ClusterCockpit/cc-metric-collector
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-metric-collector.git synced 2025-07-20 11:51:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ClusterCockpit:v0.7.1
Branches Tags
ClusterCockpit:main ClusterCockpit:develop ClusterCockpit:numastats_config_fix ClusterCockpit:nvidia_energy_metrics ClusterCockpit:cc-docs ClusterCockpit:nfsio_remount_fix ClusterCockpit:cc_lib_switch ClusterCockpit:rapl_collector_limits ClusterCockpit:likwidMetric-cycleclock ClusterCockpit:perf_collectors ClusterCockpit:check_file_perm_and_user ClusterCockpit:nats_nkey_support ClusterCockpit:likwid_collector_lock_file ClusterCockpit:amqp_sink ClusterCockpit:mqtt_sink ClusterCockpit:likwidenergy ClusterCockpit:syslog_sink ClusterCockpit:nvidia_running_average ClusterCockpit:slurm_cgroup_collector ClusterCockpit:snmp_receiver ClusterCockpit:app_metric_collector ClusterCockpit:lustre_jobstats_collector ClusterCockpit:smartmon_collector ClusterCockpit:httpsink_with_batchsize ClusterCockpit:http_stats ClusterCockpit:sqlite3_sink
ClusterCockpit:v0.7.2 ClusterCockpit:v0.7.1 ClusterCockpit:v0.7.0 ClusterCockpit:v0.6.7 ClusterCockpit:v0.6.6 ClusterCockpit:v0.6.5 ClusterCockpit:v0.6.4 ClusterCockpit:v0.6.3 ClusterCockpit:v0.6.2 ClusterCockpit:v0.6.1 ClusterCockpit:v0.6.0 ClusterCockpit:v0.5.1 ClusterCockpit:v0.5 ClusterCockpit:v0.4 ClusterCockpit:v0.3 ClusterCockpit:v0.2 ClusterCockpit:v0.1
...
compare: ClusterCockpit:check_file_perm_and_user
Branches Tags
ClusterCockpit:main ClusterCockpit:develop ClusterCockpit:numastats_config_fix ClusterCockpit:nvidia_energy_metrics ClusterCockpit:cc-docs ClusterCockpit:nfsio_remount_fix ClusterCockpit:cc_lib_switch ClusterCockpit:rapl_collector_limits ClusterCockpit:likwidMetric-cycleclock ClusterCockpit:perf_collectors ClusterCockpit:check_file_perm_and_user ClusterCockpit:nats_nkey_support ClusterCockpit:likwid_collector_lock_file ClusterCockpit:amqp_sink ClusterCockpit:mqtt_sink ClusterCockpit:likwidenergy ClusterCockpit:syslog_sink ClusterCockpit:nvidia_running_average ClusterCockpit:slurm_cgroup_collector ClusterCockpit:snmp_receiver ClusterCockpit:app_metric_collector ClusterCockpit:lustre_jobstats_collector ClusterCockpit:smartmon_collector ClusterCockpit:httpsink_with_batchsize ClusterCockpit:http_stats ClusterCockpit:sqlite3_sink
ClusterCockpit:v0.7.2 ClusterCockpit:v0.7.1 ClusterCockpit:v0.7.0 ClusterCockpit:v0.6.7 ClusterCockpit:v0.6.6 ClusterCockpit:v0.6.5 ClusterCockpit:v0.6.4 ClusterCockpit:v0.6.3 ClusterCockpit:v0.6.2 ClusterCockpit:v0.6.1 ClusterCockpit:v0.6.0 ClusterCockpit:v0.5.1 ClusterCockpit:v0.5 ClusterCockpit:v0.4 ClusterCockpit:v0.3 ClusterCockpit:v0.2 ClusterCockpit:v0.1

7 Commits
v0.7.1 ... check_file

Author SHA1 Message Date
Thomas Roehl
d210f02603 Merge branch 'check_file_perm_and_user' of github.com:ClusterCockpit/cc-metric-collector into check_file_perm_and_user 2024-12-21 18:16:35 +01:00
Thomas Roehl
b9e6f50d5f Change config file permissions in GH Action 2024-12-21 18:16:25 +01:00
Thomas Roehl
d15eba8fe8 Re-add test configuration files with changed permissions 2024-12-21 18:12:54 +01:00
Thomas Roehl
f83a342e28 Remove test CI configuration 2024-12-21 18:11:22 +01:00
Thomas Roehl
03d5486413 Add check for configuration files to be owned by user and have perm 0600. Fixes #33 2024-12-21 03:45:53 +01:00
Thomas Roehl
ee4e1baf5b Fix Release part 2024-12-20 21:07:33 +01:00
Thomas Roehl
94c80307e8 Fix Release part 2024-12-20 21:03:03 +01:00
3 changed files with 77 additions and 10 deletions
Expand all files Collapse all files

