//! Gets the writer password required by the quill++ // daemon to access the database static MyString getWritePassword(const char *write_passwd_fname, const char *host, const char *port, const char *db, const char *dbuser) { FILE *fp = NULL; MyString passwd; int len; MyString prefix; MyString msbuf; const char *buf; bool found = FALSE; // prefix is for the prefix of the entry in the .pgpass // it is in the format of the following: // host:port:db:user:password prefix.sprintf("%s:%s:%s:%s:", host, port, db, dbuser); len = prefix.Length(); fp = safe_fopen_wrapper(write_passwd_fname, "r"); if(fp == NULL) { EXCEPT("Unable to open password file %s\n", write_passwd_fname); } //dprintf(D_ALWAYS, "prefix: %s\n", prefix); while(msbuf.readLine(fp)) { msbuf.chomp(); buf = msbuf.Value(); //fprintf(stderr, "line: %s\n", buf); // check if the entry matches the prefix if (strncmp(buf, prefix.Value(), len) == 0) { // extract the password passwd = msbuf.Substr(len, msbuf.Length()); found = TRUE; break; } } fclose(fp); if (!found) { EXCEPT("Unable to find password from file %s\n", write_passwd_fname); } return passwd; }
//--------------------------------------------------------------------------- // This does only partial parsing -- only what we need for recovery mode // and rescue initialization. bool JobstateLog::ParseLine( MyString &line, time_t ×tamp, MyString &nodeName, int &seqNum ) { line.chomp(); line.Tokenize(); const char* timestampTok = line.GetNextToken( " ", false ); const char* nodeNameTok = line.GetNextToken( " ", false ); (void)line.GetNextToken( " ", false ); // event name (void)line.GetNextToken( " ", false ); // condor id (void)line.GetNextToken( " ", false ); // job tag (pegasus site) (void)line.GetNextToken( " ", false ); // unused const char* seqNumTok = line.GetNextToken( " ", false ); if ( (timestampTok == NULL) || (nodeNameTok == NULL) ) { debug_printf( DEBUG_QUIET, "Warning: error parsing " "jobstate.log file line <%s>\n", line.Value() ); check_warning_strictness( DAG_STRICT_1 ); return false; } // fetch the number, and get a pointer to the first char after // if the pointer did not advance, then there was no number to parse. char *pend; timestamp = (time_t)strtoll(timestampTok, &pend, 10); if (pend == timestampTok) { debug_printf( DEBUG_QUIET, "Warning: error reading " "timestamp in jobstate.log file line <%s>\n", line.Value() ); check_warning_strictness( DAG_STRICT_1 ); return false; } nodeName = nodeNameTok; seqNum = 0; if ( seqNumTok ) { seqNum = (int)strtol(seqNumTok, &pend, 10); if (pend == seqNumTok) { debug_printf( DEBUG_QUIET, "Warning: error reading " "sequence number in jobstate.log file line <%s>\n", line.Value() ); check_warning_strictness( DAG_STRICT_1 ); return false; } } return true; }
ClassAd* readJobAd( void ) { ClassAd* ad = NULL; bool is_stdin = false; bool read_something = false; ASSERT( job_ad_file ); if( job_ad_file[0] == '-' && job_ad_file[1] == '\0' ) { fp = stdin; is_stdin = true; } else { if (fp == NULL) { fp = safe_fopen_wrapper_follow( job_ad_file, "r" ); if( ! fp ) { EXCEPT( "Failed to open ClassAd file (%s): %s (errno %d)", job_ad_file, strerror(errno), errno ); } } } dprintf( D_FULLDEBUG, "Reading job ClassAd from %s\n", is_stdin ? "STDIN" : job_ad_file ); ad = new ClassAd; MyString line; while( line.readLine(fp) ) { read_something = true; line.chomp(); if( line[0] == '#' ) { dprintf( D_JOB, "IGNORING COMMENT: %s\n", line.Value() ); continue; } if( line == "***" ) { dprintf( D_JOB, "Saw ClassAd delimitor, stopping\n" ); break; } if( ! ad->Insert(line.Value()) ) { EXCEPT( "Failed to insert \"%s\" into ClassAd!", line.Value() ); } } if( ! read_something ) { EXCEPT( "reading ClassAd from (%s): file is empty", is_stdin ? "STDIN" : job_ad_file ); } if( IsDebugVerbose(D_JOB) ) { ad->dPrint( D_JOB ); } // For debugging, see if there's a special attribute in the // job ad that sends us into an infinite loop, waiting for // someone to attach with a debugger int shadow_should_wait = 0; ad->LookupInteger( ATTR_SHADOW_WAIT_FOR_DEBUG, shadow_should_wait ); if( shadow_should_wait ) { dprintf( D_ALWAYS, "Job requested shadow should wait for " "debugger with %s=%d, going into infinite loop\n", ATTR_SHADOW_WAIT_FOR_DEBUG, shadow_should_wait ); while( shadow_should_wait ) { } } return ad; }
int run_simple_docker_command(const std::string &command, const std::string &container, int timeout, CondorError &, bool ignore_output) { ArgList args; if ( ! add_docker_arg(args)) return -1; args.AppendArg( command ); args.AppendArg( container.c_str() ); MyString displayString; args.GetArgsStringForLogging( & displayString ); dprintf( D_FULLDEBUG, "Attempting to run: %s\n", displayString.c_str() ); #if 1 MyPopenTimer pgm; if (pgm.start_program( args, true, NULL, false ) < 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } if ( ! pgm.wait_and_close(timeout) || pgm.output_size() <= 0) { int error = pgm.error_code(); if( error ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), pgm.error_str(), error ); if (pgm.was_timeout()) { dprintf( D_ALWAYS | D_FAILURE, "Declaring a hung docker\n"); return DockerAPI::docker_hung; } } else { dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() ); } return -3; } // On a success, Docker writes the containerID back out. MyString line; line.readLine(pgm.output()); line.chomp(); line.trim(); if (!ignore_output && line != container.c_str()) { // Didn't get back the result I expected, report the error and check to see if docker is hung. dprintf( D_ALWAYS | D_FAILURE, "Docker %s failed, printing first few lines of output.\n", command.c_str()); for (int ii = 0; ii < 10; ++ii) { if ( ! line.readLine(pgm.output(), false)) break; dprintf( D_ALWAYS | D_FAILURE, "%s\n", line.c_str() ); } return -4; } #else // Read from Docker's combined output and error streams. FILE * dockerResults = my_popen( args, "r", 1 , 0, false); if( dockerResults == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } // On a success, Docker writes the containerID back out. char buffer[1024]; if( NULL == fgets( buffer, 1024, dockerResults ) ) { if( errno ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), strerror( errno ), errno ); } else { dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() ); } my_pclose( dockerResults ); return -3; } size_t length = strlen( buffer ); if (!ignore_output) { if( length < 1 || strncmp( buffer, container.c_str(), length - 1 ) != 0 ) { dprintf( D_ALWAYS | D_FAILURE, "Docker %s failed, printing first few lines of output.\n", command.c_str() ); dprintf( D_ALWAYS | D_FAILURE, "%s", buffer ); while( NULL != fgets( buffer, 1024, dockerResults ) ) { dprintf( D_ALWAYS | D_FAILURE, "%s", buffer ); } my_pclose( dockerResults ); return -4; } } my_pclose( dockerResults ); #endif return 0; }
int DockerAPI::inspect( const std::string & containerID, ClassAd * dockerAd, CondorError & /* err */ ) { if( dockerAd == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "dockerAd is NULL.\n" ); return -2; } ArgList inspectArgs; if ( ! add_docker_arg(inspectArgs)) return -1; inspectArgs.AppendArg( "inspect" ); inspectArgs.AppendArg( "--format" ); StringList formatElements( "ContainerId=\"{{.Id}}\" " "Pid={{.State.Pid}} " "Name=\"{{.Name}}\" " "Running={{.State.Running}} " "ExitCode={{.State.ExitCode}} " "StartedAt=\"{{.State.StartedAt}}\" " "FinishedAt=\"{{.State.FinishedAt}}\" " "DockerError=\"{{.State.Error}}\" " "OOMKilled=\"{{.State.OOMKilled}}\" " ); char * formatArg = formatElements.print_to_delimed_string( "\n" ); inspectArgs.AppendArg( formatArg ); free( formatArg ); inspectArgs.AppendArg( containerID ); MyString displayString; inspectArgs.GetArgsStringForLogging( & displayString ); dprintf( D_FULLDEBUG, "Attempting to run: %s\n", displayString.c_str() ); #if 1 MyPopenTimer pgm; if (pgm.start_program(inspectArgs, true, NULL, false) < 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -6; } MyStringSource * src = NULL; if (pgm.wait_and_close(default_timeout)) { src = &pgm.output(); } int expected_rows = formatElements.number(); dprintf( D_FULLDEBUG, "exit_status=%d, error=%d, %d bytes. expecting %d lines\n", pgm.exit_status(), pgm.error_code(), pgm.output_size(), expected_rows ); // If the output isn't exactly formatElements.number() lines long, // something has gone wrong and we'll at least be able to print out // the error message(s). std::vector<std::string> correctOutput(expected_rows); if (src) { MyString line; int i=0; while (line.readLine(*src,false)) { line.chomp(); //dprintf( D_FULLDEBUG, "\t[%2d] %s\n", i, line.c_str() ); if (i >= expected_rows) { if (line.empty()) continue; correctOutput.push_back(line.c_str()); } else { correctOutput[i] = line.c_str(); } std::string::iterator first = std::find(correctOutput[i].begin(), correctOutput[i].end(), '\"'); if (first != correctOutput[i].end()) { std::replace(++first, --correctOutput[i].end(), '\"','\''); } //dprintf( D_FULLDEBUG, "\tfix: %s\n", correctOutput[i].c_str() ); ++i; } } #else FILE * dockerResults = my_popen( inspectArgs, "r", 1 , 0, false); if( dockerResults == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "Unable to run '%s'.\n", displayString.c_str() ); return -6; } // If the output isn't exactly formatElements.number() lines long, // something has gone wrong and we'll at least be able to print out // the error message(s). char buffer[1024]; std::vector<std::string> correctOutput(formatElements.number()); for( int i = 0; i < formatElements.number(); ++i ) { if( fgets( buffer, 1024, dockerResults ) != NULL ) { correctOutput[i] = buffer; std::string::iterator first = std::find(correctOutput[i].begin(), correctOutput[i].end(), '\"'); if (first != correctOutput[i].end()) { std::replace(++first, -- --correctOutput[i].end(), '\"','\''); } } } my_pclose( dockerResults ); #endif int attrCount = 0; for( int i = 0; i < formatElements.number(); ++i ) { if( correctOutput[i].empty() || dockerAd->Insert( correctOutput[i].c_str() ) == FALSE ) { break; } ++attrCount; } if( attrCount != formatElements.number() ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to create classad from Docker output (%d). Printing up to the first %d (nonblank) lines.\n", attrCount, formatElements.number() ); for( int i = 0; i < formatElements.number() && ! correctOutput[i].empty(); ++i ) { dprintf( D_ALWAYS | D_FAILURE, "%s", correctOutput[i].c_str() ); } return -4; } dprintf( D_FULLDEBUG, "docker inspect printed:\n" ); for( int i = 0; i < formatElements.number() && ! correctOutput[i].empty(); ++i ) { dprintf( D_FULLDEBUG, "\t%s\n", correctOutput[i].c_str() ); } return 0; }
// // FIXME: We have a lot of boilerplate code in this function and file. // int DockerAPI::version( std::string & version, CondorError & /* err */ ) { ArgList versionArgs; if ( ! add_docker_arg(versionArgs)) return -1; versionArgs.AppendArg( "-v" ); MyString displayString; versionArgs.GetArgsStringForLogging( & displayString ); dprintf( D_FULLDEBUG, "Attempting to run: '%s'.\n", displayString.c_str() ); #if 1 MyPopenTimer pgm; if (pgm.start_program(versionArgs, true, NULL, false) < 0) { // treat 'file not found' as not really error int d_level = (pgm.error_code() == ENOENT) ? D_FULLDEBUG : (D_ALWAYS | D_FAILURE); dprintf(d_level, "Failed to run '%s' errno=%d %s.\n", displayString.c_str(), pgm.error_code(), pgm.error_str() ); return -2; } int exitCode; if ( ! pgm.wait_for_exit(default_timeout, &exitCode)) { pgm.close_program(1); dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), pgm.error_str(), pgm.error_code() ); return -3; } if (pgm.output_size() <= 0) { dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() ); return -3; } MyStringSource * src = &pgm.output(); MyString line; if (line.readLine(*src, false)) { line.chomp(); bool jansens = strstr( line.c_str(), "Jansens" ) != NULL; bool bad_size = ! src->isEof() || line.size() > 1024 || line.size() < (int)sizeof("Docker version "); if (bad_size && ! jansens) { // check second line of output for the word Jansens also. MyString tmp; tmp.readLine(*src, false); jansens = strstr( tmp.c_str(), "Jansens" ) != NULL; } if (jansens) { dprintf( D_ALWAYS | D_FAILURE, "The DOCKER configuration setting appears to point to OpenBox's docker. If you want to use Docker.IO, please set DOCKER appropriately in your configuration.\n" ); return -5; } else if (bad_size) { dprintf( D_ALWAYS | D_FAILURE, "Read more than one line (or a very long line) from '%s', which we think means it's not Docker. The (first line of the) trailing text was '%s'.\n", displayString.c_str(), line.c_str() ); return -5; } } if( exitCode != 0 ) { dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, line.c_str() ); return -4; } version = line.c_str(); #else FILE * dockerResults = my_popen( versionArgs, "r", 1 , 0, false); if( dockerResults == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } char buffer[1024]; if( NULL == fgets( buffer, 1024, dockerResults ) ) { if( errno ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), strerror( errno ), errno ); } else { dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() ); } my_pclose( dockerResults ); return -3; } if( NULL != fgets( buffer, 1024, dockerResults ) ) { if( strstr( buffer, "Jansens" ) != NULL ) { dprintf( D_ALWAYS | D_FAILURE, "The DOCKER configuration setting appears to point to OpenBox's docker. If you want to use Docker.IO, please set DOCKER appropriately in your configuration.\n" ); } else { dprintf( D_ALWAYS | D_FAILURE, "Read more than one line (or a very long line) from '%s', which we think means it's not Docker. The (first line of the) trailing text was '%s'.\n", displayString.c_str(), buffer ); } my_pclose( dockerResults ); return -5; } int exitCode = my_pclose( dockerResults ); if( exitCode != 0 ) { dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, buffer ); return -4; } size_t end = strlen(buffer); if (end > 0 && buffer[end-1] == '\n') { buffer[end-1] = '\0'; } version = buffer; #endif sscanf(version.c_str(), "Docker version %d.%d", &DockerAPI::majorVersion, &DockerAPI::minorVersion); return 0; }
int DockerAPI::detect( CondorError & err ) { // FIXME: Remove ::version() as a public API and return it from here, // because there's no point in doing this twice. std::string version; int rval = DockerAPI::version( version, err ); if( rval != 0 ) { dprintf(D_ALWAYS, "DockerAPI::detect() failed to detect the Docker version; assuming absent.\n" ); return -4; } ArgList infoArgs; if ( ! add_docker_arg(infoArgs)) return -1; infoArgs.AppendArg( "info" ); MyString displayString; infoArgs.GetArgsStringForLogging( & displayString ); dprintf( D_FULLDEBUG, "Attempting to run: '%s'.