set -e
-BOOTCD_VERSION="3.0-beta0.4"
-FULL_VERSION_STRING="PlanetLab BootCD $BOOTCD_VERSION"
-
-# which boot server to contact
-BOOTSERVER='boot.planet-lab.org'
+# where the boot cd build config files are stored (and certificats/keys)
+CONFIGURATIONS_DIR=configurations/
-# and on which port (protocol will be https)
-BOOTSERVER_PORT='443'
+# where built files are stored
+BUILD_DIR=build/
-# finally, what path to request from the server
-BOOTSERVER_PATH='boot/'
+BOOTCD_VERSION="3.0-beta0.4"
+FULL_VERSION_STRING="PlanetLab BootCD $BOOTCD_VERSION"
SYSLINUX_SRC=sources/syslinux-2.11.tar.bz2
-ISO=cd.iso
-
-CD_ROOT=`pwd`/cdroot
-ROOT_PASSWD='$1$IdEn2srw$/TfrjZSPUC1xP244YCuIi0'
-
BOOTCD_YUM_GROUP=BootCD
CDRECORD_FLAGS="-v -dao"
CONF_FILES_DIR=conf_files/
-# location of the uncompressed ramdisk image
-INITRD=$CD_ROOT/usr/isolinux/initrd
-
-# temporary mount point for rd
-INITRD_MOUNT=`pwd`/rd
-
# size of the ram disk in MB
RAMDISK_SIZE=64
INITRD_BYTES_PER_INODE=1024
+function usage()
+{
+ echo "Usage: build.sh <action> [<configuration>]"
+ echo "Action: build burn clean"
+ echo
+ echo "If configuration is missing, 'default' is loaded"
+ exit
+}
+
+
function build_cdroot()
{
if [ -f $CD_ROOT/.built ]; then
--enablemd5 --enableshadow
echo "setting root password"
- sed -i "s#root::#root:$ROOT_PASSWD:#g" $CD_ROOT/etc/shadow
+ sed -i "s#root::#root:$ROOT_PASSWORD:#g" $CD_ROOT/etc/shadow
echo "relocate some large directories out of the root system"
# get /var/lib/rpm out, its 12mb. create in its place a
(cd $CD_ROOT/lib && ln -s ../usr/relocated/lib/tls tls)
echo "extracting syslinux, copying isolinux files to cd"
- mkdir -p syslinux
mkdir -p $CD_ROOT/usr/isolinux/
- tar -C syslinux -xjvf $SYSLINUX_SRC
- find syslinux -name isolinux.bin -exec cp -f {} $CD_ROOT/usr/isolinux/ \;
+ mkdir -p $BUILD_DIR/syslinux
+ tar -C $BUILD_DIR/syslinux -xjvf $SYSLINUX_SRC
+ find $BUILD_DIR/syslinux -name isolinux.bin \
+ -exec cp -f {} $CD_ROOT/usr/isolinux/ \;
echo "moving kernel to isolinux directory"
KERNEL=$CD_ROOT/boot/vmlinuz-*
cp -f $CONF_FILES_DIR/default-net.cnf $CD_ROOT/usr/boot/
echo "setup boot server configuration"
- cp -f $CONF_FILES_DIR/cacert.pem $CD_ROOT/usr/boot/
- cp -f $CONF_FILES_DIR/pubring.gpg $CD_ROOT/usr/boot/
- echo "$BOOTSERVER" > $CD_ROOT/usr/boot/boot_server
- echo "$BOOTSERVER_PORT" > $CD_ROOT/usr/boot/boot_server_port
- echo "$BOOTSERVER_PATH" > $CD_ROOT/usr/boot/boot_server_path
+ cp -f $CURRENT_CONFIG_DIR/$PRIMARY_SERVER_CERT $CD_ROOT/usr/boot/cacert.pem
+ cp -f $CURRENT_CONFIG_DIR/$PRIMARY_SERVER_GPG $CD_ROOT/usr/boot/pubring.gpg
+ echo "$PRIMARY_SERVER" > $CD_ROOT/usr/boot/boot_server
+ echo "$PRIMARY_SERVER_PORT" > $CD_ROOT/usr/boot/boot_server_port
+ echo "$PRIMARY_SERVER_PATH" > $CD_ROOT/usr/boot/boot_server_path
+
+ echo "setup backup boot server configuration"
+ mkdir -p $CD_ROOT/usr/boot/backup
+ cp -f $CURRENT_CONFIG_DIR/$BACKUP_SERVER_CERT \
+ $CD_ROOT/usr/boot/backup/cacert.pem
+ cp -f $CURRENT_CONFIG_DIR/$BACKUP_SERVER_GPG \
+ $CD_ROOT/usr/boot/backup/pubring.gpg
+ echo "$BACKUP_SERVER" > $CD_ROOT/usr/boot/backup/boot_server
+ echo "$BACKUP_SERVER_PORT" > $CD_ROOT/usr/boot/backup/boot_server_port
+ echo "$BACKUP_SERVER_PATH" > $CD_ROOT/usr/boot/backup/boot_server_path
