YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[enh] Make use of new logging facilities with the cli in the firewall

Browse source
This commit is contained in:
Jérôme Lebleu 2015-11-12 22:39:09 +01:00
parent 71a21d71d2
commit 4978e48c9d
2 changed files with 42 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
bin/yunohost
View file

@ -18,11 +18,12 @@ PRINT_PLAIN = False
# Level for which loggers will log # Level for which loggers will log
LOGGERS_LEVEL = 'INFO' LOGGERS_LEVEL = 'INFO'
TTY_LOG_LEVEL = 'SUCCESS'
# Handlers that will be used by loggers # Handlers that will be used by loggers
# - file: log to the file LOG_DIR/LOG_FILE # - file: log to the file LOG_DIR/LOG_FILE
# - console: log to stderr # - tty: log to current tty
LOGGERS_HANDLERS = ['file'] LOGGERS_HANDLERS = ['file', 'tty']
# Directory and file to be used by logging # Directory and file to be used by logging
LOG_DIR = '/var/log/yunohost' LOG_DIR = '/var/log/yunohost'
@ -54,30 +55,30 @@ def _check_in_devel():
def _parse_argv(): def _parse_argv():
"""Parse additional arguments and return remaining ones""" """Parse additional arguments and return remaining ones"""
global USE_CACHE, PRINT_JSON, PRINT_PLAIN
global TTY_LOG_LEVEL, LOGGERS_LEVEL, LOGGERS_HANDLERS
argv = list(sys.argv) argv = list(sys.argv)
argv.pop(0) argv.pop(0)
if '--no-cache' in argv: if '--no-cache' in argv:
global USE_CACHE
USE_CACHE = False USE_CACHE = False
argv.remove('--no-cache') argv.remove('--no-cache')
if '--json' in argv: if '--json' in argv:
global PRINT_JSON
PRINT_JSON = True PRINT_JSON = True
argv.remove('--json') argv.remove('--json')
if '--plain' in argv: if '--plain' in argv:
global PRINT_PLAIN
PRINT_PLAIN = True PRINT_PLAIN = True
argv.remove('--plain') argv.remove('--plain')
if '--debug' in argv: if '--debug' in argv:
global LOGGERS_LEVEL LOGGERS_LEVEL = TTY_LOG_LEVEL = 'DEBUG'
LOGGERS_LEVEL = 'DEBUG'
argv.remove('--debug') argv.remove('--debug')
if '--verbose' in argv: if '--verbose' in argv:
global LOGGERS_HANDLERS TTY_LOG_LEVEL = 'INFO'
if 'console' not in LOGGERS_HANDLERS:
LOGGERS_HANDLERS.append('console')
argv.remove('--verbose') argv.remove('--verbose')
if '--quiet' in argv:
if 'tty' in LOGGERS_HANDLERS:
LOGGERS_HANDLERS.remove('tty')
argv.remove('--quiet')
return argv return argv
def _init_moulinette(): def _init_moulinette():
@ -89,33 +90,35 @@ def _init_moulinette():
'version': 1, 'version': 1,
'disable_existing_loggers': True, 'disable_existing_loggers': True,
'formatters': { 'formatters': {
'simple': {
'format': '%(relativeCreated)-5d %(levelname)-8s %(name)s - %(message)s'
},
'precise': { 'precise': {
'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(message)s' 'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
},
},
'filters': {
'action': {
'()': 'moulinette.utils.log.ActionFilter',
}, },
}, },
'handlers': { 'handlers': {
'console': { 'tty': {
'class': 'logging.StreamHandler', 'level': TTY_LOG_LEVEL,
'formatter': 'simple', 'class': 'moulinette.interfaces.cli.TTYHandler',
'stream': 'ext://sys.stderr',
}, },
'file': { 'file': {
'class': 'logging.FileHandler', 'class': 'logging.FileHandler',
'formatter': 'precise', 'formatter': 'precise',
'filename': '%s/%s' % (LOG_DIR, LOG_FILE), 'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
'filters': ['action'],
}, },
}, },
'loggers': { 'loggers': {
'moulinette': { 'moulinette': {
'level': LOGGERS_LEVEL,
'handlers': LOGGERS_HANDLERS, 'handlers': LOGGERS_HANDLERS,
'level': LOGGERS_LEVEL,
}, },
'yunohost': { 'yunohost': {
'level': LOGGERS_LEVEL,
'handlers': LOGGERS_HANDLERS, 'handlers': LOGGERS_HANDLERS,
'level': LOGGERS_LEVEL,
}, },
}, },
} }

40
src/yunohost/firewall.py
View file

@ -83,8 +83,7 @@ def firewall_allow(protocol, port, ipv4_only=False, ipv6_only=False,
firewall[i][p].append(port) firewall[i][p].append(port)
else: else:
ipv = "IPv%s" % i[3] ipv = "IPv%s" % i[3]
msignals.display(m18n.n('port_already_opened', port, ipv), logger.warning(m18n.n('port_already_opened', port, ipv))
'warning')
# Add port forwarding with UPnP # Add port forwarding with UPnP
if not no_upnp and port not in firewall['uPnP'][p]: if not no_upnp and port not in firewall['uPnP'][p]:
firewall['uPnP'][p].append(port) firewall['uPnP'][p].append(port)
@ -141,8 +140,7 @@ def firewall_disallow(protocol, port, ipv4_only=False, ipv6_only=False,
firewall[i][p].remove(port) firewall[i][p].remove(port)
else: else:
ipv = "IPv%s" % i[3] ipv = "IPv%s" % i[3]
msignals.display(m18n.n('port_already_closed', port, ipv), logger.warning(m18n.n('port_already_closed', port, ipv))
'warning')
# Remove port forwarding with UPnP # Remove port forwarding with UPnP
if upnp and port in firewall['uPnP'][p]: if upnp and port in firewall['uPnP'][p]:
firewall['uPnP'][p].remove(port) firewall['uPnP'][p].remove(port)
@ -214,9 +212,9 @@ def firewall_reload(skip_upnp=False):
try: try:
process.check_output("iptables -L") process.check_output("iptables -L")
except process.CalledProcessError as e: except process.CalledProcessError as e:
logger.info('iptables seems to be not available, it outputs:\n%s', logger.debug('iptables seems to be not available, it outputs:\n%s',
prependlines(e.output.rstrip(), '> ')) prependlines(e.output.rstrip(), '> '))
msignals.display(m18n.n('iptables_unavailable'), 'info') logger.warning(m18n.n('iptables_unavailable'))
else: else:
rules = [ rules = [
"iptables -F", "iptables -F",
@ -243,9 +241,9 @@ def firewall_reload(skip_upnp=False):
try: try:
process.check_output("ip6tables -L") process.check_output("ip6tables -L")
except process.CalledProcessError as e: except process.CalledProcessError as e:
logger.info('ip6tables seems to be not available, it outputs:\n%s', logger.debug('ip6tables seems to be not available, it outputs:\n%s',
prependlines(e.output.rstrip(), '> ')) prependlines(e.output.rstrip(), '> '))
msignals.display(m18n.n('ip6tables_unavailable'), 'info') logger.warning(m18n.n('ip6tables_unavailable'))
else: else:
rules = [ rules = [
"ip6tables -F", "ip6tables -F",
@ -282,9 +280,9 @@ def firewall_reload(skip_upnp=False):
os.system("service fail2ban restart") os.system("service fail2ban restart")
if errors: if errors:
msignals.display(m18n.n('firewall_rules_cmd_failed'), 'warning') logger.warning(m18n.n('firewall_rules_cmd_failed'))
else: else:
msignals.display(m18n.n('firewall_reloaded'), 'success') logger.success(m18n.n('firewall_reloaded'))
return firewall_list() return firewall_list()
@ -306,7 +304,7 @@ def firewall_upnp(action='status', no_refresh=False):
# Compatibility with previous version # Compatibility with previous version
if action == 'reload': if action == 'reload':
logger.warning("'reload' action is deprecated and will be removed") logger.info("'reload' action is deprecated and will be removed")
try: try:
# Remove old cron job # Remove old cron job
os.remove('/etc/cron.d/yunohost-firewall') os.remove('/etc/cron.d/yunohost-firewall')
@ -349,14 +347,14 @@ def firewall_upnp(action='status', no_refresh=False):
nb_dev = upnpc.discover() nb_dev = upnpc.discover()
logger.debug('found %d UPnP device(s)', int(nb_dev)) logger.debug('found %d UPnP device(s)', int(nb_dev))
if nb_dev < 1: if nb_dev < 1:
msignals.display(m18n.n('upnp_dev_not_found'), 'error') logger.error(m18n.n('upnp_dev_not_found'))
enabled = False enabled = False
else: else:
try: try:
# Select UPnP device # Select UPnP device
upnpc.selectigd() upnpc.selectigd()
except: except:
logger.exception('unable to select UPnP device') logger.info('unable to select UPnP device', exc_info=1)
enabled = False enabled = False
else: else:
# Iterate over ports # Iterate over ports
@ -374,8 +372,8 @@ def firewall_upnp(action='status', no_refresh=False):
upnpc.addportmapping(port, protocol, upnpc.lanaddr, upnpc.addportmapping(port, protocol, upnpc.lanaddr,
port, 'yunohost firewall: port %d' % port, '') port, 'yunohost firewall: port %d' % port, '')
except: except:
logger.exception('unable to add port %d using UPnP', logger.info('unable to add port %d using UPnP',
port) port, exc_info=1)
enabled = False enabled = False
if enabled != firewall['uPnP']['enabled']: if enabled != firewall['uPnP']['enabled']:
@ -390,9 +388,9 @@ def firewall_upnp(action='status', no_refresh=False):
if not no_refresh: if not no_refresh:
# Display success message if needed # Display success message if needed
if action == 'enable' and enabled: if action == 'enable' and enabled:
msignals.display(m18n.n('upnp_enabled'), 'success') logger.success(m18n.n('upnp_enabled'))
elif action == 'disable' and not enabled: elif action == 'disable' and not enabled:
msignals.display(m18n.n('upnp_disabled'), 'success') logger.success(m18n.n('upnp_disabled'))
# Make sure to disable UPnP # Make sure to disable UPnP
elif action != 'disable' and not enabled: elif action != 'disable' and not enabled:
firewall_upnp('disable', no_refresh=True) firewall_upnp('disable', no_refresh=True)
@ -455,6 +453,6 @@ def _update_firewall_file(rules):
def _on_rule_command_error(returncode, cmd, output): def _on_rule_command_error(returncode, cmd, output):
"""Callback for rules commands error""" """Callback for rules commands error"""
# Log error and continue commands execution # Log error and continue commands execution
logger.error('"%s" returned non-zero exit status %d:\n%s', logger.info('"%s" returned non-zero exit status %d:\n%s',
cmd, returncode, prependlines(output.rstrip(), '> ')) cmd, returncode, prependlines(output.rstrip(), '> '))
return True return True