Merge pull request #510 from bergware/master

Added Dokcer/VM XML files to diagnostics
2026-03-10 04:49:14 -05:00 · 2019-09-01 22:17:36 -07:00
parent ad988f5b99 6955d5508d
commit e05850baa4
12 changed files with 141 additions and 18 deletions
--- a/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -371,7 +371,7 @@ class DockerUpdate{
 		} else {
 			$manifestURL = sprintf( 'https://registry-1.docker.io/v2/%s/manifests/%s', $strRepo, $strTag );
 		}
-		$this->debug('Manifest URL: ' . $manifestURL);
+		//$this->debug('Manifest URL: ' . $manifestURL);

 		/*
 		 * Step 2: Get www-authenticate header from manifest url to generate token url
@@ -379,13 +379,13 @@ class DockerUpdate{
 		$ch = getCurlHandle($manifestURL, 'HEAD');
 		$response = curl_exec( $ch );
 		if (curl_errno($ch) !== 0) {
-			$this->debug('Error: curl error getting manifest: ' . curl_error($ch));
+			//$this->debug('Error: curl error getting manifest: ' . curl_error($ch));
 			return null;
 		}

 		preg_match('@www-authenticate:\s*Bearer\s*(.*)@i', $response, $matches);
 		if (empty($matches[1])) {
-			$this->debug('Error: Www-Authenticate header is empty or missing');
+			//this->debug('Error: Www-Authenticate header is empty or missing');
 			return null;
 		}

@@ -400,7 +400,7 @@ class DockerUpdate{
 			return null;
 		}
 		$url = $args['realm'] . '?service=' . urlencode($args['service']) . '&scope=' . urlencode($args['scope']);
-		$this->debug('Token URL: ' . $url);
+		//$this->debug('Token URL: ' . $url);

 		/**
 		 * Step 3: Get token from API and authenticate via username / password if in private registry and auth data was found
@@ -411,12 +411,12 @@ class DockerUpdate{
 		}
 		$response = curl_exec( $ch );
 		if (curl_errno($ch) !== 0) {
-			$this->debug('Error: curl error getting token: ' . curl_error($ch));
+			//$this->debug('Error: curl error getting token: ' . curl_error($ch));
 			return null;
 		}
 		$response = json_decode($response, true);
 		if (!$response || empty($response['token'])) {
-			$this->debug('Error: Token response was empty or missing token');
+			//$this->debug('Error: Token response was empty or missing token');
 			return null;
 		}
 		$token = $response['token'];
@@ -426,22 +426,22 @@ class DockerUpdate{
 		 */
 		$ch = getCurlHandle($manifestURL, 'HEAD');
 		curl_setopt( $ch, CURLOPT_HTTPHEADER, [
-			'Accept: application/vnd.docker.distribution.manifest.v2+json',
+			'Accept: application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.docker.distribution.manifest.v2+json',
 			'Authorization: Bearer ' . $token
 		]);

 		$response = curl_exec( $ch );
 		if (curl_errno($ch) !== 0) {
-			$this->debug('Error: curl error getting manifest: ' . curl_error($ch));
+			//$this->debug('Error: curl error getting manifest: ' . curl_error($ch));
 			return null;
 		}
 		preg_match('@Docker-Content-Digest:\s*(.*)@', $response, $matches);
 		if (empty($matches[1])) {
-			$this->debug('Error: Docker-Content-Digest header is empty or missing');
+			//$this->debug('Error: Docker-Content-Digest header is empty or missing');
 			return null;
 		}
 		$digest = trim($matches[1]);
-		$this->debug('Remote Digest: ' . $digest);
+		//$this->debug('Remote Digest: ' . $digest);
 		return $digest;
 	}

--- a/plugins/dynamix/DiskSettings.page
+++ b/plugins/dynamix/DiskSettings.page
@@ -4,8 +4,8 @@ Icon="icon-disks"
 Tag="icon-disk"
 ---
 <?PHP
-/* Copyright 2005-2018, Lime Technology
- * Copyright 2012-2018, Bergware International.
+/* Copyright 2005-2019, Lime Technology
+ * Copyright 2012-2019, Bergware International.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2,
@@ -36,7 +36,7 @@ function doDispatch(form) {
 <?endif;?>
  fields['#cfg'] = "/boot/config/plugins/dynamix/dynamix.cfg";
  fields['#cleanup'] = true;
-  $(form).find('input[name^="display_"]').each(function(){fields[$(this).attr('name')] = $(this).val(); $(this).prop('disabled',true);});
+  $(form).find('input[name^="display_"],select[name^="display_"]').each(function(){fields[$(this).attr('name')] = $(this).val(); $(this).prop('disabled',true);});
  $.post('/webGui/include/Dispatcher.php',fields);
 }
 function prepareDiskSettings(form) {
@@ -131,6 +131,17 @@ Default file system:
 >
 > The default file system type for a single or multi-device cache is always Btrfs.

+Cache encryption passphrase:
+: <select name="display_keyfile" size="1">
+  <?=mk_option($display['keyfile'], "", "No")?>
+  <?=mk_option($display['keyfile'], "1", "Yes")?>
+  </select>
+
+> By default the user is asked to enter the passphrase each time the array is restarted.<br>
+> Caching the passphrase allows for restarting the array without intervention once the passphrase is entered the first time
+>
+> Note: the passphrase is lost after a system reboot or system powerdown and must be re-entered
+
 Shutdown time-out:
 : <input type="text" name="shutdownTimeout" maxlength="10" value="<?=$var['shutdownTimeout']?>" class="narrow">

--- a/plugins/dynamix/ManagementAccess.page
+++ b/plugins/dynamix/ManagementAccess.page
@@ -192,7 +192,6 @@ Use UPnP:
 > Enable (default) or disable the UPnP function on the server. This function allows automatic forwarding of ports on the router, only applicable when UPnP is enabled on the router itself.

 <?endif;?>
-
 Use SSL/TLS:
 : <select name="USE_SSL" size="1" onchange="updateSSL(this.form)">
  <?=mk_option($var['USE_SSL'], "auto", "Auto")?>
--- a/plugins/dynamix/event/started/delete_keyfile
+++ b/plugins/dynamix/event/started/delete_keyfile
@@ -0,0 +1,2 @@
+#!/bin/bash
+[[ -f /root/keyfile && -z $(grep -Po '^keyfile="\K[^"]+' /boot/config/plugins/dynamix/dynamix.cfg 2>/dev/null) ]] && rm -f /root/keyfile
--- a/plugins/dynamix/event/stopped/delete_keyfile
+++ b/plugins/dynamix/event/stopped/delete_keyfile
@@ -0,0 +1,2 @@
+#!/bin/bash
+[[ -f /root/keyfile && -z $(grep -Po '^keyfile="\K[^"]+' /boot/config/plugins/dynamix/dynamix.cfg 2>/dev/null) ]] && rm -f /root/keyfile
--- a/plugins/dynamix/include/green-on.png
+++ b/plugins/dynamix/include/green-on.png
--- a/plugins/dynamix/include/red-on.png
+++ b/plugins/dynamix/include/red-on.png
--- a/plugins/dynamix/include/yellow-on.png
+++ b/plugins/dynamix/include/yellow-on.png
--- a/plugins/dynamix/scripts/diagnostics
+++ b/plugins/dynamix/scripts/diagnostics
@@ -1,7 +1,7 @@
 #!/usr/bin/php -q
 <?PHP
-/* Copyright 2005-2018, Lime Technology
- * Copyright 2012-2018, Bergware International.
+/* Copyright 2005-2019, Lime Technology
+ * Copyright 2012-2019, Bergware International.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2,
@@ -72,7 +72,7 @@ if ($cli) {
  $date = "{$split[2]}-{$split[3]}";
 }
 // create folder structure
-exert("mkdir -p ".escapeshellarg("/$diag/system")." ".escapeshellarg("/$diag/config")." ".escapeshellarg("/$diag/logs")." ".escapeshellarg("/$diag/shares")." ".escapeshellarg("/$diag/smart")." ".escapeshellarg("/$diag/qemu"));
+exert("mkdir -p ".escapeshellarg("/$diag/system")." ".escapeshellarg("/$diag/config")." ".escapeshellarg("/$diag/logs")." ".escapeshellarg("/$diag/shares")." ".escapeshellarg("/$diag/smart")." ".escapeshellarg("/$diag/qemu")." ".escapeshellarg("/$diag/xml"));
 // get utilization of running processes
 exert("top -bn1 -o%CPU 2>/dev/null|todos >".escapeshellarg("/$diag/system/top.txt"));
 // make Unraid version reference
@@ -227,8 +227,14 @@ if ($qemu) {
      exert("truncate -s '<$max' ".escapeshellarg("$log.txt"));
    }
  }
-} else
+} else {
  file_put_contents("/$diag/qemu/no qemu log files","");
+}
+// copy VM XML config files
+exert("cp /etc/libvirt/qemu/*.xml ".escapeshellarg("/$diag/xml")." 2>/dev/null");
+// anonymize MAC OSK info
+exert("sed -ri 's/(,osk=).+/\\1.../' ".escapeshellarg("/$diag/xml/*.xml")." 2>/dev/null");
+
 // copy syslog information (anonymize if applicable)
 $max = 2*1024*1024; //=2MB
 foreach (glob("/var/log/syslog*") as $file) {
--- a/plugins/dynamix/scripts/upnp_poller
+++ b/plugins/dynamix/scripts/upnp_poller
@@ -0,0 +1,44 @@
+#!/bin/bash
+while :; do
+  if [[ -x /usr/bin/upnpc ]]; then
+    UPNP=/var/tmp/upnp
+    XML=$(cat $UPNP 2>/dev/null)
+    LINK=eth0
+    [[ -e /sys/class/net/bond0 ]] && LINK=bond0
+    [[ -e /sys/class/net/br0 ]] && LINK=br0
+    if [[ -n $XML ]]; then
+      # validate XML
+      timeout 6 stdbuf -o0 upnpc -u $XML -m $LINK -l 2>&1|grep -qm1 'refused'
+      [[ $? -ne 1 ]] && XML=
+    fi
+    if [[ -z $XML ]]; then
+      # obtain XML
+      GW=$(ip -4 route list default dev $LINK|awk '{print $3}')
+      DESC=$(timeout 12 stdbuf -o0 upnpc -m $LINK -l 2>/dev/null|grep -Po 'desc: \K.+')
+      for URL in $DESC; do
+        IP=${URL#*://}
+        if [[ ${IP%:*} == $GW ]]; then
+          XML=$URL
+          echo -n $XML >$UPNP
+          break
+        fi
+      done
+    fi
+    if [[ -n $XML ]]; then
+      # upnp on router is enabled, get active tunnels
+      TUNNEL=$(wg show interfaces)
+      UPNP=$(timeout 6 stdbuf -o0 upnpc -u $XML -m $LINK -l 2>/dev/null|grep -Po "WireGuard-\Kwg[0-9]+"|tr '\n' ' ')
+      for WG in $TUNNEL; do
+        if [[ -z $(grep -Pom1 'UPNP:0="\K.[^"]+' /etc/wireguard/$WG.cfg) && ! ${UPNP[@]} =~ "$WG " ]]; then
+          # port forwarding is closed; re-open it
+          IP=$(ip -4 addr show dev $LINK|grep -Pom1 'inet \K.[^/]+')
+          PORT=$(wg show $WG listen-port)
+          upnpc -u $XML -m $LINK -e "WireGuard-$WG" -a $IP $PORT $PORT udp >/dev/null 2>&1
+          [[ $? -eq 0 ]] && logger -t upnpc "Added port $PORT/udp" || logger -t upnpc "Failed to add port $PORT/udp"
+        fi
+      done
+    fi
+  fi
+  # loop every 3 minutes
+  sleep 180
+done &
--- a/plugins/dynamix/scripts/upnp_poller_start
+++ b/plugins/dynamix/scripts/upnp_poller_start
@@ -0,0 +1,3 @@
+#!/bin/bash
+POLLER=/usr/local/emhttp/webGui/scripts/upnp_poller
+[[ -z $(pgrep -f $POLLER) ]] && $POLLER
--- a/plugins/dynamix/scripts/upnp_port
+++ b/plugins/dynamix/scripts/upnp_port
@@ -0,0 +1,56 @@
+#!/bin/bash
+# upnp_port add link descr ip port port udp
+# upnp_port del link port udp
+
+# exit if not executable
+[[ ! -x /usr/bin/upnpc ]] && exit 0
+
+LINK=$2
+UPNP=/var/tmp/upnp
+XML=$(cat $UPNP 2>/dev/null)
+
+if [[ -n $XML ]]; then
+  # validate XML
+  timeout 6 stdbuf -o0 upnpc -u $XML -m $LINK -l 2>&1|grep -qm1 'refused'
+  [[ $? -ne 1 ]] && XML=
+fi
+if [[ -z $XML ]]; then
+  # obtain XML
+  GW=$(ip -4 route list default dev $LINK|awk '{print $3}')
+  DESC=$(timeout 12 stdbuf -o0 upnpc -m $LINK -l 2>/dev/null|grep -Po 'desc: \K.+')
+  for URL in $DESC; do
+    IP=${URL#*://}
+    if [[ ${IP%:*} == $GW ]]; then
+      XML=$URL
+      echo -n $XML >$UPNP
+      break
+    fi
+  done
+fi
+# exit when no XML
+[[ -z $XML ]] && exit 0
+
+WG=$(wg show interfaces)
+POLLER=/usr/local/emhttp/webGui/scripts/upnp_poller
+
+case $1 in
+add)
+  upnpc -u $XML -m $LINK -e $3 -a $4 $5 $6 $7 >/dev/null 2>&1
+  if [[ $? -eq 0 ]]; then
+    [[ -n $WG ]] && at -M -f ${POLLER}_start now 2>/dev/null
+    logger -t upnpc "Added port $5/$7"
+  else
+    logger -t upnpc "Failed to add port $5/$7"
+  fi
+  ;;
+del)
+  upnpc -u $XML -m $LINK -d $3 $4 >/dev/null 2>&1
+  if [[ $? -eq 0 ]]; then
+    [[ -z $WG && -n $(pgrep -f $POLLER) ]] && pkill -f $POLLER
+    logger -t upnpc "Deleted port $3/$4"
+  else
+    logger -t upnpc "Failed to delete port $3/$4"
+  fi
+  ;;
+esac
+exit 0