hcq/openGauss-OM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
openGauss-OM/script/gs_checkse
zzh 513afa1e45 添加指定数据库参数
2024-10-30 16:22:07 +08:00

1126 lines
42 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python3
# -*- coding:utf-8 -*-
#############################################################################
# Copyright (c) 2024 Huawei Technologies Co.,Ltd.
#
# openGauss is licensed under Mulan PSL v2.
# You can use this software according to the terms
# and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
#
# http://license.coscl.org.cn/MulanPSL2
#
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OF ANY KIND,
# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
# ----------------------------------------------------------------------------
# Description : gs_checkse is a tool used to check and set security configurations.
#############################################################################
import os
import sys
import subprocess
sys.path.append(sys.path[0] + '/../lib')
from gspylib.threads.SshTool import SshTool
from gspylib.common.GaussLog import GaussLog
from gspylib.common.Common import DefaultValue
from gspylib.common.OMCommand import OMCommand
from gspylib.common.DbClusterInfo import dbClusterInfo
from gspylib.common.ErrorCode import ErrorCode
from gspylib.common.ParameterParsecheck import Parameter
from base_utils.os.file_util import FileUtil
from base_utils.os.net_util import NetUtil
from domain_utils.domain_common.cluster_constants import ClusterConstants
from base_utils.common.constantsbase import ConstantsBase
from base_utils.os.user_util import UserUtil
from domain_utils.cluster_file.cluster_config_file import ClusterConfigFile
from base_utils.os.env_util import EnvUtil
#############################################################################
# Global variables
# gs_checkse_version: the gs_checkse verion number
# g_opts: globle option
# g_logger: globle logger
# g_sshTool: globle ssh interface
# g_SECheckOpts: options about all checking and setting items
# DEFAULT_INTERVAL: default space number
# CHECK_ITEMNUMLIST: checking item list
# SET_ITEMNUMLIST: setting item list
# LOG_DIR: the log directory about gs_checkse
#############################################################################
g_opts = None
g_logger = None
g_sshTool = None
host = None
g_clusterInfo = None
g_SECheckOpts = {
'A1': ['Checking items', '[ Checking Connection configuration ]', 'Normal', 'OK', 'OK'],
'A2': ['Checking items', '[ File directory security ]', 'Normal', 'OK', 'OK'],
'A3': ['Checking items', '[ Security authentication configuration ]', 'Normal', 'OK', 'OK'],
'A4': ['Checking items', '[ Account_password_management ]', 'Normal', 'OK', 'OK'],
'A5': ['Checking items', '[ Permission management ]', 'Normal', 'OK', 'OK'],
'A6': ['Checking items', '[ Database auditing ]', 'Normal', 'OK', 'OK'],
'A7': ['Checking items', '[ Error reporting and logging configuration ]', 'Normal', 'OK', 'OK'],
'A8': ['Checking items', '[ Backup configuration ]', 'Normal', 'OK', 'OK'],
'A9': ['Checking items', '[ Runtime environment configuration ]', 'Normal', 'OK', 'OK'],
'A10': ['Checking items', '[ Other configurations ]', 'Normal', 'OK', 'OK'],
'B1': ['Setting items', '[ Set Connection configuration ]', 'Normal', 'OK', 'OK'],
'B2': ['Setting items', '[ Set File directory security ]', 'Normal', 'OK', 'OK'],
'B3': ['Setting items', '[ Set Security authentication configuration ]', 'Normal', 'OK', 'OK'],
'B4': ['Setting items', '[ Set Account password management ]', 'Normal', 'OK', 'OK'],
'B5': ['Setting items', '[ Set Permission management ]', 'Normal', 'OK', 'OK'],
'B6': ['Setting items', '[ Set Database auditing ]', 'Normal', 'OK', 'OK'],
'B7': ['Setting items', '[ Set Error reporting and logging configuration ]', 'Normal', 'OK', 'OK'],
'B8': ['Setting items', '[ Set Backup configuration ]', 'Normal', 'OK', 'OK'],
'B9': ['Setting items', '[ Set Runtime environment configuration ]', 'Normal', 'OK', 'OK'],
'B10': ['Setting items', '[ Set Other configurations ]', 'Normal', 'OK', 'OK']}
DEFAULT_INTERVAL = 60
