#!/bin/bash
-. /tmp/planet.cnf
+### make sure this output shows up in the console
+
+exec 2>&1
+exec > /dev/console
+
+###
+source /etc/init.d/pl_functions
+
+source /tmp/planet.cnf
# Run gpg once to create default options
GNUPGHOME=/root
BOOT_DIR=/usr/boot/
# get the server we are going to be contacting
-BOOT_SERVER=`cat $BOOT_DIR/boot_server`
-BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port`
+BOOT_SERVER=$(cat $BOOT_DIR/boot_server)
+BOOT_SERVER_PORT=$(cat $BOOT_DIR/boot_server_port)
# the file to request from the boot server
-BOOT_SERVER_PATH=`cat $BOOT_DIR/boot_server_path`
+BOOT_SERVER_PATH=$(cat $BOOT_DIR/boot_server_path)
# location of the cacert for this boot server
BOOT_SERVER_CACERT=$BOOT_DIR/cacert.pem
BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/pubring.gpg
# get the backup server we are going to be contacting
-BACKUP_BOOT_SERVER=`cat $BOOT_DIR/backup/boot_server`
-BACKUP_BOOT_SERVER_PORT=`cat $BOOT_DIR/backup/boot_server_port`
+BACKUP_BOOT_SERVER=$(cat $BOOT_DIR/backup/boot_server)
+BACKUP_BOOT_SERVER_PORT=$(cat $BOOT_DIR/backup/boot_server_port)
# the file to request from the backup boot server
-BACKUP_BOOT_SERVER_PATH=`cat $BOOT_DIR/backup/boot_server_path`
+BACKUP_BOOT_SERVER_PATH=$(cat $BOOT_DIR/backup/boot_server_path)
# location of the cacert for the backup boot server
BACKUP_BOOT_SERVER_CACERT=$BOOT_DIR/backup/cacert.pem
CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
-while : ; do
+while true; do
if [[ -f $CANCEL_BOOT_FLAG ]]; then
- echo $(date "+%H:%M:%S") " pl_boot: got request to cancel boot, exiting"
+ verbose-message "pl_boot: got request to cancel boot, exiting"
exit 0
fi
-
+
if [[ $contact_count -ge $ATTEMPTS_BEFORE_BACKUP ]]; then
contact_count=0
if [[ $on_backup_server == 1 ]]; then
- echo $(date "+%H:%M:%S") " pl_boot: failed to contact backup server, trying primary $BOOT_SERVER"
+ verbose-message "pl_boot: failed to contact backup server, trying primary $BOOT_SERVER"
on_backup_server=0
CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
else
- echo $(date "+%H:%M:%S") " pl_boot: failed to contact primary server, trying backup $BACKUP_BOOT_SERVER"
+ verbose-message "pl_boot: failed to contact primary server, trying backup $BACKUP_BOOT_SERVER"
on_backup_server=1
if [[ $contact_count != 0 ]]; then
- if [[ $on_backup_server == 1 ]]; then
- echo $(date "+%H:%M:%S") " pl_boot: attempting to fetch script from backup server in 30s"
- else
- echo $(date "+%H:%M:%S") " pl_boot: attempting to fetch script from primary server in 30s"
- fi
- /bin/sleep 30
+ verbose-message "pl_boot: next attempt in 30s, to fetch script from server at $CONNECT_BOOT_SERVER"
+ /bin/sleep 30
fi
+ # June 2015 : using --tlsv1 instead of sslv3 that should be available
+ # on all myplc from f14 inclusive
# assemble the curl transaction
CURL_CMD="/usr/bin/curl \
--connect-timeout 60 \
--form nonce=</tmp/nonce \
--location \
--output $UNVERIFIED_SCRIPT \
- --sslv3 \
+ --tlsv1 \
--silent \
--show-error \
--fail \
--always-trust \
--decrypt $UNVERIFIED_SCRIPT"
- echo $(date "+%H:%M:%S") " pl_boot: generating new nonce"
+ verbose-message "pl_boot: generating new nonce"
/usr/bin/head --bytes=32 /dev/urandom | \
/usr/bin/od -tx1 -An --width=32 | \
/bin/sed 's/ //g' > /tmp/nonce
- echo $(date "+%H:%M:%S") " pl_boot: fetching script from boot server $CONNECT_BOOT_SERVER"
+ verbose-message "pl_boot: fetching script from boot server $CONNECT_BOOT_SERVER"
((contact_count++))
rm -f $UNVERIFIED_SCRIPT
$CURL_CMD
curl_err=$?
if [ $curl_err -ne 0 ]; then
- echo $(date "+%H:%M:%S") " pl_boot: curl request failed with error $curl_err:"
+ verbose-message "pl_boot: curl request failed with error $curl_err:"
cat /tmp/curl_errors
echo
if [ -n "$DISCONNECTED_OPERATION" ]; then
else
case $curl_err in
6)
- echo $(date "+%H:%M:%S") " This error likely indicates a networking configuration error. "
- echo $(date "+%H:%M:%S") " Please, check whether you can ping this machine. If you can, "
- echo $(date "+%H:%M:%S") " we recommend checking your DNS settings. If you cannot, then "
- echo $(date "+%H:%M:%S") " please double check your network settings registered at PLC and "
- echo $(date "+%H:%M:%S") " stored on this Boot Image."
- for file in $(ls /etc/sysconfig/network-scripts/ifcfg-eth* /etc/resolv.conf) ; do
- echo $(date "+%H:%M:%S") contents of $file :
- cat $file
- echo $(date "+%H:%M:%S") end of $file :
- done
+ verbose-message "This error likely indicates a networking configuration error. "
+ verbose-message "Please, check whether you can ping this machine. If you can, "
+ verbose-message "we recommend checking your DNS settings. If you cannot, then "
+ verbose-message "please double check your network settings registered at PLC and "
+ verbose-message "stored on this Boot Image."
;;
60)
- echo $(date "+%H:%M:%S") " This error likely indicates that the hardware clock is likely not set "
- echo $(date "+%H:%M:%S") " to GMT. The result is that authentication between the local and "
- echo $(date "+%H:%M:%S") " remote site fails. Please double check this machine's system "
- echo $(date "+%H:%M:%S") " clock, and set it to GMT in the BIOS. If after rebooting the same "
- echo $(date "+%H:%M:%S") " error occurs, please report the situation to support@planet-lab.org "
- echo $(date "+%H:%M:%S") " with as much detail as possible."
+ verbose-message "This error likely indicates that the hardware clock is likely not set "
+ verbose-message "to GMT. The result is that authentication between the local and "
+ verbose-message "remote site fails. Please double check this machine's system "
+ verbose-message "clock, and set it to GMT in the BIOS. If after rebooting the same "
+ verbose-message "error occurs, please report the situation to support@planet-lab.org "
+ verbose-message "with as much detail as possible."
;;
*)
- echo $(date "+%H:%M:%S") " The best-practice approach for handling this error is not yet "
- echo $(date "+%H:%M:%S") " documented. Please report this error to support@planet-lab.org "
- echo $(date "+%H:%M:%S") " with as much detail as possible."
+ verbose-message "The best-practice approach for handling this error is not yet "
+ verbose-message "documented. Please report this error to support@planet-lab.org "
+ verbose-message "with as much detail as possible."
;;
esac
+ # in any case display as much info as we can (see pl_functions)
+ verbose-forensics "after curl"
+ # retry
continue
fi
elif [ -n "$DISCONNECTED_OPERATION" ]; then
cp $UNVERIFIED_SCRIPT /tmp/boot-media
umount /tmp/boot-media
rmdir /tmp/boot-media
- fi
+ fi
- echo $(date "+%H:%M:%S") " pl_boot: verifying downloaded script"
+ verbose-message "pl_boot: verifying downloaded script"
rm -f $VERIFIED_SCRIPT
$GPG_CMD 2> /tmp/gpg_errors
if [ $? -ne 0 ]; then
- echo $(date "+%H:%M:%S") " pl_boot: failed to verify file:"
+ verbose-message "pl_boot: failed to verify file:"
cat /tmp/gpg_errors
echo
continue
fi
- echo $(date "+%H:%M:%S") " pl_boot: decrypted and verified script succesfully"
+ verbose-message "pl_boot: decrypted and verified script succesfully"
- echo $(date "+%H:%M:%S") " pl_boot: handing control to download script"
+ verbose-message "pl_boot: handing control to download script"
rm -f $UNVERIFIED_SCRIPT
chmod +x $VERIFIED_SCRIPT
$VERIFIED_SCRIPT
-
- echo $(date "+%H:%M:%S") " pl_boot: downloaded script has returned"
+
+ verbose-message "pl_boot: downloaded script has returned"
done
-echo $(date "+%H:%M:%S") " pl_boot: automatic boot process canceled by user"
+verbose-message "pl_boot: automatic boot process canceled by user"