initsite.in 15.6 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2
#!/usr/bin/perl -w
#
3
# Copyright (c) 2008-2015 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
# 
# {{{GENIPUBLIC-LICENSE
# 
# GENI Public License
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
# 
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
# 
# }}}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29 30 31 32 33 34 35 36 37 38 39
#
use strict;
use English;
use Getopt::Std;

#
# Initialize an emulab to act as a protogeni emulab. Add optional -c
# option if this is a clearinghouse.
# 
sub usage()
{
40
    print "Usage: initpgenisite\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
41 42
    exit(1);
}
43
my $optlist = "n";
44 45
my $asch    = @PROTOGENI_ISCLEARINGHOUSE@;
my $cflag   = ($asch ? "-c" : "");
46
my $noregister = 0;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
47 48 49 50 51 52 53

#
# Configure variables
#
my $TB		  = "@prefix@";
my $TBOPS         = "@TBOPSEMAIL@";
my $TBLOGS        = "@TBLOGSEMAIL@";
54
my $OURDOMAIN     = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
55 56
my $PGENIDOMAIN   = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT  = @PROTOGENI_SUPPORT@;
57
my $PROTOGENI_RPCNAME = "@PROTOGENI_RPCNAME@";
58
my $PROTOGENI_RPCPORT = "@PROTOGENI_RPCPORT@";
59
my $OUTERBOSS_XMLRPCPORT = "@OUTERBOSS_XMLRPCPORT@";
60 61
my $PROTOGENI_WEBSITE  = "@PROTOGENI_WEBSITE@";
my $PROTOGENI_GENIRACK = @PROTOGENI_GENIRACK@;
62
my $PROTOGENI_URL = "@PROTOGENI_URL@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63 64 65 66 67 68 69 70 71
my $geniuserid    = "geniuser";
my $geniprojid    = "GeniSlices";
my $PROTOUSER	  = "elabman";
my $NEWUSER	  = "$TB/sbin/newuser";
my $NEWPROJ	  = "$TB/sbin/newproj";
my $MKPROJ	  = "$TB/sbin/mkproj";
my $TBACCT	  = "$TB/sbin/tbacct";
my $ADDAUTHORITY  = "$TB/sbin/protogeni/addauthority";
my $GETCACERTS    = "$TB/sbin/protogeni/getcacerts";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
72
my $POSTCRL       = "$TB/sbin/protogeni/postcrl";
73
my $GENCRL        = "$TB/sbin/protogeni/gencrl";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74
my $GENCRLBUNDLE  = "$TB/sbin/protogeni/gencrlbundle";
75 76
my $INITCERTS	  = "$TB/sbin/protogeni/initcerts";
my $REGISTERCERTS = "$TB/sbin/protogeni/reregister";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
77
my $MKSYSCERT	  = "$TB/sbin/mksyscert";
78
my $MKUSERCERT	  = "$TB/sbin/mkusercert";
79
my $BATCHEXP      = "$TB/bin/batchexp";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
80
my $WAP           = "$TB/sbin/withadminprivs";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
81 82 83
my $SACERT	  = "$TB/etc/genisa.pem";
my $CMCERT	  = "$TB/etc/genicm.pem";
my $CHCERT	  = "$TB/etc/genich.pem";
84
my $SESCERT	  = "$TB/etc/genises.pem";
85
my $RPCCERT	  = "$TB/etc/genirpc.pem";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
86 87 88 89 90
my $SUDO	  = "/usr/local/bin/sudo";
my $MYSQL         = "/usr/local/bin/mysql";
my $MYSQLADMIN    = "/usr/local/bin/mysqladmin";
my $MYSQLSHOW     = "/usr/local/bin/mysqlshow";
my $MYSQLDUMP     = "/usr/local/bin/mysqldump";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
91 92
my $PKG_INFO      = "/usr/sbin/pkg_info";
my $FETCH	  = "/usr/bin/fetch";
93
my $OPENSSL       = "/usr/bin/openssl";
94
my $FIXROOTCERT   = "$TB/sbin/fixrootcert";
95 96 97
my $APACHE_START  = "@APACHE_START_COMMAND@";
my $APACHE_CONF   = "@INSTALL_APACHE_CONFIG@/httpd.conf";
my $APACHE_FLAGS  = ("@APACHE_VERSION@" == "22" ?
98
		     "apache22_flags" : "apache_flags");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113

# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Protos
sub fatal($);

