- add a fixit script to fill the gap between the current situation and

  the desired situation. Ideally, nodes' configuration files and GPG
  keys would be initially installed by the Boot Manager, then pushed to
  the reference images and system slices by vserver-reference
  init/cron. However, we don't want to re-install nodes, and we don't
  want to upgrade vserver-reference, so between PlanetLabConf,
  NodeUpdate, and this script, we should be able to get to a point where
  we can enable GPG checking of RPMs.

diff --git a/pl_mop.sh b/pl_mop.sh
index edc8222..61b7a63 100755 (executable)
--- a/pl_mop.sh
+++ b/pl_mop.sh
@@ -5,11 +5,18 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2005 The Trustees of Princeton University
 #
-# $Id: pl_mop.sh,v 1.5 2006/03/06 20:40:33 mlhuang Exp $
+# $Id: pl_mop.sh,v 1.6 2006/04/28 19:28:59 mlhuang Exp $
 #
 
 PATH=/sbin:/usr/sbin:$PATH
 
+# Parse PLC configuration
+if [ -r /etc/planetlab/plc_config ] ; then
+    . /etc/planetlab/plc_config
+else
+    PLC_SLICE_PREFIX="pl"
+fi
+
 PIDFILE=/var/run/pl_mop.pid
 
 # Record PID
@@ -79,6 +86,47 @@ restart_pl_conf() {
     fi
 }
 
+# GPG keys are installed in /etc/pki/rpm-gpg by both the Boot Manager
+# during initial installation, and by PlanetLabConf during daily
+# updates. NodeUpdate imports the keys into the RPM database before
+# running yum daily. vserver-reference copies and imports the keys
+# into the reference images and system slices daily. The only parts of
+# this process that are actually necessary, are the Boot Manager and
+# vserver-reference. However, we do not want to force a re-install of
+# all nodes, and we do not want to force an update of
+# vserver-reference, so in the meantime, PlanetLabConf and NodeUpdate
+# take care of getting the keys installed and imported in /, and this
+# script takes care of getting them installed in the reference images
+# and system slices, until we can get a new vserver-reference image
+# pushed out.
+update_vserver_reference() {
+    echo "* Updating VServer reference"
+
+    shopt -s nullglob
+
+    VROOTS="/vservers/vserver-reference /vservers/.vcache/* /vservers/${PLC_SLICE_PREFIX}_*"
+
+    # Copy configuration files from host to slices
+    for file in \
+       /etc/hosts /etc/resolv.conf /etc/yum.conf /etc/planetlab/node_id \
+       /etc/planetlab/plc_config* /etc/planetlab/php/* \
+       /etc/pki/rpm-gpg/* ; do
+      if [ -r $file ] ; then
+         for vroot in $VROOTS ; do
+             install -D -m 644 $file $vroot/$file
+         done
+      fi
+    done
+
+    # (Re)install GPG signing keys
+    if [ -d /etc/pki/rpm-gpg ] ; then
+       for vroot in $VROOTS ; do
+           chroot $vroot rpm --allmatches -e gpg-pubkey || :
+           chroot $vroot rpm --import /etc/pki/rpm-gpg/* || :
+       done
+    fi
+}    
+
 # kill all the processes running in slice contexts
 vkillall() {
     vps -A | awk '(int($2) > 1) { system("vkill -c " $2 " -s 9 " $1); }'
@@ -181,3 +229,5 @@ run restart_pl_conf
 run restart_netflow
 
 run kill_duplicate_ssh
+
+run update_vserver_reference