aboutsummaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2016-10-27 09:57:35 -0400
committerB Stack <bgstack15@gmail.com>2016-10-27 09:57:35 -0400
commitb37d1fa1f1deda881eef751358917c29f38871b8 (patch)
tree9ce4a391f1ace15689fa55b8f321ec20cfc722cf /etc
downloadkeepalive-b37d1fa1f1deda881eef751358917c29f38871b8.tar.gz
keepalive-b37d1fa1f1deda881eef751358917c29f38871b8.tar.bz2
keepalive-b37d1fa1f1deda881eef751358917c29f38871b8.zip
Added to git
Diffstat (limited to 'etc')
-rw-r--r--etc/keepalive/README.txt30
-rwxr-xr-xetc/keepalive/bin/keepalive251
-rw-r--r--etc/keepalive/bin/keepalive.sh261
-rw-r--r--etc/keepalive/docs/debian/conffiles1
-rw-r--r--etc/keepalive/docs/debian/control13
-rw-r--r--etc/keepalive/docs/debian/md5sums14
-rwxr-xr-xetc/keepalive/docs/debian/postinst5
-rwxr-xr-xetc/keepalive/docs/debian/postrm4
-rwxr-xr-xetc/keepalive/docs/debian/preinst17
-rwxr-xr-xetc/keepalive/docs/debian/prerm18
-rw-r--r--etc/keepalive/docs/keepalive.spec82
-rwxr-xr-xetc/keepalive/inc/localize_git.sh2
-rwxr-xr-xetc/keepalive/inc/scrub.py124
-rw-r--r--etc/keepalive/inc/scrub.txt14
-rw-r--r--etc/keepalive/keepalive.conf11
-rw-r--r--etc/keepalive/packaging.txt53
-rw-r--r--etc/logrotate.d/keepalive11
-rw-r--r--etc/rsyslog.d/keepalivelog.conf7
18 files changed, 918 insertions, 0 deletions
diff --git a/etc/keepalive/README.txt b/etc/keepalive/README.txt
new file mode 100644
index 0000000..84479c7
--- /dev/null
+++ b/etc/keepalive/README.txt
@@ -0,0 +1,30 @@
+File: etc/keepalive/README.txt
+Package: keepalive 1.0-6
+Author: bgstack15@gmail.com
+Startdate: 2016-06-07
+Title: Readme file for keepalive
+Purpose: All packages should come with a readme
+History:
+Usage: Read it.
+Reference: README.txt
+Improve:
+Document: Below this line
+
+### WELCOME
+To use the keepalive program, start the service.
+systemctl start keepalive.service
+
+### CHANGELOG
+keepalive 1.0-4 2016-06-07
+Changed packaging so bgscripts is a prerequisite, not a corequisite package so framework.sh exists before keepalive service is started for the first time.
+https://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch-advanced-packaging.html
+https://www.debian.org/doc/debian-policy/ch-relationships.html
+
+keepalive 1.0-5 2016-07-22
+Rewrote the application in python3
+
+2016-10-27 keepalive 1.0-6
+Added scrub.py subpackage
+Modified to be suitable for sharing on github
+
+### REFERENCE
diff --git a/etc/keepalive/bin/keepalive b/etc/keepalive/bin/keepalive
new file mode 100755
index 0000000..b603135
--- /dev/null
+++ b/etc/keepalive/bin/keepalive
@@ -0,0 +1,251 @@
+#!/usr/bin/python3 -u
+# File: /etc/keepalive/bin/keepalive
+# Author: bgstack15@gmail.com
+# Startdate: 2016-07-20
+# Title: Keepalive Script in Python
+# Purpose: To perform keepalive functionality in python. This is mostly a learning exercise in python.
+# History: 2016-07-21 Basic, hard-coded functionality working
+# Usage:
+# Reference:
+# keepalive-1.0-4 /etc/keepalive/bin/keepalive (shell script)
+# http://stackoverflow.com/questions/5574702/how-to-print-to-stderr-in-python#14981125
+# signals: /usr/include/x86_64-linux-gnu/bits/signum.h
+# https://docs.python.org/3/library/atexit.html
+# http://www.tutorialspoint.com/python/python_command_line_arguments.htm
+# https://docs.python.org/2/library/argparse.html#module-argparse
+# http://stackoverflow.com/questions/15848674/how-to-configparse-a-file-keeping-multiple-values-for-identical-keys
+# python3 -u from http://stackoverflow.com/questions/13069634/python-daemon-and-systemd-service#30189540
+# Improve:
+# x Add config parsing
+# x Add argument parsing
+# Do internal web calls instead of using curl (optional)
+# Add debug info
+
+#from __future__ import print_function
+import sys, os, socket, subprocess, re, time, platform
+#import requests, requests_kerberos
+import signal, atexit
+import argparse, configparser
+from collections import OrderedDict
+
+keepaliveversion="2016-07-22b"
+
+class MultiOrderedDict(OrderedDict):
+ def __setitem__(self, key, value):
+ if isinstance(value, list) and key in self:
+ self[key].extend(value)
+ else:
+ super(OrderedDict, self).__setitem__(key, value)
+ #Reference: http://stackoverflow.com/questions/15848674/how-to-configparse-a-file-keeping-multiple-values-for-identical-keys
+
+def usage():
+ # now with argparse, this usage command is never used. It will be removed in a future version.
+ usage_string="""
+usage: keepalive [-duV] [-k <keytab>] [-r <refreshvalue>] [-i <infile1>]
+version """+keepaliveversion+"""
+ -d debug Show debugging info, including parsed variables.
+ -u usage Show this usage block.
+ -V version Show script version number.
+ -k keytab Overrides default keytab value. Default is """+keytab+"""
+ -i infile Overrides default infile value. Default is """+infile1+"""
+ -r refresh Overrides default wait time between checks. Default is """+str(refresh)+"""
+usage: keepalive out
+ Will log out of the proxy and exit
+Return values:
+0 Normal
+1 Help or version info displayed
+2 Could not start: could be already running, bad lockfile, bad keytab
+3 Incorrect OS type
+4 Unable to find dependency
+5 Not run as root or sudo
+"""
+ print(usage_string,file=sys.stderr)
+
+# DEFINE FUNCTIONS
+
+def klog(*s, **kwargs):
+ print(*s, file=sys.stderr, **kwargs)
+ # Ref: http://stackoverflow.com/questions/5574702/how-to-print-to-stderr-in-python#14981125
+
+def proxylogout(*logoutproxies):
+ try:
+ for word in logoutproxies:
+ subprocess.call(["/usr/bin/curl","-s","-o","/dev/null",word],stdout=subprocess.DEVNULL,stderr=subprocess.DEVNULL)
+ except BaseException as e:
+ # no proxies, so use default
+ subprocess.call(["/usr/bin/curl","-s","-o","/dev/null","http://proxylogout.example.com"],stdout=subprocess.DEVNULL,stderr=subprocess.DEVNULL)
+
+# DEFINE TRAPS
+
+def clean_keepalive(*reason):
+ thisreason=""
+ try:
+ thisreason=reason[0]
+ except BaseException as e:
+ thisreason="manual"
+
+ if thisreason == "normal":
+ klog("exiting at end of procedural run. This should not happen in production.")
+ elif thisreason == "clean":
+ # be silent because only doing the systemd unit ExecStopPost cleanup
+ pass
+ else:
+ klog("stopped by user")
+
+ try:
+ os.remove(lockfile)
+ except BaseException as e:
+ pass
+
+def CTRLC(signum=signal.SIGQUIT, frame=""):
+ print("This is CTRLC function")
+ sys.exit(1)
+
+def CTRLZ(signum=signal.SIGQUIT, frame=""):
+ print("This is CTRLZ")
+ sys.exit(2)
+
+# INITIALIZE VARIABLES
+servercaps=socket.gethostname().upper().split('.',1)[0]
+thisflavor=platform.dist()[0].lower()
+thisversion=platform.dist()[1]
+infile1="/etc/keepalive/keepalive.conf"
+
+# DEFAULT VARIABLES that can be adjusted by keepalive.conf
+lockfile="/tmp/.keepalive.py.lock"
+keytab="/etc/krb5.keytab"
+refresh=4
+proxies=[]
+proxies.append("https://proxy1.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=")
+proxies.append("https://proxy2.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=")
+logoutproxies=[]
+logoutproxies.append("http://proxylogout.example.com")
+
+# PARSE ARGUMENTS
+# Reference: https://docs.python.org/2/library/argparse.html#module-argparse
+parser = argparse.ArgumentParser(description="keep this host logged into the proxy")
+parser.add_argument("-d","--debug",help="enables debugging",action="store_true")
+parser.add_argument("-V","--version",help="",action="store_true")
+parser.add_argument("-k","--keytab",help="Overrides default keytab value",default="")
+parser.add_argument("-i","--infile","--inputfile",help="use a specific conf file",default="")
+parser.add_argument("-r","--refresh",type=int,help="Overrides default wait time",default=0)
+parser.add_argument("--out",action="store_true")
+parser.add_argument("--clean",action="store_true",help="")
+args = parser.parse_args()
+debug=0
+logoutonly=False
+cleanonly=False
+if args.debug: debug=1
+if args.version:
+ print("keepalive version",keepaliveversion)
+ sys.exit(0)
+if len(args.keytab) > 0: keytab=args.keytab
+if args.refresh > 0: refresh=args.refresh
+if len(args.infile) > 0: infile1=args.infile
+if args.out: logoutonly=True
+if args.clean: cleanonly=True
+
+# REACT TO OPERATING SYSTEM FLAVOR
+# this is different from the older shell keepalive, which relied on SYSTEM TYPE
+if thisflavor == "ubuntu" or thisflavor == "debian":
+ pass
+elif thisflavor == "centos" or thisflavor == "redhat":
+ pass
+else:
+ print("keepalive: 3. Unknown flavor:",thisflavor + ".","Aborted.",file=sys.stderr)
+ sys.exit(3)
+
+# REACT TO ROOT STATUS
+if os.geteuid() != 0:
+ print("keepalive: 5. Please run as root or sudo. Aborted.",file=sys.stderr)
+ sys.exit(5)
+
+# IF LOGOUT ONLY
+if logoutonly:
+ proxylogout(logoutproxies)
+ sys.exit(0)
+
+# IF CLEAN ONLY
+if cleanonly:
+ clean_keepalive("clean")
+ sys.exit(0)
+
+# READ CONFIG FILE stub
+if not os.path.isfile(infile1):
+ klog("4. Cannot find conf",infile1 + ".","Using defaults.")
+else:
+ # read config file here
+ config=configparser.RawConfigParser(dict_type=MultiOrderedDict,strict=False)
+ #config['keepalive']={'lockfile': '/tmp/.keepalive.py.lock',
+ # 'keytab': '/etc/krb5.keytab',
+ # 'refresh': '240',
+ # 'proxy': 'https://proxy1.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=',
+ # 'proxy': 'https://proxy2.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8='}
+ config.read(infile1)
+ # use the options from the config file
+ if len(config['keepalive']['lockfile'][0]) > 0: lockfile=config['keepalive']['lockfile'][0]
+ if len(config['keepalive']['keytab']) > 0: keytab=config['keepalive']['keytab'][0]
+ if len(config['keepalive']['refresh']) > 0: refresh=int(config['keepalive']['refresh'][0])
+ if len(config['keepalive']['proxy']) > 0:
+ proxies.clear()
+ else:
+ #no proxies configured! I guess we will leave the defaults in place then
+ pass
+ for word in config['keepalive']['proxy']: proxies.append(word)
+ if len(config['keepalive']['logoutproxy']) > 0:
+ logoutproxies.clear()
+ else:
+ # no logoutproxies configured! Leave the defaults in place
+ pass
+ for word in config['keepalive']['logoutproxy']: logoutproxies.append(word)
+
+# CREATE LOCKFILE ONLY IF IT DOES NOT EXIST
+if os.path.isfile(lockfile) == False:
+ lockf=open(lockfile,'w')
+ lockf.write(str(os.getpid()))
+ lockf.close()
+else:
+ klog("2. Could not create lockfile",lockfile + ".","Aborted.")
+ sys.exit(2)
+
+# EXIT IF KEYTABFILE IS INVALID
+if not os.path.isfile(lockfile):
+ klog("2. Could not find keytab",keytab + ".","Aborted.")
+ sys.exit(2)
+
+atexit.register(clean_keepalive)
+
+# works but not needed
+#signal.signal(signal.SIGINT, CTRLC)
+#signal.signal(signal.SIGCONT, CTRLZ)
+# Consider this research. Consider using 19 "SIGSTOP" which occurs at start of the interrupt-and-stop-job I think
+
+# MAIN LOOP
+a=False
+while a==False:
+ proxylogout(logoutproxies)
+
+ # Ensure kerberos ticket exists
+ try:
+ b=str(subprocess.check_output("klist",stderr=subprocess.DEVNULL))
+ except BaseException as e:
+ b=""
+
+ p = re.compile('.*principal: '+servercaps)
+ if p.match(b):
+ klog("valid ticket found")
+ else:
+ subprocess.call("kdestroy")
+ klog("requesting new ticket")
+ subprocess.call(["kinit","-kt",keytab,servercaps+"$"])
+
+ # So with valid kerberos ticket, perform actions against all proxies
+ for proxy in proxies:
+ subprocess.call(["/usr/bin/curl","-s","-o","/dev/null","--negotiate","-u:ignoreMe","-b","~/ProxyCookies.txt","-c","~/ProxyCookies.txt",proxy])
+ #print(proxy)
+
+ time.sleep(refresh)
+# END MAIN LOOP
+
+atexit.unregister(clean_keepalive)
+clean_keepalive("normal")
diff --git a/etc/keepalive/bin/keepalive.sh b/etc/keepalive/bin/keepalive.sh
new file mode 100644
index 0000000..d0a7714
--- /dev/null
+++ b/etc/keepalive/bin/keepalive.sh
@@ -0,0 +1,261 @@
+#!/bin/bash
+# Filename: keepalive
+# Location: LINUX one:/mnt/scripts/keepalive/bin
+# Author: bgstack15@gmail.com
+# Startdate: 2015-11-10 09:15:57
+# Title: Keepalive Script
+# Purpose:
+# History: 2015-11-10
+# 2015-11-12 uses local directory for default infile
+# 2016-06-02 Updated for bgscripts 1.1-6, so keepalive 1.0-3
+# 2016-07-22 This keepalive.sh is the keepalive-1.0-4 version before the project switched to python. This is included for historical reference only.
+# Usage:
+# Reference: ftemplate.sh 2015-11-06a; framework.sh 2015-07-10a
+# Proxy Keepalive for Linux Bash (Alice User1 2014-07-31)
+# Improve:
+fiversion="2015-11-30a"
+keepaliveversion="2016-06-02a"
+
+usage() {
+ less -F >&2 <<ENDUSAGE
+usage: keepalive [-duV] [-k <keytab>] [-r <refreshvalue>] [-i <infile1>]
+version ${keepaliveversion}
+ -d debug Show debugging info, including parsed variables.
+ -u usage Show this usage block.
+ -V version Show script version number.
+ -k keytab Overrides default keytab value. Default is ${keytab}
+ -i infile Overrides default infile value. Default is ${infile1}
+ -r refresh Overrides default wait time between checks. Default is ${refresh}
+usage: keepalive out
+ Will log out of the proxy and exit
+Return values:
+0 Normal
+1 Help or version info displayed
+2 Could not start: could be already running, bad lockfile, bad keytab
+3 Incorrect OS type
+4 Unable to find dependency
+5 Not run as root or sudo
+ENDUSAGE
+}
+
+# DEFINE FUNCTIONS
+function klog {
+ # abstracted out so I can either do a file or do syslog in the future easily
+ ferror "$@"
+ #echo "" | flecho "$@" 1>&2
+ #date "+[%Y-%m-%d %T] keepalive: $@" >&2
+ #logger "keepalive: $@"
+}
+
+function proxylogout {
+ # Logout the previously authenticated user
+ /usr/bin/curl -s -o /dev/null http://proxylogout.example.com >/dev/null 2>&1
+}
+
+# DEFINE TRAPS
+
+function clean_keepalive {
+ klog "stopping"
+ rm -f ${lockfile} >/dev/null 2>&1
+ [ ] #use at end of entire script if you need to clean up tmpfiles
+}
+
+function CTRLC {
+ #trap "CTRLC" 2
+ [ ] #useful for controlling the ctrl+c keystroke
+}
+
+function CTRLZ {
+ #trap "CTRLZ" 18
+ [ ] #useful for controlling the ctrl+z keystroke
+}
+
+function parseFlag {
+ flag=$1
+ hasval=0
+ case $flag in
+ # INSERT FLAGS HERE
+ "d" | "debug" | "DEBUG") debug=1;;
+ "u" | "usage" | "help") usage; exit 1;;
+ "V" | "fcheck" | "version") ferror "${scriptfile} version ${keepaliveversion}"; exit 1;;
+ "k" | "keytab" | "kfile" | "ktfile") getval; keytab=${tempval};;
+ "r" | "refresh" | "refreshtime") getval; refresh=${tempval};;
+ "i" | "infile" | "inputfile") getval; infile1=${tempval};;
+ esac
+
+ [[ debug -eq 1 ]] && { [[ hasval -eq 1 ]] && ferror "flag: $flag = $tempval" || ferror "flag: $flag"; }
+}
+
+# DETERMINE LOCATION OF FRAMEWORK
+while read flocation; do if [[ -x $flocation ]] && [[ $( $flocation --fcheck ) -ge 20160525 ]]; then frameworkscript=$flocation; break; fi; done <<EOFLOCATIONS
+${scriptdir}/framework.sh
+/usr/bgscripts/framework.sh
+/etc/keepalive/bin/framework.sh
+EOFLOCATIONS
+[[ -z "$frameworkscript" ]] && echo "$0: framework not found. Aborted." 1>&2 && exit 4
+
+# REACT TO OPERATING SYSTEM TYPE
+case $( uname -s ) in
+ AIX) echo "$scriptfile: 3. Linux-only script." 1>&2 && exit 3;;
+ Linux) [ ];;
+ *) echo "$scriptfile: 3. Indeterminate OS: $( uname -s )" 1>&2 && exit 3;;
+esac
+
+# INITIALIZE VARIABLES
+# variables set in framework:
+# today server thistty scriptdir scriptfile scripttrim
+# is_cronjob stdin_piped stdout_piped stderr_piped sendsh sendopts
+. ${frameworkscript} || echo "$0: framework did not run properly. Continuing..." 1>&2
+infile1=/etc/keepalive/keepalive.conf # can be adjusted on the cli
+outfile1=
+logfile=${scriptdir}/${scripttrim}.${today}.out
+interestedparties="bgstack15@example.com"
+servercaps=$( echo "${server}" | tr 'a-z' 'A-Z' )
+
+# DEFAULT VARIABLES THAT CAN BE ADJUSTED BY keepalive.conf
+lockfile="/tmp/.keepalive.lock"
+keytab=/etc/krb5.keytab
+refresh=4
+proxy1=https://proxy1.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=
+proxy2=https://proxy2.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=
+
+# REACT TO ROOT STATUS
+case $is_root in
+ 1) # proper root
+ [ ] ;;
+ sudo) # sudo to root
+ [ ] ;;
+ "") # not root at all
+ ferror "${scriptfile}: 5. Please run as root or sudo. Aborted."
+ exit 5
+ ;;
+esac
+
+# SET CUSTOM SCRIPT AND VALUES
+#setval 1 sendsh sendopts<<EOFSENDSH # if $1="1" then setvalout="critical-fail" on failure
+#/test/sysadmin/bin/bgstack15/send.sh -hs # setvalout maybe be "fail" otherwise
+#/test/sysadmin/bin/send.sh -hs
+#/usr/bin/mail -s
+#EOFSENDSH
+#[[ "$setvalout" = "critical-fail" ]] && ferror "${scriptfile}: 4. mailer not found. Aborted." && exit 4
+
+# VALIDATE PARAMETERS
+# objects before the dash are options, which get filled with the optvals
+# to debug flags, use option DEBUG
+validateparams - "$@"
+
+# CONFIRM TOTAL NUMBER OF FLAGLESSVALS IS CORRECT
+#if [[ $thiscount -lt 2 ]];
+#then
+# ferror "${scriptfile}: 1111. Fewer than 2 flaglessvals. Aborted."
+# exit 1111
+#fi
+
+# IF LOGOUT ONLY
+case "${opt1}" in
+ "out" | "logout") proxylogout; exit 0;; # probably will add the terminate-any-sessions command here
+ *) [ ];;
+esac
+
+# READ CONFIG FILE
+if [[ ! -f ${infile1} ]];
+then
+ klog "4. Cannot find conf ${infile1}. Using defaults."
+ ferror "${scriptfile}: 4. Cannot find conf ${infile1}. Using defaults."
+else
+ while read -r line
+ do
+ if [[ "$line" == [* ]];
+ then
+ zone=$( echo "${line}" | tr -d '[]' )
+ [[ "$debug" = "1" ]] && echo "zone ${zone}"
+ else
+ # probably a variable
+ varname=$( echo "${line}" | awk '{print $1}' )
+ varval=$( echo "${line}" | awk '{$1=""; printf "%s", $0}' | sed 's/^ //;' )
+ [[ "$debug" = "1" ]] && echo "${varname}=\"${varval}\""
+ case "${zone}" in
+ "keepalive")
+ case "${varname}" in
+ lockfile|keytab|refresh|proxy1|proxy2)
+ eval "${varname}"=\"${varval}\"
+ ;;
+ *) [ ];; # extra variable not defined yet
+ esac
+ ;;
+ esac
+ fi
+ done < <( grep -viE "^$|^#" "${infile1}" | sed 's/[^\]#.*$//g;' )
+fi
+
+## CONFIGURE VARIABLES AFTER PARAMETERS
+# EXIT IF LOCKFILE EXISTS
+if [[ -e "${lockfile}" ]];
+then
+ klog "2. Already running. Will not run again."
+ ferror "${scripttrim}: 2. Already running. Will not run again."
+ exit 2
+fi
+
+# SET TRAPS # rearranged from template
+#trap "CTRLC" 2
+#trap "CTRLZ" 18
+trap "clean_keepalive 0" 0
+
+# CREATE LOCKFILE
+if ! touch "${lockfile}";
+then
+ klog "2. Could not create lockfile ${lockfile}. Aborted."
+ ferror "${scripttrim}: 2. Could not create lockfile ${lockfile}. Aborted."
+ exit 2
+fi
+
+# EXIT IF KEYTABFILE IS INVALID
+if [[ ! -f "${keytab}" ]];
+then
+ klog "2. Could not find keytab ${keytab}. Aborted."
+ ferror "${scriptfile}: 2. Could not find keytab ${keytab}. Aborted."
+ exit 2
+fi
+
+## REACT TO BEING A CRONJOB
+#if [[ $is_cronjob -eq 1 ]];
+#then
+# [ ]
+#else
+# [ ]
+#fi
+
+# MAIN LOOP
+while true;
+do
+ # Log out of any previous user
+ proxylogout
+
+ # Ensure kerberos ticket exists
+ if ( klist 2>/dev/null | grep -qiE "principal.*${servercaps}" );
+ then
+ # valid
+ klog "valid ticket found"
+ else
+ # invalid
+ # make a new kerberos ticket
+ kdestroy
+ klog "requesting new ticket"
+ kinit -kt "${keytab}" "${servercaps}\$"
+ fi
+
+ # So with a valid kerberos ticket, perform actions against both proxies
+ # I was unable to get the WHICHPROXY functionality working
+ /usr/bin/curl -s -o /dev/null --negotiate -u:ignoreMe -b ~/ProxyCookies.txt -c ~/ProxyCookies.txt $proxy1 2>&1
+ /usr/bin/curl -s -o /dev/null --negotiate -u:ignoreMe -b ~/ProxyCookies.txt -c ~/ProxyCookies.txt $proxy2 2>&1
+
+ sleep $refresh
+done
+
+# EMAIL LOGFILE
+#$sendsh $sendopts "$server $scriptfile out" $logfile $interestedparties
+
+# FINAL CLEANUP
+trap '' 0 # reset trap to undefined
+clean_keepalive end # so I can call it manually
diff --git a/etc/keepalive/docs/debian/conffiles b/etc/keepalive/docs/debian/conffiles
new file mode 100644
index 0000000..8dafbff
--- /dev/null
+++ b/etc/keepalive/docs/debian/conffiles
@@ -0,0 +1 @@
+/etc/keepalive/keepalive.conf
diff --git a/etc/keepalive/docs/debian/control b/etc/keepalive/docs/debian/control
new file mode 100644
index 0000000..8d42833
--- /dev/null
+++ b/etc/keepalive/docs/debian/control
@@ -0,0 +1,13 @@
+Package: keepalive
+Version: 1.0-6
+Architecture: all
+Essential: no
+Priority: extra
+Section: utils
+Maintainer: B G Stack <bgstack15@gmail.com>
+Installed-Size: 350
+Homepage: https://bgstack15.wordpress.com/
+Source: keepalive.tgz
+Pre-Depends: bgscripts (>= 1.1-17), sssd, python3
+Description: Keepalive uses a system kerberos ticket (generating one if necessary) to stay authenticated to the http proxy.
+ The user defines http_proxy and https_proxy. Keepalive assumes the system joined to an AD domain.
diff --git a/etc/keepalive/docs/debian/md5sums b/etc/keepalive/docs/debian/md5sums
new file mode 100644
index 0000000..3307807
--- /dev/null
+++ b/etc/keepalive/docs/debian/md5sums
@@ -0,0 +1,14 @@
+317bad02db12ba2340b5c4ef30c9376b usr/lib/systemd/system/keepalive.service
+5aa43c0360a508ad909cfe2ac4495179 etc/keepalive/packaging.txt
+76803e4e6e9f74fc8de2ae4ddfc7c470 etc/keepalive/bin/keepalive
+4e750e3f9ce8e00feaa34d614405f066 etc/keepalive/keepalive.conf
+5c34e36e9838a29d59f3ed9fa0b4c8e7 etc/keepalive/docs/debian/postinst
+061b27636d5dd3ab9ca7fa00b5a6e0a6 etc/keepalive/docs/debian/control
+391dcefa7356b76dfdc7eebae9e450ba etc/keepalive/docs/debian/postrm
+eb54ab3395cf1a7f9ffd558b5142679d etc/keepalive/docs/debian/prerm
+2a7ad29f5f70879eca2d71a01152ac19 etc/keepalive/docs/debian/preinst
+7b84e6ef73c48a2474789f8daf76a8d7 etc/keepalive/docs/debian/conffiles
+7c2ef5667400f3fa3166bbfe41a835e2 etc/keepalive/docs/keepalive.spec
+ec2f0bc9c707cb03aa933d203e1506ef etc/keepalive/README.txt
+cf972826834f5cce6d48266bc9f18110 etc/logrotate.d/keepalive
+3b4332e514014ed750012692a75dc572 etc/rsyslog.d/keepalivelog.conf
diff --git a/etc/keepalive/docs/debian/postinst b/etc/keepalive/docs/debian/postinst
new file mode 100755
index 0000000..4c3092b
--- /dev/null
+++ b/etc/keepalive/docs/debian/postinst
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+systemctl daemon-reload 1>/dev/null 2>&1
+systemctl enable keepalive 1>/dev/null 2>&1
+systemctl start keepalive 1>/dev/null 2>&1
diff --git a/etc/keepalive/docs/debian/postrm b/etc/keepalive/docs/debian/postrm
new file mode 100755
index 0000000..2c475d8
--- /dev/null
+++ b/etc/keepalive/docs/debian/postrm
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# whether removing an updated package or just removing it entirely, this is a good idea:
+systemctl daemon-reload 1>/dev/null 2>&1
diff --git a/etc/keepalive/docs/debian/preinst b/etc/keepalive/docs/debian/preinst
new file mode 100755
index 0000000..75ff571
--- /dev/null
+++ b/etc/keepalive/docs/debian/preinst
@@ -0,0 +1,17 @@
+#!/bin/sh
+#https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html
+thisservice=keepalive.service
+
+case "${1}" in
+ upgrade)
+ # This preinst is being run before an upgrade.
+ # $2 is old-version-number
+ systemctl stop keepalive.service 1>/dev/null 2>&1
+ ;;
+ install)
+ # Brand new installation of the package.
+ [ ]
+ ;;
+esac
+
+exit 0
diff --git a/etc/keepalive/docs/debian/prerm b/etc/keepalive/docs/debian/prerm
new file mode 100755
index 0000000..99a4f6a
--- /dev/null
+++ b/etc/keepalive/docs/debian/prerm
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+thisservice=keepalive.service
+
+case "${1}" in
+ upgrade)
+ # This prerm upgrade is running because a newer version of this package is being installed.
+ # $2 is new-version-number
+ [ ]
+ ;;
+ remove)
+ # No new package being installed. Just remove it.
+ systemctl stop "${thisservice}" 1>/dev/null 2>&1
+ systemctl disable "${thisservice}" 1>/dev/null 2>&1
+ ;;
+esac
+
+exit 0
diff --git a/etc/keepalive/docs/keepalive.spec b/etc/keepalive/docs/keepalive.spec
new file mode 100644
index 0000000..0df5e3a
--- /dev/null
+++ b/etc/keepalive/docs/keepalive.spec
@@ -0,0 +1,82 @@
+#
+# spec file for keepalive compiled by hand
+Summary: Keepalive
+Name: keepalive
+Version: 1.0
+Release: 6
+License: CC BY-SA 4.0
+Group: Applications/System
+Source: keepalive.tgz
+URL: bgstack15@gmail.com
+#Distribution:
+#Vendor:
+Packager: Bgstack15 <bgstack15@gmail.com>
+Buildarch: noarch
+PreReq: bgscripts >= 1.1-17
+PreReq: python34
+
+%description
+Keepalive uses a system kerbors ticket (generating one if necessary) to stay authenticated to the http proxy.
+The user defines http_proxy and https_proxy. Keepalive assumes the system joined to an AD domain.
+
+%prep
+%setup
+
+%build
+
+%install
+rsync -a . %{buildroot}/
+
+%clean
+rm -rf ${buildroot}
+
+%pre
+if [ $1 = "1" ];
+then
+ # first version being installed
+ find /tmp/foo >/dev/null 2>&1
+else
+ # not the first version being installed
+ systemctl stop keepalive >/dev/null 2>&1
+fi
+exit 0
+
+%post
+systemctl enable keepalive
+systemctl start keepalive
+
+%preun
+if [[ "$1" = "0" ]];
+then
+ # last version of package is being erased
+ systemctl disable keepalive >/dev/null 2>&1
+ systemctl stop keepalive >/dev/null 2>&1
+else
+ # not last version being erased
+ find /tmp/foo >/dev/null 2>&1
+fi
+exit 0
+
+%files
+/etc/logrotate.d/keepalive
+%config /etc/rsyslog.d/keepalivelog.conf
+%doc %attr(444, -, -) /etc/keepalive/README.txt
+%verify(link) /etc/keepalive/bin/keepalive.sh
+%verify(link) /etc/keepalive/bin/keepalive
+/etc/keepalive/docs/keepalive.spec
+/etc/keepalive/docs/debian/postinst
+/etc/keepalive/docs/debian/conffiles
+/etc/keepalive/docs/debian/md5sums
+/etc/keepalive/docs/debian/prerm
+/etc/keepalive/docs/debian/postrm
+/etc/keepalive/docs/debian/control
+/etc/keepalive/docs/debian/preinst
+%config /etc/keepalive/keepalive.conf
+/etc/keepalive/inc/scrub.py
+/etc/keepalive/inc/scrub.pyc
+/etc/keepalive/inc/scrub.pyo
+/etc/keepalive/inc/localize_git.sh
+%doc %attr(444, -, -) /etc/keepalive/inc/scrub.txt
+%doc %attr(444, -, -) /etc/keepalive/packaging.txt
+/usr/lib/systemd/system/keepalive.service
+%verify(link) /usr/bin/keepalive
diff --git a/etc/keepalive/inc/localize_git.sh b/etc/keepalive/inc/localize_git.sh
new file mode 100755
index 0000000..ade84d4
--- /dev/null
+++ b/etc/keepalive/inc/localize_git.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+\cp -pRf /home/work/keepalive.clean/.git /home/bgstack15/rpmbuild/SOURCES/keepalive-1.0-6/
diff --git a/etc/keepalive/inc/scrub.py b/etc/keepalive/inc/scrub.py
new file mode 100755
index 0000000..afa81a1
--- /dev/null
+++ b/etc/keepalive/inc/scrub.py
@@ -0,0 +1,124 @@
+#!/bin/env python3
+# Filename: scrub.py
+# Location: Various
+# Author: bgstack15@gmail.com
+# Startdate: 2016-09-28
+# Title: Script that Simultaneously Copies and Scrubs a Directory
+# Purpose: Prepare projects for publication by removing private information like usernames and hostnames
+# Package: Various
+# History:
+# 2016-10-03 working on batch rename files
+# 2016-10-20 added not ".tgz" in source.name
+# 2016-10-27 Fixed error when trying chmod on a symlink
+# Usage:
+# Store this file with any package that gets published. Adjust scrub.txt in local directory.
+# # First line: source directory Second line: target directory. WILL BE OVERWRITTEN!
+# /etc/ansible
+# /home/bjones/ansible.clean
+# # Rest of the lines are "OLD WORD" "NEW WORD"
+# bjones bgstack15
+# rsmith rmstack15
+# Reference:
+# http://stackoverflow.com/questions/79968/split-a-string-by-spaces-preserving-quoted-substrings-in-python/524796#524796
+# http://stackoverflow.com/questions/6706953/python-using-subprocess-to-call-sed#6707003
+# http://stackoverflow.com/questions/6584871/remove-last-character-if-its-a-backslash/6584893#6584893
+# http://stackoverflow.com/questions/2212643/python-recursive-folder-read/2212728#2212728
+# parallel lists: http://stackoverflow.com/questions/1663807/how-can-i-iterate-through-two-lists-in-parallel-in-python
+# file renames http://stackoverflow.com/questions/225735/batch-renaming-of-files-in-a-directory/7917798#7917798
+# Improve:
+# Add option to specify scrub file
+# Add exclude option to scrub file, such as .git and so on
+# Accept CLI options like source, destination, even exclusions?
+# Add flag for performing file renames as well, or file renames only
+import re, shlex, os, sys, shutil
+from pathlib import Path
+
+# scrubpy version
+scrubpyversion = "2016-10-27a"
+
+# Define functions
+
+def removeComments(string):
+ #string = re.sub(re.compile("/\*.*?\*/",re.DOTALL ) ,"", string)
+ #string = re.sub(re.compile("//.*?\n" ) ,"" ,string)
+ pattern = r"(\".*?\"|\'.*?\')|(/\*.*?\*/|(//|#)[^\r\n]*$)"
+ regex = re.compile(pattern, re.MULTILINE|re.DOTALL)
+ def _replacer(match):
+ if match.group(2) is not None:
+ return ""
+ else:
+ return match.group(1)
+ return regex.sub(_replacer, string)
+
+# Main code
+stringfile = open('scrub.txt','r')
+count=0
+thisdir=""
+newdir=""
+oldstrings=[]
+newstrings=[]
+
+while True:
+ x = stringfile.readline().rstrip()
+ count += 1
+ if not x: break
+ x = removeComments(x)
+ #print("x=" + x)
+ y = shlex.split (x)
+ if len(y) >= 1:
+ if thisdir == "":
+ thisdir = y[0]
+ elif newdir == "":
+ newdir = y[0]
+ if len(y) >= 2:
+ #print("y[0]=" + y[0] + "\t and y[1]=" + y[1])
+ oldstrings.append(y[0])
+ newstrings.append(y[1])
+
+# After the file is done
+stringfile.close()
+#newdir = thisdir.rstrip('\/') + ".scrubbed/"
+
+if False:
+ print("\nthisdir=" + thisdir)
+ print("newdir=" + newdir + '\n')
+ print("oldstrings are:")
+ print(oldstrings)
+ print("newstrings are:")
+ print(newstrings)
+
+# Clean scrubbed directory
+try:
+ shutil.rmtree(newdir)
+except:
+ foo=1
+
+shutil.copytree(thisdir,newdir,symlinks=True)
+
+# Execute substitutions
+for rootfolder, subdirs, files in os.walk(thisdir):
+ for filename in files:
+ sourcepath = os.path.join(rootfolder, filename)
+ with open( sourcepath, "r" ) as source:
+ if not ".swp" in source.name and not ".git" in source.name and not ".tgz" in source.name:
+ destdir = rootfolder.replace(thisdir.rstrip('\/'),newdir.rstrip('\/'))
+ destfile = os.path.join(destdir, filename)
+ #print("sourcefile=" + source.name)
+ #print("destfile=" + destfile + '\n')
+ if not os.path.islink( destfile ):
+ with open( destfile, "w") as target:
+ data = source.read()
+ for oldword, newword in zip(oldstrings, newstrings):
+ data = data.replace(oldword,newword)
+ changed = data
+ target.write(changed)
+
+# Execute file renames
+# Used "file renames" reference, as well as the structure of directory traversal used earlier, which was from a different source.
+for rootfolder, subdirs, files in os.walk(newdir):
+ for filename in files:
+ oldpath = os.path.join(rootfolder, filename)
+ for oldword, newword in zip(oldstrings, newstrings):
+ if oldword in oldpath:
+ #print("oldword=" + oldword + "\toldpath=" + oldpath)
+ os.rename(oldpath, oldpath.replace(oldword,newword))
diff --git a/etc/keepalive/inc/scrub.txt b/etc/keepalive/inc/scrub.txt
new file mode 100644
index 0000000..a27aff1
--- /dev/null
+++ b/etc/keepalive/inc/scrub.txt
@@ -0,0 +1,14 @@
+# First line: source directory Second line: target directory. WILL BE OVERWRITTEN!
+/home/bgstack15/rpmbuild/SOURCES/keepalive-1.0-6
+/home/work/keepalive.clean
+# rest of the lines are "OLD WORD" "NEW WORD"
+BGSTACK15 BGSTACK15
+Bgstack15 Bgstack15
+bgstack15 bgstack15
+example example
+EXAMPLE EXAMPLE
+".com" ".com"
+"203.0." "203.0."
+one one
+Alice Alice
+User1 User1
diff --git a/etc/keepalive/keepalive.conf b/etc/keepalive/keepalive.conf
new file mode 100644
index 0000000..9debff9
--- /dev/null
+++ b/etc/keepalive/keepalive.conf
@@ -0,0 +1,11 @@
+# File: keepalive.conf
+# bgstack15@gmail.com 2016-07-22
+# updated for keepalive-1.0-5
+[keepalive]
+lockfile = /tmp/.keepalive.py.lock
+keytab = /etc/krb5.keytab
+refresh = 240
+# refresh is an integer in seconds
+proxy = https://proxy1.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=
+proxy = https://proxy2.example.com:4433/?cfru=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8=
+logoutproxy = http://proxylogout.example.com
diff --git a/etc/keepalive/packaging.txt b/etc/keepalive/packaging.txt
new file mode 100644
index 0000000..77f3b10
--- /dev/null
+++ b/etc/keepalive/packaging.txt
@@ -0,0 +1,53 @@
+File: etc/keepalive/packaging.txt
+Package: keepalive
+Author: bgstack15
+Startdate: 2016-06-02
+Title: Packaging instructions for keepalive
+Purpose: To make it easier to build the package
+History: 2016-10-27 updated for git project
+Usage:
+Reference: bgscripts package packaging.txt
+Improve:
+Document: Below this line
+
+### PACKAGING for rhel/centos
+package=keepalive
+version=1.0-6
+shortversion=1.0
+rpmbuilddir=~/rpmbuild/
+packagespecfile="${package}-${version}/etc/${package}/docs/${package}.spec"
+sed -i -n '1,/^\%files$/p;' ${rpmbuilddir}/SOURCES/"${packagespecfile}"
+cd ${rpmbuilddir}/SOURCES/"${package}-${version}"
+find * ! -type d ! -regex '.*?.swp' ! -regex '.*?DEBIAN.*?' | sed -e 's/^/\//;' -e 's/\(.*\.txt\)/%doc %attr(444, -, -) \1/;' -e 's/\(.*\.conf\)/%config \1/;' -e 's/\(.*bin.*\)/%verify(link) \1/;' -e 's/\(.*\)\.py$/\1\.py\n\1\.pyc\n\1\.pyo/;' >> ${rpmbuilddir}/SOURCES/"${packagespecfile}"
+rm -rf ${rpmbuilddir}/SOURCES/"${package}-${shortversion}"
+cp -prf ${rpmbuilddir}/SOURCES/"${package}-${version}" ${rpmbuilddir}/SOURCES/"${package}-${shortversion}"
+rm -rf ${rpmbuilddir}/SOURCES/"${package}-${shortversion}"/DEBIAN
+cd ${rpmbuilddir}/SOURCES
+rm -rf "${package}".tgz; tar -zc --exclude='.git' -f "${package}.tgz" "${package}-${shortversion}" && rm -rf ${rpmbuilddir}/SOURCES/"${package}-${shortversion}"
+cp -p ${rpmbuilddir}/SOURCES/"${packagespecfile}" ${rpmbuilddir}/SPECS
+cd ${rpmbuilddir}/RPMS/noarch
+rpmbuild -bb "${rpmbuilddir}"/SPECS/"${package}".spec
+
+### PACKAGING for debian
+# You need package dpkg-dev to build packages.
+package=keepalive
+version=1.0-6
+packagedebfilesdir="${package}-${version}/etc/keepalive/docs/debian"
+cd ~/deb/"${package}-${version}"
+find . -type f ! -regex '.*.hg.*' ! -regex '.*?debian-binary.*' ! -regex '.*?DEBIAN.*' ! -regex '.*?.swp' ! -regex '.*\.git.*' -printf '%P ' | xargs md5sum > DEBIAN/md5sums
+rm -rf ~/deb/"${package}-${version}"/DEBIAN/ 2>/dev/null; mkdir -p ~/deb/"${package}-${version}"/DEBIAN/
+cp -pf ~/deb/"${packagedebfilesdir}"/* ~/deb/"${package}-${version}"/DEBIAN/
+cd ~/deb
+rm -rf ~/deb/"${package}-${version}.a"
+cp -pR ~/deb/"${package}-${version}" ~/deb/"${package}-${version}.a"
+rm -rf ~/deb/"${package}-${version}"/.git
+dpkg-deb -b ~/deb/"${package}-${version}"
+rm -rf ~/deb/"${package}-${version}"
+mv ~/deb/"${package}-${version}.a" ~/deb/"${package}-${version}"
+
+### PACKAGING in a master.tgz
+cd ~/deb 2>/dev/null || cd ~/rpmbuild/SOURCES
+package=keepalive
+version=1.0-6
+rm -rf ./"${package}-${version}".master.tgz
+tar -zcf "${package}-${version}".master.tgz "${package}-${version}"/
diff --git a/etc/logrotate.d/keepalive b/etc/logrotate.d/keepalive
new file mode 100644
index 0000000..37d7cfb
--- /dev/null
+++ b/etc/logrotate.d/keepalive
@@ -0,0 +1,11 @@
+# File: /etc/logrotate.d/keepalive
+# bgstack15@gmail.com 2015-11-11
+/var/log/keepalive.log {
+ weekly
+ missingok
+ notifempty
+ rotate 2
+ compress
+ maxage 7
+ create 0644 root root
+}
diff --git a/etc/rsyslog.d/keepalivelog.conf b/etc/rsyslog.d/keepalivelog.conf
new file mode 100644
index 0000000..36f6dc2
--- /dev/null
+++ b/etc/rsyslog.d/keepalivelog.conf
@@ -0,0 +1,7 @@
+# File: /etc/rsyslog.d/keepalivelog.conf
+# bgstack15@gmail.com 2015-11-10
+# Reference: https://ask.puppetlabs.com/question/432/puppet-and-rsyslog/
+if $programname == "keepalive" then -/var/log/keepalive.log
+& stop
+if $programname == "keepalive.sh" then -/var/log/keepalive.log
+& stop
bgstack15