rewrite log messages and format
This commit is contained in:
parent
35d257d9c7
commit
205e3774a9
|
@ -8,10 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Added
|
||||
|
||||
* bkctld-inc and bkctld-rm log their progress (log level "info")
|
||||
|
||||
### Changed
|
||||
|
||||
* rewrite log messages and format
|
||||
|
||||
### Deprecated
|
||||
|
||||
### Removed
|
||||
|
|
|
@ -18,6 +18,7 @@ iptables_input_accept() {
|
|||
jail_name="${1}"
|
||||
port="${2}"
|
||||
ip="${3}"
|
||||
debug "Accept \`${ip}:${port}' for jail \`${jail_name}'"
|
||||
|
||||
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"
|
||||
}
|
||||
|
@ -34,7 +35,7 @@ if [ -n "${FIREWALL_RULES}" ]; then
|
|||
# Restart the firewall
|
||||
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
||||
fi
|
||||
notice "${jail_name}: firewall rules have been updated."
|
||||
notice "Firewall updated for jail \`${jail_name}'"
|
||||
else
|
||||
warning "${jail_name}: skipping firewall update, FIREWALL_RULES variable is empty."
|
||||
notice "Skip jail \`${jail_name}' : FIREWALL_RULES variable is empty."
|
||||
fi
|
||||
|
|
|
@ -54,8 +54,8 @@ for jail_name in ${jails_list}; do
|
|||
if [ -n "${incs_policy_file}" ]; then
|
||||
# If no incs directory is found, we don't create incs
|
||||
if [ ! -d "${inc_path}" ]; then
|
||||
info "inc progress: jail ${jails_count} out of ${jails_total}"
|
||||
start=$(current_time)
|
||||
info "Progress: jail ${jails_count} out of ${jails_total}"
|
||||
notice "Create inc \`${inc_name}' for jail \`${jail_name}' : start"
|
||||
|
||||
if is_btrfs "${jail_path}"; then
|
||||
create_inc_btrfs "${jail_name}" "${inc_name}"
|
||||
|
@ -63,12 +63,11 @@ for jail_name in ${jails_list}; do
|
|||
create_inc_ext4 "${jail_name}" "${inc_name}"
|
||||
fi
|
||||
|
||||
end=$(current_time)
|
||||
notice "${jail_name}: \`${inc_name}' has been created [${start}/${end}]"
|
||||
notice "Create inc \`${inc_name}' for jail \`${jail_name}' : finish"
|
||||
else
|
||||
warning "${jail_name}: skipping \`${inc_name}', it already exists."
|
||||
warning "Skip inc \`${inc_name}' for jail \`${jail_name}' : it already exists."
|
||||
fi
|
||||
else
|
||||
notice "${jail_name}: skipping \`${inc_name}', incs policy not found."
|
||||
notice "Skip jail \`${jail_name}' : incs policy is missing"
|
||||
fi
|
||||
done
|
||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" && error "${jail_name}: jail already exists."
|
||||
test -d "${jail_path}" && error "Skip jail \`${jail_name}' : it already exists"
|
||||
|
||||
# Create config and jails directory
|
||||
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||
|
@ -28,4 +28,4 @@ fi
|
|||
setup_jail_chroot "${jail_name}"
|
||||
setup_jail_config "${jail_name}"
|
||||
|
||||
notice "${jail_name}: jail has been created"
|
||||
notice "Create jail \`${jail_name}' : OK"
|
||||
|
|
|
@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
||||
|
||||
|
@ -40,9 +40,9 @@ else
|
|||
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
||||
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||
else
|
||||
error "${jail_name}: No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
||||
error "No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
||||
fi
|
||||
notice "${jail_name}: IP whitelist updated with \`${ip}'"
|
||||
notice "Update IP whitelist with \`${ip}' for jail \`${jail_name}' : OK"
|
||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||
fi
|
||||
|
|
|
@ -14,7 +14,7 @@ if [ -z "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
jail_pid_file="${jail_path}/${SSHD_PID}"
|
||||
|
||||
|
|
|
@ -15,15 +15,15 @@ if [ ! -n "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
if [ -z "${keyfile}" ]; then
|
||||
if [ -f "${jail_path}/${AUTHORIZED_KEYS}" ]; then
|
||||
cat "${jail_path}/${AUTHORIZED_KEYS}"
|
||||
fi
|
||||
else
|
||||
test -r "${keyfile}" || error "${jail_name}: SSH key \`${keyfile}' is missing or is not readable."
|
||||
test -r "${keyfile}" || error "SSH key \`${keyfile}' for jail \`${jail_name}' is missing or is not readable."