#
# Turn off line buffering on output
#
$| = 1; 

# Load the Testbed support stuff.
use lib "@prefix@/lib";
114
use libtestbed;
115
use emdb;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116
use libdb qw(TBSetSiteVar TBOPSPID DBQueryFatal);
Gary Wong's avatar
Gary Wong committed
117
use emutil qw(TBGetUniqueIndex);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
118 119
use User;
use Project;
120
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
121
use OSinfo;
122 123
use libinstall;
use installvars;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
124 125 126 127 128 129 130 131 132 133 134 135

if ($UID != 0) {
    fatal("Must be root to run this script\n");
}

#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
136 137 138
if (defined($options{"n"})) {
    $noregister = 1;
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
139

140 141 142
#
# People seem to miss this.
#
143
if ($PGENIDOMAIN =~ /^unknown/i) {
144 145 146 147 148
    print STDERR "Please define PROTOGENI_DOMAIN in your defs file!\n";
    print STDERR "Then reconfig,rebuild,reinstall, then try this again.\n";
    exit(1);
}

149 150 151
#
# Check for (and update) an old (pre-URN) root certificate.
#
152 153 154
if (system($FIXROOTCERT)) {
    fatal("Could not fix root certificate");
}
155
elsif (!$noregister) {
156
    unlink( "$TB/etc/.protogeni_federated" );
157 158
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
159
#
160
# Set this differently for readability. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
161
#
162 163 164
$MAGIC_TESTBED_VERSION = "";
$MAGIC_TESTBED_START   = "Added by Emulab for the ProtoGENI module";
$MAGIC_TESTBED_END     = "End of Emulab added section";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
165

Leigh B. Stoller's avatar
Leigh B. Stoller committed
166 167 168
#
# Packages.
#
169 170 171 172 173 174 175
my %packlist =
    ("libxml2>=2.6.26"       => "/usr/ports/textproc/libxml2",
     "p5-Frontier-RPC"       => "/usr/ports/net/p5-Frontier-RPC",
     "p5-XML-LibXML>=1.70"   => "/usr/ports/textproc/p5-XML-LibXML",
     "xmlsec1"               => "/usr/ports/security/xmlsec1",
     "p5-Crypt-SSLeay>=0.57" => "/usr/ports/security/p5-Crypt-SSLeay",
     "p5-Crypt-OpenSSL-X509" => "/usr/ports/security/p5-Crypt-OpenSSL-X509",
176
     "p5-Crypt-X509"         => "/usr/ports/security/p5-Crypt-X509",
177 178
     "xerces-c2>=2.7.0"      => "/usr/ports/textproc/xerces-c2",
     "p5-XML-SemanticDiff"   => "/usr/ports/textproc/p5-XML-SemanticDiff",
179
     );
Leigh B. Stoller's avatar
Leigh B. Stoller committed
180 181
my $needpkgs = 0;

182
Phase "ports", "Installing ports", sub {
Mike Hibler's avatar
Mike Hibler committed
183
    # Check for new package tools
184
    my $pkgarg = "-E";
Mike Hibler's avatar
Mike Hibler committed
185
    if (-x "/usr/sbin/pkg") {
186 187
	$PKG_INFO = "/usr/sbin/pkg info";
	$pkgarg = "-g -e";
Mike Hibler's avatar
Mike Hibler committed
188
    }
189 190
    foreach my $pkgname (sort(keys(%packlist))) {
	my $pkgdir = $packlist{$pkgname};
191

192
	Phase "$pkgname", "Checking for $pkgname", sub {
193
	    if (!ExecQuiet("$PKG_INFO $pkgarg '${pkgname}*'")) {
194 195
		PhaseSkip("Already installed");
	    }
196
	    ExecQuietFatal("cd $pkgdir; make -DBATCH install");
197 198 199
	};
    }
};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
200

201 202 203 204 205 206 207 208 209 210 211
#
# crossdomain.xml is needed to allow the flash client to talk to
# this host.
#
my $crosstext = <<'CROSSEND';
<?xml version="1.0"?>
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
CROSSEND

212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235
Phase "crossdomain", "Installing www crossdomain.xml", sub {
    Phase "create", "Creating file", sub {
	DoneIfExists("$TB/www/crossdomain.xml");
	CreateFileFatal("$TB/www/crossdomain.xml", $crosstext);
    };
    Phase "chmod", "Setting permissions", sub {
	ExecQuietFatal("$CHMOD 0644 $TB/www/crossdomain.xml");
    };
};

Phase "dirs", "Creating directories", sub {
    foreach my $dir ("$TB/www/protogeni",
		     "$TB/etc/genicacerts",
		     "$TB/www/protogeni/advertisements",
		     "$TB/www/protogeni/authorities") {
	Phase $dir, $dir, sub {
	    PhaseSkip("already exists")
		if (-e $dir);
	    
	    mkdir $dir, 0775 or
		PhaseFail("Unable to create $dir : $!");
	};
    }
};
236

237 238 239
#
# Another version of this file?
#
240 241 242
$crosstext = <<'CROSSEND';
<?xml version="1.0"?>
<cross-domain-policy>
243
    <allow-access-from domain="*.emulab.net" />
244 245 246 247
    <allow-access-from domain="*.protogeni.net" />
</cross-domain-policy>
CROSSEND

248 249 250 251 252 253 254 255 256
Phase "crossdomain2", "Installing protogeni crossdomain.xml", sub {
    Phase "create", "Creating file", sub {
	DoneIfExists("$TB/www/protogeni/crossdomain.xml");
	CreateFileFatal("$TB/www/protogeni/crossdomain.xml", $crosstext);
    };
    Phase "chmod", "Setting permissions", sub {
	ExecQuietFatal("$CHMOD 0644 $TB/www/protogeni/crossdomain.xml");
    };
};
257

258 259 260
#
# Flash Policy.
#
261
my $FLASH_LINE = "flashpolicy stream tcp  nowait          root    /bin/echo               /bin/echo '<cross-domain-policy> <site-control permitted-cross-domain-policies=\"master-only\"/> <allow-access-from domain=\"*\" to-ports=\"80,443,$PROTOGENI_RPCPORT,$OUTERBOSS_XMLRPCPORT\"/> </cross-domain-policy>'";
262

263 264 265 266 267 268 269 270 271 272 273 274 275 276 277
Phase "flashpolicy", "Installing the flash policy", sub {
    Phase "services", "Adding services entry", sub {
	DoneIfEdited("/etc/services");
	AppendToFileFatal("/etc/services", 'flashpolicy     843/tcp');
    };
    Phase "inetd", "Adding inetd.conf entry", sub {
	DoneIfEdited("$INETD_CONF");
	AppendToFileFatal($INETD_CONF, $FLASH_LINE);
    };
    Phase "restarting", "Restarting inetd", sub {
	PhaseSkip("not changed")
	    if (PhaseWasSkipped("inetd"));
	HUPDaemon("inetd");
    };
};
278

Leigh B. Stoller's avatar
Leigh B. Stoller committed
279 280 281 282 283
#
# The web server needs to do client authentication, for the geni xmlrpc
# interface. A bundle of CA certs from the trusted roots (emulabs) will
# be used. This bundle will periodically update as sites come online.
#
284 285 286 287 288 289 290 291 292 293 294 295
Phase "bundles", "Installing SSL bundles", sub {
    Phase "genica", "Installing genica.bundle", sub {
	DoneIfExists("$TB/etc/genica.bundle");
	ExecQuietFatal("$CP $TB/etc/emulab.pem $TB/etc/genica.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/etc/genica.bundle");
    };
    Phase "genicrl", "Installing genicrl.bundle", sub {
	DoneIfExists("$TB/etc/genicrl.bundle");
	ExecQuietFatal("$TOUCH $TB/etc/genicrl.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/etc/genicrl.bundle");
    };
};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
296 297
if ($asch) {
    #
298
    # For xmlsec1
Leigh B. Stoller's avatar
Leigh B. Stoller committed
299
    #
300 301 302 303 304 305 306 307 308 309 310 311 312 313
    Phase "genicacerts", "Initial genicacerts directory", sub {
	DoneIfExists("$TB/etc/genicacerts/emulab.pem");
	ExecQuietFatal("$CP $TB/etc/emulab.pem $TB/etc/genicacerts");
    };
    Phase "wwwgenica", "Copying genica.bundle to www", sub {
	DoneIfExists("$TB/www/genica.bundle");
	ExecQuietFatal("$CP $TB/etc/genica.bundle $TB/www/genica.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/www/genica.bundle");
    };
    Phase "wwwgenicrl", "Copying genicrl.bundle to www", sub {
	DoneIfExists("$TB/www/genicrl.bundle");
	ExecQuietFatal("$CP $TB/etc/genicrl.bundle $TB/www/genicrl.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/www/genicrl.bundle");
    };
314
}
315

