Commit 0bb906f4 authored by Mike Hibler's avatar Mike Hibler

New imagevalidate tool for printing/checking/updating image metadata.

This should be run whenever an image is created or updated and possibly
periodically over existing images. It makes sure that various image
metadata fields are up to date:

 * hash: the SHA1 hash of the image. This field has been around for
   awhile and was previously maintained by "imagehash".

 * size: the size of the image file.

 * range: the sector range covered by the uncompressed image data.

 * mtime: modification time of the image. This is the "updated"
   datetime field in the DB. Its intent was always to track the update
   time of the image, but it wasn't always exact (create-image would
   update this with the current time at the start of the image capture
   process).

Documentation? Umm...the usage message is comprehensive!
It sports a variety of useful options, but the basics are:

 * imagevalidate -p <image> ...
    Print current DB metadata for indicated images. <image> can either
    be a <pid>/<imagename> string or the numeric imageid.

 * imagevalidate <image> ...
    Check the mtime, size, hash, and image range of the image file and
    compare them to the values in the DB. Whine for ones which are out
    of date.

 * imagevalidate -u <image> ...
    Compare and then update DB metadata fields that are out of date.

Fixed a variety of scripts that either used imagehash or computed the
SHA1 hash directly to now use imagevalidate.
parent 605221af
......@@ -4,12 +4,13 @@
use strict;
use libinstall;
use installvars;
use EmulabConstants;
my $UTAHURL = "http://www.emulab.net/downloads";
my $DESCRIPTORS = "$TOP_SRCDIR/install/descriptors-v3.xml";
my $GENDEV = "$TOP_SRCDIR/install/descriptors-gendev.xml";
my @STDIMAGES = ("FBSD82-STD", "FEDORA15-STD");
my @MBRS = ("emulab-mbr.dd", "emulab-mbr2.dd");
my @MBRS = ("emulab-mbr.dd", "emulab-mbr2.dd", "emulab-mbr3.dd");
my $STDIMAGESURL = "$UTAHURL/images-STD";
sub Install($$$)
......@@ -97,6 +98,16 @@ sub Install($$$)
" $SUDO -u $PROTOUSER $WAP ".
" perl load-descriptors -a $localfile");
};
#
# XXX the metadata file may not contain any or all of the newer
# DB state. So we update the metadata using imagevalidate.
#
Phase "${imagename}_validate", "Validating DB info for image.", sub {
my $iname = TBOPSPID() . "/" . $imagename;
ExecQuietFatal("$SUDO -u $PROTOUSER ".
"$PREFIX/sbin/imagevalidate -uq $iname");
};
}
foreach my $mbr (@MBRS) {
my $localfile = "$PREFIX/images/$mbr";
......
......@@ -52,6 +52,15 @@ sub Install($$$)
" $SUDO -u $PROTOUSER $WAP ".
" perl load-descriptors -a $localfile");
};
#
# XXX the metadata file may not contain any or all of the newer
# DB state. So we update the metadata using imagevalidate.
#
Phase "${imagename}_validate", "Validating DB info for image.", sub {
my $iname = TBOPSPID() . "/" . $imagename;
ExecQuietFatal("$SUDO -u $PROTOUSER ".
"$PREFIX/sbin/imagevalidate -uq $iname");
};
}
#
......
......@@ -58,6 +58,15 @@ sub Install($$$)
" $SUDO -u $PROTOUSER $WAP ".
" perl load-descriptors -a $localfile");
};
#
# XXX the metadata file may not contain any or all of the newer
# DB state. So we update the metadata using imagevalidate.
#
Phase "${imagename}_validate", "Validating DB info for image.", sub {
my $iname = TBOPSPID() . "/" . $imagename;
ExecQuietFatal("$SUDO -u $PROTOUSER ".
"$PREFIX/sbin/imagevalidate -uq $iname");
};
}
#
......
