936 | - ## running or not, start it again. |
1937 | - $0 stop |
1938 | - $0 start |
1939 | - ;; |
1940 | - force-reload|reload) |
1941 | - ;; |
1942 | - status) |
1943 | - echo -n "Checking for service WindowsAzureLinuxAgent " |
1944 | - ## Check status with checkproc(8), if process is running |
1945 | - ## checkproc will return with exit status 0. |
1946 | - |
1947 | - checkproc -p $WAZD_PIDFILE $WAZD_BIN |
1948 | - exit $? |
1949 | - ;; |
1950 | - probe) |
1951 | - ;; |
1952 | - *) |
1953 | - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" |
1954 | - exit 1 |
1955 | - ;; |
1956 | -esac |
1957 | -""" |
1958 | - |
1959 | -Init_RedHat = """\ |
1960 | -#!/bin/bash |
1961 | -# |
1962 | -# Init file for WindowsAzureLinuxAgent. |
1963 | -# |
1964 | -# chkconfig: 2345 60 80 |
1965 | -# description: WindowsAzureLinuxAgent |
1966 | -# |
1967 | - |
1968 | -# source function library |
1969 | -. /etc/rc.d/init.d/functions |
1970 | - |
1971 | -RETVAL=0 |
1972 | -FriendlyName="WindowsAzureLinuxAgent" |
1973 | -WAZD_BIN=/usr/sbin/waagent |
1974 | - |
1975 | -start() |
1976 | -{ |
1977 | - echo -n $"Starting $FriendlyName: " |
1978 | - $WAZD_BIN -daemon & |
1979 | -} |
1980 | - |
1981 | -stop() |
1982 | -{ |
1983 | - echo -n $"Stopping $FriendlyName: " |
1984 | - killproc -p /var/run/waagent.pid $WAZD_BIN |
1985 | - RETVAL=$? |
1986 | - echo |
1987 | - return $RETVAL |
1988 | -} |
1989 | - |
1990 | -case "$1" in |
1991 | - start) |
1992 | - start |
1993 | - ;; |
1994 | - stop) |
1995 | - stop |
1996 | - ;; |
1997 | - restart) |
1998 | - stop |
1999 | - start |
2000 | - ;; |
2001 | - reload) |
2002 | - ;; |
2003 | - report) |
2004 | - ;; |
2005 | - status) |
2006 | - status $WAZD_BIN |
2007 | - RETVAL=$? |
2008 | - ;; |
2009 | - *) |
2010 | - echo $"Usage: $0 {start|stop|restart|status}" |
2011 | - RETVAL=1 |
2012 | -esac |
2013 | -exit $RETVAL |
2014 | -""" |
2015 | - |
2016 | -Init_Debian = """\ |
2017 | -#!/bin/sh |
2018 | -### BEGIN INIT INFO |
2019 | -# Provides: WindowsAzureLinuxAgent |
2020 | -# Required-Start: $network $syslog |
2021 | -# Required-Stop: $network $syslog |
2022 | -# Should-Start: $network $syslog |
2023 | -# Should-Stop: $network $syslog |
2024 | -# Default-Start: 2 3 4 5 |
2025 | -# Default-Stop: 0 1 6 |
2026 | -# Short-Description: WindowsAzureLinuxAgent |
2027 | -# Description: WindowsAzureLinuxAgent |
2028 | -### END INIT INFO |
2029 | - |
2030 | -. /lib/lsb/init-functions |
2031 | - |
2032 | -OPTIONS="-daemon" |
2033 | -WAZD_BIN=/usr/sbin/waagent |
2034 | -WAZD_PID=/var/run/waagent.pid |
2035 | - |
2036 | -case "$1" in |
2037 | - start) |
2038 | - log_begin_msg "Starting WindowsAzureLinuxAgent..." |
2039 | - pid=$( pidofproc $WAZD_BIN ) |
2040 | - if [ -n "$pid" ] ; then |
2041 | - log_begin_msg "Already running." |
2042 | - log_end_msg 0 |
2043 | - exit 0 |
2044 | - fi |
2045 | - start-stop-daemon --start --quiet --oknodo --background --exec $WAZD_BIN -- $OPTIONS |
2046 | - log_end_msg $? |
2047 | - ;; |
2048 | - |
2049 | - stop) |
2050 | - log_begin_msg "Stopping WindowsAzureLinuxAgent..." |
2051 | - start-stop-daemon --stop --quiet --oknodo --pidfile $WAZD_PID |
2052 | - ret=$? |
2053 | - rm -f $WAZD_PID |
2054 | - log_end_msg $ret |
2055 | - ;; |
2056 | - force-reload) |
2057 | - $0 restart |
2058 | - ;; |
2059 | - restart) |
2060 | - $0 stop |
2061 | - $0 start |
2062 | - ;; |
2063 | - status) |
2064 | - status_of_proc $WAZD_BIN && exit 0 || exit $? |
2065 | - ;; |
2066 | - *) |
2067 | - log_success_msg "Usage: /etc/init.d/waagent {start|stop|force-reload|restart|status}" |
2068 | - exit 1 |
2069 | - ;; |
2070 | -esac |
2071 | - |
2072 | -exit 0 |
2073 | -""" |
2074 | - |
2075 | -WaagentConf = """\ |
2076 | -# |
2077 | -# Windows Azure Linux Agent Configuration |
2078 | -# |
2079 | - |
2080 | -Role.StateConsumer=None # Specified program is invoked with "Ready" or "Shutdown". |
2081 | - # Shutdown will be initiated only after the program returns. Windows Azure will |
2082 | - # power off the VM if shutdown is not completed within ?? minutes. |
2083 | -Role.ConfigurationConsumer=None # Specified program is invoked with XML file argument specifying role configuration. |
2084 | -Role.TopologyConsumer=None # Specified program is invoked with XML file argument specifying role topology. |
2085 | - |
2086 | -Provisioning.Enabled=y # |
2087 | -Provisioning.DeleteRootPassword=y # Password authentication for root account will be unavailable. |
2088 | -Provisioning.RegenerateSshHostKeyPair=y # Generate fresh host key pair. |
2089 | -Provisioning.SshHostKeyPairType=rsa # Supported values are "rsa", "dsa" and "ecdsa". |
2090 | -Provisioning.MonitorHostName=y # Monitor host name changes and publish changes via DHCP requests. |
2091 | - |
2092 | -ResourceDisk.Format=y # Format if unformatted. If 'n', resource disk will not be mounted. |
2093 | -ResourceDisk.Filesystem=ext4 # |
2094 | -ResourceDisk.MountPoint=/mnt/resource # |
2095 | -ResourceDisk.EnableSwap=n # Create and use swapfile on resource disk. |
2096 | -ResourceDisk.SwapSizeMB=0 # Size of the swapfile. |
2097 | - |
2098 | -LBProbeResponder=y # Respond to load balancer probes if requested by Windows Azure. |
2099 | - |
2100 | -Logs.Verbose=n # |
2101 | - |
2102 | -OS.RootDeviceScsiTimeout=300 # Root device timeout in seconds. |
2103 | -OS.OpensslPath=None # If "None", the system default version is used. |
2104 | -""" |
2105 | - |
2106 | -WaagentLogrotate = """\ |
2107 | -/var/log/waagent.log { |
2108 | - monthly |
2109 | - rotate 6 |
2110 | - notifempty |
2111 | - missingok |
2112 | -} |
2113 | -""" |
2114 | - |
2115 | -def AddToLinuxKernelCmdline(options): |
2116 | - if os.path.isfile("/boot/grub/menu.lst"): |
2117 | - Run("sed -i --follow-symlinks '/kernel/s|$| " + options + " |' /boot/grub/menu.lst") |
2118 | - filepath = "/etc/default/grub" |
2119 | - if os.path.isfile(filepath): |
2120 | - filecontents = GetFileContents(filepath).split('\n') |
2121 | - current = filter(lambda a: a.startswith("GRUB_CMDLINE_LINUX"), filecontents) |
2122 | - ReplaceFileContentsAtomic(filepath, |
2123 | - "\n".join(filter(lambda a: not a.startswith("GRUB_CMDLINE_LINUX"), filecontents)) |
2124 | - + current[0][:-1] + " " + options + "\"\n") |
2125 | - Run("update-grub") |
2126 | - |
2127 | -def ApplyVNUMAWorkaround(): |
2128 | - VersionParts = platform.release().replace('-', '.').split('.') |
2129 | - if int(VersionParts[0]) > 2: |
2130 | - return |
2131 | - if int(VersionParts[1]) > 6: |
2132 | - return |
2133 | - if int(VersionParts[2]) > 37: |
2134 | - return |
2135 | - AddToLinuxKernelCmdline("numa=off") |
2136 | - # TODO: This is not ideal for offline installation. |
2137 | - print("Your kernel version " + platform.release() + " has a NUMA-related bug: NUMA has been disabled.") |
2138 | - |
2139 | -def RevertVNUMAWorkaround(): |
2140 | - print("Automatic reverting of GRUB configuration is not yet supported. Please edit by hand.") |
2141 | - |
2142 | -def Install(): |
2143 | - if IsWindows(): |
2144 | - print("ERROR: -install invalid for Windows.") |
2145 | - return 1 |
2146 | - os.chmod(sys.argv[0], 0755) |
2147 | - SwitchCwd() |
2148 | - requiredDeps = [ "/sbin/route", "/sbin/shutdown" ] |
2149 | - if IsDebian(): |
2150 | - requiredDeps += [ "/usr/sbin/update-rc.d" ] |
2151 | - if IsSuse(): |
2152 | - requiredDeps += [ "/sbin/insserv" ] |
2153 | - for a in requiredDeps: |
2154 | - if not os.path.isfile(a): |
2155 | - Error("Missing required dependency: " + a) |
2156 | - return 1 |
2157 | - missing = False |
2158 | - for a in [ "ssh-keygen", "useradd", "openssl", "sfdisk", |
2159 | - "fdisk", "mkfs", "chpasswd", "sed", "grep", "sudo" ]: |
2160 | - if Run("which " + a + " > /dev/null 2>&1"): |
2161 | - Warn("Missing dependency: " + a) |
2162 | - missing = True |
2163 | - if missing == True: |
2164 | - Warn("Please resolve missing dependencies listed for full functionality.") |
2165 | - if UsesRpm(): |
2166 | - if not Run("rpm --quiet -q NetworkManager"): |
2167 | - Error(GuestAgentLongName + " is not compatible with NetworkManager.") |
2168 | - return 1 |
2169 | - if Run("rpm --quiet -q python-pyasn1"): |
2170 | - Error(GuestAgentLongName + " requires python-pyasn1.") |
2171 | - return 1 |
2172 | - if UsesDpkg() and Run("dpkg -l network-manager | grep -q ^un"): |
2173 | - Error(GuestAgentLongName + " is not compatible with network-manager.") |
2174 | - return 1 |
2175 | - for a in RulesFiles: |
2176 | - if os.path.isfile(a): |
2177 | - if os.path.isfile(GetLastPathElement(a)): |
2178 | - os.remove(GetLastPathElement(a)) |
2179 | - shutil.move(a, ".") |
2180 | - Warn("Moved " + a + " -> " + LibDir + "/" + GetLastPathElement(a) ) |
2181 | - filename = "waagent" |
2182 | - filepath = "/etc/init.d/" + filename |
2183 | - distro = IsRedHat() + IsDebian() * 2 + IsSuse() * 3 |
2184 | - if distro == 0: |
2185 | - Error("Unable to detect Linux Distribution.") |
2186 | - return 1 |
2187 | - init = [[Init_RedHat, "chkconfig --add " + filename], |
2188 | - [Init_Debian, "update-rc.d " + filename + " defaults"], |
2189 | - [Init_Suse, "insserv " + filename]][distro - 1] |
2190 | - SetFileContents(filepath, init[0]) |
2191 | - os.chmod(filepath, 0755) |
2192 | - Run(init[1]) |
2193 | - if os.path.isfile("/etc/waagent.conf"): |
2194 | - try: |
2195 | - os.remove("/etc/waagent.conf.old") |
2196 | - except: |
2197 | - pass |
2198 | - try: |
2199 | - os.rename("/etc/waagent.conf", "/etc/waagent.conf.old") |
2200 | - Warn("Existing /etc/waagent.conf has been renamed to /etc/waagent.conf.old") |
2201 | - except: |
2202 | - pass |
2203 | - SetFileContents("/etc/waagent.conf", WaagentConf) |
2204 | - SetFileContents("/etc/logrotate.d/waagent", WaagentLogrotate) |
2205 | - filepath = "/etc/ssh/sshd_config" |
2206 | - ReplaceFileContentsAtomic(filepath, "\n".join(filter(lambda a: not |
2207 | - a.startswith("ClientAliveInterval"), |
2208 | - GetFileContents(filepath).split('\n'))) + "ClientAliveInterval 180\n") |
2209 | - Log("Configured SSH client probing to keep connections alive.") |
2210 | - ApplyVNUMAWorkaround() |
2211 | - return 0 |
2212 | - |
2213 | -def Uninstall(): |
2214 | - if IsWindows(): |
2215 | - print("ERROR: -uninstall invalid for windows, see waagent_service.exe") |
2216 | - return 1 |
2217 | - SwitchCwd() |
2218 | - for a in RulesFiles: |
2219 | - if os.path.isfile(GetLastPathElement(a)): |
2220 | - try: |
2221 | - shutil.move(GetLastPathElement(a), a) |
2222 | - Warn("Moved " + LibDir + "/" + GetLastPathElement(a) + " -> " + a ) |
2223 | - except: |
2224 | - pass |
2225 | - filename = "waagent" |
2226 | - a = IsRedHat() + IsDebian() * 2 + IsSuse() * 3 |
2227 | - if a == 0: |
2228 | - Error("Unable to detect Linux Distribution.") |
2229 | - return 1 |
2230 | - Run("service " + filename + " stop") |
2231 | - cmd = ["chkconfig --del " + filename, |
2232 | - "update-rc.d -f " + filename + " remove", |
2233 | - "insserv -r " + filename][a - 1] |
2234 | - Run(cmd) |
2235 | - for f in os.listdir(LibDir) + ["/etc/init.d/" + filename, "/etc/waagent.conf", "/etc/logrotate.d/waagent", "/etc/sudoers.d/waagent"]: |
2236 | - try: |
2237 | - os.remove(f) |
2238 | - except: |
2239 | - pass |
2240 | - RevertVNUMAWorkaround() |
2241 | - return 0 |
2242 | - |
2243 | -def DeleteRootPassword(): |
2244 | - SetFileContents("/etc/shadow-temp", "") |
2245 | - os.chmod("/etc/shadow-temp", 0000) |
2246 | - Run("(echo root:*LOCK*:14600:::::: && grep -v ^root /etc/shadow ) > /etc/shadow-temp") |
2247 | - Run("mv -f /etc/shadow-temp /etc/shadow") |
2248 | - Log("Root password deleted.") |
2249 | - |
2250 | -def Deprovision(force, deluser): |
2251 | - if IsWindows(): |
2252 | - Run(os.environ["windir"] + "\\system32\\sysprep\\sysprep.exe /generalize") |
2253 | - return 0 |
2254 | - |
2255 | - SwitchCwd() |
2256 | - ovfxml = GetFileContents("ovf-env.xml") |
2257 | - ovfobj = None |
2258 | - if ovfxml != None: |
2259 | - ovfobj = OvfEnv().Parse(ovfxml) |
2260 | - |
2261 | - print("WARNING! The waagent service will be stopped.") |
2262 | - print("WARNING! All SSH host key pairs will be deleted.") |
2263 | - print("WARNING! Nameserver configuration in /etc/resolv.conf will be deleted.") |
2264 | - print("WARNING! Cached DHCP leases will be deleted.") |
2265 | - |
2266 | - delRootPass = Config.get("Provisioning.DeleteRootPassword") |
2267 | - if delRootPass != None and delRootPass.lower().startswith("y"): |
2268 | - print("WARNING! root password will be disabled. You will not be able to login as root.") |
2269 | - |
2270 | - if ovfobj != None and deluser == True: |
2271 | - print("WARNING! " + ovfobj.UserName + " account and entire home directory will be deleted.") |
2272 | - |
2273 | - if force == False and not raw_input('Do you want to proceed (y/n)? ').startswith('y'): |
2274 | - return 1 |
2275 | - |
2276 | - Run("service waagent stop") |
2277 | - |
2278 | - if deluser == True: |
2279 | - DeleteAccount(ovfobj.UserName) |
2280 | - |
2281 | - # Remove SSH host keys |
2282 | - regenerateKeys = Config.get("Provisioning.RegenerateSshHostKeyPair") |
2283 | - if regenerateKeys == None or regenerateKeys.lower().startswith("y"): |
2284 | - Run("rm -f /etc/ssh/ssh_host_*key*") |
2285 | - |
2286 | - # Remove root password |
2287 | - if delRootPass != None and delRootPass.lower().startswith("y"): |
2288 | - DeleteRootPassword() |
2289 | - |
2290 | - # Remove distribution specific networking configuration |
2291 | - |
2292 | - UpdateAndPublishHostNameCommon("localhost.localdomain") |
2293 | - |
2294 | - # RedHat, Suse, Debian |
2295 | - for a in VarLibDhcpDirectories: |
2296 | - Run("rm -f " + a + "/*") |
2297 | - |
2298 | - # Clear LibDir, remove nameserver and root bash history |
2299 | - for f in os.listdir(LibDir) + ["/etc/resolv.conf", "/root/.bash_history", "/var/log/waagent.log"]: |
2300 | - try: |
2301 | - os.remove(f) |
2302 | - except: |
2303 | - pass |
2304 | - |
2305 | - return 0 |
2306 | - |
2307 | -def SwitchCwd(): |
2308 | - if not IsWindows(): |
2309 | - CreateDir(LibDir, "root", 0700) |
2310 | - os.chdir(LibDir) |
2311 | - |
2312 | -def Usage(): |
2313 | - print("usage: " + sys.argv[0] + " [-verbose] [-force] [-help|-install|-uninstall|-deprovision[+user]|-version|-serialconsole|-daemon]") |
2314 | - return 0 |
2315 | - |
2316 | -if GuestAgentVersion == "": |
2317 | - print("WARNING! This is a non-standard agent that does not include a valid version string.") |
2318 | -if IsLinux() and not DetectLinuxDistro(): |
2319 | - print("WARNING! Unable to detect Linux distribution. Some functionality may be broken.") |
2320 | - |
2321 | -if len(sys.argv) == 1: |
2322 | - sys.exit(Usage()) |
2323 | - |
2324 | -args = [] |
2325 | -force = False |
2326 | -for a in sys.argv[1:]: |
2327 | - if re.match("^([-/]*)(help|usage|\?)", a): |
2328 | - sys.exit(Usage()) |
2329 | - elif re.match("^([-/]*)verbose", a): |
2330 | - Verbose = True |
2331 | - elif re.match("^([-/]*)force", a): |
2332 | - force = True |
2333 | - elif re.match("^([-/]*)(setup|install)", a): |
2334 | - sys.exit(Install()) |
2335 | - elif re.match("^([-/]*)(uninstall)", a): |
2336 | - sys.exit(Uninstall()) |
2337 | - else: |
2338 | - args.append(a) |
2339 | - |
2340 | -Config = ConfigurationProvider() |
2341 | - |
2342 | -verbose = Config.get("Logs.Verbose") |
2343 | -if verbose != None and verbose.lower().startswith("y"): |
2344 | - Verbose = True |
2345 | - |
2346 | -daemon = False |
2347 | -for a in args: |
2348 | - if re.match("^([-/]*)deprovision\+user", a): |
2349 | - sys.exit(Deprovision(force, True)) |
2350 | - elif re.match("^([-/]*)deprovision", a): |
2351 | - sys.exit(Deprovision(force, False)) |
2352 | - elif re.match("^([-/]*)daemon", a): |
2353 | - daemon = True |
2354 | - elif re.match("^([-/]*)version", a): |
2355 | - print(GuestAgentVersion + " running on " + LinuxDistro) |
2356 | - sys.exit(0) |