\n", displayString.c_str() ); #if 1 MyPopenTimer pgm; if (pgm.start_program(infoArgs, true, NULL, false) < 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } int exitCode; if ( ! pgm.wait_for_exit(default_timeout, &exitCode) || exitCode != 0) { pgm.close_program(1); MyString line; line.readLine(pgm.output(), false); line.chomp(); dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, line.c_str()); return -3; } if (IsFulldebug(D_ALWAYS)) { MyString line; do { line.readLine(pgm.output(), false); line.chomp(); dprintf( D_FULLDEBUG, "[docker info] %s\n", line.c_str() ); } while (line.readLine(pgm.output(), false)); } #else FILE * dockerResults = my_popen( infoArgs, "r", 1 , 0, false); if( dockerResults == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } // Even if we don't care about the success output, the failure output // can be handy for debugging... char buffer[1024]; std::vector< std::string > output; while( fgets( buffer, 1024, dockerResults ) != NULL ) { size_t end = strlen(buffer); if (end > 0 && buffer[end-1] == '\n') { buffer[end-1] = '\0'; } output.push_back( buffer ); } for( unsigned i = 0; i < output.size(); ++i ) { dprintf( D_FULLDEBUG, "[docker info] %s\n", output[i].c_str() ); } int exitCode = my_pclose( dockerResults ); if( exitCode != 0 ) { dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, output[0].c_str() ); return -3; } #endif return 0; }
int DockerAPI::rmi(const std::string &image, CondorError &err) { // First, try to remove the named image run_simple_docker_command("rmi", image, default_timeout, err, true); // That may have succeed or failed. It could have // failed if the image doesn't exist (anymore), or // if someone else deleted it outside of condor. // Check to see if the image still exists. If it // has been removed, return 0. ArgList args; if ( ! add_docker_arg(args)) return -1; args.AppendArg( "images" ); args.AppendArg( "-q" ); args.AppendArg( image ); MyString displayString; args.GetArgsStringForLogging( & displayString ); dprintf( D_FULLDEBUG, "Attempting to run: '%s'.\n", displayString.c_str() ); #if 1 MyPopenTimer pgm; if (pgm.start_program(args, true, NULL, false) < 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } int exitCode; if ( ! pgm.wait_for_exit(default_timeout, &exitCode) || exitCode != 0) { pgm.close_program(1); MyString line; line.readLine(pgm.output(), false); line.chomp(); dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, line.c_str()); return -3; } return pgm.output_size() > 0; #else FILE * dockerResults = my_popen( args, "r", 1 , 0, false); if( dockerResults == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } char buffer[1024]; std::vector< std::string > output; while( fgets( buffer, 1024, dockerResults ) != NULL ) { size_t end = strlen(buffer); if (end > 0 && buffer[end-1] == '\n') { buffer[end-1] = '\0'; } output.push_back( buffer ); } int exitCode = my_pclose( dockerResults ); if( exitCode != 0 ) { dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, output[0].c_str() ); return -3; } if (output.size() == 0) { return 0; } else { return 1; } #endif }
int DockerAPI::rm( const std::string & containerID, CondorError & /* err */ ) { ArgList rmArgs; if ( ! add_docker_arg(rmArgs)) return -1; rmArgs.AppendArg( "rm" ); rmArgs.AppendArg( "-f" ); // if for some reason still running, kill first rmArgs.AppendArg( "-v" ); // also remove the volume rmArgs.AppendArg( containerID.c_str() ); MyString displayString; rmArgs.GetArgsStringForLogging( & displayString ); dprintf( D_FULLDEBUG, "Attempting to run: %s\n", displayString.c_str() ); // Read from Docker's combined output and error streams. #if 1 MyPopenTimer pgm; if (pgm.start_program( rmArgs, true, NULL, false ) < 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } const char * got_output = pgm.wait_and_close(default_timeout); // On a success, Docker writes the containerID back out. MyString line; if ( ! got_output || ! line.readLine(pgm.output(), false)) { int error = pgm.error_code(); if( error ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), pgm.error_str(), error ); if (pgm.was_timeout()) { dprintf( D_ALWAYS | D_FAILURE, "Declaring a hung docker\n"); return docker_hung; } } else { dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() ); } return -3; } line.chomp(); line.trim(); if (line != containerID.c_str()) { // Didn't get back the result I expected, report the error and check to see if docker is hung. return check_if_docker_offline(pgm, "Docker remove", -4); } #else FILE * dockerResults = my_popen( rmArgs, "r", 1 , 0, false); if( dockerResults == NULL ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); return -2; } // On a success, Docker writes the containerID back out. char buffer[1024]; if( NULL == fgets( buffer, 1024, dockerResults ) ) { if( errno ) { dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), strerror( errno ), errno ); } else { dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() ); } my_pclose( dockerResults ); return -3; } int length = strlen( buffer ); if( length < 1 || strncmp( buffer, containerID.c_str(), length - 1 ) != 0 ) { dprintf( D_ALWAYS | D_FAILURE, "Docker remove failed, printing first few lines of output.\n" ); dprintf( D_ALWAYS | D_FAILURE, "%s", buffer ); while( NULL != fgets( buffer, 1024, dockerResults ) ) { dprintf( D_ALWAYS | D_FAILURE, "%s", buffer ); } my_pclose( dockerResults ); return -4; } my_pclose( dockerResults ); #endif return 0; }
static int check_if_docker_offline(MyPopenTimer & pgmIn, const char * cmd_str, int original_error_code) { int rval = original_error_code; // this should not be called with a program that is still running. ASSERT(pgmIn.is_closed()); MyString line; MyStringCharSource * src = NULL; if (pgmIn.output_size() > 0) { src = &pgmIn.output(); src->rewind(); } bool check_for_hung_docker = true; // if no output, we should check for hung docker. dprintf( D_ALWAYS | D_FAILURE, "%s failed, %s output.\n", cmd_str, src ? "printing first few lines of" : "no" ); if (src) { check_for_hung_docker = false; // if we got output, assume docker is not hung. for (int ii = 0; ii < 10; ++ii) { if ( ! line.readLine(*src, false)) break; dprintf( D_ALWAYS | D_FAILURE, "%s\n", line.c_str() ); // if we got something resembling "/var/run/docker.sock: resource temporarily unavaible" // then we should check for a hung docker. const char * p = strstr(line.c_str(), ".sock: resource "); if (p && strstr(p, "unavailable")) { check_for_hung_docker = true; } } } if (check_for_hung_docker) { dprintf( D_ALWAYS, "Checking to see if Docker is offline\n"); ArgList infoArgs; add_docker_arg(infoArgs); infoArgs.AppendArg( "info" ); MyString displayString; infoArgs.GetArgsStringForLogging( & displayString ); MyPopenTimer pgm2; if (pgm2.start_program(infoArgs, true, NULL, false) < 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() ); rval = DockerAPI::docker_hung; } else { int exitCode = 0; if ( ! pgm2.wait_for_exit(60, &exitCode) || pgm2.output_size() <= 0) { dprintf( D_ALWAYS | D_FAILURE, "Failed to get output from '%s' : %s.\n", displayString.c_str(), pgm2.error_str() ); rval = DockerAPI::docker_hung; } else { while (line.readLine(pgm2.output(),false)) { line.chomp(); dprintf( D_FULLDEBUG, "[Docker Info] %s\n", line.c_str() ); } } } if (rval == DockerAPI::docker_hung) { dprintf( D_ALWAYS | D_FAILURE, "Docker is not responding. returning docker_hung error code.\n"); } } return rval; }
/** * merge_stderr_with_stdout is intended for clients of this function * that wish to have the old behavior, where stderr and stdout were * both added to the same StringList. */ int systemCommand( ArgList &args, priv_state priv, StringList *cmd_out, StringList * cmd_in, StringList *cmd_err, bool merge_stderr_with_stdout) { int result = 0; FILE *fp = NULL; FILE * fp_for_stdin = NULL; FILE * childerr = NULL; MyString line; char buff[1024]; StringList *my_cmd_out = cmd_out; priv_state prev = PRIV_UNKNOWN; int stdout_pipes[2]; int stdin_pipes[2]; int pid; bool use_privsep = false; switch ( priv ) { case PRIV_ROOT: prev = set_root_priv(); break; case PRIV_USER: case PRIV_USER_FINAL: prev = set_user_priv(); #if !defined(WIN32) if ( privsep_enabled() && (job_user_uid != get_condor_uid()) ) { use_privsep = true; } #endif break; default: // Stay as Condor user ; } #if defined(WIN32) if((cmd_in != NULL) || (cmd_err != NULL)) { vmprintf(D_ALWAYS, "Invalid use of systemCommand() in Windows.