echo "copying old boot cd directory bootme (TEMPORARY)"
cp -r bootme_old $CD_ROOT/usr/bootme
echo "$FULL_VERSION_STRING" > $CD_ROOT/usr/bootme/ID
+ echo "$PRIMARY_SERVER" > $CD_ROOT/usr/bootme/BOOTSERVER
+ echo "$PRIMARY_SERVER" > $CD_ROOT/usr/bootme/BOOTSERVER_IP
+ echo "$PRIMARY_SERVER_PORT" > $CD_ROOT/usr/bootme/BOOTPORT
echo "forcing lvm to make lvm1 partitions (TEMPORARY)"
cp -f $CONF_FILES_DIR/lvm.conf $CD_ROOT/etc/lvm/
echo "" >> $CD_ROOT/etc/issue
echo "" >> $CD_ROOT/etc/issue
+ if [[ ! -z "$NODE_CONFIGURATION_FILE" ]]; then
+ echo "Copying node configuration file to cd"
+ cp -f $CURRENT_CONFIG_DIR/$NODE_CONFIGURATION_FILE \
+ $CD_ROOT/usr/boot/plnode.txt
+ fi
+
echo "making the isolinux initrd kernel command line match rd size"
let INITRD_SIZE_KB=$(($RAMDISK_SIZE * 1024))
sed -i "s#ramdisk_size=0#ramdisk_size=$INITRD_SIZE_KB#g" \
gzip $INITRD
}
-function build_iso()
+function build()
{
- echo "building iso"
+ # build base image via yum
+ build_cdroot
+
+ # always build/rebuild initrd
+ build_initrd
+
rm -f $ISO
mkisofs -o $ISO -R -allow-leading-dots -J -r -b isolinux/isolinux.bin \
-c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table \
- -V PlanetLab-3-0 $CD_ROOT/usr
+ $CD_ROOT/usr
}
function burn()
function clean()
{
- echo "removing built files"
- rm -rf cdroot
- rm -rf syslinux
- rm -rf $INITRD_MOUNT
+ rm -rf $CD_ROOT
+ rm -rf $BUILD_DIR/syslinux
+ rm -rf $BUILD_DIR/$INITRD_MOUNT
+ rm -rf $BUILD_DIR
rm -f $ISO
+ rmdir --ignore-fail-on-non-empty build
}
+if [[ "$1" == "clean" || "$1" == "burn" || "$1" == "build" ]]; then
+ action=$1
+ configuration=$2
-if [ "$1" == "clean" ]; then
- clean
- exit
-fi
+ if [[ -z "$configuration" ]]; then
+ configuration=default
+ fi
-if [ "$1" == "burn" ]; then
- burn
- exit
-fi
+ echo "Loading configuration $configuration"
+ CURRENT_CONFIG_DIR=$CONFIGURATIONS_DIR/$configuration
+ . $CURRENT_CONFIG_DIR/configuration
-if [ "$1" == "force" ]; then
- clean
-fi
+ # setup vars for this configuration
+ if [[ ! -z "$EXTRA_VERSION" ]]; then
+ FULL_VERSION_STRING="$FULL_VERSION_STRING-$EXTRA_VERSION"
+ fi
+
+ # destination image
+ BUILD_DIR=build/$configuration
+ mkdir -p $BUILD_DIR
+ ISO=$BUILD_DIR/`echo $OUTPUT_IMAGE_NAME | sed -e "s/%version/$BOOTCD_VERSION/"`.iso
+
+ # built cd root
+ CD_ROOT=`pwd`/$BUILD_DIR/cdroot
+ mkdir -p $CD_ROOT
+
+ # location of the uncompressed ramdisk image
+ INITRD=$CD_ROOT/usr/isolinux/initrd
-# build base image via yum
-build_cdroot
+ # temporary mount point for rd
+ INITRD_MOUNT=`pwd`/$BUILD_DIR/rd
-# always build/rebuild initrd
-build_initrd
-build_iso
+ case $action in
+ build )
+ echo "Proceeding with building $DESCRIPTION"
+ build;;
+
+ clean )
+ echo "Removing built files for $DESCRIPTION"
+ clean;;
+
+ burn )
+ echo "Burning $DESCRIPTION"
+ burn;;
+ esac
+else
+ usage
+fi
+
# if this file is present, cancel the boot (exit this script)
CANCEL_BOOT_FLAG=/tmp/CANCEL_BOOT
+# how many times to fail in attempting to contact primary server
+# before falling back to original. if the backup fails this many times
+# too, then the process is repeated started with the primary server
+ATTEMPTS_BEFORE_BACKUP=2
+
# where all the configuration files for contacting
# the boot server are stored
BOOT_DIR=/usr/boot/
BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port`
