From c8f142946a314effbd4d132a3b1f083dc833a5a4 Mon Sep 17 00:00:00 2001 From: chalice-1831 <844589474@qq.com> Date: Tue, 3 Sep 2024 14:40:18 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20Unix=E7=B3=BB=E7=BB=9F=E4=B8=8B?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E6=97=A0=E5=85=8D=E5=AF=86sudo=E6=9D=83?= =?UTF-8?q?=E9=99=90=E8=B4=A6=E5=8F=B7=E5=AE=89=E8=A3=85agent=20(closed=20?= =?UTF-8?q?#1675)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/backend/agent/solution_maker.py | 16 +- apps/backend/components/collections/job.py | 16 ++ apps/backend/components/collections/plugin.py | 2 +- .../0083_accesspoint_is_use_sudo.py | 18 ++ apps/node_man/models.py | 1 + apps/node_man/serializers/ap.py | 2 + .../agent_tools/agent2/setup_agent.sh | 23 ++- .../agent_tools/agent2/setup_agent.zsh | 22 ++- .../agent_tools/agent2/setup_proxy.sh | 16 +- script_tools/gsectl/agent/darwin/gsectl | 173 ++++++++++++------ script_tools/gsectl/agent/linux/gsectl | 172 +++++++++++------ script_tools/setup_agent.ksh | 28 ++- script_tools/setup_agent.sh | 48 +++-- script_tools/setup_agent.zsh | 44 +++-- script_tools/setup_proxy.sh | 33 +++- 15 files changed, 455 insertions(+), 159 deletions(-) create mode 100755 apps/node_man/migrations/0083_accesspoint_is_use_sudo.py diff --git a/apps/backend/agent/solution_maker.py b/apps/backend/agent/solution_maker.py index ef7d6d3eb8..1ade800719 100644 --- a/apps/backend/agent/solution_maker.py +++ b/apps/backend/agent/solution_maker.py @@ -271,6 +271,12 @@ def get_run_cmd_base_params(self) -> typing.List[str]: f"-s {self.pipeline_id}", ] + if self.host_ap.is_use_sudo: + run_dir = f'GSE_AGENT_RUN_DIR={self.agent_config["run_path"]}' + data_dir = f'GSE_AGENT_DATA_DIR={self.agent_config["data_path"]}' + log_dir = f'GSE_AGENT_LOG_DIR={self.agent_config["log_path"]}' + run_cmd_params.append(f"-v {run_dir} {data_dir} {log_dir}") + # 系统开启使用密码注册 Windows 服务时,需额外传入 -U -P 参数,用于注册 Windows 服务,详见 setup_agent.bat 脚本 if self.need_encrypted_password(): # GSE 密码注册场景暂不启用国密,使用固定 RSA 的方式 @@ -304,7 +310,7 @@ def get_run_cmd_base_params(self) -> typing.List[str]: return list(filter(None, run_cmd_params)) - def add_sudo_to_cmds(self, execution_solution: ExecutionSolution): + def add_sudo_to_cmds(self, execution_solution: ExecutionSolution, is_use_sudo: bool = True): # 非 Windows 机器使用 sudo 权限执行命令 # PAgent 依赖 setup_pagent.py 添加 sudo # Windows Cygwin sudo command not found:Cygwin 本身通过 administrator 启动,无需 sudo @@ -317,15 +323,16 @@ def add_sudo_to_cmds(self, execution_solution: ExecutionSolution): ): return + sudo_cmd: str = "sudo " if is_use_sudo else "" for execution_solution_step in execution_solution.steps: if execution_solution_step.type != constants.CommonExecutionSolutionStepType.COMMANDS.value: continue for execution_solution_content in execution_solution_step.contents: if execution_solution_content.name == "run_cmd": shell_pkg: str = ("bash", "ksh")[self.host.os_type == constants.OsType.AIX] - execution_solution_content.text = f'sudo {shell_pkg} -c "{execution_solution_content.text}"' + execution_solution_content.text = f'{sudo_cmd}{shell_pkg} -c "{execution_solution_content.text}"' else: - execution_solution_content.text = f"sudo {execution_solution_content.text}" + execution_solution_content.text = f"{sudo_cmd}{execution_solution_content.text}" def combine_cmd_step(self, execution_solution: ExecutionSolution): for execution_solution_step in execution_solution.steps: @@ -533,7 +540,8 @@ def make(self) -> ExecutionSolution: execution_solution: ExecutionSolution = self._make() if self.is_combine_cmd_step: self.combine_cmd_step(execution_solution) - self.add_sudo_to_cmds(execution_solution) + + self.add_sudo_to_cmds(execution_solution, self.host_ap.is_superuser) return execution_solution diff --git a/apps/backend/components/collections/job.py b/apps/backend/components/collections/job.py index 5fee80cd0d..a7017c2675 100644 --- a/apps/backend/components/collections/job.py +++ b/apps/backend/components/collections/job.py @@ -130,6 +130,22 @@ def request_single_job_and_create_map( account_alias = (settings.BACKEND_UNIX_ACCOUNT, settings.BACKEND_WINDOWS_ACCOUNT)[ os_type == constants.OsType.WINDOWS ] + + account_set: set = () + for host in job_params["target_server"][host_interaction_from]: + if host_interaction_from == "host_id_list": + account = models.Host.objects.get(bk_host_id=host).identity.account + account_set.add(account) + + if host_interaction_from == "ip_list": + account = models.Host.objects.get(inner_ip=host["ip"]).identity.account + account_set.add(account) + + if len(account_set) > 1: + raise AppBaseException(_("目标机器账户不一致,请检查")) + + account_alias = account_set.pop() + script_language = (constants.ScriptLanguageType.SHELL.value, constants.ScriptLanguageType.BAT.value)[ os_type == constants.OsType.WINDOWS ] diff --git a/apps/backend/components/collections/plugin.py b/apps/backend/components/collections/plugin.py index b8412e95d5..4eab7fdc64 100644 --- a/apps/backend/components/collections/plugin.py +++ b/apps/backend/components/collections/plugin.py @@ -1204,7 +1204,7 @@ def _execute(self, data, parent_data, common_data: PluginCommonData): "proc_name": package_control.process_name or plugin.name, "setup_path": process_status.setup_path, "pid_path": process_status.pid_path, - "user": constants.ACCOUNT_MAP.get(host.os_type, "root"), + "user": host.identity.account, }, "control": gse_control, "resource": host_id__resource_policy_map[bk_host_id]["resource"], diff --git a/apps/node_man/migrations/0083_accesspoint_is_use_sudo.py b/apps/node_man/migrations/0083_accesspoint_is_use_sudo.py new file mode 100755 index 0000000000..9123494e4f --- /dev/null +++ b/apps/node_man/migrations/0083_accesspoint_is_use_sudo.