diff options
Diffstat (limited to 'coin/provisioning/common/unix')
-rwxr-xr-x | coin/provisioning/common/unix/DownloadURL.sh | 93 | ||||
-rw-r--r-- | coin/provisioning/common/unix/common.sourced.sh | 139 | ||||
-rwxr-xr-x | coin/provisioning/common/unix/install_protobuff.sh | 2 | ||||
-rwxr-xr-x | coin/provisioning/common/unix/squishInstall.sh | 4 | ||||
-rwxr-xr-x | coin/provisioning/common/unix/telegraf_install.sh | 98 | ||||
-rwxr-xr-x | coin/provisioning/common/unix/telegraf_password.sh | 60 |
6 files changed, 370 insertions, 26 deletions
diff --git a/coin/provisioning/common/unix/DownloadURL.sh b/coin/provisioning/common/unix/DownloadURL.sh index 996c99da..0579451f 100755 --- a/coin/provisioning/common/unix/DownloadURL.sh +++ b/coin/provisioning/common/unix/DownloadURL.sh @@ -1,8 +1,8 @@ -#!/usr/bin/env bash +#!/bin/sh ############################################################################# ## -## Copyright (C) 2017 The Qt Company Ltd. +## Copyright (C) 2019 The Qt Company Ltd. ## Contact: http://www.qt.io/licensing/ ## ## This file is part of the provisioning scripts of the Qt Toolkit. @@ -33,31 +33,78 @@ ## ############################################################################# + # A helper script used for downloading a file from a URL or an alternative -# URL. Also the SHA1 is checked for the file. Target filename should also -# be given. -# -# If called directly from another script, it will exit the parent script -# as well, if not called in its own subshell with parentheses. +# URL. Also the SHA is checked for the file (SHA algorithm is autodetected +# based on the SHA length). Target filename should also be given. + +############################ BOILERPLATE ############################### +command -v sha1sum >/dev/null || alias sha1sum='shasum -a 1' +command -v sha256sum >/dev/null || alias sha256sum='shasum -a 256' +command -v sha384sum >/dev/null || alias sha384sum='shasum -a 384' +command -v sha512sum >/dev/null || alias sha512sum='shasum -a 512' +######################################################################## + + +Download () { + url="$1" + targetFile="$2" + + command -v curl >/dev/null \ + && curl --fail -L --retry 5 --retry-delay 5 -o "$targetFile" "$url" \ + || wget --tries 5 -O "$targetFile" "$url" +} -set -ex +VerifyHash () { + file=$1 + expectedHash=$2 -function DownloadURL { + if [ ! -f "$file" ] + then return 2 # file does not exist + fi + + + hashLength="$(echo "$expectedHash" | wc -c | sed 's/ *//g')" + # Use backticks because of bug with bash-3 (default on macOS), + # caused when there are unbalanced parentheses inside $() + # shellcheck disable=SC2006 + hash=`case "$hashLength" in + 41) sha1sum "$file" ;; + 65) sha256sum "$file" ;; + 97) sha384sum "$file" ;; + 129) sha512sum "$file" ;; + *) echo "FATAL! Unknown hash length: $hashLength" 1>&2 && exit 1 ;; + esac | cut -d ' ' -f 1` + + if [ ! "$expectedHash" = "$hash" ] + then + echo "FAIL! wrong file hash: $file $hash" 1>&2 + return 1 + fi + echo "OK verified integrity of: $file" +} + +# Check if file already exists and is good, otherwise download it +DownloadURL () { url=$1 - url_alt=$2 - expectedSha1=$3 + url2=$2 + expectedHash=$3 targetFile=$4 - echo "Downloading from primary URL '$url'" - curl --fail -L --retry 5 --retry-delay 5 -o "$targetFile" "$url" || { - echo "Failed to download '$url' multiple times" - echo "Downloading from alternative URL '$url_alt'" - curl --fail -L --retry 5 --retry-delay 5 -o "$targetFile" "$url_alt" || { echo 'Failed to download even from alternative url'; exit 1; } - } - - echo "Checking SHA1 on PKG '$targetFile'" - echo "$expectedSha1 *$targetFile" > "$targetFile.sha1" - sha1sum --check "$targetFile.sha1" - rm -f "$targetFile.sha1" + if VerifyHash "$targetFile" "$expectedHash" + then + echo "Skipping download, found and validated existing file: $targetFile" + else + echo "Downloading from primary URL: $url" + if ! Download "$url" "$targetFile" + then + echo "FAIL! to download, trying alternative URL: $url2" 1>&2 + if ! Download "$url" "$targetFile" + then + echo 'FAIL! to download even from alternative url' 1>&2 + return 1 + fi + fi + VerifyHash "$targetFile" "$expectedHash" + fi } - diff --git a/coin/provisioning/common/unix/common.sourced.sh b/coin/provisioning/common/unix/common.sourced.sh new file mode 100644 index 00000000..a52880b2 --- /dev/null +++ b/coin/provisioning/common/unix/common.sourced.sh @@ -0,0 +1,139 @@ +#!