20
.github/workflows/Release.yml vendored
View File

@@ -73,21 +73,21 @@ jobs:
NEW_SRPM=${OLD_SRPM/el8/alma8} NEW_SRPM=${OLD_SRPM/el8/alma8}
mv "${OLD_RPM}" "${NEW_RPM}" mv "${OLD_RPM}" "${NEW_RPM}"
mv "${OLD_SRPM}" "${NEW_SRPM}" mv "${OLD_SRPM}" "${NEW_SRPM}"
echo "EL8_SRPM=${NEW_SRPM}" >> $GITHUB_OUTPUT echo "SRPM=${NEW_SRPM}" >> $GITHUB_OUTPUT
echo "EL8_RPM=${NEW_RPM}" >> $GITHUB_OUTPUT echo "RPM=${NEW_RPM}" >> $GITHUB_OUTPUT
# See: https://github.com/actions/upload-artifact # See: https://github.com/actions/upload-artifact
- name: Save RPM as artifact - name: Save RPM as artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: cc-metric-collector RPM for AlmaLinux 8 name: cc-metric-collector RPM for AlmaLinux 8
path: ${{ steps.rpmrename.outputs.EL8_RPM }} path: ${{ steps.rpmrename.outputs.RPM }}
overwrite: true overwrite: true
- name: Save SRPM as artifact - name: Save SRPM as artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: cc-metric-collector SRPM for AlmaLinux 8 name: cc-metric-collector SRPM for AlmaLinux 8
path: ${{ steps.rpmrename.outputs.EL8_SRPM }} path: ${{ steps.rpmrename.outputs.SRPM }}
overwrite: true overwrite: true
# #
@@ -152,21 +152,21 @@ jobs:
NEW_SRPM=${OLD_SRPM/el9/alma9} NEW_SRPM=${OLD_SRPM/el9/alma9}
mv "${OLD_RPM}" "${NEW_RPM}" mv "${OLD_RPM}" "${NEW_RPM}"
mv "${OLD_SRPM}" "${NEW_SRPM}" mv "${OLD_SRPM}" "${NEW_SRPM}"
echo "EL9_SRPM=${NEW_SRPM}" >> $GITHUB_OUTPUT echo "SRPM=${NEW_SRPM}" >> $GITHUB_OUTPUT
echo "EL9_RPM=${NEW_RPM}" >> $GITHUB_OUTPUT echo "RPM=${NEW_RPM}" >> $GITHUB_OUTPUT
# See: https://github.com/actions/upload-artifact # See: https://github.com/actions/upload-artifact
- name: Save RPM as artifact - name: Save RPM as artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: cc-metric-collector RPM for AlmaLinux 9 name: cc-metric-collector RPM for AlmaLinux 9
path: ${{ steps.rpmrename.outputs.EL9_RPM }} path: ${{ steps.rpmrename.outputs.RPM }}
overwrite: true overwrite: true
- name: Save SRPM as artifact - name: Save SRPM as artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: cc-metric-collector SRPM for AlmaLinux 9 name: cc-metric-collector SRPM for AlmaLinux 9
path: ${{ steps.rpmrename.outputs.EL9_SRPM }} path: ${{ steps.rpmrename.outputs.SRPM }}
overwrite: true overwrite: true
# #
@@ -235,6 +235,10 @@ jobs:
# See: https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e?container-tabs=gti # See: https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e?container-tabs=gti
container: redhat/ubi9 container: redhat/ubi9
# The job outputs link to the outputs of the 'rpmbuild' step # The job outputs link to the outputs of the 'rpmbuild' step
# The job outputs link to the outputs of the 'rpmbuild' step
outputs:
rpm : ${{steps.rpmbuild.outputs.RPM}}
srpm : ${{steps.rpmbuild.outputs.SRPM}}
steps: steps:
# Use dnf to install development packages # Use dnf to install development packages

15
.github/workflows/runonce.yml vendored
View File

@@ -33,6 +33,11 @@ jobs:
- name: Build MetricCollector - name: Build MetricCollector
run: make run: make
- name: Set config file permissions
run: |
chown $USER .github/ci*.json
chmod 0600 .github/ci*.json
- name: Run MetricCollector once - name: Run MetricCollector once
run: ./cc-metric-collector --once --config .github/ci-config.json run: ./cc-metric-collector --once --config .github/ci-config.json
@@ -59,6 +64,11 @@ jobs:
- name: Build MetricCollector - name: Build MetricCollector
run: make run: make
- name: Set config file permissions
run: |
chown $USER .github/ci*.json
chmod 0600 .github/ci*.json
- name: Run MetricCollector once - name: Run MetricCollector once
run: ./cc-metric-collector --once --config .github/ci-config.json run: ./cc-metric-collector --once --config .github/ci-config.json
@@ -85,6 +95,11 @@ jobs:
- name: Build MetricCollector - name: Build MetricCollector
run: make run: make
- name: Set config file permissions
run: |
chown $USER .github/ci*.json
chmod 0600 .github/ci*.json
- name: Run MetricCollector once - name: Run MetricCollector once
run: ./cc-metric-collector --once --config .github/ci-config.json run: ./cc-metric-collector --once --config .github/ci-config.json