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.4 on 2024-08-26 08:39 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("node_man", "0082_host_dept_name"), + ] + + operations = [ + migrations.AddField( + model_name="accesspoint", + name="is_use_sudo", + field=models.BooleanField(default=True, verbose_name="是否使用sudo"), + ), + ] diff --git a/apps/node_man/models.py b/apps/node_man/models.py index 91bf53f0e7..5b11859e3d 100644 --- a/apps/node_man/models.py +++ b/apps/node_man/models.py @@ -560,6 +560,7 @@ class AccessPoint(models.Model): proxy_package = JSONField(_("Proxy上的安装包"), default=list) outer_callback_url = models.CharField(_("节点管理外网回调地址"), max_length=128, blank=True, null=True, default="") callback_url = models.CharField(_("节点管理内网回调地址"), max_length=128, blank=True, null=True, default="") + is_use_sudo = models.BooleanField(_("是否使用sudo"), default=True) @property def file_endpoint_info(self) -> EndpointInfo: diff --git a/apps/node_man/serializers/ap.py b/apps/node_man/serializers/ap.py index 9adf3fd8ae..596c87df64 100644 --- a/apps/node_man/serializers/ap.py +++ b/apps/node_man/serializers/ap.py @@ -52,6 +52,7 @@ class ListSerializer(serializers.ModelSerializer): is_default = serializers.BooleanField(label=_("是否默认接入点,不可删除")) proxy_package = serializers.JSONField(label=_("Proxy上的安装包")) file_cache_dirs = serializers.SerializerMethodField(label=_("文件缓存目录")) + is_use_sudo = serializers.BooleanField(label=_("是否使用sudo")) def to_representation(self, instance): ret = super(ListSerializer, self).to_representation(instance) @@ -117,6 +118,7 @@ class ZKSerializer(serializers.Serializer): bscp_config = serializers.DictField(_("BSCP配置"), required=False) outer_callback_url = serializers.CharField(label=_("节点管理外网回调地址"), required=False, allow_blank=True) callback_url = serializers.CharField(label=_("节点管理内网回调地址"), required=False, allow_blank=True) + is_use_sudo = serializers.BooleanField(label=_("是否使用sudo"), required=False, default=True) def validate(self, data): gse_version_list: List[str] = list(set(AccessPoint.objects.values_list("gse_version", flat=True))) diff --git a/script_tools/agent_tools/agent2/setup_agent.sh b/script_tools/agent_tools/agent2/setup_agent.sh index 88c0e9de03..ce140f5a18 100755 --- a/script_tools/agent_tools/agent2/setup_agent.sh +++ b/script_tools/agent_tools/agent2/setup_agent.sh @@ -130,7 +130,6 @@ validate_setup_path () { /sys /sbin /root - /home ) local invalid_path=( @@ -314,6 +313,10 @@ check_heathz_by_gse () { } remove_crontab () { + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron tmpcron=$(mktemp "$TMP_DIR"/cron.XXXXXXX) @@ -327,6 +330,10 @@ remove_crontab () { } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + check_rc_file local rcfile=$RC_LOCAL_FILE @@ -475,7 +482,10 @@ remove_agent () { log remove_agent - "trying to remove old agent directory(${AGENT_SETUP_PATH}/${AGENT_CLEAN_UP_DIRS[@]})" cd "${AGENT_SETUP_PATH}" || return 0 - for file in `lsattr -R |egrep "i-" |awk '{print $NF}'`;do echo "--- $file" && chattr -i $file ;done + + if [ $IS_SUPER == true ]; then + for file in `lsattr -R |egrep "i-" |awk '{print $NF}'`;do echo "--- $file" && chattr -i $file ;done + fi cd - if [[ "$REMOVE" == "TRUE" ]]; then @@ -686,7 +696,7 @@ _OO_ } validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -886,6 +896,13 @@ while getopts n:t:I:i:l:s:uc:r:x:p:e:a:k:N:v:oT:RDO:E:A:V:B:S:Z:K:F arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + ## 检查自定义环境变量 for var_name in ${VARS_LIST//;/ /}; do validate_vars_string "$var_name" || fail "$var_name is not a valid name" diff --git a/script_tools/agent_tools/agent2/setup_agent.zsh b/script_tools/agent_tools/agent2/setup_agent.zsh index 468c19bd97..56d8f73f34 100644 --- a/script_tools/agent_tools/agent2/setup_agent.zsh +++ b/script_tools/agent_tools/agent2/setup_agent.zsh @@ -133,7 +133,6 @@ validate_setup_path () { /sys /sbin /root - /home ) local invalid_path=( @@ -314,6 +313,10 @@ check_heathz_by_gse () { } remove_crontab () { + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron tmpcron=$(mktemp "$TMP_DIR"/cron.XXXXXXX) @@ -332,6 +335,10 @@ get_daemon_file () { } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + get_daemon_file touch $DAEMON_FILE_PATH$DAEMON_FILE_NAME bash -c "cat >$DAEMON_FILE_NAME" << EOF @@ -487,7 +494,9 @@ remove_agent () { log remove_agent - "trying to remove old agent directory(${AGENT_SETUP_PATH}/${AGENT_CLEAN_UP_DIRS[@]})" cd "${AGENT_SETUP_PATH}" - for file in `ls -lR@ |ggrep -E "i-" |awk '{print $NF}'`;do echo "--- $file" && chattr -i $file ;done + if [ $IS_SUPER == true ]; then + for file in `ls -lR@ |ggrep -E "i-" |awk '{print $NF}'`;do echo "--- $file" && chattr -i $file ;done + fi cd - if [[ "$REMOVE" == "TRUE" ]]; then @@ -696,7 +705,7 @@ _OO_ } validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -897,6 +906,13 @@ while getopts n:t:I:i:l:s:uc:r:x:p:e:a:k:N:v:oT:RDO:E:A:V:B:S:Z:K:F arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + ## 检查自定义环境变量 for var_name in ${VARS_LIST//;/ /}; do validate_vars_string "$var_name" || fail "$var_name is not a valid name" diff --git a/script_tools/agent_tools/agent2/setup_proxy.sh b/script_tools/agent_tools/agent2/setup_proxy.sh index af72b64d5f..085fce1173 100755 --- a/script_tools/agent_tools/agent2/setup_proxy.sh +++ b/script_tools/agent_tools/agent2/setup_proxy.sh @@ -295,6 +295,10 @@ report_mkdir () { } remove_crontab () { + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron tmpcron=$(mktemp "$TMP_DIR"/cron.XXXXXXX) @@ -308,6 +312,10 @@ remove_crontab () { } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + check_rc_file local rcfile=$RC_LOCAL_FILE @@ -646,7 +654,7 @@ _OO_ } validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -858,6 +866,12 @@ while getopts n:t:I:i:l:s:uc:r:x:p:e:a:k:N:g:v:oT:RO:E:A:V:B:S:Z:K:F arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi ## 检查自定义环境变量 for var_name in ${VARS_LIST//;/ /}; do diff --git a/script_tools/gsectl/agent/darwin/gsectl b/script_tools/gsectl/agent/darwin/gsectl index 86bf7909b7..7dc8aa1be2 100755 --- a/script_tools/gsectl/agent/darwin/gsectl +++ b/script_tools/gsectl/agent/darwin/gsectl @@ -8,6 +8,21 @@ WORK_HOME=${PWD%/bin} WORK_HOME=`echo $WORK_HOME |sed 's/\/$//g'` INSTALL_ENV=`echo $WORK_HOME |awk -F/ '{print $(NF-1)}'` +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + +TEMP_DIR=/tmp +VAR_RUN_DIR=/var/run +if [ $IS_SUPER == true ]; then + TEMP_DIR=$WORK_HOME/tmp + VAR_RUN_DIR=$TEMP_DIR +fi + + # 设置agent的max open files ulimit -n 409600 2>/dev/null ulimit -c unlimited @@ -55,7 +70,7 @@ start_by_binary () { fi echo "start gse_agent ..." - ( ./gse_agent -f $WORK_HOME/etc/gse_agent.conf ) 1>/tmp/start_${node_type}_tmp.log 2>&1; sleep 3 + ( ./gse_agent -f $WORK_HOME/etc/gse_agent.conf ) 1>$TEMP_DIR/start_${node_type}_tmp.log 2>&1; sleep 3 __status; @@ -63,7 +78,7 @@ start_by_binary () { if is_use_systemd ;then systemctl status ${INSTALL_ENV}_${module} else - tail /tmp/start_${node_type}_tmp.log + tail $TEMP_DIR/start_${node_type}_tmp.log fi return 1 fi @@ -142,7 +157,7 @@ log () { local timestamp=$(date +%Y%m%d-%H%M%S) local level=INFO local func_seq=$(echo "${FUNCNAME[@]}" | sed 's/ /-/g') - local logfile=${LOG_FILE:=/tmp/watch_${INSTALL_ENV}_${node_type}.log} + local logfile=${LOG_FILE:=$TEMP_DIR/watch_${INSTALL_ENV}_${node_type}.log} local minute local firstday @@ -159,8 +174,8 @@ log () { echo "[$(blue_echo ${EXTERNAL_IP}-$LAN_IP)]$timestamp $level|$BASH_LINENO|${func_seq} The current day is first day of month, reset the log file to new one ." >>$logfile [ -f $LOG_FILE ] && mv $LOG_FILE ${LOG_FILE}_$(date -d "last month" '+%Y%m').log touch $LOG_FILE - if [ -f /tmp/watch_gse2_agent.log ];then - mv /tmp/watch_gse2_agent.log /tmp/watch_gse2_agent_$(date -d "last month" '+%Y%m').log + if [ -f $TEMP_DIR/watch_gse2_agent.log ];then + mv $TEMP_DIR/watch_gse2_agent.log $TEMP_DIR/watch_gse2_agent_$(date -d "last month" '+%Y%m').log fi fi fi @@ -186,7 +201,7 @@ watch_by_binary () { local module="agent" # 设置记录上次脚本运行的文件 - LAST_RUN_FILE=/var/run/already_run_times_$module + LAST_RUN_FILE=$VAR_RUN_DIR/already_run_times_$module # 如果文件存在,则读取文件中记录的次数 if [ -f $LAST_RUN_FILE ]; then @@ -211,8 +226,8 @@ watch_by_binary () { THRESHOLD=5 # 检查上一次脚本是否存在 - if [ -f /var/run/gsectl_check_agent_status.pid ]; then - pid=`cat /var/run/gsectl_check_agent_status.pid` + if [ -f $VAR_RUN_DIR/gsectl_check_agent_status.pid ]; then + pid=`cat $VAR_RUN_DIR/gsectl_check_agent_status.pid` if lsof -p $pid >/dev/null; then log "`date +'%F %T.%N'` Last Script: $0 Detection status: PID:$pid is until running , no longer checking the status of the module: ${module}" return @@ -228,7 +243,7 @@ watch_by_binary () { fi # 记录当前脚本的 PID - echo $$ > /var/run/gsectl_check_agent_status.pid + echo $$ > $VAR_RUN_DIR/gsectl_check_agent_status.pid # 检测gse_agent是否正常存在的逻辑 if [ -z "${module}" ]; then @@ -444,10 +459,18 @@ is_systemd_supported () { is_use_systemd () { local module="agent" - if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then - return 0 + if [ $IS_SUPER == true ]; then + if [ -f $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service ];then + return 0 + else + return 1 + fi else - return 1 + if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then + return 0 + else + return 1 + fi fi } @@ -509,7 +532,11 @@ check_rc_file () { } get_daemon_file () { - DAEMON_FILE_PATH="/Library/LaunchDaemons/" + if [ $IS_SUPER == false ]; then + DAEMON_FILE_PATH="/Library/LaunchDaemons/" + else + DAEMON_FILE_PATH="~/Library/LaunchAgents/" + fi DAEMON_FILE_NAME="com.tencent.$(echo ${WORK_HOME%*/} | tr '/' '.' | awk -F '.' '{print $(NF-1)"."$NF}').Daemon.plist" } @@ -539,7 +566,7 @@ EOF add_config_to_systemd () { local module="agent" -cat > /tmp/${INSTALL_ENV}_${module}.service << EOF +cat > $TEMP_DIR/${INSTALL_ENV}_${module}.service << EOF [Unit] Description=GSE2.0 Agent Daemon Wants=network-online.target @@ -550,7 +577,7 @@ LimitNOFILE=512000 LimitCORE=infinity WorkingDirectory=${WORK_HOME}/bin PIDFile=${WORK_HOME}/bin/run/${module}.pid -ExecStart=${WORK_HOME}/bin/gse_agent -f /usr/local/${INSTALL_ENV}/${node_type}/etc/gse_agent.conf +ExecStart=${WORK_HOME}/bin/gse_agent -f ${WORK_HOME}/etc/gse_agent.conf ExecReload=${WORK_HOME}/bin/gse_agent --reload ExecStop=${WORK_HOME}/bin/gse_agent --quit Type=forking @@ -563,26 +590,48 @@ RestartSec=10 WantedBy=multi-user.target EOF - if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then - if [ `md5sum /tmp/${INSTALL_ENV}_${module}.service |awk '{print $1}'` == `md5sum /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service |awk '{print $1}'` ];then - echo "${INSTALL_ENV}_${module}.service have no change..." + if [ $IS_SUPER == true ]; then + if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then + if [ `md5sum $TEMP_DIR/${INSTALL_ENV}_${module}.service |awk '{print $1}'` == `md5sum /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service |awk '{print $1}'` ];then + echo "${INSTALL_ENV}_${module}.service have no change..." + else + echo "update ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + systemctl daemon-reload + systemctl enable ${INSTALL_ENV}_${module}.service + fi else - echo "update ${INSTALL_ENV}_${module}.service" - cp /tmp/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + echo "copy ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service systemctl daemon-reload systemctl enable ${INSTALL_ENV}_${module}.service fi + + # 删除rc.local里的启动项 + check_rc_file + sed -i "\|${WORK_HOME}/bin/gsectl start ${module}|d" $RC_LOCAL_FILE else - echo "copy ${INSTALL_ENV}_${module}.service" - cp /tmp/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service - systemctl daemon-reload - systemctl enable ${INSTALL_ENV}_${module}.service + if [ -f $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service ];then + if [ `md5sum $TEMP_DIR/${INSTALL_ENV}_${module}.service |awk '{print $1}'` == `md5sum $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service |awk '{print $1}'` ];then + echo "${INSTALL_ENV}_${module}.service have no change..." + else + echo "update ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service + systemctl --user daemon-reload + systemctl --user enable ${INSTALL_ENV}_${module}.service + fi + else + if [ ! -d "$HOME/.config/systemd" ]; then + echo "文件夹 ~/.config/systemd 不存在,正在创建..." + mkdir -p $HOME/.config/systemd/user + fi + echo "copy ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service + systemctl --user daemon-reload + systemctl --user enable ${INSTALL_ENV}_${module}.service + fi fi - # 删除rc.local里的启动项 - check_rc_file - sed -i "\|${WORK_HOME}/bin/gsectl start ${module}|d" $RC_LOCAL_FILE - # 删除crontab里的watch条目 remove_crontab } @@ -590,10 +639,18 @@ EOF remove_systemd_config (){ local module="agent" - if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then - systemctl stop ${INSTALL_ENV}_${module}.service - systemctl disable ${INSTALL_ENV}_${module}.service - rm /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + if [ $IS_SUPER == true ]; then + if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then + systemctl stop ${INSTALL_ENV}_${module}.service + systemctl disable ${INSTALL_ENV}_${module}.service + rm /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + fi + else + if [ -f $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service ];then + systemctl --user stop ${INSTALL_ENV}_${module}.service + systemctl --user disable ${INSTALL_ENV}_${module}.service + rm $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service + fi fi } @@ -605,12 +662,12 @@ setup_crontab () { return 0 fi - tmpcron=/tmp/cron.XXXXXXX + tmpcron=$TEMP_DIR/cron.XXXXXXX ( crontab -l | grep -v "$WORK_HOME/bin/gsectl" echo "#$WORK_HOME/bin/gsectl Agent check, add by NodeMan @ `date +'%F %T'`" - echo "* * * * * $WORK_HOME/bin/gsectl watch agent 1>>/tmp/watch_gse2_agent.log 2>&1" + echo "* * * * * $WORK_HOME/bin/gsectl watch agent 1>>$TEMP_DIR/watch_gse2_agent.log 2>&1" ) > "$tmpcron" crontab "$tmpcron" && rm -f "$tmpcron" @@ -619,14 +676,18 @@ setup_crontab () { remove_crontab (){ local tmpcron - tmpcron=/tmp/cron.XXXXXX + tmpcron= $TEMP_DIR/cron.XXXXXX crontab -l |grep -E -v "$WORK_HOME" >$tmpcron crontab $tmpcron && rm -f $tmpcron # 下面这段代码是为了确保修改的crontab立即生效 - if pgrep -x crond &>/dev/null; then - pkill -HUP -x crond + if [ $IS_SUPER == true ]; then + if pgrep -x crond &>/dev/null; then + pkill -HUP -x crond + fi + else + crontab -l | crontab - fi } @@ -830,33 +891,33 @@ if [ "${node_type}" == "unknown" ];then fi if [ $auto_type == "systemd" ]; then case $action in - start) start_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - stop) stop_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - restart) restart_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - status) status_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - reload) reload_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - healthz) healthz_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; + start) start_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + stop) stop_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + restart) restart_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + status) status_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + reload) reload_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + healthz) healthz_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; -h|*) usage ; exit 255 ;; esac elif [ $auto_type == "crontab" ]; then case $action in - start) start_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - stop) stop_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - restart) restart_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - status) status_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - reload) reload_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - healthz) healthz_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - watch) watch_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; + start) start_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + stop) stop_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + restart) restart_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + status) status_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + reload) reload_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + healthz) healthz_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + watch) watch_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; -h|*) usage ; exit 255 ;; esac elif [ $auto_type == "rclocal" ]; then case $action in - start) start_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - stop) stop_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - restart) restart_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - status) status_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - reload) reload_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - healthz) healthz_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; + start) start_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + stop) stop_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + restart) restart_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + status) status_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + reload) reload_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + healthz) healthz_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; -h|*) usage ; exit 255 ;; esac fi diff --git a/script_tools/gsectl/agent/linux/gsectl b/script_tools/gsectl/agent/linux/gsectl index 8d9ca1b60d..acff29c2a8 100755 --- a/script_tools/gsectl/agent/linux/gsectl +++ b/script_tools/gsectl/agent/linux/gsectl @@ -7,6 +7,20 @@ WORK_HOME=${PWD%/bin} WORK_HOME=`echo $WORK_HOME |sed 's/\/$//g'` INSTALL_ENV=`echo $WORK_HOME |awk -F/ '{print $(NF-1)}'` +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + +TEMP_DIR=/tmp +VAR_RUN_DIR=/var/run +if [ $IS_SUPER == true ]; then + TEMP_DIR=$WORK_HOME/tmp + VAR_RUN_DIR=$TEMP_DIR +fi + # 设置agent的max open files ulimit -n 409600 2>/dev/null ulimit -c unlimited @@ -54,7 +68,7 @@ start_by_binary () { fi echo "start gse_agent ..." - ( ./gse_agent -f $WORK_HOME/etc/gse_agent.conf ) 1>/tmp/start_${node_type}_tmp.log 2>&1; sleep 3 + ( ./gse_agent -f $WORK_HOME/etc/gse_agent.conf ) 1>$TEMP_DIR/start_${node_type}_tmp.log 2>&1; sleep 3 __status; @@ -62,7 +76,7 @@ start_by_binary () { if is_use_systemd ;then systemctl status ${INSTALL_ENV}_${module} else - tail /tmp/start_${node_type}_tmp.log + tail $TEMP_DIR/start_${node_type}_tmp.log fi return 1 fi @@ -141,7 +155,7 @@ log () { local timestamp=$(date +%Y%m%d-%H%M%S) local level=INFO local func_seq=$(echo "${FUNCNAME[@]}" | sed 's/ /-/g') - local logfile=${LOG_FILE:=/tmp/watch_${INSTALL_ENV}_${node_type}.log} + local logfile=${LOG_FILE:=$TEMP_DIR/watch_${INSTALL_ENV}_${node_type}.log} local minute local firstday @@ -158,8 +172,8 @@ log () { echo "[$(blue_echo ${EXTERNAL_IP}-$LAN_IP)]$timestamp $level|$BASH_LINENO|${func_seq} The current day is first day of month, reset the log file to new one ." >>$logfile [ -f $LOG_FILE ] && mv $LOG_FILE ${LOG_FILE}_$(date -d "last month" '+%Y%m').log touch $LOG_FILE - if [ -f /tmp/watch_gse2_agent.log ];then - mv /tmp/watch_gse2_agent.log /tmp/watch_gse2_agent_$(date -d "last month" '+%Y%m').log + if [ -f $TEMP_DIR/watch_gse2_agent.log ];then + mv $TEMP_DIR/watch_gse2_agent.log $TEMP_DIR/watch_gse2_agent_$(date -d "last month" '+%Y%m').log fi fi fi @@ -185,7 +199,7 @@ watch_by_binary () { local module="agent" # 设置记录上次脚本运行的文件 - LAST_RUN_FILE=/var/run/already_run_times_$module + LAST_RUN_FILE=$VAR_RUN_DIR/already_run_times_$module # 如果文件存在,则读取文件中记录的次数 if [ -f $LAST_RUN_FILE ]; then @@ -210,8 +224,8 @@ watch_by_binary () { THRESHOLD=5 # 检查上一次脚本是否存在 - if [ -f /var/run/gsectl_check_agent_status.pid ]; then - pid=`cat /var/run/gsectl_check_agent_status.pid` + if [ -f $VAR_RUN_DIR/gsectl_check_agent_status.pid ]; then + pid=`cat $VAR_RUN_DIR/gsectl_check_agent_status.pid` if [ -d "/proc/$pid" ]; then log "`date +'%F %T.%N'` Last Script: $0 Detection status: PID:$pid is until running , no longer checking the status of the module: ${module}" return @@ -227,7 +241,7 @@ watch_by_binary () { fi # 记录当前脚本的 PID - echo $$ > /var/run/gsectl_check_agent_status.pid + echo $$ > $VAR_RUN_DIR/gsectl_check_agent_status.pid # 检测gse_agent是否正常存在的逻辑 if [ -z "${module}" ]; then @@ -443,10 +457,18 @@ is_systemd_supported () { is_use_systemd () { local module="agent" - if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then - return 0 + if [ $IS_SUPER == true ]; then + if [ -f $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service ];then + return 0 + else + return 1 + fi else - return 1 + if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then + return 0 + else + return 1 + fi fi } @@ -506,6 +528,12 @@ check_rc_file () { add_startup_to_boot () { + # 非root用户无法操作rclocal + if [ $IS_SUPER == false ]; then + echo "Not root user, can't operate rc.local" + return + fi + local module=agent # 添加启动项到 rc.local @@ -530,7 +558,7 @@ add_startup_to_boot () { add_config_to_systemd () { local module="agent" -cat > /tmp/${INSTALL_ENV}_${module}.service << EOF +cat > $TEMP_DIR/${INSTALL_ENV}_${module}.service << EOF [Unit] Description=GSE2.0 Agent Daemon Wants=network-online.target @@ -541,7 +569,7 @@ LimitNOFILE=512000 LimitCORE=infinity WorkingDirectory=${WORK_HOME}/bin PIDFile=${WORK_HOME}/bin/run/${module}.pid -ExecStart=${WORK_HOME}/bin/gse_agent -f /usr/local/${INSTALL_ENV}/${node_type}/etc/gse_agent.conf +ExecStart=${WORK_HOME}/bin/gse_agent -f ${WORK_HOME}/etc/gse_agent.conf ExecReload=${WORK_HOME}/bin/gse_agent --reload ExecStop=${WORK_HOME}/bin/gse_agent --quit Type=forking @@ -554,26 +582,48 @@ RestartSec=10 WantedBy=multi-user.target EOF - if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then - if [ `md5sum /tmp/${INSTALL_ENV}_${module}.service |awk '{print $1}'` == `md5sum /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service |awk '{print $1}'` ];then - echo "${INSTALL_ENV}_${module}.service have no change..." + if [ $IS_SUPER == true ]; then + if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then + if [ `md5sum $TEMP_DIR/${INSTALL_ENV}_${module}.service |awk '{print $1}'` == `md5sum /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service |awk '{print $1}'` ];then + echo "${INSTALL_ENV}_${module}.service have no change..." + else + echo "update ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + systemctl daemon-reload + systemctl enable ${INSTALL_ENV}_${module}.service + fi else - echo "update ${INSTALL_ENV}_${module}.service" - cp /tmp/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + echo "copy ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service systemctl daemon-reload systemctl enable ${INSTALL_ENV}_${module}.service fi + + # 删除rc.local里的启动项 + check_rc_file + sed -i "\|${WORK_HOME}/bin/gsectl start ${module}|d" $RC_LOCAL_FILE else - echo "copy ${INSTALL_ENV}_${module}.service" - cp /tmp/${INSTALL_ENV}_${module}.service /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service - systemctl daemon-reload - systemctl enable ${INSTALL_ENV}_${module}.service + if [ -f $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service ];then + if [ `md5sum $TEMP_DIR/${INSTALL_ENV}_${module}.service |awk '{print $1}'` == `md5sum $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service |awk '{print $1}'` ];then + echo "${INSTALL_ENV}_${module}.service have no change..." + else + echo "update ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service + systemctl --user daemon-reload + systemctl --user enable ${INSTALL_ENV}_${module}.service + fi + else + if [ ! -d "$HOME/.config/systemd" ]; then + echo "文件夹 ~/.config/systemd 不存在,正在创建..." + mkdir -p $HOME/.config/systemd/user + fi + echo "copy ${INSTALL_ENV}_${module}.service" + cp $TEMP_DIR/${INSTALL_ENV}_${module}.service $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service + systemctl --user daemon-reload + systemctl --user enable ${INSTALL_ENV}_${module}.service + fi fi - # 删除rc.local里的启动项 - check_rc_file - sed -i "\|${WORK_HOME}/bin/gsectl start ${module}|d" $RC_LOCAL_FILE - # 删除crontab里的watch条目 remove_crontab } @@ -581,10 +631,18 @@ EOF remove_systemd_config (){ local module="agent" - if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then - systemctl stop ${INSTALL_ENV}_${module}.service - systemctl disable ${INSTALL_ENV}_${module}.service - rm /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + if [ $IS_SUPER == true ]; then + if [ -f /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service ];then + systemctl stop ${INSTALL_ENV}_${module}.service + systemctl disable ${INSTALL_ENV}_${module}.service + rm /usr/lib/systemd/system/${INSTALL_ENV}_${module}.service + fi + else + if [ -f $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service ];then + systemctl --user stop ${INSTALL_ENV}_${module}.service + systemctl --user disable ${INSTALL_ENV}_${module}.service + rm $HOME/.config/systemd/user/${INSTALL_ENV}_${module}.service + fi fi } @@ -596,12 +654,12 @@ setup_crontab () { return 0 fi - tmpcron=/tmp/cron.XXXXXXX + tmpcron=$TEMP_DIR/cron.XXXXXXX ( crontab -l | grep -v "$WORK_HOME/bin/gsectl" echo "#$WORK_HOME/bin/gsectl Agent check, add by NodeMan @ `date +'%F %T'`" - echo "* * * * * $WORK_HOME/bin/gsectl watch agent 1>>/tmp/watch_gse2_agent.log 2>&1" + echo "* * * * * $WORK_HOME/bin/gsectl watch agent 1>>$TEMP_DIR/watch_gse2_agent.log 2>&1" ) > "$tmpcron" crontab "$tmpcron" && rm -f "$tmpcron" @@ -610,14 +668,18 @@ setup_crontab () { remove_crontab (){ local tmpcron - tmpcron=/tmp/cron.XXXXXX + tmpcron=$TEMP_DIR/cron.XXXXXX crontab -l |egrep -v "$WORK_HOME" >$tmpcron crontab $tmpcron && rm -f $tmpcron # 下面这段代码是为了确保修改的crontab立即生效 - if pgrep -x crond &>/dev/null; then - pkill -HUP -x crond + if [ $IS_SUPER == true ]; then + if pgrep -x crond &>/dev/null; then + pkill -HUP -x crond + fi + else + crontab -l | crontab - fi } @@ -817,33 +879,33 @@ fi if [ $auto_type == "systemd" ]; then case $action in - start) start_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - stop) stop_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - restart) restart_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - status) status_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - reload) reload_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - healthz) healthz_by_systemd 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; + start) start_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + stop) stop_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + restart) restart_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + status) status_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + reload) reload_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + healthz) healthz_by_systemd 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; -h|*) usage ; exit 255 ;; esac elif [ $auto_type == "crontab" ]; then case $action in - start) start_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - stop) stop_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - restart) restart_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - status) status_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - reload) reload_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - healthz) healthz_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - watch) watch_by_crontab 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; + start) start_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + stop) stop_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + restart) restart_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + status) status_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + reload) reload_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + healthz) healthz_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + watch) watch_by_crontab 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; -h|*) usage ; exit 255 ;; esac elif [ $auto_type == "rclocal" ]; then case $action in - start) start_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - stop) stop_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - restart) restart_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - status) status_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - reload) reload_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; - healthz) healthz_by_rclocal 