2357 | - elif re.match("^([-/]*)serialconsole", a): |
2358 | - AddToLinuxKernelCmdline("console=ttyS0 earlyprintk=ttyS0") |
2359 | - Log("Configured kernel to use ttyS0 as the boot console.") |
2360 | - sys.exit(0) |
2361 | - else: |
2362 | - print("Invalid command line parameter:" + a) |
2363 | - sys.exit(1) |
2364 | - |
2365 | -if daemon == False: |
2366 | - sys.exit(Usage()) |
2367 | - |
2368 | -try: |
2369 | - SwitchCwd() |
2370 | - Log(GuestAgentLongName + " Version: " + GuestAgentVersion) |
2371 | - if IsLinux(): |
2372 | - Log("Linux Distribution Detected : " + LinuxDistro) |
2373 | - WaAgent = Agent() |
2374 | - WaAgent.Run() |
2375 | -except Exception, e: |
2376 | - Error(traceback.format_exc()) |
2377 | - Error("Exception: " + str(e)) |
2378 | - sys.exit(1) |
2379 | |
2380 | === added directory '.pc/000_use_package_upstart.patch' |
2381 | === added file '.pc/000_use_package_upstart.patch/waagent' |
2382 | --- .pc/000_use_package_upstart.patch/waagent 1970-01-01 00:00:00 +0000 |
2383 | +++ .pc/000_use_package_upstart.patch/waagent 2012-12-13 16:29:21 +0000 |
2384 | @@ -0,0 +1,2473 @@ |
2385 | +#!/usr/bin/python |
2386 | +# |
2387 | +# Windows Azure Linux Agent |
2388 | +# |
2389 | +# Copyright 2012 Microsoft Corporation |
2390 | +# |
2391 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2392 | +# you may not use this file except in compliance with the License. |
2393 | +# You may obtain a copy of the License at |
2394 | +# |
2395 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2396 | +# |
2397 | +# Unless required by applicable law or agreed to in writing, software |
2398 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2399 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2400 | +# See the License for the specific language governing permissions and |
2401 | +# limitations under the License. |
2402 | +# |
2403 | +# Requires Python 2.4+ and Openssl 1.0+ |
2404 | +# |
2405 | +# Implements parts of RFC 2131, 1541, 1497 and |
2406 | +# http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx |
2407 | +# http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx |
2408 | +# |
2409 | + |
2410 | +import array |
2411 | +import base64 |
2412 | +import httplib |
2413 | +import os |
2414 | +import os.path |
2415 | +import platform |
2416 | +import pwd |
2417 | +import re |
2418 | +import shutil |
2419 | +import socket |
2420 | +import SocketServer |
2421 | +import struct |
2422 | +import subprocess |
2423 | +import sys |
2424 | +import tempfile |
2425 | +import textwrap |
2426 | +import threading |
2427 | +import time |
2428 | +import traceback |
2429 | +import xml.dom.minidom |
2430 | +import commands |
2431 | + |
2432 | +GuestAgentName = "WALinuxAgent" |
2433 | +GuestAgentLongName = "Windows Azure Linux Agent" |
2434 | +GuestAgentVersion = "WALinuxAgent-1.2" |
2435 | +ProtocolVersion = "2011-12-31" |
2436 | + |
2437 | +Config = None |
2438 | +LinuxDistro = "UNKNOWN" |
2439 | +Verbose = False |
2440 | +WaAgent = None |
2441 | +DiskActivated = False |
2442 | +Openssl = "openssl" |
2443 | +Children = [] |
2444 | + |
2445 | +PossibleEthernetInterfaces = ["seth0", "seth1", "eth0", "eth1"] |
2446 | +RulesFiles = [ "/lib/udev/rules.d/75-persistent-net-generator.rules", |
2447 | + "/etc/udev/rules.d/70-persistent-net.rules" ] |
2448 | +VarLibDhcpDirectories = ["/var/lib/dhclient", "/var/lib/dhcpcd", "/var/lib/dhcp"] |
2449 | +EtcDhcpClientConfFiles = ["/etc/dhcp/dhclient.conf", "/etc/dhcp3/dhclient.conf"] |
2450 | +LibDir = "/var/lib/waagent" |
2451 | + |
2452 | +# This lets us index into a string or an array of integers transparently. |
2453 | +def Ord(a): |
2454 | + if type(a) == type("a"): |
2455 | + a = ord(a) |
2456 | + return a |
2457 | + |
2458 | +def IsWindows(): |
2459 | + return (platform.uname()[0] == "Windows") |
2460 | + |
2461 | +def IsLinux(): |
2462 | + return (platform.uname()[0] == "Linux") |
2463 | + |
2464 | +def DetectLinuxDistro(): |
2465 | + global LinuxDistro |
2466 | + if os.path.isfile("/etc/redhat-release"): |
2467 | + LinuxDistro = "RedHat" |
2468 | + return True |
2469 | + if os.path.isfile("/etc/lsb-release") and "Ubuntu" in GetFileContents("/etc/lsb-release"): |
2470 | + LinuxDistro = "Ubuntu" |
2471 | + return True |
2472 | + if os.path.isfile("/etc/debian_version"): |
2473 | + LinuxDistro = "Debian" |
2474 | + return True |
2475 | + if os.path.isfile("/etc/SuSE-release"): |
2476 | + LinuxDistro = "Suse" |
2477 | + return True |
2478 | + return False |
2479 | + |
2480 | +def IsRedHat(): |
2481 | + return "RedHat" in LinuxDistro |
2482 | + |
2483 | +def IsUbuntu(): |
2484 | + return "Ubuntu" in LinuxDistro |
2485 | + |
2486 | +def IsDebian(): |
2487 | + return IsUbuntu() or "Debian" in LinuxDistro |
2488 | + |
2489 | +def IsSuse(): |
2490 | + return "Suse" in LinuxDistro |
2491 | + |
2492 | +def UsesRpm(): |
2493 | + return IsRedHat() or IsSuse() |
2494 | + |
2495 | +def UsesDpkg(): |
2496 | + return IsDebian() |
2497 | + |
2498 | +def GetLastPathElement(path): |
2499 | + return path.rsplit('/', 1)[1] |
2500 | + |
2501 | +def GetFileContents(filepath): |
2502 | + file = None |
2503 | + try: |
2504 | + file = open(filepath) |
2505 | + except: |
2506 | + return None |
2507 | + if file == None: |
2508 | + return None |
2509 | + try: |
2510 | + return file.read() |
2511 | + finally: |
2512 | + file.close() |
2513 | + |
2514 | +def SetFileContents(filepath, contents): |
2515 | + file = open(filepath, "w") |
2516 | + try: |
2517 | + file.write(contents) |
2518 | + finally: |
2519 | + file.close() |
2520 | + |
2521 | +def AppendFileContents(filepath, contents): |
2522 | + file = open(filepath, "a") |
2523 | + try: |
2524 | + file.write(contents) |
2525 | + finally: |
2526 | + file.close() |
2527 | + |
2528 | +def ReplaceFileContentsAtomic(filepath, contents): |
2529 | + handle, temp = tempfile.mkstemp(dir = os.path.dirname(filepath)) |
2530 | + try: |
2531 | + os.write(handle, contents) |
2532 | + finally: |
2533 | + os.close(handle) |
2534 | + try: |
2535 | + os.rename(temp, filepath) |
2536 | + return |
2537 | + except: |
2538 | + pass |
2539 | + os.remove(filepath) |
2540 | + os.rename(temp, filepath) |
2541 | + |
2542 | +def GetLineStartingWith(prefix, filepath): |
2543 | + for line in GetFileContents(filepath).split('\n'): |
2544 | + if line.startswith(prefix): |
2545 | + return line |
2546 | + return None |
2547 | + |
2548 | +def Run(a): |
2549 | + LogIfVerbose(a) |
2550 | + return os.system(a) |
2551 | + |
2552 | +def RunSafe(cmd): |
2553 | + LogIfVerbose(cmd) |
2554 | + # for python2.1 double try, in order to use a finally... |
2555 | + try: |
2556 | + try: |
2557 | + (exit_status,output) = commands.getstatusoutput(cmd) |
2558 | + except OSError,e : # just catch the exception and proceed |
2559 | + LogIfVerbose( ("OSError " + str(e) + " caught") ) |
2560 | + return exit_status,output |
2561 | + else: |
2562 | + return exit_status,output |
2563 | + finally: |
2564 | + pass |
2565 | + |
2566 | +def GetNodeTextData(a): |
2567 | + for b in a.childNodes: |
2568 | + if b.nodeType == b.TEXT_NODE: |
2569 | + return b.data |
2570 | + |
2571 | +def GetHome(): |
2572 | + home = None |
2573 | + try: |
2574 | + home = GetLineStartingWith("HOME", "/etc/default/useradd").split('=')[1].strip() |
2575 | + except: |
2576 | + pass |
2577 | + if (home == None) or (home.startswith("/") == False): |
2578 | + home = "/home" |
2579 | + return home |
2580 | + |
2581 | +def ChangeOwner(filepath, user): |
2582 | + p = None |
2583 | + try: |
2584 | + p = pwd.getpwnam(user) |
2585 | + except: |
2586 | + pass |
2587 | + if p != None: |
2588 | + os.chown(filepath, p[2], p[3]) |
2589 | + |
2590 | +def CreateDir(dirpath, user, mode): |
2591 | + try: |
2592 | + os.makedirs(dirpath, mode) |
2593 | + except: |
2594 | + pass |
2595 | + ChangeOwner(dirpath, user) |
2596 | + |
2597 | +def CreateAccount(user, password, expiration, thumbprint): |
2598 | + if IsWindows(): |
2599 | + Log("Skipping CreateAccount on Windows") |
2600 | + return None |
2601 | + userentry = None |
2602 | + try: |
2603 | + userentry = pwd.getpwnam(user) |
2604 | + except: |
2605 | + pass |
2606 | + uidmin = None |
2607 | + try: |
2608 | + uidmin = int(GetLineStartingWith("UID_MIN", "/etc/login.defs").split()[1]) |
2609 | + except: |
2610 | + pass |
2611 | + if uidmin == None: |
2612 | + uidmin = 100 |
2613 | + if userentry != None and userentry[2] < uidmin: |
2614 | + Error("CreateAccount: " + user + " is a system user. Will not set password.") |
2615 | + return "Failed to set password for system user: " + user + " (0x06)." |
2616 | + if userentry == None: |
2617 | + command = "useradd -m " + user |
2618 | + if expiration != None: |
2619 | + command += " -e " + expiration.split('.')[0] |
2620 | + if Run(command): |
2621 | + Error("Failed to create user account: " + user) |
2622 | + return "Failed to create user account: " + user + " (0x07)." |
2623 | + else: |
2624 | + Log("CreateAccount: " + user + " already exists. Will update password.") |
2625 | + if password != None: |
2626 | + os.popen("chpasswd", "w").write(user + ":" + password + "\n") |
2627 | + try: |
2628 | + if password == None: |
2629 | + SetFileContents("/etc/sudoers.d/waagent", user + " ALL = (ALL) NOPASSWD: ALL\n") |
2630 | + else: |
2631 | + SetFileContents("/etc/sudoers.d/waagent", user + " ALL = (ALL) ALL\n") |
2632 | + os.chmod("/etc/sudoers.d/waagent", 0440) |
2633 | + except: |
2634 | + Error("CreateAccount: Failed to configure sudo access for user.") |
2635 | + return "Failed to configure sudo privileges (0x08)." |
2636 | + home = GetHome() |
2637 | + if thumbprint != None: |
2638 | + dir = home + "/" + user + "/.ssh" |
2639 | + CreateDir(dir, user, 0700) |
2640 | + pub = dir + "/id_rsa.pub" |
2641 | + prv = dir + "/id_rsa" |
2642 | + Run("ssh-keygen -y -f " + thumbprint + ".prv > " + pub) |
2643 | + SetFileContents(prv, GetFileContents(thumbprint + ".prv")) |
2644 | + for f in [pub, prv]: |
2645 | + os.chmod(f, 0600) |
2646 | + ChangeOwner(f, user) |
2647 | + SetFileContents(dir + "/authorized_keys", GetFileContents(pub)) |
2648 | + ChangeOwner(dir + "/authorized_keys", user) |
2649 | + Log("Created user account: " + user) |
2650 | + return None |
2651 | + |
2652 | +def DeleteAccount(user): |
2653 | + if IsWindows(): |
2654 | + Log("Skipping DeleteAccount on Windows") |
2655 | + return |
2656 | + userentry = None |
2657 | + try: |
2658 | + userentry = pwd.getpwnam(user) |
2659 | + except: |
2660 | + pass |
2661 | + if userentry == None: |
2662 | + Error("DeleteAccount: " + user + " not found.") |
2663 | + return |
2664 | + uidmin = None |
2665 | + try: |
2666 | + uidmin = int(GetLineStartingWith("UID_MIN", "/etc/login.defs").split()[1]) |
2667 | + except: |
2668 | + pass |
2669 | + if uidmin == None: |
2670 | + uidmin = 100 |
2671 | + if userentry[2] < uidmin: |
2672 | + Error("DeleteAccount: " + user + " is a system user. Will not delete account.") |
2673 | + return |
2674 | + Run("> /var/run/utmp") #Delete utmp to prevent error if we are the 'user' deleted |
2675 | + Run("userdel -f -r " + user) |
2676 | + try: |
2677 | + os.remove("/etc/sudoers.d/waagent") |
2678 | + except: |
2679 | + pass |
2680 | + return |
2681 | + |
2682 | +def ReloadSshd(): |
2683 | + name = None |
2684 | + if IsRedHat() or IsSuse(): |
2685 | + name = "sshd" |
2686 | + if IsDebian(): |
2687 | + name = "ssh" |
2688 | + if name == None: |
2689 | + return |
2690 | + if not Run("service " + name + " status | grep running"): |
2691 | + Run("service " + name + " reload") |
2692 | + |
2693 | +def IsInRangeInclusive(a, low, high): |
2694 | + return (a >= low and a <= high) |
2695 | + |
2696 | +def IsPrintable(ch): |
2697 | + return IsInRangeInclusive(ch, Ord('A'), Ord('Z')) or IsInRangeInclusive(ch, Ord('a'), Ord('z')) or IsInRangeInclusive(ch, Ord('0'), Ord('9')) |
2698 | + |
2699 | +def HexDump(buffer, size): |
2700 | + if size < 0: |
2701 | + size = len(buffer) |
2702 | + result = "" |
2703 | + for i in range(0, size): |
2704 | + if (i % 16) == 0: |
2705 | + result += "%06X: " % i |
2706 | + byte = struct.unpack("B", buffer[i])[0] |
2707 | + result += "%02X " % byte |
2708 | + if (i & 15) == 7: |
2709 | + result += " " |
2710 | + if ((i + 1) % 16) == 0 or (i + 1) == size: |
2711 | + j = i |
2712 | + while ((j + 1) % 16) != 0: |
2713 | + result += " " |
2714 | + if (j & 7) == 7: |
2715 | + result += " " |
2716 | + j += 1 |
2717 | + result += " " |
2718 | + for j in range(i - (i % 16), i + 1): |
2719 | + byte = struct.unpack("B", buffer[j])[0] |
2720 | + k = '.' |
2721 | + if IsPrintable(byte): |
2722 | + k = chr(byte) |
2723 | + result += k |
2724 | + if (i + 1) != size: |
2725 | + result += "\n" |
2726 | + return result |
2727 | + |
2728 | +def ThrottleLog(counter): |
2729 | + # Log everything up to 10, every 10 up to 100, then every 100. |
2730 | + return (counter < 10) or ((counter < 100) and ((counter % 10) == 0)) or ((counter % 100) == 0) |
2731 | + |
2732 | +def Logger(): |
2733 | + class T(object): |
2734 | + def __init__(self): |
2735 | + self.File = None |
2736 | + |
2737 | + self = T() |
2738 | + |
2739 | + def LogToFile(message): |
2740 | + FilePath = ["/var/log/waagent.log", "waagent.log"][IsWindows()] |
2741 | + if not os.path.isfile(FilePath) and self.File != None: |
2742 | + self.File.close() |
2743 | + self.File = None |
2744 | + if self.File == None: |
2745 | + self.File = open(FilePath, "a") |
2746 | + self.File.write(message + "\n") |
2747 | + self.File.flush() |
2748 | + |
2749 | + def Log(message): |
2750 | + LogWithPrefix("", message) |
2751 | + |
2752 | + def LogWithPrefix(prefix, message): |
2753 | + t = time.localtime() |
2754 | + t = "%04u/%02u/%02u %02u:%02u:%02u " % (t.tm_year, t.tm_mon, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec) |
2755 | + t += prefix |
2756 | + for line in message.split('\n'): |
2757 | + line = t + line |
2758 | + print(line) |
2759 | + LogToFile(line) |
2760 | + |
2761 | + return Log, LogWithPrefix |
2762 | + |
2763 | +Log, LogWithPrefix = Logger() |
2764 | + |
2765 | +def NoLog(message): |
2766 | + pass |
2767 | + |
2768 | +def LogIfVerbose(message): |
2769 | + if Verbose == True: |
2770 | + Log(message) |
2771 | + |
2772 | +def LogWithPrefixIfVerbose(prefix, message): |
2773 | + if Verbose == True: |
2774 | + LogWithPrefix(prefix, message) |
2775 | + |
2776 | +def Warn(message): |
2777 | + LogWithPrefix("WARNING:", message) |
2778 | + |
2779 | +def Error(message): |
2780 | + LogWithPrefix("ERROR:", message) |
2781 | + |
2782 | +def ErrorWithPrefix(prefix, message): |
2783 | + LogWithPrefix("ERROR:" + prefix, message) |
2784 | + |
2785 | +def Linux_ioctl_GetIpv4Address(ifname): |
2786 | + import fcntl |
2787 | + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
2788 | + return socket.inet_ntoa(fcntl.ioctl(s.fileno(), 0x8915, struct.pack('256s', ifname[:15]))[20:24]) |
2789 | + |
2790 | +def Linux_ioctl_GetInterfaceMac(ifname): |
2791 | + import fcntl |
2792 | + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
2793 | + info = fcntl.ioctl(s.fileno(), 0x8927, struct.pack('256s', ifname[:15])) |
2794 | + return ''.join(['%02X' % Ord(char) for char in info[18:24]]) |
2795 | + |
2796 | +def GetIpv4Address(): |
2797 | + if IsLinux(): |
2798 | + for ifname in PossibleEthernetInterfaces: |
2799 | + try: |
2800 | + return Linux_ioctl_GetIpv4Address(ifname) |
2801 | + except IOError, e: |
2802 | + pass |
2803 | + else: |
2804 | + try: |
2805 | + return socket.gethostbyname(socket.gethostname()) |
2806 | + except Exception, e: |
2807 | + ErrorWithPrefix("GetIpv4Address:", str(e)) |
2808 | + ErrorWithPrefix("GetIpv4Address:", traceback.format_exc()) |
2809 | + |
2810 | +def HexStringToByteArray(a): |
2811 | + b = "" |
2812 | + for c in range(0, len(a) / 2): |
2813 | + b += struct.pack("B", int(a[c * 2:c * 2 + 2], 16)) |
2814 | + return b |
2815 | + |
