Merge pull request #39 from angelabriel/master

bsc#1161791 - change the UserTasksMax handling in saptune

main.go

@@ -935,7 +935,6 @@ func NoteActionEnabled(writer io.Writer, tuneApp *app.App) {
 	}
 }
 
-
 // SolutionAction  Solution actions like apply, revert, verify asm.
 func SolutionAction(actionName, solName string) {
 	switch actionName {

ospackage/man/saptune-note.5

@@ -15,7 +15,7 @@
 .\" */
 .\" 
 
-.TH "saptune-note" "5" "January 2020" "" "saptune note file format description"
+.TH "saptune-note" "5" "February 2020" "" "saptune note file format description"
 .SH NAME
 saptune\-note - Note definition files for saptune version \fB2\fP
 .SH DESCRIPTION
@@ -186,13 +186,15 @@ The section "[login]" manipulates the behaviour of the systemd login manager.
 This section can \fBonly\fP contain the following option:
 .TP
 .BI UserTasksMax= STRING
+This option is only available on SLE12. In SLE15 the limit is removed from the systemd login manager and therefore the setting is no longer supported by saptune.
+
 This option configures a parameter of the systemd login manager. It sets the maximum number of OS tasks each user may run concurrently. The behaviour of the systemd login manager was changed starting SLES12SP2 to prevent fork bomb attacks.
 
 Recommended value is '\fBinfinity\fP'.
 
 If set, the drop-in file \fI/etc/systemd/logind.conf.d/saptune-UserTasksMax.conf\fP is created and for all currently logged in users the maximum number of OS tasks each user may run concurrently is changed using the command '\fBsystemctl --runtime set-property user-<uid>.slice TasksMax=<value>\fP'.
 .br
-After creating the drop-in file the \fIsystemd-logind.service\fP will be restarted.
+After creating the drop-in file the \fIsystemd-logind.service\fP will be reloaded.
 
 ATTENTION: With this setting your system is vulnerable to fork bomb attacks
 \" section mem

ospackage/usr/share/saptune/notes/1410736

@@ -1,11 +1,11 @@
 # 1410736 - TCP/IP: setting keepalive interval
 # Description:    Set keepalive interval
-# Version 5 from Jan 13, 2020 in English
+# Version 6 from Jan 13, 2020 in English
 
 [version]
-# SAP-NOTE=1410736 CATEGORY=NET VERSION=5 DATE=13.01.2020 NAME="TCP/IP: setting keepalive interval"
+# SAP-NOTE=1410736 CATEGORY=NET VERSION=6 DATE=13.01.2020 NAME="TCP/IP: setting keepalive interval"
 
 [sysctl]
 net.ipv4.tcp_keepalive_time = 300
 net.ipv4.tcp_keepalive_intvl = 75
-net.ipv4.tcp_probes = 9
+net.ipv4.tcp_keepalive_probes = 9

ospackage/usr/share/saptune/notes/2578899

@@ -5,17 +5,6 @@
 [version]
 # SAP-NOTE=2578899 CATEGORY=LINUX VERSION=20 DATE=29.11.2019 NAME="SUSE LINUX Enterprise Server 15: Installation notes"
 
-[login]
-# /etc/systemd/logind.conf.d/saptune-UserTasksMax.conf UserTasksMax setting
-# This file configures a parameter of the systemd login manager
-# It sets the maximum number of OS tasks each user may run concurrently
-# The behaviour of the systemd login manager was changed starting SLES12SP2
-# to prevent fork bomb attacks.
-# The value for UserTasksMax will be set to 'infinity'
-# With this setting your system is vulnerable to fork bomb attacks
-#
-UserTasksMax=infinity
-
 [service]
 # start the related services
 uuidd.socket=start

ospackage/usr/share/saptune/scripts/upd_helper

@@ -206,6 +206,17 @@ delete_notes() {
     done
 }
 
+cleanup_savestates() {
+    # cleanup older, no longer handled savedState files
+    param_filelist="/var/lib/saptune/parameter/IO_SCHEDULER_sr* /var/lib/saptune/parameter/IO_SCHEDULER_dm-*"
+    for i in $param_filelist ; do
+        [ -f "$i" ] && rm -f "$i"
+    done
+    sle_vers=$(sed -n "s%.*baseversion>\(.*\)</base.*%\1%p" /etc/products.d/baseproduct)
+    [[ $sle_vers != 12 ]] && rm -f /var/lib/saptune/parameter/UserTasksMax
+    [[ $sle_vers != 12 ]] && rm -f /etc/systemd/logind.conf.d/saptune-UserTasksMax.conf
+}
+
 case "$upd_opt" in
 v1tov2pi)
     # called from the postinstall script of saptune, if installation was an
@@ -224,4 +235,9 @@ sle12to15pt)
     change_note_names
     delete_notes
     ;;
+cleanup)
+    # called from the postinstall script of saptune to clean up some leftover
+    # files from older saptune operations
+    cleanup_savestates
+    ;;
 esac

sap/note/ini.go

@@ -408,7 +408,11 @@ func (vend INISettings) createParamSavedStates(key, flstates string) {
 	// do not write parameter values to the saved state file during
 	// a pure 'verify' action
 	if _, ok := vend.ValuesToApply["verify"]; !ok && vend.SysctlParams[key] != "" {
-		CreateParameterStartValues(key, vend.SysctlParams[key])
+		start := vend.SysctlParams[key]
+		if key == "UserTasksMax" {
+			start = system.GetTasksMax("0")
+		}
+		CreateParameterStartValues(key, start)
 		if key == "force_latency" {
 			CreateParameterStartValues("fl_states", flstates)
 		}