2>&1 | tee /tmp/nm_"${auto_type}"_"${action}".log ;; + start) start_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + stop) stop_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + restart) restart_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + status) status_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + reload) reload_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; + healthz) healthz_by_rclocal 2>&1 | tee $TEMP_DIR/nm_"${auto_type}"_"${action}".log ;; -h|*) usage ; exit 255 ;; esac fi diff --git a/script_tools/setup_agent.ksh b/script_tools/setup_agent.ksh index 7c99e064b1..a7a8082c13 100644 --- a/script_tools/setup_agent.ksh +++ b/script_tools/setup_agent.ksh @@ -101,7 +101,7 @@ cleanup () { } validate_setup_path () { - set -A invalid_path_prefix /tmp /var /etc /bin /lib /lib64 /boot /mnt /proc /dev /run /sys /sbin /root /home + set -A invalid_path_prefix /tmp /var /etc /bin /lib /lib64 /boot /mnt /proc /dev /run /sys /sbin /root set -A invalid_path /usr /usr/bin /usr/sbin /usr/local/lib /usr/include /usr/lib /usr/lib64 /usr/libexec @@ -305,6 +305,11 @@ setup_crontab () { } remove_crontab () { + + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron local datatemp=$(date +%s) @@ -316,6 +321,10 @@ remove_crontab () { } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + local rcfile=/etc/rc.local if [ -f $rcfile ];then @@ -391,7 +400,9 @@ backup_config_file () { tmp_backup_file=$(mktemp "${TMP_DIR}"/nodeman_${file}_config.XXXXXXX) log backup_config_file - "backup $file to $tmp_backup_file" cp -rf "${AGENT_SETUP_PATH}"/etc/"${file}" "${tmp_backup_file}" - chattr +i "${tmp_backup_file}" + if [ $IS_SUPER == true ]; then + chattr +i "${tmp_backup_file}" + fi fi done } @@ -402,7 +413,9 @@ recovery_config_file () { time_filter_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*") [ -z "${time_filter_config_file}" ] && return 0 latest_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*" | xargs ls -rth | tail -n 1) - chattr -i "${latest_config_file}" + if [ $IS_SUPER == true ]; then + chattr -i "${latest_config_file}" + fi cp -rf "${latest_config_file}" "${AGENT_SETUP_PATH}"/etc/"${file}" rm -f "${latest_config_file}" log recovery_config_file - "recovery ${AGENT_SETUP_PATH}/etc/${file} from $latest_config_file" @@ -537,7 +550,7 @@ check_deploy_result () { } validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -731,6 +744,13 @@ while getopts I:i:l:s:uc:r:x:p:e:a:k:N:v:oT:RO:E:A:V:B:S:Z:K: arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + ## 检查自定义环境变量 VARS_LIST=$(echo "$VARS_LIST" | sed 's/;/ /g') for var_name in ${VARS_LIST}; do diff --git a/script_tools/setup_agent.sh b/script_tools/setup_agent.sh index 6479d2d238..3933e93ba6 100644 --- a/script_tools/setup_agent.sh +++ b/script_tools/setup_agent.sh @@ -109,7 +109,7 @@ cleanup () { # 打印错误行数信息 report_err () { awk -v LN="$1" -v L="ERROR" -v D="$(date +%F\ %T)" \ - 'NR>LN-3 && NR>>":""), $0 }' $0 + 'NR>LN-3 && NR>>":""), $0 }' $0 } validate_setup_path () { @@ -128,7 +128,6 @@ validate_setup_path () { /sys /sbin /root - /home ) local invalid_path=( @@ -235,7 +234,7 @@ is_connected () { } is_gsecmdline_ok () { - /bin/gsecmdline -d 1430 -s test + $AGENT_SETUP_PATH/../plugins/bin/gsecmdline -d 1430 -s test } # 用法:通过ps的comm字段和二进制的绝对路径来精确获取pid @@ -392,6 +391,10 @@ pre_view () { } remove_crontab () { + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron tmpcron=$(mktemp "$TMP_DIR"/cron.XXXXXXX) @@ -401,11 +404,15 @@ remove_crontab () { # 下面这段代码是为了确保修改的crontab能立即生效 if pgrep -x crond &>/dev/null; then - pkill -HUP -x crond + pkill -HUP -x crond fi } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + check_rc_file local rcfile=$RC_LOCAL_FILE @@ -487,7 +494,9 @@ backup_config_file () { tmp_backup_file=$(mktemp "${TMP_DIR}"/nodeman_${file}_config.XXXXXXX) log backup_config_file - "backup $file to $tmp_backup_file" cp -rf "${AGENT_SETUP_PATH}"/etc/"${file}" "${tmp_backup_file}" - chattr +i "${tmp_backup_file}" + if [ $IS_SUPER == true ]; then + chattr +i "${tmp_backup_file}" + fi fi done } @@ -498,7 +507,9 @@ recovery_config_file () { time_filter_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*") [ -z "${time_filter_config_file}" ] && return 0 latest_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*" | xargs ls -rth | tail -n 1) - chattr -i "${latest_config_file}" + if [ $IS_SUPER == true ]; then + chattr -i "${latest_config_file}" + fi cp -rf "${latest_config_file}" "${AGENT_SETUP_PATH}"/etc/"${file}" rm -f "${latest_config_file}" log recovery_config_file - "recovery ${AGENT_SETUP_PATH}/etc/${file} from $latest_config_file" @@ -512,7 +523,9 @@ remove_agent () { backup_config_file log remove_agent - "trying to remove old agent directory(${AGENT_SETUP_PATH})" cd "${AGENT_SETUP_PATH}" || return 0 - for file in `lsattr -R |egrep "i-" |awk '{print $NF}'`;do echo "--- $file" && chattr -i $file ;done + if [ $IS_SUPER == true ]; then + for file in `lsattr -R |egrep "i-" |awk '{print $NF}'`;do echo "--- $file" && chattr -i $file ;done + fi cd - rm -rf "${AGENT_SETUP_PATH}" @@ -557,11 +570,13 @@ setup_agent () { cd "$AGENT_SETUP_PATH/.." && tar xf "$TMP_DIR/$PKG_NAME" - # update gsecmdline under /bin - cp -fp plugins/bin/gsecmdline /bin/ - # 注意这里 /bin/ 可能是软链 - cp -fp plugins/etc/gsecmdline.conf /bin/../etc/ - chmod 775 /bin/gsecmdline + if [ $IS_SUPER == true ]; then + # update gsecmdline under /bin + cp -fp plugins/bin/gsecmdline /bin/ + # 注意这里 /bin/ 可能是软链 + cp -fp plugins/etc/gsecmdline.conf /bin/../etc/ + chmod 775 /bin/gsecmdline + fi # setup config file get_config @@ -726,7 +741,7 @@ _OO_ } validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -914,6 +929,13 @@ while getopts I:i:l:s:uc:r:x:p:e:a:k:N:v:oT:RDO:E:A:V:B:S:Z:K: arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + ## 检查自定义环境变量 for var_name in ${VARS_LIST//;/ /}; do validate_vars_string "$var_name" || fail "$var_name is not a valid name" diff --git a/script_tools/setup_agent.zsh b/script_tools/setup_agent.zsh index 25e65f8b54..315c9b2ccc 100644 --- a/script_tools/setup_agent.zsh +++ b/script_tools/setup_agent.zsh @@ -25,7 +25,7 @@ report_step_status () { [ -z "$CALLBACK_URL" ] && return 0 # echo "$@" | read date _time log_level step status message - echo "$@" | read date _time log_level step + echo "$@" | read date _time log_level step tmp_time=$(date +%Y%m%d_%H%M%S) tmp_date=$(date +%s) @@ -107,7 +107,6 @@ validate_setup_path () { /lib /dev /sbin - /home ) local invalid_path=( @@ -211,7 +210,7 @@ is_connected () { } is_gsecmdline_ok () { - /bin/gsecmdline -d 1430 -s test + $AGENT_SETUP_PATH/../plugins/bin/gsecmdline -d 1430 -s test } # 用法:通过ps的comm字段和二进制的绝对路径来精确获取pid @@ -370,6 +369,10 @@ pre_view () { } remove_crontab () { + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron tmpcron=$(mktemp "$TMP_DIR"/cron.XXXXXXX) @@ -379,11 +382,15 @@ remove_crontab () { # 下面这段代码是为了确保修改的crontab能立即生效 if pgrep -x crond &>/dev/null; then - pkill -HUP -x crond + pkill -HUP -x crond fi } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + get_daemon_file local damonfile=$DAEMON_FILE_NAME @@ -478,7 +485,9 @@ backup_config_file () { tmp_backup_file=$(mktemp "${TMP_DIR}"/nodeman_${file}_config.XXXXXXX) log backup_config_file - "backup $file to $tmp_backup_file" cp -rf "${AGENT_SETUP_PATH}"/etc/"${file}" "${tmp_backup_file}" - chattr +i "${tmp_backup_file}" + if [ $IS_SUPER == true ]; then + chattr +i "${tmp_backup_file}" + fi fi done } @@ -489,7 +498,9 @@ recovery_config_file () { time_filter_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*") [ -z "${time_filter_config_file}" ] && return 0 latest_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*" | xargs ls -rth | tail -n 1) - chattr -i "${latest_config_file}" + if [ $IS_SUPER == true ]; then + chattr -i "${latest_config_file}" + fi cp -rf "${latest_config_file}" "${AGENT_SETUP_PATH}"/etc/"${file}" rm -f "${latest_config_file}" log recovery_config_file - "recovery ${AGENT_SETUP_PATH}/etc/${file} from $latest_config_file" @@ -546,11 +557,13 @@ setup_agent () { cd "$AGENT_SETUP_PATH/.." && tar xf "$TMP_DIR/$PKG_NAME" - # update gsecmdline under /bin - cp -fp plugins/bin/gsecmdline /usr/bin/ - # 注意这里 /bin/ 可能是软链 - cp -fp plugins/etc/gsecmdline.conf /usr/bin/../etc/ - chmod 775 /bin/gsecmdline + if [ $IS_SUPER == true ]; then + # update gsecmdline under /bin + cp -fp plugins/bin/gsecmdline /usr/bin/ + # 注意这里 /bin/ 可能是软链 + cp -fp plugins/etc/gsecmdline.conf /usr/bin/../etc/ + chmod 775 /bin/gsecmdline + fi # setup config file get_config @@ -622,7 +635,7 @@ check_deploy_result () { validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -811,6 +824,13 @@ while getopts I:i:l:s:uc:r:x:p:e:a:k:N:v:oT:RDO:E:A:V:B:S:Z:K: arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi + ## 检查自定义环境变量 for var_name in ${VARS_LIST//;/ /}; do validate_vars_string "$var_name" || fail "$var_name is not a valid name" diff --git a/script_tools/setup_proxy.sh b/script_tools/setup_proxy.sh index ac217b5f4f..48527c57cb 100755 --- a/script_tools/setup_proxy.sh +++ b/script_tools/setup_proxy.sh @@ -100,7 +100,6 @@ validate_setup_path () { /sys /sbin /root - /home ) local invalid_path=( @@ -349,6 +348,10 @@ pre_view () { } remove_crontab () { + if [ $IS_SUPER == false ]; then + return + fi + local tmpcron tmpcron=$(mktemp "$TMP_DIR"/cron.XXXXXXX) @@ -363,6 +366,10 @@ remove_crontab () { } setup_startup_scripts () { + if [ $IS_SUPER == false ]; then + return + fi + check_rc_file local rcfile=$RC_LOCAL_FILE @@ -499,9 +506,11 @@ setup_proxy () { cd "$AGENT_SETUP_PATH/.." && tar xf "$TMP_DIR/$PKG_NAME" - # update gsecmdline under /bin - cp -fp plugins/bin/gsecmdline /bin/ - chmod 775 /bin/gsecmdline + if [ $IS_SUPER == true ]; then + # update gsecmdline under /bin + cp -fp plugins/bin/gsecmdline /bin/ + chmod 775 /bin/gsecmdline + fi # setup config file get_config @@ -605,7 +614,7 @@ _OO_ } validate_vars_string () { - echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9]+=' + echo "$1" | grep -Pq '^[a-zA-Z_][a-zA-Z0-9_]*=' } check_pkgtool () { @@ -700,7 +709,9 @@ backup_config_file () { tmp_backup_file=$(mktemp "${TMP_DIR}"/nodeman_${file}_config.XXXXXXX) log backup_config_file - "backup $file to $tmp_backup_file" cp -rf "${AGENT_SETUP_PATH}"/etc/"${file}" "${tmp_backup_file}" - chattr +i "${tmp_backup_file}" + if [ $IS_SUPER == true ]; then + chattr +i "${tmp_backup_file}" + fi fi done } @@ -711,7 +722,9 @@ recovery_config_file () { time_filter_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*") [ -z "${time_filter_config_file}" ] && return 0 latest_config_file=$(find "${TMP_DIR}" -ctime -1 -name "nodeman_${file}_config*" | xargs ls -rth | tail -n 1) - chattr -i "${latest_config_file}" + if [ $IS_SUPER == true ]; then + chattr -i "${latest_config_file}" + fi cp -rf "${latest_config_file}" "${AGENT_SETUP_PATH}"/etc/"${file}" rm -f "${latest_config_file}" log recovery_config_file - "recovery ${AGENT_SETUP_PATH}/etc/${file} from $latest_config_file" @@ -810,6 +823,12 @@ while getopts I:i:l:s:uc:r:x:p:e:a:k:N:g:v:oT:RO:E:A:V:B:S:Z:K: arg; do esac done +IS_SUPER=true +if sudo -n true 2>/dev/null; then + IS_SUPER=true +else + IS_SUPER=false +fi ## 检查自定义环境变量 for var_name in ${VARS_LIST//;/ /}; do