Esempio n. 1
0
gboolean
services_os_action_execute(svc_action_t * op, gboolean synchronous)
{
    int rc, lpc;
    int stdout_fd[2];
    int stderr_fd[2];
    sigset_t mask;
    sigset_t old_mask;

    if (pipe(stdout_fd) < 0) {
        crm_err("pipe() failed");
    }

    if (pipe(stderr_fd) < 0) {
        crm_err("pipe() failed");
    }

    if (synchronous) {
        sigemptyset(&mask);
        sigaddset(&mask, SIGCHLD);
        sigemptyset(&old_mask);

        if (sigprocmask(SIG_BLOCK, &mask, &old_mask) < 0) {
            crm_perror(LOG_ERR, "sigprocmask() failed");
        }
    }

    op->pid = fork();
    switch (op->pid) {
        case -1:
            crm_err("fork() failed");
            close(stdout_fd[0]);
            close(stdout_fd[1]);
            close(stderr_fd[0]);
            close(stderr_fd[1]);
            return FALSE;

        case 0:                /* Child */
            /* Man: The call setpgrp() is equivalent to setpgid(0,0)
             * _and_ compiles on BSD variants too
             * need to investigate if it works the same too.
             */
            setpgid(0, 0);
            close(stdout_fd[0]);
            close(stderr_fd[0]);
            if (STDOUT_FILENO != stdout_fd[1]) {
                if (dup2(stdout_fd[1], STDOUT_FILENO) != STDOUT_FILENO) {
                    crm_err("dup2() failed (stdout)");
                }
                close(stdout_fd[1]);
            }
            if (STDERR_FILENO != stderr_fd[1]) {
                if (dup2(stderr_fd[1], STDERR_FILENO) != STDERR_FILENO) {
                    crm_err("dup2() failed (stderr)");
                }
                close(stderr_fd[1]);
            }

            /* close all descriptors except stdin/out/err and channels to logd */
            for (lpc = getdtablesize() - 1; lpc > STDERR_FILENO; lpc--) {
                close(lpc);
            }

#if SUPPORT_CIBSECRETS
            if (replace_secret_params(op->rsc, op->params) < 0) {
                /* replacing secrets failed! */
                if (safe_str_eq(op->action,"stop")) {
                    /* don't fail on stop! */
                    crm_info("proceeding with the stop operation for %s", op->rsc);

                } else {
                    crm_err("failed to get secrets for %s, "
                            "considering resource not configured", op->rsc);
                    _exit(PCMK_OCF_NOT_CONFIGURED);
                }
            }
#endif
            /* Setup environment correctly */
            add_OCF_env_vars(op);

            /* execute the RA */
            execvp(op->opaque->exec, op->opaque->args);

            switch (errno) {    /* see execve(2) */
                case ENOENT:   /* No such file or directory */
                case EISDIR:   /* Is a directory */
                    rc = PCMK_OCF_NOT_INSTALLED;
#if SUPPORT_NAGIOS
                    if (safe_str_eq(op->standard, "nagios")) {
                        rc = NAGIOS_NOT_INSTALLED;
                    }
#endif
                    break;
                case EACCES:   /* permission denied (various errors) */
                    rc = PCMK_OCF_INSUFFICIENT_PRIV;
#if SUPPORT_NAGIOS
                    if (safe_str_eq(op->standard, "nagios")) {
                        rc = NAGIOS_INSUFFICIENT_PRIV;
                    }
#endif
                    break;
                default:
                    rc = PCMK_OCF_UNKNOWN_ERROR;
                    break;
            }
            _exit(rc);
    }

    /* Only the parent reaches here */
    close(stdout_fd[1]);
    close(stderr_fd[1]);

    op->opaque->stdout_fd = stdout_fd[0];
    set_fd_opts(op->opaque->stdout_fd, O_NONBLOCK);

    op->opaque->stderr_fd = stderr_fd[0];
    set_fd_opts(op->opaque->stderr_fd, O_NONBLOCK);

    if (synchronous) {
        int status = 0;
        int timeout = op->timeout;
        int sfd = -1;
        time_t start = -1;
        struct pollfd fds[3];
        int wait_rc = 0;

        sfd = signalfd(-1, &mask, 0);
        if (sfd < 0) {
            crm_perror(LOG_ERR, "signalfd() failed");
        }

        fds[0].fd = op->opaque->stdout_fd;
        fds[0].events = POLLIN;
        fds[0].revents = 0;

        fds[1].fd = op->opaque->stderr_fd;
        fds[1].events = POLLIN;
        fds[1].revents = 0;

        fds[2].fd = sfd;
        fds[2].events = POLLIN;
        fds[2].revents = 0;

        crm_trace("Waiting for %d", op->pid);
        start = time(NULL);
        do {
            int poll_rc = poll(fds, 3, timeout);

            if (poll_rc > 0) {
                if (fds[0].revents & POLLIN) {
                    read_output(op->opaque->stdout_fd, op);
                }

                if (fds[1].revents & POLLIN) {
                    read_output(op->opaque->stderr_fd, op);
                }

                if (fds[2].revents & POLLIN) {
                    struct signalfd_siginfo fdsi;
                    ssize_t s;

                    s = read(sfd, &fdsi, sizeof(struct signalfd_siginfo));
                    if (s != sizeof(struct signalfd_siginfo)) {
                        crm_perror(LOG_ERR, "Read from signal fd %d failed", sfd);

                    } else if (fdsi.ssi_signo == SIGCHLD) {
                        wait_rc = waitpid(op->pid, &status, WNOHANG);

                        if (wait_rc < 0){
                            crm_perror(LOG_ERR, "waitpid() for %d failed", op->pid);

                        } else if (wait_rc > 0) {
                            break;
                        }
                    }
                }

            } else if (poll_rc == 0) {
                timeout = 0;
                break;

            } else if (poll_rc < 0) {
                if (errno != EINTR) {
                    crm_perror(LOG_ERR, "poll() failed");
                    break;
                }
            }

            timeout = op->timeout - (time(NULL) - start) * 1000;

        } while ((op->timeout < 0 || timeout > 0));

        crm_trace("Child done: %d", op->pid);
        if (wait_rc <= 0) {
            int killrc = kill(op->pid, SIGKILL);

            op->rc = PCMK_OCF_UNKNOWN_ERROR;
            if (op->timeout > 0 && timeout <= 0) {
                op->status = PCMK_LRM_OP_TIMEOUT;
                crm_warn("%s:%d - timed out after %dms", op->id, op->pid, op->timeout);

            } else {
                op->status = PCMK_LRM_OP_ERROR;
            }

            if (killrc && errno != ESRCH) {
                crm_err("kill(%d, KILL) failed: %d", op->pid, errno);
            }
            /*
             * From sigprocmask(2):
             * It is not possible to block SIGKILL or SIGSTOP.  Attempts to do so are silently ignored.
             *
             * This makes it safe to skip WNOHANG here
             */
            waitpid(op->pid, &status, 0);

        } else if (WIFEXITED(status)) {
            op->status = PCMK_LRM_OP_DONE;
            op->rc = WEXITSTATUS(status);
            crm_info("Managed %s process %d exited with rc=%d", op->id, op->pid, op->rc);

        } else if (WIFSIGNALED(status)) {
            int signo = WTERMSIG(status);

            op->status = PCMK_LRM_OP_ERROR;
            crm_err("Managed %s process %d exited with signal=%d", op->id, op->pid, signo);
        }
#ifdef WCOREDUMP
        if (WCOREDUMP(status)) {
            crm_err("Managed %s process %d dumped core", op->id, op->pid);
        }
#endif

        read_output(op->opaque->stdout_fd, op);
        read_output(op->opaque->stderr_fd, op);

        close(op->opaque->stdout_fd);
        close(op->opaque->stderr_fd);
        close(sfd);

        if (sigismember(&old_mask, SIGCHLD) == 0) {
            if (sigprocmask(SIG_UNBLOCK, &mask, NULL) < 0) {
                crm_perror(LOG_ERR, "sigprocmask() to unblocked failed");
            }
        }

    } else {
        crm_trace("Async waiting for %d - %s", op->pid, op->opaque->exec);
        mainloop_child_add(op->pid, op->timeout, op->id, op, operation_finished);

        op->opaque->stdout_gsource = mainloop_add_fd(op->id,
                                                     G_PRIORITY_LOW,
                                                     op->opaque->stdout_fd, op, &stdout_callbacks);

        op->opaque->stderr_gsource = mainloop_add_fd(op->id,
                                                     G_PRIORITY_LOW,
                                                     op->opaque->stderr_fd, op, &stderr_callbacks);
    }

    return TRUE;
}
Esempio n. 2
0
/* Returns FALSE if 'op' should be free'd by the caller */
gboolean
services_os_action_execute(svc_action_t * op, gboolean synchronous)
{
    int stdout_fd[2];
    int stderr_fd[2];
    sigset_t mask;
    sigset_t old_mask;
    struct stat st;

    if (pipe(stdout_fd) < 0) {
        crm_err("pipe() failed");
    }

    if (pipe(stderr_fd) < 0) {
        crm_err("pipe() failed");
    }

    /* Fail fast */
    if(stat(op->opaque->exec, &st) != 0) {
        int rc = errno;
        crm_warn("Cannot execute '%s': %s (%d)", op->opaque->exec, pcmk_strerror(rc), rc);
        services_handle_exec_error(op, rc);
        if (!synchronous) {
            return operation_finalize(op);
        }
        return FALSE;
    }

    if (synchronous) {
        sigemptyset(&mask);
        sigaddset(&mask, SIGCHLD);
        sigemptyset(&old_mask);

        if (sigprocmask(SIG_BLOCK, &mask, &old_mask) < 0) {
            crm_perror(LOG_ERR, "sigprocmask() failed");
        }
    }

    op->pid = fork();
    switch (op->pid) {
        case -1:
            {
                int rc = errno;

                close(stdout_fd[0]);
                close(stdout_fd[1]);
                close(stderr_fd[0]);
                close(stderr_fd[1]);

                crm_err("Could not execute '%s': %s (%d)", op->opaque->exec, pcmk_strerror(rc), rc);
                services_handle_exec_error(op, rc);
                if (!synchronous) {
                    return operation_finalize(op);
                }
                return FALSE;
            }
        case 0:                /* Child */
            close(stdout_fd[0]);
            close(stderr_fd[0]);
            if (STDOUT_FILENO != stdout_fd[1]) {
                if (dup2(stdout_fd[1], STDOUT_FILENO) != STDOUT_FILENO) {
                    crm_err("dup2() failed (stdout)");
                }
                close(stdout_fd[1]);
            }
            if (STDERR_FILENO != stderr_fd[1]) {
                if (dup2(stderr_fd[1], STDERR_FILENO) != STDERR_FILENO) {
                    crm_err("dup2() failed (stderr)");
                }
                close(stderr_fd[1]);
            }

            action_launch_child(op);
    }

    /* Only the parent reaches here */
    close(stdout_fd[1]);
    close(stderr_fd[1]);

    op->opaque->stdout_fd = stdout_fd[0];
    set_fd_opts(op->opaque->stdout_fd, O_NONBLOCK);

    op->opaque->stderr_fd = stderr_fd[0];
    set_fd_opts(op->opaque->stderr_fd, O_NONBLOCK);

    if (synchronous) {
        action_synced_wait(op, mask);

        if (sigismember(&old_mask, SIGCHLD) == 0) {
            if (sigprocmask(SIG_UNBLOCK, &mask, NULL) < 0) {
                crm_perror(LOG_ERR, "sigprocmask() to unblocked failed");
            }
        }

    } else {

        crm_trace("Async waiting for %d - %s", op->pid, op->opaque->exec);
        mainloop_child_add(op->pid, op->timeout, op->id, op, operation_finished);

        op->opaque->stdout_gsource = mainloop_add_fd(op->id,
                                                     G_PRIORITY_LOW,
                                                     op->opaque->stdout_fd, op, &stdout_callbacks);

        op->opaque->stderr_gsource = mainloop_add_fd(op->id,
                                                     G_PRIORITY_LOW,
                                                     op->opaque->stderr_fd, op, &stderr_callbacks);
    }

    return TRUE;
}
Esempio n. 3
0
static gboolean
start_child(pcmk_child_t * child)
{
    int lpc = 0;
    uid_t uid = 0;
    gid_t gid = 0;
    struct rlimit oflimits;
    gboolean use_valgrind = FALSE;
    gboolean use_callgrind = FALSE;
    const char *devnull = "/dev/null";
    const char *env_valgrind = getenv("PCMK_valgrind_enabled");
    const char *env_callgrind = getenv("PCMK_callgrind_enabled");
    enum cluster_type_e stack = get_cluster_type();

    child->active_before_startup = FALSE;

    if (child->command == NULL) {
        crm_info("Nothing to do for child \"%s\"", child->name);
        return TRUE;
    }

    if (env_callgrind != NULL && crm_is_true(env_callgrind)) {
        use_callgrind = TRUE;
        use_valgrind = TRUE;

    } else if (env_callgrind != NULL && strstr(env_callgrind, child->name)) {
        use_callgrind = TRUE;
        use_valgrind = TRUE;

    } else if (env_valgrind != NULL && crm_is_true(env_valgrind)) {
        use_valgrind = TRUE;

    } else if (env_valgrind != NULL && strstr(env_valgrind, child->name)) {
        use_valgrind = TRUE;
    }

    if (use_valgrind && strlen(VALGRIND_BIN) == 0) {
        crm_warn("Cannot enable valgrind for %s:"
                 " The location of the valgrind binary is unknown", child->name);
        use_valgrind = FALSE;
    }

    if (child->uid) {
        if (crm_user_lookup(child->uid, &uid, &gid) < 0) {
            crm_err("Invalid user (%s) for %s: not found", child->uid, child->name);
            return FALSE;
        }
        crm_info("Using uid=%u and group=%u for process %s", uid, gid, child->name);
    }

    child->pid = fork();
    CRM_ASSERT(child->pid != -1);

    if (child->pid > 0) {
        /* parent */
        mainloop_child_add(child->pid, 0, child->name, child, pcmk_child_exit);

        crm_info("Forked child %d for process %s%s", child->pid, child->name,
                 use_valgrind ? " (valgrind enabled: " VALGRIND_BIN ")" : "");
        update_node_processes(local_nodeid, NULL, get_process_list());
        return TRUE;

    } else {
        /* Start a new session */
        (void)setsid();

        /* Setup the two alternate arg arrarys */
        opts_vgrind[0] = strdup(VALGRIND_BIN);
        if (use_callgrind) {
            opts_vgrind[1] = strdup("--tool=callgrind");
            opts_vgrind[2] = strdup("--callgrind-out-file=" CRM_STATE_DIR "/callgrind.out.%p");
            opts_vgrind[3] = strdup(child->command);
            opts_vgrind[4] = NULL;
        } else {
            opts_vgrind[1] = strdup(child->command);
            opts_vgrind[2] = NULL;
            opts_vgrind[3] = NULL;
            opts_vgrind[4] = NULL;
        }
        opts_default[0] = strdup(child->command);;

        if(gid) {
            if(stack == pcmk_cluster_corosync) {
                /* Drop root privileges completely
                 *
                 * We can do this because we set uidgid.gid.${gid}=1
                 * via CMAP which allows these processes to connect to
                 * corosync
                 */
                if (setgid(gid) < 0) {
                    crm_perror(LOG_ERR, "Could not set group to %d", gid);
                }

                /* Keep the root group (so we can access corosync), but add the haclient group (so we can access ipc) */
            } else if (initgroups(child->uid, gid) < 0) {
                crm_err("Cannot initialize groups for %s: %s (%d)", child->uid, pcmk_strerror(errno), errno);
            }
        }

        if (uid && setuid(uid) < 0) {
            crm_perror(LOG_ERR, "Could not set user to %d (%s)", uid, child->uid);
        }

        /* Close all open file descriptors */
        getrlimit(RLIMIT_NOFILE, &oflimits);
        for (lpc = 0; lpc < oflimits.rlim_cur; lpc++) {
            close(lpc);
        }

        (void)open(devnull, O_RDONLY);  /* Stdin:  fd 0 */
        (void)open(devnull, O_WRONLY);  /* Stdout: fd 1 */
        (void)open(devnull, O_WRONLY);  /* Stderr: fd 2 */

        if (use_valgrind) {
            (void)execvp(VALGRIND_BIN, opts_vgrind);
        } else {
            (void)execvp(child->command, opts_default);
        }
        crm_perror(LOG_ERR, "FATAL: Cannot exec %s", child->command);
        crm_exit(DAEMON_RESPAWN_STOP);
    }
    return TRUE;                /* never reached */
}