From 0e339dc881d13f516f3f177df483d3f7e25a6b9c Mon Sep 17 00:00:00 2001 From: Aaron Klingaman Date: Wed, 4 May 2005 16:50:14 +0000 Subject: [PATCH] - update build process to support multiple boot cd configurations (different set of servers to contact, etc) - make default configuration one that contacts plc, backup server boot1 at plc - modify pl_boot script to contact backup server after a number of failures --- build.sh | 154 ++++++++++++------ conf_files/pl_boot | 130 ++++++++++----- configurations/default/configuration | 34 ++++ .../default/plc-boot-cacert.pem | 0 configurations/default/plc-boot1-cacert.pem | 18 ++ .../default/plc-pubring.gpg | Bin 6 files changed, 247 insertions(+), 89 deletions(-) create mode 100644 configurations/default/configuration rename conf_files/cacert.pem => configurations/default/plc-boot-cacert.pem (100%) create mode 100755 configurations/default/plc-boot1-cacert.pem rename conf_files/pubring.gpg => configurations/default/plc-pubring.gpg (100%) diff --git a/build.sh b/build.sh index f4498be..03aaa18 100755 --- a/build.sh +++ b/build.sh @@ -2,37 +2,23 @@ set -e -BOOTCD_VERSION="3.0-beta0.4" -FULL_VERSION_STRING="PlanetLab BootCD $BOOTCD_VERSION" - -# which boot server to contact -BOOTSERVER='boot.planet-lab.org' +# where the boot cd build config files are stored (and certificats/keys) +CONFIGURATIONS_DIR=configurations/ -# and on which port (protocol will be https) -BOOTSERVER_PORT='443' +# where built files are stored +BUILD_DIR=build/ -# finally, what path to request from the server -BOOTSERVER_PATH='boot/' +BOOTCD_VERSION="3.0-beta0.4" +FULL_VERSION_STRING="PlanetLab BootCD $BOOTCD_VERSION" SYSLINUX_SRC=sources/syslinux-2.11.tar.bz2 -ISO=cd.iso - -CD_ROOT=`pwd`/cdroot -ROOT_PASSWD='$1$IdEn2srw$/TfrjZSPUC1xP244YCuIi0' - BOOTCD_YUM_GROUP=BootCD CDRECORD_FLAGS="-v -dao" CONF_FILES_DIR=conf_files/ -# location of the uncompressed ramdisk image -INITRD=$CD_ROOT/usr/isolinux/initrd - -# temporary mount point for rd -INITRD_MOUNT=`pwd`/rd - # size of the ram disk in MB RAMDISK_SIZE=64 @@ -40,6 +26,16 @@ RAMDISK_SIZE=64 INITRD_BYTES_PER_INODE=1024 +function usage() +{ + echo "Usage: build.sh []" + echo "Action: build burn clean" + echo + echo "If configuration is missing, 'default' is loaded" + exit +} + + function build_cdroot() { if [ -f $CD_ROOT/.built ]; then @@ -92,7 +88,7 @@ function build_cdroot() --enablemd5 --enableshadow echo "setting root password" - sed -i "s#root::#root:$ROOT_PASSWD:#g" $CD_ROOT/etc/shadow + sed -i "s#root::#root:$ROOT_PASSWORD:#g" $CD_ROOT/etc/shadow echo "relocate some large directories out of the root system" # get /var/lib/rpm out, its 12mb. create in its place a @@ -107,10 +103,11 @@ function build_cdroot() (cd $CD_ROOT/lib && ln -s ../usr/relocated/lib/tls tls) echo "extracting syslinux, copying isolinux files to cd" - mkdir -p syslinux mkdir -p $CD_ROOT/usr/isolinux/ - tar -C syslinux -xjvf $SYSLINUX_SRC - find syslinux -name isolinux.bin -exec cp -f {} $CD_ROOT/usr/isolinux/ \; + mkdir -p $BUILD_DIR/syslinux + tar -C $BUILD_DIR/syslinux -xjvf $SYSLINUX_SRC + find $BUILD_DIR/syslinux -name isolinux.bin \ + -exec cp -f {} $CD_ROOT/usr/isolinux/ \; echo "moving kernel to isolinux directory" KERNEL=$CD_ROOT/boot/vmlinuz-* @@ -155,15 +152,28 @@ function build_initrd() cp -f $CONF_FILES_DIR/default-net.cnf $CD_ROOT/usr/boot/ echo "setup boot server configuration" - cp -f $CONF_FILES_DIR/cacert.pem $CD_ROOT/usr/boot/ - cp -f $CONF_FILES_DIR/pubring.gpg $CD_ROOT/usr/boot/ - echo "$BOOTSERVER" > $CD_ROOT/usr/boot/boot_server - echo "$BOOTSERVER_PORT" > $CD_ROOT/usr/boot/boot_server_port - echo "$BOOTSERVER_PATH" > $CD_ROOT/usr/boot/boot_server_path + cp -f $CURRENT_CONFIG_DIR/$PRIMARY_SERVER_CERT $CD_ROOT/usr/boot/cacert.pem + cp -f $CURRENT_CONFIG_DIR/$PRIMARY_SERVER_GPG $CD_ROOT/usr/boot/pubring.gpg + echo "$PRIMARY_SERVER" > $CD_ROOT/usr/boot/boot_server + echo "$PRIMARY_SERVER_PORT" > $CD_ROOT/usr/boot/boot_server_port + echo "$PRIMARY_SERVER_PATH" > $CD_ROOT/usr/boot/boot_server_path + + echo "setup backup boot server configuration" + mkdir -p $CD_ROOT/usr/boot/backup + cp -f $CURRENT_CONFIG_DIR/$BACKUP_SERVER_CERT \ + $CD_ROOT/usr/boot/backup/cacert.pem + cp -f $CURRENT_CONFIG_DIR/$BACKUP_SERVER_GPG \ + $CD_ROOT/usr/boot/backup/pubring.gpg + echo "$BACKUP_SERVER" > $CD_ROOT/usr/boot/backup/boot_server + echo "$BACKUP_SERVER_PORT" > $CD_ROOT/usr/boot/backup/boot_server_port + echo "$BACKUP_SERVER_PATH" > $CD_ROOT/usr/boot/backup/boot_server_path echo "copying old boot cd directory bootme (TEMPORARY)" cp -r bootme_old $CD_ROOT/usr/bootme echo "$FULL_VERSION_STRING" > $CD_ROOT/usr/bootme/ID + echo "$PRIMARY_SERVER" > $CD_ROOT/usr/bootme/BOOTSERVER + echo "$PRIMARY_SERVER" > $CD_ROOT/usr/bootme/BOOTSERVER_IP + echo "$PRIMARY_SERVER_PORT" > $CD_ROOT/usr/bootme/BOOTPORT echo "forcing lvm to make lvm1 partitions (TEMPORARY)" cp -f $CONF_FILES_DIR/lvm.conf $CD_ROOT/etc/lvm/ @@ -178,6 +188,12 @@ function build_initrd() echo "" >> $CD_ROOT/etc/issue echo "" >> $CD_ROOT/etc/issue + if [[ ! -z "$NODE_CONFIGURATION_FILE" ]]; then + echo "Copying node configuration file to cd" + cp -f $CURRENT_CONFIG_DIR/$NODE_CONFIGURATION_FILE \ + $CD_ROOT/usr/boot/plnode.txt + fi + echo "making the isolinux initrd kernel command line match rd size" let INITRD_SIZE_KB=$(($RAMDISK_SIZE * 1024)) sed -i "s#ramdisk_size=0#ramdisk_size=$INITRD_SIZE_KB#g" \ @@ -208,13 +224,18 @@ function build_initrd() gzip $INITRD } -function build_iso() +function build() { - echo "building iso" + # build base image via yum + build_cdroot + + # always build/rebuild initrd + build_initrd + rm -f $ISO mkisofs -o $ISO -R -allow-leading-dots -J -r -b isolinux/isolinux.bin \ -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table \ - -V PlanetLab-3-0 $CD_ROOT/usr + $CD_ROOT/usr } function burn() @@ -224,32 +245,61 @@ function burn() function clean() { - echo "removing built files" - rm -rf cdroot - rm -rf syslinux - rm -rf $INITRD_MOUNT + rm -rf $CD_ROOT + rm -rf $BUILD_DIR/syslinux + rm -rf $BUILD_DIR/$INITRD_MOUNT + rm -rf $BUILD_DIR rm -f $ISO + rmdir --ignore-fail-on-non-empty build } +if [[ "$1" == "clean" || "$1" == "burn" || "$1" == "build" ]]; then + action=$1 + configuration=$2 -if [ "$1" == "clean" ]; then - clean - exit -fi + if [[ -z "$configuration" ]]; then + configuration=default + fi -if [ "$1" == "burn" ]; then - burn - exit -fi + echo "Loading configuration $configuration" + CURRENT_CONFIG_DIR=$CONFIGURATIONS_DIR/$configuration + . $CURRENT_CONFIG_DIR/configuration -if [ "$1" == "force" ]; then - clean -fi + # setup vars for this configuration + if [[ ! -z "$EXTRA_VERSION" ]]; then + FULL_VERSION_STRING="$FULL_VERSION_STRING-$EXTRA_VERSION" + fi + + # destination image + BUILD_DIR=build/$configuration + mkdir -p $BUILD_DIR + ISO=$BUILD_DIR/`echo $OUTPUT_IMAGE_NAME | sed -e "s/%version/$BOOTCD_VERSION/"`.iso + + # built cd root + CD_ROOT=`pwd`/$BUILD_DIR/cdroot + mkdir -p $CD_ROOT + + # location of the uncompressed ramdisk image + INITRD=$CD_ROOT/usr/isolinux/initrd -# build base image via yum -build_cdroot + # temporary mount point for rd + INITRD_MOUNT=`pwd`/$BUILD_DIR/rd -# always build/rebuild initrd -build_initrd -build_iso + case $action in + build ) + echo "Proceeding with building $DESCRIPTION" + build;; + + clean ) + echo "Removing built files for $DESCRIPTION" + clean;; + + burn ) + echo "Burning $DESCRIPTION" + burn;; + esac +else + usage +fi + diff --git a/conf_files/pl_boot b/conf_files/pl_boot index 1d5abab..a9e889a 100644 --- a/conf_files/pl_boot +++ b/conf_files/pl_boot @@ -8,6 +8,11 @@ export GNUPGHOME # if this file is present, cancel the boot (exit this script) CANCEL_BOOT_FLAG=/tmp/CANCEL_BOOT +# how many times to fail in attempting to contact primary server +# before falling back to original. if the backup fails this many times +# too, then the process is repeated started with the primary server +ATTEMPTS_BEFORE_BACKUP=2 + # where all the configuration files for contacting # the boot server are stored BOOT_DIR=/usr/boot/ @@ -17,13 +22,26 @@ BOOT_SERVER=`cat $BOOT_DIR/boot_server` BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port` # the file to request from the boot server -SERVER_BOOT_DIR=`cat $BOOT_DIR/boot_server_path` +BOOT_SERVER_PATH=`cat $BOOT_DIR/boot_server_path` # location of the cacert for this boot server -BOOT_CACERT=$BOOT_DIR/cacert.pem +BOOT_SERVER_CACERT=$BOOT_DIR/cacert.pem # location of the gpg key ring to verify scripts -BOOT_GPG_KEYRING=$BOOT_DIR/pubring.gpg +BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/pubring.gpg + +# get the backup server we are going to be contacting +BACKUP_BOOT_SERVER=`cat $BOOT_DIR/backup/boot_server` +BACKUP_BOOT_SERVER_PORT=`cat $BOOT_DIR/backup/boot_server_port` + +# the file to request from the backup boot server +BACKUP_BOOT_SERVER_PATH=`cat $BOOT_DIR/backup/boot_server_path` + +# location of the cacert for the backup boot server +BACKUP_BOOT_SERVER_CACERT=$BOOT_DIR/backup/cacert.pem + +# location of the gpg key ring for backup server to verify scripts +BACKUP_BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/backup/pubring.gpg # location of a file containing this boot cd version BOOT_VERSION_FILE=/pl_version @@ -32,58 +50,96 @@ BOOT_VERSION_FILE=/pl_version UNVERIFIED_SCRIPT=/tmp/bootscript.gpg VERIFIED_SCRIPT=/tmp/bootscript -# asemble the curl transaction -CURL_CMD="/usr/bin/curl \ - --connect-timeout 60 \ - --max-time 600 \ - --form version=<$BOOT_VERSION_FILE \ - --form cmdline= $ATTEMPTS_BEFORE_BACKUP ]]; then + + contact_count=0 + + if [[ $on_backup_server == 1 ]]; then + echo "pl_boot: failed to contact backup server, trying primary." + + on_backup_server=0 + + CONNECT_BOOT_SERVER=$BOOT_SERVER + CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT + CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH + CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING + CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT + else + echo "pl_boot: failed to contact primary server, trying backup." + + on_backup_server=1 + + CONNECT_BOOT_SERVER=$BACKUP_BOOT_SERVER + CONNECT_BOOT_SERVER_PORT=$BACKUP_BOOT_SERVER_PORT + CONNECT_BOOT_SERVER_PATH=$BACKUP_BOOT_SERVER_PATH + CONNECT_BOOT_SERVER_GPG_KEYRING=$BACKUP_BOOT_SERVER_GPG_KEYRING + CONNECT_BOOT_SERVER_CACERT=$BACKUP_BOOT_SERVER_CACERT + fi + fi + + # assemble the curl transaction + CURL_CMD="/usr/bin/curl \ + --connect-timeout 60 \ + --max-time 600 \ + --form version=<$BOOT_VERSION_FILE \ + --form cmdline= /tmp/nonce - echo "pl_boot: fetching script from boot server $BOOT_SERVER" + echo "pl_boot: fetching script from boot server $CONNECT_BOOT_SERVER" rm -f $UNVERIFIED_SCRIPT $CURL_CMD curl_err=$? diff --git a/configurations/default/configuration b/configurations/default/configuration new file mode 100644 index 0000000..bbbb96e --- /dev/null +++ b/configurations/default/configuration @@ -0,0 +1,34 @@ +# +# configuration for standard bootcd, contact primary boot server, +# no backup server. +# + +# the name of the cd image. %version is replaced with the current +# cd version (from build.sh) +OUTPUT_IMAGE_NAME='PlanetLab-BootCD-%version' + +# extra version, if set, is added to end of version. +EXTRA_VERSION= + +# a one line description of this cd +DESCRIPTION='PLC PlanetLab BootCD' + +# the password for the root account on the cd +ROOT_PASSWORD='$1$IdEn2srw$/TfrjZSPUC1xP244YCuIi0' + +# which server to contact +PRIMARY_SERVER=boot.planet-lab.org +PRIMARY_SERVER_PORT=443 +PRIMARY_SERVER_PATH=/boot/ +PRIMARY_SERVER_CERT=plc-boot-cacert.pem +PRIMARY_SERVER_GPG=plc-pubring.gpg + +# and the backup server +BACKUP_SERVER=boot1.planet-lab.org +BACKUP_SERVER_PORT=443 +BACKUP_SERVER_PATH=/boot/ +BACKUP_SERVER_CERT=plc-boot1-cacert.pem +BACKUP_SERVER_GPG=plc-pubring.gpg + +# this is a generic cd, so no configuration file for a node +NODE_CONFIGURATION_FILE= diff --git a/conf_files/cacert.pem b/configurations/default/plc-boot-cacert.pem similarity index 100% rename from conf_files/cacert.pem rename to configurations/default/plc-boot-cacert.pem diff --git a/configurations/default/plc-boot1-cacert.pem b/configurations/default/plc-boot1-cacert.pem new file mode 100755 index 0000000..12ff1ab --- /dev/null +++ b/configurations/default/plc-boot1-cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCk5ldyBKZXJzZXkxEjAQBgNVBAcTCVByaW5jZXRvbjESMBAGA1UE +ChMJUGxhbmV0TGFiMRIwEAYDVQQLEwlQbGFuZXRMYWIxGjAYBgNVBAMTEVBsYW5l +dExhYiBSb290IENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QHBsYW5ldC1sYWIu +b3JnMB4XDTA0MDIyMzE4MjAyNVoXDTE0MDIyMDE4MjAyNVowgaExCzAJBgNVBAYT +AlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRIwEAYDVQQHEwlQcmluY2V0b24xEjAQ +BgNVBAoTCVBsYW5ldExhYjESMBAGA1UECxMJUGxhbmV0TGFiMRowGAYDVQQDExFQ +bGFuZXRMYWIgUm9vdCBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBwbGFuZXQt +bGFiLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqTbodSr8D8MMbAaN +HRmH7F7N786hkUEmNGKmY/3vL43O1pece6pTRhnxG1nzn2KXPJpFAUkPA0tEwIWd +3FaSrk2HdbUAEzLEYnKmsuFfdsgN2P6BKapmBGdr2cx5zMBSW+TF4YQ5CQi14tCg +n9xlKahmXzeTdpVp/EF71bjBZgECAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUk0NbbylUNeZdRtlMwFg3Yy94kk4wDQYJKoZIhvcNAQEEBQADgYEA +poFwjOngxcsOu8FclBnezjdmW15mwBPDEU2hAsV6QeXvGzrP46lPz+dmRUysM0te +LUl9KnzWvRvjL+gOa4YnHtjzzTNH8fgGDShu/2/9oCROXEqR+xcn7oty6wN87htQ +TgQrffnF6NfjYTEFVmrklG32JBOElUtP/nOGFcKjSw0= +-----END CERTIFICATE----- diff --git a/conf_files/pubring.gpg b/configurations/default/plc-pubring.gpg similarity index 100% rename from conf_files/pubring.gpg rename to configurations/default/plc-pubring.gpg -- 2.43.0