1 | #!/bin/bash
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 |
|
18 |
|
19 |
|
20 | STATUS_CHECK_RETRIES=60
|
21 | STATUS_CHECK_INTERVAL=10
|
22 |
|
23 |
|
24 | MKDIR=/bin/mkdir
|
25 | MOUNT=/bin/mount
|
26 | RMDIR=/bin/rmdir
|
27 | UMOUNT=/bin/umount
|
28 | NODE=/usr/bin/f5-rest-node
|
29 | SHA512SUM=/usr/bin/sha512sum
|
30 | BASE64=/usr/bin/base64
|
31 | CRACKLIB=/usr/sbin/cracklib-check
|
32 |
|
33 |
|
34 | SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
35 |
|
36 | # creates a directory for in-memory files
|
37 | # usage: create_temp_dir name size
|
38 | function create_temp_dir() {
|
39 | $MKDIR "$1"
|
40 | $MOUNT -t tmpfs -o size="$2",mode=1700 tmpfs "$1"
|
41 | }
|
42 |
|
43 | # usage: remove_temp_dir name
|
44 | function remove_temp_dir() {
|
45 | $UMOUNT "$1"
|
46 | $RMDIR "$1"
|
47 | }
|
48 |
|
49 | # usage: wipe_temp_dir name
|
50 | function wipe_temp_dir() {
|
51 | FILES=$(ls -1 "$1")
|
52 |
|
53 | for f in $FILES; do
|
54 | shred --remove "${1}/${f}"
|
55 | done
|
56 |
|
57 | remove_temp_dir "$1"
|
58 | }
|
59 |
|
60 | function get_software_version() {
|
61 | echo $(tmsh show sys version | grep Version | sed -n 2p | awk '{print $2}')
|
62 | }
|
63 |
|
64 | function get_os_major_version() {
|
65 | echo $(rpm -q --queryformat '%{VERSION}' centos-release)
|
66 | }
|
67 |
|
68 | # usage: get_private_key_path folder_containing_private_key name_of_key
|
69 | function get_private_key_path() {
|
70 | PRIVATE_KEY_DIR=/config/filestore/files_d/${1}_d/certificate_key_d/
|
71 | FILES=$(ls -1t "$PRIVATE_KEY_DIR")
|
72 |
|
73 | KEY_FILE_PREFIX=":${1}:${2}";
|
74 |
|
75 | for f in $FILES; do
|
76 | if [[ "$f" == ${KEY_FILE_PREFIX}* ]]; then
|
77 | echo ${PRIVATE_KEY_DIR}${f}
|
78 | break
|
79 | fi
|
80 | done
|
81 | }
|
82 |
|
83 | function get_private_key_suffix() {
|
84 | VERSION=$(get_software_version)
|
85 | MAJOR_VERSION=$(echo $VERSION | cut -d'.' -f1)
|
86 | if [[ $MAJOR_VERSION -ge 14 ]]; then
|
87 | echo -n
|
88 | else
|
89 | echo -n .key
|
90 | fi
|
91 | }
|
92 |
|
93 | # usage: encrypt_secret secret out_file scramble symmetric return
|
94 | # returns: optionally returns the secret that was encrypted
|
95 | function encrypt_secret() {
|
96 | # input
|
97 | secret="$1"
|
98 | out_file="$2"
|
99 | scramble="$3"
|
100 | symmetric="$4"
|
101 | ret="$5"
|
102 |
|
103 | tmp_file='/mnt/cloudTmp/.tmp'
|
104 | tmp_dir=$(dirname $tmp_file)
|
105 | no_console=""
|
106 | counter=0
|
107 |
|
108 | create_temp_dir $tmp_dir 8k
|
109 | if [ -n "$scramble" ]; then
|
110 | secret=$(echo ${secret} | $SHA512SUM | cut -d ' ' -f 1 | $BASE64 -w0)
|
111 | test_secret=$(echo ${secret} | $CRACKLIB | cut -d ' ' -f2)
|
112 | while [ "${test_secret}" != "OK" ]; do
|
113 | counter=$((counter + 1))
|
114 | secret=$(echo ${secret}${counter} | $SHA512SUM | cut -d ' ' -f 1 | $BASE64 -w0)
|
115 | test_secret=$(echo ${secret} | $CRACKLIB | cut -d ' ' -f2)
|
116 | if [ ${counter} == 30 ]; then
|
117 | echo "30 attempts tried but failed to generate a safe password"
|
118 | return 1
|
119 | fi
|
120 | done
|
121 | fi
|
122 |
|
123 | echo -n $secret > $tmp_file
|
124 |
|
125 | # call encrypt data to file
|
126 | if [ -n "$symmetric" ]; then
|
127 | symmetric="--symmetric"
|
128 | fi
|
129 | if [ -n "$ret" ]; then
|
130 | no_console="--no-console"
|
131 | fi
|
132 | $NODE $SCRIPTS_DIR/encryptDataToFile.js --data-file $tmp_file --out-file $out_file $symmetric $no_console
|
133 | wipe_temp_dir $tmp_dir
|
134 |
|
135 | # return secret (certain tasks may require this)
|
136 | if [ -n "$ret" ]; then
|
137 | echo -n $secret
|
138 | fi
|
139 | }
|
140 |
|
141 | # usage: format_args unit-of-measure:yearly,sku-keyword-1:1G,sku-keyword-2:BT
|
142 | # returns: --unit-of-measure yearly --sku-keyword-1 1G --sku-keyword-2 BT
|
143 | function format_args() {
|
144 | INPUT="$1"
|
145 | CMD=""
|
146 |
|
147 | for i in ${INPUT//,/ }; do
|
148 | parsed=(${i//:/ })
|
149 | # if empty or optional, exit
|
150 | if [ -z ${parsed[1]} ] || [[ ${parsed[1]^^} == "OPTIONAL" ]]; then
|
151 | return
|
152 | else
|
153 | CMD+="--${parsed[0]} ${parsed[1]} "
|
154 | fi
|
155 | done
|
156 | # return formatted argument
|
157 | echo $CMD
|
158 | }
|
159 |
|
160 | function wait_for_bigip() {
|
161 | echo "** BigIP waiting ..."
|
162 | bigstart_wait mcpd ready
|
163 | while ! tmsh show sys mcp-state field-fmt | grep -qE 'phase.+running' || pidof -x mprov.pl >/dev/null 2>&1; do sleep 1; done
|
164 | while [[ ! $(curl -u 'admin:' -s http://localhost:8100/shared/echo | jq -r .stage) = "STARTED" ]]; do echo "waiting for iControl..."; sleep 10; done
|
165 | if [[ ! $(getdb Provision.CPU.asm) == 0 ]]; then perl -MF5::ASMReady -e '$|++; do {print "waiting for asm...\n"; sleep(1)} while !F5::ASMReady::is_asm_ready()'; fi
|
166 | echo "** BigIp ready."
|
167 | }
|
168 |
|
169 | # check if MCP is running
|
170 | function wait_mcp_running() {
|
171 | failed=0
|
172 |
|
173 | while true; do
|
174 | mcp_started=$(bigstart_wb mcpd start)
|
175 |
|
176 | if [[ $mcp_started == released ]]; then
|
177 | # this will log an error when mcpd is not up
|
178 | tmsh -a show sys mcp-state field-fmt | grep -q running
|
179 |
|
180 | if [[ $? == 0 ]]; then
|
181 | echo "Successfully connected to mcpd."
|
182 | return 0
|
183 | fi
|
184 | fi
|
185 |
|
186 | failed=$(($failed + 1))
|
187 |
|
188 | if [[ $failed -ge $STATUS_CHECK_RETRIES ]]; then
|
189 | echo "Failed to connect to mcpd after $failed attempts, quitting."
|
190 | return 1
|
191 | fi
|
192 |
|
193 | echo "Could not connect to mcpd (attempt $failed/$STATUS_CHECK_RETRIES), retrying in $STATUS_CHECK_INTERVAL seconds."
|
194 | sleep $STATUS_CHECK_INTERVAL
|
195 | done
|
196 | }
|
197 |
|
198 | # Get the management IP address. Need to wait till it's available via ifconfig
|
199 | # since tmsh will have the DHCP address before the correct management IP is ready
|
200 | # Then need wait till tmsh agrees since that is updated after the nic is configured
|
201 | function wait_for_management_ip() {
|
202 | RETRY_INTERVAL=10
|
203 | MAX_TRIES=60
|
204 | failed=0
|
205 |
|
206 | # Prior to BIG-IP v13, single NIC hosts have eth0 configured, v13 and later
|
207 | # use mgmt
|
208 | if ! ifconfig mgmt &> /dev/null; then
|
209 | NIC=eth0
|
210 | else
|
211 | NIC=mgmt
|
212 | fi
|
213 |
|
214 | while true; do
|
215 | MGMT_ADDR_TMSH=$(tmsh list sys management-ip | awk '/management-ip/ {print $3}' | awk -F "/" '{print $1}')
|
216 | # Centos 7 updated ifconfig format
|
217 | OS_MAJOR_VERSION=$(get_os_major_version)
|
218 | if [ $OS_MAJOR_VERSION -ge "7" ]; then
|
219 | MGMT_ADDR_ETH0=$(ifconfig $NIC | egrep "inet" | egrep -v "inet6" | awk 'BEGIN { FS = " "}; { print $2}')
|
220 | else
|
221 | MGMT_ADDR_ETH0=$(ifconfig $NIC | egrep "inet addr" | awk -F: '{print $2}' | awk '{print $1}')
|
222 | fi
|
223 |
|
224 | if [[ $MGMT_ADDR_TMSH != $MGMT_ADDR_ETH0 ]]; then
|
225 | echo "Management IP and $NIC not yet in sync."
|
226 | elif [ -n $MGMT_ADDR_TMSH ]; then
|
227 | MGMT_ADDR=$MGMT_ADDR_TMSH
|
228 | return 0
|
229 | fi
|
230 |
|
231 | if [[ $failed -ge $MAX_TRIES ]]; then
|
232 | echo "Failed to get management IP after $failed attempts."
|
233 | return 1
|
234 | fi
|
235 |
|
236 | ((failed=failed+1))
|
237 | sleep $RETRY_INTERVAL
|
238 | done
|
239 | }
|
240 |
|
241 |
|
\ | No newline at end of file |