UNPKG

@f5devcentral/f5-cloud-libs/scripts/util.sh

Version:

7.13 kBapplication/x-shView Raw

1#!/bin/bash
2
3# Copyright 2016 F5 Networks, Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#     http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17# generic init utils
18
19# Wait for process settings
20STATUS_CHECK_RETRIES=60
21STATUS_CHECK_INTERVAL=10
22
23# absolute path to utilities
24MKDIR=/bin/mkdir
25MOUNT=/bin/mount
26RMDIR=/bin/rmdir
27UMOUNT=/bin/umount
28NODE=/usr/bin/f5-rest-node
29SHA512SUM=/usr/bin/sha512sum
30BASE64=/usr/bin/base64
31CRACKLIB=/usr/sbin/cracklib-check
32
33# need to get absolute location when being sourced
34SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
35
36# creates a directory for in-memory files
37# usage: create_temp_dir name size
38function create_temp_dir() {
39    $MKDIR "$1"
40    $MOUNT -t tmpfs -o size="$2",mode=1700 tmpfs "$1"
41}
42
43# usage: remove_temp_dir name
44function remove_temp_dir() {
45    $UMOUNT "$1"
46    $RMDIR "$1"
47}
48
49# usage: wipe_temp_dir name
50function wipe_temp_dir() {
51    FILES=$(ls -1 "$1")
52
53    for f in $FILES; do
54        shred --remove "${1}/${f}"
55    done
56
57    remove_temp_dir "$1"
58}
59
60function get_software_version() {
61    echo $(tmsh show sys version | grep Version | sed -n 2p | awk '{print $2}')
62}
63
64function get_os_major_version() {
65    echo $(rpm -q --queryformat '%{VERSION}' centos-release)
66}
67
68# usage: get_private_key_path folder_containing_private_key name_of_key
69function get_private_key_path() {
70    PRIVATE_KEY_DIR=/config/filestore/files_d/${1}_d/certificate_key_d/
71    FILES=$(ls -1t "$PRIVATE_KEY_DIR")
72
73    KEY_FILE_PREFIX=":${1}:${2}";
74
75    for f in $FILES; do
76        if [[ "$f" == ${KEY_FILE_PREFIX}* ]]; then
77            echo ${PRIVATE_KEY_DIR}${f}
78            break
79        fi
80    done
81}
82
83function get_private_key_suffix() {
84    VERSION=$(get_software_version)
85    MAJOR_VERSION=$(echo $VERSION | cut -d'.' -f1)
86    if [[ $MAJOR_VERSION -ge 14 ]]; then
87        echo -n
88    else
89        echo -n .key
90    fi
91}
92
93# usage: encrypt_secret secret out_file scramble symmetric return
94# returns: optionally returns the secret that was encrypted
95function encrypt_secret() {
96    # input
97    secret="$1"
98    out_file="$2"
99    scramble="$3"
100    symmetric="$4"
101    ret="$5"
102
103    tmp_file='/mnt/cloudTmp/.tmp'
104    tmp_dir=$(dirname $tmp_file)
105    no_console=""
106    counter=0
107
108    create_temp_dir $tmp_dir 8k
109    if [ -n "$scramble" ]; then
110        secret=$(echo ${secret} | $SHA512SUM | cut -d ' ' -f 1 | $BASE64 -w0)
111        test_secret=$(echo ${secret} | $CRACKLIB | cut -d ' ' -f2)
112        while [ "${test_secret}" != "OK" ]; do
113            counter=$((counter + 1))
114            secret=$(echo ${secret}${counter} | $SHA512SUM | cut -d ' ' -f 1 | $BASE64 -w0)
115            test_secret=$(echo ${secret} | $CRACKLIB | cut -d ' ' -f2)
116            if [ ${counter} == 30 ]; then
117                echo "30 attempts tried but failed to generate a safe password"
118                return 1
119            fi
120        done
121    fi
122
123    echo -n $secret > $tmp_file
124
125    # call encrypt data to file
126    if [ -n "$symmetric" ]; then
127        symmetric="--symmetric"
128    fi
129    if [ -n "$ret" ]; then
130        no_console="--no-console"
131    fi
132    $NODE $SCRIPTS_DIR/encryptDataToFile.js --data-file $tmp_file --out-file $out_file $symmetric $no_console
133    wipe_temp_dir $tmp_dir
134
135    # return secret (certain tasks may require this)
136    if [ -n "$ret" ]; then
137        echo -n $secret
138    fi
139}
140
141# usage: format_args unit-of-measure:yearly,sku-keyword-1:1G,sku-keyword-2:BT
142# returns: --unit-of-measure yearly --sku-keyword-1 1G --sku-keyword-2 BT
143function format_args() {
144    INPUT="$1"
145	CMD=""
146
147    for i in ${INPUT//,/ }; do
148		parsed=(${i//:/ })
149		# if empty or optional, exit
150		if [ -z ${parsed[1]} ] || [[ ${parsed[1]^^} == "OPTIONAL" ]]; then
151			return
152		else
153			CMD+="--${parsed[0]} ${parsed[1]} "
154		fi
155    done
156    # return formatted argument
157	echo $CMD
158}
159
160function wait_for_bigip() {
161    echo "** BigIP waiting ..."
162    bigstart_wait mcpd ready
163    while ! tmsh show sys mcp-state field-fmt | grep -qE 'phase.+running' || pidof -x mprov.pl >/dev/null 2>&1; do sleep 1; done
164    while [[ ! $(curl -u 'admin:' -s http://localhost:8100/shared/echo | jq -r .stage) = "STARTED" ]]; do echo "waiting for iControl..."; sleep 10; done
165    if [[ ! $(getdb Provision.CPU.asm) == 0 ]]; then perl -MF5::ASMReady -e '$|++; do {print "waiting for asm...\n"; sleep(1)} while !F5::ASMReady::is_asm_ready()'; fi
166    echo "** BigIp ready."
167}
168
169# check if MCP is running
170function wait_mcp_running() {
171    failed=0
172
173    while true; do
174        mcp_started=$(bigstart_wb mcpd start)
175
176        if [[ $mcp_started == released ]]; then
177            # this will log an error when mcpd is not up
178            tmsh -a show sys mcp-state field-fmt | grep -q running
179
180            if [[ $? == 0 ]]; then
181                echo "Successfully connected to mcpd."
182                return 0
183            fi
184        fi
185
186        failed=$(($failed + 1))
187
188        if [[ $failed -ge $STATUS_CHECK_RETRIES ]]; then
189            echo "Failed to connect to mcpd after $failed attempts, quitting."
190            return 1
191        fi
192
193        echo "Could not connect to mcpd (attempt $failed/$STATUS_CHECK_RETRIES), retrying in $STATUS_CHECK_INTERVAL seconds."
194        sleep $STATUS_CHECK_INTERVAL
195    done
196}
197
198# Get the management IP address. Need to wait till it's available via ifconfig
199# since tmsh will have the DHCP address before the correct management IP is ready
200# Then need wait till tmsh agrees since that is updated after the nic is configured
201function wait_for_management_ip() {
202    RETRY_INTERVAL=10
203    MAX_TRIES=60
204    failed=0
205
206    # Prior to BIG-IP v13, single NIC hosts have eth0 configured, v13 and later
207    # use mgmt
208    if ! ifconfig mgmt &> /dev/null; then
209        NIC=eth0
210    else
211        NIC=mgmt
212    fi
213
214    while true; do
215        MGMT_ADDR_TMSH=$(tmsh list sys management-ip | awk '/management-ip/ {print $3}' | awk -F "/" '{print $1}')
216        # Centos 7 updated ifconfig format
217        OS_MAJOR_VERSION=$(get_os_major_version)
218        if [ $OS_MAJOR_VERSION -ge "7" ]; then
219            MGMT_ADDR_ETH0=$(ifconfig $NIC | egrep "inet" | egrep -v "inet6" | awk 'BEGIN { FS = " "}; { print $2}')
220        else
221            MGMT_ADDR_ETH0=$(ifconfig $NIC | egrep "inet addr" | awk -F: '{print $2}' | awk '{print $1}')
222        fi
223
224        if [[ $MGMT_ADDR_TMSH != $MGMT_ADDR_ETH0 ]]; then
225            echo "Management IP and $NIC not yet in sync."
226        elif [ -n $MGMT_ADDR_TMSH ]; then
227            MGMT_ADDR=$MGMT_ADDR_TMSH
228            return 0
229        fi
230
231        if [[ $failed -ge $MAX_TRIES ]]; then
232            echo "Failed to get management IP after $failed attempts."
233            return 1
234        fi
235
236        ((failed=failed+1))
237        sleep $RETRY_INTERVAL
238    done
239}
240
241
\No newline at end of file

1	`#!/bin/bash`
2
3	`# Copyright 2016 F5 Networks, Inc.`
4	`#`
5	`# Licensed under the Apache License, Version 2.0 (the "License");`
6	`# you may not use this file except in compliance with the License.`
7	`# You may obtain a copy of the License at`
8	`#`
9	`# http://www.apache.org/licenses/LICENSE-2.0`
10	`#`
11	`# Unless required by applicable law or agreed to in writing, software`
12	`# distributed under the License is distributed on an "AS IS" BASIS,`
13	`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
14	`# See the License for the specific language governing permissions and`
15	`# limitations under the License.`
16
17	`# generic init utils`
18
19	`# Wait for process settings`
20	`STATUS_CHECK_RETRIES=60`
21	`STATUS_CHECK_INTERVAL=10`
22
23	`# absolute path to utilities`
24	`MKDIR=/bin/mkdir`
25	`MOUNT=/bin/mount`
26	`RMDIR=/bin/rmdir`
27	`UMOUNT=/bin/umount`
28	`NODE=/usr/bin/f5-rest-node`
29	`SHA512SUM=/usr/bin/sha512sum`
30	`BASE64=/usr/bin/base64`
31	`CRACKLIB=/usr/sbin/cracklib-check`
32
33	`# need to get absolute location when being sourced`
34	`SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"`
35
36	`# creates a directory for in-memory files`
37	`# usage: create_temp_dir name size`
38	`function create_temp_dir() {`
39	`$MKDIR "$1"`
40	`$MOUNT -t tmpfs -o size="$2",mode=1700 tmpfs "$1"`
41	`}`
42
43	`# usage: remove_temp_dir name`
44	`function remove_temp_dir() {`
45	`$UMOUNT "$1"`
46	`$RMDIR "$1"`
47	`}`
48
49	`# usage: wipe_temp_dir name`
50	`function wipe_temp_dir() {`
51	`FILES=$(ls -1 "$1")`
52
53	`for f in $FILES; do`
54	`shred --remove "${1}/${f}"`
55	`done`
56
57	`remove_temp_dir "$1"`
58	`}`
59
60	`function get_software_version() {`
61	`echo $(tmsh show sys version \| grep Version \| sed -n 2p \| awk '{print $2}')`
62	`}`
63
64	`function get_os_major_version() {`
65	`echo $(rpm -q --queryformat '%{VERSION}' centos-release)`
66	`}`
67
68	`# usage: get_private_key_path folder_containing_private_key name_of_key`
69	`function get_private_key_path() {`
70	`PRIVATE_KEY_DIR=/config/filestore/files_d/${1}_d/certificate_key_d/`
71	`FILES=$(ls -1t "$PRIVATE_KEY_DIR")`
72
73	`KEY_FILE_PREFIX=":${1}:${2}";`
74
75	`for f in $FILES; do`
76	`if [[ "$f" == ${KEY_FILE_PREFIX}* ]]; then`
77	`echo ${PRIVATE_KEY_DIR}${f}`
78	`break`
79	`fi`
80	`done`
81	`}`
82
83	`function get_private_key_suffix() {`
84	`VERSION=$(get_software_version)`
85	`MAJOR_VERSION=$(echo $VERSION \| cut -d'.' -f1)`
86	`if [[ $MAJOR_VERSION -ge 14 ]]; then`
87	`echo -n`
88	`else`
89	`echo -n .key`
90	`fi`
91	`}`
92
93	`# usage: encrypt_secret secret out_file scramble symmetric return`
94	`# returns: optionally returns the secret that was encrypted`
95	`function encrypt_secret() {`
96	`# input`
97	`secret="$1"`
98	`out_file="$2"`
99	`scramble="$3"`
100	`symmetric="$4"`
101	`ret="$5"`
102
103	`tmp_file='/mnt/cloudTmp/.tmp'`
104	`tmp_dir=$(dirname $tmp_file)`
105	`no_console=""`
106	`counter=0`
107
108	`create_temp_dir $tmp_dir 8k`
109	`if [ -n "$scramble" ]; then`
110	`secret=$(echo ${secret} \| $SHA512SUM \| cut -d ' ' -f 1 \| $BASE64 -w0)`
111	`test_secret=$(echo ${secret} \| $CRACKLIB \| cut -d ' ' -f2)`
112	`while [ "${test_secret}" != "OK" ]; do`
113	`counter=$((counter + 1))`
114	`secret=$(echo ${secret}${counter} \| $SHA512SUM \| cut -d ' ' -f 1 \| $BASE64 -w0)`
115	`test_secret=$(echo ${secret} \| $CRACKLIB \| cut -d ' ' -f2)`
116	`if [ ${counter} == 30 ]; then`
117	`echo "30 attempts tried but failed to generate a safe password"`
118	`return 1`
119	`fi`
120	`done`
121	`fi`
122
123	`echo -n $secret > $tmp_file`
124
125	`# call encrypt data to file`
126	`if [ -n "$symmetric" ]; then`
127	`symmetric="--symmetric"`
128	`fi`
129	`if [ -n "$ret" ]; then`
130	`no_console="--no-console"`
131	`fi`
132	`$NODE $SCRIPTS_DIR/encryptDataToFile.js --data-file $tmp_file --out-file $out_file $symmetric $no_console`
133	`wipe_temp_dir $tmp_dir`
134
135	`# return secret (certain tasks may require this)`
136	`if [ -n "$ret" ]; then`
137	`echo -n $secret`
138	`fi`
139	`}`
140
141	`# usage: format_args unit-of-measure:yearly,sku-keyword-1:1G,sku-keyword-2:BT`
142	`# returns: --unit-of-measure yearly --sku-keyword-1 1G --sku-keyword-2 BT`
143	`function format_args() {`
144	`INPUT="$1"`
145	`CMD=""`
146
147	`for i in ${INPUT//,/ }; do`
148	`parsed=(${i//:/ })`
149	`# if empty or optional, exit`
150	`if [ -z ${parsed[1]} ] \|\| [[ ${parsed[1]^^} == "OPTIONAL" ]]; then`
151	`return`
152	`else`
153	`CMD+="--${parsed[0]} ${parsed[1]} "`
154	`fi`
155	`done`
156	`# return formatted argument`
157	`echo $CMD`
158	`}`
159
160	`function wait_for_bigip() {`
161	`echo "** BigIP waiting ..."`
162	`bigstart_wait mcpd ready`
163	`while ! tmsh show sys mcp-state field-fmt \| grep -qE 'phase.+running' \|\| pidof -x mprov.pl >/dev/null 2>&1; do sleep 1; done`
164	`while [[ ! $(curl -u 'admin:' -s http://localhost:8100/shared/echo \| jq -r .stage) = "STARTED" ]]; do echo "waiting for iControl..."; sleep 10; done`
165	`if [[ ! $(getdb Provision.CPU.asm) == 0 ]]; then perl -MF5::ASMReady -e '$\|++; do {print "waiting for asm...\n"; sleep(1)} while !F5::ASMReady::is_asm_ready()'; fi`
166	`echo "** BigIp ready."`
167	`}`
168
169	`# check if MCP is running`
170	`function wait_mcp_running() {`
171	`failed=0`
172
173	`while true; do`
174	`mcp_started=$(bigstart_wb mcpd start)`
175
176	`if [[ $mcp_started == released ]]; then`
177	`# this will log an error when mcpd is not up`
178	`tmsh -a show sys mcp-state field-fmt \| grep -q running`
179
180	`if [[ $? == 0 ]]; then`
181	`echo "Successfully connected to mcpd."`
182	`return 0`
183	`fi`
184	`fi`
185
186	`failed=$(($failed + 1))`
187
188	`if [[ $failed -ge $STATUS_CHECK_RETRIES ]]; then`
189	`echo "Failed to connect to mcpd after $failed attempts, quitting."`
190	`return 1`
191	`fi`
192
193	`echo "Could not connect to mcpd (attempt $failed/$STATUS_CHECK_RETRIES), retrying in $STATUS_CHECK_INTERVAL seconds."`
194	`sleep $STATUS_CHECK_INTERVAL`
195	`done`
196	`}`
197
198	`# Get the management IP address. Need to wait till it's available via ifconfig`
199	`# since tmsh will have the DHCP address before the correct management IP is ready`
200	`# Then need wait till tmsh agrees since that is updated after the nic is configured`
201	`function wait_for_management_ip() {`
202	`RETRY_INTERVAL=10`
203	`MAX_TRIES=60`
204	`failed=0`
205
206	`# Prior to BIG-IP v13, single NIC hosts have eth0 configured, v13 and later`
207	`# use mgmt`
208	`if ! ifconfig mgmt &> /dev/null; then`
209	`NIC=eth0`
210	`else`
211	`NIC=mgmt`
212	`fi`
213
214	`while true; do`
215	`MGMT_ADDR_TMSH=$(tmsh list sys management-ip \| awk '/management-ip/ {print $3}' \| awk -F "/" '{print $1}')`
216	`# Centos 7 updated ifconfig format`
217	`OS_MAJOR_VERSION=$(get_os_major_version)`
218	`if [ $OS_MAJOR_VERSION -ge "7" ]; then`
219	`MGMT_ADDR_ETH0=$(ifconfig $NIC \| egrep "inet" \| egrep -v "inet6" \| awk 'BEGIN { FS = " "}; { print $2}')`
220	`else`
221	`MGMT_ADDR_ETH0=$(ifconfig $NIC \| egrep "inet addr" \| awk -F: '{print $2}' \| awk '{print $1}')`
222	`fi`
223
224	`if [[ $MGMT_ADDR_TMSH != $MGMT_ADDR_ETH0 ]]; then`
225	`echo "Management IP and $NIC not yet in sync."`
226	`elif [ -n $MGMT_ADDR_TMSH ]; then`
227	`MGMT_ADDR=$MGMT_ADDR_TMSH`
228	`return 0`
229	`fi`
230
231	`if [[ $failed -ge $MAX_TRIES ]]; then`
232	`echo "Failed to get management IP after $failed attempts."`
233	`return 1`
234	`fi`
235
236	`((failed=failed+1))`
237	`sleep $RETRY_INTERVAL`
238	`done`
239	`}`
240
241
\	No newline at end of file