//! Gets the writer password required by the quill++
// daemon to access the database
static MyString getWritePassword(const char *write_passwd_fname,
const char *host, const char *port,
const char *db,
const char *dbuser) {
FILE *fp = NULL;
MyString passwd;
int len;
MyString prefix;
MyString msbuf;
const char *buf;
bool found = FALSE;
// prefix is for the prefix of the entry in the .pgpass
// it is in the format of the following:
// host:port:db:user:password
prefix.sprintf("%s:%s:%s:%s:", host, port, db, dbuser);
len = prefix.Length();
fp = safe_fopen_wrapper(write_passwd_fname, "r");
if(fp == NULL) {
EXCEPT("Unable to open password file %s\n", write_passwd_fname);
}
//dprintf(D_ALWAYS, "prefix: %s\n", prefix);
while(msbuf.readLine(fp)) {
msbuf.chomp();
buf = msbuf.Value();
//fprintf(stderr, "line: %s\n", buf);
// check if the entry matches the prefix
if (strncmp(buf, prefix.Value(), len) == 0) {
// extract the password
passwd = msbuf.Substr(len, msbuf.Length());
found = TRUE;
break;
}
}
fclose(fp);
if (!found) {
EXCEPT("Unable to find password from file %s\n", write_passwd_fname);
}
return passwd;
}
//---------------------------------------------------------------------------
// This does only partial parsing -- only what we need for recovery mode
// and rescue initialization.
bool
JobstateLog::ParseLine( MyString &line, time_t ×tamp,
MyString &nodeName, int &seqNum )
{
line.chomp();
line.Tokenize();
const char* timestampTok = line.GetNextToken( " ", false );
const char* nodeNameTok = line.GetNextToken( " ", false );
(void)line.GetNextToken( " ", false ); // event name
(void)line.GetNextToken( " ", false ); // condor id
(void)line.GetNextToken( " ", false ); // job tag (pegasus site)
(void)line.GetNextToken( " ", false ); // unused
const char* seqNumTok = line.GetNextToken( " ", false );
if ( (timestampTok == NULL) || (nodeNameTok == NULL) ) {
debug_printf( DEBUG_QUIET, "Warning: error parsing "
"jobstate.log file line <%s>\n", line.Value() );
check_warning_strictness( DAG_STRICT_1 );
return false;
}
// fetch the number, and get a pointer to the first char after
// if the pointer did not advance, then there was no number to parse.
char *pend;
timestamp = (time_t)strtoll(timestampTok, &pend, 10);
if (pend == timestampTok) {
debug_printf( DEBUG_QUIET, "Warning: error reading "
"timestamp in jobstate.log file line <%s>\n",
line.Value() );
check_warning_strictness( DAG_STRICT_1 );
return false;
}
nodeName = nodeNameTok;
seqNum = 0;
if ( seqNumTok ) {
seqNum = (int)strtol(seqNumTok, &pend, 10);
if (pend == seqNumTok) {
debug_printf( DEBUG_QUIET, "Warning: error reading "
"sequence number in jobstate.log file line <%s>\n",
line.Value() );
check_warning_strictness( DAG_STRICT_1 );
return false;
}
}
return true;
}
ClassAd*
readJobAd( void )
{
ClassAd* ad = NULL;
bool is_stdin = false;
bool read_something = false;
ASSERT( job_ad_file );
if( job_ad_file[0] == '-' && job_ad_file[1] == '\0' ) {
fp = stdin;
is_stdin = true;
} else {
if (fp == NULL) {
fp = safe_fopen_wrapper_follow( job_ad_file, "r" );
if( ! fp ) {
EXCEPT( "Failed to open ClassAd file (%s): %s (errno %d)",
job_ad_file, strerror(errno), errno );
}
}
}
dprintf( D_FULLDEBUG, "Reading job ClassAd from %s\n",
is_stdin ? "STDIN" : job_ad_file );
ad = new ClassAd;
MyString line;
while( line.readLine(fp) ) {
read_something = true;
line.chomp();
if( line[0] == '#' ) {
dprintf( D_JOB, "IGNORING COMMENT: %s\n", line.Value() );
continue;
}
if( line == "***" ) {
dprintf( D_JOB, "Saw ClassAd delimitor, stopping\n" );
break;
}
if( ! ad->Insert(line.Value()) ) {
EXCEPT( "Failed to insert \"%s\" into ClassAd!", line.Value() );
}
}
if( ! read_something ) {
EXCEPT( "reading ClassAd from (%s): file is empty",
is_stdin ? "STDIN" : job_ad_file );
}
if( IsDebugVerbose(D_JOB) ) {
ad->dPrint( D_JOB );
}
// For debugging, see if there's a special attribute in the
// job ad that sends us into an infinite loop, waiting for
// someone to attach with a debugger
int shadow_should_wait = 0;
ad->LookupInteger( ATTR_SHADOW_WAIT_FOR_DEBUG,
shadow_should_wait );
if( shadow_should_wait ) {
dprintf( D_ALWAYS, "Job requested shadow should wait for "
"debugger with %s=%d, going into infinite loop\n",
ATTR_SHADOW_WAIT_FOR_DEBUG, shadow_should_wait );
while( shadow_should_wait ) { }
}
return ad;
}
int
run_simple_docker_command(const std::string &command, const std::string &container, int timeout, CondorError &, bool ignore_output)
{
ArgList args;
if ( ! add_docker_arg(args))
return -1;
args.AppendArg( command );
args.AppendArg( container.c_str() );
MyString displayString;
args.GetArgsStringForLogging( & displayString );
dprintf( D_FULLDEBUG, "Attempting to run: %s\n", displayString.c_str() );
#if 1
MyPopenTimer pgm;
if (pgm.start_program( args, true, NULL, false ) < 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
if ( ! pgm.wait_and_close(timeout) || pgm.output_size() <= 0) {
int error = pgm.error_code();
if( error ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), pgm.error_str(), error );
if (pgm.was_timeout()) {
dprintf( D_ALWAYS | D_FAILURE, "Declaring a hung docker\n");
return DockerAPI::docker_hung;
}
} else {
dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() );
}
return -3;
}
// On a success, Docker writes the containerID back out.
MyString line;
line.readLine(pgm.output());
line.chomp(); line.trim();
if (!ignore_output && line != container.c_str()) {
// Didn't get back the result I expected, report the error and check to see if docker is hung.
dprintf( D_ALWAYS | D_FAILURE, "Docker %s failed, printing first few lines of output.\n", command.c_str());
for (int ii = 0; ii < 10; ++ii) {
if ( ! line.readLine(pgm.output(), false)) break;
dprintf( D_ALWAYS | D_FAILURE, "%s\n", line.c_str() );
}
return -4;
}
#else
// Read from Docker's combined output and error streams.
FILE * dockerResults = my_popen( args, "r", 1 , 0, false);
if( dockerResults == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
// On a success, Docker writes the containerID back out.
char buffer[1024];
if( NULL == fgets( buffer, 1024, dockerResults ) ) {
if( errno ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), strerror( errno ), errno );
} else {
dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() );
}
my_pclose( dockerResults );
return -3;
}
size_t length = strlen( buffer );
if (!ignore_output) {
if( length < 1 || strncmp( buffer, container.c_str(), length - 1 ) != 0 ) {
dprintf( D_ALWAYS | D_FAILURE, "Docker %s failed, printing first few lines of output.\n", command.c_str() );
dprintf( D_ALWAYS | D_FAILURE, "%s", buffer );
while( NULL != fgets( buffer, 1024, dockerResults ) ) {
dprintf( D_ALWAYS | D_FAILURE, "%s", buffer );
}
my_pclose( dockerResults );
return -4;
}
}
my_pclose( dockerResults );
#endif
return 0;
}
int DockerAPI::inspect( const std::string & containerID, ClassAd * dockerAd, CondorError & /* err */ ) {
if( dockerAd == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "dockerAd is NULL.\n" );
return -2;
}
ArgList inspectArgs;
if ( ! add_docker_arg(inspectArgs))
return -1;
inspectArgs.AppendArg( "inspect" );
inspectArgs.AppendArg( "--format" );
StringList formatElements( "ContainerId=\"{{.Id}}\" "
"Pid={{.State.Pid}} "
"Name=\"{{.Name}}\" "
"Running={{.State.Running}} "
"ExitCode={{.State.ExitCode}} "
"StartedAt=\"{{.State.StartedAt}}\" "
"FinishedAt=\"{{.State.FinishedAt}}\" "
"DockerError=\"{{.State.Error}}\" "
"OOMKilled=\"{{.State.OOMKilled}}\" " );
char * formatArg = formatElements.print_to_delimed_string( "\n" );
inspectArgs.AppendArg( formatArg );
free( formatArg );
inspectArgs.AppendArg( containerID );
MyString displayString;
inspectArgs.GetArgsStringForLogging( & displayString );
dprintf( D_FULLDEBUG, "Attempting to run: %s\n", displayString.c_str() );
#if 1
MyPopenTimer pgm;
if (pgm.start_program(inspectArgs, true, NULL, false) < 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -6;
}
MyStringSource * src = NULL;
if (pgm.wait_and_close(default_timeout)) {
src = &pgm.output();
}
int expected_rows = formatElements.number();
dprintf( D_FULLDEBUG, "exit_status=%d, error=%d, %d bytes. expecting %d lines\n",
pgm.exit_status(), pgm.error_code(), pgm.output_size(), expected_rows );
// If the output isn't exactly formatElements.number() lines long,
// something has gone wrong and we'll at least be able to print out
// the error message(s).