|
||||
cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}"
|
||||
chmod 600 "${jail_path}/${AUTHORIZED_KEYS}"
|
||||
notice "${jail_name}: SSH key has been updated with \`${keyfile}'"
|
||||
notice "Update SSH key \`${keyfile}' for jail \`${jail_name}' : OK"
|
||||
fi
|
||||
|
|
|
@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
||||
|
||||
|
@ -29,7 +29,7 @@ else
|
|||
fi
|
||||
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
||||
|
||||
notice "${jail_name}: port has been updated to \`${port}'"
|
||||
notice "Update SSH port \`${port}' for jail \`${jail_name}' : OK"
|
||||
|
||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||
|
|
|
@ -13,10 +13,14 @@ if [ -z "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
||||
|
||||
pid=$(cat "${jail_path}/${SSHD_PID}")
|
||||
|
||||
kill -HUP "${pid}" && notice "${jail_name}: jail has been reloaded [${pid}]"
|
||||
if kill -HUP "${pid}"; then
|
||||
notice "Reload jail \`${jail_name}' : OK [${pid}]"
|
||||
else
|
||||
error "Reload jail \`${jail_name}' : failed [${pid}]"
|
||||
fi
|
||||
|
|
|
@ -14,7 +14,7 @@ fi
|
|||
jail_path=$(jail_path "${jail_name}")
|
||||
incs_path=$(incs_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||
|
||||
|
@ -33,10 +33,10 @@ if [ -d "${incs_path}" ]; then
|
|||
if [ "${inc_inode}" -eq 256 ]; then
|
||||
/bin/btrfs subvolume delete "${incs_path}/${inc}" | debug
|
||||
else
|
||||
warning "You need to purge ${incs_path}/${inc} manually !"
|
||||
warning "You need to purge \`${incs_path}/${inc}' manually"
|
||||
fi
|
||||
done
|
||||
rmdir --ignore-fail-on-non-empty "${incs_path}" | debug
|
||||
fi
|
||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||
notice "${jail_name}: jail has been deleted."
|
||||
notice "Delete jail \`${jail_name}' : OK"
|
||||
|
|
|
@ -15,7 +15,7 @@ if [ -z "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||
"${LIBDIR}/bkctld-start" "${jail_name}"
|
||||
|
|
|
@ -106,11 +106,11 @@ for jail_name in ${jails_list}; do
|
|||
incs_count=0
|
||||
|
||||
if [ -n "${incs_to_delete}" ]; then
|
||||
debug "${jail_name}: incs to be deleted : $(echo "${incs_to_delete}" | tr '\n', ',' | sed 's/,$//')."
|
||||
debug "Incs to be deleted for \`${jail_name}' : $(echo "${incs_to_delete}" | tr '\n', ',' | sed 's/,$//')."
|
||||
for inc_name in ${incs_to_delete}; do
|
||||
incs_count=$((incs_count+1))
|
||||
info "rm progress: jail ${jails_count} out of ${jails_total} - inc ${incs_count} out of ${incs_total}"
|
||||
start=$(current_time)
|
||||
info "Progress: jail ${jails_count} out of ${jails_total} - inc ${incs_count} out of ${incs_total}"
|
||||
notice "Delete inc \`${inc_name}' for jail \`${jail_name}' : start"
|
||||
|
||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||
|
||||
|
@ -120,14 +120,13 @@ for jail_name in ${jails_list}; do
|
|||
delete_inc_ext4 "${jail_name}" "${inc_name}"
|
||||
fi
|
||||
|
||||
end=$(current_time)
|
||||
notice "${jail_name}: inc \`${inc_name}' has been deleted [${start}/${end}]"
|
||||
notice "Delete inc \`${inc_name}' for jail \`${jail_name}' : finish"
|
||||
done
|
||||
else
|
||||
notice "${jail_name}: no inc to be deleted."
|
||||
notice "Skip jail \`${jail_name}' : no inc to delete"
|
||||
fi
|
||||
else
|
||||
notice "${jail_name}: skipping jail because incs policy is missing."
|
||||
notice "Skip jail \`${jail_name}' : incs policy is missing"
|
||||
fi
|
||||
done
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
||||
|
||||
|
@ -21,7 +21,7 @@ test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
|||
mount_jail_fs "${jail_name}"
|
||||
|
||||
# Start SSH in the chroot
|
||||
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start SSH."