DEFAULT_CONSISTENCY_INTERVAL = 6
CHECK_ITEMNUMLIST = ['A1', 'A2', 'A3', 'A4', 'A5', 'A6', 'A7', 'A8', 'A9', 'A10']
SET_ITEMNUMLIST = ['B1', 'B2', 'B3', 'B4', 'B5', 'B6', 'B7', 'B8', 'B9', 'B10']
LOG_DIR = "/tmp/gs_checkse"
Local_CheckSe = ""
Local_Check = ""
#######################################################
# action option strings
ACTION_CHECK_Connection_configuration = "Check_Connection_configuration"
ACTION_CHECK_File_directory_security = "Check_File_directory_security"
ACTION_CHECK_Security_authentication_configuration = "Check_Security_authentication_configuration"
ACTION_CHECK_Account_password_management = "Check_Account_password_management"
ACTION_CHECK_Permission_management = "Check_Permission_management"
ACTION_CHECK_Database_auditing = "Check_Database_auditing"
ACTION_CHECK_Error_reporting_and_logging_configuration = "Check_Error_reporting_and_logging_configuration"
ACTION_CHECK_Backup_configuration = "Check_Backup_configuration"
ACTION_CHECK_Runtime_environment_configuration = "Check_Runtime_environment_configuration"
ACTION_CHECK_Other_configurations = "Check_Other_configurations"
ACTION_SET_Connection_configuration = "Set_Connection_configuration"
ACTION_SET_File_directory_security = "Set_File_directory_security"
ACTION_SET_Security_authentication_configuration = "Set_Security_authentication_configuration"
ACTION_SET_Account_password_management = "Set_Account_password_management"
ACTION_SET_Permission_management = "Set_Permission_management"
ACTION_SET_Database_auditing = "Set_Database_auditing"
ACTION_SET_Error_reporting_and_logging_configuration = "Set_Error_reporting_and_logging_configuration"
ACTION_SET_Backup_configuration = "Set_Backup_configuration"
ACTION_SET_Runtime_environment_configuration = "Set_Runtime_environment_configuration"
ACTION_SET_Other_configurations = "Set_Other_configurations"
#######################################################
class CmdOptions():
"""
init the command options
"""
def __init__(self):
self.hostnamestr = DefaultValue.EMPTY_STR
self.itemstr = DefaultValue.EMPTY_STR
self.hostlistfile = DefaultValue.EMPTY_STR
self.hostnameList = []
self.outputfile = DefaultValue.EMPTY_STR
self.logFile = DefaultValue.EMPTY_STR
self.localLog = DefaultValue.EMPTY_STR
self.database = DefaultValue.EMPTY_STR
self.set = False
self.detail = False
self.detail_all = False
self.item_detail = []
self.confFile = DefaultValue.EMPTY_STR
self.localMode = False
self.skip_cgroup_set = False
#########################################################
# Init global log
#########################################################
def initGlobals():
"""
init the global parameter g_logger and g_sshTool
"""
global g_logger
global g_sshTool
global g_clusterInfo
g_logger = GaussLog(g_opts.logFile, "gs_checkse")
dirName = os.path.dirname(g_opts.logFile)
g_opts.localLog = os.path.join(dirName, ClusterConstants.LOCAL_LOG_FILE)
g_sshTool = SshTool(g_opts.hostnameList, g_logger.logFile,
DefaultValue.TIMEOUT_PSSH_CHECK)
g_clusterInfo = dbClusterInfo()
if (g_opts.confFile != ""):
g_clusterInfo.initFromXml(g_opts.confFile)
#############################################################################
# Parse and check parameters
#############################################################################
def usage():
"""
gs_checkse is a tool used to check and set security configurations.
Usage:
gs_checkse -? | --help
gs_checkse -V | --version
gs_checkse -i ITEM [-f HOSTFILE] [-h HOSTNAME] [-X XMLFILE] [--detail] [-o OUTPUT] [-l LOGFILE]
General options:
-i Item number. To check all items, enter "-i A". To set all parameters, enter "-i B".
To check multiple status, enter the items in the following format: "-i A1,A2,A3".
-f File listing names of all the hosts to connect to. The host names are separated by line breaks.
-h Name of the host to connect to.
-X Configuration file of the cluster.
--detail Show detailed information.
--database Specify the database to check.
-o Save the result to the specified file.
-l Path of log file.
-? --help Show help information for this utility, and exit the command line mode.
-V --version Show version information.
Item number description:
'A1': [ Checking Connection configuration ]
'A2': [ File directory security ]
'A3': [ Security authentication configuration ]
'A4': [ Account_password_management ]
'A5': [ Permission management ]
'A6': [ Database auditing ]
'A7': [ Error reporting and logging configuration ]
'A8': [ Backup configuration ]
'A9': [ Runtime environment configuration ]
'A10': [ Other configurations ]
'B1': [ Set Connection configuration ]
'B2': [ Set File directory security ]
'B3': [ Set Security authentication configuration ]
'B4': [ Set Account password management ]
'B5': [ Set Permission management ]
'B6': [ Set Database auditing ]
'B7': [ Set Error reporting and logging configuration ]
'B8': [ Set Backup configuration ]
'B9': [ Set Runtime environment configuration ]
'B10': [ Set Other configurations ]
"""
print(usage.__doc__)
def parseHostnameOpts(value):
"""
parse hostnames by value
"""
if (len(value) > 1):
for val in value:
val = val.strip()
if val != "" and val not in g_opts.hostnameList:
g_opts.hostnameList.append(val)
else:
g_opts.hostnameList.append(value[0])
def parseItemOpts(itemList):
"""
parse items by value
"""
value = []
for val in itemList:
if (len(val.split(',')) > 1):
for i in val.split(','):
value.append(i)
else:
value.append(val)
if (len(value) > 1):
for val in value:
val = val.strip().upper()
if (val in CHECK_ITEMNUMLIST or val.upper() == "A" or
val in SET_ITEMNUMLIST or val.upper() == "B"):
if val not in g_opts.item_detail:
g_opts.item_detail.append(val)
else:
GaussLog.exitWithError(
ErrorCode.GAUSS_500["GAUSS_50004"] % 'i')
else:
value = value[0].upper()
if (value in CHECK_ITEMNUMLIST or value == "A" or
value in SET_ITEMNUMLIST or value == "B"):
if value not in g_opts.item_detail:
g_opts.item_detail.append(value)
else:
GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50004"] % 'i')
def parseCommandLine():
"""
Parse command line and save to global variable
"""
global g_opts
g_opts = CmdOptions()
ParaObj = Parameter()
ParaDict = ParaObj.ParameterCommandLine("checkse")
if (ParaDict.__contains__("helpFlag")):
usage()
sys.exit(0)
if (ParaDict.__contains__("logFile")):
g_opts.logFile = ParaDict.get("logFile")
if (ParaDict.__contains__("confFile")):
g_opts.confFile = ParaDict.get("confFile")
if (ParaDict.__contains__("nodename")):
g_opts.hostnamestr = ParaDict.get("nodename")
if (ParaDict.__contains__("hostfile")):
g_opts.hostlistfile = ParaDict.get("hostfile")
if (ParaDict.__contains__("outFile")):
g_opts.outputfile = ParaDict.get("outFile")
if (ParaDict.__contains__("itemstr")):
g_opts.itemstr = ParaDict.get("itemstr")
if (ParaDict.__contains__("show_detail")):
g_opts.detail = ParaDict.get("show_detail")
if (ParaDict.__contains__("database")):
g_opts.database = ParaDict.get("database")
def getUserInfo():
"""
function: get user
input: NA
output: NA
"""
if os.getuid() != 0:
user_info = UserUtil.getUserInfo()
g_opts.user = user_info.get("name")
DefaultValue.checkPathVaild(g_opts.user)
def readHostFile(hostfile):
"""
read host file to hostlist
"""
try:
with open(hostfile, "r") as fp:
for readline in fp:
hostname = readline.strip().split("\n")[0]
if hostname != "" and hostname not in hostfile:
g_opts.hostnameList.append(hostname)
except Exception as e:
GaussLog.exitWithError(ErrorCode.GAUSS_502["GAUSS_50204"] %
hostfile + " Error: \n%s" % str(e))
def checkHostList():
"""
"""
if (g_opts.hostnamestr == "" and g_opts.hostlistfile == ""):
g_opts.hostnameList = [NetUtil.GetHostIpOrName()]
elif (g_opts.hostnamestr != "" and g_opts.hostlistfile != ""):
GaussLog.exitWithError(
ErrorCode.GAUSS_500["GAUSS_50005"] % ('h', 'f'))
elif (g_opts.hostnamestr == "" and g_opts.hostlistfile != ""):
if (not os.path.isfile(g_opts.hostlistfile)):
GaussLog.exitWithError(
ErrorCode.GAUSS_502["GAUSS_50201"] % g_opts.hostlistfile)
else:
readHostFile(g_opts.hostlistfile)
else:
parseHostnameOpts(g_opts.hostnamestr)
def checkConfigFile():
"""
"""
if (g_opts.confFile != ""):
if (not os.path.isfile(g_opts.confFile)):
GaussLog.exitWithError(
ErrorCode.GAUSS_502["GAUSS_50201"] % g_opts.confFile)
def getCheckseLogPath(log_name, xml):
"""
function: get the checkse log path
input: log_name, xml
output: fullLogPath
"""
try:
gs_checkse_log_path = ""
# get the log path
configedLogPath = ClusterConfigFile.getOneClusterConfigItem("gaussdbLogPath", xml)
DefaultValue.checkPathVaild(configedLogPath)
# check gaussdbLogPath is not null
if configedLogPath == "":
gs_checkse_log_path = "%s/%s/om/%s" % (
ClusterConstants.GAUSSDB_DIR, g_opts.user, log_name)
else:
gs_checkse_log_path = "%s/%s/om/%s" % (
os.path.normpath(configedLogPath), g_opts.user, log_name)
UserUtil.check_path_owner(gs_checkse_log_path)
return gs_checkse_log_path
except Exception as e:
GaussLog.exitWithError(str(e))
def createLogFile():
cmd = "(if [ ! -d %s ]; then mkdir -p %s -m %s; fi)" % (
LOG_DIR, LOG_DIR, DefaultValue.KEY_DIRECTORY_MODE)
(status, output) = subprocess.getstatusoutput(cmd)
if (status != 0):
GaussLog.exitWithError(ErrorCode.GAUSS_502["GAUSS_50208"]
% "log of gs_checkse" + " Error: \n%s."
% output + "The cmd is %s" % cmd)
g_opts.logFile = os.path.join(LOG_DIR, ClusterConstants.GS_CHECKSE_LOG_FILE)
def setLogFile():
"""
"""
if (g_opts.logFile == ""):
# get gausslog from env
gauss_log = EnvUtil.getEnv("GAUSSLOG")
if gauss_log:
g_opts.logFile = os.path.normpath(
os.path.join(gauss_log, g_opts.user, "om", ClusterConstants.GS_CHECKSE_LOG_FILE))
# get gausslog from xml
elif g_opts.confFile:
g_opts.logFile = getCheckseLogPath(ClusterConstants.GS_CHECKSE_LOG_FILE, g_opts.confFile)
if (not os.path.isabs(g_opts.logFile)):
GaussLog.exitWithError(ErrorCode.GAUSS_502["GAUSS_50213"]
% g_opts.logFile)
else:
createLogFile()
UserUtil.check_path_owner(g_opts.logFile)
def setDatabase():
"""
Set database name
"""
if(g_opts.database == DefaultValue.EMPTY_STR):
g_opts.database = DefaultValue.DEFAULT_DB_NAME
def checkItems():
"""
"""
if (g_opts.itemstr == ""):
GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50001"] % "i" + ".")
def checkOutputFile():
"""
"""
try:
if (g_opts.outputfile != ""):
DefaultValue.checkOutputFile(g_opts.outputfile)
except Exception as e:
GaussLog.exitWithError(str(e))
def checkParameter():
"""
Check parameter from command line
"""
getUserInfo()
############################################
# check hostlist info
###########################################
checkHostList()
# check config file
checkConfigFile()
if (len(g_opts.hostnameList) == 0):
g_opts.hostnameList = [NetUtil.GetHostIpOrName()]
g_opts.hostnameList.sort()
checkHostnameList()
##########################################
# set logfile
############################################
setLogFile()
##########################################
setDatabase()
##########################################
# set items
############################################
checkItems()
parseItemOpts(g_opts.itemstr)
if (("B" in g_opts.item_detail)):
g_opts.set = True
else:
for i in SET_ITEMNUMLIST:
for j in g_opts.item_detail:
if (j == i):
g_opts.set = True
break
if (g_opts.set == True):
if ("A" in g_opts.item_detail):
GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50004"] % 'i'
+ " Checking items and setting items"
" can't be used together.")
for i in CHECK_ITEMNUMLIST:
for j in g_opts.item_detail:
if (j == i):
GaussLog.exitWithError(ErrorCode.GAUSS_500["GAUSS_50004"]
% 'i' + " Checking items and "
"setting items can't be"
" used together.")