316 317 318
#
# I do not understand where this file comes from.
#
319 320 321 322 323 324 325 326 327 328 329
Phase "index", "Creating ssl index.txt.attr", sub {
    BackUpFileFatal("$TB/ssl/index.txt.attr");
    DeleteFileFatal("$TB/ssl/index.txt.attr");
    CreateFileFatal("$TB/ssl/index.txt.attr", 'unique_subject = no');
};
Phase "sslcnf", "Updating ssl syscert.cnf", sub {
    ExecQuietFatal("$GMAKE -C @top_builddir@/ssl install-conf");
};
Phase "apache", "Updating apache config", sub {
    DoneIfIdentical("@top_builddir@/apache/httpd.conf", "$HTTPD_CONF");
    BackUpFileFatal("$HTTPD_CONF");
Leigh B Stoller's avatar
Leigh B Stoller committed
330
    ExecQuietFatal("$GMAKE -C @top_builddir@/apache install");
331 332 333 334 335
};
Phase "rcconf", "Updating $RCCONF", sub {
    DoneIfEdited($RCCONF);
    AppendToFileFatal($RCCONF, "$APACHE_FLAGS=\"-DSSL -DPGENI\"");
};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
336 337 338 339

#
# user/project that slices (experiments) belong to.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
340
my $geniuser = User->Lookup($geniuserid);
341 342 343
Phase "geniuser", "Creating user $geniuserid", sub {
    PhaseSkip("already created")
	if (defined($geniuser));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
344

345 346
    PhaseFail("geniuser.xml does not exist")
	if (! -e "$TB/etc/protogeni/geniuser.xml");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
347

348 349
    ExecQuietFatal("$SUDO -u $PROTOUSER ".
		   "$WAP $NEWUSER $TB/etc/protogeni/geniuser.xml");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
350

351
    $geniuser = User->Lookup($geniuserid);
352
    PhaseFail("$geniuserid did not create properly")
Leigh B. Stoller's avatar
Leigh B. Stoller committed
353
	if (!defined($geniuser));
354

355
    ExecQuietFatal("$SUDO -u $PROTOUSER $WAP $TBACCT verify $geniuserid");
356 357

    # No need for email lists.
358
    $geniuser->Update({'nocollabtools' => '1', 'stud' => '1'});
359 360
};

Leigh B. Stoller's avatar
Leigh B. Stoller committed
361
my $geniproj = Project->Lookup($geniprojid);
362 363 364
Phase "geniproj", "Creating project $geniprojid", sub {
    PhaseSkip("already created")
	if (defined($geniproj));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
365

366 367
    PhaseFail("geniproj.xml does not exist")
	if (! -e "$TB/etc/protogeni/geniproj.xml");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
368

369 370 371
    ExecQuietFatal("$SUDO -u $PROTOUSER ".
		   "$WAP $NEWPROJ $TB/etc/protogeni/geniproj.xml");
    ExecQuietFatal("$SUDO -u $PROTOUSER $WAP $MKPROJ -s $geniprojid");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
372 373

    $geniproj = Project->Lookup($geniprojid);
374
    PhaseFail("$geniprojid did not create")
Leigh B. Stoller's avatar
Leigh B. Stoller committed
375
	if (!defined($geniproj));
376
};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
377 378
$geniuser->Refresh();
$geniproj->Refresh();
379

Leigh B. Stoller's avatar
Leigh B. Stoller committed
380
# Create an encrypted certificate for the test scripts.
381 382 383
Phase "usercert", "Creating certificate for $geniuserid", sub {
    my $sslcert;
    $geniuser->SSLCert(1, \$sslcert);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
384

385 386
    PhaseSkip("already created")
	if (defined($sslcert));
387

388 389 390
    my $passwd = substr(TBGenSecretKey(), 0, 10);
    PhaseFail("failed to generate password")
	if (!defined($passwd) || $passwd eq "");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
391
    
392 393 394 395 396 397 398 399 400 401 402 403
    ExecQuietFatal("$SUDO -u $PROTOUSER ".
		   "$WAP $MKUSERCERT -p '$passwd' $geniuserid");
};

# Now that we have the geniuser ...
Phase "chown", "Changing ownership on dirs", sub {
    ExecQuietFatal("$CHOWN $geniuserid ".
		   "$TB/www/protogeni/advertisements ".
		   "$TB/www/protogeni/authorities");
};

Phase "dbstuff", "Adding a few things to Emulab DB", sub {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
404
    #
405 406 407
    # Need this fake type for now.
    #
    # It would be unusual if this OSID did not exist.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
408
    #
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429
    my $osinfo = OSinfo->Lookup(TBOPSPID(), "RHL-STD");
    PhaseFail("RHL-STD does not exist")
	if (!defined($osinfo));

    my $osid = $osinfo->osid();

    DBQueryWarn("replace into node_types (type,class,isvirtnode,isdynamic) ".
		"values ('pcfake','pcvm',1,1)")
	or PhaseFail("Error inserting node_types");
	
    DBQueryWarn("replace into node_type_attributes ".
		"(type,attrkey,attrvalue,attrtype) values ".
		"('pcfake','rebootable','1','boolean')")
	or PhaseFail("Error inserting rebootable attribute");
    
    DBQueryWarn("replace into node_type_attributes ".
		"(type,attrkey,attrvalue,attrtype) values ".
		"('pcfake','default_osid','$osid','integer')")
	or PhaseFail("Error inserting default_osid attribute");
};
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
430
#
431
# Databases.
432
#
433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453
Phase "databases", "Creating Databases", sub {
    foreach my $dbname ("geni", "geni-ch", "geni-cm") {
	Phase $dbname, "Creating DB $dbname", sub {
	    if (!ExecQuiet("$MYSQLSHOW $dbname")) {
		PhaseSkip("already exists");
	    }
	    ExecQuietFatal("$MYSQLADMIN create $dbname");
	};
	Phase "fill${dbname}", "Initializing DB $dbname", sub {
	    if (!ExecQuiet("$MYSQLDUMP -d $dbname geni_users")) {
		PhaseSkip("already initialized");
	    }
	    ExecQuietFatal("$MYSQL $dbname < $TB/etc/protogeni/protogeni.sql");
	};
	Phase "fix${dbname}", "Patching DB $dbname", sub {
	    ExecQuietFatal("$MYSQL -e \"UPDATE geni_authorities ".
			   "   SET type='ses' ".
			   "WHERE hrn LIKE '%.ses' AND type='';\" $dbname");
	};
    }
};
454

455
#
456 457
# This script builds the certs and registers them. Separate script so
# it can be rerun independently, as when updating certificates.
458
#
459 460 461 462 463
Phase "initcerts", "Creating PG certificates", sub {
    # This script will not overwrite existing certificates, so okay
    # to call again even if certs already exist.
    ExecQuietFatal("$INITCERTS");
};
464

465 466 467 468 469 470 471 472
#
# On the clients, we have to get the bundle from the CH website and
# then break it up for xmlsec (see above). We use a script for this
# since the clients need to do this everytime a new client is added.
# This script restarts apache.
#
if (!$asch) {
    Phase "getcacerts", "Getting current CA bundle", sub {
473 474
	# Use -f cause testbed is probably shutdown.
	ExecQuietFatal("$GETCACERTS -l -p -f");
475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497
    };
    #
    # This cron entry will autoupdate the CA/CRL certs by getting them from
    # the CH website.
    #
    Phase "crontab", "Updating $CRONTAB", sub {
	DoneIfEdited($CRONTAB);
	AppendToFileFatal($CRONTAB,
			  "13  4  *  *	*  root  $GETCACERTS");
    };
}
else {
    #
    # But on the clearinghouse, we have to generate the CRL bundle for 
    # downloading by remote sites.
    #
    Phase "crontab", "Updating $CRONTAB", sub {
	DoneIfEdited($CRONTAB);
	AppendToFileFatal($CRONTAB,
			  "10  4  *  *  *  root  $GENCRLBUNDLE");
    };
}

498
if (!$asch && !$noregister) {
499
    #
500
    # Register the certificates at the clearinghouse.
501
    #
502 503 504
    Phase "register", "Registering PG certificates", sub {
	PhaseFail("You have not emailed your root CA to the clearinghouse yet!")
	    if (! "$TB/etc/.protogeni_federated");
505

506 507 508 509 510
	PhaseSkip("already registered")
	    if (-e "$TB/etc/.protogeni_registered");
	
	ExecQuietFatal("$REGISTERCERTS");
    };
511
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
512 513 514 515 516 517 518 519 520
exit(0);

sub fatal($)
{
    my ($msg) = @_;

    die("*** $0:\n".
	"    $msg\n");
}