From: John M. <gi...@gi...> - 2014-01-30 06:02:47
|
check-system-configuration.sh: check for common problems Instead of installing /etc/rsyslog.d/linuxcnc.conf, /etc/security/limits.d/linuxcnc.conf and /etc/udev/rules.d/50-LINUXCNC-shmdrv.rules from Makefile in RIP builds, run check-system-configuration.sh after 'make setuid' to check for these configuration problems and report to the user. At the same time, add those missing files to non-RIP installs and to Debian packaging. check-system-configuration.sh is the former check-logging.sh, renamed and extended. (Installing the files with $(FILE) also ensures these files are installed world-readable; installing with 'cp' under buildbot's funky 077 netmask nullifies their purpose.) http://git.linuxcnc.org/?p=linuxcnc.git;a=commitdiff;h=cf53d83 --- debian/linuxcnc.files.in | 2 + scripts/check-logging.sh | 43 ----------- scripts/check-system-configuration.sh | 141 ++++++++++++++++++++++++++++++++++ src/Makefile | 32 +++----- 4 files changed, 154 insertions(+), 64 deletions(-) diff --git a/debian/linuxcnc.files.in b/debian/linuxcnc.files.in index 8d67bc6..7649da2 100644 --- a/debian/linuxcnc.files.in +++ b/debian/linuxcnc.files.in @@ -1,5 +1,7 @@ etc/linuxcnc/* etc/rsyslog.d/linuxcnc.conf +etc/security/limits.d/linuxcnc.conf +etc/udev/rules.d/50-LINUXCNC-shmdrv.rules etc/X11/app-defaults/* usr/lib/*.so.* usr/lib/tcltk/linuxcnc diff --git a/scripts/check-logging.sh b/scripts/check-logging.sh deleted file mode 100755 index 48721da..0000000 --- a/scripts/check-logging.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -# check logging - see if config and log files exist and -# log entries actually appear -# this assumes rsyslogd - -logfile=/var/log/linuxcnc.log -logconf=/etc/rsyslog.d/linuxcnc.conf - -if test ! -f $logfile -then - echo "$logfile does not exist - consider running 'sudo make log'" - exit 1 -fi - -if test ! -f $logconf -then - echo "$logconf does not exist - consider running 'sudo make log'" - exit 1 -fi - -grep -q SystemLogRateLimitBurst $logconf >/dev/null 2>/dev/null - -if [ $? -ne 0 ] -then - echo "the rsyslogd rate limit is not set - consider running 'sudo make log'" - exit 1 -fi - -tag=`echo $$|md5sum|tr -d '-'` - -logger -p local1.debug logtest:$tag -sleep 0.5 -if grep logtest:$tag $logfile >/dev/null 2>/dev/null -then - # logging works - exit 0 -else - echo strange - $logconf and $logfile exist, but logging does not work - echo please fix manually - exit 1 -fi - diff --git a/scripts/check-system-configuration.sh b/scripts/check-system-configuration.sh new file mode 100755 index 0000000..841124f --- /dev/null +++ b/scripts/check-system-configuration.sh @@ -0,0 +1,141 @@ +#!/bin/bash + +# check-system-configuration.sh: see if config and log files exist and +# log entries actually appear + +# +# Check rsyslog configuration +# +# This assumes rsyslogd. +# +# Rsyslogd can drop debug messages from LinuxCNC when coming in a too +# high a rate. This is controlled by the SystemLogRateLimitBurst +# parameter. +check-rsyslog() { + local logfile=/var/log/linuxcnc.log + local logconf=/etc/rsyslog.d/linuxcnc.conf + + local res=0 + local nologfile=false + if test ! -f $logfile + then + echo "Warning: Logfile '$logfile' does not exist." + echo " Hint: Be sure the (possibly empty) logfile exists;" + echo " and restart rsyslogd; rsyslogd will not create" + echo " missing files." + echo + res=1 + nologfile=true + fi + + if test ! -f $logconf || ! grep -q SystemLogRateLimitBurst $logconf; then + res=1 + echo "Warning: No rate limit in rsyslogd is set." + echo " The rsyslogd drops logs when incoming at higher than" + echo " the rate configured by 'SystemLogRateLimitBurst'. The" + echo " default rate is lower than LinuxCNC requires when" + echo " running in debug mode." + echo " Hint: Put src/rtapi/rsyslogd-linuxcnc.conf into" + echo " /etc/rsyslog.d/linuxcnc.conf for a reasonable default," + echo " and restart rsyslogd." + echo " " + echo + fi + test $res -ne 0 && return 1 + + tag=logtest:`echo $$|md5sum|tr -d '-'` + + logger -p local1.debug $tag + sleep 0.5 + if grep -q $tag $logfile >/dev/null 2>/dev/null + then + # logging works + return 0 + else + echo "Warning: Logging appears to be not working:" + echo " Both $logconf and" + echo " $logfile exist, but a test" + echo " did not appear in the log. Please investigate." + echo + return 1 + fi +} + +# +# Check /etc/security/limits.d configuration +# +# Xenomai needs higher memlock ulimit than the default 64k +# +check-ulimits() { + local ulimit_conf=/etc/security/limits.d/linuxcnc.conf + # a guess at what a reasonable memlock value should be + local reasonable_memlock=32767 + + # If $ulimit_conf exists, assume that the contents are correct + if test -f $ulimit_conf; then + return 0 + fi + + # Otherwise, look for a reasonable setting for memlock. + # + # Assumption: the 'memlock' setting comes from the last entry in + # these files, and <domain> and <type> fields are correct + export LC_COLLATE=C + memlock=0 + for f in /etc/security/limits.conf /etc/security/limits.d/*.conf; do + mtmp=$(awk '$3=="memlock" {m=$4} END {print m}' $f) + test -n "$mtmp" && memlock=$mtmp + done + + if ! test $memlock = unlimited -o \ + $(($memlock>$reasonable_memlock)) = 1; then + echo "Warning: $ulimit_conf does not exist, and a reasonable" + echo " 'memlock' value not found in configuration." + echo " Please check the system configuration and correct." + echo " Hint: src/rtapi/shmdrv/limits.d-linuxcnc.conf may" + echo " be a reasonable example to install in" + echo " $ulimit_conf." + echo + return 1 + fi +} + + +# +# Check shmdrv udev configuration +# +# The shmdrv converged shared memory driver for kthreads flavors must +# be accessible. Look for a 'shmdrv.rules' file. +check-shmdrv() { + local udev_conf=/etc/udev/rules.d/50-LINUXCNC-shmdrv.rules + + # If $udev_conf exists, assume the contents are correct + if test -f $udev_conf; then + return 0 + fi + + # Otherwise, assume any KERNEL=="shmdrv" setting is correct + for f in /etc/udev/rules.d/*.rules; do + if grep -q 'KERNEL=="shmdrv"' $f; then + return 0 + fi + done + + # If we're here, we found no sign of udev configuration. + echo "Warning: No udev configuration for shmdrv was found." + echo " The user running LinuxCNC must have write access to" + echo " /dev/shmdrv when running kernel threads. This may" + echo " be configured in /etc/udev/rules.d." + echo " Hint: see src/rtapi/shmdrv/shmdrv.rules for a" + echo " reasonable default." + echo + return 1 +} + + +res=0 +check-rsyslog || res=1 +check-ulimits || res=1 +check-shmdrv || res=1 + +exit $res diff --git a/src/Makefile b/src/Makefile index 6b869e5..032e605 100755 --- a/src/Makefile +++ b/src/Makefile @@ -143,17 +143,9 @@ ifeq ($(RUN_IN_PLACE)+$(BUILD_DRIVERS),yes+yes) $(VECHO) -n "You now need to run 'sudo make setuid' " && \ $(VECHO) "in order to run in place." || true endif -# see if logging is set up properly - @-../scripts/check-logging.sh endif # BUILD_ALL_FLAVORS -log: - $(Q)echo installing log configuration to /etc/rsyslog.d/linuxcnc.conf - $(Q)cp rtapi/rsyslogd-linuxcnc.conf /etc/rsyslog.d/linuxcnc.conf - $(Q)echo restarting rsyslogd - $(Q)service rsyslog restart - OBJDIR := objects/$(RTDIR_EXT) DEPDIR := depends/$(RTDIR_EXT) @@ -649,27 +641,19 @@ endif fix_perms = test -f $(1) && chown root $(1) && chmod 4750 $(1) || true ifeq ($(BUILD_DRIVERS),yes) -setuid: /etc/udev/rules.d/50-LINUXCNC-shmdrv.rules \ - /etc/security/limits.d/linuxcnc.conf +setuid: $(call fix_perms,../libexec/linuxcnc_module_helper) $(call fix_perms,../libexec/pci_read) $(call fix_perms,../libexec/pci_write) $(foreach f,$(filter-out %-kernel,$(BUILD_THREAD_FLAVORS)),\ $(call fix_perms,../libexec/rtapi_app_$(f));) +# check system configuration: logging, ulimits, udev + @-../scripts/check-system-configuration.sh else setuid: @echo "'make setuid' is not needed if hardware drivers are not used" endif -/etc/security/limits.d/linuxcnc.conf: rtapi/shmdrv/limits.d-linuxcnc.conf - $(Q)echo installing $@ - $(Q)cp $^ $@ - -/etc/udev/rules.d/50-LINUXCNC-shmdrv.rules: rtapi/shmdrv/shmdrv.rules - $(Q)echo installing $@ - $(Q)cp $^ $@ - - # These rules allows a header file from this directory to be installed into # ../include. A pair of rules like these will exist in the Submakefile # of each file that contains headers. @@ -751,8 +735,10 @@ install-dirs: $(DESTDIR)$(datadir)/glade3/pixmaps \ $(DESTDIR)$(datadir)/gtksourceview-2.0/language-specs \ $(DESTDIR)$(datadir)/linuxcnc/pncconf/pncconf-help \ - $(DESTDIR)$(sysconfdir)/rsyslog.d - $(DIR) $(DESTDIR)$(sampleconfsdir) + $(DESTDIR)$(sysconfdir)/rsyslog.d \ + $(DESTDIR)$(sysconfdir)/security/limits.d \ + $(DESTDIR)$(sysconfdir)/udev/rules.d \ + $(DESTDIR)$(sampleconfsdir) install-kernel-indep: install-dirs $(FILE) ../docs/man/man1/*.1 $(DESTDIR)$(mandir)/man1 @@ -814,6 +800,10 @@ endif $(FILE) ../share/gtksourceview-2.0/language-specs/*.lang $(DESTDIR)$(datadir)/gtksourceview-2.0/language-specs/ $(FILE) rtapi/rsyslogd-linuxcnc.conf $(DESTDIR)$(sysconfdir)/rsyslog.d/linuxcnc.conf + $(FILE) rtapi/shmdrv/limits.d-linuxcnc.conf \ + $(DESTDIR)$(sysconfdir)/security/limits.d/linuxcnc.conf + $(FILE) rtapi/shmdrv/shmdrv.rules \ + $(DESTDIR)$(sysconfdir)/udev/rules.d/50-LINUXCNC-shmdrv.rules ifeq ($(BUILD_PYTHON),yes) install-kernel-indep: install-python |