# the file to request from the boot server
-SERVER_BOOT_DIR=`cat $BOOT_DIR/boot_server_path`
+BOOT_SERVER_PATH=`cat $BOOT_DIR/boot_server_path`
# location of the cacert for this boot server
-BOOT_CACERT=$BOOT_DIR/cacert.pem
+BOOT_SERVER_CACERT=$BOOT_DIR/cacert.pem
# location of the gpg key ring to verify scripts
-BOOT_GPG_KEYRING=$BOOT_DIR/pubring.gpg
+BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/pubring.gpg
+
+# get the backup server we are going to be contacting
+BACKUP_BOOT_SERVER=`cat $BOOT_DIR/backup/boot_server`
+BACKUP_BOOT_SERVER_PORT=`cat $BOOT_DIR/backup/boot_server_port`
+
+# the file to request from the backup boot server
+BACKUP_BOOT_SERVER_PATH=`cat $BOOT_DIR/backup/boot_server_path`
+
+# location of the cacert for the backup boot server
+BACKUP_BOOT_SERVER_CACERT=$BOOT_DIR/backup/cacert.pem
+
+# location of the gpg key ring for backup server to verify scripts
+BACKUP_BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/backup/pubring.gpg
# location of a file containing this boot cd version
BOOT_VERSION_FILE=/pl_version
UNVERIFIED_SCRIPT=/tmp/bootscript.gpg
VERIFIED_SCRIPT=/tmp/bootscript
-# asemble the curl transaction
-CURL_CMD="/usr/bin/curl \
- --connect-timeout 60 \
- --max-time 600 \
- --form version=<$BOOT_VERSION_FILE \
- --form cmdline=</proc/cmdline \
- --form uptime=</proc/uptime \
- --form ifconfig=</tmp/ifconfig \
- --form cpuinfo=</proc/cpuinfo \
- --form meminfo=</proc/meminfo \
- --form nonce=</tmp/nonce \
- --location \
- --output $UNVERIFIED_SCRIPT \
- --sslv3 \
- --silent \
- --show-error \
- --fail \
- --stderr /tmp/curl_errors \
- --cacert $BOOT_CACERT \
- https://$BOOT_SERVER:$BOOT_SERVER_PORT/$SERVER_BOOT_DIR"
-
-
-# assemble the gpg command line
-GPG_CMD="/usr/bin/gpg \
- --no-default-keyring \
- --keyring $BOOT_GPG_KEYRING \
- --output $VERIFIED_SCRIPT \
- --always-trust \
- --decrypt $UNVERIFIED_SCRIPT"
+
+# --------------------------
# now, contact the boot server, run the script, and do it over again.
-first=1
-while true; do
+contact_count=0
+
+# set to one when we are trying to contact backup server
+on_backup_server=0
+
+# start out contacting the primary servers
+CONNECT_BOOT_SERVER=$BOOT_SERVER
+CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT
+CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH
+CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
+CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
+
+while : ; do
if [[ -f $CANCEL_BOOT_FLAG ]]; then
echo "pl_boot: got request to cancel boot, exiting"
exit 0
fi
- if [[ $first -eq 0 ]]; then
+ if [[ $contact_count -ne 0 ]]; then
echo "pl_boot: fetching new script in 30 seconds"
/bin/sleep 30
fi
- first=0
+
+ ((contact_count++))
+ if [[ $contact_count > $ATTEMPTS_BEFORE_BACKUP ]]; then
+
+ contact_count=0
+
+ if [[ $on_backup_server == 1 ]]; then
+ echo "pl_boot: failed to contact backup server, trying primary."
+
+ on_backup_server=0
+
+ CONNECT_BOOT_SERVER=$BOOT_SERVER
+ CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT
+ CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH
+ CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
+ CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
+ else
+ echo "pl_boot: failed to contact primary server, trying backup."