std::vector<std::string> correctOutput(expected_rows);
if (src) {
MyString line;
int i=0;
while (line.readLine(*src,false)) {
line.chomp();
//dprintf( D_FULLDEBUG, "\t[%2d] %s\n", i, line.c_str() );
if (i >= expected_rows) {
if (line.empty()) continue;
correctOutput.push_back(line.c_str());
} else {
correctOutput[i] = line.c_str();
}
std::string::iterator first =
std::find(correctOutput[i].begin(),
correctOutput[i].end(),
'\"');
if (first != correctOutput[i].end()) {
std::replace(++first,
--correctOutput[i].end(), '\"','\'');
}
//dprintf( D_FULLDEBUG, "\tfix: %s\n", correctOutput[i].c_str() );
++i;
}
}
#else
FILE * dockerResults = my_popen( inspectArgs, "r", 1 , 0, false);
if( dockerResults == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "Unable to run '%s'.\n", displayString.c_str() );
return -6;
}
// If the output isn't exactly formatElements.number() lines long,
// something has gone wrong and we'll at least be able to print out
// the error message(s).
char buffer[1024];
std::vector<std::string> correctOutput(formatElements.number());
for( int i = 0; i < formatElements.number(); ++i ) {
if( fgets( buffer, 1024, dockerResults ) != NULL ) {
correctOutput[i] = buffer;
std::string::iterator first =
std::find(correctOutput[i].begin(),
correctOutput[i].end(),
'\"');
if (first != correctOutput[i].end()) {
std::replace(++first,
-- --correctOutput[i].end(), '\"','\'');
}
}
}
my_pclose( dockerResults );
#endif
int attrCount = 0;
for( int i = 0; i < formatElements.number(); ++i ) {
if( correctOutput[i].empty() || dockerAd->Insert( correctOutput[i].c_str() ) == FALSE ) {
break;
}
++attrCount;
}
if( attrCount != formatElements.number() ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to create classad from Docker output (%d). Printing up to the first %d (nonblank) lines.\n", attrCount, formatElements.number() );
for( int i = 0; i < formatElements.number() && ! correctOutput[i].empty(); ++i ) {
dprintf( D_ALWAYS | D_FAILURE, "%s", correctOutput[i].c_str() );
}
return -4;
}
dprintf( D_FULLDEBUG, "docker inspect printed:\n" );
for( int i = 0; i < formatElements.number() && ! correctOutput[i].empty(); ++i ) {
dprintf( D_FULLDEBUG, "\t%s\n", correctOutput[i].c_str() );
}
return 0;
}
//
// FIXME: We have a lot of boilerplate code in this function and file.
//
int DockerAPI::version( std::string & version, CondorError & /* err */ ) {
ArgList versionArgs;
if ( ! add_docker_arg(versionArgs))
return -1;
versionArgs.AppendArg( "-v" );
MyString displayString;
versionArgs.GetArgsStringForLogging( & displayString );
dprintf( D_FULLDEBUG, "Attempting to run: '%s'.\n", displayString.c_str() );
#if 1
MyPopenTimer pgm;
if (pgm.start_program(versionArgs, true, NULL, false) < 0) {
// treat 'file not found' as not really error
int d_level = (pgm.error_code() == ENOENT) ? D_FULLDEBUG : (D_ALWAYS | D_FAILURE);
dprintf(d_level, "Failed to run '%s' errno=%d %s.\n", displayString.c_str(), pgm.error_code(), pgm.error_str() );
return -2;
}
int exitCode;
if ( ! pgm.wait_for_exit(default_timeout, &exitCode)) {
pgm.close_program(1);
dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), pgm.error_str(), pgm.error_code() );
return -3;
}
if (pgm.output_size() <= 0) {
dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() );
return -3;
}
MyStringSource * src = &pgm.output();
MyString line;
if (line.readLine(*src, false)) {
line.chomp();
bool jansens = strstr( line.c_str(), "Jansens" ) != NULL;
bool bad_size = ! src->isEof() || line.size() > 1024 || line.size() < (int)sizeof("Docker version ");
if (bad_size && ! jansens) {
// check second line of output for the word Jansens also.
