Merge branch 'master' of gitlab.labs.nic.cz:turris/misc

21a03246 · Martin Strbacka · 4eb007f2 · 0670f45c · 21a03246 · 21a03246
Commit 21a03246 authored 10 years ago by Martin Strbacka
--- a/cacerts/get-api-crl
+++ b/cacerts/get-api-crl
@@ -15,7 +15,7 @@ echo | openssl s_client -connect api.turris.cz:443 -showcerts | awk -v c=-1 '/--

 for i in *.pem ; do
 	# This is a hack a bit, we expect the hostname to be crl\. something. Our CA satisfies this now and if it breaks, we would find out.
-	openssl x509 -in "$i" -noout -text | grep -o 'http://crl\..*' | xargs curl | openssl crl -inform der -out tmp.pem
+	openssl x509 -in "$i" -noout -text | grep -o 'http://crl\..*' | xargs curl -# | openssl crl -inform der -out tmp.pem
 	cat tmp.pem >>out.pem
 done
 mv out.pem /tmp/crl.pem
--- a/logsend/logsend.cron
+++ b/logsend/logsend.cron
 MAILTO=""
-5     *       *       *       *       root	/usr/bin/logsend.sh
+20     *       *       *       *       root	/usr/bin/logsend.sh
--- a/logsend/logsend.sh
+++ b/logsend/logsend.sh
@@ -28,11 +28,13 @@
 # Configuration
 set -ex

+ping -c1 -w10 api.turris.cz || true # Kick the resolution in early, giving unbound little bit more time
+
 # Download CRL for curl.
 get-api-crl

 # List of daemon names. Separate by \|, it's put into the regular expression.
-DAEMONS='ucollect\|updater\|watchdog\|oneshot\|nikola\|nethist'
+DAEMONS='ucollect\|updater\|watchdog\|oneshot\|nikola\|nethist\|logsend'

 BRANCH=$(getbranch || echo 'unknown')

@@ -48,7 +50,9 @@ CERT="/etc/ssl/startcom.pem"
 CRL="/etc/ssl/crl.pem"
 TMPFILE="/tmp/logsend.tmp"
 BUFFER="/tmp/logsend.buffer"
-trap 'rm -f "$TMPFILE" "$BUFFER"' EXIT ABRT QUIT TERM
+LOGFILE="/tmp/logsend.log"
+rm -f "$LOGFILE"
+trap 'rm -f "$TMPFILE" "$BUFFER" "$LOGFILE"' EXIT ABRT QUIT TERM

 # Don't load the server all at once. With NTP-synchronized time, and
 # thousand clients, it would make spikes on the CPU graph and that's not
@@ -56,6 +60,7 @@ trap 'rm -f "$TMPFILE" "$BUFFER"' EXIT ABRT QUIT TERM
 sleep $(( $(tr -cd 0-9 </dev/urandom | head -c 8 | sed -e 's/^0*//' ) % 120 ))

 cp /tmp/logs.last.sha1 "$TMPFILE" || true
+set +e
 # Grep regexp: Month date time hostname daemon
 # tail ‒ limit the size of upload
 (
@@ -67,7 +72,12 @@ cp /tmp/logs.last.sha1 "$TMPFILE" || true
 	tail -n 10000 >"$BUFFER"

 (
-	atsha204cmd file-challenge-response <"$BUFFER"
+	atsha204cmd file-challenge-response <"$BUFFER" 2>>"$LOGFILE"
 	cat "$BUFFER"
-) | curl --compress --cacert "$CERT" --crlfile "$CRL" -T - "$BASEURL$RID" -X POST -f
-mv "$TMPFILE" /tmp/logs.last.sha1
+) | curl -# --compress --cacert "$CERT" --crlfile "$CRL" -T - "$BASEURL$RID" -X POST -f 2>>"$LOGFILE"
+if [ "$?" = 0 ] ; then
+	mv "$TMPFILE" /tmp/logs.last.sha1
+fi
+if [ -f "$LOGFILE" ] ; then
+	logger -t logsend -p daemon.error <"$LOGFILE"
+fi