Commit 8ef78cae authored by Leigh B Stoller's avatar Leigh B Stoller

Small changes to make it easier to rebuild a geni rack by

using a different wiring file, and a bundle of existing certs.
parent 1688857c
...@@ -29,17 +29,19 @@ my $CONFIGVARS = "$PREFIX/configvars.txt"; ...@@ -29,17 +29,19 @@ my $CONFIGVARS = "$PREFIX/configvars.txt";
my $RACKVARS = "$PREFIX/etc/genirack/variables.txt"; my $RACKVARS = "$PREFIX/etc/genirack/variables.txt";
my $RACKIPS = "$PREFIX/etc/genirack/ips.txt"; my $RACKIPS = "$PREFIX/etc/genirack/ips.txt";
my $RACKILO = "$PREFIX/etc/genirack/ilo.xml"; my $RACKILO = "$PREFIX/etc/genirack/ilo.xml";
my $RACKWIRES = "$TOP_SRCDIR/install/genirack/wiring-A.xml"; my $RACKWIRES = "$PREFIX/etc/genirack/wiring.xml";
my $RACKWIRESDEF = "$TOP_SRCDIR/install/genirack/wiring-A.xml";
my $ILOPASSWORD = "$PREFIX/etc/ilo.pswd"; my $ILOPASSWORD = "$PREFIX/etc/ilo.pswd";
my $ELABPASSWORD = "$PREFIX/etc/elabman.pswd"; my $ELABPASSWORD = "$PREFIX/etc/elabman.pswd";
my $HPPASSWORD = "$PREFIX/etc/switch.pswd"; my $HPPASSWORD = "$PREFIX/etc/switch.pswd";
my $PORTSRC = "http://www.emulab.net/downloads/FreeBSD-9.0-ports.tar.gz"; my $PORTSRC = "http://www.emulab.net/downloads/FreeBSD-9.0-ports.tar.gz";
if ($FBSD_MAJOR >= 10) { if ($FBSD_MAJOR >= 10) {
$PORTSRC = "http://www.emulab.net/downloads/FreeBSD-10.0-ports.tar.gz"; $PORTSRC = "http://www.emulab.net/downloads/FreeBSD-10.".
$FBSD_MINOR . "-ports.tar.gz";
} }
my $ZZZ = "/usr/local/etc/rc.d/zzz-inelab.sh"; my $ZZZ = "/usr/local/etc/rc.d/zzz-inelab.sh";
my $DEFAULTOSID = "UBUNTU14-64-STD"; my $DEFAULTOSID = "UBUNTU14-64-STD";
my @EXPORTEDOSIDS= ("FBSD82-STD", "UBUNTU12-64-STD", "UBUNTU14-64-STD"); my @EXPORTEDOSIDS= ("UBUNTU12-64-STD", "UBUNTU14-64-STD");
my $PGOSSITEVAR = "protogeni/default_osname"; my $PGOSSITEVAR = "protogeni/default_osname";
my $CHPASS = "/usr/bin/chpass"; my $CHPASS = "/usr/bin/chpass";
my $SSHTB = "$PREFIX/bin/sshtb"; my $SSHTB = "$PREFIX/bin/sshtb";
...@@ -499,10 +501,13 @@ sub Install($$$) ...@@ -499,10 +501,13 @@ sub Install($$$)
PhaseSkip("already added") PhaseSkip("already added")
if ($query_result->numrows); if ($query_result->numrows);
# Allow for rack specific wiring file.
my $wiring = (-e $RACKWIRES ? $RACKWIRES : $RACKWIRESDEF);
ExecQuietFatal("cd $TOP_OBJDIR/install/genirack; ". ExecQuietFatal("cd $TOP_OBJDIR/install/genirack; ".
" $SUDO -u $PROTOUSER $WAP ". " $SUDO -u $PROTOUSER $WAP ".
" perl mknewconfig -i $ILOIP ". " perl mknewconfig -i $ILOIP ".
" /tmp/output $RACKIPS $RACKILO $RACKWIRES"); " /tmp/output $RACKIPS $RACKILO $wiring");
PhaseFail("initilo.sh not generated") PhaseFail("initilo.sh not generated")
if (! -e "/tmp/output/initilo.sh"); if (! -e "/tmp/output/initilo.sh");
......
...@@ -7,6 +7,7 @@ use installvars; ...@@ -7,6 +7,7 @@ use installvars;
use File::stat; use File::stat;
my $INITCERTS = "$PREFIX/sbin/protogeni/initcerts"; my $INITCERTS = "$PREFIX/sbin/protogeni/initcerts";
my $OLDCERTS = "/usr/emulabcerts";
sub Install($$$) sub Install($$$)
{ {
...@@ -44,7 +45,29 @@ sub Install($$$) ...@@ -44,7 +45,29 @@ sub Install($$$)
PhaseSkip("Protogeni installed") PhaseSkip("Protogeni installed")
if (-e "$ETCDIR/.protogeni_registered"); if (-e "$ETCDIR/.protogeni_registered");
ExecQuietFatal("cd $TOP_OBJDIR/protogeni/scripts; perl ./initsite"); #
# This is for complete regen of an existing site, but we
# want to retain the old key/cert, as for a genirack rebuild.
#
my $extraopt = "";
if (-e "$OLDCERTS/genisa.pem" &&
-e "$OLDCERTS/genicm.pem" &&
-e "$OLDCERTS/genises.pem" &&
-e "$OLDCERTS/genirpc.pem") {
foreach my $name ("genicm.pem", "genisa.pem",
"genises.pem", "genirpc.pem") {
my $old = "$OLDCERTS/$name";
my $new = "$ETCDIR/$name";
ExecQuietFatal("$CP -p $old $new");
}
# Prevent reregistration of old certs.
$extraopt = "-n";
}
ExecQuietFatal("cd $TOP_OBJDIR/protogeni/scripts; ".
" perl ./initsite $extraopt");
PhaseSucceed("Protogeni installed"); PhaseSucceed("Protogeni installed");
}; };
Phase "version_info", "Initializing version_info table", sub { Phase "version_info", "Initializing version_info table", sub {
......
...@@ -6,6 +6,8 @@ use libinstall; ...@@ -6,6 +6,8 @@ use libinstall;
use installvars; use installvars;
my $APACHE_START = $APACHE_START_COMMAND; my $APACHE_START = $APACHE_START_COMMAND;
my $OLDEMULABKEY = "/usr/emulabcerts/emulab.key";
my $OLDEMULABPEM = "/usr/emulabcerts/emulab.pem";
sub Install($$$) sub Install($$$)
{ {
...@@ -52,6 +54,18 @@ sub Install($$$) ...@@ -52,6 +54,18 @@ sub Install($$$)
} }
Phase "sslgen", "Generating SSL certificates", sub { Phase "sslgen", "Generating SSL certificates", sub {
DoneIfExists("$TOP_OBJDIR/ssl/$EMULAB_PEM"); DoneIfExists("$TOP_OBJDIR/ssl/$EMULAB_PEM");
#
# This is for complete regen of an existing site, but we
# want to retain the old key/cert, as for a genirack rebuild.
#
if (-e $OLDEMULABPEM && -e $OLDEMULABKEY && $PGENISUPPORT) {
ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/ssl prebuild");
ExecQuietFatal("$CP -p $OLDEMULABKEY $TOP_OBJDIR/ssl");
ExecQuietFatal("$CP $OLDEMULABPEM $TOP_OBJDIR/ssl");
# Prevent reregistration of old certs.
ExecQuietFatal("$TOUCH $ETCDIR/.protogeni_federated");
}
ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/ssl remote-site"); ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/ssl remote-site");
}; };
if ($isupdate) { if ($isupdate) {
......
...@@ -12,7 +12,8 @@ my $RACKNTPCONF = "$TOP_SRCDIR/install/genirack/ntp.conf"; ...@@ -12,7 +12,8 @@ my $RACKNTPCONF = "$TOP_SRCDIR/install/genirack/ntp.conf";
my $ETCNTPCONF = "/etc/ntp.conf"; my $ETCNTPCONF = "/etc/ntp.conf";
my $PORTSRC = "http://www.emulab.net/downloads/FreeBSD-9.0-ports.tar.gz"; my $PORTSRC = "http://www.emulab.net/downloads/FreeBSD-9.0-ports.tar.gz";
if ($FBSD_MAJOR >= 10) { if ($FBSD_MAJOR >= 10) {
$PORTSRC = "http://www.emulab.net/downloads/FreeBSD-10.0-ports.tar.gz"; $PORTSRC = "http://www.emulab.net/downloads/FreeBSD-10.".
$FBSD_MINOR . "-ports.tar.gz";
} }
sub Install($$$) sub Install($$$)
......
#!/usr/bin/perl -w #!/usr/bin/perl -w
# #
# Copyright (c) 2008-2014 University of Utah and the Flux Group. # Copyright (c) 2008-2015 University of Utah and the Flux Group.
# #
# {{{GENIPUBLIC-LICENSE # {{{GENIPUBLIC-LICENSE
# #
...@@ -40,9 +40,10 @@ sub usage() ...@@ -40,9 +40,10 @@ sub usage()
print "Usage: initpgenisite\n"; print "Usage: initpgenisite\n";
exit(1); exit(1);
} }
my $optlist = ""; my $optlist = "n";
my $asch = @PROTOGENI_ISCLEARINGHOUSE@; my $asch = @PROTOGENI_ISCLEARINGHOUSE@;
my $cflag = ($asch ? "-c" : ""); my $cflag = ($asch ? "-c" : "");
my $noregister = 0;
# #
# Configure variables # Configure variables
...@@ -132,6 +133,9 @@ my %options = (); ...@@ -132,6 +133,9 @@ my %options = ();
if (! getopts($optlist, \%options)) { if (! getopts($optlist, \%options)) {
usage(); usage();
} }
if (defined($options{"n"})) {
$noregister = 1;
}
# #
# People seem to miss this. # People seem to miss this.
...@@ -148,7 +152,7 @@ if ($PGENIDOMAIN =~ /^unknown/i) { ...@@ -148,7 +152,7 @@ if ($PGENIDOMAIN =~ /^unknown/i) {
if (system($FIXROOTCERT)) { if (system($FIXROOTCERT)) {
fatal("Could not fix root certificate"); fatal("Could not fix root certificate");
} }
else { elsif (!$noregister) {
unlink( "$TB/etc/.protogeni_federated" ); unlink( "$TB/etc/.protogeni_federated" );
} }
...@@ -491,7 +495,7 @@ else { ...@@ -491,7 +495,7 @@ else {
}; };
} }
if (!$asch) { if (!$asch && !$noregister) {
# #
# Register the certificates at the clearinghouse. # Register the certificates at the clearinghouse.
# #
......
...@@ -56,7 +56,9 @@ include $(TESTBED_SRCDIR)/GNUmakerules ...@@ -56,7 +56,9 @@ include $(TESTBED_SRCDIR)/GNUmakerules
# #
pems: emulab.pem server.pem client.pem pems: emulab.pem server.pem client.pem
emulab.pem: dirsmade mkserial emulab.cnf emulab-geni.cnf emulab.key prebuild: dirsmade emulab.cnf emulab-geni.cnf
emulab.pem: dirsmade emulab.cnf emulab-geni.cnf emulab.key
# #
# Create the Certificate Authority. # Create the Certificate Authority.
# The certificate is installed on both boss and remote nodes. # The certificate is installed on both boss and remote nodes.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment