initsite.in 17.3 KB
Newer Older
Leigh Stoller's avatar
Leigh Stoller committed
1 2
#!/usr/bin/perl -w
#
3
# Copyright (c) 2008-2018 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
# 
# {{{GENIPUBLIC-LICENSE
# 
# GENI Public License
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
# 
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
# 
# }}}
Leigh Stoller's avatar
Leigh Stoller committed
29 30 31 32
#
use strict;
use English;
use Getopt::Std;
33
use vars qw($GENI_DBNAME);
Leigh Stoller's avatar
Leigh Stoller committed
34 35 36 37 38 39 40

#
# Initialize an emulab to act as a protogeni emulab. Add optional -c
# option if this is a clearinghouse.
# 
sub usage()
{
41
    print "Usage: initpgenisite\n";
Leigh Stoller's avatar
Leigh Stoller committed
42 43
    exit(1);
}
44
my $optlist = "n";
45 46
my $asch    = @PROTOGENI_ISCLEARINGHOUSE@;
my $cflag   = ($asch ? "-c" : "");
47
my $noregister = 0;
Leigh Stoller's avatar
Leigh Stoller committed
48 49 50 51 52 53 54

#
# Configure variables
#
my $TB		  = "@prefix@";
my $TBOPS         = "@TBOPSEMAIL@";
my $TBLOGS        = "@TBLOGSEMAIL@";
55
my $OURDOMAIN     = "@OURDOMAIN@";
Leigh Stoller's avatar
Leigh Stoller committed
56 57
my $PGENIDOMAIN   = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT  = @PROTOGENI_SUPPORT@;
58
my $PROTOGENI_RPCNAME = "@PROTOGENI_RPCNAME@";
59
my $PROTOGENI_RPCPORT = "@PROTOGENI_RPCPORT@";
60
my $OUTERBOSS_XMLRPCPORT = "@OUTERBOSS_XMLRPCPORT@";
61
my $PROTOGENI_WEBSITE  = "@PROTOGENI_WEBSITE@";
62
my $PROTOGENI_URL = "@PROTOGENI_URL@";
Leigh Stoller's avatar
Leigh Stoller committed
63 64 65 66 67 68 69 70 71
my $geniuserid    = "geniuser";
my $geniprojid    = "GeniSlices";
my $PROTOUSER	  = "elabman";
my $NEWUSER	  = "$TB/sbin/newuser";
my $NEWPROJ	  = "$TB/sbin/newproj";
my $MKPROJ	  = "$TB/sbin/mkproj";
my $TBACCT	  = "$TB/sbin/tbacct";
my $ADDAUTHORITY  = "$TB/sbin/protogeni/addauthority";
my $GETCACERTS    = "$TB/sbin/protogeni/getcacerts";
Leigh Stoller's avatar
Leigh Stoller committed
72
my $POSTCRL       = "$TB/sbin/protogeni/postcrl";
73
my $GENCRL        = "$TB/sbin/protogeni/gencrl";
Leigh Stoller's avatar
Leigh Stoller committed
74
my $GENCRLBUNDLE  = "$TB/sbin/protogeni/gencrlbundle";
75 76
my $INITCERTS	  = "$TB/sbin/protogeni/initcerts";
my $REGISTERCERTS = "$TB/sbin/protogeni/reregister";
77
my $CACONTROL     = "$TB/sbin/protogeni/cacontrol";
Leigh Stoller's avatar
Leigh Stoller committed
78
my $MKSYSCERT	  = "$TB/sbin/mksyscert";
79
my $MKUSERCERT	  = "$TB/sbin/mkusercert";
80
my $BATCHEXP      = "$TB/bin/batchexp";
Leigh Stoller's avatar
Leigh Stoller committed
81
my $WAP           = "$TB/sbin/withadminprivs";
Leigh Stoller's avatar
Leigh Stoller committed
82 83 84
my $SACERT	  = "$TB/etc/genisa.pem";
my $CMCERT	  = "$TB/etc/genicm.pem";
my $CHCERT	  = "$TB/etc/genich.pem";
85
my $SESCERT	  = "$TB/etc/genises.pem";
86
my $RPCCERT	  = "$TB/etc/genirpc.pem";
87 88
my $CRL		  = "$TB/ssl/crl.pem";
my $CRLBUNDLE	  = "$TB/etc/genicrl.bundle";
Leigh Stoller's avatar
Leigh Stoller committed
89 90 91 92 93
my $SUDO	  = "/usr/local/bin/sudo";
my $MYSQL         = "/usr/local/bin/mysql";
my $MYSQLADMIN    = "/usr/local/bin/mysqladmin";
my $MYSQLSHOW     = "/usr/local/bin/mysqlshow";
my $MYSQLDUMP     = "/usr/local/bin/mysqldump";
Leigh Stoller's avatar
Leigh Stoller committed
94 95
my $PKG_INFO      = "/usr/sbin/pkg_info";
my $FETCH	  = "/usr/bin/fetch";
96
my $OPENSSL       = "/usr/bin/openssl";
97
my $FIXROOTCERT   = "$TB/sbin/fixrootcert";
98
my $MYSAURN       = "urn:publicid:IDN+@OURDOMAIN@+authority+sa";
99 100
my $APACHEPREFIX  = ("@APACHE_VERSION@" == "22" ? "apache22" :
		     "@APACHE_VERSION@" == "24" ? "apache24" : "apache");
101
my $APACHE_START  = "@APACHE_START_COMMAND@";
Leigh Stoller's avatar
Leigh Stoller committed
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116

# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Protos
sub fatal($);

#
# Turn off line buffering on output
#
$| = 1; 

# Load the Testbed support stuff.
use lib "@prefix@/lib";
117
use libtestbed;
118
use emdb;
Leigh Stoller's avatar
Leigh Stoller committed
119
use libdb qw(TBSetSiteVar TBOPSPID DBQueryFatal);
120
use emutil qw(TBGetUniqueIndex);
Leigh Stoller's avatar
Leigh Stoller committed
121 122
use User;
use Project;
123
use Experiment;
124
use OSImage;
125 126
use libinstall;
use installvars;
Leigh Stoller's avatar
Leigh Stoller committed
127 128 129 130 131 132 133 134 135 136 137 138

if ($UID != 0) {
    fatal("Must be root to run this script\n");
}

#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
139 140 141
if (defined($options{"n"})) {
    $noregister = 1;
}
Leigh Stoller's avatar
Leigh Stoller committed
142

143 144 145
#
# People seem to miss this.
#
146
if ($PGENIDOMAIN =~ /^unknown/i) {
147 148 149 150 151
    print STDERR "Please define PROTOGENI_DOMAIN in your defs file!\n";
    print STDERR "Then reconfig,rebuild,reinstall, then try this again.\n";
    exit(1);
}

152 153 154
#
# Check for (and update) an old (pre-URN) root certificate.
#
155 156 157
if (system($FIXROOTCERT)) {
    fatal("Could not fix root certificate");
}
158
elsif (!$noregister) {
159
    unlink( "$TB/etc/.protogeni_federated" );
160 161
}

Leigh Stoller's avatar
Leigh Stoller committed
162
#
163
# Set this differently for readability. 
Leigh Stoller's avatar
Leigh Stoller committed
164
#
165 166 167
$MAGIC_TESTBED_VERSION = "";
$MAGIC_TESTBED_START   = "Added by Emulab for the ProtoGENI module";
$MAGIC_TESTBED_END     = "End of Emulab added section";
Leigh Stoller's avatar
Leigh Stoller committed
168

Leigh Stoller's avatar
Leigh Stoller committed
169 170 171
#
# Packages.
#
172 173 174 175 176 177 178
my %packlist =
    ("libxml2>=2.6.26"       => "/usr/ports/textproc/libxml2",
     "p5-Frontier-RPC"       => "/usr/ports/net/p5-Frontier-RPC",
     "p5-XML-LibXML>=1.70"   => "/usr/ports/textproc/p5-XML-LibXML",
     "xmlsec1"               => "/usr/ports/security/xmlsec1",
     "p5-Crypt-SSLeay>=0.57" => "/usr/ports/security/p5-Crypt-SSLeay",
     "p5-Crypt-OpenSSL-X509" => "/usr/ports/security/p5-Crypt-OpenSSL-X509",
179
     "p5-Crypt-X509"         => "/usr/ports/security/p5-Crypt-X509",
180 181
     "xerces-c2>=2.7.0"      => "/usr/ports/textproc/xerces-c2",
     "p5-XML-SemanticDiff"   => "/usr/ports/textproc/p5-XML-SemanticDiff",
182
     );
Leigh Stoller's avatar
Leigh Stoller committed
183 184
my $needpkgs = 0;

185
Phase "ports", "Installing ports", sub {
Mike Hibler's avatar
Mike Hibler committed
186
    # Check for new package tools
187
    my $pkgarg = "-E";
Mike Hibler's avatar
Mike Hibler committed
188
    if (-x "/usr/sbin/pkg") {
189 190
	$PKG_INFO = "/usr/sbin/pkg info";
	$pkgarg = "-g -e";
Mike Hibler's avatar
Mike Hibler committed
191
    }
192 193
    foreach my $pkgname (sort(keys(%packlist))) {
	my $pkgdir = $packlist{$pkgname};
194

195
	Phase "$pkgname", "Checking for $pkgname", sub {
196
	    if (!ExecQuiet("$PKG_INFO $pkgarg '${pkgname}*'")) {
197 198
		PhaseSkip("Already installed");
	    }
199
	    ExecQuietFatal("cd $pkgdir; make -DBATCH install");
200 201 202
	};
    }
};
Leigh Stoller's avatar
Leigh Stoller committed
203

204 205 206 207 208 209 210 211 212 213 214
#
# crossdomain.xml is needed to allow the flash client to talk to
# this host.
#
my $crosstext = <<'CROSSEND';
<?xml version="1.0"?>
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
CROSSEND

215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238
Phase "crossdomain", "Installing www crossdomain.xml", sub {
    Phase "create", "Creating file", sub {
	DoneIfExists("$TB/www/crossdomain.xml");
	CreateFileFatal("$TB/www/crossdomain.xml", $crosstext);
    };
    Phase "chmod", "Setting permissions", sub {
	ExecQuietFatal("$CHMOD 0644 $TB/www/crossdomain.xml");
    };
};

Phase "dirs", "Creating directories", sub {
    foreach my $dir ("$TB/www/protogeni",
		     "$TB/etc/genicacerts",
		     "$TB/www/protogeni/advertisements",
		     "$TB/www/protogeni/authorities") {
	Phase $dir, $dir, sub {
	    PhaseSkip("already exists")
		if (-e $dir);
	    
	    mkdir $dir, 0775 or
		PhaseFail("Unable to create $dir : $!");
	};
    }
};
239

240 241 242
#
# Another version of this file?
#
243 244 245
$crosstext = <<'CROSSEND';
<?xml version="1.0"?>
<cross-domain-policy>
246
    <allow-access-from domain="*.emulab.net" />
247 248 249 250
    <allow-access-from domain="*.protogeni.net" />
</cross-domain-policy>
CROSSEND

251 252 253 254 255 256 257 258 259
Phase "crossdomain2", "Installing protogeni crossdomain.xml", sub {
    Phase "create", "Creating file", sub {
	DoneIfExists("$TB/www/protogeni/crossdomain.xml");
	CreateFileFatal("$TB/www/protogeni/crossdomain.xml", $crosstext);
    };
    Phase "chmod", "Setting permissions", sub {
	ExecQuietFatal("$CHMOD 0644 $TB/www/protogeni/crossdomain.xml");
    };
};
260

261 262 263
#
# Flash Policy.
#
264
my $FLASH_LINE = "flashpolicy stream tcp  nowait          root    /bin/echo               /bin/echo '<cross-domain-policy> <site-control permitted-cross-domain-policies=\"master-only\"/> <allow-access-from domain=\"*\" to-ports=\"80,443,$PROTOGENI_RPCPORT,$OUTERBOSS_XMLRPCPORT\"/> </cross-domain-policy>'";
265

266 267 268 269 270 271 272 273 274 275 276 277 278 279 280
Phase "flashpolicy", "Installing the flash policy", sub {
    Phase "services", "Adding services entry", sub {
	DoneIfEdited("/etc/services");
	AppendToFileFatal("/etc/services", 'flashpolicy     843/tcp');
    };
    Phase "inetd", "Adding inetd.conf entry", sub {
	DoneIfEdited("$INETD_CONF");
	AppendToFileFatal($INETD_CONF, $FLASH_LINE);
    };
    Phase "restarting", "Restarting inetd", sub {
	PhaseSkip("not changed")
	    if (PhaseWasSkipped("inetd"));
	HUPDaemon("inetd");
    };
};
281

Leigh Stoller's avatar
Leigh Stoller committed
282 283 284 285 286
#
# The web server needs to do client authentication, for the geni xmlrpc
# interface. A bundle of CA certs from the trusted roots (emulabs) will
# be used. This bundle will periodically update as sites come online.
#
287 288 289 290 291 292
Phase "bundles", "Installing SSL bundles", sub {
    Phase "genica", "Installing genica.bundle", sub {
	DoneIfExists("$TB/etc/genica.bundle");
	ExecQuietFatal("$CP $TB/etc/emulab.pem $TB/etc/genica.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/etc/genica.bundle");
    };
293 294 295 296 297 298
    Phase "genicrl", "Creating initial CRL", sub {
	ExecQuietFatal("$GENCRL -f");
    };
    Phase "crl", "Installing genicrl.bundle", sub {
	ExecQuietFatal("$CP -f $CRL $CRLBUNDLE");
	ExecQuietFatal("$CHMOD 0644 $CRLBUNDLE");
299 300
    };
};
Leigh Stoller's avatar
Leigh Stoller committed
301 302
if ($asch) {
    #
303
    # For xmlsec1
Leigh Stoller's avatar
Leigh Stoller committed
304
    #
305 306 307 308 309 310 311 312 313 314 315 316 317 318
    Phase "genicacerts", "Initial genicacerts directory", sub {
	DoneIfExists("$TB/etc/genicacerts/emulab.pem");
	ExecQuietFatal("$CP $TB/etc/emulab.pem $TB/etc/genicacerts");
    };
    Phase "wwwgenica", "Copying genica.bundle to www", sub {
	DoneIfExists("$TB/www/genica.bundle");
	ExecQuietFatal("$CP $TB/etc/genica.bundle $TB/www/genica.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/www/genica.bundle");
    };
    Phase "wwwgenicrl", "Copying genicrl.bundle to www", sub {
	DoneIfExists("$TB/www/genicrl.bundle");
	ExecQuietFatal("$CP $TB/etc/genicrl.bundle $TB/www/genicrl.bundle");
	ExecQuietFatal("$CHMOD 0644 $TB/www/genicrl.bundle");
    };
319
}
320

321 322 323
#
# I do not understand where this file comes from.
#
324 325 326 327 328 329 330 331 332
Phase "index", "Creating ssl index.txt.attr", sub {
    BackUpFileFatal("$TB/ssl/index.txt.attr");
    DeleteFileFatal("$TB/ssl/index.txt.attr");
    CreateFileFatal("$TB/ssl/index.txt.attr", 'unique_subject = no');
};
Phase "sslcnf", "Updating ssl syscert.cnf", sub {
    ExecQuietFatal("$GMAKE -C @top_builddir@/ssl install-conf");
};
Phase "apache", "Updating apache config", sub {
333 334 335 336 337 338
    if (-e $HTTPD_GENI_CONF) {
	DoneIfIdentical("@top_builddir@/apache/httpd-geni.conf",
			"$HTTPD_GENI_CONF");
	BackUpFileFatal("$HTTPD_GENI_CONF");
    }
    ExecQuietFatal("$GMAKE -C @top_builddir@/apache pgeni-install");
339 340
};
Phase "rcconf", "Updating $RCCONF", sub {
341 342 343
    my $flags = "-DSSL -DPGENI";
    $flags .= " -DPGENI_FCGID" if ($PORTAL_ENABLE);
    
344
    DoneIfEdited($RCCONF);
345
    AppendToFileFatal($RCCONF,
346
		      "${APACHEPREFIX}_flags=\"$flags\"",
347 348 349
		      "${APACHEPREFIX}_profiles=\"www geni\"",
		      "${APACHEPREFIX}_geni_configfile=\"$HTTPD_GENI_CONF\"",
		      "${APACHEPREFIX}_geni_enable=\"YES\"");
350
};
351 352 353 354
Phase "newsyslog", "Updating $NEWSYSLOG_CONF", sub {
    DoneIfEdited($NEWSYSLOG_CONF);
    AppendToFileFatal($NEWSYSLOG_CONF,
	      "$LOGDIR/apache_access_log.geni      644  7   10000  *    BZ ".
Leigh Stoller's avatar
Leigh Stoller committed
355
		      "/var/run/httpd.geni.pid",
356
	      "$LOGDIR/apache_error_log.geni       644  7   10000  *    BZ ".
Leigh Stoller's avatar
Leigh Stoller committed
357
		      "/var/run/httpd.geni.pid",
358
	      "$LOGDIR/apache_ssl_engine_log.geni  644  7   10000  *    BZ ".
Leigh Stoller's avatar
Leigh Stoller committed
359
		      "/var/run/httpd.geni.pid",
360
	      "$LOGDIR/apache_ssl_request_log.geni 644  7   10000  *    BZ ".
Leigh Stoller's avatar
Leigh Stoller committed
361
		      "/var/run/httpd.geni.pid",
362
	      "$LOGDIR/apache_ssl_access_log.geni  644  7   10000  *    BZ ".
Leigh Stoller's avatar
Leigh Stoller committed
363
		      "/var/run/httpd.geni.pid");
364
};
Leigh Stoller's avatar
Leigh Stoller committed
365 366 367 368

#
# user/project that slices (experiments) belong to.
#
Leigh Stoller's avatar
Leigh Stoller committed
369
my $geniuser = User->Lookup($geniuserid);
370 371 372
Phase "geniuser", "Creating user $geniuserid", sub {
    PhaseSkip("already created")
	if (defined($geniuser));
Leigh Stoller's avatar
Leigh Stoller committed
373

374 375
    PhaseFail("geniuser.xml does not exist")
	if (! -e "$TB/etc/protogeni/geniuser.xml");
Leigh Stoller's avatar
Leigh Stoller committed
376

377 378
    ExecQuietFatal("$SUDO -u $PROTOUSER ".
		   "$WAP $NEWUSER $TB/etc/protogeni/geniuser.xml");
Leigh Stoller's avatar
Leigh Stoller committed
379

380
    $geniuser = User->Lookup($geniuserid);
381
    PhaseFail("$geniuserid did not create properly")
Leigh Stoller's avatar
Leigh Stoller committed
382
	if (!defined($geniuser));
383

384
    ExecQuietFatal("$SUDO -u $PROTOUSER $WAP $TBACCT verify $geniuserid");
385 386

    # No need for email lists.
387
    $geniuser->Update({'nocollabtools' => '1', 'stud' => '1'});
388 389
};

Leigh Stoller's avatar
Leigh Stoller committed
390
my $geniproj = Project->Lookup($geniprojid);
391 392 393
Phase "geniproj", "Creating project $geniprojid", sub {
    PhaseSkip("already created")
	if (defined($geniproj));
Leigh Stoller's avatar
Leigh Stoller committed
394

395 396
    PhaseFail("geniproj.xml does not exist")
	if (! -e "$TB/etc/protogeni/geniproj.xml");
Leigh Stoller's avatar
Leigh Stoller committed
397

398 399 400
    ExecQuietFatal("$SUDO -u $PROTOUSER ".
		   "$WAP $NEWPROJ $TB/etc/protogeni/geniproj.xml");
    ExecQuietFatal("$SUDO -u $PROTOUSER $WAP $MKPROJ -s $geniprojid");
Leigh Stoller's avatar
Leigh Stoller committed
401 402

    $geniproj = Project->Lookup($geniprojid);
403
    PhaseFail("$geniprojid did not create")
Leigh Stoller's avatar
Leigh Stoller committed
404
	if (!defined($geniproj));
405
};
406 407
$geniuser->Refresh();
$geniproj->Refresh();
408

409
# Create an encrypted certificate for the test scripts.
410 411 412
Phase "usercert", "Creating certificate for $geniuserid", sub {
    my $sslcert;
    $geniuser->SSLCert(1, \$sslcert);
Leigh Stoller's avatar
Leigh Stoller committed
413

414 415
    PhaseSkip("already created")
	if (defined($sslcert));
416

417 418 419
    my $passwd = substr(TBGenSecretKey(), 0, 10);
    PhaseFail("failed to generate password")
	if (!defined($passwd) || $passwd eq "");
Leigh Stoller's avatar
Leigh Stoller committed
420
    
421 422 423 424 425 426 427 428 429 430 431 432
    ExecQuietFatal("$SUDO -u $PROTOUSER ".
		   "$WAP $MKUSERCERT -p '$passwd' $geniuserid");
};

# Now that we have the geniuser ...
Phase "chown", "Changing ownership on dirs", sub {
    ExecQuietFatal("$CHOWN $geniuserid ".
		   "$TB/www/protogeni/advertisements ".
		   "$TB/www/protogeni/authorities");
};

Phase "dbstuff", "Adding a few things to Emulab DB", sub {
Leigh Stoller's avatar
Leigh Stoller committed
433
    #
434 435 436
    # Need this fake type for now.
    #
    # It would be unusual if this OSID did not exist.
Leigh Stoller's avatar
Leigh Stoller committed
437
    #
438
    my $osimage = OSImage->Lookup(TBOPSPID(), "RHL-STD");
439
    PhaseFail("RHL-STD does not exist")
440
	if (!defined($osimage));
441

442
    my $osid = $osimage->osid();
443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458

    DBQueryWarn("replace into node_types (type,class,isvirtnode,isdynamic) ".
		"values ('pcfake','pcvm',1,1)")
	or PhaseFail("Error inserting node_types");
	
    DBQueryWarn("replace into node_type_attributes ".
		"(type,attrkey,attrvalue,attrtype) values ".
		"('pcfake','rebootable','1','boolean')")
	or PhaseFail("Error inserting rebootable attribute");
    
    DBQueryWarn("replace into node_type_attributes ".
		"(type,attrkey,attrvalue,attrtype) values ".
		"('pcfake','default_osid','$osid','integer')")
	or PhaseFail("Error inserting default_osid attribute");
};
    
Leigh Stoller's avatar
Leigh Stoller committed
459
#
460
# Databases.
461
#
462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482
Phase "databases", "Creating Databases", sub {
    foreach my $dbname ("geni", "geni-ch", "geni-cm") {
	Phase $dbname, "Creating DB $dbname", sub {
	    if (!ExecQuiet("$MYSQLSHOW $dbname")) {
		PhaseSkip("already exists");
	    }
	    ExecQuietFatal("$MYSQLADMIN create $dbname");
	};
	Phase "fill${dbname}", "Initializing DB $dbname", sub {
	    if (!ExecQuiet("$MYSQLDUMP -d $dbname geni_users")) {
		PhaseSkip("already initialized");
	    }
	    ExecQuietFatal("$MYSQL $dbname < $TB/etc/protogeni/protogeni.sql");
	};
	Phase "fix${dbname}", "Patching DB $dbname", sub {
	    ExecQuietFatal("$MYSQL -e \"UPDATE geni_authorities ".
			   "   SET type='ses' ".
			   "WHERE hrn LIKE '%.ses' AND type='';\" $dbname");
	};
    }
};
483

484
#
485 486
# This script builds the certs and registers them. Separate script so
# it can be rerun independently, as when updating certificates.
487
#
488 489 490 491 492
Phase "initcerts", "Creating PG certificates", sub {
    # This script will not overwrite existing certificates, so okay
    # to call again even if certs already exist.
    ExecQuietFatal("$INITCERTS");
};
493

494 495 496 497 498 499 500 501
#
# On the clients, we have to get the bundle from the CH website and
# then break it up for xmlsec (see above). We use a script for this
# since the clients need to do this everytime a new client is added.
# This script restarts apache.
#
if (!$asch) {
    Phase "getcacerts", "Getting current CA bundle", sub {
502 503
	# Use -f cause testbed is probably shutdown.
	ExecQuietFatal("$GETCACERTS -l -p -f");
504 505 506 507 508 509 510 511 512 513 514 515
    };
    #
    # This cron entry will autoupdate the CA/CRL certs by getting them from
    # the CH website.
    #
    Phase "crontab", "Updating $CRONTAB", sub {
	DoneIfEdited($CRONTAB);
	AppendToFileFatal($CRONTAB,
			  "13  4  *  *	*  root  $GETCACERTS");
    };
}
else {
516 517 518 519 520
    # Restart to pick up initial CRL created above.
    Phase "apcahe", "Restarting Apache", sub {
	ExecQuietFatal("$APACHE_START restart");
    };
    
521
    #
522 523
    # Need to initialize CAs in the geni-ch DB with our own, so we can
    # talk to the CH from ourself.
524
    #
525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540
    Phase "cacontrol", "Running cacontrol", sub {
	ExecQuietFatal("$CACONTROL -i");
    };

    #
    # Now we can post our initial CRL to our CH database. Yes, we could
    # just do insert into the DB, but if this fails we might as bail now. 
    #
    Phase "postcrl", "Posting initial CRL", sub {
	ExecQuietFatal("$POSTCRL -f");
    };
    
    #
    # On clearinghouse, we have to generate the CRL bundle for downloading
    # by remote sites each night.
    # 
541 542 543 544 545 546 547
    Phase "crontab", "Updating $CRONTAB", sub {
	DoneIfEdited($CRONTAB);
	AppendToFileFatal($CRONTAB,
			  "10  4  *  *  *  root  $GENCRLBUNDLE");
    };
}

548
if (!$asch && !$noregister) {
549
    #
550
    # Register the certificates at the clearinghouse.
551
    #
552 553 554
    Phase "register", "Registering PG certificates", sub {
	PhaseFail("You have not emailed your root CA to the clearinghouse yet!")
	    if (! "$TB/etc/.protogeni_federated");
555

556 557 558 559 560
	PhaseSkip("already registered")
	    if (-e "$TB/etc/.protogeni_registered");
	
	ExecQuietFatal("$REGISTERCERTS");
    };
561
}
Leigh Stoller's avatar
Leigh Stoller committed
562 563 564 565 566 567 568 569 570
exit(0);

sub fatal($)
{
    my ($msg) = @_;

    die("*** $0:\n".
	"    $msg\n");
}