|
||||
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "Failed to start SSH for jail \`${jail_name}'"
|
||||
pidfile="${jail_path}/${SSHD_PID}"
|
||||
|
||||
# Wait for SSH to be up
|
||||
|
@ -37,7 +37,7 @@ for try in $(seq 1 10); do
|
|||
done
|
||||
|
||||
if [ -n "${pid}" ]; then
|
||||
notice "${jail_name}: jail has been started [${pid}]"
|
||||
notice "Start jail \`${jail_name}' : PID \`${pid}'"
|
||||
else
|
||||
error "${jail_name}: failed to fetch SSH pid within 3 sec."
|
||||
error "Failed to fetch SSH PID for jail \`${jail_name}' within 3 seconds"
|
||||
fi
|
||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
||||
|
||||
|
@ -22,10 +22,10 @@ pid=$(cat "${jail_path}/${SSHD_PID}")
|
|||
pkill --parent "${pid}"
|
||||
|
||||
if kill "${pid}"; then
|
||||
notice "${jail_name}: jail has been stopped [${pid}]"
|
||||
notice "Stop jail \`${jail_name}' : OK [${pid}]"
|
||||
|
||||
umount --lazy --recursive "${jail_path}/dev"
|
||||
umount --lazy "${jail_path}/proc/"
|
||||
else
|
||||
error "${jail_name}: failed to stop jail [${pid}]"
|
||||
error "Stop jail \`${jail_name}' : failed [${pid}]"
|
||||
fi
|
||||
|
|
|
@ -14,7 +14,7 @@ fi
|
|||
jail_path=$(jail_path "${jail_name}")
|
||||
jail_config_dir=$(jail_config_dir "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
|
||||
|
||||
|
|
|
@ -13,10 +13,10 @@ if [ ! -n "${jail_name}" ]; then
|
|||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||
|
||||
setup_jail_chroot "${jail_name}"
|
||||
|
||||
notice "${jail_name}: jail has been updated."
|
||||
notice "Update jail \`${jail_name}' : OK"
|
||||
|
|
30
lib/includes
30
lib/includes
|
@ -23,43 +23,49 @@ CRITICAL="${CRITICAL:-48}"
|
|||
WARNING="${WARNING:-24}"
|
||||
DUC=$(command -v duc-nox || command -v duc)
|
||||
|
||||
log_date() {
|
||||
echo "[$(date +%Y-%m-%d %H:%M:%s)]"
|
||||
}
|
||||
process_name() {
|
||||
basename $0
|
||||
}
|
||||
debug() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
if [ "${LOGLEVEL}" -ge 7 ]; then
|
||||
echo "${msg}"
|
||||
logger -t bkctld -p daemon.debug "${msg}"
|
||||
echo "$(log_date) DEBUG $(process_name) ${msg}"
|
||||
logger -t bkctld -p daemon.debug "$(process_name) ${msg}"
|
||||
fi
|
||||
}
|
||||
|
||||
info() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
if [ "${LOGLEVEL}" -ge 6 ]; then
|
||||
tty -s && echo "${msg}"
|
||||
logger -t bkctld -p daemon.info "${msg}"
|
||||
tty -s && echo "$(log_date) INFO $(process_name)${msg}"
|
||||
logger -t bkctld -p daemon.info "$(process_name) ${msg}"
|
||||
fi
|
||||
}
|
||||
|
||||
notice() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
tty -s && echo "${msg}"
|
||||
[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
|
||||
tty -s && echo "$(log_date) NOTICE $(process_name) ${msg}"
|
||||
[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "$(process_name) ${msg}"
|
||||
}
|
||||
|
||||
warning() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
tty -s && echo "WARNING: ${msg}" >&2
|
||||
tty -s && echo "$(log_date) WARNING $(process_name) ${msg}" >&2
|
||||
if [ "${LOGLEVEL}" -ge 4 ]; then
|
||||
tty -s || echo "WARNING: ${msg}" >&2
|
||||
logger -t bkctld -p daemon.warning "${msg}"
|
||||
tty -s || echo "$(log_date) WARNING $(process_name) ${msg}" >&2
|
||||
logger -t bkctld -p daemon.warning "$(process_name) ${msg}"
|
||||
fi
|
||||
}
|
||||
|
||||
error() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
tty -s && echo "ERROR: ${msg}" >&2
|
||||
tty -s && echo "$(log_date) ERROR $(process_name) ${msg}" >&2
|
||||
if [ "${LOGLEVEL}" -ge 5 ]; then
|
||||
tty -s || echo "ERROR: ${msg}" >&2
|
||||
logger -t bkctld -p daemon.error "${msg}"
|
||||
tty -s || echo "$(log_date) ERROR $(process_name) ${msg}" >&2
|
||||
logger -t bkctld -p daemon.error "$(process_name) ${msg}"
|
||||
fi
|
||||
exit 1
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue