1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# Copyright VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <http://www.gnu.org/licenses/>.
# pylint: disable=import-outside-toplevel
from typing import IO
def commit_in_progress():
"""Not to be used in normal op mode scripts!"""
# The CStore backend locks the config by opening a file
# The file is not removed after commit, so just checking
# if it exists is insufficient, we need to know if it's open by anyone
# There are two ways to check if any other process keeps a file open.
# The first one is to try opening it and see if the OS objects.
# That's faster but prone to race conditions and can be intrusive.
# The other one is to actually check if any process keeps it open.
# It's non-intrusive but needs root permissions, else you can't check
# processes of other users.
#
# Since this will be used in scripts that modify the config outside of the CLI
# framework, those knowingly have root permissions.
# For everything else, we add a safeguard.
from psutil import process_iter
from psutil import NoSuchProcess
from getpass import getuser
from vyos.defaults import commit_lock
if getuser() != 'root':
raise OSError(
'This functions needs to be run as root to return correct results!'
)
for proc in process_iter():
try:
files = proc.open_files()
if files:
for f in files:
if f.path == commit_lock:
return True
except NoSuchProcess:
# Process died before we could examine it
pass
# Default case
return False
def wait_for_commit_lock():
"""Not to be used in normal op mode scripts!"""
from time import sleep
# Very synchronous approach to multiprocessing
while commit_in_progress():
sleep(1)
# For transitional compatibility with the legacy commit locking mechanism,
# we require a lockf/fcntl (POSIX-type) lock, hence the following in place
# of vyos.utils.locking
def acquire_commit_lock_file() -> tuple[IO, str]:
import fcntl
from pathlib import Path
from vyos.defaults import commit_lock
try:
# pylint: disable=consider-using-with
lock_fd = Path(commit_lock).open('w')
except IOError as e:
out = f'Critical error opening commit lock file {e}'
return None, out
try:
fcntl.lockf(lock_fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
return lock_fd, ''
except IOError:
out = 'Configuration system locked by another commit in progress'
lock_fd.close()
return None, out
def release_commit_lock_file(file_descr):
import fcntl
if file_descr is None:
return
fcntl.lockf(file_descr, fcntl.LOCK_UN)
file_descr.close()
def call_commit_hooks(which: str):
import re
import os
from pathlib import Path
from vyos.defaults import commit_hooks
from vyos.utils.process import rc_cmd
if which not in list(commit_hooks):
raise ValueError(f'no entry {which} in commit_hooks')
hook_dir = commit_hooks[which]
file_list = list(Path(hook_dir).glob('*'))
regex = re.compile('^[a-zA-Z0-9._-]+$')
hook_list = sorted([str(f) for f in file_list if regex.match(f.name)])
err = False
out = ''
for runf in hook_list:
try:
e, o = rc_cmd(runf)
except FileNotFoundError:
continue
err = err | bool(e)
out = out + o
return out, int(err)
|
