rhysrhaven/gibson.sh

## gibson.sh
# ..__Creating_The_Gibson__..

# For obvious reasons
ROLLBACK='/tmp/gibsonrollback.sh'
>${ROLLBACK} # blanks the file
if [[ "$1" == "rollback" ]]; then bash ${ROLLBACK}; exit; fi
function add_rollback {
	echo "echo $@" >> ${ROLLBACK}
	echo "$@" >> ${ROLLBACK}
}

# Once you get back the signed ceritficate, you'll need to combine it.
# This does that.
if [[ "$1" == "combine" ]]; then
	PASSWORD="$(grep XOS_SERVICE_PASSWORD ${0} | cut -d "=" -f2 | sed -n 2p)"
	if echo $2 | grep -qi .key; then
		KEY="${2}"
		CERT="${3}"
	else
		KEY="${3}"
		CERT="${2}"
	fi

	openssl pkcs12 -export -in ${CERT} -inkey ${KEY} -out /tmp/xtreem.p12 -name "Xtreem-SSL" -password pass:${PASSWORD}
	cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/osd.p12
	cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/mrc.p12
	cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/dir.p12
	rm /tmp/xtreem.p12
	exit 5
fi

# Lets parse some options because everyone looove options.
INSTALL="STORE-ONLY"
if [[ "$1" == "-only-meta" ]]; then INSTALL="META-ONLY"; fi
if [[ "$1" == "-only-everything" ]]; then INSTALL="ALL"; fi

#
# 1. Filesystem Bootstrap
#
# So the first thing you need to know about building a virtualized "cloud" is
# that there is needed some method of network, multiplely accessed file system
# with some manner of redundancy. With The Gibson, reliability and the
# inability to ever die is our objective.
#
# XtreemFS http://www.xtreemfs.org/
#
# Like any good program, it doesn't run on Windows. Seems to work well, will
# probably end up hating java before this is done. Go here and add the repo.
#
# http://www.xtreemfs.org/download_pkg.php

echo $1 | grep -qiE 'help|-h' && echo "THERE IS NO HELP FOR YOU. SPAAARRRTTAA" && exit 23
echo $1 | grep -qiE 'fuck' && echo "so brave to insult a script. brave little pony" && exit 23

u_version="$(lsb_release -r|cut -f2)"
case ${u_version} in
	11.10|11.04|10.10|10.04|9.10|9.04)
		if [ ! -f /etc/apt/sources.list.d/xtreemfs.list ]; then
			echo \
			  "deb http://download.opensuse.org/repositories/home:/xtreemfs/xUbuntu_${u_version}/ ./ # XtreemFS Cloud Filesystem Repository" >> \
			  /etc/apt/sources.list.d/xtreemfs.list
			add_rollback "rm /etc/apt/sources.list.d/xtreemfs.list"
		else
			echo "Repository already installed."
		fi
	;;
esac

# Alright, now that you have the repo, gonna need to install it. Do that. If
# your computer is slow, take the time to indulge in your vices, because
# computing is always better with mind altering substances and destructive
# behavior!

if [[ "$(whoami)" == "root" ]]; then
	apt-get install -y xtreemfs-server xtreemfs-client xtreemfs-tools
	add_rollback "apt-get purge -y xtreemfs-server xtreemfs-client xtreemfs-tools"
else
	echo "Dude. Gotta be root to install packages. sssrsly dude."
	exit 23
fi

# Don't we need to configure it here? Slacker.
# No don't worry, we'll do it later.

# So Xtreemfs has a three unit system. There is a directory that tells
# everything where everything else is at it. The fqdn of our DIR is the name of
# our particular Xtreemfs cluster. Second is the MRC which is where metadata is
# kept. Third is the OSD where the actual data blocks are striped and
# replicated. All of them can use SSL, and the DIR and MRC can be replicated.
# OSDs are as many as you can fit, like harddrives.

# Now its time for some x509 certs. Get yo sexy on.
# Oh and if you're not running this as a script and actualy following my
# rambling, enter in your commonName and emailAddress. These will be public.
# This will generate you a key and then emai the admin (me) a CSR.

echo "_____HEY__YOU____"
echo

echo -n "Enter your hostname [$(hostname)] : "
read USER_HOSTNAME
if [ -z "${USER_HOSTNAME}" ]; then
	YOUR_COMMON_NAME="$(hostname).pumpingstationone.org";
else
	YOUR_COMMON_NAME="${USER_HOSTNAME}.pumpingstationone.org"
fi

echo -n "Enter your email address [] : "
read USER_EMAIL

echo
echo "_________________"

YOUR_EMAIL_ADDRESS="${USER_EMAIL}"

cat << "ENDSEXYTIME" > /tmp/openssl_conf
[ req ]
distinguished_name   = req_distinguished_name
prompt		     = no

[ req_distinguished_name ]
countryName                     = US
stateOrProvinceName             = Illinois
localityName                    = Chicago
0.organizationName              = Pumping  Station: One
commonName                      = YOUR_COMMON_NAME
emailAddress                    = YOUR_EMAIL_ADDRESS

ENDSEXYTIME
add_rollback "rm /tmp/openssl_conf"

sed -i "s/YOUR_COMMON_NAME/${YOUR_COMMON_NAME}/" /tmp/openssl_conf
sed -i "s/YOUR_EMAIL_ADDRESS/${YOUR_EMAIL_ADDRESS}/" /tmp/openssl_conf

export OPENSSL_CONF='/tmp/openssl_conf'
add_rollback "unset OPENSSL_CONF"

echo
openssl req -out $(hostname).pumpingstationone.org.csr -new -newkey rsa:2048 -nodes -keyout $(hostname).pumpingstationone.org.key
#add_rollback

# hey you trust me right couuurse you do take this and put it in your magic
# java satchel that you have for no reason. stupid java.

function rand_string {
	charpool=('a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' \
		   'A' 'B' 'C' 'D' 'E' 'F' 'G' 'H' 'I' 'J' 'K' 'L' 'M' 'N' 'O' 'P' 'Q' 'R' 'S' 'T' 'U' 'V' 'W' 'X' 'Y' 'Z' \
		   '0' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0' '-' )

	charpool_length=${#charpool[*]}

	if [ $# -lt 1 ]; then num=${webkey_size}; else num=${1}; fi

	for c in $(seq $num); do
        	echo -n ${charpool[$((${RANDOM} % ${charpool_length}))]}
	done
	echo ""
}

# This loads the CA into XtreemFS by way of a javakeystore and corresponding
# password in the config file.
wget -q http://trust.pumpingstationone.org/ca/vm-pumpingstationone.org.crt -O /tmp/ca.crt
add_rollback "rm /tmp/ca.crt"

CA_HASH="$(openssl x509 -fingerprint -noout < /tmp/ca.crt | cut -d '=' -f2)"
XOS_CA_PASSWORD="$(rand_string 14)"
XOS_SERVICE_PASSWORD=O8cJhP6N31iL4G
sed -i "s/^XOS_SERVICE_PASSWORD.*$/XOS_SERVICE_PASSWORD=${XOS_SERVICE_PASSWORD}/" ${0}


if [[ "${CA_HASH}" != "DD:1B:78:E4:58:30:D1:DE:86:26:C3:41:8C:21:45:4F:88:83:A2:55" ]]; then
	echo "Hash stored in this script does not match the CA fingerprint. Stupidity or Malice?"
	echo "Regardless, exiting."
	exit
else
	if [ ! -d /etc/xos/xtreemfs/truststore/certs ]; then
		mkdir -p /etc/xos/xtreemfs/truststore/certs
	fi
	keytool -import -alias rootca -keystore /etc/xos/xtreemfs/truststore/certs/trusted.jks -trustcacerts -storepass ${XOS_CA_PASSWORD} -file /tmp/ca.crt
	add_rollback "rm /etc/xos/xtreemfs/truststore/certs/trusted.jks"
fi

# Now we need to do that config part
DIR_CONF="/etc/xos/xtreemfs/dirconfig.properties"
MRC_CONF="/etc/xos/xtreemfs/mrcconfig.properties"
OSD_CONF="/etc/xos/xtreemfs/osdconfig.properties"


sed -i "s/^ssl\.trusted_certs.pw.*$/ssl.trusted_certs.pw = ${XOS_CA_PASSWORD}/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF}
sed -i "s/^ssl\.service_cerds.pw.*$/ssl.service_creds.pw = ${XOS_SERVICE_PASSWORD}/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF}
sed -i "s/^ssl\.enabled.*$/ssl.enabled = true/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF}
sed -i "s/^dir_service\.host.*$/dir_service.host = vm.pumpingstationone.org/" ${MRC_CONF} ${OSD_CONF}

if [[ "${INSTALL}" == "META-ONLY" ]]; then
	update-rc.d xtreemfs-osd disable
else
	update-rc.d xtreemfs-dir disable
	update-rc.d xtreemfs-mrc disable
fi
	# ..__Creating_The_Gibson__..

	# For obvious reasons
	ROLLBACK='/tmp/gibsonrollback.sh'
	>${ROLLBACK} # blanks the file
	if [[ "$1" == "rollback" ]]; then bash ${ROLLBACK}; exit; fi
	function add_rollback {
	echo "echo $@" >> ${ROLLBACK}
	echo "$@" >> ${ROLLBACK}
	}

	# Once you get back the signed ceritficate, you'll need to combine it.
	# This does that.
	if [[ "$1" == "combine" ]]; then
	PASSWORD="$(grep XOS_SERVICE_PASSWORD ${0} \| cut -d "=" -f2 \| sed -n 2p)"
	if echo $2 \| grep -qi .key; then
	KEY="${2}"
	CERT="${3}"
	else
	KEY="${3}"
	CERT="${2}"
	fi

	openssl pkcs12 -export -in ${CERT} -inkey ${KEY} -out /tmp/xtreem.p12 -name "Xtreem-SSL" -password pass:${PASSWORD}
	cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/osd.p12
	cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/mrc.p12
	cp /tmp/xtreem.p12 /etc/xos/xtreemfs/truststore/certs/dir.p12
	rm /tmp/xtreem.p12
	exit 5
	fi

	# Lets parse some options because everyone looove options.
	INSTALL="STORE-ONLY"
	if [[ "$1" == "-only-meta" ]]; then INSTALL="META-ONLY"; fi
	if [[ "$1" == "-only-everything" ]]; then INSTALL="ALL"; fi

	#
	# 1. Filesystem Bootstrap
	#
	# So the first thing you need to know about building a virtualized "cloud" is
	# that there is needed some method of network, multiplely accessed file system
	# with some manner of redundancy. With The Gibson, reliability and the
	# inability to ever die is our objective.
	#
	# XtreemFS http://www.xtreemfs.org/
	#
	# Like any good program, it doesn't run on Windows. Seems to work well, will
	# probably end up hating java before this is done. Go here and add the repo.
	#
	# http://www.xtreemfs.org/download_pkg.php

	echo $1 \| grep -qiE 'help\|-h' && echo "THERE IS NO HELP FOR YOU. SPAAARRRTTAA" && exit 23
	echo $1 \| grep -qiE 'fuck' && echo "so brave to insult a script. brave little pony" && exit 23

	u_version="$(lsb_release -r\|cut -f2)"
	case ${u_version} in
	11.10\|11.04\|10.10\|10.04\|9.10\|9.04)
	if [ ! -f /etc/apt/sources.list.d/xtreemfs.list ]; then
	echo \
	"deb http://download.opensuse.org/repositories/home:/xtreemfs/xUbuntu_${u_version}/ ./ # XtreemFS Cloud Filesystem Repository" >> \
	/etc/apt/sources.list.d/xtreemfs.list
	add_rollback "rm /etc/apt/sources.list.d/xtreemfs.list"
	else
	echo "Repository already installed."
	fi
	;;
	esac

	# Alright, now that you have the repo, gonna need to install it. Do that. If
	# your computer is slow, take the time to indulge in your vices, because
	# computing is always better with mind altering substances and destructive
	# behavior!

	if [[ "$(whoami)" == "root" ]]; then
	apt-get install -y xtreemfs-server xtreemfs-client xtreemfs-tools
	add_rollback "apt-get purge -y xtreemfs-server xtreemfs-client xtreemfs-tools"
	else
	echo "Dude. Gotta be root to install packages. sssrsly dude."
	exit 23
	fi

	# Don't we need to configure it here? Slacker.
	# No don't worry, we'll do it later.

	# So Xtreemfs has a three unit system. There is a directory that tells
	# everything where everything else is at it. The fqdn of our DIR is the name of
	# our particular Xtreemfs cluster. Second is the MRC which is where metadata is
	# kept. Third is the OSD where the actual data blocks are striped and
	# replicated. All of them can use SSL, and the DIR and MRC can be replicated.
	# OSDs are as many as you can fit, like harddrives.

	# Now its time for some x509 certs. Get yo sexy on.
	# Oh and if you're not running this as a script and actualy following my
	# rambling, enter in your commonName and emailAddress. These will be public.
	# This will generate you a key and then emai the admin (me) a CSR.

	echo "_____HEY__YOU____"
	echo

	echo -n "Enter your hostname [$(hostname)] : "
	read USER_HOSTNAME
	if [ -z "${USER_HOSTNAME}" ]; then
	YOUR_COMMON_NAME="$(hostname).pumpingstationone.org";
	else
	YOUR_COMMON_NAME="${USER_HOSTNAME}.pumpingstationone.org"
	fi

	echo -n "Enter your email address [] : "
	read USER_EMAIL

	echo
	echo "_________________"

	YOUR_EMAIL_ADDRESS="${USER_EMAIL}"

	cat << "ENDSEXYTIME" > /tmp/openssl_conf
	[ req ]
	distinguished_name = req_distinguished_name
	prompt = no

	[ req_distinguished_name ]
	countryName = US
	stateOrProvinceName = Illinois
	localityName = Chicago
	0.organizationName = Pumping Station: One
	commonName = YOUR_COMMON_NAME
	emailAddress = YOUR_EMAIL_ADDRESS

	ENDSEXYTIME
	add_rollback "rm /tmp/openssl_conf"

	sed -i "s/YOUR_COMMON_NAME/${YOUR_COMMON_NAME}/" /tmp/openssl_conf
	sed -i "s/YOUR_EMAIL_ADDRESS/${YOUR_EMAIL_ADDRESS}/" /tmp/openssl_conf

	export OPENSSL_CONF='/tmp/openssl_conf'
	add_rollback "unset OPENSSL_CONF"

	echo
	openssl req -out $(hostname).pumpingstationone.org.csr -new -newkey rsa:2048 -nodes -keyout $(hostname).pumpingstationone.org.key
	#add_rollback

	# hey you trust me right couuurse you do take this and put it in your magic
	# java satchel that you have for no reason. stupid java.

	function rand_string {
	charpool=('a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' \
	'A' 'B' 'C' 'D' 'E' 'F' 'G' 'H' 'I' 'J' 'K' 'L' 'M' 'N' 'O' 'P' 'Q' 'R' 'S' 'T' 'U' 'V' 'W' 'X' 'Y' 'Z' \
	'0' '1' '2' '3' '4' '5' '6' '7' '8' '9' '0' '-' )

	charpool_length=${#charpool[*]}

	if [ $# -lt 1 ]; then num=${webkey_size}; else num=${1}; fi

	for c in $(seq $num); do
	echo -n ${charpool[$((${RANDOM} % ${charpool_length}))]}
	done
	echo ""
	}

	# This loads the CA into XtreemFS by way of a javakeystore and corresponding
	# password in the config file.
	wget -q http://trust.pumpingstationone.org/ca/vm-pumpingstationone.org.crt -O /tmp/ca.crt
	add_rollback "rm /tmp/ca.crt"

	CA_HASH="$(openssl x509 -fingerprint -noout < /tmp/ca.crt \| cut -d '=' -f2)"
	XOS_CA_PASSWORD="$(rand_string 14)"
	XOS_SERVICE_PASSWORD=O8cJhP6N31iL4G
	sed -i "s/^XOS_SERVICE_PASSWORD.*$/XOS_SERVICE_PASSWORD=${XOS_SERVICE_PASSWORD}/" ${0}


	if [[ "${CA_HASH}" != "DD:1B:78:E4:58:30:D1:DE:86:26:C3:41:8C:21:45:4F:88:83:A2:55" ]]; then
	echo "Hash stored in this script does not match the CA fingerprint. Stupidity or Malice?"
	echo "Regardless, exiting."
	exit
	else
	if [ ! -d /etc/xos/xtreemfs/truststore/certs ]; then
	mkdir -p /etc/xos/xtreemfs/truststore/certs
	fi
	keytool -import -alias rootca -keystore /etc/xos/xtreemfs/truststore/certs/trusted.jks -trustcacerts -storepass ${XOS_CA_PASSWORD} -file /tmp/ca.crt
	add_rollback "rm /etc/xos/xtreemfs/truststore/certs/trusted.jks"
	fi

	# Now we need to do that config part
	DIR_CONF="/etc/xos/xtreemfs/dirconfig.properties"
	MRC_CONF="/etc/xos/xtreemfs/mrcconfig.properties"
	OSD_CONF="/etc/xos/xtreemfs/osdconfig.properties"


	sed -i "s/^ssl\.trusted_certs.pw.*$/ssl.trusted_certs.pw = ${XOS_CA_PASSWORD}/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF}
	sed -i "s/^ssl\.service_cerds.pw.*$/ssl.service_creds.pw = ${XOS_SERVICE_PASSWORD}/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF}
	sed -i "s/^ssl\.enabled.*$/ssl.enabled = true/" ${DIR_CONF} ${MRC_CONF} ${OSD_CONF}
	sed -i "s/^dir_service\.host.*$/dir_service.host = vm.pumpingstationone.org/" ${MRC_CONF} ${OSD_CONF}

	if [[ "${INSTALL}" == "META-ONLY" ]]; then
	update-rc.d xtreemfs-osd disable
	else
	update-rc.d xtreemfs-dir disable
	update-rc.d xtreemfs-mrc disable
	fi