/bin/sh + + +############################################################################# +## +## Copyright (C) 2019 The Qt Company Ltd. +## Contact: http://www.qt.io/licensing/ +## +## This file is part of the provisioning scripts of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:LGPL21$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see http://www.qt.io/terms-conditions. For further +## information use the contact form at http://www.qt.io/contact-us. +## +## GNU Lesser General Public License Usage +## Alternatively, this file may be used under the terms of the GNU Lesser +## General Public License version 2.1 or version 3 as published by the Free +## Software Foundation and appearing in the file LICENSE.LGPLv21 and +## LICENSE.LGPLv3 included in the packaging of this file. Please review the +## following information to ensure the GNU Lesser General Public License +## requirements will be met: https://www.gnu.org/licenses/lgpl.html and +## http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +## +## As a special exception, The Qt Company gives you certain additional +## rights. These rights are described in The Qt Company LGPL Exception +## version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +## +## $QT_END_LICENSE$ +## +############################################################################# + + +# Script to be sourced from everywhere you need a common environment. Defines: +export PROVISIONING_DIR +export PROVISIONING_OS +export PROVISIONING_OS_ID +export PROVISIONING_ARCH +export CMD_PKG_INSTALL +export CMD_PKG_LOCALINSTALL +export CMD_INSTALL + + + +if [ x"$IS_PROVISIONING_COMMON_SOURCED" != x ] +then + echo "common.sourced.sh has already been sourced, re-sourcing skipped" + return +fi + +# Do not export; you want children to re-source, because they only inherit the +# variables but not the functions +IS_PROVISIONING_COMMON_SOURCED=1 + + +fatal () { + echo "$1" 1>&2 + if [ x"$2" != x ] + then exit "$2" + else exit + fi +} + +is_script_executed () { + [ x"$(basename "$0")" = x"$1" ] +} + + +is_script_executed common.sourced.sh \ + && fatal "Script common.sourced.sh should always be sourced, not executed" + + +set_common_environment () { + # Unfortunately we can't find the provisioning directory from a sourced + # script in a portable way + # PROVISIONING_DIR="$(dirname "$0")/../../" + + [ x"$PROVISIONING_DIR" = x ] \ + && fatal "PROVISIONING_DIR variable needs to be set before calling set_common_environment" + + uname_s="$(uname -s)" + case "$uname_s" in + Linux) + PROVISIONING_OS=linux + . /etc/os-release + PROVISIONING_OS_ID="$ID" + case "$PROVISIONING_OS_ID" in + suse|sles|opensuse*) + CMD_PKG_INSTALL="sudo zypper -nq install" + CMD_PKG_LOCALINSTALL="sudo zypper --no-gpg-checks -nq install" + ;; + debian|ubuntu) + CMD_PKG_INSTALL="sudo apt -y install" + CMD_PKG_LOCALINSTALL="sudo apt -y install" + ;; + rhel|centos|fedora) + CMD_PKG_INSTALL="sudo yum -y install" + CMD_PKG_LOCALINSTALL="sudo yum -y --nogpgcheck localinstall" + ;; + *) fatal "Unknown ID in /etc/os-release: $PROVISIONING_OS_ID" ;; + esac + ;; + Darwin) + PROVISIONING_OS=macos + PROVISIONING_OS_ID=macos + CMD_PKG_INSTALL="brew install" + CMD_PKG_LOCALINSTALL="echo 'TODO how to install a package file on macOS'" + ;; + *) + fatal "Unknown system in uname: $uname_s" 42 + ;; + esac + + uname_m="$(uname -m)" + case "$uname_m" in + x86_64|amd64) PROVISIONING_ARCH=amd64 ;; + i[3456]86) PROVISIONING_ARCH=x86 ;; + *) fatal "Unknown architecture in uname: $uname_m" 43 ;; + esac + + CMD_INSTALL="sudo install" +} + +set_common_environment + +set_dry_run () { + if [ x"$PROVISIONING_DRY_RUN" != x ] + then + CMD_PKG_INSTALL="echo DRYRUN: $CMD_PKG_INSTALL" + CMD_PKG_LOCALINSTALL="echo DRYRUN: $CMD_PKG_LOCALINSTALL" + CMD_INSTALL="echo DRYRUN: $CMD_INSTALL" + fi +} + +set_dry_run diff --git a/coin/provisioning/common/unix/install_protobuff.sh b/coin/provisioning/common/unix/install_protobuff.sh index 59e9b699..a9b2cfd0 100755 --- a/coin/provisioning/common/unix/install_protobuff.sh +++ b/coin/provisioning/common/unix/install_protobuff.sh @@ -64,7 +64,7 @@ if uname -a |grep -q Darwin; then else ./configure fi -make +make -j5 sudo make install # Refresh shared library cache if OS isn't macOS diff --git a/coin/provisioning/common/unix/squishInstall.sh b/coin/provisioning/common/unix/squishInstall.sh index b40c1922..f1b5e6b5 100755 --- a/coin/provisioning/common/unix/squishInstall.sh +++ b/coin/provisioning/common/unix/squishInstall.sh @@ -122,7 +122,7 @@ function MountAndInstall { sudo cp $targetFileMount /tmp UnMount sudo hdiutil attach "/tmp/$targetFile" - sudo /Volumes/froglogic\ Squish/Install\ Squish.app/Contents/MacOS/Squish unattended=1 targetdir="$targetDirectory/package" qtpath="$targetDirectory" > /dev/null 2>&1 + sudo /Volumes/froglogic\ Squish/Install\ Squish.app/Contents/MacOS/Squish unattended=1 targetdir="$targetDirectory/package" qtpath="$targetDirectory" > /dev/null mountFolder="/Volumes/froglogic Squish" UnMount elif [[ $targetFile == *.run ]]; then @@ -130,7 +130,7 @@ function MountAndInstall { sudo cp $targetFileMount $targetDirectory UnMount sudo chmod +x $targetDirectory/$targetFile - sudo $targetDirectory/$targetFile unattended=1 targetdir="$targetDirectory/package" qtpath="$targetDirectory" > /dev/null 2>&1 + sudo $targetDirectory/$targetFile unattended=1 targetdir="$targetDirectory/package" qtpath="$targetDirectory" > /dev/null sudo rm -fr "$targetDirectory/$targetFile" if uname -a |grep -q "Ubuntu"; then sudo mkdir /usr/lib/tcl8.6 diff --git a/coin/provisioning/common/unix/telegraf_install.sh b/coin/provisioning/common/unix/telegraf_install.sh new file mode 100755 index 00000000..1412650e --- /dev/null +++ b/coin/provisioning/common/unix/telegraf_install.sh @@ -0,0 +1,98 @@ +#!/bin/sh + +############################################################################# +## +## Copyright (C) 2019 The Qt Company Ltd. +## Contact: http://www.qt.io/licensing/ +## +## This file is part of the provisioning scripts of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:LGPL21$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see http://www.qt.io/terms-conditions. For further +## information use the contact form at http://www.qt.io/contact-us. +## +## GNU Lesser General Public License Usage +## Alternatively, this file may be used under the terms of the GNU Lesser +## General Public License version 2.1 or version 3 as published by the Free +## Software Foundation and appearing in the file LICENSE.LGPLv21 and +## LICENSE.LGPLv3 included in the packaging of this file. Please review the +## following information to ensure the GNU Lesser General Public License +## requirements will be met: https://www.gnu.org/licenses/lgpl.html and +## http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +## +## As a special exception, The Qt Company gives you certain additional +## rights. These rights are described in The Qt Company LGPL Exception +## version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +## +## $QT_END_LICENSE$ +## +############################################################################# + + +# This script installs telegraf and ioping and our script telegraf-ioping.sh +# to the /usr/bin directory. +# +# The reasons we don't install to /usr/local/bin are: +# 1. On SLES and RHEL, the PATH of sudo (secure_path setting in /etc/sudoers) +# does not include /usr/local/bin. +# 2. On macOS /usr/local/bin does not even exist early in provisioning. + + +######################## BOILERPLATE ########################### +set -e + + +PROVISIONING_DIR="$(dirname "$0")/../../" +. "$PROVISIONING_DIR"/common/unix/common.sourced.sh + +. "$PROVISIONING_DIR"/common/unix/DownloadURL.sh + +is_script_executed telegraf_install.sh \ + || fatal "Script telegraf_install.sh should be executed, not sourced" + +################################################################ + + +[ "$PROVISIONING_OS" = linux ] \ + && ioping_sha256=259abf04bcb84f4126ff97c04b6651e1cf5ea6d8a9ff364c769a26c95b6eeb44 \ + || ioping_sha256=55de6a2f1a5343e0ce8df31d82d47a9e79c7e612edbc6dfb39b5fc6fb358b2e3 +DownloadURL "http://ci-files01-hki.intra.qt.io/input/ioping/ioping.${PROVISIONING_OS}-${PROVISIONING_ARCH}" \ + '' "$ioping_sha256" ioping +$CMD_INSTALL -m 755 ./ioping /usr/bin/ +rm -f ioping + +# 2. Install custom ioping monitoring script +$CMD_INSTALL -m 755 "$PROVISIONING_DIR"/common/shared/telegraf/telegraf-ioping.sh /usr/bin/ + +# 3. Download and install telegraf + +[ x"$PROVISIONING_OS" = xmacos ] && os=darwin || os=linux +[ x"$PROVISIONING_ARCH" = xx86 ] && arch=i386 || arch=amd64 +package_filename=telegraf-1.12.1_${os}_${arch}.tar.gz +package_sha256_list="$PROVISIONING_DIR"/common/shared/telegraf/telegraf_packages.sha256.txt +package_sha256=$(sed -n "s/.*$package_filename *//p" "$package_sha256_list") + +DownloadURL \ + http://ci-files01-hki.intra.qt.io/input/telegraf/"$package_filename" \ + https://dl.influxdata.com/telegraf/releases/"$package_filename" \ + "$package_sha256" \ + telegraf.tar.gz + +tar -xzf ./telegraf.tar.gz -C /tmp +telegraf_binary=$(find /tmp/telegraf* -name telegraf -type f | grep /bin/ | head -1) +$CMD_INSTALL -m 755 "$telegraf_binary" /usr/bin/ +rm -rf /tmp/telegraf* + +# 4. Edit config file with passwords +"$PROVISIONING_DIR"/common/unix/telegraf_password.sh + +# 5. Start telegraf in background (-b) and with retaining the environment (-E) +# in order to report as hostname = $COIN_UNIQUE_JOB_ID. +/usr/bin/sudo -b -E telegraf --config /etc/telegraf-coin.conf >/dev/null 2>&1 + +echo DONE: "Installed and started telegraf: $package_filename" diff --git a/coin/provisioning/common/unix/telegraf_password.sh b/coin/provisioning/common/unix/telegraf_password.sh new file mode 100755 index 00000000..efbed142 --- /dev/null +++ b/coin/provisioning/common/unix/telegraf_password.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +############################################################################# +## +## Copyright (C) 2019 The Qt Company Ltd. +## Contact: http://www.qt.io/licensing/ +## +## This file is part of the provisioning scripts of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:LGPL21$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see http://www.qt.io/terms-conditions. For further +## information use the contact form at http://www.qt.io/contact-us. +## +## GNU Lesser General Public License Usage +## Alternatively, this file may be used under the terms of the GNU Lesser +## General Public License version 2.1 or version 3 as published by the Free +## Software Foundation and appearing in the file LICENSE.LGPLv21 and +## LICENSE.LGPLv3 included in the packaging of this file. Please review the +## following information to ensure the GNU Lesser General Public License +## requirements will be met: https://www.gnu.org/licenses/lgpl.html and +## http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. +## +## As a special exception, The Qt Company gives you certain additional +## rights. These rights are described in The Qt Company LGPL Exception +## version 1.1, included in the file LGPL_EXCEPTION.txt in this package. +## +## $QT_END_LICENSE$ +## +############################################################################# + + +######################## BOILERPLATE ########################### +set -e + + +PROVISIONING_DIR="$(dirname "$0")/../../" +. "$PROVISIONING_DIR"/common/unix/common.sourced.sh + +is_script_executed telegraf_password.sh \ + || fatal "Script telegraf_password.sh should be executed, not sourced, to avoid leaking secrets in the logs" +# Avoid leaking secrets in the logs +set +x +################################################################ + + +# Provisioning should run even without the secrets repository +influxdb_password=$(cut -d : -f 2 ~qt/work/influxdb/coin_vms_writer.auth) \ + || influxdb_password=no_password_provided + +rm -f ~qt/work/influxdb/coin_vms_writer.auth +sed "s|COIN_VMS_WRITER_PASS|$influxdb_password|" \ + "$PROVISIONING_DIR"/common/"$PROVISIONING_OS"/telegraf-coin.conf \ + > .telegraf-coin.conf.final +$CMD_INSTALL -m 600 .telegraf-coin.conf.final /etc/telegraf-coin.conf +rm -f .telegraf-coin.conf.final |