Subversion Repositories sysadmin_scripts

Rev

Rev 23 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 23 Rev 61
Line 22... Line 22...
22 
#    v0.2 - 20160312 RWR
 22 
#    v0.2 - 20160312 RWR
23 
#       Added --chdir parameter to allow relative processing of files
 23 
#       Added --chdir parameter to allow relative processing of files
24 
#             from the .ovpn config file
 24 
#             from the .ovpn config file
25 
#       Added --version parameter to display version information
 25 
#       Added --version parameter to display version information
26 
#       Created copyright using GNUv2
 26 
#       Created copyright using GNUv2
- 
 
 27 
#    v0.2.1 - 20191209 RWR
- 
 
 28 
#       Since the openvpn cli does not return any exit codes (always 0), set it to monitor
- 
 
 29 
#       the logs, looking for. See sub verifyUp for details.
27 
 
 30 
 
28 
 
 31 
 
29 
$main::VERSION = '0.2';
 32 
$main::VERSION = '0.2.1';
30 
 
 33 
 
31 
 
 34 
 
32 
use Getopt::Long qw(:config auto_version bundling );
 35 
use Getopt::Long qw(:config auto_version bundling );
33 
use Pod::Usage qw(pod2usage);
 36 
use Pod::Usage qw(pod2usage);
34 
 
 37 
 
Line 136... Line 139...
136 
   print "Status files located in $statusDir\n" if $verbose;
 139 
   print "Status files located in $statusDir\n" if $verbose;
137 
   print "Log Files located in $logDir\n" if $verbose;
 140 
   print "Log Files located in $logDir\n" if $verbose;
138 
   print "PID files located in $pidDir\n" if $verbose;
 141 
   print "PID files located in $pidDir\n" if $verbose;
139 
}
 142 
}
140 
 
 143 
 
- 
 
 144 
# simply returns the return code of a process
- 
 
 145 
sub processReturnCode {
- 
 
 146 
   my $code = shift;
- 
 
 147 
   if ($code == -1) {
- 
 
 148 
      return $code;
- 
 
 149 
   }
- 
 
 150 
   $code = $code >> 8;
- 
 
 151 
   return ( $code );
- 
 
 152 
}
- 
 
 153 
 
- 
 
 154 
# checks a log $count times, with a delay of $delay, for one of the messages below.
- 
 
 155 
# The first two indicate failure, the last one indicates success.
- 
 
 156 
sub verifyUp {
- 
 
 157 
   my $logFile = shift;
- 
 
 158 
   my $delay = 1;
- 
 
 159 
   my $count = 10;
- 
 
 160 
   my $returnCode;
- 
 
 161 
   while ( $count-- ) {
- 
 
 162 
      qx/grep 'AUTH_FAILED' $logFile 2>&1/;
- 
 
 163 
      $returnCode = &processReturnCode( $? );
- 
 
 164 
      print "auth failed grep returned [$returnCode]\n" if $verbose;
- 
 
 165 
      return 0 if ( $returnCode ) == 0;
- 
 
 166 
      qx/grep 'private key password verification failed' $logFile 2>&1/;
- 
 
 167 
      $returnCode = &processReturnCode( $? );
- 
 
 168 
      print "Checking private key password [$returnCode]\n" if $verbose;
- 
 
 169 
      return 0 if ( $returnCode ) == 0;
- 
 
 170
- 
 
 171 
      qx/grep 'Initialization Sequence Completed' $logFile 2>&1/;
- 
 
 172 
      $returnCode = &processReturnCode( $? );
- 
 
 173 
      print "initialization complete grep returned [$returnCode]\n" if $verbose;
- 
 
 174 
      return 1 if ( $returnCode ) == 0;
- 
 
 175 
      print "Sleeping for $delay seconds\n" if $verbose;
- 
 
 176 
      sleep $delay;
- 
 
 177 
   }
- 
 
 178 
   return 0;
- 
 
 179 
}
- 
 
 180 
 
141 
# start a connection. Can only be done as root user.
 181 
# start a connection. Can only be done as root user.
142 
sub startConnection {
 182 
sub startConnection {
143 
   my $destination = shift;
 183 
   my $destination = shift;
- 
 
 184 
   my $exitString = 'Unknown Exit Status';
144 
   my $configFile = "$configDirs/$destination/$destination.ovpn";
 185 
   my $configFile = "$configDirs/$destination/$destination.ovpn";
- 
 
 186 
   my $p12 =  "$configDirs/$destination/$destination.p12";
145 
   chdir( "$configDirs/$destination" ) if $chdir;
 187 
   chdir( "$configDirs/$destination" ) if $chdir;
146 
   if ( -f $configFile && ! &getPid($destination) ) {
 188 
   if ( -f $configFile ) {
- 
 
 189 
      # we found the config file
- 
 
 190 
      if ( &getPid( $destination ) ) { # make sure it is not already running
- 
 
 191 
         return 'The connection was already active';
- 
 
 192 
      }
147 
      my $command = 'openvpn' .
 193 
      my $command = 'openvpn' .
- 
 
 194 
                    ( -f $p12 ? " --askpass" : '' ) .
148 
                    " --daemon $destination" .
 195 
                    " --daemon $destination" .
149 
                    " --inactive $timeOut" .
 196 
                    " --inactive $timeOut" .
150 
                    " --writepid $pidDir/$destination.pid" .
 197 
                    " --writepid $pidDir/$destination.pid" .
151 
                    " --log $logDir/$destination.log" .
 198 
                    " --log $logDir/$destination.log" .
152 
                    " --status $statusDir/$destination.status" .
 199 
                    " --status $statusDir/$destination.status" .
153 
                    " --config $configFile";
 200 
                    " --config $configFile";
154 
      print "$command\n" if $verbose;
 201 
      print "$command\n" if $verbose;
- 
 
 202 
      # run the command.
155 
      system ( $command );
 203 
      system ( $command );
- 
 
 204 
      #  openvpn always appears to have a return code of 0, so we need to look at the logs to see if we had success or failure
156 
      if ( &getPid ( $destination ) ) {
 205 
      my $status = &verifyUp( "$logDir/$destination.log" );
- 
 
 206 
      if ( $status == 1 ) { # good run, so we just say it
157 
         return "$destination is active";
 207 
         return "$destination now active with PID " . &getPid( $destination );
158 
      } else {
 208 
      } else {
159 
         return "There was a failure in the command, check $logDir/$destination.log\nCommand was\n$command";
 209 
         return "There was a failure in the command, check $logDir/$destination.log\nCommand was\n$command";
160 
      }
 210 
      }
161 
   } else {
 211 
   } else {
162 
      return "Could not open '$configFile'";
 212 
      return "Could not open '$configFile'";
163 
   }
 213 
   }
164 
   return "The connection is already active";
 214 
   return "We should never reach this point in startConnection";
165 
}
 215 
}
166 
 
 216 
 
167 
# kill all active connections
 217 
# kill all active connections
168 
sub killALL {
 218 
sub killALL {
169 
   my $sessions = &getSessions();
 219 
   my $sessions = &getSessions();
Line 218... Line 268...
218 
   die "Kill requires you to be root, use sudo\n" if $<;
 268 
   die "Kill requires you to be root, use sudo\n" if $<;
219 
   $status = ( $kill eq 'ALL' ) ? &killALL() : &killConnection( $kill );
 269 
   $status = ( $kill eq 'ALL' ) ? &killALL() : &killConnection( $kill );
220 
   print "$status\n" unless $quiet;
 270 
   print "$status\n" unless $quiet;
221 
} elsif ( $destination ) {
 271 
} elsif ( $destination ) {
222 
   die "Start requires you to be root, use sudo\n" if $<;
 272 
   die "Start requires you to be root, use sudo\n" if $<;
223 
   my $status =  &startConnection( $destination ) unless &getPid( $destination );
 273 
   my $status =  &startConnection( $destination );
224 
   print "$status\n" unless $quiet;
 274 
   print "$status\n" unless $quiet;
225 
}
 275 
}
226 
 
 276 
 
227 
&printSessions() if $show;
 277 
&printSessions() if $show;
228 
 
 278