- update build process to support multiple boot cd configurations

  (different set of servers to contact, etc)
- make default configuration one that contacts plc, backup server boot1 at
  plc
- modify pl_boot script to contact backup server after a number of failures

diff --git a/build.sh b/build.sh
index f4498be..03aaa18 100755 (executable)
--- a/build.sh
+++ b/build.sh
@@ -2,37 +2,23 @@
 
 set -e
 
-BOOTCD_VERSION="3.0-beta0.4"
-FULL_VERSION_STRING="PlanetLab BootCD $BOOTCD_VERSION"
-
-# which boot server to contact
-BOOTSERVER='boot.planet-lab.org'
+# where the boot cd build config files are stored (and certificats/keys)
+CONFIGURATIONS_DIR=configurations/
 
-# and on which port (protocol will be https)
-BOOTSERVER_PORT='443'
+# where built files are stored
+BUILD_DIR=build/
 
-# finally, what path to request from the server
-BOOTSERVER_PATH='boot/'
+BOOTCD_VERSION="3.0-beta0.4"
+FULL_VERSION_STRING="PlanetLab BootCD $BOOTCD_VERSION"
 
 SYSLINUX_SRC=sources/syslinux-2.11.tar.bz2
 
-ISO=cd.iso
-
-CD_ROOT=`pwd`/cdroot
-ROOT_PASSWD='$1$IdEn2srw$/TfrjZSPUC1xP244YCuIi0'
-
 BOOTCD_YUM_GROUP=BootCD
 
 CDRECORD_FLAGS="-v -dao"
 
 CONF_FILES_DIR=conf_files/
 
-# location of the uncompressed ramdisk image
-INITRD=$CD_ROOT/usr/isolinux/initrd
-
-# temporary mount point for rd
-INITRD_MOUNT=`pwd`/rd
-
 # size of the ram disk in MB
 RAMDISK_SIZE=64
 
@@ -40,6 +26,16 @@ RAMDISK_SIZE=64
 INITRD_BYTES_PER_INODE=1024
 
 
+function usage()
+{
+    echo "Usage: build.sh <action> [<configuration>]"
+    echo "Action: build burn clean"
+    echo
+    echo "If configuration is missing, 'default' is loaded"
+    exit
+}
+
+
 function build_cdroot()
 {
     if [ -f $CD_ROOT/.built ]; then
@@ -92,7 +88,7 @@ function build_cdroot()
        --enablemd5 --enableshadow
 
     echo "setting root password"
-    sed -i "s#root::#root:$ROOT_PASSWD:#g" $CD_ROOT/etc/shadow
+    sed -i "s#root::#root:$ROOT_PASSWORD:#g" $CD_ROOT/etc/shadow
 
     echo "relocate some large directories out of the root system"
     # get /var/lib/rpm out, its 12mb. create in its place a 
@@ -107,10 +103,11 @@ function build_cdroot()
     (cd $CD_ROOT/lib && ln -s ../usr/relocated/lib/tls tls)
 
     echo "extracting syslinux, copying isolinux files to cd"
-    mkdir -p syslinux
     mkdir -p $CD_ROOT/usr/isolinux/
-    tar -C syslinux -xjvf $SYSLINUX_SRC
-    find syslinux -name isolinux.bin -exec cp -f {} $CD_ROOT/usr/isolinux/ \;
+    mkdir -p $BUILD_DIR/syslinux
+    tar -C $BUILD_DIR/syslinux -xjvf $SYSLINUX_SRC
+    find $BUILD_DIR/syslinux -name isolinux.bin \
+       -exec cp -f {} $CD_ROOT/usr/isolinux/ \;
 
     echo "moving kernel to isolinux directory"
     KERNEL=$CD_ROOT/boot/vmlinuz-*
@@ -155,15 +152,28 @@ function build_initrd()
     cp -f $CONF_FILES_DIR/default-net.cnf $CD_ROOT/usr/boot/
 