2816 | +def GetMacAddress(): |
2817 | + if IsWindows(): |
2818 | + # Windows: Physical Address. . . . . . . . . : 00-15-17-79-00-7F\n |
2819 | + a = "ipconfig /all | findstr /c:\"Physical Address\" | findstr /v \"00-00-00-00-00-00-00\"" |
2820 | + a = os.popen(a).read() |
2821 | + a = re.sub("\s+$", "", a) |
2822 | + a = re.sub(".+ ", "", a) |
2823 | + a = re.sub(":", "", a) |
2824 | + a = re.sub("-", "", a) |
2825 | + else: |
2826 | + for ifname in PossibleEthernetInterfaces: |
2827 | + try: |
2828 | + a = Linux_ioctl_GetInterfaceMac(ifname) |
2829 | + break |
2830 | + except IOError, e: |
2831 | + pass |
2832 | + return HexStringToByteArray(a) |
2833 | + |
2834 | +def DeviceForIdePort(n): |
2835 | + if n > 3: |
2836 | + return None |
2837 | + g0 = "00000000" |
2838 | + if n > 1: |
2839 | + g0 = "00000001" |
2840 | + n = n - 2 |
2841 | + device = None |
2842 | + path = "/sys/bus/vmbus/devices/" |
2843 | + for vmbus in os.listdir(path): |
2844 | + guid = GetFileContents(path + vmbus + "/device_id").lstrip('{').split('-') |
2845 | + if guid[0] == g0 and guid[1] == "000" + str(n): |
2846 | + for root, dirs, files in os.walk(path + vmbus): |
2847 | + if root.endswith("/block"): |
2848 | + device = dirs[0] |
2849 | + break |
2850 | + break |
2851 | + return device |
2852 | + |
2853 | +class Util(object): |
2854 | + def _HttpGet(self, url, headers): |
2855 | + LogIfVerbose("HttpGet(" + url + ")") |
2856 | + maxRetry = 2 |
2857 | + if url.startswith("http://"): |
2858 | + url = url[7:] |
2859 | + url = url[url.index("/"):] |
2860 | + for retry in range(0, maxRetry + 1): |
2861 | + strRetry = str(retry) |
2862 | + log = [NoLog, Log][retry > 0] |
2863 | + log("retry HttpGet(" + url + "),retry=" + strRetry) |
2864 | + response = None |
2865 | + strStatus = "None" |
2866 | + try: |
2867 | + httpConnection = httplib.HTTPConnection(self.Endpoint) |
2868 | + if headers == None: |
2869 | + request = httpConnection.request("GET", url) |
2870 | + else: |
2871 | + request = httpConnection.request("GET", url, None, headers) |
2872 | + response = httpConnection.getresponse() |
2873 | + strStatus = str(response.status) |
2874 | + except: |
2875 | + pass |
2876 | + log("response HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2877 | + if response == None or response.status != httplib.OK: |
2878 | + Error("HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2879 | + if retry == maxRetry: |
2880 | + Log("return HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2881 | + return None |
2882 | + else: |
2883 | + Log("sleep 10 seconds HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2884 | + time.sleep(10) |
2885 | + else: |
2886 | + log("return HttpGet(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2887 | + return response.read() |
2888 | + |
2889 | + def HttpGetWithoutHeaders(self, url): |
2890 | + return self._HttpGet(url, None) |
2891 | + |
2892 | + def HttpGetWithHeaders(self, url): |
2893 | + return self._HttpGet(url, {"x-ms-agent-name": GuestAgentName, "x-ms-version": ProtocolVersion}) |
2894 | + |
2895 | + def HttpSecureGetWithHeaders(self, url, transportCert): |
2896 | + return self._HttpGet(url, {"x-ms-agent-name": GuestAgentName, |
2897 | + "x-ms-version": ProtocolVersion, |
2898 | + "x-ms-cipher-name": "DES_EDE3_CBC", |
2899 | + "x-ms-guest-agent-public-x509-cert": transportCert}) |
2900 | + |
2901 | + def HttpPost(self, url, data): |
2902 | + LogIfVerbose("HttpPost(" + url + ")") |
2903 | + maxRetry = 2 |
2904 | + for retry in range(0, maxRetry + 1): |
2905 | + strRetry = str(retry) |
2906 | + log = [NoLog, Log][retry > 0] |
2907 | + log("retry HttpPost(" + url + "),retry=" + strRetry) |
2908 | + response = None |
2909 | + strStatus = "None" |
2910 | + try: |
2911 | + httpConnection = httplib.HTTPConnection(self.Endpoint) |
2912 | + request = httpConnection.request("POST", url, data, {"x-ms-agent-name": GuestAgentName, |
2913 | + "Content-Type": "text/xml; charset=utf-8", |
2914 | + "x-ms-version": ProtocolVersion}) |
2915 | + response = httpConnection.getresponse() |
2916 | + strStatus = str(response.status) |
2917 | + except: |
2918 | + pass |
2919 | + log("response HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2920 | + if response == None or (response.status != httplib.OK and response.status != httplib.ACCEPTED): |
2921 | + Error("HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2922 | + if retry == maxRetry: |
2923 | + Log("return HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2924 | + return None |
2925 | + else: |
2926 | + Log("sleep 10 seconds HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2927 | + time.sleep(10) |
2928 | + else: |
2929 | + log("return HttpPost(" + url + "),retry=" + strRetry + ",status=" + strStatus) |
2930 | + return response |
2931 | + |
2932 | +def LoadBalancerProbeServer(port): |
2933 | + |
2934 | + class T(object): |
2935 | + def __init__(self, ip, port): |
2936 | + if port == None or ip == None : |
2937 | + return |
2938 | + self.ProbeCounter = 0 |
2939 | + self.server = SocketServer.TCPServer((ip, port), TCPHandler) |
2940 | + self.server_thread = threading.Thread(target = self.server.serve_forever) |
2941 | + self.server_thread.setDaemon(True) |
2942 | + self.server_thread.start() |
2943 | + |
2944 | + def shutdown(self): |
2945 | + self.server.shutdown() |
2946 | + |
2947 | + class TCPHandler(SocketServer.BaseRequestHandler): |
2948 | + def GetHttpDateTimeNow(self): |
2949 | + # Date: Fri, 25 Mar 2011 04:53:10 GMT |
2950 | + return time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime()) |
2951 | + |
2952 | + def handle(self): |
2953 | + context.ProbeCounter = (context.ProbeCounter + 1) % 1000000 |
2954 | + log = [NoLog, LogIfVerbose][ThrottleLog(context.ProbeCounter)] |
2955 | + strCounter = str(context.ProbeCounter) |
2956 | + if context.ProbeCounter == 1: |
2957 | + Log("Receiving LB probes.") |
2958 | + log("Received LB probe # " + strCounter) |
2959 | + self.request.recv(1024) |
2960 | + self.request.send("HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: text/html\r\nDate: " + self.GetHttpDateTimeNow() + "\r\n\r\nOK") |
2961 | + |
2962 | + for retry in range(1,6): |
2963 | + context=None |
2964 | + ip = GetIpv4Address() |
2965 | + if ip == None : |
2966 | + Log("LoadBalancerProbeServer: GetIpv4Address() returned None, sleeping 10 before retry " + str(retry+1) ) |
2967 | + time.sleep(10) |
2968 | + else: |
2969 | + try: |
2970 | + context = T(ip,port) |
2971 | + break |
2972 | + except Exception, e: |
2973 | + Log("LoadBalancerProbeServer: Exception contructing socket server: " + str(e)) |
2974 | + Log("LoadBalancerProbeServer: Retry socket server construction #" + str(retry+1) ) |
2975 | + return context |
2976 | + |
2977 | +class ConfigurationProvider(object): |
2978 | + def __init__(self): |
2979 | + self.values = dict() |
2980 | + if os.path.isfile("/etc/waagent.conf") == False: |
2981 | + raise Exception("Missing configuration in /etc/waagent.conf") |
2982 | + try: |
2983 | + for line in GetFileContents("/etc/waagent.conf").split('\n'): |
2984 | + if not line.startswith("#") and "=" in line: |
2985 | + parts = line.split()[0].split('=') |
2986 | + value = parts[1].strip("\" ") |
2987 | + if value != "None": |
2988 | + self.values[parts[0]] = value |
2989 | + else: |
2990 | + self.values[parts[0]] = None |
2991 | + except: |
2992 | + Error("Unable to parse /etc/waagent.conf") |
2993 | + raise |
2994 | + return |
2995 | + |
2996 | + def get(self, key): |
2997 | + return self.values.get(key) |
2998 | + |
2999 | +class EnvMonitor(object): |
3000 | + def __init__(self): |
3001 | + self.shutdown = False |
3002 | + self.HostName = socket.gethostname() |
3003 | + self.server_thread = threading.Thread(target = self.monitor) |
3004 | + self.server_thread.setDaemon(True) |
3005 | + self.server_thread.start() |
3006 | + self.published = False |
3007 | + |
3008 | + def monitor(self): |
3009 | + publish = Config.get("Provisioning.MonitorHostName") |
3010 | + dhcpcmd = "pidof dhclient" |
3011 | + if IsSuse(): |
3012 | + dhcpcmd = "pidof dhcpcd" |
3013 | + if IsDebian(): |
3014 | + dhcpcmd = "pidof dhclient3" |
3015 | + dhcppid = os.popen(dhcpcmd).read() |
3016 | + while not self.shutdown: |
3017 | + for a in RulesFiles: |
3018 | + if os.path.isfile(a): |
3019 | + if os.path.isfile(GetLastPathElement(a)): |
3020 | + os.remove(GetLastPathElement(a)) |
3021 | + shutil.move(a, ".") |
3022 | + Log("EnvMonitor: Moved " + a + " -> " + LibDir) |
3023 | + if publish != None and publish.lower().startswith("y"): |
3024 | + try: |
3025 | + if socket.gethostname() != self.HostName: |
3026 | + Log("EnvMonitor: Detected host name change: " + self.HostName + " -> " + socket.gethostname()) |
3027 | + self.HostName = socket.gethostname() |
3028 | + WaAgent.UpdateAndPublishHostName(self.HostName) |
3029 | + dhcppid = os.popen(dhcpcmd).read() |
3030 | + self.published = True |
3031 | + except: |
3032 | + pass |
3033 | + else: |
3034 | + self.published = True |
3035 | + pid = "" |
3036 | + if not os.path.isdir("/proc/" + dhcppid.strip()): |
3037 | + pid = os.popen(dhcpcmd).read() |
3038 | + if pid != "" and pid != dhcppid: |
3039 | + Log("EnvMonitor: Detected dhcp client restart. Restoring routing table.") |
3040 | + WaAgent.RestoreRoutes() |
3041 | + dhcppid = pid |
3042 | + for child in Children: |
3043 | + if child.poll() != None: |
3044 | + Children.remove(child) |
3045 | + time.sleep(5) |
3046 | + |
3047 | + def SetHostName(self, name): |
3048 | + if socket.gethostname() == name: |
3049 | + self.published = True |
3050 | + elif Run("hostname " + name): |
3051 | + Error("Error: SetHostName: Cannot set hostname to " + name) |
3052 | + return ("Error: SetHostName: Cannot set hostname to " + name) |
3053 | + |
3054 | + def IsNamePublished(self): |
3055 | + return self.published |
3056 | + |
3057 | + def ShutdownService(self): |
3058 | + self.shutdown = True |
3059 | + self.server_thread.join() |
3060 | + |
3061 | +class Certificates(object): |
3062 | +# |
3063 | +# <CertificateFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="certificates10.xsd"> |
3064 | +# <Version>2010-12-15</Version> |
3065 | +# <Incarnation>2</Incarnation> |
3066 | +# <Format>Pkcs7BlobWithPfxContents</Format> |
3067 | +# <Data>MIILTAY... |
3068 | +# </Data> |
3069 | +# </CertificateFile> |
3070 | +# |
3071 | + def __init__(self): |
3072 | + self.reinitialize() |
3073 | + |
3074 | + def reinitialize(self): |
3075 | + self.Incarnation = None |
3076 | + self.Role = None |
3077 | + |
3078 | + def Parse(self, xmlText): |
3079 | + self.reinitialize() |
3080 | + SetFileContents("Certificates.xml", xmlText) |
3081 | + dom = xml.dom.minidom.parseString(xmlText) |
3082 | + for a in [ "CertificateFile", "Version", "Incarnation", |
3083 | + "Format", "Data", ]: |
3084 | + if not dom.getElementsByTagName(a): |
3085 | + Error("Certificates.Parse: Missing " + a) |
3086 | + return None |
3087 | + node = dom.childNodes[0] |
3088 | + if node.localName != "CertificateFile": |
3089 | + Error("Certificates.Parse: root not CertificateFile") |
3090 | + return None |
3091 | + SetFileContents("Certificates.p7m", |
3092 | + "MIME-Version: 1.0\n" |
3093 | + + "Content-Disposition: attachment; filename=\"Certificates.p7m\"\n" |
3094 | + + "Content-Type: application/x-pkcs7-mime; name=\"Certificates.p7m\"\n" |
3095 | + + "Content-Transfer-Encoding: base64\n\n" |
3096 | + + GetNodeTextData(dom.getElementsByTagName("Data")[0])) |
3097 | + if Run(Openssl + " cms -decrypt -in Certificates.p7m -inkey TransportPrivate.pem -recip TransportCert.pem | " + Openssl + " pkcs12 -nodes -password pass: -out Certificates.pem"): |
3098 | + Error("Certificates.Parse: Failed to extract certificates from CMS message.") |
3099 | + return self |
3100 | + # There may be multiple certificates in this package. Split them. |
3101 | + file = open("Certificates.pem") |
3102 | + pindex = 1 |
3103 | + cindex = 1 |
3104 | + output = open("temp.pem", "w") |
3105 | + for line in file.readlines(): |
3106 | + output.write(line) |
3107 | + if re.match(r'[-]+END .*?(KEY|CERTIFICATE)[-]+$',line): |
3108 | + output.close() |
3109 | + if re.match(r'[-]+END .*?KEY[-]+$',line): |
3110 | + os.rename("temp.pem", str(pindex) + ".prv") |
3111 | + pindex += 1 |
3112 | + else: |
3113 | + os.rename("temp.pem", str(cindex) + ".crt") |
3114 | + cindex += 1 |
3115 | + output = open("temp.pem", "w") |
3116 | + output.close() |
3117 | + os.remove("temp.pem") |
3118 | + keys = dict() |
3119 | + index = 1 |
3120 | + filename = str(index) + ".crt" |
3121 | + while os.path.isfile(filename): |
3122 | + thumbprint = os.popen(Openssl + " x509 -in " + filename + " -fingerprint -noout").read().rstrip().split('=')[1].replace(':', '').upper() |
3123 | + pubkey=os.popen(Openssl + " x509 -in " + filename + " -pubkey -noout").read() |
3124 | + keys[pubkey] = thumbprint |
3125 | + os.rename(filename, thumbprint + ".crt") |
3126 | + os.chmod(thumbprint + ".crt", 0600) |
3127 | + if IsRedHat(): |
3128 | + Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + thumbprint + ".crt") |
3129 | + index += 1 |
3130 | + filename = str(index) + ".crt" |
3131 | + index = 1 |
3132 | + filename = str(index) + ".prv" |
3133 | + while os.path.isfile(filename): |
3134 | + pubkey = os.popen(Openssl + " rsa -in " + filename + " -pubout").read() |
3135 | + os.rename(filename, keys[pubkey] + ".prv") |
3136 | + os.chmod(keys[pubkey] + ".prv", 0600) |
3137 | + if IsRedHat(): |
3138 | + Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + keys[pubkey] + ".prv") |
3139 | + index += 1 |
3140 | + filename = str(index) + ".prv" |
3141 | + return self |
3142 | + |
3143 | +class SharedConfig(object): |
3144 | +# |
3145 | +# <SharedConfig version="1.0.0.0" goalStateIncarnation="1"> |
3146 | +# <Deployment name="db00a7755a5e4e8a8fe4b19bc3b330c3" guid="{ce5a036f-5c93-40e7-8adf-2613631008ab}" incarnation="2"> |
3147 | +# <Service name="MyVMRoleService" guid="{00000000-0000-0000-0000-000000000000}" /> |
3148 | +# <ServiceInstance name="db00a7755a5e4e8a8fe4b19bc3b330c3.1" guid="{d113f4d7-9ead-4e73-b715-b724b5b7842c}" /> |
3149 | +# </Deployment> |
3150 | +# <Incarnation number="1" instance="MachineRole_IN_0" guid="{a0faca35-52e5-4ec7-8fd1-63d2bc107d9b}" /> |
3151 | +# <Role guid="{73d95f1c-6472-e58e-7a1a-523554e11d46}" name="MachineRole" settleTimeSeconds="10" /> |
3152 | +# <LoadBalancerSettings timeoutSeconds="0" waitLoadBalancerProbeCount="8"> |
3153 | +# <Probes> |
3154 | +# <Probe name="MachineRole" /> |
3155 | +# <Probe name="55B17C5E41A1E1E8FA991CF80FAC8E55" /> |
3156 | +# <Probe name="3EA4DBC19418F0A766A4C19D431FA45F" /> |
3157 | +# </Probes> |
3158 | +# </LoadBalancerSettings> |
3159 | +# <OutputEndpoints> |
3160 | +# <Endpoint name="MachineRole:Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" type="SFS"> |
3161 | +# <Target instance="MachineRole_IN_0" endpoint="Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" /> |
3162 | +# </Endpoint> |
3163 | +# </OutputEndpoints> |
3164 | +# <Instances> |
3165 | +# <Instance id="MachineRole_IN_0" address="10.115.153.75"> |
3166 | +# <FaultDomains randomId="0" updateId="0" updateCount="0" /> |
3167 | +# <InputEndpoints> |
3168 | +# <Endpoint name="a" address="10.115.153.75:80" protocol="http" isPublic="true" loadBalancedPublicAddress="70.37.106.197:80" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false"> |
3169 | +# <LocalPorts> |
3170 | +# <LocalPortRange from="80" to="80" /> |
3171 | +# </LocalPorts> |
3172 | +# </Endpoint> |
3173 | +# <Endpoint name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" address="10.115.153.75:3389" protocol="tcp" isPublic="false" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false"> |
3174 | +# <LocalPorts> |
3175 | +# <LocalPortRange from="3389" to="3389" /> |
3176 | +# </LocalPorts> |
3177 | +# </Endpoint> |
3178 | +# <Endpoint name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.RdpInput" address="10.115.153.75:20000" protocol="tcp" isPublic="true" loadBalancedPublicAddress="70.37.106.197:3389" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false"> |
3179 | +# <LocalPorts> |
3180 | +# <LocalPortRange from="20000" to="20000" /> |
3181 | +# </LocalPorts> |
3182 | +# </Endpoint> |
3183 | +# </InputEndpoints> |
3184 | +# </Instance> |
3185 | +# </Instances> |
3186 | +# </SharedConfig> |
3187 | +# |
3188 | + def __init__(self): |
3189 | + self.reinitialize() |
3190 | + |
3191 | + def reinitialize(self): |
3192 | + self.Deployment = None |
3193 | + self.Incarnation = None |
3194 | + self.Role = None |
3195 | + self.LoadBalancerSettings = None |
3196 | + self.OutputEndpoints = None |
3197 | + self.Instances = None |
3198 | + |
3199 | + def Parse(self, xmlText): |
3200 | + self.reinitialize() |
3201 | + SetFileContents("SharedConfig.xml", xmlText) |
3202 | + dom = xml.dom.minidom.parseString(xmlText) |
3203 | + for a in [ "SharedConfig", "Deployment", "Service", |
3204 | + "ServiceInstance", "Incarnation", "Role", ]: |
3205 | + if not dom.getElementsByTagName(a): |
3206 | + Error("SharedConfig.Parse: Missing " + a) |
3207 | + return None |
3208 | + node = dom.childNodes[0] |
3209 | + if node.localName != "SharedConfig": |
3210 | + Error("SharedConfig.Parse: root not SharedConfig") |
3211 | + return None |
3212 | + program = Config.get("Role.TopologyConsumer") |
3213 | + if program != None: |
3214 | + Children.append(subprocess.Popen([program, LibDir + "/SharedConfig.xml"])) |
3215 | + return self |
3216 | + |
3217 | +class HostingEnvironmentConfig(object): |
3218 | +# |
3219 | +# <HostingEnvironmentConfig version="1.0.0.0" goalStateIncarnation="1"> |
3220 | +# <StoredCertificates> |
3221 | +# <StoredCertificate name="Stored0Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" certificateId="sha1:C093FA5CD3AAE057CB7C4E04532B2E16E07C26CA" storeName="My" configurationLevel="System" /> |
3222 | +# </StoredCertificates> |
3223 | +# <Deployment name="db00a7755a5e4e8a8fe4b19bc3b330c3" guid="{ce5a036f-5c93-40e7-8adf-2613631008ab}" incarnation="2"> |
3224 | +# <Service name="MyVMRoleService" guid="{00000000-0000-0000-0000-000000000000}" /> |
3225 | +# <ServiceInstance name="db00a7755a5e4e8a8fe4b19bc3b330c3.1" guid="{d113f4d7-9ead-4e73-b715-b724b5b7842c}" /> |
3226 | +# </Deployment> |
3227 | +# <Incarnation number="1" instance="MachineRole_IN_0" guid="{a0faca35-52e5-4ec7-8fd1-63d2bc107d9b}" /> |
3228 | +# <Role guid="{73d95f1c-6472-e58e-7a1a-523554e11d46}" name="MachineRole" hostingEnvironmentVersion="1" software="" softwareType="ApplicationPackage" entryPoint="" parameters="" settleTimeSeconds="10" /> |
3229 | +# <HostingEnvironmentSettings name="full" Runtime="rd_fabric_stable.110217-1402.RuntimePackage_1.0.0.8.zip"> |
3230 | +# <CAS mode="full" /> |
3231 | +# <PrivilegeLevel mode="max" /> |
3232 | +# <AdditionalProperties><CgiHandlers></CgiHandlers></AdditionalProperties> |
3233 | +# </HostingEnvironmentSettings> |
3234 | +# <ApplicationSettings> |
3235 | +# <Setting name="__ModelData" value="<m role="MachineRole" xmlns="urn:azure:m:v1"><r name="MachineRole"><e name="a" /><e name="b" /><e name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Rdp" /><e name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.RdpInput" /></r></m>" /> |
3236 | +# <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=osimages;AccountKey=DNZQ..." /> |
3237 | +# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="MIIBnQYJKoZIhvcN..." /> |
3238 | +# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2022-07-23T23:59:59.0000000-07:00" /> |
3239 | +# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="test" /> |
3240 | +# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> |
3241 | +# <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" /> |
3242 | +# <Setting name="Certificate|Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" value="sha1:C093FA5CD3AAE057CB7C4E04532B2E16E07C26CA" /> |
3243 | +# </ApplicationSettings> |
3244 | +# <ResourceReferences> |
3245 | +# <Resource name="DiagnosticStore" type="directory" request="Microsoft.Cis.Fabric.Controller.Descriptions.ServiceDescription.Data.Policy" sticky="true" size="1" path="db00a7755a5e4e8a8fe4b19bc3b330c3.MachineRole.DiagnosticStore\" disableQuota="false" /> |
3246 | +# </ResourceReferences> |
3247 | +# </HostingEnvironmentConfig> |
3248 | +# |
3249 | + def __init__(self): |
3250 | + self.reinitialize() |
3251 | + |
3252 | + def reinitialize(self): |
3253 | + self.StoredCertificates = None |
3254 | + self.Deployment = None |
3255 | + self.Incarnation = None |
3256 | + self.Role = None |
3257 | + self.HostingEnvironmentSettings = None |
3258 | + self.ApplicationSettings = None |
3259 | + self.Certificates = None |
3260 | + self.ResourceReferences = None |
3261 | + |
3262 | + def Parse(self, xmlText): |
3263 | + self.reinitialize() |
3264 | + SetFileContents("HostingEnvironmentConfig.xml", xmlText) |
3265 | + dom = xml.dom.minidom.parseString(xmlText) |
3266 | + for a in [ "HostingEnvironmentConfig", "Deployment", "Service", |
3267 | + "ServiceInstance", "Incarnation", "Role", ]: |
3268 | + if not dom.getElementsByTagName(a): |
3269 | + Error("HostingEnvironmentConfig.Parse: Missing " + a) |
3270 | + return None |
3271 | + node = dom.childNodes[0] |
3272 | + if node.localName != "HostingEnvironmentConfig": |
3273 | + Error("HostingEnvironmentConfig.Parse: root not HostingEnvironmentConfig") |
3274 | + return None |
3275 | + self.ApplicationSettings = dom.getElementsByTagName("Setting") |
3276 | + self.Certificates = dom.getElementsByTagName("StoredCertificate") |
3277 | + return self |
3278 | + |
3279 | + def DecryptPassword(self, e): |
3280 | + SetFileContents("password.p7m", |
3281 | + "MIME-Version: 1.0\n" |
3282 | + + "Content-Disposition: attachment; filename=\"password.p7m\"\n" |
3283 | + + "Content-Type: application/x-pkcs7-mime; name=\"password.p7m\"\n" |
3284 | + + "Content-Transfer-Encoding: base64\n\n" |
3285 | + + textwrap.fill(e, 64)) |
3286 | + return os.popen(Openssl + " cms -decrypt -in password.p7m -inkey Certificates.pem -recip Certificates.pem").read() |
3287 | + |
3288 | + def ActivateResourceDisk(self): |
3289 | + global DiskActivated |
3290 | + if IsWindows(): |
3291 | + DiskActivated = True |
3292 | + Log("Skipping ActivateResourceDisk on Windows") |
3293 | + return |
3294 | + format = Config.get("ResourceDisk.Format") |
3295 | + if format == None or format.lower().startswith("n"): |
3296 | + DiskActivated = True |
3297 | + return |
3298 | + device = DeviceForIdePort(1) |
3299 | + if device == None: |
3300 | + Error("ActivateResourceDisk: Unable to detect disk topology.") |
3301 | + return |
3302 | + device = "/dev/" + device |
3303 | + for entry in os.popen("mount").read().split(): |
3304 | + if entry.startswith(device + "1"): |
3305 | + Log("ActivateResourceDisk: " + device + "1 is already mounted.") |
3306 | + DiskActivated = True |
3307 | + return |
3308 | + mountpoint = Config.get("ResourceDisk.MountPoint") |
3309 | + if mountpoint == None: |
3310 | + mountpoint = "/mnt/resource" |
3311 | + CreateDir(mountpoint, "root", 0755) |
3312 | + fs = Config.get("ResourceDisk.Filesystem") |
3313 | + if fs == None: |
3314 | + fs = "ext3" |
3315 | + if os.popen("sfdisk -q -c " + device + " 1").read().rstrip() == "7" and fs != "ntfs": |
3316 | + Run("sfdisk -c " + device + " 1 83") |
3317 | + Run("mkfs." + fs + " " + device + "1") |
3318 | + if Run("mount " + device + "1 " + mountpoint): |
3319 | + Error("ActivateResourceDisk: Failed to mount resource disk (" + device + "1).") |
3320 | + return |
3321 | + Log("Resource disk (" + device + "1) is mounted at " + mountpoint + " with fstype " + fs) |
3322 | + DiskActivated = True |
3323 | + swap = Config.get("ResourceDisk.EnableSwap") |
3324 | + if swap == None or swap.lower().startswith("n"): |
3325 | + return |
3326 | + sizeKB = int(Config.get("ResourceDisk.SwapSizeMB")) * 1024 |
3327 | + if os.path.isfile(mountpoint + "/swapfile") and os.path.getsize(mountpoint + "/swapfile") != (sizeKB * 1024): |
3328 | + os.remove(mountpoint + "/swapfile") |
3329 | + if not os.path.isfile(mountpoint + "/swapfile"): |
3330 | + Run("dd if=/dev/zero of=" + mountpoint + "/swapfile bs=1024 count=" + str(sizeKB)) |
3331 | + Run("mkswap " + mountpoint + "/swapfile") |
3332 | + if not Run("swapon " + mountpoint + "/swapfile"): |
3333 | + Log("Enabled " + str(sizeKB) + " KB of swap at " + mountpoint + "/swapfile") |
3334 | + else: |
3335 | + Error("ActivateResourceDisk: Failed to activate swap at " + mountpoint + "/swapfile") |
3336 | + |
3337 | + def Process(self): |
3338 | + if DiskActivated == False: |
3339 | + diskThread = threading.Thread(target = self.ActivateResourceDisk) |
3340 | + diskThread.start() |
3341 | + User = None |
3342 | + Pass = None |
3343 | + Expiration = None |
3344 | + Thumbprint = None |
3345 | + for b in self.ApplicationSettings: |
3346 | + sname = b.getAttribute("name") |
3347 | + svalue = b.getAttribute("value") |
3348 | + if sname == "Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword": |
3349 | + Pass = self.DecryptPassword(svalue) |
3350 | + elif sname == "Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername": |
3351 | + User = svalue |
3352 | + elif sname == "Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration": |
3353 | + Expiration = svalue |
3354 | + elif sname == "Certificate|Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption": |
3355 | + Thumbprint = svalue.split(':')[1].upper() |
3356 | + if User != None and Pass != None: |
3357 | + if User != "root" and User != "" and Pass != "": |
3358 | + CreateAccount(User, Pass, Expiration, Thumbprint) |
3359 | + else: |
3360 | + Error("Not creating user account: " + User) |
3361 | + for c in self.Certificates: |
3362 | + cname = c.getAttribute("name") |
3363 | + csha1 = c.getAttribute("certificateId").split(':')[1].upper() |
3364 | + cpath = c.getAttribute("storeName") |
3365 | + clevel = c.getAttribute("configurationLevel") |
3366 | + if os.path.isfile(csha1 + ".prv"): |
3367 | + Log("Private key with thumbprint: " + csha1 + " was retrieved.") |
3368 | + if os.path.isfile(csha1 + ".crt"): |
3369 | + Log("Public cert with thumbprint: " + csha1 + " was retrieved.") |
3370 | + program = Config.get("Role.ConfigurationConsumer") |
3371 | + if program != None: |
3372 | + Children.append(subprocess.Popen([program, LibDir + "/HostingEnvironmentConfig.xml"])) |
3373 | + |
3374 | +class GoalState(Util): |
3375 | +# |
3376 | +# <GoalState xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="goalstate10.xsd"> |
3377 | +# <Version>2010-12-15</Version> |
3378 | +# <Incarnation>1</Incarnation> |
3379 | +# <Machine> |
3380 | +# <ExpectedState>Started</ExpectedState> |
3381 | +# <LBProbePorts> |
3382 | +# <Port>16001</Port> |
3383 | +# </LBProbePorts> |
3384 | +# </Machine> |
3385 | +# <Container> |
3386 | +# <ContainerId>c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2</ContainerId> |
3387 | +# <RoleInstanceList> |
3388 | +# <RoleInstance> |
3389 | +# <InstanceId>MachineRole_IN_0</InstanceId> |
3390 | +# <State>Started</State> |
3391 | +# <Configuration> |
3392 | +# <HostingEnvironmentConfig>http://10.115.153.40:80/machine/c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2/MachineRole%5FIN%5F0?comp=config&type=hostingEnvironmentConfig&incarnation=1</HostingEnvironmentConfig> |
3393 | +# <SharedConfig>http://10.115.153.40:80/machine/c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2/MachineRole%5FIN%5F0?comp=config&type=sharedConfig&incarnation=1</SharedConfig> |
3394 | +# <Certificates>http://10.115.153.40:80/machine/c6d5526c-5ac2-4200-b6e2-56f2b70c5ab2/MachineRole%5FIN%5F0?comp=certificates&incarnation=1</Certificates> |
3395 | +# </Configuration> |
3396 | +# </RoleInstance> |
3397 | +# </RoleInstanceList> |
3398 | +# </Container> |
3399 | +# </GoalState> |
3400 | +# |
3401 | +# There is only one Role for VM images. |
3402 | +# |
3403 | +# Of primary interest is: |
3404 | +# Machine/ExpectedState -- this is how shutdown is requested |
3405 | +# LBProbePorts -- an http server needs to run here |
3406 | +# We also note Container/ContainerID and RoleInstance/InstanceId to form the health report. |
3407 | +# And of course, Incarnation |
3408 | +# |
3409 | + def __init__(self, Agent): |
3410 | + self.Agent = Agent |
3411 | + self.Endpoint = Agent.Endpoint |
3412 | + self.TransportCert = Agent.TransportCert |
3413 | + self.reinitialize() |
3414 | + |
3415 | + def reinitialize(self): |
3416 | + self.Incarnation = None # integer |
3417 | + self.ExpectedState = None # "Started" or "Stopped" |
3418 | + self.HostingEnvironmentConfigUrl = None |
3419 | + self.HostingEnvironmentConfigXml = None |
3420 | + self.HostingEnvironmentConfig = None |
3421 | + self.SharedConfigUrl = None |
3422 | + self.SharedConfigXml = None |
3423 | + self.SharedConfig = None |
3424 | + self.CertificatesUrl = None |
3425 | + self.CertificatesXml = None |
3426 | + self.Certificates = None |
3427 | + self.RoleInstanceId = None |
3428 | + self.ContainerId = None |
3429 | + self.LoadBalancerProbePort = None # integer, ?list of integers |
3430 | + |
3431 | + def Parse(self, xmlText): |
3432 | + self.reinitialize() |
3433 | + node = xml.dom.minidom.parseString(xmlText).childNodes[0] |
3434 | + if node.localName != "GoalState": |
3435 | + Error("GoalState.Parse: root not GoalState") |
3436 | + return None |
3437 | + for a in node.childNodes: |
3438 | + if a.nodeType == node.ELEMENT_NODE: |
3439 | + if a.localName == "Incarnation": |
3440 | + self.Incarnation = GetNodeTextData(a) |
3441 | + elif a.localName == "Machine": |
3442 | + for b in a.childNodes: |
3443 | + if b.nodeType == node.ELEMENT_NODE: |
3444 | + if b.localName == "ExpectedState": |
3445 | + self.ExpectedState = GetNodeTextData(b) |
3446 | + Log("ExpectedState: " + self.ExpectedState) |
3447 | + elif b.localName == "LBProbePorts": |
3448 | + for c in b.childNodes: |
3449 | + if c.nodeType == node.ELEMENT_NODE and c.localName == "Port": |
3450 | + self.LoadBalancerProbePort = int(GetNodeTextData(c)) |
3451 | + elif a.localName == "Container": |
3452 | + for b in a.childNodes: |
3453 | + if b.nodeType == node.ELEMENT_NODE: |
3454 | + if b.localName == "ContainerId": |
3455 | + self.ContainerId = GetNodeTextData(b) |
3456 | + Log("ContainerId: " + self.ContainerId) |
3457 | + elif b.localName == "RoleInstanceList": |
3458 | + for c in b.childNodes: |
3459 | + if c.localName == "RoleInstance": |
3460 | + for d in c.childNodes: |
3461 | + if d.nodeType == node.ELEMENT_NODE: |
3462 | + if d.localName == "InstanceId": |
3463 | + self.RoleInstanceId = GetNodeTextData(d) |
3464 | + Log("RoleInstanceId: " + self.RoleInstanceId) |
3465 | + elif d.localName == "State": |
3466 | + pass |
3467 | + elif d.localName == "Configuration": |
3468 | + for e in d.childNodes: |
3469 | + if e.nodeType == node.ELEMENT_NODE: |
3470 | + if e.localName == "HostingEnvironmentConfig": |
3471 | + self.HostingEnvironmentConfigUrl = GetNodeTextData(e) |
3472 | + LogIfVerbose("HostingEnvironmentConfigUrl:" + self.HostingEnvironmentConfigUrl) |
3473 | + self.HostingEnvironmentConfigXml = self.HttpGetWithHeaders(self.HostingEnvironmentConfigUrl) |
3474 | + self.HostingEnvironmentConfig = HostingEnvironmentConfig().Parse(self.HostingEnvironmentConfigXml) |
3475 | + elif e.localName == "SharedConfig": |
3476 | + self.SharedConfigUrl = GetNodeTextData(e) |
3477 | + LogIfVerbose("SharedConfigUrl:" + self.SharedConfigUrl) |
3478 | + self.SharedConfigXml = self.HttpGetWithHeaders(self.SharedConfigUrl) |
3479 | + self.SharedConfig = SharedConfig().Parse(self.SharedConfigXml) |
3480 | + elif e.localName == "Certificates": |
3481 | + self.CertificatesUrl = GetNodeTextData(e) |
3482 | + LogIfVerbose("CertificatesUrl:" + self.CertificatesUrl) |
3483 | + self.CertificatesXml = self.HttpSecureGetWithHeaders(self.CertificatesUrl, self.TransportCert) |
3484 | + self.Certificates = Certificates().Parse(self.CertificatesXml) |
3485 | + if self.Incarnation == None: |
3486 | + Error("GoalState.Parse: Incarnation missing") |
3487 | + return None |
3488 | + if self.ExpectedState == None: |
3489 | + Error("GoalState.Parse: ExpectedState missing") |
3490 | + return None |
3491 | + if self.RoleInstanceId == None: |
3492 | + Error("GoalState.Parse: RoleInstanceId missing") |
3493 | + return None |
3494 | + if self.ContainerId == None: |
3495 | + Error("GoalState.Parse: ContainerId missing") |
3496 | + return None |
3497 | + SetFileContents("GoalState." + self.Incarnation + ".xml", xmlText) |
3498 | + return self |
3499 | + |
3500 | + def Process(self): |
3501 | + self.HostingEnvironmentConfig.Process() |
3502 | + |
3503 | +class OvfEnv(object): |
3504 | +# |
3505 | +# <?xml version="1.0" encoding="utf-8"?> |
3506 | +# <Environment xmlns="http://schemas.dmtf.org/ovf/environment/1" xmlns:oe="http://schemas.dmtf.org/ovf/environment/1" xmlns:wa="http://schemas.microsoft.com/windowsazure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> |
3507 | +# <wa:ProvisioningSection> |
3508 | +# <wa:Version>1.0</wa:Version> |
3509 | +# <LinuxProvisioningConfigurationSet xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> |
3510 | +# <ConfigurationSetType>LinuxProvisioningConfiguration</ConfigurationSetType> |
3511 | +# <HostName>HostName</HostName> |
3512 | +# <UserName>UserName</UserName> |
3513 | +# <UserPassword>UserPassword</UserPassword> |
3514 | +# <DisableSshPasswordAuthentication>false</DisableSshPasswordAuthentication> |
3515 | +# <SSH> |
3516 | +# <PublicKeys> |
3517 | +# <PublicKey> |
3518 | +# <Fingerprint>EB0C0AB4B2D5FC35F2F0658D19F44C8283E2DD62</Fingerprint> |
3519 | +# <Path>$HOME/UserName/.ssh/authorized_keys</Path> |
3520 | +# </PublicKey> |
3521 | +# </PublicKeys> |
3522 | +# <KeyPairs> |
3523 | +# <KeyPair> |
3524 | +# <Fingerprint>EB0C0AB4B2D5FC35F2F0658D19F44C8283E2DD62</Fingerprint> |
3525 | +# <Path>$HOME/UserName/.ssh/id_rsa</Path> |
3526 | +# </KeyPair> |
3527 | +# </KeyPairs> |
3528 | +# </SSH> |
3529 | +# </LinuxProvisioningConfigurationSet> |
3530 | +# </wa:ProvisioningSection> |
3531 | +# </Environment> |
3532 | +# |
3533 | + def __init__(self): |
3534 | + self.reinitialize() |
3535 | + |
3536 | + def reinitialize(self): |
3537 | + self.WaNs = "http://schemas.microsoft.com/windowsazure" |
3538 | + self.OvfNs = "http://schemas.dmtf.org/ovf/environment/1" |
3539 | + self.MajorVersion = 1 |
3540 | + self.MinorVersion = 0 |
3541 | + self.ComputerName = None |
3542 | + self.AdminPassword = None |
3543 | + self.UserName = None |
3544 | + self.UserPassword = None |
3545 | + self.DisableSshPasswordAuthentication = True |
3546 | + self.SshPublicKeys = [] |
3547 | + self.SshKeyPairs = [] |
3548 | + |
3549 | + def Parse(self, xmlText): |
3550 | + self.reinitialize() |
3551 | + dom = xml.dom.minidom.parseString(xmlText) |
3552 | + if len(dom.getElementsByTagNameNS(self.OvfNs, "Environment")) != 1: |
3553 | + Error("Unable to parse OVF XML.") |
3554 | + section = None |
3555 | + newer = False |
3556 | + for p in dom.getElementsByTagNameNS(self.WaNs, "ProvisioningSection"): |
3557 | + for n in p.childNodes: |
3558 | + if n.localName == "Version": |
3559 | + verparts = GetNodeTextData(n).split('.') |
3560 | + major = int(verparts[0]) |
3561 | + minor = int(verparts[1]) |
3562 | + if major > self.MajorVersion: |
3563 | + newer = True |
3564 | + if major != self.MajorVersion: |
3565 | + break |
3566 | + if minor > self.MinorVersion: |
3567 | + newer = True |
3568 | + section = p |
3569 | + if newer == True: |
3570 | + Warn("Newer provisioning configuration detected. Please consider updating waagent.") |
3571 | + if section == None: |
3572 | + Error("Could not find ProvisioningSection with major version=" + str(self.MajorVersion)) |
3573 | + return None |
3574 | + self.ComputerName = GetNodeTextData(section.getElementsByTagNameNS(self.WaNs, "HostName")[0]) |
3575 | + self.UserName = GetNodeTextData(section.getElementsByTagNameNS(self.WaNs, "UserName")[0]) |
3576 | + try: |
3577 | + self.UserPassword = GetNodeTextData(section.getElementsByTagNameNS(self.WaNs, "UserPassword")[0]) |
3578 | + except: |
3579 | + pass |
3580 | + disableSshPass = section.getElementsByTagNameNS(self.WaNs, "DisableSshPasswordAuthentication") |
3581 | + if len(disableSshPass) != 0: |
3582 | + self.DisableSshPasswordAuthentication = (GetNodeTextData(disableSshPass[0]).lower() == "true") |
3583 | + for pkey in section.getElementsByTagNameNS(self.WaNs, "PublicKey"): |
3584 | + fp = None |
3585 | + path = None |
3586 | + for c in pkey.childNodes: |
3587 | + if c.localName == "Fingerprint": |
3588 | + fp = GetNodeTextData(c).upper() |
3589 | + if c.localName == "Path": |
3590 | + path = GetNodeTextData(c) |
3591 | + self.SshPublicKeys += [[fp, path]] |
3592 | + for keyp in section.getElementsByTagNameNS(self.WaNs, "KeyPair"): |
3593 | + fp = None |
3594 | + path = None |
3595 | + for c in keyp.childNodes: |
3596 | + if c.localName == "Fingerprint": |
3597 | + fp = GetNodeTextData(c).upper() |
3598 | + if c.localName == "Path": |
3599 | + path = GetNodeTextData(c) |
3600 | + self.SshKeyPairs += [[fp, path]] |
3601 | + return self |
3602 | + |
3603 | + def PrepareDir(self, filepath): |
3604 | + home = GetHome() |
3605 | + # Expand HOME variable if present in path |
3606 | + path = os.path.normpath(filepath.replace("$HOME", home)) |
3607 | + if (path.startswith("/") == False) or (path.endswith("/") == True): |
3608 | + return None |
3609 | + dir = path.rsplit('/', 1)[0] |
3610 | + if dir != "": |
3611 | + CreateDir(dir, "root", 0700) |
3612 | + if path.startswith(os.path.normpath(home + "/" + self.UserName + "/")): |
3613 | + ChangeOwner(dir, self.UserName) |
3614 | + return path |
3615 | + |
3616 | + def NumberToBytes(self, i): |
3617 | + result = [] |
3618 | + while i: |
3619 | + result.append(chr(i & 0xFF)) |
3620 | + i >>= 8 |
3621 | + result.reverse() |
3622 | + return ''.join(result) |
3623 | + |
3624 | + def BitsToString(self, a): |
3625 | + index=7 |
3626 | + s = "" |
3627 | + c = 0 |
3628 | + for bit in a: |
3629 | + c = c | (bit << index) |
3630 | + index = index - 1 |
3631 | + if index == -1: |
3632 | + s = s + struct.pack('>B', c) |
3633 | + c = 0 |
3634 | + index = 7 |
3635 | + return s |
3636 | + |
3637 | + def OpensslToSsh(self, file): |
3638 | + from pyasn1.codec.der import decoder as der_decoder |
3639 | + try: |
3640 | + f = open(file).read().replace('\n','').split("KEY-----")[1].split('-')[0] |
3641 | + k=der_decoder.decode(self.BitsToString(der_decoder.decode(base64.b64decode(f))[0][1]))[0] |
3642 | + n=k[0] |
3643 | + e=k[1] |
3644 | + keydata="" |
3645 | + keydata += struct.pack('>I',len("ssh-rsa")) |
3646 | + keydata += "ssh-rsa" |
3647 | + keydata += struct.pack('>I',len(self.NumberToBytes(e))) |
3648 | + keydata += self.NumberToBytes(e) |
3649 | + keydata += struct.pack('>I',len(self.NumberToBytes(n)) + 1) |
3650 | + keydata += "\0" |
3651 | + keydata += self.NumberToBytes(n) |
3652 | + except Exception, e: |
3653 | + print("OpensslToSsh: Exception " + str(e)) |
3654 | + return None |
3655 | + return "ssh-rsa " + base64.b64encode(keydata) + "\n" |
3656 | + |
3657 | + def Process(self): |
3658 | + error = None |
3659 | + error=WaAgent.EnvMonitor.SetHostName(self.ComputerName) |
3660 | + if error: return error |
3661 | + if self.DisableSshPasswordAuthentication: |
3662 | + filepath = "/etc/ssh/sshd_config" |
3663 | + # Disable RFC 4252 and RFC 4256 authentication schemes. |
3664 | + ReplaceFileContentsAtomic(filepath, "\n".join(filter(lambda a: not |
3665 | + (a.startswith("PasswordAuthentication") or a.startswith("ChallengeResponseAuthentication")), |
3666 | + GetFileContents(filepath).split('\n'))) + "PasswordAuthentication no\nChallengeResponseAuthentication no\n") |
3667 | + Log("Disabled SSH password-based authentication methods.") |
3668 | + if self.AdminPassword != None: |
3669 | + os.popen("chpasswd", "w").write("root:" + self.AdminPassword + "\n") |
3670 | + if self.UserName != None: |
3671 | + error = CreateAccount(self.UserName, self.UserPassword, None, None) |
3672 | + sel = os.popen("getenforce").read().startswith("Enforcing") |
3673 | + if sel == True and IsRedHat(): |
3674 | + Run("setenforce 0") |
3675 | + home = GetHome() |
3676 | + for pkey in self.SshPublicKeys: |
3677 | + if not os.path.isfile(pkey[0] + ".crt"): |
3678 | + Error("PublicKey not found: " + pkey[0]) |
3679 | + error = "Failed to deploy public key (0x09)." |
3680 | + continue |
3681 | + path = self.PrepareDir(pkey[1]) |
3682 | + if path == None: |
3683 | + Error("Invalid path: " + pkey[1] + " for PublicKey: " + pkey[0]) |
3684 | + error = "Invalid path for public key (0x03)." |
3685 | + continue |
3686 | + Run(Openssl + " x509 -in " + pkey[0] + ".crt -noout -pubkey > " + pkey[0] + ".pub") |
3687 | + if IsRedHat(): |
3688 | + Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + pkey[0] + ".pub") |
3689 | + if IsUbuntu(): |
3690 | + # Only supported in new SSH releases |
3691 | + Run("ssh-keygen -i -m PKCS8 -f " + pkey[0] + ".pub >> " + path) |
3692 | + else: |
3693 | + SshPubKey = self.OpensslToSsh(pkey[0] + ".pub") |
3694 | + if SshPubKey != None: |
3695 | + AppendFileContents(path, SshPubKey) |
3696 | + else: |
3697 | + Error("Failed: " + pkey[0] + ".crt -> " + path) |
3698 | + error = "Failed to deploy public key (0x04)." |
3699 | + if IsRedHat(): |
3700 | + Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + path) |
3701 | + if path.startswith(os.path.normpath(home + "/" + self.UserName + "/")): |
3702 | + ChangeOwner(path, self.UserName) |
3703 | + for keyp in self.SshKeyPairs: |
3704 | + if not os.path.isfile(keyp[0] + ".prv"): |
3705 | + Error("KeyPair not found: " + keyp[0]) |
3706 | + error = "Failed to deploy key pair (0x0A)." |
3707 | + continue |
3708 | + path = self.PrepareDir(keyp[1]) |
3709 | + if path == None: |
3710 | + Error("Invalid path: " + keyp[1] + " for KeyPair: " + keyp[0]) |
3711 | + error = "Invalid path for key pair (0x05)." |
3712 | + continue |
3713 | + SetFileContents(path, GetFileContents(keyp[0] + ".prv")) |
3714 | + os.chmod(path, 0600) |
3715 | + Run("ssh-keygen -y -f " + keyp[0] + ".prv > " + path + ".pub") |
3716 | + if IsRedHat(): |
3717 | + Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + path) |
3718 | + Run("chcon unconfined_u:object_r:ssh_home_t:s0 " + path + ".pub") |
3719 | + if path.startswith(os.path.normpath(home + "/" + self.UserName + "/")): |
3720 | + ChangeOwner(path, self.UserName) |
3721 | + ChangeOwner(path + ".pub", self.UserName) |
3722 | + if sel == True and IsRedHat(): |
3723 | + Run("setenforce 1") |
3724 | + while not WaAgent.EnvMonitor.IsNamePublished(): |
3725 | + time.sleep(1) |
3726 | + ReloadSshd() |
3727 | + return error |
3728 | + |
3729 | +def UpdateAndPublishHostNameCommon(name): |
3730 | + # RedHat |
3731 | + if IsRedHat(): |
3732 | + filepath = "/etc/sysconfig/network" |
3733 | + if os.path.isfile(filepath): |
3734 | + ReplaceFileContentsAtomic(filepath, "HOSTNAME=" + name + "\n" |
3735 | + + "\n".join(filter(lambda a: not a.startswith("HOSTNAME"), GetFileContents(filepath).split('\n')))) |
3736 | + |
3737 | + for ethernetInterface in PossibleEthernetInterfaces: |
3738 | + filepath = "/etc/sysconfig/network-scripts/ifcfg-" + ethernetInterface |
3739 | + if os.path.isfile(filepath): |
3740 | + ReplaceFileContentsAtomic(filepath, "DHCP_HOSTNAME=" + name + "\n" |
3741 | + + "\n".join(filter(lambda a: not a.startswith("DHCP_HOSTNAME"), GetFileContents(filepath).split('\n')))) |
3742 | + |
3743 | + # Debian |
3744 | + if IsDebian(): |
3745 | + SetFileContents("/etc/hostname", name) |
3746 | + |
3747 | + for filepath in EtcDhcpClientConfFiles: |
3748 | + if os.path.isfile(filepath): |
3749 | + ReplaceFileContentsAtomic(filepath, "send host-name \"" + name + "\";\n" |
3750 | + + "\n".join(filter(lambda a: not a.startswith("send host-name"), GetFileContents(filepath).split('\n')))) |
3751 | + |
3752 | + # Suse |
3753 | + if IsSuse(): |
3754 | + SetFileContents("/etc/HOSTNAME", name) |
3755 | + |
3756 | +class Agent(Util): |
3757 | + def __init__(self): |
3758 | + self.GoalState = None |
3759 | + self.Endpoint = None |
3760 | + self.LoadBalancerProbeServer = None |
3761 | + self.HealthReportCounter = 0 |
3762 | + self.TransportCert = "" |
3763 | + self.EnvMonitor = None |
3764 | + self.SendData = None |
3765 | + self.DhcpResponse = None |
3766 | + |
3767 | + def CheckVersions(self): |
3768 | + #<?xml version="1.0" encoding="utf-8"?> |
3769 | + #<Versions> |
3770 | + # <Preferred> |
3771 | + # <Version>2010-12-15</Version> |
3772 | + # </Preferred> |
3773 | + # <Supported> |
3774 | + # <Version>2010-12-15</Version> |
3775 | + # <Version>2010-28-10</Version> |
3776 | + # </Supported> |
3777 | + #</Versions> |
3778 | + global ProtocolVersion |
3779 | + protocolVersionSeen = False |
3780 | + node = xml.dom.minidom.parseString(self.HttpGetWithoutHeaders("/?comp=versions")).childNodes[0] |
3781 | + if node.localName != "Versions": |
3782 | + Error("CheckVersions: root not Versions") |
3783 | + return False |
3784 | + for a in node.childNodes: |
3785 | + if a.nodeType == node.ELEMENT_NODE and a.localName == "Supported": |
3786 | + for b in a.childNodes: |
3787 | + if b.nodeType == node.ELEMENT_NODE and b.localName == "Version": |
3788 | + v = GetNodeTextData(b) |
3789 | + LogIfVerbose("Fabric supported wire protocol version: " + v) |
3790 | + if v == ProtocolVersion: |
3791 | + protocolVersionSeen = True |
3792 | + if a.nodeType == node.ELEMENT_NODE and a.localName == "Preferred": |
3793 | + v = GetNodeTextData(a.getElementsByTagName("Version")[0]) |
3794 | + LogIfVerbose("Fabric preferred wire protocol version: " + v) |
3795 | + if ProtocolVersion < v: |
3796 | + Warn("Newer wire protocol version detected. Please consider updating waagent.") |
3797 | + if not protocolVersionSeen: |
3798 | + Warn("Agent supported wire protocol version: " + ProtocolVersion + " was not advertised by Fabric.") |
3799 | + ProtocolVersion = "2011-08-31" |
3800 | + Log("Negotiated wire protocol version: " + ProtocolVersion) |
3801 | + return True |
3802 | + |
3803 | + def Unpack(self, buffer, offset, range): |
3804 | + result = 0 |
3805 | + for i in range: |
3806 | + result = (result << 8) | Ord(buffer[offset + i]) |
3807 | + return result |
3808 | + |
3809 | + def UnpackLittleEndian(self, buffer, offset, length): |
3810 | + return self.Unpack(buffer, offset, range(length - 1, -1, -1)) |
3811 | + |
3812 | + def UnpackBigEndian(self, buffer, offset, length): |
3813 | + return self.Unpack(buffer, offset, range(0, length)) |
3814 | + |
3815 | + def HexDump3(self, buffer, offset, length): |
3816 | + return ''.join(['%02X' % Ord(char) for char in buffer[offset:offset + length]]) |
3817 | + |
3818 | + def HexDump2(self, buffer): |
3819 | + return self.HexDump3(buffer, 0, len(buffer)) |
3820 | + |
3821 | + def BuildDhcpRequest(self): |
3822 | + # |
3823 | + # typedef struct _DHCP { |
3824 | + # UINT8 Opcode; /* op: BOOTREQUEST or BOOTREPLY */ |
3825 | + # UINT8 HardwareAddressType; /* htype: ethernet */ |
3826 | + # UINT8 HardwareAddressLength; /* hlen: 6 (48 bit mac address) */ |
3827 | + # UINT8 Hops; /* hops: 0 */ |
3828 | + # UINT8 TransactionID[4]; /* xid: random */ |
3829 | + # UINT8 Seconds[2]; /* secs: 0 */ |
3830 | + # UINT8 Flags[2]; /* flags: 0 or 0x8000 for broadcast */ |
3831 | + # UINT8 ClientIpAddress[4]; /* ciaddr: 0 */ |
3832 | + # UINT8 YourIpAddress[4]; /* yiaddr: 0 */ |
3833 | + # UINT8 ServerIpAddress[4]; /* siaddr: 0 */ |