\n"); return -1; } //if ( use_privsep ) { // fp = privsep_popen(args, "r", want_stderr, job_user_uid); //} //else { fp = my_popen( args, "r", merge_stderr_with_stdout ); //} #else // The old way of doing things (and the Win32 way of doing // things) // fp = my_popen( args, "r", want_stderr ); if((cmd_err != NULL) && merge_stderr_with_stdout) { vmprintf(D_ALWAYS, "Invalid use of systemCommand().\n"); return -1; } PrivSepForkExec psforkexec; char ** args_array = args.GetStringArray(); int error_pipe[2]; // AIX 5.2, Solaris 5.9, HPUX 11 don't have AF_LOCAL if(pipe(stdin_pipes) < 0) { vmprintf(D_ALWAYS, "Error creating pipe: %s\n", strerror(errno)); deleteStringArray( args_array ); return -1; } if(pipe(stdout_pipes) < 0) { vmprintf(D_ALWAYS, "Error creating pipe: %s\n", strerror(errno)); close(stdin_pipes[0]); close(stdin_pipes[1]); deleteStringArray( args_array ); return -1; } if ( use_privsep ) { if(!psforkexec.init()) { vmprintf(D_ALWAYS, "my_popenv failure on %s\n", args_array[0]); close(stdin_pipes[0]); close(stdin_pipes[1]); close(stdout_pipes[0]); close(stdout_pipes[1]); deleteStringArray( args_array ); return -1; } } if(cmd_err != NULL) { if(pipe(error_pipe) < 0) { vmprintf(D_ALWAYS, "Could not open pipe for error output: %s\n", strerror(errno)); close(stdin_pipes[0]); close(stdin_pipes[1]); close(stdout_pipes[0]); close(stdout_pipes[1]); deleteStringArray( args_array ); return -1; } } // Now fork and do what my_popen used to do pid = fork(); if(pid < 0) { vmprintf(D_ALWAYS, "Error forking: %s\n", strerror(errno)); close(stdin_pipes[0]); close(stdin_pipes[1]); close(stdout_pipes[0]); close(stdout_pipes[1]); if(cmd_err != NULL) { close(error_pipe[0]); close(error_pipe[1]); } deleteStringArray( args_array ); return -1; } if(pid == 0) { close(stdout_pipes[0]); close(stdin_pipes[1]); dup2(stdout_pipes[1], STDOUT_FILENO); dup2(stdin_pipes[0], STDIN_FILENO); if(merge_stderr_with_stdout) dup2(stdout_pipes[1], STDERR_FILENO); else if(cmd_err != NULL) { close(error_pipe[0]); dup2(error_pipe[1], STDERR_FILENO); } uid_t euid = geteuid(); gid_t egid = getegid(); seteuid( 0 ); setgroups( 1, &egid ); setgid( egid ); setuid( euid ); install_sig_handler(SIGPIPE, SIG_DFL); sigset_t sigs; sigfillset(&sigs); sigprocmask(SIG_UNBLOCK, &sigs, NULL); MyString cmd = args_array[0]; if ( use_privsep ) { ArgList al; psforkexec.in_child(cmd, al); deleteStringArray( args_array ); args_array = al.GetStringArray(); } execvp(cmd.Value(), args_array); vmprintf(D_ALWAYS, "Could not execute %s: %s\n", args_array[0], strerror(errno)); exit(-1); } close(stdin_pipes[0]); close(stdout_pipes[1]); fp_for_stdin = fdopen(stdin_pipes[1], "w"); fp = fdopen(stdout_pipes[0], "r"); if(cmd_err != NULL) { close(error_pipe[1]); childerr = fdopen(error_pipe[0],"r"); if(childerr == 0) { vmprintf(D_ALWAYS, "Could not open pipe for reading child error output: %s\n", strerror(errno)); close(error_pipe[0]); close(stdin_pipes[1]); close(stdout_pipes[0]); fclose(fp); fclose(fp_for_stdin); deleteStringArray( args_array ); return -1; } } if ( use_privsep ) { FILE* _fp = psforkexec.parent_begin(); privsep_exec_set_uid(_fp, job_user_uid); privsep_exec_set_path(_fp, args_array[0]); privsep_exec_set_args(_fp, args); Env env; env.MergeFrom(environ); privsep_exec_set_env(_fp, env); privsep_exec_set_iwd(_fp, "."); privsep_exec_set_inherit_fd(_fp, 1); privsep_exec_set_inherit_fd(_fp, 2); privsep_exec_set_inherit_fd(_fp, 0); if (!psforkexec.parent_end()) { vmprintf(D_ALWAYS, "my_popenv failure on %s\n", args_array[0]); fclose(fp); fclose(fp_for_stdin); if (childerr) { fclose(childerr); } deleteStringArray( args_array ); return -1; } } deleteStringArray( args_array ); #endif set_priv( prev ); if ( fp == NULL ) { MyString args_string; args.GetArgsStringForDisplay( &args_string, 0 ); vmprintf( D_ALWAYS, "Failed to execute command: %s\n", args_string.Value() ); if (childerr) fclose(childerr); return -1; } if(cmd_in != NULL) { cmd_in->rewind(); char * tmp; while((tmp = cmd_in->next()) != NULL) { fprintf(fp_for_stdin, "%s\n", tmp); fflush(fp_for_stdin); } } if (fp_for_stdin) { // So that we will not be waiting for output while the // script waits for stdin to be closed. fclose(fp_for_stdin); } if ( my_cmd_out == NULL ) { my_cmd_out = new StringList(); } while ( fgets( buff, sizeof(buff), fp ) != NULL ) { line += buff; if ( line.chomp() ) { my_cmd_out->append( line.Value() ); line = ""; } } if(cmd_err != NULL) { while(fgets(buff, sizeof(buff), childerr) != NULL) { line += buff; if(line.chomp()) { cmd_err->append(line.Value()); line = ""; } } fclose(childerr); } #if defined(WIN32) result = my_pclose( fp ); #else // Why close first? Just in case the child process is waiting // on a read, and we have nothing more to send it. It will // now receive a SIGPIPE. fclose(fp); if(waitpid(pid, &result, 0) < 0) { vmprintf(D_ALWAYS, "Unable to wait: %s\n", strerror(errno)); if ( cmd_out == NULL ) { delete my_cmd_out; } return -1; } #endif if( result != 0 ) { MyString args_string; args.GetArgsStringForDisplay(&args_string,0); vmprintf(D_ALWAYS, "Command returned non-zero: %s\n", args_string.Value()); my_cmd_out->rewind(); const char *next_line; while ( (next_line = my_cmd_out->next()) ) { vmprintf( D_ALWAYS, " %s\n", next_line ); } } if ( cmd_out == NULL ) { delete my_cmd_out; } return result; }
int main( int argc, char* argv[] ) { int i; param_functions *p_funcs = NULL; set_mySubSystem( "DAEMON-TOOL", SUBSYSTEM_TYPE_TOOL ); MyName = argv[0]; myDistro->Init( argc, argv ); FILE *input_fp = stdin; for( i=1; i<argc; i++ ) { if( match_prefix( argv[i], "-daemontype" ) ) { if( argv[i + 1] ) { get_mySubSystem()->setName( argv[++i] ); get_mySubSystem()->setTypeFromName( ); } else { usage(); } } else if( match_prefix( argv[i], "-debug" ) ) { // dprintf to console Termlog = 1; p_funcs = get_param_functions(); dprintf_config( "DAEMON-TOOL", p_funcs ); set_debug_flags(NULL, D_FULLDEBUG|D_SECURITY); } else if( match_prefix( argv[i], "-" ) ) { usage(); } else { usage(); } } // If we didn't get told what subsystem we should use, set it // to "TOOL". if( !get_mySubSystem()->isNameValid() ) { get_mySubSystem()->setName( "DAEMON-TOOL" ); } config( 0, true ); IpVerify ipverify; MyString line; while( line.readLine(input_fp) ) { line.chomp(); if( line.IsEmpty() || line[0] == '#' ) { printf("%s\n",line.Value()); continue; } StringList fields(line.Value()," "); fields.rewind(); char const *perm_str = fields.next(); char const *fqu = fields.next(); char const *ip = fields.next(); char const *expected = fields.next(); MyString sin_str = generate_sinful(ip, 0); condor_sockaddr addr; if( !addr.from_sinful(sin_str) ) { fprintf(stderr,"Invalid ip address: %s\n",ip); exit(1); } DCpermission perm = StringToDCpermission(perm_str); if( perm == LAST_PERM ) { fprintf(stderr,"Invalid permission level: %s\n",perm_str); exit(1); } if( strcmp(fqu,"*") == 0 ) { fqu = ""; } char const *result; MyString reason; if( ipverify.Verify(perm,addr,fqu,&reason,&reason) != USER_AUTH_SUCCESS ) { result = "DENIED"; } else { result = "ALLOWED"; } if( expected && strcasecmp(expected,result) != 0 ) { printf("Got wrong result '%s' for '%s': reason: %s!\n", result,line.Value(),reason.Value()); printf("Aborting.\n"); exit(1); } if( expected ) { printf("%s\n",line.Value()); } else { printf("%s %s\n",line.Value(),result); } } }