Azure · adishiritwick · Apr 18, 2021 · Apr 19, 2021 · May 11, 2021 · May 11, 2021
@@ -7,6 +7,7 @@ SOURCES = \
     serializerfactory.py \
     httpclient.py \
     urllib2httpclient.py \
+	urllib3httpclient.py \
     dsc.py \
 	test \
 	HandlerManifest.json \

@@ -357,13 +357,12 @@ $publicConfig = '{
 ```
 
 ## 4. Supported Linux Distributions
-- Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS
-- Debian 8
+- Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS and 20.04 LTS
+- Debian 8, 9 and 10
 - Oracle Linux 6 and 7
-- CentOS 6 and 7
-- RHEL 6 and 7
-- openSUSE 13.1 and 42.5
-- SUSE Linux Enterprise Server 11 SP3 and 12
+- CentOS 6, 7 and 8
+- RHEL 6, 7 and 8
+- SUSE Linux Enterprise Server 12 and 15
 
 ## 5. Debug
 * The status of the extension is reported back to Azure so that user can see the status on Azure Portal

@@ -4,6 +4,16 @@
 COMMAND=""
 PYTHON=""
 
+# We are writing logs to error stream in extension_shim.sh as the logs written to output stream are being overriden by HandlerUtil.py. This has been done as part of OMIGOD hotfix
+# Default variables for OMI Package Upgrade
+REQUIRED_OMI_VERSION="1.6.9.1"
+INSTALLED_OMI_VERSION=""
+UPGRADED_OMI_VERSION=""
+OPENSSL_VERSION=""
+OMI_PACKAGE_PREFIX='packages/omi-1.6.9-1.ssl_'
+OMI_PACKAGE_PATH=""
+OMI_SERVICE_STATE=""
+
 USAGE="$(basename "$0") [-h] [-i|--install] [-u|--uninstall] [-d|--disable] [-e|--enable] [-p|--update]
 
 Program to find the installed python on the box and invoke a Python extension script.
@@ -34,17 +44,164 @@ python hello.py --install
 function find_python(){
     local python_exec_command=$1
 
-    # Check if there is python defined.
-    if command -v python >/dev/null 2>&1 ; then
-        eval ${python_exec_command}="python"
+    # Check if there is python2 defined.
+    if command -v python2 >/dev/null 2>&1 ; then
+        eval ${python_exec_command}="python2"
     else
-        # Python was not found. Searching for Python3 now.
-        if command -v python >/dev/null 2>&1 ; then
+        # Python2 was not found. Searching for Python3 now.
+        if command -v python3 >/dev/null 2>&1 ; then
             eval ${python_exec_command}="python3"
         fi
     fi
 }
 
+function get_openssl_version(){
+    openssl=`openssl version | awk '{print $2}'`
+    if [[ ${openssl} =~ ^1.0.* ]]; then
+        OPENSSL_VERSION="100"
+    else
+        if [[ ${openssl} =~ ^1.1.* ]]; then
+            OPENSSL_VERSION="110"
+        else
+            if [[ ${openssl} =~ ^0.9.8* ]]; then
+                OPENSSL_VERSION="098"
+            fi
+        fi
+    fi
+}
+
+function start_omiservice(){
+    echo "Attempting to start OMI service" >&2
+    RESULT=`/opt/omi/bin/service_control start >/dev/null 2>&1`
+    RESULT=`service omid status >/dev/null 2>&1`
+    if [ $? -eq 0 ]; then
+        echo "OMI service succesfully started." >&2
+    else
+        echo "OMI service could not be started." >&2
+    fi
+}
+
+function stop_omiservice(){
+    echo "Attempting to stop OMI service" >&2
+    RESULT=`/opt/omi/bin/service_control stop >/dev/null 2>&1`
+    RESULT=`service omid status >/dev/null 2>&1`
+    if [ $? -eq 3 ]; then
+        echo "OMI service succesfully stopped." >&2
+    else
+        echo "OMI service could not be stopped." >&2
+    fi
+}
+
+function compare_versions(){
+    if [[ $1 == $2 ]]
+    then
+        return 0
+    fi
+    local IFS=.
