Work in progress

share/commands/agent-run

@@ -37,6 +37,7 @@
 
 . "${BASEDIR}/../lib/common.sh"
 . "${BASEDIR}/../lib/cfengine_parsing.sh"
+. "${BASEDIR}/../lib/report.sh"
 
 REPORTING_PROTOCOL=$(rudder_json_value 'REPORTING_PROTOCOL')
 
@@ -49,6 +50,12 @@ FORCE=0
 PARTIAL_RUN=0
 OUTPUT_LOG=1
 
+# By default, not to mess log file
+COLOR="-Cnever"
+
+# When debugging, reports will be huge, skip HTTP reporting
+DONT_DO_HTTP=0
+
 while getopts "uiIvdqgwrRNcTb:D:f" opt; do
   case $opt in
     u)
@@ -64,12 +71,16 @@ while getopts "uiIvdqgwrRNcTb:D:f" opt; do
       DISPLAY_INFO=1
       QUIET=0
       UPDATE_OPTIONS="${UPDATE_OPTIONS} -v"
+      COLOR="-Calways"
+      DONT_DO_HTTP=1
       ;;
     d)
       VERBOSITY="-d ${DEBUG_CLASS}"
       DISPLAY_INFO=1
       QUIET=0
       UPDATE_OPTIONS="${UPDATE_OPTIONS} -d"
+      COLOR="-Calways"
+      DONT_DO_HTTP=1
       ;;
     q)
       DISPLAY_INFO=0
@@ -138,32 +149,42 @@ if [ "${UPDATE}" = "true" ]; then
   code1=$?
 fi
 
+# If not launched from cf-execd, we need to take care of logging in outputs
 if [ ${OUTPUT_LOG} -eq 1 ]; then
-  log_outputs='tee ${logdir}/${logfile} |'
   # keep same name structure as cf-execd
   logfile=$(echo "cf_$(get_hostname)__$(date +%s)_$(LANG=C date +"%a %b %e %H %M %S %Y")_0" | sed 's/[^a-zA-Z0-9]/_/g')
   logdir=/var/rudder/cfengine-community/outputs
-  touch ${logdir}/${logfile}
-  chmod 600 ${logdir}/${logfile}
+  touch "${logdir}/${logfile}"
+  chmod 600 "${logdir}/${logfile}"
+  log_outputs='tee ${logdir}/${logfile}'
 else
-  log_outputs=''
+  log_outputs='cat'
 fi
 
-if [ "${REPORTING_PROTOCOL}" = "HTTPS" ]; then
-  timestamp="${BASEDIR}/../lib/timestamp.sh |"
-  runlog_output="tee ${TMP_REPORTS_DIR}/$(/bin/date -u "+%Y-%m-%dT%T+00:00")@${UUID}.log |"
+# If reporting in HTTP, we need to take care of timestamped logging
+if [ "${REPORTING_PROTOCOL}" = "HTTPS" ] && [ ${DONT_DO_HTTP} -eq 0 ]; then
+  timestamp="${BASEDIR}/../lib/timestamp.sh"
+  report_file_name=$(/bin/date -u "+%Y-%m-%dT%T+00:00")@${UUID}.log
+  report_file="${TMP_REPORTS_DIR}/${report_file_name}"
+  touch "${report_file}"
+  chmod 600 "${report_file}"
+  runlog_output='tee ${report_file}'
 else
-  timestamp=''
-  runlog_output=''
+  timestamp='cat'
+  runlog_output='cat'
 fi
 
-"${RUDDER_VAR}/cfengine-community/bin/cf-agent" ${VERBOSITY} ${COLOR} -K ${BUNDLE} ${CLASS} | eval $log_outputs eval ${PRETTY}
+"${RUDDER_VAR}/cfengine-community/bin/cf-agent" ${VERBOSITY} ${COLOR} -K ${BUNDLE} ${CLASS} | eval $log_outputs | eval $timestamp | eval $runlog_output | eval ${PRETTY}
+code2=$?
 
 if [ ${OUTPUT_LOG} -eq 1 ]; then
   ln -sf ${logdir}/${logfile} ${logdir}/previous
 fi
+
+if [ "${REPORTING_PROTOCOL}" = "HTTPS" ] && [ ${DONT_DO_HTTP} -eq 0 ]; then
+  compress_and_sign "${report_file_name}"
+fi
 
 # merge exit codes (this is the eval exit code ... POSIX ...)
-code2=$?
 [ $code1 -ne 0 ] && exit $code1
 exit $code2

share/lib/run.sh → share/lib/report.sh

@@ -6,9 +6,12 @@ if [ -f "${RUDDER_JSON}" ]; then
 fi
 
 SERVER=$(cat "${RUDDER_VAR}/cfengine-community/policy_server.dat")
-TMP_REPORTS_DIR="/var/rudder/reports/tmp/"
+TMP_REPORTS_DIR="/var/rudder/tmp/reports/"
 REPORTS_DIR="/var/rudder/reports/ready/"
 
+mkdir -p "${TMP_REPORTS_DIR}"
+mkdir -p "${REPORTS_DIR}"
+
 # The key to use for signature
 PRIVKEY="/var/rudder/cfengine-community/ppkeys/localhost.priv"
 CERT="/opt/rudder/etc/ssl/agent.cert"
@@ -22,28 +25,28 @@ compress_and_sign() {
     # filename
     file="$1"
     tmp_file="${TMP_REPORTS_DIR}/${file}"
-    ready_file="${REPORTS_DIR}/${file}"
+    ready_file="${REPORTS_DIR}/${file}.gz"
 
     # We do not include certs as the server already knows them
-    openssl smime -sign -text -nocerts -signer "${CERT}" -inkey "${PRIVKEY}" -passin "${PASSPHRASE}" \
+    openssl smime -sign -text -nocerts -signer "${CERT}" -inkey "${PRIVKEY}" -passin "pass:${PASSPHRASE}" \
         -in "${tmp_file}" -out "${tmp_file}.signed"
     if [ $? -eq 0 ]; then
         # Move temp file
         mv "${tmp_file}.signed" "${tmp_file}"
     else
-        echo "${red}ERROR${normal}: ${tmp_file} could not be signed"
+        echo "${red}error${normal}: ${tmp_file} could not be signed"
         rm -f "${tmp_file}.signed"
         exit 1
     fi
 
     gzip -f "${tmp_file}"
     if [ $? -ne 0 ]; then
-        echo "${red}ERROR${normal}: Could not compress ${tmp_file}, exiting"
+        echo "${red}error${normal}: Could not compress ${tmp_file}, exiting"
         return 1
     fi
 
     # (Very likely) atomic move in ready reports dir
-    mv "${tmp_file}" "${ready_file}"
+    mv "${tmp_file}.gz" "${ready_file}"
 
     # Try to send it.
     # If it fails, it will be sent later by the agent