3834 | + # UINT8 RelayAgentIpAddress[4]; /* giaddr: 0 */ |
3835 | + # UINT8 ClientHardwareAddress[16]; /* chaddr: 6 byte ethernet MAC address */ |
3836 | + # UINT8 ServerName[64]; /* sname: 0 */ |
3837 | + # UINT8 BootFileName[128]; /* file: 0 */ |
3838 | + # UINT8 MagicCookie[4]; /* 99 130 83 99 */ |
3839 | + # /* 0x63 0x82 0x53 0x63 */ |
3840 | + # /* options -- hard code ours */ |
3841 | + # |
3842 | + # UINT8 MessageTypeCode; /* 53 */ |
3843 | + # UINT8 MessageTypeLength; /* 1 */ |
3844 | + # UINT8 MessageType; /* 1 for DISCOVER */ |
3845 | + # UINT8 End; /* 255 */ |
3846 | + # } DHCP; |
3847 | + # |
3848 | + |
3849 | + # tuple of 244 zeros |
3850 | + # (struct.pack_into would be good here, but requires Python 2.5) |
3851 | + sendData = [0] * 244 |
3852 | + |
3853 | + transactionID = os.urandom(4) |
3854 | + macAddress = GetMacAddress() |
3855 | + |
3856 | + # Opcode = 1 |
3857 | + # HardwareAddressType = 1 (ethernet/MAC) |
3858 | + # HardwareAddressLength = 6 (ethernet/MAC/48 bits) |
3859 | + for a in range(0, 3): |
3860 | + sendData[a] = [1, 1, 6][a] |
3861 | + |
3862 | + # fill in transaction id (random number to ensure response matches request) |
3863 | + for a in range(0, 4): |
3864 | + sendData[4 + a] = Ord(transactionID[a]) |
3865 | + |
3866 | + LogIfVerbose("BuildDhcpRequest: transactionId:%s,%04X" % (self.HexDump2(transactionID), self.UnpackBigEndian(sendData, 4, 4))) |
3867 | + |
3868 | + # fill in ClientHardwareAddress |
3869 | + for a in range(0, 6): |
3870 | + sendData[0x1C + a] = Ord(macAddress[a]) |
3871 | + |
3872 | + # DHCP Magic Cookie: 99, 130, 83, 99 |
3873 | + # MessageTypeCode = 53 DHCP Message Type |
3874 | + # MessageTypeLength = 1 |
3875 | + # MessageType = DHCPDISCOVER |
3876 | + # End = 255 DHCP_END |
3877 | + for a in range(0, 8): |
3878 | + sendData[0xEC + a] = [99, 130, 83, 99, 53, 1, 1, 255][a] |
3879 | + return array.array("c", map(chr, sendData)) |
3880 | + |
3881 | + def IntegerToIpAddressV4String(self, a): |
3882 | + return "%u.%u.%u.%u" % ((a >> 24) & 0xFF, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF) |
3883 | + |
3884 | + def RouteAdd(self, net, mask, gateway): |
3885 | + if IsWindows(): |
3886 | + return |
3887 | + net = self.IntegerToIpAddressV4String(net) |
3888 | + mask = self.IntegerToIpAddressV4String(mask) |
3889 | + gateway = self.IntegerToIpAddressV4String(gateway) |
3890 | + Run("/sbin/route add -net " + net + " netmask " + mask + " gw " + gateway) |
3891 | + |
3892 | + def HandleDhcpResponse(self, sendData, receiveBuffer): |
3893 | + LogIfVerbose("HandleDhcpResponse") |
3894 | + bytesReceived = len(receiveBuffer) |
3895 | + if bytesReceived < 0xF6: |
3896 | + Error("HandleDhcpResponse: Too few bytes received " + str(bytesReceived)) |
3897 | + return None |
3898 | + |
3899 | + LogIfVerbose("BytesReceived: " + hex(bytesReceived)) |
3900 | + LogWithPrefixIfVerbose("DHCP response:", HexDump(receiveBuffer, bytesReceived)) |
3901 | + |
3902 | + # check transactionId, cookie, MAC address |
3903 | + # cookie should never mismatch |
3904 | + # transactionId and MAC address may mismatch if we see a response meant from another machine |
3905 | + |
3906 | + for offsets in [range(4, 4 + 4), range(0x1C, 0x1C + 6), range(0xEC, 0xEC + 4)]: |
3907 | + for offset in offsets: |
3908 | + sentByte = Ord(sendData[offset]) |
3909 | + receivedByte = Ord(receiveBuffer[offset]) |
3910 | + if sentByte != receivedByte: |
3911 | + LogIfVerbose("HandleDhcpResponse: sent cookie:" + self.HexDump3(sendData, 0xEC, 4)) |
3912 | + LogIfVerbose("HandleDhcpResponse: rcvd cookie:" + self.HexDump3(receiveBuffer, 0xEC, 4)) |
3913 | + LogIfVerbose("HandleDhcpResponse: sent transactionID:" + self.HexDump3(sendData, 4, 4)) |
3914 | + LogIfVerbose("HandleDhcpResponse: rcvd transactionID:" + self.HexDump3(receiveBuffer, 4, 4)) |
3915 | + LogIfVerbose("HandleDhcpResponse: sent ClientHardwareAddress:" + self.HexDump3(sendData, 0x1C, 6)) |
3916 | + LogIfVerbose("HandleDhcpResponse: rcvd ClientHardwareAddress:" + self.HexDump3(receiveBuffer, 0x1C, 6)) |
3917 | + LogIfVerbose("HandleDhcpResponse: transactionId, cookie, or MAC address mismatch") |
3918 | + return None |
3919 | + endpoint = None |
3920 | + |
3921 | + # |
3922 | + # Walk all the returned options, parsing out what we need, ignoring the others. |
3923 | + # We need the custom option 245 to find the the endpoint we talk to, |
3924 | + # as well as, to handle some Linux DHCP client incompatibilities, |
3925 | + # options 3 for default gateway and 249 for routes. And 255 is end. |
3926 | + # |
3927 | + |
3928 | + i = 0xF0 # offset to first option |
3929 | + while i < bytesReceived: |
3930 | + option = Ord(receiveBuffer[i]) |
3931 | + length = 0 |
3932 | + if (i + 1) < bytesReceived: |
3933 | + length = Ord(receiveBuffer[i + 1]) |
3934 | + LogIfVerbose("DHCP option " + hex(option) + " at offset:" + hex(i) + " with length:" + hex(length)) |
3935 | + if option == 255: |
3936 | + LogIfVerbose("DHCP packet ended at offset " + hex(i)) |
3937 | + break |
3938 | + elif option == 249: |
3939 | + # http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx |
3940 | + LogIfVerbose("Routes at offset:" + hex(i) + " with length:" + hex(length)) |
3941 | + if length < 5: |
3942 | + Error("Data too small for option " + option) |
3943 | + j = i + 2 |
3944 | + while j < (i + length + 2): |
3945 | + maskLengthBits = Ord(receiveBuffer[j]) |
3946 | + maskLengthBytes = (((maskLengthBits + 7) & ~7) >> 3) |
3947 | + mask = 0xFFFFFFFF & (0xFFFFFFFF << (32 - maskLengthBits)) |
3948 | + j += 1 |
3949 | + net = self.UnpackBigEndian(receiveBuffer, j, maskLengthBytes) |
3950 | + net <<= (32 - maskLengthBytes * 8) |
3951 | + net &= mask |
3952 | + j += maskLengthBytes |
3953 | + gateway = self.UnpackBigEndian(receiveBuffer, j, 4) |
3954 | + j += 4 |
3955 | + self.RouteAdd(net, mask, gateway) |
3956 | + if j != (i + length + 2): |
3957 | + Error("HandleDhcpResponse: Unable to parse routes") |
3958 | + elif option == 3 or option == 245: |
3959 | + if i + 5 < bytesReceived: |
3960 | + if length != 4: |
3961 | + Error("HandleDhcpResponse: Endpoint or Default Gateway not 4 bytes") |
3962 | + return None |
3963 | + gateway = self.UnpackBigEndian(receiveBuffer, i + 2, 4) |
3964 | + IpAddress = self.IntegerToIpAddressV4String(gateway) |
3965 | + if option == 3: |
3966 | + self.RouteAdd(0, 0, gateway) |
3967 | + name = "DefaultGateway" |
3968 | + else: |
3969 | + endpoint = IpAddress |
3970 | + name = "Windows Azure wire protocol endpoint" |
3971 | + LogIfVerbose(name + ": " + IpAddress + " at " + hex(i)) |
3972 | + else: |
3973 | + Error("HandleDhcpResponse: Data too small for option " + option) |
3974 | + else: |
3975 | + LogIfVerbose("Skipping DHCP option " + hex(option) + " at " + hex(i) + " with length " + hex(length)) |
3976 | + i += length + 2 |
3977 | + return endpoint |
3978 | + |
3979 | + def DoDhcpWork(self): |
3980 | + # |
3981 | + # Discover the wire server via DHCP option 245. |
3982 | + # And workaround incompatibility with Windows Azure DHCP servers. |
3983 | + # |
3984 | + ShortSleep = False # Sleep 1 second before retrying DHCP queries. |
3985 | + ifname=None |
3986 | + if not IsWindows(): |
3987 | + Run("iptables -D INPUT -p udp --dport 68 -j ACCEPT") |
3988 | + Run("iptables -I INPUT -p udp --dport 68 -j ACCEPT") |
3989 | + |
3990 | + sleepDurations = [0, 5, 10, 30, 60, 60, 60, 60] |
3991 | + maxRetry = len(sleepDurations) |
3992 | + lastTry = (maxRetry - 1) |
3993 | + for retry in range(0, maxRetry): |
3994 | + try: |
3995 | + strRetry = str(retry) |
3996 | + prefix = "DoDhcpWork: try=" + strRetry |
3997 | + LogIfVerbose(prefix) |
3998 | + sendData = self.BuildDhcpRequest() |
3999 | + LogWithPrefixIfVerbose("DHCP request:", HexDump(sendData, len(sendData))) |
4000 | + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) |
4001 | + sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) |
4002 | + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) |
4003 | + missingDefaultRoute = True |
4004 | + try: |
4005 | + for line in os.popen("route -n").read().split('\n'): |
4006 | + if line.startswith("0.0.0.0 "): |
4007 | + missingDefaultRoute = False |
4008 | + except: |
4009 | + pass |
4010 | + if missingDefaultRoute: |
4011 | + # This is required because sending after binding to 0.0.0.0 fails with |
4012 | + # network unreachable when the default gateway is not set up. |
4013 | + for i in PossibleEthernetInterfaces: |
4014 | + try: |
4015 | + if Linux_ioctl_GetIpv4Address(i): |
4016 | + ifname=i |
4017 | + except IOError, e: |
4018 | + pass |
4019 | + Log("DoDhcpWork: Missing default route - adding broadcast route for DHCP.") |
4020 | + Run("route add 255.255.255.255 dev " + ifname) |
4021 | + sock.bind(("0.0.0.0", 68)) |
4022 | + sock.sendto(sendData, ("<broadcast>", 67)) |
4023 | + sock.settimeout(10) |
4024 | + Log("DoDhcpWork: Setting socket.timeout=10, entering recv") |
4025 | + receiveBuffer = sock.recv(1024) |
4026 | + endpoint = self.HandleDhcpResponse(sendData, receiveBuffer) |
4027 | + if endpoint == None: |
4028 | + LogIfVerbose("DoDhcpWork: No endpoint found") |
4029 | + if endpoint != None or retry == lastTry: |
4030 | + if endpoint != None: |
4031 | + self.SendData = sendData |
4032 | + self.DhcpResponse = receiveBuffer |
4033 | + if retry == lastTry: |
4034 | + LogIfVerbose("DoDhcpWork: try=" + strRetry) |
4035 | + return endpoint |
4036 | + sleepDuration = [sleepDurations[retry % len(sleepDurations)], 1][ShortSleep] |
4037 | + LogIfVerbose("DoDhcpWork: sleep=" + str(sleepDuration)) |
4038 | + time.sleep(sleepDuration) |
4039 | + except Exception, e: |
4040 | + ErrorWithPrefix(prefix, str(e)) |
4041 | + ErrorWithPrefix(prefix, traceback.format_exc()) |
4042 | + finally: |
4043 | + sock.close() |
4044 | + if missingDefaultRoute: |
4045 | + #We added this route - delete it |
4046 | + Run("route del 255.255.255.255 dev " + ifname) |
4047 | + Log("DoDhcpWork: Removing broadcast route for DHCP.") |
4048 | + return None |
4049 | + |
4050 | + def UpdateAndPublishHostName(self, name): |
4051 | + # Set hostname locally and publish to iDNS |
4052 | + Log("Setting host name: " + name) |
4053 | + UpdateAndPublishHostNameCommon(name) |
4054 | + for ethernetInterface in PossibleEthernetInterfaces: |
4055 | + Run("ifdown " + ethernetInterface + " && ifup " + ethernetInterface) |
4056 | + self.RestoreRoutes() |
4057 | + |
4058 | + def RestoreRoutes(self): |
4059 | + if self.SendData != None and self.DhcpResponse != None: |
4060 | + self.HandleDhcpResponse(self.SendData, self.DhcpResponse) |
4061 | + |
4062 | + def UpdateGoalState(self): |
4063 | + goalStateXml = None |
4064 | + maxRetry = 9 |
4065 | + log = NoLog |
4066 | + for retry in range(1, maxRetry + 1): |
4067 | + strRetry = str(retry) |
4068 | + log("retry UpdateGoalState,retry=" + strRetry) |
4069 | + goalStateXml = self.HttpGetWithHeaders("/machine/?comp=goalstate") |
4070 | + if goalStateXml != None: |
4071 | + break |
4072 | + log = Log |
4073 | + time.sleep(retry) |
4074 | + if not goalStateXml: |
4075 | + Error("UpdateGoalState failed.") |
4076 | + return |
4077 | + Log("Retrieved GoalState from Windows Azure Fabric.") |
4078 | + self.GoalState = GoalState(self).Parse(goalStateXml) |
4079 | + return self.GoalState |
4080 | + |
4081 | + def ReportReady(self): |
4082 | + counter = (self.HealthReportCounter + 1) % 1000000 |
4083 | + self.HealthReportCounter = counter |
4084 | + healthReport = ("<?xml version=\"1.0\" encoding=\"utf-8\"?><Health xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><GoalStateIncarnation>" |
4085 | + + self.GoalState.Incarnation |
4086 | + + "</GoalStateIncarnation><Container><ContainerId>" |
4087 | + + self.GoalState.ContainerId |
4088 | + + "</ContainerId><RoleInstanceList><Role><InstanceId>" |
4089 | + + self.GoalState.RoleInstanceId |
4090 | + + "</InstanceId><Health><State>Ready</State></Health></Role></RoleInstanceList></Container></Health>") |
4091 | + a = self.HttpPost("/machine?comp=health", healthReport) |
4092 | + if a != None: |
4093 | + return a.getheader("x-ms-latest-goal-state-incarnation-number") |
4094 | + return None |
4095 | + |
4096 | + def ReportNotReady(self, status, desc): |
4097 | + healthReport = ("<?xml version=\"1.0\" encoding=\"utf-8\"?><Health xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><GoalStateIncarnation>" |
4098 | + + self.GoalState.Incarnation |
4099 | + + "</GoalStateIncarnation><Container><ContainerId>" |
4100 | + + self.GoalState.ContainerId |
4101 | + + "</ContainerId><RoleInstanceList><Role><InstanceId>" |
4102 | + + self.GoalState.RoleInstanceId |
4103 | + + "</InstanceId><Health><State>NotReady</State>" |
4104 | + + "<Details><SubStatus>" + status + "</SubStatus><Description>" + desc + "</Description></Details>" |
4105 | + + "</Health></Role></RoleInstanceList></Container></Health>") |
4106 | + a = self.HttpPost("/machine?comp=health", healthReport) |
4107 | + if a != None: |
4108 | + return a.getheader("x-ms-latest-goal-state-incarnation-number") |
4109 | + return None |
4110 | + |
4111 | + def ReportRoleProperties(self, thumbprint): |
4112 | + roleProperties = ("<?xml version=\"1.0\" encoding=\"utf-8\"?><RoleProperties><Container>" |
4113 | + + "<ContainerId>" + self.GoalState.ContainerId + "</ContainerId>" |
4114 | + + "<RoleInstances><RoleInstance>" |
4115 | + + "<Id>" + self.GoalState.RoleInstanceId + "</Id>" |
4116 | + + "<Properties><Property name=\"CertificateThumbprint\" value=\"" + thumbprint + "\" /></Properties>" |
4117 | + + "</RoleInstance></RoleInstances></Container></RoleProperties>") |
4118 | + a = self.HttpPost("/machine?comp=roleProperties", roleProperties) |
4119 | + Log("Posted Role Properties. CertificateThumbprint=" + thumbprint) |
4120 | + return a |
4121 | + |
4122 | + def LoadBalancerProbeServer_Shutdown(self): |
4123 | + if self.LoadBalancerProbeServer != None: |
4124 | + self.LoadBalancerProbeServer.shutdown() |
4125 | + self.LoadBalancerProbeServer = None |
4126 | + |
4127 | + def GenerateTransportCert(self): |
4128 | + Run(Openssl + " req -x509 -nodes -subj /CN=LinuxTransport -days 32768 -newkey rsa:2048 -keyout TransportPrivate.pem -out TransportCert.pem") |
4129 | + cert = "" |
4130 | + for line in GetFileContents("TransportCert.pem").split('\n'): |
4131 | + if not "CERTIFICATE" in line: |
4132 | + cert += line.rstrip() |
4133 | + return cert |
4134 | + |
4135 | + def Provision(self): |
4136 | + if IsWindows(): |
4137 | + Log("Skipping Provision on Windows") |
4138 | + return |
4139 | + enabled = Config.get("Provisioning.Enabled") |
4140 | + if enabled != None and enabled.lower().startswith("n"): |
4141 | + return |
4142 | + Log("Provisioning image started.") |
4143 | + type = Config.get("Provisioning.SshHostKeyPairType") |
4144 | + if type == None: |
4145 | + type = "rsa" |
4146 | + regenerateKeys = Config.get("Provisioning.RegenerateSshHostKeyPair") |
4147 | + if regenerateKeys == None or regenerateKeys.lower().startswith("y"): |
4148 | + Run("rm -f /etc/ssh/ssh_host_*key*") |
4149 | + Run("ssh-keygen -N '' -t " + type + " -f /etc/ssh/ssh_host_" + type + "_key") |
4150 | + ReloadSshd() |
4151 | + SetFileContents(LibDir + "/provisioned", "") |
4152 | + dvd = "/dev/hdc" |
4153 | + if os.path.exists("/dev/sr0"): |
4154 | + dvd = "/dev/sr0" |
4155 | + modloaded=False |
4156 | + if Run("fdisk -l " + dvd + " | grep Disk"): |
4157 | + # Is it possible to load a module for ata_piix? |
4158 | + retcode,krn=RunSafe('uname -r') |
4159 | + if retcode: |
4160 | + Error("Unable to provision: Failed to call uname -a") |
4161 | + return "Unable to provision: Failed to mount DVD." |
4162 | + krn_pth='/lib/modules/'+krn+'/kernel/drivers/ata/ata_piix.ko' |
4163 | + if not os.path.isfile(krn_pth): |
4164 | + Error("Unable to provision: Failed to locate ata_piix.ko") |
4165 | + return "Unable to provision: Failed to mount DVD." |
4166 | + retcode,output=RunSafe('insmod ' + krn_pth) |
4167 | + if retcode: |
4168 | + Error("Unable to provision: Failed to insmod " + krn+pth) |
4169 | + return "Failed to retrieve provisioning data (0x01)." |
4170 | + modloaded=True |
4171 | + Log("Provision: Loaded " + krn_pth + " driver for ATAPI CD-ROM") |
4172 | + # we have succeeded loading the ata_piix mod |
4173 | + for i in range(10): # we may have to wait |
4174 | + if os.path.exists("/dev/sr0"): |
4175 | + dvd = "/dev/sr0" |
4176 | + break |
4177 | + Log("Waiting for DVD - sleeping 1 - "+str(i+1)+" try...") |
4178 | + time.sleep(1) |
4179 | + CreateDir("/mnt/cdrom/secure", "root", 0700) |
4180 | + Run("mount " + dvd + " /mnt/cdrom/secure") |
4181 | + if not os.path.isfile("/mnt/cdrom/secure/ovf-env.xml"): |
4182 | + Error("Unable to provision: Missing ovf-env.xml on DVD.") |
4183 | + return "Failed to retrieve provisioning data (0x02)." |
4184 | + ovfxml = GetFileContents("/mnt/cdrom/secure/ovf-env.xml") |
4185 | + SetFileContents("ovf-env.xml", re.sub("<UserPassword>.*?<", "<UserPassword>*<", ovfxml)) |
4186 | + Run("umount /mnt/cdrom/secure") |
4187 | + if modloaded: |
4188 | + Run('rmmod ' + krn_pth) |
4189 | + error = None |
4190 | + if ovfxml != None: |
4191 | + Log("Provisioning image using OVF settings in the DVD.") |
4192 | + ovfobj = OvfEnv().Parse(ovfxml) |
4193 | + if ovfobj != None: |
4194 | + error = ovfobj.Process() |
4195 | + if error : |
4196 | + Error ("Provisioninig image FAILED " + error) |
4197 | + return ("Provisioninig image FAILED " + error) |
4198 | + # This is done here because regenerated SSH host key pairs may be potentially overwritten when processing the ovfxml |
4199 | + fingerprint = os.popen("ssh-keygen -lf /etc/ssh/ssh_host_" + type + "_key.pub").read().rstrip().split()[1].replace(':','') |
4200 | + self.ReportRoleProperties(fingerprint) |
4201 | + delRootPass = Config.get("Provisioning.DeleteRootPassword") |
4202 | + if delRootPass != None and delRootPass.lower().startswith("y"): |
4203 | + DeleteRootPassword() |
4204 | + Log("Provisioning image completed.") |
4205 | + return error |
4206 | + |
4207 | + def Run(self): |
4208 | + if IsLinux(): |
4209 | + SetFileContents("/var/run/waagent.pid", str(os.getpid()) + "\n") |
4210 | + |
4211 | + if GetIpv4Address() == None: |
4212 | + Log("Waiting for network.") |
4213 | + while(GetIpv4Address() == None): |
4214 | + time.sleep(10) |
4215 | + |
4216 | + Log("IPv4 address: " + GetIpv4Address()) |
4217 | + Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in GetMacAddress()])) |
4218 | + |
4219 | + # Consume Entropy in ACPI table provided by Hyper-V |
4220 | + try: |
4221 | + SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) |
4222 | + except: |
4223 | + pass |
4224 | + |
4225 | + Log("Probing for Windows Azure environment.") |
4226 | + self.Endpoint = self.DoDhcpWork() |
4227 | + |
4228 | + if self.Endpoint == None: |
4229 | + Log("Windows Azure environment not detected.") |
4230 | + while True: |
4231 | + time.sleep(60) |
4232 | + |
4233 | + Log("Discovered Windows Azure endpoint: " + self.Endpoint) |
4234 | + if not self.CheckVersions(): |
4235 | + Error("Agent.CheckVersions failed") |
4236 | + sys.exit(1) |
4237 | + |
4238 | + self.EnvMonitor = EnvMonitor() |
4239 | + |
4240 | + # Set SCSI timeout on root device |
4241 | + try: |
4242 | + timeout = Config.get("OS.RootDeviceScsiTimeout") |
4243 | + if timeout != None: |
4244 | + SetFileContents("/sys/block/" + DeviceForIdePort(0) + "/device/timeout", timeout) |
4245 | + except: |
4246 | + pass |
4247 | + |
4248 | + global Openssl |
4249 | + Openssl = Config.get("OS.OpensslPath") |
4250 | + if Openssl == None: |
4251 | + Openssl = "openssl" |
4252 | + |
4253 | + self.TransportCert = self.GenerateTransportCert() |
4254 | + |
4255 | + incarnation = None # goalStateIncarnationFromHealthReport |
4256 | + currentPort = None # loadBalancerProbePort |
4257 | + goalState = None # self.GoalState, instance of GoalState |
4258 | + provisioned = os.path.exists(LibDir + "/provisioned") |
4259 | + program = Config.get("Role.StateConsumer") |
4260 | + provisionError = None |
4261 | + lbProbeResponder = True |
4262 | + setting = Config.get("LBProbeResponder") |
4263 | + if setting != None and setting.lower().startswith("n"): |
4264 | + lbProbeResponder = False |
4265 | + while True: |
4266 | + if (goalState == None) or (incarnation == None) or (goalState.Incarnation != incarnation): |
4267 | + goalState = self.UpdateGoalState() |
4268 | + |
4269 | + if provisioned == False: |
4270 | + self.ReportNotReady("Provisioning", "Starting") |
4271 | + |
4272 | + goalState.Process() |
4273 | + |
4274 | + if provisioned == False: |
4275 | + provisionError = self.Provision() |
4276 | + provisioned = True |
4277 | + |
4278 | + # |
4279 | + # only one port supported |
4280 | + # restart server if new port is different than old port |
4281 | + # stop server if no longer a port |
4282 | + # |
4283 | + goalPort = goalState.LoadBalancerProbePort |
4284 | + if currentPort != goalPort: |
4285 | + self.LoadBalancerProbeServer_Shutdown() |
4286 | + currentPort = goalPort |
4287 | + if currentPort != None and lbProbeResponder == True: |
4288 | + self.LoadBalancerProbeServer = LoadBalancerProbeServer(currentPort) |
4289 | + if self.LoadBalancerProbeServer == None : |
4290 | + lbProbeResponder = False |
4291 | + Log("Unable to create LBProbeResponder.") |
4292 | + |
4293 | + if program != None and DiskActivated == True: |
4294 | + Children.append(subprocess.Popen([program, "Ready"])) |
4295 | + program = None |
4296 | + |
4297 | + if goalState.ExpectedState == "Stopped": |
4298 | + program = Config.get("Role.StateConsumer") |
4299 | + if program != None: |
4300 | + Run(program + " Shutdown") |
4301 | + self.EnvMonitor.ShutdownService() |
4302 | + self.LoadBalancerProbeServer_Shutdown() |
4303 | + command = ["/sbin/shutdown -hP now", "shutdown /s /t 5"][IsWindows()] |
4304 | + Run(command) |
4305 | + return |
4306 | + |
4307 | + sleepToReduceAccessDenied = 3 |
4308 | + time.sleep(sleepToReduceAccessDenied) |
4309 | + if provisionError != None: |
4310 | + incarnation = self.ReportNotReady("ProvisioningFailed", provisionError) |
4311 | + else: |
4312 | + incarnation = self.ReportReady() |
4313 | + time.sleep(25 - sleepToReduceAccessDenied) |
4314 | + |
4315 | +Init_Suse = """\ |
4316 | +#! /bin/sh |
4317 | + |
4318 | +### BEGIN INIT INFO |
4319 | +# Provides: WindowsAzureLinuxAgent |
4320 | +# Required-Start: $network sshd |
4321 | +# Required-Stop: $network sshd |
4322 | +# Default-Start: 3 5 |
4323 | +# Default-Stop: 0 1 2 6 |
4324 | +# Description: Start the WindowsAzureLinuxAgent |
4325 | +### END INIT INFO |
4326 | + |
4327 | +WAZD_BIN=/usr/sbin/waagent |
4328 | +test -x $WAZD_BIN || exit 5 |
4329 | + |
4330 | +case "$1" in |
4331 | + start) |
4332 | + echo "Starting WindowsAzureLinuxAgent" |
4333 | + ## Start daemon with startproc(8). If this fails |
4334 | + ## the echo return value is set appropriate. |
4335 | + |
4336 | + startproc -f $WAZD_BIN -daemon |
4337 | + exit $? |
4338 | + ;; |
4339 | + stop) |
4340 | + echo "Shutting down WindowsAzureLinuxAgent" |
4341 | + ## Stop daemon with killproc(8) and if this fails |
4342 | + ## set echo the echo return value. |
4343 | + |
4344 | + killproc -p /var/run/waagent.pid $WAZD_BIN |
4345 | + exit $? |
4346 | + ;; |
4347 | + try-restart) |
4348 | + ## Stop the service and if this succeeds (i.e. the |
4349 | + ## service was running before), start it again. |
4350 | + $0 status >/dev/null && $0 restart |
4351 | + ;; |
4352 | + restart) |
4353 | + ## Stop the service and regardless of whether it was |
4354 | + ## running or not, start it again. |
4355 | + $0 stop |
4356 | + $0 start |
4357 | + ;; |
4358 | + force-reload|reload) |
4359 | + ;; |
4360 | + status) |
4361 | + echo -n "Checking for service WindowsAzureLinuxAgent " |
4362 | + ## Check status with checkproc(8), if process is running |
4363 | + ## checkproc will return with exit status 0. |
4364 | + |
4365 | + checkproc -p $WAZD_PIDFILE $WAZD_BIN |
4366 | + exit $? |
4367 | + ;; |
4368 | + probe) |
4369 | + ;; |
4370 | + *) |
4371 | + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" |
4372 | + exit 1 |
4373 | + ;; |
4374 | +esac |
4375 | +""" |
4376 | + |
4377 | +Init_RedHat = """\ |
4378 | +#!/bin/bash |
4379 | +# |
4380 | +# Init file for WindowsAzureLinuxAgent. |
4381 | +# |
4382 | +# chkconfig: 2345 60 80 |
4383 | +# description: WindowsAzureLinuxAgent |
4384 | +# |
4385 | + |
4386 | +# source function library |
4387 | +. /etc/rc.d/init.d/functions |
4388 | + |
4389 | +RETVAL=0 |
4390 | +FriendlyName="WindowsAzureLinuxAgent" |
4391 | +WAZD_BIN=/usr/sbin/waagent |
4392 | + |
4393 | +start() |
4394 | +{ |
4395 | + echo -n $"Starting $FriendlyName: " |
4396 | + $WAZD_BIN -daemon & |
4397 | +} |
4398 | + |
4399 | +stop() |
4400 | +{ |
4401 | + echo -n $"Stopping $FriendlyName: " |
4402 | + killproc -p /var/run/waagent.pid $WAZD_BIN |
4403 | + RETVAL=$? |
4404 | + echo |
4405 | + return $RETVAL |
4406 | +} |
4407 | + |
4408 | +case "$1" in |
4409 | + start) |
4410 | + start |
4411 | + ;; |
4412 | + stop) |
4413 | + stop |
4414 | + ;; |
4415 | + restart) |
4416 | + stop |
4417 | + start |
4418 | + ;; |
4419 | + reload) |
4420 | + ;; |
4421 | + report) |
4422 | + ;; |
4423 | + status) |
4424 | + status $WAZD_BIN |
4425 | + RETVAL=$? |
4426 | + ;; |
4427 | + *) |
4428 | + echo $"Usage: $0 {start|stop|restart|status}" |
4429 | + RETVAL=1 |
4430 | +esac |
4431 | +exit $RETVAL |
4432 | +""" |
4433 | + |
4434 | +Init_Ubuntu = """\ |
4435 | +#walinuxagent - start Windows Azure agent |
4436 | + |
4437 | +description "walinuxagent" |
4438 | +author "Ben Howard <ben.howard@canonical.com>" |
4439 | + |
4440 | +start on (filesystem and started rsyslog) |
4441 | + |
4442 | +pre-start script |
4443 | + |
4444 | + WALINUXAGENT_ENABLED=1 |
4445 | + [ -r /etc/default/walinuxagent ] && . /etc/default/walinuxagent |
4446 | + |
4447 | + if [ "$WALINUXAGENT_ENABLED" != "1" ]; then |
4448 | + exit 1 |
4449 | + fi |
4450 | + |
4451 | + if [ ! -x /usr/sbin/waagent ]; then |
4452 | + exit 1 |
4453 | + fi |
4454 | + |
4455 | + #Load the udf module |
4456 | + modprobe -b udf |
4457 | +end script |
4458 | + |
4459 | +exec /usr/sbin/waagent -daemon |
4460 | +""" |
4461 | + |
4462 | +Init_Debian = """\ |
4463 | +#!/bin/sh |
4464 | +### BEGIN INIT INFO |
4465 | +# Provides: WindowsAzureLinuxAgent |
4466 | +# Required-Start: $network $syslog |
4467 | +# Required-Stop: $network $syslog |
4468 | +# Should-Start: $network $syslog |
4469 | +# Should-Stop: $network $syslog |
4470 | +# Default-Start: 2 3 4 5 |
4471 | +# Default-Stop: 0 1 6 |
4472 | +# Short-Description: WindowsAzureLinuxAgent |
4473 | +# Description: WindowsAzureLinuxAgent |
4474 | +### END INIT INFO |
4475 | + |
4476 | +. /lib/lsb/init-functions |
4477 | + |
4478 | +OPTIONS="-daemon" |
4479 | +WAZD_BIN=/usr/sbin/waagent |
4480 | +WAZD_PID=/var/run/waagent.pid |
4481 | + |
4482 | +case "$1" in |
4483 | + start) |
4484 | + log_begin_msg "Starting WindowsAzureLinuxAgent..." |
4485 | + pid=$( pidofproc $WAZD_BIN ) |
4486 | + if [ -n "$pid" ] ; then |
4487 | + log_begin_msg "Already running." |
4488 | + log_end_msg 0 |
4489 | + exit 0 |
4490 | + fi |
4491 | + start-stop-daemon --start --quiet --oknodo --background --exec $WAZD_BIN -- $OPTIONS |
4492 | + log_end_msg $? |
4493 | + ;; |
4494 | + |
4495 | + stop) |
4496 | + log_begin_msg "Stopping WindowsAzureLinuxAgent..." |
4497 | + start-stop-daemon --stop --quiet --oknodo --pidfile $WAZD_PID |
4498 | + ret=$? |
4499 | + rm -f $WAZD_PID |
4500 | + log_end_msg $ret |
4501 | + ;; |
4502 | + force-reload) |
4503 | + $0 restart |
4504 | + ;; |
4505 | + restart) |
4506 | + $0 stop |
4507 | + $0 start |
4508 | + ;; |
4509 | + status) |
4510 | + status_of_proc $WAZD_BIN && exit 0 || exit $? |
4511 | + ;; |
4512 | + *) |
4513 | + log_success_msg "Usage: /etc/init.d/waagent {start|stop|force-reload|restart|status}" |
4514 | + exit 1 |
4515 | + ;; |
4516 | +esac |
4517 | + |
4518 | +exit 0 |
4519 | +""" |
4520 | + |
4521 | +WaagentConf = """\ |
4522 | +# |
4523 | +# Windows Azure Linux Agent Configuration |
4524 | +# |
4525 | + |
4526 | +Role.StateConsumer=None # Specified program is invoked with "Ready" or "Shutdown". |
4527 | + # Shutdown will be initiated only after the program returns. Windows Azure will |
4528 | + # power off the VM if shutdown is not completed within ?? minutes. |
4529 | +Role.ConfigurationConsumer=None # Specified program is invoked with XML file argument specifying role configuration. |
4530 | +Role.TopologyConsumer=None # Specified program is invoked with XML file argument specifying role topology. |
4531 | + |
4532 | +Provisioning.Enabled=y # |
4533 | +Provisioning.DeleteRootPassword=y # Password authentication for root account will be unavailable. |
4534 | +Provisioning.RegenerateSshHostKeyPair=y # Generate fresh host key pair. |
4535 | +Provisioning.SshHostKeyPairType=rsa # Supported values are "rsa", "dsa" and "ecdsa". |
4536 | +Provisioning.MonitorHostName=y # Monitor host name changes and publish changes via DHCP requests. |
4537 | + |
4538 | +ResourceDisk.Format=y # Format if unformatted. If 'n', resource disk will not be mounted. |
4539 | +ResourceDisk.Filesystem=ext4 # |
4540 | +ResourceDisk.MountPoint=/mnt/resource # |
4541 | +ResourceDisk.EnableSwap=n # Create and use swapfile on resource disk. |
4542 | +ResourceDisk.SwapSizeMB=0 # Size of the swapfile. |
4543 | + |
4544 | +LBProbeResponder=y # Respond to load balancer probes if requested by Windows Azure. |
4545 | + |
4546 | +Logs.Verbose=n # |
4547 | + |
4548 | +OS.RootDeviceScsiTimeout=300 # Root device timeout in seconds. |
4549 | +OS.OpensslPath=None # If "None", the system default version is used. |
4550 | +""" |
4551 | + |
4552 | +WaagentLogrotate = """\ |
4553 | +/var/log/waagent.log { |
4554 | + monthly |
4555 | + rotate 6 |
4556 | + notifempty |
4557 | + missingok |
4558 | +} |
4559 | +""" |
4560 | + |
4561 | +def AddToLinuxKernelCmdline(options): |
4562 | + if os.path.isfile("/boot/grub/menu.lst"): |
4563 | + Run("sed -i --follow-symlinks '/kernel/s|$| " + options + " |' /boot/grub/menu.lst") |
4564 | + filepath = "/etc/default/grub" |
4565 | + if os.path.isfile(filepath): |
4566 | + filecontents = GetFileContents(filepath).split('\n') |
4567 | + current = filter(lambda a: a.startswith("GRUB_CMDLINE_LINUX"), filecontents) |
4568 | + ReplaceFileContentsAtomic(filepath, |
4569 | + "\n".join(filter(lambda a: not a.startswith("GRUB_CMDLINE_LINUX"), filecontents)) |
4570 | + + current[0][:-1] + " " + options + "\"\n") |
4571 | + Run("update-grub") |
4572 | + |
4573 | +def ApplyVNUMAWorkaround(): |
4574 | + VersionParts = platform.release().replace('-', '.').split('.') |
4575 | + if int(VersionParts[0]) > 2: |
4576 | + return |
4577 | + if int(VersionParts[1]) > 6: |
4578 | + return |
4579 | + if int(VersionParts[2]) > 37: |
4580 | + return |
4581 | + AddToLinuxKernelCmdline("numa=off") |
4582 | + # TODO: This is not ideal for offline installation. |
4583 | + print("Your kernel version " + platform.release() + " has a NUMA-related bug: NUMA has been disabled.") |
4584 | + |
4585 | +def RevertVNUMAWorkaround(): |
4586 | + print("Automatic reverting of GRUB configuration is not yet supported. Please edit by hand.") |
4587 | + |
4588 | +def Install(): |
4589 | + if IsWindows(): |
4590 | + print("ERROR: -install invalid for Windows.") |
4591 | + return 1 |
4592 | + os.chmod(sys.argv[0], 0755) |
4593 | + SwitchCwd() |
4594 | + requiredDeps = [ "/sbin/route", "/sbin/shutdown" ] |
4595 | + if IsDebian(): |
4596 | + requiredDeps += [ "/usr/sbin/update-rc.d" ] |
4597 | + if IsSuse(): |
4598 | + requiredDeps += [ "/sbin/insserv" ] |
4599 | + for a in requiredDeps: |