......@@ -49,7 +49,7 @@ SBIN_SCRIPTS = vlandiff vlansync withadminprivs export_tables cvsupd.pl \
prereserve grantimage getimages localize_mfs \
management_iface sharevlan check-shared-bw \
addspecialdevice addspecialiface imagehash clone_image \
addvpubaddr imageinfo ctrladdr image_import \
addvpubaddr imageinfo imagevalidate ctrladdr image_import \
prereserve_check tcppd addexternalnetwork \
update_sitevars delete_image sitecheckin sitecheckin_client \
mktestbedtest fixrootcert addservers poolmonitor \
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -131,6 +131,7 @@ my $friskiller = "$TB/sbin/frisbeehelper";
my $osselect = "$TB/bin/os_select";
my $checkquota = "$TB/sbin/checkquota";
my $imagehash = "$TB/bin/imagehash";
my $imagevalidate = "$TB/sbin/imagevalidate";
my $SHA1 = "/sbin/sha1";
my $SCP = "/usr/bin/scp";
my $def_devtype = "ad";
......@@ -811,34 +812,34 @@ if (! -x $imagehash ||
}
#
# Hash the file itself since we really want an integrity check
# on the image file.
# Update fields in the DB related to the image.
#
my $hashfile = "${filename}.sha1";
my $filehash = `$SHA1 $filename`;
if ($?) {
fatal("Could not generate sha1 hash of $filename");
# Note that we do not do this for "standard" images since they get uploaded
# into /proj/emulab-ops rather than /usr/testbed. We could automatically move
# the image into place here, but that makes us nervous. We prefer an admin do
# that by hand after testing the new image!
#
my $tbopsmsg = "";
if ($isglobal && $usepath) {
$tbopsmsg =
"Did not update DB state for global image $pid/$imagename since\n".
"image was written to '$filename'\n".
"instead of $TB/images. Move image into place and run:\n".
" $imagevalidate -uq $pid/$imagename\n";
}
if ($filehash =~ /^SHA1.*= (\w*)$/) {
if ($isglobal && $usepath) {
print "*** WARNING: Not updating SHA1 in DB record since the ".
"image was written to /proj!\n";
print " See $hashfile instead\n";
}
else {
$image->SetHash($1) == 0
or fatal("Failed to set the hash for $image");
}
elsif (system("$imagevalidate -uq $pid/$imagename") != 0) {
$tbopsmsg =
"DB state update for image $pid/$imagename failed, try again with:\n".
" $imagevalidate -u $pid/$imagename\n";
}
else {
fatal("Could not parse the sha1 hash: '$filehash'")
if ($tbopsmsg) {
SENDMAIL($TBOPS,
"Image DB state update failure for $pid/$imagename",
$tbopsmsg,
$TBOPS,
undef,
());
}
unlink($hashfile)
if (-e $hashfile);
open(HASH, ">$hashfile") or
fatal("Could not open $hashfile for writing: $!");
print HASH $filehash;
close($hashfile);
print "Image creation succeeded.\n";
print "Image written to $filename.\n";
......
#!/usr/bin/perl -w
#
# Copyright (c) 2010-2013 University of Utah and the Flux Group.
# Copyright (c) 2010-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -68,6 +68,7 @@ my $NEWIMAGE_EZ = "$TB/bin/newimageid_ez";
my $IMAGEDUMP = "$TB/bin/imagedump";
my $SHA1 = "/sbin/sha1";
my $SAVEUID = $UID;
my $IMAGEVALIDATE = "$TB/sbin/imagevalidate";
#
# Untaint the path
......@@ -268,8 +269,12 @@ if ($getimage) {
$image->Unlock();
exit(1);
}
# Update the hash in the DB.
$image->SetHash($newhash);
# Update DB info. Use the hash we were given, no need to recalculate.
my $imageid = $image->imageid();
if (system("$IMAGEVALIDATE -uq -H '$newhash' $imageid")) {
# XXX should this be fatal?
print STDERR "Could not update DB info for $image\n";
}
}
$image->Unlock();
}
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment