|
@@ -63,53 +63,7 @@ app = Flask(__name__)
|
|
|
# Global config instance - initialized during main execution
|
|
# Global config instance - initialized during main execution
|
|
|
config = None
|
|
config = None
|
|
|
|
|
|
|
|
-# Systemd watchdog support
|
|
|
|
|
-watchdog_interval = None
|
|
|
|
|
-last_watchdog_time = 0
|
|
|
|
|
-
|
|
|
|
|
-def setup_systemd_watchdog():
|
|
|
|
|
- """Setup systemd watchdog notifications"""
|
|
|
|
|
- global watchdog_interval
|
|
|
|
|
- import os
|
|
|
|
|
- import shutil
|
|
|
|
|
-
|
|
|
|
|
- # Check if we have systemd watchdog enabled
|
|
|
|
|
- watchdog_usec = os.environ.get('WATCHDOG_USEC')
|
|
|
|
|
- if not watchdog_usec:
|
|
|
|
|
- logger.info("Systemd watchdog not enabled")
|
|
|
|
|
- return False
|
|
|
|
|
-
|
|
|
|
|
- # Check if systemd-notify command exists
|
|
|
|
|
- if not shutil.which('systemd-notify'):
|
|
|
|
|
- logger.warning("systemd-notify command not found, watchdog disabled")
|
|
|
|
|
- return False
|
|
|
|
|
-
|
|
|
|
|
- try:
|
|
|
|
|
- # Convert microseconds to seconds and send notifications at half the interval
|
|
|
|
|
- watchdog_interval = int(watchdog_usec) / 2000000 # Half interval in seconds
|
|
|
|
|
- logger.info(f"Systemd watchdog enabled, will send notifications every {watchdog_interval:.1f}s")
|
|
|
|
|
- return True
|
|
|
|
|
- except Exception as e:
|
|
|
|
|
- logger.warning(f"Failed to setup systemd watchdog: {e}")
|
|
|
|
|
- return False
|
|
|
|
|
|
|
|
|
|
-def send_watchdog_if_needed():
|
|
|
|
|
- """Send watchdog notification if it's time"""
|
|
|
|
|
- global last_watchdog_time
|
|
|
|
|
- if watchdog_interval is None:
|
|
|
|
|
- return
|
|
|
|
|
-
|
|
|
|
|
- current_time = time.time()
|
|
|
|
|
- if current_time - last_watchdog_time >= watchdog_interval:
|
|
|
|
|
- try:
|
|
|
|
|
- result = subprocess.run(['systemd-notify', 'WATCHDOG=1'],
|
|
|
|
|
- check=False, stdout=subprocess.DEVNULL,
|
|
|
|
|
- stderr=subprocess.DEVNULL, timeout=2)
|
|
|
|
|
- last_watchdog_time = current_time
|
|
|
|
|
- if result.returncode != 0:
|
|
|
|
|
- logger.debug(f"systemd-notify returned {result.returncode}")
|
|
|
|
|
- except Exception as e:
|
|
|
|
|
- logger.warning(f"Failed to send watchdog notification: {e}")
|
|
|
|
|
|
|
|
|
|
def require_auth(key_config=None, is_health=False):
|
|
def require_auth(key_config=None, is_health=False):
|
|
|
"""Decorator for HTTP Basic Authentication"""
|
|
"""Decorator for HTTP Basic Authentication"""
|
|
@@ -274,8 +228,7 @@ def create_key_handler(key_config):
|
|
|
|
|
|
|
|
logger.warning(f"EMERGENCY: Key access attempt detected for key '{key_config.key_id}'")
|
|
logger.warning(f"EMERGENCY: Key access attempt detected for key '{key_config.key_id}'")
|
|
|
|
|
|
|
|
- # Send watchdog notification
|
|
|
|
|
- send_watchdog_if_needed()
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
try:
|
|
try:
|
|
|
# Send notification first - fail-safe approach
|
|
# Send notification first - fail-safe approach
|
|
@@ -328,8 +281,7 @@ def health_check():
|
|
|
"""Health check endpoint that verifies both health monitoring and all key request functionality"""
|
|
"""Health check endpoint that verifies both health monitoring and all key request functionality"""
|
|
|
logger.info("Health check requested")
|
|
logger.info("Health check requested")
|
|
|
|
|
|
|
|
- # Send watchdog notification
|
|
|
|
|
- send_watchdog_if_needed()
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
if config is None:
|
|
if config is None:
|
|
|
logger.error("Configuration not loaded during health check")
|
|
logger.error("Configuration not loaded during health check")
|
|
@@ -563,39 +515,14 @@ def main():
|
|
|
# Add health check route
|
|
# Add health check route
|
|
|
app.add_url_rule(config.health_route, 'health_check', health_check, methods=['GET'])
|
|
app.add_url_rule(config.health_route, 'health_check', health_check, methods=['GET'])
|
|
|
|
|
|
|
|
- # Add Flask before_request handler for watchdog
|
|
|
|
|
- @app.before_request
|
|
|
|
|
- def before_request():
|
|
|
|
|
- send_watchdog_if_needed()
|
|
|
|
|
|
|
|
|
|
- # Setup systemd watchdog
|
|
|
|
|
- watchdog_enabled = setup_systemd_watchdog()
|
|
|
|
|
|
|
|
|
|
logger.info(f"Starting emergency access server on {config.server_host}:{config.server_port}")
|
|
logger.info(f"Starting emergency access server on {config.server_host}:{config.server_port}")
|
|
|
logger.info(f"Health route: {config.health_route}")
|
|
logger.info(f"Health route: {config.health_route}")
|
|
|
logger.info(f"Configured {len(config.keys)} key(s)")
|
|
logger.info(f"Configured {len(config.keys)} key(s)")
|
|
|
- logger.info(f"Systemd watchdog: {'enabled' if watchdog_enabled else 'disabled'}")
|
|
|
|
|
|
|
|
|
|
- # Notify systemd that we're ready
|
|
|
|
|
- try:
|
|
|
|
|
- import shutil
|
|
|
|
|
- if shutil.which('systemd-notify'):
|
|
|
|
|
- result = subprocess.run(['systemd-notify', 'READY=1'],
|
|
|
|
|
- check=False, stdout=subprocess.DEVNULL,
|
|
|
|
|
- stderr=subprocess.DEVNULL, timeout=10)
|
|
|
|
|
- if result.returncode == 0:
|
|
|
|
|
- logger.info("Successfully sent READY=1 to systemd")
|
|
|
|
|
- else:
|
|
|
|
|
- logger.warning(f"systemd-notify returned {result.returncode}")
|
|
|
|
|
- else:
|
|
|
|
|
- logger.info("systemd-notify not available, skipping READY notification")
|
|
|
|
|
- except subprocess.TimeoutExpired:
|
|
|
|
|
- logger.error("Timeout sending READY=1 to systemd")
|
|
|
|
|
- except Exception as e:
|
|
|
|
|
- logger.warning(f"Failed to notify systemd ready: {e}")
|
|
|
|
|
|
|
|
|
|
- # Send initial watchdog notification
|
|
|
|
|
- send_watchdog_if_needed()
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
# Use production-ready server with better error handling
|
|
# Use production-ready server with better error handling
|
|
|
try:
|
|
try:
|
zehe