Merge pull request #805 from NethServer/issue754

Improve historical data sending #754
NethServer · Oct 1, 2024 · 294b211 · 294b211
2 parents 35346f8 + aa0d125
commit 294b211
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 8 deletions.
diff --git a/packages/ns-api/README.md b/packages/ns-api/README.md
@@ -6448,7 +6448,9 @@ Response example with connected machine:
   "server": "https://controller.nethsecurity.org",
   "unit_name": "NethSec",
   "unit_id": "94615a9e-2fae-4ac4-91b0-6c03e624ab48",
-  "tls_verify": false
+  "tls_verify": false,
+  "push_status": "enabled",
+  "push_last_sent": 1727703300
 }
 ```
 
@@ -6460,13 +6462,17 @@ Response example for an unconfigured machine:
   "server": null,
   "unit_name": "NethSec",
   "unit_id": "",
-  "tls_verify": false
+  "tls_verify": true,
+  "push_status": "disabled",
+  "push_last_sent": -1
 }
 ```
 
 Possible values for `status` are `connected`, `unregistered` and `pending`.
 `address` is null if the status is `unregistered` or `pending`.
 `server` is null if the status is `unregistered`.
+`push_status` can be `enabled` or `disabled`, it's `enabled` if the server has a valid subscription; if enabled, `push_last_sent` contains the timestamp of last
+time the unit has pushed data to the controller.
 If `unit_name` has not been previously set, default value is the hostname of the machine.
 The `unit_id` is generated from the controller and contained inside the join_code.
 

diff --git a/packages/ns-api/files/ns.plug b/packages/ns-api/files/ns.plug
@@ -7,6 +7,7 @@
 
 # Manage registration to the controller
 
+import re
 import os
 import sys
 import json
@@ -15,20 +16,50 @@ import base64
 from nethsec import utils, firewall
 from euci import EUci
 import subprocess
+from datetime import datetime
 
 def get_hostname():
     with open('/proc/sys/kernel/hostname', 'r') as fp:
         return fp.read().strip()
 
+
+def find_last_sent():
+    search_pattern = r"USER root pid \d+ cmd /usr/bin/ns-push-reports"
+    log_file = "/var/log/messages"
+
+    try:
+        with open(log_file, 'r') as file:
+            for line in reversed(file.readlines()):
+                if re.search(search_pattern, line):
+                    date_str = line.split()[0:3]
+                    current_year = datetime.now().year
+                    timestamp_str = f"{current_year} {' '.join(date_str)}"
+                    return int(datetime.strptime(timestamp_str, "%Y %b %d %H:%M:%S").timestamp())
+    except Exception:
+        pass
+
+    return -1
+
 def status():
     u = EUci()
     server = u.get("ns-plug", "config", "server", default=None)
     unit_name = u.get("ns-plug", "config", "unit_name", default=get_hostname())
     unit_id = u.get("ns-plug", "config", "unit_id", default='')
     tls_verify = u.get("ns-plug", "config", "tls_verify", default="1") == "1"
+    subscription = u.get("ns-plug", "config", "subscription_type", default="")
     address = None
+    last_sent = -1
     if not server:
-        return {"status": "unregistered", "address": address, "server": server, "unit_name": unit_name, "unit_id": unit_id, "tls_verify": tls_verify}
+        return {
+                "status": "unregistered",
+                "address": address,
+                "server": server,
+                "unit_name": unit_name,
+                "unit_id": unit_id,
+                "tls_verify": tls_verify,
+                "push_status": "disabled",
+                "push_last_sent": last_sent
+            }
 
     # if tun-plug is present
     if os.path.exists("/usr/share/ns-plug/client.conf"):
@@ -42,7 +73,18 @@ def status():
         status = "pending"
     if address is not None:
         status = "connected"
-    return {"status": status, "address": address, "server": server, "unit_name": unit_name, "unit_id": unit_id, "tls_verify": tls_verify}
+    if subscription:
+        last_sent = find_last_sent()
+    return {
+            "status": status,
+            "address": address,
+            "server": server,
+            "unit_name": unit_name,
+            "unit_id": unit_id,
+            "tls_verify": tls_verify,
+            "push_status": "enabled" if subscription else "disabled",
+            "push_last_sent": last_sent
+        }
 
 def register(join_code, tls_verify, unit_name):
     u = EUci()

diff --git a/packages/ns-plug/files/ns-plug b/packages/ns-plug/files/ns-plug
@@ -138,9 +138,10 @@ if [ "$(uci -q get rsyslog.promtail)" == "" ]; then
     sleep 5 # wait for rsyslog
 fi
 
-# Send data to controller every 15 minutes
-grep -qF '/usr/bin/ns-push-reports' /etc/crontabs/root || echo '*/15 * * * * sleep $(( RANDOM % 60 )); /usr/bin/ns-push-reports' >> /etc/crontabs/root && /etc/init.d/cron restart
-
+# Send data to controller every 15 minutes, only if subscription is enabled
+if [ ! -z "$subscription_type" ]; then
+    grep -qF '/usr/bin/ns-push-reports' /etc/crontabs/root || echo '*/15 * * * * sleep $(( RANDOM % 60 )); /usr/bin/ns-push-reports' >> /etc/crontabs/root && /etc/init.d/cron restart
+fi
 
 # Start the VPN
 if [ -f ${CONFIG_FILE} ]; then

diff --git a/packages/ns-plug/files/ns-push-reports b/packages/ns-plug/files/ns-push-reports
@@ -33,7 +33,7 @@ if [ -z "${token}" ]; then
 fi
 
 # Disable certificate verification if tls_verify is set to 0
-curl_opts="-sL"
+curl_opts="--fail -sL"
 tls_verify=$(uci -q get ${UCI_CONF}.config.tls_verify)
 if [ "${tls_verify}" == "0" ]; then
     curl_opts="${curl_opts}k"
@@ -57,4 +57,7 @@ for api in "${dump_apis[@]}"; do
         -u ${unit_id}:${token} \
         -o /dev/null \
         ${server}/api/ingest/${api} --data @-
+    if [ $? -gt 0 ]; then
+	logger -t ns-push-reports "Failed to push $api"
+    fi
 done