rc.localize 5.3 KB
Newer Older
1 2
#!/usr/bin/perl -w
#
3
# Copyright (c) 2004-2017 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
#
use English;
use Getopt::Std;

sub usage()
{
    print "Usage: " .
	scriptname() . " [-j vnodeid] boot|shutdown|reconfig|reset\n";
    exit(1);
}
my $optlist = "j:";
my $action  = "boot";

# Turn off line buffering on output
$| = 1;

# Drag in path stuff so we can find emulab stuff.
BEGIN { require "/etc/emulab/paths.pm"; import emulabpaths; }

# Only root.
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be root to run this script!\n");
}

#
# Load the OS independent support library. It will load the OS dependent
# library and initialize itself. 
# 
use libsetup;
use libtmcc;
use librc;

#
# Not all clients support this.
#
exit(0)
60
    if (PLAB() || JAILED() || CONTROL() || FSNODE());
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136

# Protos.
sub doboot();
sub doshutdown();
sub doreconfig();
sub docleanup();

# Parse command line.
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{'j'})) {
    my $vnodeid = $options{'j'};
    libsetup_setvnodeid($vnodeid);
}
# Allow default above.
if (@ARGV) {
    $action = $ARGV[0];
}

# Execute the action.
SWITCH: for ($action) {
    /^boot$/i && do {
	doboot();
	last SWITCH;
    };
    /^shutdown$/i && do {
	doshutdown();
	last SWITCH;
    };
    /^reconfig$/i && do {
	doreconfig();
	last SWITCH;
    };
    /^reset$/i && do {
	docleanup();
	last SWITCH;
    };
    fatal("Invalid action: $action\n");
}
exit(0);

# More protos
sub donodeid();
sub docreator();

#
# Boot Action.
#
sub doboot()
{
    my @tmccresults;
    my @pubkeys     = ();

    print STDOUT "Checking Testbed localization configuration ... \n";

    if (tmcc(TMCCCMD_LOCALIZATION, undef, \@tmccresults) < 0) {
	fatal("Could not get localization info from server!");
    }
    # Important; if no results then do nothing. 
    return 0
	if (! @tmccresults);

    #
    # Go through and see what we got. For now, we expect just ssh keys
    # 
    foreach my $str (@tmccresults) {
	if ($str =~ /^ROOTPUBKEY='(.*)'$/) {
	    push(@pubkeys, $1);
	}
	else {
	    warning("Bad localization line: $str");
	}
    }

    #
137 138
    # Ensure that the given keys are in root's authorized_keys file,
    # put them there if not.
139 140
    #
    if (@pubkeys) {
141 142
	my $authdir   = (WINDOWS() ? "/sshkeys/root" : "/root/.ssh");
	my $authkeys  = $authdir . "/authorized_keys";
143
	my $authkeysold = $authkeys . ".old";
144
	my $authkeysnew = $authkeys . ".new";
145 146
	my $oldumask  = umask(022);

147 148 149 150 151 152 153 154 155 156 157 158 159 160 161
	#
	# On FreeNAS, aka a storage host, root is RO so the best we
	# can do is compare what we would write as authorized_keys to
	# what is already present and complain if they don't match.
	#
	if (STORAGEHOST()) {
	    $authkeysnew = "/tmp/authorized_keys.new";
	} else {
	    if (! -e $authdir) {
		system("mkdir -p $authdir") == 0
		    or fatal("Could not create $authdir");
		system("chmod 700 $authdir") == 0
		    or fatal("Failed to chmod $authdir");
	    }

162 163
	    if (-e $authkeys && ! -e $authkeysold) {
		system("cp -pf $authkeys $authkeysold") == 0
164 165
		    or fatal("Could not backup root ssh authorized_keys file");
	    }
166
	}
167

168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215
	#
	# Hash for tracking our keys
	#
	my %keyhash = ();
	foreach my $key (@pubkeys) {
	    $keyhash{$key} = 0;
	}

	#
	# Read the old keys, taking note of our keys that are already there.
	# It is okay for there to be no existing file, we will just make a
	# new one with Emulab keys.
	#
	my @lines = ();
	if (open(OKEYS, "<$authkeys")) {
	    while (my $key = <OKEYS>) {
		chomp $key;
		if ($key && $key !~ /^\s*#/ && exists($keyhash{$key})) {
		    $keyhash{$key} = 1;
		}
		push @lines, $key;
	    }
	    close(OKEYS);
	}

	#
	# Add any of our keys that are not already there
	#
	my $added = 0;
	foreach my $key (@pubkeys) {
	    if (!$keyhash{$key}) {
		push @lines, $key;
		$added++;
	    }
	}

	#
	# All the keys are there, nothing to do
	#
	if (!$added) {
	    umask($oldumask);
	    return 0;
	}

	#
	# Otherwise write a new file with missing keys added
	#
	if (!open(NKEYS, ">$authkeysnew")) {
216
	    warning("Could not open $authkeysnew: $!");
217
	    umask($oldumask);
218 219
	    return -1;
	}
220
	umask($oldumask);
221
    
222 223 224 225 226
	print NKEYS "# Updated by Emulab on " . scalar(localtime()) . "\n";
	foreach my $line (@lines) {
	    next
		if ($line =~ /^# Updated by Emulab on/);
	    print NKEYS "$line\n";
227
	}
228
	close(NKEYS);
229

230
	if (system("mv -f $authkeysnew $authkeys")) {
231 232
	    warning("Could not mv $authkeysnew to $authkeys");
	}
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260
	return 0;
    }
}

#
# Shutdown Action.
#
sub doshutdown()
{
    # Nothing to do
}

#
# Node Reconfig Action (without rebooting).
#
sub doreconfig()
{
    doshutdown();
    return doboot();
}

#
# Node cleanup action (node is reset to completely clean state).
#
sub docleanup()
{
}