+
+ on_backup_server=1
+
+ CONNECT_BOOT_SERVER=$BACKUP_BOOT_SERVER
+ CONNECT_BOOT_SERVER_PORT=$BACKUP_BOOT_SERVER_PORT
+ CONNECT_BOOT_SERVER_PATH=$BACKUP_BOOT_SERVER_PATH
+ CONNECT_BOOT_SERVER_GPG_KEYRING=$BACKUP_BOOT_SERVER_GPG_KEYRING
+ CONNECT_BOOT_SERVER_CACERT=$BACKUP_BOOT_SERVER_CACERT
+ fi
+ fi
+
+ # assemble the curl transaction
+ CURL_CMD="/usr/bin/curl \
+ --connect-timeout 60 \
+ --max-time 600 \
+ --form version=<$BOOT_VERSION_FILE \
+ --form cmdline=</proc/cmdline \
+ --form uptime=</proc/uptime \
+ --form ifconfig=</tmp/ifconfig \
+ --form nonce=</tmp/nonce \
+ --location \
+ --output $UNVERIFIED_SCRIPT \
+ --sslv3 \
+ --silent \
+ --show-error \
+ --fail \
+ --stderr /tmp/curl_errors \
+ --cacert $CONNECT_BOOT_SERVER_CACERT \
+ https://$CONNECT_BOOT_SERVER:$CONNECT_BOOT_SERVER_PORT/$CONNECT_BOOT_SERVER_PATH"
+
+ # assemble the gpg command line
+ GPG_CMD="/usr/bin/gpg \
+ --no-default-keyring \
+ --keyring $CONNECT_BOOT_SERVER_GPG_KEYRING \
+ --output $VERIFIED_SCRIPT \
+ --always-trust \
+ --decrypt $UNVERIFIED_SCRIPT"
echo "pl_boot: generating new nonce"
/usr/bin/head --bytes=32 /dev/urandom | \
/usr/bin/od -tx1 -An --width=32 | \
/bin/sed 's/ //g' > /tmp/nonce
- echo "pl_boot: fetching script from boot server $BOOT_SERVER"
+ echo "pl_boot: fetching script from boot server $CONNECT_BOOT_SERVER"
rm -f $UNVERIFIED_SCRIPT
$CURL_CMD
curl_err=$?
--- /dev/null
+#
+# configuration for standard bootcd, contact primary boot server,
+# no backup server.
+#
+
+# the name of the cd image. %version is replaced with the current
+# cd version (from build.sh)
+OUTPUT_IMAGE_NAME='PlanetLab-BootCD-%version'
+
+# extra version, if set, is added to end of version.
+EXTRA_VERSION=
+
+# a one line description of this cd
+DESCRIPTION='PLC PlanetLab BootCD'
+
+# the password for the root account on the cd
+ROOT_PASSWORD='$1$IdEn2srw$/TfrjZSPUC1xP244YCuIi0'
+
+# which server to contact
+PRIMARY_SERVER=boot.planet-lab.org
+PRIMARY_SERVER_PORT=443
+PRIMARY_SERVER_PATH=/boot/
+PRIMARY_SERVER_CERT=plc-boot-cacert.pem
+PRIMARY_SERVER_GPG=plc-pubring.gpg
+
+# and the backup server
+BACKUP_SERVER=boot1.planet-lab.org
+BACKUP_SERVER_PORT=443
+BACKUP_SERVER_PATH=/boot/
+BACKUP_SERVER_CERT=plc-boot1-cacert.pem
+BACKUP_SERVER_GPG=plc-pubring.gpg
+
+# this is a generic cd, so no configuration file for a node
+NODE_CONFIGURATION_FILE=
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCk5ldyBKZXJzZXkxEjAQBgNVBAcTCVByaW5jZXRvbjESMBAGA1UE
+ChMJUGxhbmV0TGFiMRIwEAYDVQQLEwlQbGFuZXRMYWIxGjAYBgNVBAMTEVBsYW5l
+dExhYiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QHBsYW5ldC1sYWIu
+b3JnMB4XDTA0MDIyMzE4MjAyNVoXDTE0MDIyMDE4MjAyNVowgaExCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRIwEAYDVQQHEwlQcmluY2V0b24xEjAQ
+BgNVBAoTCVBsYW5ldExhYjESMBAGA1UECxMJUGxhbmV0TGFiMRowGAYDVQQDExFQ
+bGFuZXRMYWIgUm9vdCBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBwbGFuZXQt
+bGFiLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqTbodSr8D8MMbAaN
+HRmH7F7N786hkUEmNGKmY/3vL43O1pece6pTRhnxG1nzn2KXPJpFAUkPA0tEwIWd
+3FaSrk2HdbUAEzLEYnKmsuFfdsgN2P6BKapmBGdr2cx5zMBSW+TF4YQ5CQi14tCg
+n9xlKahmXzeTdpVp/EF71bjBZgECAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUk0NbbylUNeZdRtlMwFg3Yy94kk4wDQYJKoZIhvcNAQEEBQADgYEA
+poFwjOngxcsOu8FclBnezjdmW15mwBPDEU2hAsV6QeXvGzrP46lPz+dmRUysM0te
+LUl9KnzWvRvjL+gOa4YnHtjzzTNH8fgGDShu/2/9oCROXEqR+xcn7oty6wN87htQ
+TgQrffnF6NfjYTEFVmrklG32JBOElUtP/nOGFcKjSw0=
+-----END CERTIFICATE-----