+    local i v1=($1) v2=($2)
+    for ((i=0; i<${#v1[@]}; i++)) 
+    do
+        if ((${v1[i]} > ${v2[i]}))
+        then
+            return 1
+        fi
+        if ((${v1[i]} < ${v2[i]}))
+        then
+            return 2
+        fi
+    done
+    return 0
+}
+
+function ensure_required_omi_version_exists(){
+    # Populate SSL Version
+    get_openssl_version
+
+    echo "Checking if OMI is installed. Required OMI version: ${REQUIRED_OMI_VERSION};" >&2
+
+    # Check if RPM exists
+    if command -v rpm >/dev/null 2>&1 ; then
+        echo "Package Manager Type: RPM" >&2
+        INSTALLED_OMI_VERSION=`rpm -q --queryformat "%{VERSION}.%{RELEASE}" omi 2>&1` 
+        if [ -z "$INSTALLED_OMI_VERSION" -o "$INSTALLED_OMI_VERSION" = "package omi is not installed" ]; then
+            echo "OMI is not installed on the machine." >&2
+        else
+            RESULT=`service omid status >/dev/null 2>&1`
+            OMI_SERVICE_STATE=$?
+            echo "OMI is already installed. Installed OMI version: ${INSTALLED_OMI_VERSION}; OMI Service State: ${OMI_SERVICE_STATE};" >&2 # Add current running status
+            compare_versions ${INSTALLED_OMI_VERSION} ${REQUIRED_OMI_VERSION}
+            if [ $? -eq 2 ]; then
+                OMI_PACKAGE_PATH="${OMI_PACKAGE_PREFIX}${OPENSSL_VERSION}.x64.rpm"
+                echo "Installed OMI version is lower than the Required OMI version. Trying to upgrade." >&2
+                if [ -f ${OMI_PACKAGE_PATH} ]; then
+                    echo "The OMI package exists at ${OMI_PACKAGE_PATH}. Using this to upgrade." >&2
+                    stop_omiservice
+                    RESULT=`rpm -Uvh ${OMI_PACKAGE_PATH} >/dev/null 2>&1`
+                    if [ $? -eq 0 ]; then
+                        UPGRADED_OMI_VERSION=`rpm -q --queryformat "%{VERSION}.%{RELEASE}" omi 2>&1`
+                        echo "Succesfully upgraded the OMI. Installed: ${INSTALLED_OMI_VERSION}; Required: ${REQUIRED_OMI_VERSION}; Upgraded: ${UPGRADED_OMI_VERSION};" >&2
+                    else
+                        echo "Failed to upgrade the OMI. Installed: ${INSTALLED_OMI_VERSION}; Required: ${REQUIRED_OMI_VERSION};" >&2
+                    fi
+                    # Start OMI only if previous state was running
+                    if [ $OMI_SERVICE_STATE -eq 0 ]; then
+                        start_omiservice
+                    fi
+                else          
+                    echo "The OMI package does not exists at ${OMI_PACKAGE_PATH}. Skipping upgrade." >&2
+                fi
+            else
+                echo "Installed OMI version is equal to or greater than the Required OMI version. No action needed." >&2
+            fi
+        fi
+        INSTALLED_OMI_VERSION=`rpm -q --queryformat "%{VERSION}.%{RELEASE}" omi 2>&1`
+        RESULT=`service omid status >/dev/null 2>&1`
+        OMI_SERVICE_STATE=$?
+        echo "OMI upgrade is complete. Installed OMI version: ${INSTALLED_OMI_VERSION}; OMI Service State: ${OMI_SERVICE_STATE};" >&2
+    else 
+        # Check if DPKG exists
+        if command -v dpkg >/dev/null 2>&1 ; then
+            echo "Package Manager Type: DPKG" >&2
+            INSTALLED_OMI_VERSION=`dpkg -s omi 2>&1 | grep Version: | awk '{print $2}'`
+            if [ -z "$INSTALLED_OMI_VERSION" -o "$INSTALLED_OMI_VERSION" = "package omi is not installed" ]; then
+                echo "OMI is not installed on the machine." >&2
+            else
+                RESULT=`service omid status >/dev/null 2>&1`
+                OMI_SERVICE_STATE=$?
+                echo "OMI is already installed. Installed OMI version: ${INSTALLED_OMI_VERSION}; OMI Service State: ${OMI_SERVICE_STATE};" >&2
+                compare_versions ${INSTALLED_OMI_VERSION} ${REQUIRED_OMI_VERSION}
+                if [ $? -eq 2 ]; then
+                    OMI_PACKAGE_PATH="${OMI_PACKAGE_PREFIX}${OPENSSL_VERSION}.x64.deb"
+                    echo "Installed OMI version is lower than the Required OMI version. Trying to upgrade." >&2
+                    if [ -f ${OMI_PACKAGE_PATH} ]; then
+                        echo "The OMI package exists at ${OMI_PACKAGE_PATH}. Using this to upgrade." >&2
+                        stop_omiservice
+                        RESULT=`dpkg -i --force-confold --force-confdef --refuse-downgrade ${OMI_PACKAGE_PATH} >/dev/null 2>&1`
+                        if [ $? -eq 0 ]; then
+                            UPGRADED_OMI_VERSION=`dpkg -s omi 2>&1 | grep Version: | awk '{print $2}'`
+                            echo "Succesfully upgraded the OMI. Installed: ${INSTALLED_OMI_VERSION}; Required: ${REQUIRED_OMI_VERSION}; Upgraded: ${UPGRADED_OMI_VERSION};" >&2
+                        else
+                            echo "Failed to upgrade the OMI. Installed: ${INSTALLED_OMI_VERSION}; Required: ${REQUIRED_OMI_VERSION};" >&2
+                        fi
+                        # Start OMI only if previous state was running
+                        if [ $OMI_SERVICE_STATE -eq 0 ]; then
+                            start_omiservice
+                        fi
+                    else          
+                        echo "The OMI package does not exists at ${OMI_PACKAGE_PATH}. Skipping upgrade." >&2                 
+                    fi 
+                else
+                    echo "Installed OMI version is equal to or greater than the Required OMI version. No action needed." >&2
+                fi
+            fi
+            INSTALLED_OMI_VERSION=`dpkg -s omi 2>&1 | grep Version: | awk '{print $2}'`
+            RESULT=`service omid status >/dev/null 2>&1`
+            OMI_SERVICE_STATE=$?
+            echo "OMI upgrade is complete. Installed OMI version: ${INSTALLED_OMI_VERSION}; OMI Service State: ${OMI_SERVICE_STATE};" >&2
+        fi
+    fi
+}
+
 # Transform long options to short ones for getopts support (getopts doesn't support long args)
 for arg in "$@"; do
   shift
@@ -99,6 +256,9 @@ done
 
 shift $((OPTIND-1))
 
+# Ensure OMI package if exists is of required version.
+ensure_required_omi_version_exists
+
 # If find_python is not able to find a python installed, $PYTHON will be null.
 find_python PYTHON
 

@@ -5,7 +5,7 @@
 import os
 
 from curlhttpclient import CurlHttpClient
-from urllib2httpclient import Urllib2HttpClient
+
 
 PY_MAJOR_VERSION = 0
 PY_MINOR_VERSION = 1
@@ -18,6 +18,7 @@ class HttpClientFactory:
     Targets :
         [2.4.0 - 2.7.9[ : CurlHttpclient
         [2.7.9 - 2.7.9+ : Urllib2Httpclient
+        3.0+ : Urllib3Httpclient
 
         This is due to the lack of built-in strict certificate verification prior to 2.7.9.
         The ssl module was also unavailable for [2.4.0 - 2.6.0[.
@@ -41,10 +42,16 @@ def create_http_client(self, version_info):
             An instance of CurlHttpClient if the installed Python version is below 2.7.9
             An instance of Urllib2 if the installed Python version is or is above 2.7.9
         """
-        if version_info[PY_MAJOR_VERSION] == 2 and version_info[PY_MINOR_VERSION] < 7:
+        if version_info[PY_MAJOR_VERSION] == 3:
+            from urllib3httpclient import Urllib3HttpClient
+            return Urllib3HttpClient(self.cert, self.key, self.insecure, self.proxy_configuration)
+        elif version_info[PY_MAJOR_VERSION] == 2 and version_info[PY_MINOR_VERSION] < 7:
+            from urllib2httpclient import Urllib2HttpClient
             return CurlHttpClient(self.cert, self.key, self.insecure, self.proxy_configuration)
         elif version_info[PY_MAJOR_VERSION] == 2 and version_info[PY_MINOR_VERSION] <= 7 and version_info[
             PY_MICRO_VERSION] < 9:
+            from urllib2httpclient import Urllib2HttpClient
             return CurlHttpClient(self.cert, self.key, self.insecure, self.proxy_configuration)
         else:
+            from urllib2httpclient import Urllib2HttpClient
             return Urllib2HttpClient(self.cert, self.key, self.insecure, self.proxy_configuration)
@@ -5,11 +5,22 @@
 
 """Urllib2 HttpClient."""
 
-import http.client
+try:
+    from http.client import HTTPSConnection
+except ImportError:
+    from httplib import HTTPSConnection
 import socket
 import time
 import traceback
-import urllib.request, urllib.error, urllib.parse
+import sys
+try:
+    from urllib.parse import urlparse, urlencode
+    from urllib.request import urlopen, Request, HTTPSHandler, build_opener, ProxyHandler
+    from urllib.error import HTTPError
+except ImportError:
+    from urlparse import urlparse
+    from urllib import urlencode
+    from urllib2 import urlopen, Request, HTTPError, HTTPSHandler, build_opener, ProxyHandler
 
 from httpclient import *
 
@@ -26,7 +37,7 @@
     ssl = None
 
 
-class HttpsClientHandler(urllib.request.HTTPSHandler):
+class HttpsClientHandler(HTTPSHandler):
     """Https handler to enable attaching cert/key to request. Also used to disable strict cert verification for
     testing.
     """
@@ -42,7 +53,7 @@ def __init__(self, cert_path, key_path, insecure=False):
             ssl_context = ssl.create_default_context()
             ssl_context.check_hostname = False
             ssl_context.verify_mode = ssl.CERT_NONE
-        urllib.request.HTTPSHandler.__init__(self, context=ssl_context)  # Context can be None here
+        HTTPSHandler.__init__(self, context=ssl_context)  # Context can be None here
 
     def https_open(self, req):
         return self.do_open(self.get_https_connection, req, context=self._context)
@@ -61,9 +72,9 @@ def get_https_connection(self, host, context=None, timeout=180):
         """
         socket.setdefaulttimeout(180)
         if self.cert_path is None or self.key_path is None:
-            return http.client.HTTPSConnection(host, timeout=timeout, context=context)
+            return HTTPSConnection(host, timeout=timeout, context=context)
         else:
-            return http.client.HTTPSConnection(host, cert_file=self.cert_path, key_file=self.key_path, timeout=timeout,
+            return HTTPSConnection(host, cert_file=self.cert_path, key_file=self.key_path, timeout=timeout,
                                            context=context)
 
 
@@ -113,12 +124,12 @@ def issue_request(self, url, headers, method=None, data=None):
             :param method:
         """
         https_handler = HttpsClientHandler(self.cert_path, self.key_path, self.insecure)
-        opener = urllib.request.build_opener(https_handler)
+        opener = build_opener(https_handler)
         if self.proxy_configuration is not None:
-            proxy_handler = urllib.request.ProxyHandler({'http': self.proxy_configuration,
+            proxy_handler = ProxyHandler({'http': self.proxy_configuration,
                                                   'https': self.proxy_configuration})
             opener.add_handler(proxy_handler)
-        req = urllib.request.Request(url, data=data, headers=headers)
+        req = Request(url, data=data, headers=headers)
         req.get_method = lambda: method
         response = opener.open(req, timeout=30)
         opener.close()
@@ -140,7 +151,7 @@ def get(self, url, headers=None):
 
         try:
             response = self.issue_request(url, headers=headers, method=self.GET)
-        except urllib.error.HTTPError:
+        except HTTPError:
             exception_type, error = sys.exc_info()[:2]
             return RequestResponse(error.code)
 
@@ -167,7 +178,7 @@ def post(self, url, headers=None, data=None):
 
         try:
             response = self.issue_request(url, headers=headers, method=self.POST, data=serial_data)
-        except urllib.error.HTTPError:
+        except HTTPError:
             exception_type, error = sys.exc_info()[:2]
             return RequestResponse(error.code)
 
@@ -194,7 +205,7 @@ def put(self, url, headers=None, data=None):
 
         try:
             response = self.issue_request(url, headers=headers, method=self.PUT, data=serial_data)
-        except urllib.error.HTTPError:
+        except HTTPError:
             exception_type, error = sys.exc_info()[:2]
             return RequestResponse(error.code)
 
@@ -221,7 +232,7 @@ def delete(self, url, headers=None, data=None):
 
         try:
             response = self.issue_request(url, headers=headers, method=self.DELETE, data=serial_data)
-        except urllib.error.HTTPError:
+        except HTTPError:
             exception_type, error = sys.exc_info()[:2]
             return RequestResponse(error.code)