50
cc-metric-collector.go
View File

@@ -3,6 +3,7 @@ package main
import ( import (
"encoding/json" "encoding/json"
"flag" "flag"
"fmt"
"os" "os"
"os/signal" "os/signal"
"syscall" "syscall"
@@ -15,9 +16,9 @@ import (
"sync" "sync"
"time" "time"
lp "github.com/ClusterCockpit/cc-energy-manager/pkg/cc-message"
mr "github.com/ClusterCockpit/cc-metric-collector/internal/metricRouter" mr "github.com/ClusterCockpit/cc-metric-collector/internal/metricRouter"
cclog "github.com/ClusterCockpit/cc-metric-collector/pkg/ccLogger" cclog "github.com/ClusterCockpit/cc-metric-collector/pkg/ccLogger"
lp "github.com/ClusterCockpit/cc-energy-manager/pkg/cc-message"
mct "github.com/ClusterCockpit/cc-metric-collector/pkg/multiChanTicker" mct "github.com/ClusterCockpit/cc-metric-collector/pkg/multiChanTicker"
) )
@@ -42,6 +43,27 @@ func LoadCentralConfiguration(file string, config *CentralConfigFile) error {
return err return err
} }
func ConfigFileCheck(file string) error {
info, err := os.Stat(file)
if err != nil {
cclog.Error("Cannot access file", file)
return err
}
uid := info.Sys().(*syscall.Stat_t).Uid
perm := info.Mode().Perm()
if uid != uint32(os.Getuid()) {
err = fmt.Errorf("file %s has a different owner", file)
return err
}
if perm != 0600 {
err = fmt.Errorf("file %s has a invalid permissions", file)
return err
}
return nil
}
type RuntimeConfig struct { type RuntimeConfig struct {
Interval time.Duration Interval time.Duration
Duration time.Duration Duration time.Duration
@@ -167,6 +189,12 @@ func mainFunc() int {
CliArgs: ReadCli(), CliArgs: ReadCli(),
} }
err = ConfigFileCheck(rcfg.CliArgs["configfile"])
if err != nil {
cclog.Error(err.Error())
return 1
}
// Load and check configuration // Load and check configuration
err = LoadCentralConfiguration(rcfg.CliArgs["configfile"], &rcfg.ConfigFile) err = LoadCentralConfiguration(rcfg.CliArgs["configfile"], &rcfg.ConfigFile)
if err != nil { if err != nil {
@@ -208,16 +236,31 @@ func mainFunc() int {
cclog.Error("Metric router configuration file must be set") cclog.Error("Metric router configuration file must be set")
return 1 return 1
} }
err = ConfigFileCheck(rcfg.ConfigFile.RouterConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
if len(rcfg.ConfigFile.SinkConfigFile) == 0 { if len(rcfg.ConfigFile.SinkConfigFile) == 0 {
cclog.Error("Sink configuration file must be set") cclog.Error("Sink configuration file must be set")
return 1 return 1
} }
err = ConfigFileCheck(rcfg.ConfigFile.SinkConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
if len(rcfg.ConfigFile.CollectorConfigFile) == 0 { if len(rcfg.ConfigFile.CollectorConfigFile) == 0 {
cclog.Error("Metric collector configuration file must be set") cclog.Error("Metric collector configuration file must be set")
return 1 return 1
} }
err = ConfigFileCheck(rcfg.ConfigFile.CollectorConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
// Set log file // Set log file
if logfile := rcfg.CliArgs["logfile"]; logfile != "stderr" { if logfile := rcfg.CliArgs["logfile"]; logfile != "stderr" {
@@ -260,6 +303,11 @@ func mainFunc() int {
// Create new receive manager // Create new receive manager
if len(rcfg.ConfigFile.ReceiverConfigFile) > 0 { if len(rcfg.ConfigFile.ReceiverConfigFile) > 0 {
err = ConfigFileCheck(rcfg.ConfigFile.ReceiverConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
rcfg.ReceiveManager, err = receivers.New(&rcfg.Sync, rcfg.ConfigFile.ReceiverConfigFile) rcfg.ReceiveManager, err = receivers.New(&rcfg.Sync, rcfg.ConfigFile.ReceiverConfigFile)
if err != nil { if err != nil {
cclog.Error(err.Error()) cclog.Error(err.Error())