MyString tmp; tmp.readLine(*src, false);
jansens = strstr( tmp.c_str(), "Jansens" ) != NULL;
}
if (jansens) {
dprintf( D_ALWAYS | D_FAILURE, "The DOCKER configuration setting appears to point to OpenBox's docker. If you want to use Docker.IO, please set DOCKER appropriately in your configuration.\n" );
return -5;
} else if (bad_size) {
dprintf( D_ALWAYS | D_FAILURE, "Read more than one line (or a very long line) from '%s', which we think means it's not Docker. The (first line of the) trailing text was '%s'.\n", displayString.c_str(), line.c_str() );
return -5;
}
}
if( exitCode != 0 ) {
dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, line.c_str() );
return -4;
}
version = line.c_str();
#else
FILE * dockerResults = my_popen( versionArgs, "r", 1 , 0, false);
if( dockerResults == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
char buffer[1024];
if( NULL == fgets( buffer, 1024, dockerResults ) ) {
if( errno ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), strerror( errno ), errno );
} else {
dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() );
}
my_pclose( dockerResults );
return -3;
}
if( NULL != fgets( buffer, 1024, dockerResults ) ) {
if( strstr( buffer, "Jansens" ) != NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "The DOCKER configuration setting appears to point to OpenBox's docker. If you want to use Docker.IO, please set DOCKER appropriately in your configuration.\n" );
} else {
dprintf( D_ALWAYS | D_FAILURE, "Read more than one line (or a very long line) from '%s', which we think means it's not Docker. The (first line of the) trailing text was '%s'.\n", displayString.c_str(), buffer );
}
my_pclose( dockerResults );
return -5;
}
int exitCode = my_pclose( dockerResults );
if( exitCode != 0 ) {
dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, buffer );
return -4;
}
size_t end = strlen(buffer);
if (end > 0 && buffer[end-1] == '\n') { buffer[end-1] = '\0'; }
version = buffer;
#endif
sscanf(version.c_str(), "Docker version %d.%d", &DockerAPI::majorVersion, &DockerAPI::minorVersion);
return 0;
}
int DockerAPI::detect( CondorError & err ) {
// FIXME: Remove ::version() as a public API and return it from here,
// because there's no point in doing this twice.
std::string version;
int rval = DockerAPI::version( version, err );
if( rval != 0 ) {
dprintf(D_ALWAYS, "DockerAPI::detect() failed to detect the Docker version; assuming absent.\n" );
return -4;
}
ArgList infoArgs;
if ( ! add_docker_arg(infoArgs))
return -1;
infoArgs.AppendArg( "info" );
MyString displayString;
infoArgs.GetArgsStringForLogging( & displayString );
dprintf( D_FULLDEBUG, "Attempting to run: '%s'.\n", displayString.c_str() );
#if 1
MyPopenTimer pgm;
if (pgm.start_program(infoArgs, true, NULL, false) < 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
int exitCode;
if ( ! pgm.wait_for_exit(default_timeout, &exitCode) || exitCode != 0) {
pgm.close_program(1);
MyString line;
line.readLine(pgm.output(), false); line.chomp();
dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, line.c_str());
return -3;
}
if (IsFulldebug(D_ALWAYS)) {
MyString line;
do {
line.readLine(pgm.output(), false);
line.chomp();
dprintf( D_FULLDEBUG, "[docker info] %s\n", line.c_str() );
} while (line.readLine(pgm.output(), false));
}
#else
FILE * dockerResults = my_popen( infoArgs, "r", 1 , 0, false);
if( dockerResults == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
// Even if we don't care about the success output, the failure output
// can be handy for debugging...
char buffer[1024];
std::vector< std::string > output;
while( fgets( buffer, 1024, dockerResults ) != NULL ) {
size_t end = strlen(buffer);
if (end > 0 && buffer[end-1] == '\n') { buffer[end-1] = '\0'; }
output.push_back( buffer );
}
for( unsigned i = 0; i < output.size(); ++i ) {
dprintf( D_FULLDEBUG, "[docker info] %s\n", output[i].c_str() );
}
int exitCode = my_pclose( dockerResults );
if( exitCode != 0 ) {
dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, output[0].c_str() );
return -3;
}
#endif
return 0;
}
int
DockerAPI::rmi(const std::string &image, CondorError &err) {
// First, try to remove the named image
run_simple_docker_command("rmi", image, default_timeout, err, true);
// That may have succeed or failed. It could have
// failed if the image doesn't exist (anymore), or
// if someone else deleted it outside of condor.