sap/note/ini_sections.go

@@ -622,11 +622,20 @@ func OptLoginVal(cfgval string) string {
 func SetLoginVal(key, value string, revert bool) error {
 	switch key {
 	case "UserTasksMax":
+		// set limit per active user (for both - revert and apply)
+		if value != "" && value != "NA" {
+			for _, userID := range system.GetCurrentLogins() {
+				if err := system.SetTasksMax(userID, value); err != nil {
+					return err
+				}
+			}
+		}
+		// handle drop-in file
 		if revert && IsLastNoteOfParameter(key) {
 			// revert - remove logind drop-in file
 			os.Remove(path.Join(LogindConfDir, LogindSAPConfFile))
-			// restart systemd-logind.service
-			err := system.SystemctlRestart("systemd-logind.service")
+			// reload-or-try-restart systemd-logind.service
+			err := system.SystemctlReloadTryRestart("systemd-logind.service")
 			return err
 		}
 		if value != "" && value != "NA" {
@@ -642,21 +651,14 @@ func SetLoginVal(key, value string, revert bool) error {
 			if err := ioutil.WriteFile(path.Join(LogindConfDir, LogindSAPConfFile), []byte(LogindSAPConfContent), 0644); err != nil {
 				return err
 			}
-			// restart systemd-logind.service
-			if err := system.SystemctlRestart("systemd-logind.service"); err != nil {
+			// reload-or-try-restart systemd-logind.service
+			if err := system.SystemctlReloadTryRestart("systemd-logind.service"); err != nil {
 				return err
 			}
 			if value == "infinity" {
 				system.WarningLog("Be aware: system-wide UserTasksMax is now set to infinity according to SAP recommendations.\n" +
 					"This opens up entire system to fork-bomb style attacks.")
 			}
-			// set per user
-			for _, userID := range system.GetCurrentLogins() {
-				//oldLimit := system.GetTasksMax(userID)
-				if err := system.SetTasksMax(userID, value); err != nil {
-					return err
-				}
-			}
 		}
 	}
 	return nil

system/daemon.go

@@ -34,6 +34,16 @@ func SystemctlRestart(thing string) error {
 	return nil
 }
 
+// SystemctlReloadTryRestart call systemctl reload on thing.
+func SystemctlReloadTryRestart(thing string) error {
+	if IsSystemRunning() {
+		if out, err := exec.Command("systemctl", "reload-or-try-restart", thing).CombinedOutput(); err != nil {
+			return ErrorLog("%v - Failed to call systemctl reload-or-try-restart on %s - %s", err, thing, string(out))
+		}
+	}
+	return nil
+}
+
 // SystemctlStart call systemctl start on thing.
 func SystemctlStart(thing string) error {
 	if IsSystemRunning() {

system/daemon_test.go

@@ -41,6 +41,12 @@ func TestSystemctl(t *testing.T) {
 	if !SystemctlIsRunning(testService) {
 		t.Fatalf("service '%s' not running\n", testService)
 	}
+	if err := SystemctlReloadTryRestart(testService); err != nil {
+		t.Fatal(err)
+	}
+	if !SystemctlIsRunning(testService) {
+		t.Fatalf("service '%s' not running\n", testService)
+	}
 	if err := SystemctlStop(testService); err != nil {
 		t.Fatal(err)
 	}

system/system.go

@@ -55,6 +55,15 @@ func GetOsName() string {
 	return matches[1]
 }
 
+// IsSLE15 returns true, if System is running a SLE15 release
+func IsSLE15() bool {
+	var re = regexp.MustCompile(`15-SP\d+`)
+	if GetOsName() == "SLES" && (GetOsVers() == "15" || re.MatchString(GetOsVers())) {
+		return true
+	}
+	return false
+}
+
 // CheckForPattern returns true, if the file is available and
 // contains the expected string
 func CheckForPattern(file, pattern string) bool {

system/system_test.go

@@ -35,6 +35,14 @@ func TestGetOsVers(t *testing.T) {
 	}
 }
 
+func TestIsSLE15(t *testing.T) {
+	if IsSLE15() {
+		t.Logf("found SLE15 OS version\n")
+	} else {
+		t.Logf("OS version is '%s'\n", GetOsVers())
+	}
+}
+
 func TestCmdIsAvailable(t *testing.T) {
 	if !CmdIsAvailable("/usr/bin/go") {
 		t.Fatal("'/usr/bin/go' not found")

txtparser/ini.go

@@ -26,6 +26,9 @@ var RegexKeyOperatorValue = regexp.MustCompile(`([\w.+_-]+)\s*([<=>]+)\s*["']*(.
 // counter to control the [block] section detected warning
 var blckCnt = 0
 
+// counter to control the [login] section info message
+var loginCnt = 0
+
 // INIEntry contains a single key-value pair in INI file.
 type INIEntry struct {
 	Section  string
@@ -151,6 +154,13 @@ func ParseINI(input string) *INIFile {
 			// Skip comments, empty, and irregular lines.
 			continue
 		}
+		if kov[1] == "UserTasksMax" && system.IsSLE15() {
+			if loginCnt == 0 {
+				system.InfoLog("UserTasksMax setting no longer supported on SLE15 releases. Leaving system's default unchanged.")
+			}
+			loginCnt = loginCnt + 1
+			continue
+		}
 		if currentSection == "limits" {
 			for _, limits := range strings.Split(kov[3], ",") {
 				limits = strings.TrimSpace(limits)