############################################
# check output file
############################################
checkOutputFile()
def doCheckSE(itemNumber):
"""
do the checing ation by item
"""
if (itemNumber == 'A1'):
checkConnectionConfiguration()
elif (itemNumber == 'A2'):
checkFileSecurity()
elif (itemNumber == 'A3'):
checkSecurityAuthConf()
elif (itemNumber == 'A4'):
checkAccountPasswordManagement()
elif (itemNumber == 'A5'):
checkPermissionManagement()
elif (itemNumber == 'A6'):
checkDatabaseAuditing()
elif (itemNumber == 'A7'):
checkErrorReportingAndLoggingConfiguration()
elif (itemNumber == 'A8'):
checkBackupConfiguration()
elif (itemNumber == 'A9'):
checkRuntimeEnvironmentConfiguration()
elif (itemNumber == 'A10'):
checkOtherConfigurations()
def doSetSE(itemNumber):
"""
do the setting ation by item
"""
if (itemNumber == 'B1'):
setConnectionConfiguration()
elif (itemNumber == 'B2'):
setFileDirectorySecurity()
elif (itemNumber == 'B3'):
setSecurityAuthenticationConfiguration()
elif (itemNumber == 'B4'):
setAccountPasswordManagement()
elif (itemNumber == 'B5'):
setPermissionManagement()
elif (itemNumber == 'B6'):
setDatabaseAuditing()
elif (itemNumber == 'B7'):
setErrorReportingAndLoggingConfiguration()
elif (itemNumber == 'B8'):
setBackupConfiguration()
elif (itemNumber == 'B9'):
setRuntimeEnvironmentConfiguration()
elif (itemNumber == 'B10'):
setOtherConfigurations()
def performCheckorSetSE(action_item, flag_str, success_mesg, item_num,
warning_level, configFile="", command="",
parameters=""):
"""
action_item : action item
flag_str : failed flag string
success_mesg : success message information
item_num : item number
warning_level : warning level, warning or Abnormal
parameters : multiple strings of parameters
"""
try:
if command == "":
command = Local_CheckSe
if (configFile != ""):
cmd = "%s -t %s -X '%s' -l '%s' --database=%s %s" % (
command, action_item, configFile, g_opts.localLog, g_opts.database, parameters)
else:
cmd = "%s -t %s -l '%s' --database=%s %s" % (
command, action_item, g_opts.localLog, g_opts.database, parameters)
(status, output, outputMap) = getCmdOutput(cmd)
parRes = ""
detail_msg = ""
for node in list(status.keys()):
if (status[node] != DefaultValue.SUCCESS):
g_logger.logExit(" [%s]: \n" % node +
ErrorCode.GAUSS_516["GAUSS_51632"] % cmd
+ " Error: \n%s" % outputMap[node].strip())
if (outputMap[node].find(flag_str) >= 0):
g_SECheckOpts[item_num][2] = warning_level
parRes += " [%s]\n%s\n" % (node, outputMap[node])
else:
detail_msg += " [%s]\n%s\n" % (node, outputMap[node])
if (outputMap[node].find("Warning reason") >= 0
and outputMap[node].find("Abnormal") < 0):
if (g_SECheckOpts[item_num][2] != "Abnormal"):
g_SECheckOpts[item_num][2] = "Warning"
parRes += " [%s]\n%s\n" % (node, outputMap[node])
if (parRes != ""):
raise Exception("%s" % parRes)
if (g_SECheckOpts[item_num][2] != warning_level):
g_SECheckOpts[item_num][3] = "\n %s" % success_mesg
if g_SECheckOpts[item_num][4] != "OK":
g_SECheckOpts[item_num][4] = formatResault(
detail_msg, g_SECheckOpts[item_num][4])
else:
g_SECheckOpts[item_num][4] = "\n%s" % detail_msg
except Exception as e:
g_logger.debug(str(e))
if (g_SECheckOpts[item_num][2] == "Normal"):
g_SECheckOpts[item_num][2] = '%s' % warning_level
g_SECheckOpts[item_num][3] = "\n%s" % str(e)
g_SECheckOpts[item_num][4] = "\n%s" % str(e)
def checkConnectionConfiguration():
"""
Checking Monitor IP
"""
g_logger.debug("Checking Connection configuration.")
performCheckorSetSE(ACTION_CHECK_Connection_configuration,
"Checking Connection configuration failed.",
"Checking Connection configuration succeeded.",
"A1", "Warning")
g_logger.debug("Successfully checked Monitoring Host IP Address.")
def checkFileSecurity():
"""
Checking File directory security
"""
g_logger.debug("Checking CHECK File directory security.")
performCheckorSetSE(ACTION_CHECK_File_directory_security,
"Checking File directory security failed.",
"Checking File directory security succeeded.", "A2",
"Warning")
g_logger.debug("Successfully checked File directory security.")
def checkSecurityAuthConf():
"""
Checking Security authentication configuration
"""
g_logger.debug("Checking Security authentication configuration.")
performCheckorSetSE(ACTION_CHECK_Security_authentication_configuration,
"Checking Security authentication configuration failed.",
"Checking Security authentication configuration succeeded.",
"A3", "Warning")
g_logger.debug("Successfully checked Security authentication configuration.")
def checkAccountPasswordManagement():
"""
Checking Account password management
"""
g_logger.debug("Checking Account password management.")
performCheckorSetSE(ACTION_CHECK_Account_password_management,
"Checking Account password management failed.",
"Checking Account password management succeeded.",
"A4", "Warning")
g_logger.debug("Successfully checked Account password management.")
def checkPermissionManagement():
"""
Checking Permission management
"""
g_logger.debug("Checking Permission management")
performCheckorSetSE(ACTION_CHECK_Permission_management,
"Checking Permission management failed.",
"Checking Permission management succeeded.",
"A5", "Warning")
g_logger.debug("Successfully checked Permission management.")
def checkDatabaseAuditing():
"""
Checking Database Auditing
"""
g_logger.debug("Checking Database auditing")
performCheckorSetSE(ACTION_CHECK_Database_auditing,
"Checking Database auditing failed.",
"Checking Database auditing succeeded.",
"A6", "Warning")
g_logger.debug("Successfully checked Database auditing")
def checkErrorReportingAndLoggingConfiguration():
"""
Checking Error Reporting And Logging Configuration
"""
g_logger.debug("Checking Error reporting and logging configuration")
performCheckorSetSE(ACTION_CHECK_Error_reporting_and_logging_configuration,
"Checking Error reporting and logging configuration failed.",
"Checking Error reporting and logging configuration succeeded.",
"A7", "Warning")
g_logger.debug("Successfully checked Error reporting and logging configuration")
def checkBackupConfiguration():
"""
Checking Backup Configuration
"""
g_logger.debug("Checking Backup configuration")
performCheckorSetSE(ACTION_CHECK_Backup_configuration,
"Checking Backup configuration failed.",
"Checking Backup configuration succeeded.",
"A8", "Warning")
g_logger.debug("Successfully checked Backup configuration")
def checkRuntimeEnvironmentConfiguration():
"""
Checking Runtime Environment Configuration
"""
g_logger.debug("Checking Runtime environment configuration")
performCheckorSetSE(ACTION_CHECK_Runtime_environment_configuration,
"Checking Runtime environment configuration failed.",
"Checking Runtime environment configuration succeeded.",
"A9", "Warning")
g_logger.debug("Successfully checked Runtime environment configuration")
def checkOtherConfigurations():
"""
Checking Other Configurations
"""
g_logger.debug("Checking Other configurations")
performCheckorSetSE(ACTION_CHECK_Other_configurations,
"Checking Other configurations failed.",
"Checking Other configurations succeeded.",
"A10", "Warning")
g_logger.debug("Successfully checked Other configurations")
def setConnectionConfiguration():
"""
Setting Connection configuration
"""
g_logger.debug("Setting Connection configuration.")
performCheckorSetSE(ACTION_SET_Connection_configuration, "Failed",
"Setting Connection configuration succeed.", "B1",
"Abnormal")
g_logger.debug("Successfully setted Connection configuration.")
def setFileDirectorySecurity():
"""
Setting File Directory Security
"""
g_logger.debug("Setting File Directory Security.")
performCheckorSetSE(ACTION_SET_File_directory_security, "Failed",
"Setting File Directory Security succeed.", "B2",
"Abnormal")
g_logger.debug("Successfully setted File Directory Security.")
def setSecurityAuthenticationConfiguration():
"""
Setting Security authentication configuration
"""
g_logger.debug("Setting Security authentication configuration.")
performCheckorSetSE(ACTION_SET_Security_authentication_configuration, "Failed",
"Setting Security authentication configuration succeed.", "B3",
"Abnormal")
g_logger.debug("Successfully setted Security authentication configuration.")
def setAccountPasswordManagement():
"""
Setting Account Password Management
"""
g_logger.debug("Setting Account Password Management.")
performCheckorSetSE(ACTION_SET_Account_password_management, "Failed",
"Setting Account Password Management succeed.", "B4",
"Abnormal")
g_logger.debug("Successfully setted Account Password Management.")
def setPermissionManagement():
"""
Setting Permission management
"""
g_logger.debug("Setting Permission management.")
performCheckorSetSE(ACTION_SET_Permission_management, "Failed",
"Setting Permission management succeed.", "B5",
"Abnormal")
g_logger.debug("Successfully setted Permission management.")
def setDatabaseAuditing():
"""
Setting Database auditing
"""
g_logger.debug("Setting Database auditing.")
performCheckorSetSE(ACTION_SET_Database_auditing, "Failed",
"Setting Database auditing succeed.", "B6",
"Abnormal")
g_logger.debug("Successfully setted Database auditing.")
def setErrorReportingAndLoggingConfiguration():
"""
Setting Error reporting and logging configuration
"""
g_logger.debug("Setting Error reporting and logging configuration.")
performCheckorSetSE(ACTION_SET_Error_reporting_and_logging_configuration, "Failed",
"Setting Error reporting and logging configuration succeed.", "B7",
"Abnormal")
g_logger.debug("Successfully setted Error reporting and logging configuration.")
def setBackupConfiguration():
"""
Setting Backup configuration
"""
g_logger.debug("Setting Backup configuration.")
performCheckorSetSE(ACTION_SET_Backup_configuration, "Failed",
"Setting Backup configuration succeed.", "B8",
"Abnormal")
g_logger.debug("Successfully setted Backup configuration")
def setRuntimeEnvironmentConfiguration():
"""
Setting Runtime environmen configuration
"""
g_logger.debug("Setting Runtime environmen configuration.")
performCheckorSetSE(ACTION_SET_Runtime_environment_configuration, "Failed",
"Setting Runtime environmen configuration succeed.", "B9",
"Abnormal")
g_logger.debug("Successfully setted Runtime environmen configuration")
def setOtherConfigurations():
"""
Setting Other configurations
"""
g_logger.debug("Setting Other configurations.")
performCheckorSetSE(ACTION_SET_Other_configurations, "Failed",
"Setting Other configurations succeed.", "B10",
"Abnormal")
g_logger.debug("Successfully setted Other configurations")
def formatResault(result_Str1, result_Str2):
"""
get add result of to dict
"""
result = ""
result_list1 = result_Str1.strip("\n").split("\n\n")
result_list2 = result_Str2.strip("\n").split("\n\n")
for nodeInfo1 in result_list1:
result += ("\n" + nodeInfo1.split("\n")[0])
result += ("\n" + "\n".join(nodeInfo1.split("\n")[1:]))
for nodeInfo2 in result_list2:
if nodeInfo1.split("\n")[0].strip() == nodeInfo2.split("\n")[0].strip():
result += ("\n" + "\n".join(nodeInfo2.split("\n")[1:]) + "\n")
return result
def getLocalIPAddr():
'''
function: get all ips from configuration file
input : NA
output: Ips
'''
Ips = ""
if (g_opts.confFile == ""):
localHostIp = DefaultValue.getIpByHostName()
Ips = localHostIp
else:
for node in g_clusterInfo.dbNodes:
if (node.name == NetUtil.GetHostIpOrName()):
Ips = node.backIps[0]
return Ips
def DisplayResultInformation(Item, output):
"""
display the result information
"""
if ("A" in g_opts.item_detail) or ("B" in g_opts.item_detail):
if (Item in ("A1", "B1")):
if (g_opts.detail):
print("%s:\n %s: %s %s" % (
g_SECheckOpts[Item][0],
("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
file=output)
elif (g_opts.detail_all):
print("%s:\n %s: %s %s" %
(g_SECheckOpts[Item][0],
("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
file=output)
else:
print("%s:\n %s: %s" %
(g_SECheckOpts[Item][0],
("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2]), file=output)
else:
if (g_opts.detail):
print(" %s: %s %s" %
(("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
file=output)
elif (g_opts.detail_all):
print(" %s: %s %s" %
(("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
file=output)
else:
print(" %s: %s" %
(("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2]), file=output)
else:
orderItems = []
for i in [CHECK_ITEMNUMLIST, SET_ITEMNUMLIST]:
bb = []
for j in g_opts.item_detail:
if j in i:
bb.append(j)
tmp = sorted(bb)
bb = tmp
if (bb != []):
orderItems.append(bb[0])
if (Item in orderItems):
if (g_opts.detail):
print("%s\n %s: %s %s" %
(g_SECheckOpts[Item][0],
("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
file=output)
elif (g_opts.detail_all):
print("%s\n %s: %s %s" %
(g_SECheckOpts[Item][0],
("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
file=output)
else:
print("%s\n %s: %s" %
(g_SECheckOpts[Item][0],
("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2]), file=output)
else:
if (g_opts.detail):
print(" %s: %s %s" %
(("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][3].ljust(DEFAULT_INTERVAL)),
file=output)
elif (g_opts.detail_all):
print(" %s: %s %s" %
(("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2].ljust(10),
g_SECheckOpts[Item][4].ljust(DEFAULT_INTERVAL)),
file=output)
else:
print(" %s: %s" %
(("%s%s" %
(("%s." % Item).ljust(4),
g_SECheckOpts[Item][1])).ljust(DEFAULT_INTERVAL),
g_SECheckOpts[Item][2]), file=output)
def cmpItem(item1, item2):
"""
sort item
"""
if (item1[0] < item2[0]):
return -1
elif (item1[0] > item2[0]):
return 1
else:
if (int(item1[1:]) < int(item2[1:])):
return -1
elif (int(item1[1:]) > int(item2[1:])):
return 1
else:
return 0
def checkHostnameList():
"""
function: check the self.hostnameList is only local hostname
input: NA
output:NA
"""
# get the local hostname
global host
host = NetUtil.GetHostIpOrName()
# if g_opts.hostnameList have only one value,
# check it whether or not local hostname
if (len(g_opts.hostnameList) == 1):
if (g_opts.hostnameList[0] == NetUtil.GetHostIpOrName()):
g_opts.localMode = True
return
try:
# check the g_opts.hostnameList values are whether or not local IPs
# obtain the all local IPs
IPlist = NetUtil.getIpAddressList()
IPlist.append(host)
for ip in g_opts.hostnameList:
if ip not in IPlist:
return
g_opts.localMode = True
except Exception as ex:
GaussLog.exitWithError(str(ex))
def getCmdOutput(cmd, ssh_conf=""):
"""
function: execute the cmd and get the output
input: cmd
output:status, output, outputMap
"""
if (g_opts.localMode == True):
status = {}
outputMap = {}
outputCollect = []
(statusStr, output) = subprocess.getstatusoutput(cmd)
if (statusStr != 0):
status[host] = "Failure"
else:
status[host] = "Success"
outputMap[host] = output
else:
gp_path = os.path.dirname(os.path.realpath(__file__))
(status, output) = g_sshTool.getSshStatusOutput(cmd, [], "",
"%s/../" % gp_path,
ssh_config=ssh_conf)
outputMap = g_sshTool.parseSshOutput(g_sshTool.hostNames)
return (status, output, outputMap)
def main():
"""
main function
"""
global Local_CheckSe
global Local_Check
try:
parseCommandLine()
checkParameter()
initGlobals()
gpHome = os.path.dirname(os.path.realpath(__file__))
Local_CheckSe = OMCommand.getLocalScript("Local_CheckSE")
Local_Check = OMCommand.getLocalScript("Local_Check")
except Exception as e:
GaussLog.exitWithError(str(e))
if ("A" in g_opts.item_detail):
itemList = CHECK_ITEMNUMLIST
elif ("B" in g_opts.item_detail):
itemList = SET_ITEMNUMLIST
else:
sortList = sorted(g_opts.item_detail)
itemList = sortList
fp = None
dirName = "%s/gspylib/etc/conf" % os.path.dirname(
os.path.realpath(__file__))
configFile = "%s/check_list.conf" % dirName
try:
output = sys.stdout
if (g_opts.outputfile != ""):
basepath = os.path.dirname(g_opts.outputfile)
if (not os.path.isdir(basepath)):
os.makedirs(basepath, ConstantsBase.KEY_DIRECTORY_PERMISSION)
FileUtil.createFileInSafeMode(g_opts.outputfile)
fp = open(g_opts.outputfile, "w")
output = fp
g_logger.log("Performing operation system check/set."
" Output the result to the file %s."
% g_opts.outputfile)
for item in itemList:
if (g_opts.set):
doSetSE(item)
else:
doCheckSE(item)
DisplayResultInformation(item, output)
if (fp):
fp.flush()
fp.close()
if g_opts.outputfile != "":
os.chmod(g_opts.outputfile, ConstantsBase.KEY_FILE_PERMISSION)
g_logger.log("Operation system check/set is completed.")
except Exception as ex:
if fp:
fp.flush()
fp.close()
g_logger.logExit(ErrorCode.GAUSS_502["GAUSS_50205"] %
g_opts.outputfile + "Error: %s" % str(ex))
totalNum = 0
abnormalNum = 0
warningNum = 0
for key in itemList:
totalNum += 1
if (g_SECheckOpts[key][2] == "Abnormal"):
abnormalNum += 1
elif (g_SECheckOpts[key][2] == "Warning"):
warningNum += 1
if (g_opts.set):
g_logger.log("NOTICE: Port value and some warning items can NOT be set."
" Please do it manually.")
g_logger.log("Total numbers:%d. Abnormal numbers:%d. Warning numbers:%d."
% (totalNum, abnormalNum, warningNum))
if (abnormalNum > 0):
if (g_opts.set == False):
g_logger.log("Do checking operation finished. Result: Abnormal.")
else:
g_logger.log("Do setting operation finished. Result: Abnormal.")
g_logger.closeLog()
sys.exit(0)
# the main entry for this script
if __name__ == '__main__':
main()
Reference in New Issue View Git Blame Copy Permalink