4600 | + if not os.path.isfile(a): |
4601 | + Error("Missing required dependency: " + a) |
4602 | + return 1 |
4603 | + missing = False |
4604 | + for a in [ "ssh-keygen", "useradd", "openssl", "sfdisk", |
4605 | + "fdisk", "mkfs", "chpasswd", "sed", "grep", "sudo" ]: |
4606 | + if Run("which " + a + " > /dev/null 2>&1"): |
4607 | + Warn("Missing dependency: " + a) |
4608 | + missing = True |
4609 | + if missing == True: |
4610 | + Warn("Please resolve missing dependencies listed for full functionality.") |
4611 | + if UsesRpm(): |
4612 | + if not Run("rpm --quiet -q NetworkManager"): |
4613 | + Error(GuestAgentLongName + " is not compatible with NetworkManager.") |
4614 | + return 1 |
4615 | + if Run("rpm --quiet -q python-pyasn1"): |
4616 | + Error(GuestAgentLongName + " requires python-pyasn1.") |
4617 | + return 1 |
4618 | + if UsesDpkg() and not Run("dpkg-query -s network-manager >/dev/null 2>&1"): |
4619 | + Error(GuestAgentLongName + " is not compatible with network-manager.") |
4620 | + return 1 |
4621 | + for a in RulesFiles: |
4622 | + if os.path.isfile(a): |
4623 | + if os.path.isfile(GetLastPathElement(a)): |
4624 | + os.remove(GetLastPathElement(a)) |
4625 | + shutil.move(a, ".") |
4626 | + Warn("Moved " + a + " -> " + LibDir + "/" + GetLastPathElement(a) ) |
4627 | + |
4628 | + if IsUbuntu(): |
4629 | + # Support for Ubuntu's upstart configuration |
4630 | + filename="waagent.conf" |
4631 | + filepath = "/etc/init/" + filename |
4632 | + SetFileContents(filepath, Init_Ubuntu) |
4633 | + os.chmod(filepath, 0644) |
4634 | + |
4635 | + else: |
4636 | + # Regular init.d configurations |
4637 | + filename = "waagent" |
4638 | + filepath = "/etc/init.d/" + filename |
4639 | + distro = IsRedHat() + IsDebian() * 2 + IsSuse() * 3 |
4640 | + if distro == 0: |
4641 | + Error("Unable to detect Linux Distribution.") |
4642 | + return 1 |
4643 | + init = [[Init_RedHat, "chkconfig --add " + filename], |
4644 | + [Init_Debian, "update-rc.d " + filename + " defaults"], |
4645 | + [Init_Suse, "insserv " + filename]][distro - 1] |
4646 | + SetFileContents(filepath, init[0]) |
4647 | + os.chmod(filepath, 0755) |
4648 | + Run(init[1]) |
4649 | + if os.path.isfile("/etc/waagent.conf"): |
4650 | + try: |
4651 | + os.remove("/etc/waagent.conf.old") |
4652 | + except: |
4653 | + pass |
4654 | + try: |
4655 | + os.rename("/etc/waagent.conf", "/etc/waagent.conf.old") |
4656 | + Warn("Existing /etc/waagent.conf has been renamed to /etc/waagent.conf.old") |
4657 | + except: |
4658 | + pass |
4659 | + SetFileContents("/etc/waagent.conf", WaagentConf) |
4660 | + SetFileContents("/etc/logrotate.d/waagent", WaagentLogrotate) |
4661 | + filepath = "/etc/ssh/sshd_config" |
4662 | + ReplaceFileContentsAtomic(filepath, "\n".join(filter(lambda a: not |
4663 | + a.startswith("ClientAliveInterval"), |
4664 | + GetFileContents(filepath).split('\n'))) + "ClientAliveInterval 180\n") |
4665 | + Log("Configured SSH client probing to keep connections alive.") |
4666 | + ApplyVNUMAWorkaround() |
4667 | + return 0 |
4668 | + |
4669 | +def Uninstall(): |
4670 | + if IsWindows(): |
4671 | + print("ERROR: -uninstall invalid for windows, see waagent_service.exe") |
4672 | + return 1 |
4673 | + SwitchCwd() |
4674 | + for a in RulesFiles: |
4675 | + if os.path.isfile(GetLastPathElement(a)): |
4676 | + try: |
4677 | + shutil.move(GetLastPathElement(a), a) |
4678 | + Warn("Moved " + LibDir + "/" + GetLastPathElement(a) + " -> " + a ) |
4679 | + except: |
4680 | + pass |
4681 | + filename = "waagent" |
4682 | + a = IsRedHat() + IsDebian() * 2 + IsSuse() * 3 |
4683 | + if a == 0: |
4684 | + Error("Unable to detect Linux Distribution.") |
4685 | + return 1 |
4686 | + Run("service " + filename + " stop") |
4687 | + cmd = ["chkconfig --del " + filename, |
4688 | + "update-rc.d -f " + filename + " remove", |
4689 | + "insserv -r " + filename][a - 1] |
4690 | + Run(cmd) |
4691 | + for f in os.listdir(LibDir) + ["/etc/init.d/" + filename, "/etc/waagent.conf", "/etc/logrotate.d/waagent", "/etc/sudoers.d/waagent"]: |
4692 | + try: |
4693 | + os.remove(f) |
4694 | + except: |
4695 | + pass |
4696 | + RevertVNUMAWorkaround() |
4697 | + return 0 |
4698 | + |
4699 | +def DeleteRootPassword(): |
4700 | + filepath="/etc/shadow" |
4701 | + ReplaceFileContentsAtomic(filepath, "root:*LOCK*:14600::::::\n" + "\n".join(filter(lambda a: not |
4702 | + a.startswith("root:"), |
4703 | + GetFileContents(filepath).split('\n')))) |
4704 | + os.chmod(filepath, 0000) |
4705 | + if IsRedHat(): |
4706 | + Run("chcon system_u:object_r:shadow_t:s0 " + filepath) |
4707 | + Log("Root password deleted.") |
4708 | + |
4709 | +def Deprovision(force, deluser): |
4710 | + if IsWindows(): |
4711 | + Run(os.environ["windir"] + "\\system32\\sysprep\\sysprep.exe /generalize") |
4712 | + return 0 |
4713 | + |
4714 | + SwitchCwd() |
4715 | + ovfxml = GetFileContents("ovf-env.xml") |
4716 | + ovfobj = None |
4717 | + if ovfxml != None: |
4718 | + ovfobj = OvfEnv().Parse(ovfxml) |
4719 | + |
4720 | + print("WARNING! The waagent service will be stopped.") |
4721 | + print("WARNING! All SSH host key pairs will be deleted.") |
4722 | + if IsUbuntu(): |
4723 | + print("WARNING! Nameserver configuration in /etc/resolvconf/resolv.conf.d/{tail,originial} will be deleted.") |
4724 | + else: |
4725 | + print("WARNING! Nameserver configuration in /etc/resolv.conf will be deleted.") |
4726 | + print("WARNING! Cached DHCP leases will be deleted.") |
4727 | + |
4728 | + delRootPass = Config.get("Provisioning.DeleteRootPassword") |
4729 | + if delRootPass != None and delRootPass.lower().startswith("y"): |
4730 | + print("WARNING! root password will be disabled. You will not be able to login as root.") |
4731 | + |
4732 | + if ovfobj != None and deluser == True: |
4733 | + print("WARNING! " + ovfobj.UserName + " account and entire home directory will be deleted.") |
4734 | + |
4735 | + if force == False and not raw_input('Do you want to proceed (y/n)? ').startswith('y'): |
4736 | + return 1 |
4737 | + |
4738 | + Run("service waagent stop") |
4739 | + |
4740 | + if deluser == True: |
4741 | + DeleteAccount(ovfobj.UserName) |
4742 | + |
4743 | + # Remove SSH host keys |
4744 | + regenerateKeys = Config.get("Provisioning.RegenerateSshHostKeyPair") |
4745 | + if regenerateKeys == None or regenerateKeys.lower().startswith("y"): |
4746 | + Run("rm -f /etc/ssh/ssh_host_*key*") |
4747 | + |
4748 | + # Remove root password |
4749 | + if delRootPass != None and delRootPass.lower().startswith("y"): |
4750 | + DeleteRootPassword() |
4751 | + |
4752 | + # Remove distribution specific networking configuration |
4753 | + |
4754 | + UpdateAndPublishHostNameCommon("localhost.localdomain") |
4755 | + |
4756 | + # RedHat, Suse, Debian |
4757 | + for a in VarLibDhcpDirectories: |
4758 | + Run("rm -f " + a + "/*") |
4759 | + |
4760 | + # Clear LibDir, remove nameserver and root bash history |
4761 | + fileBlackList = [ "/root/.bash_history", "/var/log/waagent.log" ] |
4762 | + |
4763 | + if IsUbuntu(): |
4764 | + # Ubuntu uses resolv.conf by default, so removing /etc/resolv.conf will |
4765 | + # break resolvconf. Therefore, we check to see if resolvconf is in use, |
4766 | + # and if so, we remove the resolvconf artifacts. |
4767 | + |
4768 | + Log("Deprovision: Ubuntu specific resolv.conf behavior selected.") |
4769 | + if os.path.realpath('/etc/resolv.conf') != '/run/resolvconf/resolv.conf': |
4770 | + Log("resolvconf is not configured. Removing /etc/resolv.conf") |
4771 | + fileBlackList.append('/etc/resolv.conf') |
4772 | + else: |
4773 | + Log("resolvconf is enabled; leaving /etc/resolv.conf intact") |
4774 | + resolvConfD = '/etc/resolvconf/resolv.conf.d/' |
4775 | + fileBlackList.extend([resolvConfD + 'tail', resolvConfD + 'originial' ]) |
4776 | + else: |
4777 | + fileBlackList.extend(os.listdir(LibDir) + ['/etc/resolv.conf']) |
4778 | + |
4779 | + for f in os.listdir(LibDir) + fileBlackList: |
4780 | + try: |
4781 | + os.remove(f) |
4782 | + except: |
4783 | + pass |
4784 | + return 0 |
4785 | + |
4786 | +def SwitchCwd(): |
4787 | + if not IsWindows(): |
4788 | + CreateDir(LibDir, "root", 0700) |
4789 | + os.chdir(LibDir) |
4790 | + |
4791 | +def Usage(): |
4792 | + print("usage: " + sys.argv[0] + " [-verbose] [-force] [-help|-install|-uninstall|-deprovision[+user]|-version|-serialconsole|-daemon]") |
4793 | + return 0 |
4794 | + |
4795 | +if GuestAgentVersion == "": |
4796 | + print("WARNING! This is a non-standard agent that does not include a valid version string.") |
4797 | +if IsLinux() and not DetectLinuxDistro(): |
4798 | + print("WARNING! Unable to detect Linux distribution. Some functionality may be broken.") |
4799 | + |
4800 | +if len(sys.argv) == 1: |
4801 | + sys.exit(Usage()) |
4802 | + |
4803 | +args = [] |
4804 | +force = False |
4805 | +for a in sys.argv[1:]: |
4806 | + if re.match("^([-/]*)(help|usage|\?)", a): |
4807 | + sys.exit(Usage()) |
4808 | + elif re.match("^([-/]*)verbose", a): |
4809 | + Verbose = True |
4810 | + elif re.match("^([-/]*)force", a): |
4811 | + force = True |
4812 | + elif re.match("^([-/]*)(setup|install)", a): |
4813 | + sys.exit(Install()) |
4814 | + elif re.match("^([-/]*)(uninstall)", a): |
4815 | + sys.exit(Uninstall()) |
4816 | + else: |
4817 | + args.append(a) |
4818 | + |
4819 | +Config = ConfigurationProvider() |
4820 | + |
4821 | +verbose = Config.get("Logs.Verbose") |
4822 | +if verbose != None and verbose.lower().startswith("y"): |
4823 | + Verbose = True |
4824 | + |
4825 | +daemon = False |
4826 | +for a in args: |
4827 | + if re.match("^([-/]*)deprovision\+user", a): |
4828 | + sys.exit(Deprovision(force, True)) |
4829 | + elif re.match("^([-/]*)deprovision", a): |
4830 | + sys.exit(Deprovision(force, False)) |
4831 | + elif re.match("^([-/]*)daemon", a): |
4832 | + daemon = True |
4833 | + elif re.match("^([-/]*)version", a): |
4834 | + print(GuestAgentVersion + " running on " + LinuxDistro) |
4835 | + sys.exit(0) |
4836 | + elif re.match("^([-/]*)serialconsole", a): |
4837 | + AddToLinuxKernelCmdline("console=ttyS0 earlyprintk=ttyS0") |
4838 | + Log("Configured kernel to use ttyS0 as the boot console.") |
4839 | + sys.exit(0) |
4840 | + else: |
4841 | + print("Invalid command line parameter:" + a) |
4842 | + sys.exit(1) |
4843 | + |
4844 | +if daemon == False: |
4845 | + sys.exit(Usage()) |
4846 | + |
4847 | +try: |
4848 | + SwitchCwd() |
4849 | + Log(GuestAgentLongName + " Version: " + GuestAgentVersion) |
4850 | + if IsLinux(): |
4851 | + Log("Linux Distribution Detected : " + LinuxDistro) |
4852 | + WaAgent = Agent() |
4853 | + WaAgent.Run() |
4854 | +except Exception, e: |
4855 | + Error(traceback.format_exc()) |
4856 | + Error("Exception: " + str(e)) |
4857 | + sys.exit(1) |
4858 | |
4859 | === removed directory '.pc/001_ubuntu_agent_startup.patch' |
4860 | === removed file '.pc/001_ubuntu_agent_startup.patch/waagent' |
4861 | --- .pc/001_ubuntu_agent_startup.patch/waagent 2012-06-22 09:10:22 +0000 |
4862 | +++ .pc/001_ubuntu_agent_startup.patch/waagent 1970-01-01 00:00:00 +0000 |
4863 | @@ -1,2395 +0,0 @@ |
4864 | -#!/usr/bin/python |
4865 | -# |
4866 | -# Windows Azure Linux Agent |
4867 | -# |
4868 | -# Copyright 2012 Microsoft Corporation |
4869 | -# |
4870 | -# Licensed under the Apache License, Version 2.0 (the "License"); |
4871 | -# you may not use this file except in compliance with the License. |
4872 | -# You may obtain a copy of the License at |
4873 | -# |
4874 | -# http://www.apache.org/licenses/LICENSE-2.0 |
4875 | -# |
4876 | -# Unless required by applicable law or agreed to in writing, software |
4877 | -# distributed under the License is distributed on an "AS IS" BASIS, |
4878 | -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
4879 | -# See the License for the specific language governing permissions and |
4880 | -# limitations under the License. |
4881 | -# |
4882 | -# Requires Python 2.4+ and Openssl 1.0+ |
4883 | -# |
4884 | -# Implements parts of RFC 2131, 1541, 1497 and |
4885 | -# http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx |
4886 | -# http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx |
4887 | -# |
4888 | - |
4889 | -import array |
4890 | -import base64 |
4891 | -import httplib |
4892 | -import os |
4893 | -import os.path |
4894 | -import platform |
4895 | -import pwd |
4896 | -import re |
4897 | -import shutil |
4898 | -import socket |
4899 | -import SocketServer |
4900 | -import struct |
4901 | -import sys |
4902 | -import tempfile |
4903 | -import textwrap |
4904 | -import threading |
4905 | -import time |
4906 | -import traceback |
4907 | -import xml.dom.minidom |
4908 | - |
4909 | -GuestAgentName = "WALinuxAgent" |
4910 | -GuestAgentLongName = "Windows Azure Linux Agent" |
4911 | -GuestAgentVersion = "rd_wala.120504-1323" |
4912 | -ProtocolVersion = "2011-12-31" |
4913 | - |
4914 | -Config = None |
4915 | -LinuxDistro = "UNKNOWN" |
4916 | -Verbose = False |
4917 | -WaAgent = None |
4918 | -DiskActivated = False |
4919 | -Openssl = "openssl" |
4920 | - |
4921 | -PossibleEthernetInterfaces = ["seth0", "seth1", "eth0", "eth1"] |
4922 | -RulesFiles = [ "/lib/udev/rules.d/75-persistent-net-generator.rules", |
4923 | - "/etc/udev/rules.d/70-persistent-net.rules" ] |
4924 | -VarLibDhcpDirectories = ["/var/lib/dhclient", "/var/lib/dhcpcd", "/var/lib/dhcp"] |
4925 | -EtcDhcpClientConfFiles = ["/etc/dhcp/dhclient.conf", "/etc/dhcp3/dhclient.conf"] |
4926 | -LibDir = "/var/lib/waagent" |
4927 | - |
4928 | -# This lets us index into a string or an array of integers transparently. |
4929 | -def Ord(a): |
4930 | - if type(a) == type("a"): |
4931 | - a = ord(a) |
4932 | - return a |
4933 | - |
4934 | -def IsWindows(): |
4935 | - return (platform.uname()[0] == "Windows") |
4936 | - |
4937 | -def IsLinux(): |
4938 | - return (platform.uname()[0] == "Linux") |
4939 | - |
4940 | -def DetectLinuxDistro(): |
4941 | - global LinuxDistro |
4942 | - if os.path.isfile("/etc/redhat-release"): |
4943 | - LinuxDistro = "RedHat" |
4944 | - return True |
4945 | - if os.path.isfile("/etc/lsb-release") and "Ubuntu" in GetFileContents("/etc/lsb-release"): |
4946 | - LinuxDistro = "Ubuntu" |
4947 | - return True |
4948 | - if os.path.isfile("/etc/debian_version"): |
4949 | - LinuxDistro = "Debian" |
4950 | - return True |
4951 | - if os.path.isfile("/etc/SuSE-release"): |
4952 | - LinuxDistro = "Suse" |
4953 | - return True |
4954 | - return False |
4955 | - |
4956 | -def IsRedHat(): |
4957 | - return "RedHat" in LinuxDistro |
4958 | - |
4959 | -def IsUbuntu(): |
4960 | - return "Ubuntu" in LinuxDistro |
4961 | - |
4962 | -def IsDebian(): |
4963 | - return IsUbuntu() or "Debian" in LinuxDistro |
4964 | - |
4965 | -def IsSuse(): |
4966 | - return "Suse" in LinuxDistro |
4967 | - |
4968 | -def UsesRpm(): |
4969 | - return IsRedHat() or IsSuse() |
4970 | - |
4971 | -def UsesDpkg(): |
4972 | - return IsDebian() |
4973 | - |
4974 | -def GetLastPathElement(path): |
4975 | - return path.rsplit('/', 1)[1] |
4976 | - |
4977 | -def GetFileContents(filepath): |
4978 | - file = None |
4979 | - try: |
4980 | - file = open(filepath) |
4981 | - except: |
4982 | - return None |
4983 | - if file == None: |
4984 | - return None |
4985 | - try: |
4986 | - return file.read() |
4987 | - finally: |
4988 | - file.close() |
4989 | - |
4990 | -def SetFileContents(filepath, contents): |
4991 | - file = open(filepath, "w") |
4992 | - try: |
4993 | - file.write(contents) |
4994 | - finally: |
4995 | - file.close() |
4996 | - |
4997 | -def AppendFileContents(filepath, contents): |
4998 | - file = open(filepath, "a") |
4999 | - try: |
5000 | - file.write(contents) |
The diff has been truncated for viewing.
walinuxagent (1.2-0ubuntu1~ 12.10.1ubuntu1) quantal-proposed; urgency=high
->
walinuxagent (1.2-0ubuntu1~ 12.10.1) quantal-proposed; urgency=high