// Check to see if the image still exists. If it
// has been removed, return 0.
ArgList args;
if ( ! add_docker_arg(args))
return -1;
args.AppendArg( "images" );
args.AppendArg( "-q" );
args.AppendArg( image );
MyString displayString;
args.GetArgsStringForLogging( & displayString );
dprintf( D_FULLDEBUG, "Attempting to run: '%s'.\n", displayString.c_str() );
#if 1
MyPopenTimer pgm;
if (pgm.start_program(args, true, NULL, false) < 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
int exitCode;
if ( ! pgm.wait_for_exit(default_timeout, &exitCode) || exitCode != 0) {
pgm.close_program(1);
MyString line;
line.readLine(pgm.output(), false); line.chomp();
dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, line.c_str());
return -3;
}
return pgm.output_size() > 0;
#else
FILE * dockerResults = my_popen( args, "r", 1 , 0, false);
if( dockerResults == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
char buffer[1024];
std::vector< std::string > output;
while( fgets( buffer, 1024, dockerResults ) != NULL ) {
size_t end = strlen(buffer);
if (end > 0 && buffer[end-1] == '\n') { buffer[end-1] = '\0'; }
output.push_back( buffer );
}
int exitCode = my_pclose( dockerResults );
if( exitCode != 0 ) {
dprintf( D_ALWAYS, "'%s' did not exit successfully (code %d); the first line of output was '%s'.\n", displayString.c_str(), exitCode, output[0].c_str() );
return -3;
}
if (output.size() == 0) {
return 0;
} else {
return 1;
}
#endif
}
int DockerAPI::rm( const std::string & containerID, CondorError & /* err */ ) {
ArgList rmArgs;
if ( ! add_docker_arg(rmArgs))
return -1;
rmArgs.AppendArg( "rm" );
rmArgs.AppendArg( "-f" ); // if for some reason still running, kill first
rmArgs.AppendArg( "-v" ); // also remove the volume
rmArgs.AppendArg( containerID.c_str() );
MyString displayString;
rmArgs.GetArgsStringForLogging( & displayString );
dprintf( D_FULLDEBUG, "Attempting to run: %s\n", displayString.c_str() );
// Read from Docker's combined output and error streams.
#if 1
MyPopenTimer pgm;
if (pgm.start_program( rmArgs, true, NULL, false ) < 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
const char * got_output = pgm.wait_and_close(default_timeout);
// On a success, Docker writes the containerID back out.
MyString line;
if ( ! got_output || ! line.readLine(pgm.output(), false)) {
int error = pgm.error_code();
if( error ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), pgm.error_str(), error );
if (pgm.was_timeout()) {
dprintf( D_ALWAYS | D_FAILURE, "Declaring a hung docker\n");
return docker_hung;
}
} else {
dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() );
}
return -3;
}
line.chomp(); line.trim();
if (line != containerID.c_str()) {
// Didn't get back the result I expected, report the error and check to see if docker is hung.
return check_if_docker_offline(pgm, "Docker remove", -4);
}
#else
FILE * dockerResults = my_popen( rmArgs, "r", 1 , 0, false);
if( dockerResults == NULL ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
return -2;
}
// On a success, Docker writes the containerID back out.
char buffer[1024];
if( NULL == fgets( buffer, 1024, dockerResults ) ) {
if( errno ) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to read results from '%s': '%s' (%d)\n", displayString.c_str(), strerror( errno ), errno );
} else {
dprintf( D_ALWAYS | D_FAILURE, "'%s' returned nothing.\n", displayString.c_str() );
}
my_pclose( dockerResults );
return -3;
}
int length = strlen( buffer );
if( length < 1 || strncmp( buffer, containerID.c_str(), length - 1 ) != 0 ) {
dprintf( D_ALWAYS | D_FAILURE, "Docker remove failed, printing first few lines of output.\n" );
dprintf( D_ALWAYS | D_FAILURE, "%s", buffer );
while( NULL != fgets( buffer, 1024, dockerResults ) ) {
dprintf( D_ALWAYS | D_FAILURE, "%s", buffer );
}
my_pclose( dockerResults );
return -4;
}
my_pclose( dockerResults );
#endif
return 0;
}
static int check_if_docker_offline(MyPopenTimer & pgmIn, const char * cmd_str, int original_error_code)
{
int rval = original_error_code;
// this should not be called with a program that is still running.