     echo "setup boot server configuration"
-    cp -f $CONF_FILES_DIR/cacert.pem $CD_ROOT/usr/boot/
-    cp -f $CONF_FILES_DIR/pubring.gpg $CD_ROOT/usr/boot/
-    echo "$BOOTSERVER" > $CD_ROOT/usr/boot/boot_server
-    echo "$BOOTSERVER_PORT" > $CD_ROOT/usr/boot/boot_server_port
-    echo "$BOOTSERVER_PATH" > $CD_ROOT/usr/boot/boot_server_path
+    cp -f $CURRENT_CONFIG_DIR/$PRIMARY_SERVER_CERT $CD_ROOT/usr/boot/cacert.pem
+    cp -f $CURRENT_CONFIG_DIR/$PRIMARY_SERVER_GPG $CD_ROOT/usr/boot/pubring.gpg
+    echo "$PRIMARY_SERVER" > $CD_ROOT/usr/boot/boot_server
+    echo "$PRIMARY_SERVER_PORT" > $CD_ROOT/usr/boot/boot_server_port
+    echo "$PRIMARY_SERVER_PATH" > $CD_ROOT/usr/boot/boot_server_path
+
+    echo "setup backup boot server configuration"
+    mkdir -p $CD_ROOT/usr/boot/backup
+    cp -f $CURRENT_CONFIG_DIR/$BACKUP_SERVER_CERT \
+       $CD_ROOT/usr/boot/backup/cacert.pem
+    cp -f $CURRENT_CONFIG_DIR/$BACKUP_SERVER_GPG \
+       $CD_ROOT/usr/boot/backup/pubring.gpg
+    echo "$BACKUP_SERVER" > $CD_ROOT/usr/boot/backup/boot_server
+    echo "$BACKUP_SERVER_PORT" > $CD_ROOT/usr/boot/backup/boot_server_port
+    echo "$BACKUP_SERVER_PATH" > $CD_ROOT/usr/boot/backup/boot_server_path
 
     echo "copying old boot cd directory bootme (TEMPORARY)"
     cp -r bootme_old $CD_ROOT/usr/bootme
     echo "$FULL_VERSION_STRING" > $CD_ROOT/usr/bootme/ID
+    echo "$PRIMARY_SERVER" > $CD_ROOT/usr/bootme/BOOTSERVER
+    echo "$PRIMARY_SERVER" > $CD_ROOT/usr/bootme/BOOTSERVER_IP
+    echo "$PRIMARY_SERVER_PORT" > $CD_ROOT/usr/bootme/BOOTPORT
 
     echo "forcing lvm to make lvm1 partitions (TEMPORARY)"
     cp -f $CONF_FILES_DIR/lvm.conf $CD_ROOT/etc/lvm/
@@ -178,6 +188,12 @@ function build_initrd()
     echo "" >> $CD_ROOT/etc/issue
     echo "" >> $CD_ROOT/etc/issue
 
+    if [[ ! -z "$NODE_CONFIGURATION_FILE" ]]; then
+       echo "Copying node configuration file to cd"
+       cp -f $CURRENT_CONFIG_DIR/$NODE_CONFIGURATION_FILE \
+           $CD_ROOT/usr/boot/plnode.txt
+    fi
+
     echo "making the isolinux initrd kernel command line match rd size"
     let INITRD_SIZE_KB=$(($RAMDISK_SIZE * 1024))
     sed -i "s#ramdisk_size=0#ramdisk_size=$INITRD_SIZE_KB#g" \
@@ -208,13 +224,18 @@ function build_initrd()
     gzip $INITRD
 }
 
-function build_iso()
+function build()
 {
-    echo "building iso"
+    # build base image via yum
+    build_cdroot
+
+    # always build/rebuild initrd
+    build_initrd
+
     rm -f $ISO
     mkisofs -o $ISO -R -allow-leading-dots -J -r -b isolinux/isolinux.bin \
        -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table \
-       -V PlanetLab-3-0 $CD_ROOT/usr
+       $CD_ROOT/usr
 }
 
 function burn()
@@ -224,32 +245,61 @@ function burn()
 
 function clean()
 {
-    echo "removing built files"
-    rm -rf cdroot
-    rm -rf syslinux
-    rm -rf $INITRD_MOUNT
+    rm -rf $CD_ROOT
+    rm -rf $BUILD_DIR/syslinux
+    rm -rf $BUILD_DIR/$INITRD_MOUNT
+    rm -rf $BUILD_DIR
     rm -f $ISO
+    rmdir --ignore-fail-on-non-empty build
 }
 
+if [[ "$1" == "clean" || "$1" == "burn" || "$1" == "build" ]]; then
+    action=$1
+    configuration=$2
 
-if [ "$1" == "clean" ]; then
-    clean
-    exit
-fi
+    if [[ -z "$configuration" ]]; then
+       configuration=default
+    fi
 
-if [ "$1" == "burn" ]; then
-    burn
-    exit
-fi
+    echo "Loading configuration $configuration"
+    CURRENT_CONFIG_DIR=$CONFIGURATIONS_DIR/$configuration
+    . $CURRENT_CONFIG_DIR/configuration
 
-if [ "$1" == "force" ]; then
-    clean
-fi
+    # setup vars for this configuration
+    if [[ ! -z "$EXTRA_VERSION" ]]; then
+       FULL_VERSION_STRING="$FULL_VERSION_STRING-$EXTRA_VERSION"
+    fi
+
+    # destination image
+    BUILD_DIR=build/$configuration
+    mkdir -p $BUILD_DIR
+    ISO=$BUILD_DIR/`echo $OUTPUT_IMAGE_NAME | sed -e "s/%version/$BOOTCD_VERSION/"`.iso
+
+    # built cd root
+    CD_ROOT=`pwd`/$BUILD_DIR/cdroot
+    mkdir -p $CD_ROOT
+
+    # location of the uncompressed ramdisk image
+    INITRD=$CD_ROOT/usr/isolinux/initrd
 
-# build base image via yum
-build_cdroot
+    # temporary mount point for rd
+    INITRD_MOUNT=`pwd`/$BUILD_DIR/rd
 
-# always build/rebuild initrd
-build_initrd
 
-build_iso
+    case $action in 
+       build )
+           echo "Proceeding with building $DESCRIPTION"
+           build;;
+
+       clean )
+           echo "Removing built files for $DESCRIPTION"
+           clean;;
+
+       burn )
+           echo "Burning $DESCRIPTION"
+           burn;;
+    esac    
+else
+    usage
+fi
+

diff --git a/conf_files/pl_boot b/conf_files/pl_boot
index 1d5abab..a9e889a 100644 (file)
--- a/conf_files/pl_boot
+++ b/conf_files/pl_boot
@@ -8,6 +8,11 @@ export GNUPGHOME
 # if this file is present, cancel the boot (exit this script)
 CANCEL_BOOT_FLAG=/tmp/CANCEL_BOOT
 
+# how many times to fail in attempting to contact primary server
+# before falling back to original. if the backup fails this many times
+# too, then the process is repeated started with the primary server
+ATTEMPTS_BEFORE_BACKUP=2
+
 # where all the configuration files for contacting
 # the boot server are stored
 BOOT_DIR=/usr/boot/
@@ -17,13 +22,26 @@ BOOT_SERVER=`cat $BOOT_DIR/boot_server`
 BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port`
 
 # the file to request from the boot server
-SERVER_BOOT_DIR=`cat $BOOT_DIR/boot_server_path`
+BOOT_SERVER_PATH=`cat $BOOT_DIR/boot_server_path`
 
 # location of the cacert for this boot server
-BOOT_CACERT=$BOOT_DIR/cacert.pem
+BOOT_SERVER_CACERT=$BOOT_DIR/cacert.pem
 
 # location of the gpg key ring to verify scripts
-BOOT_GPG_KEYRING=$BOOT_DIR/pubring.gpg
+BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/pubring.gpg
+
+# get the backup server we are going to be contacting
+BACKUP_BOOT_SERVER=`cat $BOOT_DIR/backup/boot_server`
+BACKUP_BOOT_SERVER_PORT=`cat $BOOT_DIR/backup/boot_server_port`
+
+# the file to request from the backup boot server
+BACKUP_BOOT_SERVER_PATH=`cat $BOOT_DIR/backup/boot_server_path`
+
+# location of the cacert for the backup boot server
+BACKUP_BOOT_SERVER_CACERT=$BOOT_DIR/backup/cacert.pem
+
+# location of the gpg key ring for backup server to verify scripts
+BACKUP_BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/backup/pubring.gpg
 
 # location of a file containing this boot cd version
 BOOT_VERSION_FILE=/pl_version
@@ -32,58 +50,96 @@ BOOT_VERSION_FILE=/pl_version
 UNVERIFIED_SCRIPT=/tmp/bootscript.gpg
 VERIFIED_SCRIPT=/tmp/bootscript
 
-# asemble the curl transaction
-CURL_CMD="/usr/bin/curl \
-   --connect-timeout 60 \
-   --max-time 600 \
-   --form version=<$BOOT_VERSION_FILE \
-   --form cmdline=</proc/cmdline \
-   --form uptime=</proc/uptime \
-   --form ifconfig=</tmp/ifconfig \
-   --form cpuinfo=</proc/cpuinfo \
-   --form meminfo=</proc/meminfo \
-   --form nonce=</tmp/nonce \
-   --location \
-   --output $UNVERIFIED_SCRIPT \
-   --sslv3  \
-   --silent \
-   --show-error \
-   --fail \
-   --stderr /tmp/curl_errors \
-   --cacert $BOOT_CACERT \
-   https://$BOOT_SERVER:$BOOT_SERVER_PORT/$SERVER_BOOT_DIR"
-
-
-# assemble the gpg command line
-GPG_CMD="/usr/bin/gpg \
-    --no-default-keyring \
-    --keyring $BOOT_GPG_KEYRING \
-    --output $VERIFIED_SCRIPT \
-    --always-trust \
-    --decrypt $UNVERIFIED_SCRIPT"
+
+# --------------------------
 
 
 # now, contact the boot server, run the script, and do it over again.
-first=1
-while true; do
+contact_count=0
+
+# set to one when we are trying to contact backup server
+on_backup_server=0
+
+# start out contacting the primary servers
+CONNECT_BOOT_SERVER=$BOOT_SERVER
+CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT
+CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH
+CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
+CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
+
+while : ; do
 
     if [[ -f $CANCEL_BOOT_FLAG ]]; then
        echo "pl_boot: got request to cancel boot, exiting"
        exit 0
     fi
 
-    if [[ $first -eq 0 ]]; then
+    if [[ $contact_count -ne 0 ]]; then
        echo "pl_boot: fetching new script in 30 seconds"
        /bin/sleep 30
     fi
-    first=0
+    
+    ((contact_count++))
+    if [[ $contact_count > $ATTEMPTS_BEFORE_BACKUP ]]; then
+
+       contact_count=0
+
+       if [[ $on_backup_server == 1 ]]; then
+           echo "pl_boot: failed to contact backup server, trying primary."
+
+           on_backup_server=0
+
+           CONNECT_BOOT_SERVER=$BOOT_SERVER
+           CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT
+           CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH
+           CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
+           CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
+       else
+           echo "pl_boot: failed to contact primary server, trying backup."
+
+           on_backup_server=1
+
+           CONNECT_BOOT_SERVER=$BACKUP_BOOT_SERVER
+           CONNECT_BOOT_SERVER_PORT=$BACKUP_BOOT_SERVER_PORT
+           CONNECT_BOOT_SERVER_PATH=$BACKUP_BOOT_SERVER_PATH
+           CONNECT_BOOT_SERVER_GPG_KEYRING=$BACKUP_BOOT_SERVER_GPG_KEYRING
+           CONNECT_BOOT_SERVER_CACERT=$BACKUP_BOOT_SERVER_CACERT
+       fi
+    fi
+
+    # assemble the curl transaction
+    CURL_CMD="/usr/bin/curl \
+        --connect-timeout 60 \
+        --max-time 600 \
+        --form version=<$BOOT_VERSION_FILE \
+        --form cmdline=</proc/cmdline \
+        --form uptime=</proc/uptime \
+        --form ifconfig=</tmp/ifconfig \
+        --form nonce=</tmp/nonce \
+        --location \
+        --output $UNVERIFIED_SCRIPT \
+        --sslv3  \
+        --silent \
+        --show-error \
+        --fail \
+        --stderr /tmp/curl_errors \
+        --cacert $CONNECT_BOOT_SERVER_CACERT \
+   https://$CONNECT_BOOT_SERVER:$CONNECT_BOOT_SERVER_PORT/$CONNECT_BOOT_SERVER_PATH"
+
+    # assemble the gpg command line
+    GPG_CMD="/usr/bin/gpg \
+        --no-default-keyring \
+        --keyring $CONNECT_BOOT_SERVER_GPG_KEYRING \
+        --output $VERIFIED_SCRIPT \
+        --always-trust \
+        --decrypt $UNVERIFIED_SCRIPT"
 
     echo "pl_boot: generating new nonce"
     /usr/bin/head --bytes=32 /dev/urandom | \
        /usr/bin/od -tx1 -An --width=32 | \
        /bin/sed 's/ //g' > /tmp/nonce
 
-    echo "pl_boot: fetching script from boot server $BOOT_SERVER"
+    echo "pl_boot: fetching script from boot server $CONNECT_BOOT_SERVER"
     rm -f $UNVERIFIED_SCRIPT
     $CURL_CMD
     curl_err=$?

diff --git a/configurations/default/configuration b/configurations/default/configuration
new file mode 100644 (file)
index 0000000..bbbb96e
--- /dev/null
+++ b/configurations/default/configuration
@@ -0,0 +1,34 @@
+#
+# configuration for standard bootcd, contact primary boot server,
+# no backup server.
+#
+
+# the name of the cd image. %version is replaced with the current
+# cd version (from build.sh)
+OUTPUT_IMAGE_NAME='PlanetLab-BootCD-%version'
+
+# extra version, if set, is added to end of version.
+EXTRA_VERSION=
+
+# a one line description of this cd
+DESCRIPTION='PLC PlanetLab BootCD'
+
+# the password for the root account on the cd
+ROOT_PASSWORD='$1$IdEn2srw$/TfrjZSPUC1xP244YCuIi0'
+
+# which server to contact
+PRIMARY_SERVER=boot.planet-lab.org
+PRIMARY_SERVER_PORT=443
+PRIMARY_SERVER_PATH=/boot/
+PRIMARY_SERVER_CERT=plc-boot-cacert.pem
+PRIMARY_SERVER_GPG=plc-pubring.gpg
+
+# and the backup server
+BACKUP_SERVER=boot1.planet-lab.org
+BACKUP_SERVER_PORT=443
+BACKUP_SERVER_PATH=/boot/
+BACKUP_SERVER_CERT=plc-boot1-cacert.pem
+BACKUP_SERVER_GPG=plc-pubring.gpg
+
+# this is a generic cd, so no configuration file for a node
+NODE_CONFIGURATION_FILE=

diff --git a/conf_files/cacert.pem b/configurations/default/plc-boot-cacert.pem
similarity index 100%
rename from conf_files/cacert.pem
rename to configurations/default/plc-boot-cacert.pem

diff --git a/configurations/default/plc-boot1-cacert.pem b/configurations/default/plc-boot1-cacert.pem
new file mode 100755 (executable)
index 0000000..12ff1ab
--- /dev/null
+++ b/configurations/default/plc-boot1-cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCk5ldyBKZXJzZXkxEjAQBgNVBAcTCVByaW5jZXRvbjESMBAGA1UE
+ChMJUGxhbmV0TGFiMRIwEAYDVQQLEwlQbGFuZXRMYWIxGjAYBgNVBAMTEVBsYW5l
+dExhYiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QHBsYW5ldC1sYWIu
+b3JnMB4XDTA0MDIyMzE4MjAyNVoXDTE0MDIyMDE4MjAyNVowgaExCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRIwEAYDVQQHEwlQcmluY2V0b24xEjAQ
+BgNVBAoTCVBsYW5ldExhYjESMBAGA1UECxMJUGxhbmV0TGFiMRowGAYDVQQDExFQ
+bGFuZXRMYWIgUm9vdCBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBwbGFuZXQt
+bGFiLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqTbodSr8D8MMbAaN
+HRmH7F7N786hkUEmNGKmY/3vL43O1pece6pTRhnxG1nzn2KXPJpFAUkPA0tEwIWd
+3FaSrk2HdbUAEzLEYnKmsuFfdsgN2P6BKapmBGdr2cx5zMBSW+TF4YQ5CQi14tCg
+n9xlKahmXzeTdpVp/EF71bjBZgECAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUk0NbbylUNeZdRtlMwFg3Yy94kk4wDQYJKoZIhvcNAQEEBQADgYEA
+poFwjOngxcsOu8FclBnezjdmW15mwBPDEU2hAsV6QeXvGzrP46lPz+dmRUysM0te
+LUl9KnzWvRvjL+gOa4YnHtjzzTNH8fgGDShu/2/9oCROXEqR+xcn7oty6wN87htQ
+TgQrffnF6NfjYTEFVmrklG32JBOElUtP/nOGFcKjSw0=
+-----END CERTIFICATE-----

diff --git a/conf_files/pubring.gpg b/configurations/default/plc-pubring.gpg
similarity index 100%
rename from conf_files/pubring.gpg
rename to configurations/default/plc-pubring.gpg