From 054d71538da4d3344b03442a103ea039a2e66fdd Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 28 Sep 2022 17:37:11 +0200 Subject: [PATCH 1/5] Check time sync in prereqs --- lib/prerequisites.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 4e03530..a89aa54 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -65,6 +65,16 @@ if [ -e /etc/bridgehead/vault.conf ]; then fi fi +if ! which timedatectl > /dev/null; then + log ERROR "systemd time sync is missing -- please install package containing timedatectl" + exit 1 +fi + +if ! timedatectl show | grep NTPSynchronized=yes >/dev/null; then + log ERROR "This server's clock is not synchronized with a time server. This will cause Samply.Beam's certificate will fail. Please enter a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." + exit 1 +fi + log INFO "Success - all prerequisites are met!" exit 0 From 7d13eace3233a74fcc4ec5fb7ae02d230bfd9f11 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 30 Sep 2022 17:02:05 +0200 Subject: [PATCH 2/5] Check clock skew even smarter --- lib/prerequisites.sh | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index a89aa54..b338d7c 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -65,13 +65,28 @@ if [ -e /etc/bridgehead/vault.conf ]; then fi fi -if ! which timedatectl > /dev/null; then - log ERROR "systemd time sync is missing -- please install package containing timedatectl" +log INFO "Checking network access ($BROKER_URL) ..." + +source /etc/bridgehead/${PROJECT}.conf +source ${PROJECT}/vars + +set +e +SERVERTIME=$(curl -I $BROKER_URL) +if [ $? -ne 0 ]; then + log ERROR "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings." exit 1 fi +set -e -if ! timedatectl show | grep NTPSynchronized=yes >/dev/null; then - log ERROR "This server's clock is not synchronized with a time server. This will cause Samply.Beam's certificate will fail. Please enter a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." +log INFO "Checking clock skew ..." + +SERVERTIME=$(echo $SERVERTIME | grep -i ^Date: | cut -d: -f2- | sed 's/^ *\(.*\).*/\1/') +SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s) +MYTIME=$(date +%s) +SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME)) +SKEW=$(echo $SKEW | awk -F- '{print $NF}') +if [ $SKEW -ge 300 ]; then + log ERROR "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." exit 1 fi From 1d05137bb9cb99e56b246512e1936edfb99f9ba7 Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Fri, 30 Sep 2022 17:13:28 +0200 Subject: [PATCH 3/5] Use proxy in time check --- lib/prerequisites.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index b338d7c..9a1e39f 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -71,7 +71,7 @@ source /etc/bridgehead/${PROJECT}.conf source ${PROJECT}/vars set +e -SERVERTIME=$(curl -I $BROKER_URL) +SERVERTIME=$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -I $BROKER_URL) if [ $? -ne 0 ]; then log ERROR "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings." exit 1 From f52012008d22d4fab53cb1418234b344e1b6aacf Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Fri, 30 Sep 2022 17:36:07 +0200 Subject: [PATCH 4/5] Update prerequisites.sh --- lib/prerequisites.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 9a1e39f..28958b3 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -71,16 +71,16 @@ source /etc/bridgehead/${PROJECT}.conf source ${PROJECT}/vars set +e -SERVERTIME=$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -I $BROKER_URL) +SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -v $BROKER_URL 2>&1)" if [ $? -ne 0 ]; then - log ERROR "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings." + log ERROR "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\"." exit 1 fi set -e log INFO "Checking clock skew ..." -SERVERTIME=$(echo $SERVERTIME | grep -i ^Date: | cut -d: -f2- | sed 's/^ *\(.*\).*/\1/') +SERVERTIME=$(echo -e "$SERVERTIME" | grep Date | sed -e 's/< Date: //') SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s) MYTIME=$(date +%s) SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME)) @@ -88,6 +88,8 @@ SKEW=$(echo $SKEW | awk -F- '{print $NF}') if [ $SKEW -ge 300 ]; then log ERROR "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." exit 1 +elif [ $SKEW -ge 60 ]; then + log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server." fi log INFO "Success - all prerequisites are met!" From 091402eea03ebab5159cce0eb33eaafdd932ee83 Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Fri, 30 Sep 2022 17:42:53 +0200 Subject: [PATCH 5/5] Update prerequisites.sh --- lib/prerequisites.sh | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 28958b3..0bb7882 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -72,24 +72,26 @@ source ${PROJECT}/vars set +e SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -v $BROKER_URL 2>&1)" -if [ $? -ne 0 ]; then - log ERROR "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\"." - exit 1 -fi +RET=$? set -e +if [ $RET -ne 0 ]; then + log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication." + log WARN "Unable to check clock skew due to previous error." +else + log INFO "Checking clock skew ..." -log INFO "Checking clock skew ..." - -SERVERTIME=$(echo -e "$SERVERTIME" | grep Date | sed -e 's/< Date: //') -SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s) -MYTIME=$(date +%s) -SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME)) -SKEW=$(echo $SKEW | awk -F- '{print $NF}') -if [ $SKEW -ge 300 ]; then - log ERROR "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." - exit 1 -elif [ $SKEW -ge 60 ]; then - log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server." + SERVERTIME=$(echo -e "$SERVERTIME" | grep Date | sed -e 's/< Date: //') + SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s) + MYTIME=$(date +%s) + SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME)) + SKEW=$(echo $SKEW | awk -F- '{print $NF}') + SYNCTEXT="For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." + if [ $SKEW -ge 300 ]; then + log ERROR "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. $SYNCTEXT" + exit 1 + elif [ $SKEW -ge 60 ]; then + log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server. $SYNCTEXT" + fi fi log INFO "Success - all prerequisites are met!"