ASSERT(pgmIn.is_closed());
MyString line;
MyStringCharSource * src = NULL;
if (pgmIn.output_size() > 0) {
src = &pgmIn.output();
src->rewind();
}
bool check_for_hung_docker = true; // if no output, we should check for hung docker.
dprintf( D_ALWAYS | D_FAILURE, "%s failed, %s output.\n", cmd_str, src ? "printing first few lines of" : "no" );
if (src) {
check_for_hung_docker = false; // if we got output, assume docker is not hung.
for (int ii = 0; ii < 10; ++ii) {
if ( ! line.readLine(*src, false)) break;
dprintf( D_ALWAYS | D_FAILURE, "%s\n", line.c_str() );
// if we got something resembling "/var/run/docker.sock: resource temporarily unavaible"
// then we should check for a hung docker.
const char * p = strstr(line.c_str(), ".sock: resource ");
if (p && strstr(p, "unavailable")) {
check_for_hung_docker = true;
}
}
}
if (check_for_hung_docker) {
dprintf( D_ALWAYS, "Checking to see if Docker is offline\n");
ArgList infoArgs;
add_docker_arg(infoArgs);
infoArgs.AppendArg( "info" );
MyString displayString;
infoArgs.GetArgsStringForLogging( & displayString );
MyPopenTimer pgm2;
if (pgm2.start_program(infoArgs, true, NULL, false) < 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to run '%s'.\n", displayString.c_str() );
rval = DockerAPI::docker_hung;
} else {
int exitCode = 0;
if ( ! pgm2.wait_for_exit(60, &exitCode) || pgm2.output_size() <= 0) {
dprintf( D_ALWAYS | D_FAILURE, "Failed to get output from '%s' : %s.\n", displayString.c_str(), pgm2.error_str() );
rval = DockerAPI::docker_hung;
} else {
while (line.readLine(pgm2.output(),false)) {
line.chomp();
dprintf( D_FULLDEBUG, "[Docker Info] %s\n", line.c_str() );
}
}
}
if (rval == DockerAPI::docker_hung) {
dprintf( D_ALWAYS | D_FAILURE, "Docker is not responding. returning docker_hung error code.\n");
}
}
return rval;
}
/**
* merge_stderr_with_stdout is intended for clients of this function
* that wish to have the old behavior, where stderr and stdout were
* both added to the same StringList.
*/
int systemCommand( ArgList &args, priv_state priv, StringList *cmd_out, StringList * cmd_in,
StringList *cmd_err, bool merge_stderr_with_stdout)
{
int result = 0;
FILE *fp = NULL;
FILE * fp_for_stdin = NULL;
FILE * childerr = NULL;
MyString line;
char buff[1024];
StringList *my_cmd_out = cmd_out;
priv_state prev = PRIV_UNKNOWN;
int stdout_pipes[2];
int stdin_pipes[2];
int pid;
bool use_privsep = false;
switch ( priv ) {
case PRIV_ROOT:
prev = set_root_priv();
break;
case PRIV_USER:
case PRIV_USER_FINAL:
prev = set_user_priv();
#if !defined(WIN32)
if ( privsep_enabled() && (job_user_uid != get_condor_uid()) ) {
use_privsep = true;
}
#endif
break;
default:
// Stay as Condor user
;
}
#if defined(WIN32)
if((cmd_in != NULL) || (cmd_err != NULL))
{
vmprintf(D_ALWAYS, "Invalid use of systemCommand() in Windows.\n");
return -1;
}
//if ( use_privsep ) {
// fp = privsep_popen(args, "r", want_stderr, job_user_uid);
//}
//else {
fp = my_popen( args, "r", merge_stderr_with_stdout );
//}
#else
// The old way of doing things (and the Win32 way of doing
// things)
// fp = my_popen( args, "r", want_stderr );
if((cmd_err != NULL) && merge_stderr_with_stdout)
{
vmprintf(D_ALWAYS, "Invalid use of systemCommand().\n");
return -1;
}
PrivSepForkExec psforkexec;
char ** args_array = args.GetStringArray();
int error_pipe[2];
// AIX 5.2, Solaris 5.9, HPUX 11 don't have AF_LOCAL
if(pipe(stdin_pipes) < 0)
{
vmprintf(D_ALWAYS, "Error creating pipe: %s\n", strerror(errno));
deleteStringArray( args_array );
return -1;
}
if(pipe(stdout_pipes) < 0)
{
vmprintf(D_ALWAYS, "Error creating pipe: %s\n", strerror(errno));
close(stdin_pipes[0]);
close(stdin_pipes[1]);
deleteStringArray( args_array );
return -1;
}
if ( use_privsep ) {
if(!psforkexec.init())
{
vmprintf(D_ALWAYS,
"my_popenv failure on %s\n",
args_array[0]);
close(stdin_pipes[0]);
close(stdin_pipes[1]);
close(stdout_pipes[0]);
close(stdout_pipes[1]);
deleteStringArray( args_array );
return -1;
}
}
if(cmd_err != NULL)
{
if(pipe(error_pipe) < 0)
{
vmprintf(D_ALWAYS, "Could not open pipe for error output: %s\n", strerror(errno));
close(stdin_pipes[0]);
close(stdin_pipes[1]);
close(stdout_pipes[0]);
close(stdout_pipes[1]);
deleteStringArray( args_array );
return -1;
}
}
// Now fork and do what my_popen used to do
pid = fork();
if(pid < 0)
{
vmprintf(D_ALWAYS, "Error forking: %s\n", strerror(errno));
close(stdin_pipes[0]);
close(stdin_pipes[1]);
close(stdout_pipes[0]);
close(stdout_pipes[1]);
if(cmd_err != NULL) {
close(error_pipe[0]);
close(error_pipe[1]);
}
deleteStringArray( args_array );
return -1;
}
if(pid == 0)
{
close(stdout_pipes[0]);
close(stdin_pipes[1]);
dup2(stdout_pipes[1], STDOUT_FILENO);
dup2(stdin_pipes[0], STDIN_FILENO);
if(merge_stderr_with_stdout) dup2(stdout_pipes[1], STDERR_FILENO);
else if(cmd_err != NULL)
{
close(error_pipe[0]);
dup2(error_pipe[1], STDERR_FILENO);
}
uid_t euid = geteuid();
gid_t egid = getegid();
seteuid( 0 );
setgroups( 1, &egid );
setgid( egid );
setuid( euid );
install_sig_handler(SIGPIPE, SIG_DFL);
sigset_t sigs;
sigfillset(&sigs);
sigprocmask(SIG_UNBLOCK, &sigs, NULL);
MyString cmd = args_array[0];
if ( use_privsep ) {
ArgList al;
psforkexec.in_child(cmd, al);
deleteStringArray( args_array );
args_array = al.GetStringArray();
}
execvp(cmd.Value(), args_array);
vmprintf(D_ALWAYS, "Could not execute %s: %s\n", args_array[0], strerror(errno));
exit(-1);
}
close(stdin_pipes[0]);
close(stdout_pipes[1]);
fp_for_stdin = fdopen(stdin_pipes[1], "w");
fp = fdopen(stdout_pipes[0], "r");
if(cmd_err != NULL)
{
close(error_pipe[1]);
childerr = fdopen(error_pipe[0],"r");
if(childerr == 0)
{
vmprintf(D_ALWAYS, "Could not open pipe for reading child error output: %s\n", strerror(errno));
close(error_pipe[0]);
close(stdin_pipes[1]);
close(stdout_pipes[0]);
fclose(fp);
fclose(fp_for_stdin);
deleteStringArray( args_array );
return -1;
}
}
if ( use_privsep ) {
FILE* _fp = psforkexec.parent_begin();
privsep_exec_set_uid(_fp, job_user_uid);
privsep_exec_set_path(_fp, args_array[0]);
privsep_exec_set_args(_fp, args);
Env env;
env.MergeFrom(environ);
privsep_exec_set_env(_fp, env);
privsep_exec_set_iwd(_fp, ".");
privsep_exec_set_inherit_fd(_fp, 1);
privsep_exec_set_inherit_fd(_fp, 2);
privsep_exec_set_inherit_fd(_fp, 0);
if (!psforkexec.parent_end()) {
vmprintf(D_ALWAYS,
"my_popenv failure on %s\n",
args_array[0]);
fclose(fp);
fclose(fp_for_stdin);
if (childerr) {
fclose(childerr);
}
deleteStringArray( args_array );
return -1;
}
}
deleteStringArray( args_array );
#endif
set_priv( prev );
if ( fp == NULL ) {
MyString args_string;
args.GetArgsStringForDisplay( &args_string, 0 );
vmprintf( D_ALWAYS, "Failed to execute command: %s\n",
args_string.Value() );
if (childerr)
fclose(childerr);
return -1;
}
if(cmd_in != NULL) {
cmd_in->rewind();
char * tmp;
while((tmp = cmd_in->next()) != NULL)
{
fprintf(fp_for_stdin, "%s\n", tmp);
fflush(fp_for_stdin);
}
}
if (fp_for_stdin) {
// So that we will not be waiting for output while the
// script waits for stdin to be closed.
fclose(fp_for_stdin);
}
if ( my_cmd_out == NULL ) {
my_cmd_out = new StringList();
}
while ( fgets( buff, sizeof(buff), fp ) != NULL ) {
line += buff;
if ( line.chomp() ) {
my_cmd_out->append( line.Value() );
line = "";
}
}
if(cmd_err != NULL)
{
while(fgets(buff, sizeof(buff), childerr) != NULL)
{
line += buff;
if(line.chomp())
{
cmd_err->append(line.Value());
line = "";
}
}
fclose(childerr);
}
#if defined(WIN32)
result = my_pclose( fp );
#else
// Why close first? Just in case the child process is waiting
// on a read, and we have nothing more to send it. It will
// now receive a SIGPIPE.
fclose(fp);
if(waitpid(pid, &result, 0) < 0)
{
vmprintf(D_ALWAYS, "Unable to wait: %s\n", strerror(errno));
if ( cmd_out == NULL ) {
delete my_cmd_out;
}
return -1;
}
#endif
if( result != 0 ) {
MyString args_string;
args.GetArgsStringForDisplay(&args_string,0);
vmprintf(D_ALWAYS,
"Command returned non-zero: %s\n",
args_string.Value());
my_cmd_out->rewind();
const char *next_line;
while ( (next_line = my_cmd_out->next()) ) {
vmprintf( D_ALWAYS, " %s\n", next_line );
}
}
if ( cmd_out == NULL ) {
delete my_cmd_out;
}
return result;
}
int
main( int argc, char* argv[] )
{
int i;
param_functions *p_funcs = NULL;
set_mySubSystem( "DAEMON-TOOL", SUBSYSTEM_TYPE_TOOL );
MyName = argv[0];
myDistro->Init( argc, argv );
FILE *input_fp = stdin;
for( i=1; i<argc; i++ ) {
if( match_prefix( argv[i], "-daemontype" ) ) {
if( argv[i + 1] ) {
get_mySubSystem()->setName( argv[++i] );
get_mySubSystem()->setTypeFromName( );
} else {
usage();
}
} else if( match_prefix( argv[i], "-debug" ) ) {
// dprintf to console
Termlog = 1;
p_funcs = get_param_functions();
dprintf_config( "DAEMON-TOOL", p_funcs );
set_debug_flags(NULL, D_FULLDEBUG|D_SECURITY);
} else if( match_prefix( argv[i], "-" ) ) {
usage();
} else {
usage();
}
}
// If we didn't get told what subsystem we should use, set it
// to "TOOL".
if( !get_mySubSystem()->isNameValid() ) {
get_mySubSystem()->setName( "DAEMON-TOOL" );
}
config( 0, true );
IpVerify ipverify;
MyString line;
while( line.readLine(input_fp) ) {
line.chomp();
if( line.IsEmpty() || line[0] == '#' ) {
printf("%s\n",line.Value());
continue;
}
StringList fields(line.Value()," ");
fields.rewind();
char const *perm_str = fields.next();
char const *fqu = fields.next();
char const *ip = fields.next();
char const *expected = fields.next();
MyString sin_str = generate_sinful(ip, 0);
condor_sockaddr addr;
if( !addr.from_sinful(sin_str) ) {
fprintf(stderr,"Invalid ip address: %s\n",ip);
exit(1);
}
DCpermission perm = StringToDCpermission(perm_str);
if( perm == LAST_PERM ) {
fprintf(stderr,"Invalid permission level: %s\n",perm_str);
exit(1);
}
if( strcmp(fqu,"*") == 0 ) {
fqu = "";
}
char const *result;
MyString reason;
if( ipverify.Verify(perm,addr,fqu,&reason,&reason) != USER_AUTH_SUCCESS ) {
result = "DENIED";
}
else {
result = "ALLOWED";
}
if( expected && strcasecmp(expected,result) != 0 ) {
printf("Got wrong result '%s' for '%s': reason: %s!\n",
result,line.Value(),reason.Value());
printf("Aborting.\n");
exit(1);
}
if( expected ) {
printf("%s\n",line.Value());
}
else {
printf("%s %s\n",line.Value(),result);
}
}
}
