Created
May 20, 2015 01:08
-
-
Save rhysrhaven/2660f8906379affe3aab to your computer and use it in GitHub Desktop.
Xtreemefs automata?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ..__Creating_The_Gibson__.. | |
# For obvious reasons | |
ROLLBACK='/tmp/gibsonrollback.sh' | |
>${ROLLBACK} # blanks the file | |
if [[ "$1" == "rollback" ]]; then bash ${ROLLBACK}; exit; fi | |
function add_rollback { | |
echo "echo $@" >> ${ROLLBACK} | |
echo "$@" >> ${ROLLBACK} | |
} | |
# Once you get back the signed ceritficate, you'll need to combine it. | |
# This does that. | |
if [[ "$1" == "combine" ]]; then | |
PASSWORD="$(grep XOS_SERVICE_PASSWORD ${0} | cut -d "=" -f2 | sed -n 2p)" | |
if echo $2 | grep -qi .key; then | |
KEY="${2}" | |
CERT="${3}" | |
else | |
KEY="${3}" | |
CERT="${2}" | |
fi | |
openssl pkcs12 -export -in ${CERT} -inkey ${KEY} -out /tmp/xtreem.p12 -name "Xtreem-SSL" -password pass:${PASSWORD} | |
cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/osd.p12 | |
cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/mrc.p12 | |
cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/dir.p12 | |
rm /tmp/xtreem.p12 | |
exit 5 | |
fi | |
# Lets parse some options because everyone looove options. | |
INSTALL="STORE-ONLY" | |
if [[ "$1" == "-only-meta" ]]; then INSTALL="META-ONLY"; fi | |
if [[ "$1" == "-only-everything" ]]; then INSTALL="ALL"; fi | |
# | |
# 1. Filesystem Bootstrap | |
# | |
# So the first thing you need to know about building a virtualized "cloud" is | |
# that there is needed some method of network, multiplely accessed file system | |
# with some manner of redundancy. With The Gibson, reliability and the | |
# inability to ever die is our objective. | |
# | |
# XtreemFS http://www.xtreemfs.org/ | |
# | |
# Like any good program, it doesn't run on Windows. Seems to work well, will | |
# probably end up hating java before this is done. Go here and add the repo. | |
# | |
# http://www.xtreemfs.org/download_pkg.php | |
echo $1 | grep -qiE 'help|-h' && echo "THERE IS NO HELP FOR YOU. SPAAARRRTTAA" && exit 23 | |
echo $1 | grep -qiE 'fuck' && echo "so brave to insult a script. brave little pony" && exit 23 | |
u_version="$(lsb_release -r|cut -f2)" | |
case ${u_version} in | |
11.10|11.04|10.10|10.04|9.10|9.04) | |
if [ ! -f /etc/apt/sources.list.d/xtreemfs.list ]; then | |
echo \ | |
"deb http://download.opensuse.org/repositories/home:/xtreemfs/xUbuntu_${u_version}/ ./ # XtreemFS Cloud Filesystem Repository" >> \ | |
/etc/apt/sources.list.d/xtreemfs.list | |
add_rollback "rm /etc/apt/sources.list.d/xtreemfs.list" | |
else | |
echo "Repository already installed." | |
fi | |
;; | |
esac | |
# Alright, now that you have the repo, gonna need to install it. Do that. If | |
# your computer is slow, take the time to indulge in your vices, because | |
# computing is always better with mind altering substances and destructive | |
# behavior! | |
if [[ "$(whoami)" == "root" ]]; then | |
apt-get install -y xtreemfs-server xtreemfs-client xtreemfs-tools | |
add_rollback "apt-get purge -y xtreemfs-server xtreemfs-client xtreemfs-tools" | |
else | |
echo "Dude. Gotta be root to install packages. sssrsly dude." | |
exit 23 | |
fi | |
# Don't we need to configure it here? Slacker. | |
# No don't worry, we'll do it later. | |
# So Xtreemfs has a three unit system. There is a directory that tells | |
# everything where everything else is at it. The fqdn of our DIR is the name of | |
# our particular Xtreemfs cluster. Second is the MRC which is where metadata is | |
# kept. Third is the OSD where the actual data blocks are striped and | |
# replicated. All of them can use SSL, and the DIR and MRC can be replicated. | |
# OSDs are as many as you can fit, like harddrives. | |
# Now its time for some x509 certs. Get yo sexy on. | |
# Oh and if you're not running this as a script and actualy following my | |
# rambling, enter in your commonName and emailAddress. These will be public. | |
# This will generate you a key and then emai the admin (me) a CSR. | |
echo "_____HEY__YOU____" | |
echo | |
echo -n "Enter your hostname [$(hostname)] : " | |
read USER_HOSTNAME | |
if [ -z "${USER_HOSTNAME}" ]; then | |
YOUR_COMMON_NAME="$(hostname).pumpingstationone.org"; | |
else | |
YOUR_COMMON_NAME="${USER_HOSTNAME}.pumpingstationone.org" | |
fi | |
echo -n "Enter your email address [] : " | |
read USER_EMAIL | |
echo | |
echo "_________________" | |
YOUR_EMAIL_ADDRESS="${USER_EMAIL}" | |
cat << "ENDSEXYTIME" > /tmp/openssl_conf | |
[ req ] | |
distinguished_name = req_distinguished_name | |
prompt = no | |
[ req_distinguished_name ] | |
countryName = US | |
stateOrProvinceName = Illinois | |
localityName = Chicago | |
0.organizationName = Pumping Station: One | |
commonName = YOUR_COMMON_NAME | |
emailAddress = YOUR_EMAIL_ADDRESS | |
ENDSEXYTIME | |
add_rollback "rm /tmp/openssl_conf" | |
sed -i "s/YOUR_COMMON_NAME/${YOUR_COMMON_NAME}/" /tmp/openssl_conf | |
sed -i "s/YOUR_EMAIL_ADDRESS/${YOUR_EMAIL_ADDRESS}/" /tmp/openssl_conf | |
export OPENSSL_CONF='/tmp/openssl_conf' | |
add_rollback "unset OPENSSL_CONF" | |
echo | |
openssl req -out $(hostname).pumpingstationone.org.csr -new -newkey rsa:2048 -nodes -keyout $(hostname).pumpingstationone.org.key | |
#add_rollback | |
# hey you trust me right couuurse you do take this and put it in your magic | |
# java satchel that you have for no reason. stupid java. | |
function rand_string { | |
charpool=('a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' \ | |
'A' 'B' 'C' 'D' 'E' 'F' 'G' 'H' 'I' 'J' 'K' 'L' 'M' 'N' 'O' 'P' 'Q' 'R' 'S' 'T' 'U' 'V' 'W' 'X' 'Y' 'Z' \ | |
'0' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0' '-' ) | |
charpool_length=${#charpool[*]} | |
if [ $# -lt 1 ]; then num=${webkey_size}; else num=${1}; fi | |
for c in $(seq $num); do | |
echo -n ${charpool[$((${RANDOM} % ${charpool_length}))]} | |
done | |
echo "" | |
} | |
# This loads the CA into XtreemFS by way of a javakeystore and corresponding | |
# password in the config file. | |
wget -q http://trust.pumpingstationone.org/ca/vm-pumpingstationone.org.crt -O /tmp/ca.crt | |
add_rollback "rm /tmp/ca.crt" | |
CA_HASH="$(openssl x509 -fingerprint -noout < /tmp/ca.crt | cut -d '=' -f2)" | |
XOS_CA_PASSWORD="$(rand_string 14)" | |
XOS_SERVICE_PASSWORD=O8cJhP6N31iL4G | |
sed -i "s/^XOS_SERVICE_PASSWORD.*$/XOS_SERVICE_PASSWORD=${XOS_SERVICE_PASSWORD}/" ${0} | |
if [[ "${CA_HASH}" != "DD:1B:78:E4:58:30:D1:DE:86:26:C3:41:8C:21:45:4F:88:83:A2:55" ]]; then | |
echo "Hash stored in this script does not match the CA fingerprint. Stupidity or Malice?" | |
echo "Regardless, exiting." | |
exit | |
else | |
if [ ! -d /etc/xos/xtreemfs/truststore/certs ]; then | |
mkdir -p /etc/xos/xtreemfs/truststore/certs | |
fi | |
keytool -import -alias rootca -keystore /etc/xos/xtreemfs/truststore/certs/trusted.jks -trustcacerts -storepass ${XOS_CA_PASSWORD} -file /tmp/ca.crt | |
add_rollback "rm /etc/xos/xtreemfs/truststore/certs/trusted.jks" | |
fi | |
# Now we need to do that config part | |
DIR_CONF="/etc/xos/xtreemfs/dirconfig.properties" | |
MRC_CONF="/etc/xos/xtreemfs/mrcconfig.properties" | |
OSD_CONF="/etc/xos/xtreemfs/osdconfig.properties" | |
sed -i "s/^ssl\.trusted_certs.pw.*$/ssl.trusted_certs.pw = ${XOS_CA_PASSWORD}/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF} | |
sed -i "s/^ssl\.service_cerds.pw.*$/ssl.service_creds.pw = ${XOS_SERVICE_PASSWORD}/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF} | |
sed -i "s/^ssl\.enabled.*$/ssl.enabled = true/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF} | |
sed -i "s/^dir_service\.host.*$/dir_service.host = vm.pumpingstationone.org/" ${MRC_CONF} ${OSD_CONF} | |
if [[ "${INSTALL}" == "META-ONLY" ]]; then | |
update-rc.d xtreemfs-osd disable | |
else | |
update-rc.d xtreemfs-dir disable | |
update-rc.d xtreemfs-mrc disable | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment