svc-pkg-mirror revision 2953
0N/A#!/usr/bin/ksh -p
0N/A#
0N/A# CDDL HEADER START
0N/A#
0N/A# The contents of this file are subject to the terms of the
0N/A# Common Development and Distribution License (the "License").
0N/A# You may not use this file except in compliance with the License.
0N/A#
0N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
0N/A# or http://www.opensolaris.org/os/licensing.
0N/A# See the License for the specific language governing permissions
0N/A# and limitations under the License.
0N/A#
0N/A# When distributing Covered Code, include this CDDL HEADER in each
0N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
0N/A# If applicable, add the following below this CDDL HEADER, with the
0N/A# fields enclosed by brackets "[]" replaced with your own identifying
0N/A# information: Portions Copyright [yyyy] [name of copyright owner]
0N/A#
0N/A# CDDL HEADER END
0N/A#
0N/A# Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
0N/A#
0N/A
0N/A#
5N/A# This is the method script for the svc:/application/pkg/mirror service
5N/A#
0N/A# When called using the 'start' or 'stop' SMF method script, it adds
0N/A# or removes a crontab entry for the user running the service, pkg5srv
0N/A# by default.
0N/A#
0N/A
0N/A#
0N/A# When called using the 'refresh' method, it runs pkgrecv(1) to update a
0N/A# pkg(5) repository using configuration stored in the SMF instance.
0N/A#
0N/A# The following SMF properties are used to configure the service:
0N/A#
0N/A# config/repository the local pkg5 repository we update.
0N/A#
0N/A# config/ref_image the reference pkg5 image that contains
0N/A# origin information that we should update
0N/A# from.
0N/A#
0N/A# config/publishers a comma-separated list of the publishers
0N/A# from ref_image that we pkgrecv from.
4N/A#
4N/A# config/crontab_period the first five fields of a crontab(4)
4N/A# entry, with the 3rd field allowing the
4N/A# special value 'random'.
4N/A#
4N/A# config/debug a boolean, 'true' or 'false'; whether
4N/A# to log more output when debugging.
4N/A#
4N/A
4N/A# Load SMF constants and functions
4N/A. /lib/svc/share/smf_include.sh
0N/A. /lib/svc/share/fs_include.sh
0N/A. /lib/svc/share/pkg5_include.sh
0N/A
0N/AAWK=/usr/bin/awk
0N/ACAT=/usr/bin/cat
0N/ADATE=/usr/bin/date
0N/AGREP=/usr/bin/grep
0N/APKG=/usr/bin/pkg
0N/APKGRECV=/usr/bin/pkgrecv
0N/APKGREPO=/usr/bin/pkgrepo
0N/APYTHON=/usr/bin/python
0N/ARM=/usr/bin/rm
0N/ASED=/usr/bin/sed
5N/ASORT=/usr/bin/sort
0N/ASVCCFG=/usr/sbin/svccfg
0N/ASVCPROP=/usr/bin/svcprop
0N/AWC=/usr/bin/wc
0N/AZFS=/usr/sbin/zfs
0N/A
0N/ASVCNAME=svc:/application/pkg/mirror
0N/A
0N/A#
0N/A# Since we deal with '*' values in crontab fields, we never want
0N/A# globbing.
0N/A#
0N/Aset -o noglob
0N/A
0N/A#
0N/A# Multiple instances of this service should not point at the
0N/A# same local repository, since they could step on each other's toes
0N/A# during updates, so we check for this before enabling the service.
0N/A#
0N/A# Usage:
0N/A# check_duplicate_repos
0N/A#
0N/Afunction check_duplicate_repos {
0N/A
0N/A ALL_REPOS=$($SVCPROP -p config/repository "$SVCNAME:*" \
0N/A | $AWK '{print $NF}' | $SORT | $WC -l)
0N/A REPOS=$($SVCPROP -p config/repository "$SVCNAME:*" \
4N/A | $AWK '{print $NF}' | $SORT -u | $WC -l)
0N/A #
0N/A # if the unique list of repositories is not the same as the
4N/A # list of repositories, then we have duplicates.
5N/A #
4N/A if [ "$ALL_REPOS" != "$REPOS" ]; then
4N/A return 1
4N/A fi
4N/A return 0
4N/A}
4N/A
4N/A#
4N/A# In order that all instances don't hit the remote origins on the same
4N/A# day, when configured with a 'config/crontab_period' containing a
4N/A# special value 'random' in the 'day of the month' field of the crontab
4N/A# schedule, we randomize the day, choosing a value from 1-28, storing
4N/A# that to the service config instead. We then print the crontab period.
4N/A#
4N/A# Usage:
0N/A# add_date_jitter
0N/A#
0N/Afunction add_date_jitter {
0N/A
0N/A schedule=$($SVCPROP -p config/crontab_period $SMF_FMRI \
0N/A | $SED -e 's/\\//g')
0N/A
0N/A #
0N/A # Validate the cron_period property value, checking that we have
0N/A # exactly 5 fields, and that 'random' only appears in the 3rd
0N/A # field. We leave other validation up to cron(1).
0N/A #
0N/A echo "$schedule" | $AWK '
0N/A NF != 5 {
0N/A print "config/crontab_period property must contain 5 " \
0N/A "values.";
0N/A exit 1
0N/A }
0N/A $1 == "random" || $2 == "random" || $4 == "random" || \
0N/A $5 == "random" {
0N/A print "only field 3 can have the value random";
0N/A exit 1
0N/A }'
0N/A
0N/A check_failure $? "invalid value for config/crontab_period." \
0N/A $SMF_FMRI exit
0N/A
0N/A RAND=$(( ($RANDOM % 27) + 1 ))
0N/A new_schedule=$(echo "$schedule" | $SED -e "s/random/$RAND/1")
0N/A if [ "$new_schedule" != "$schedule" ]; then
0N/A #
0N/A # Save the schedule in the instance. Note that this
0N/A # will not appear in the running instance until the
0N/A # refresh method has fired.
0N/A #
0N/A new_schedule=$(echo $new_schedule| $SED -e 's/ /\\ /g')
0N/A $SVCCFG -s $SMF_FMRI setprop \
0N/A config/crontab_period = astring: \"$new_schedule\"
0N/A fi
0N/A print $new_schedule
0N/A}
0N/A
0N/A#
0N/A# Add a crontab entry that does periodic pkgrecvs from a series of
0N/A# remote pkg5 origins to a local repository. This is run as part of the
0N/A# SMF start method for this service. If the repository doesn't exist,
0N/A# we create it. We also attempt to create a zfs dataset if the parent
0N/A# directory for the repository is the leaf of a zfs dataset.
0N/A#
0N/Afunction smf_schedule_updates {
0N/A
0N/A check_duplicate_repos
0N/A check_failure $? "Two or more instances of $SVCNAME contain the
0N/Asame 'config/repository' value, which is not supported." $SMF_FMRI exit
0N/A typeset -f schedule=$(add_date_jitter | $SED -e 's/\\//g')
0N/A typeset repo=$($SVCPROP -p config/repository $SMF_FMRI)
5N/A
0N/A SAVED_IFS="$IFS"
0N/A IFS=,
0N/A set -A publishers $($SVCPROP -p config/publishers $SMF_FMRI)
0N/A IFS="$SAVED_IFS"
0N/A
0N/A if [ ! -f $repo/pkg5.repository ]; then
0N/A repo_parent=$(dirname $repo)
0N/A repo_base=$(basename $repo)
0N/A readmnttab "$repo_parent" < /etc/mnttab
0N/A if [ "$fstype" = "zfs" ]; then
0N/A #
0N/A # $special gets set by readmnttab in
0N/A # /lib/svc/share/fs_include.sh
0N/A #
0N/A DS="$special/$repo_base"
0N/A $ZFS create $DS
0N/A check_failure $? \
0N/A "unable to create zfs dataset $DS" \
0N/A $SMF_FMRI degrade
0N/A fi
0N/A $PKGREPO create "$repo"
0N/A check_failure $? "unable to create repository" \
0N/A $SMF_FMRI degrade
0N/A fi
0N/A set_default_publisher "$repo" ${publishers[0]}
0N/A add_cronjob $SMF_FMRI "$schedule" \
0N/A "/usr/sbin/svcadm refresh $SMF_FMRI"
0N/A}
0N/A
0N/A#
0N/A# Remove the crontab entry that was added by 'schedule_updates'. This is
0N/A# run as part of the SMF stop method for this service.
0N/A#
0N/Afunction smf_unschedule_updates {
0N/A
0N/A remove_cronjob $SMF_FMRI \
0N/A "/usr/sbin/svcadm refresh $SMF_FMRI"
0N/A}
0N/A
0N/A#
0N/A# Checks whether the given repository has a publisher/prefix set,
0N/A# and if not, sets it to the given publisher.
0N/A#
0N/A# Usage:
0N/A# set_default_publisher <path to repo> <publisher>
0N/A#
4N/Afunction set_default_publisher {
4N/A typeset repo="$1"
4N/A typeset pub=$2
4N/A
4N/A DEFAULT=$($PKGREPO -s "$repo" get -H publisher/prefix | \
4N/A $AWK '{print $NF}')
4N/A if [ "$DEFAULT" = '""' ]; then
4N/A $PKGREPO -s "$repo" set publisher/prefix=$pub
4N/A fi
4N/A}
4N/A
4N/A#
4N/A# Intended to be called as part of a cron job firing, this calls
0N/A# 'pkgrecv_from_origin' for each publisher configured in the SMF
0N/A# instance.
4N/A#
4N/A# Usage:
4N/A# update_repository <smf fmri>
4N/A#
4N/Afunction update_repository {
4N/A
4N/A typeset SMF_FMRI=$1
4N/A typeset instance=$(echo $SMF_FMRI | $AWK -F: '{print $NF}')
4N/A typeset lockfile=/var/log/pkg/mirror/mirror.$instance.lock
4N/A
4N/A if [ -f $lockfile ]; then
4N/A pid=$(<$lockfile)
4N/A check_failure 1 "A mirror operation was already running
4N/A under process $pid when the cron job fired. Remove $lockfile to
4N/A override, or check the SMF property 'config/crontab_period' to ensure
4N/A cron schedules don't overlap." $SMF_FMRI degrade
0N/A return 1
0N/A fi
0N/A # write our pid into the lock file
4N/A echo $$ > $lockfile
0N/A check_failure $? "unable to create lockfile" $SMF_FMRI degrade
0N/A
4N/A typeset repo=$($SVCPROP -p config/repository $SMF_FMRI \
4N/A | $SED -e 's/\\//g')
4N/A typeset cachedir=$($SVCPROP -p config/cache_dir $SMF_FMRI \
4N/A | $SED -e 's/\\//g')
4N/A typeset ref_image=$($SVCPROP -p config/ref_image $SMF_FMRI\
4N/A | $SED -e 's/\\//g')
4N/A
4N/A SAVED_IFS="$IFS"
4N/A IFS=,
4N/A set -A publishers $($SVCPROP -p config/publishers $SMF_FMRI)
0N/A IFS="$SAVED_IFS"
4N/A if [ -z "$publishers" ]; then
0N/A echo "ERROR: no publishers found in 'config/publishers'"
4N/A return $SMF_EXIT_FATAL
4N/A fi
4N/A
4N/A set -A origins ""
4N/A set -A ssl_keys ""
4N/A set -A ssl_certs ""
4N/A set -A http_proxies ""
4N/A set -A https_proxies ""
0N/A
0N/A #
0N/A # Gather the details we need to connect to the origins
0N/A # we want to pkgrecv from.
0N/A #
0N/A i=0
0N/A index=0
0N/A while [ $i -lt ${#publishers[@]} ]; do
0N/A pub=${publishers[$i]}
0N/A sslkey=$($PKG -R $ref_image publisher $pub \
0N/A | $GREP 'SSL Key:' \
0N/A | $GREP -v None | $SED -e 's/.* //g')
0N/A sslcert=$($PKG -R $ref_image publisher $pub \
0N/A | $GREP 'SSL Cert:' \
0N/A | $GREP -v None | $SED -e 's/.* //g')
0N/A $PKG -R $ref_image publisher -F tsv > /tmp/pkg.mirror.$$
0N/A
0N/A #
0N/A # this function depends on the output of
0N/A # 'pkg publisher -F tsv'. It really ought to use
0N/A # 'pkg publisher -o' option when that's available.
0N/A #
0N/A while read publisher sticky syspub enabled ptype status \
0N/A uri proxy ; do
0N/A if [ "$pub" != "$publisher" ]; then
0N/A continue
0N/A fi
0N/A if [ -z "$uri" ]; then
0N/A echo "WARNING: no URI \
0N/Aconfigured for publisher $pub"
0N/A continue
0N/A fi
0N/A origins[$index]=$uri
0N/A echo $uri | $GREP -q https://
0N/A if [ $? -eq 0 ]; then
0N/A ssl_keys[$index]=$sslkey
0N/A ssl_certs[$index]=$sslcert
0N/A else
0N/A ssl_keys[$index]=''
0N/A ssl_certs[$index]=''
0N/A fi
0N/A if [ "$proxy" = "-" ]; then
0N/A proxy=''
0N/A fi
0N/A https_proxies[$index]=$proxy
0N/A http_proxy[$index]=$proxy
0N/A index=$(( $index + 1 ))
0N/A done < /tmp/pkg.mirror.$$
0N/A $RM /tmp/pkg.mirror.$$
0N/A i=$(( $i + 1 ))
0N/A done
0N/A
0N/A # Iterate over all configured origins
0N/A i=0
0N/A while [ $i -lt ${#origins[@]} ]; do
0N/A origin=${origins[$i]}
0N/A key=${ssl_keys[$i]}
0N/A cert=${ssl_certs[$i]}
0N/A http_proxy=${http_proxies[$i]}
0N/A https_proxy=${https_proxies[$i]}
0N/A
0N/A pkgrecv_from_origin "$repo" "$origin" "$key" \
0N/A "$cert" $SMF_FMRI "$cachedir" "$http_proxy" \
0N/A "$https_proxy"
0N/A check_failure $? \
0N/A "unable to update repository $repo" $SMF_FMRI \
0N/A degrade
0N/A if [ $? -ne 0 ]; then
0N/A $RM $lockfile
0N/A return 1
0N/A fi
0N/A i=$(( $i + 1 ))
0N/A done
0N/A
0N/A EXIT=$?
0N/A $RM $lockfile
0N/A return $EXIT
0N/A}
0N/A
0N/A#
0N/A# When retrieving values from SMF, we can get the string '""'
0N/A# (two quotes) returned. For our purposes, this is equivalent to the
0N/A# null string, so we normalize it to ''. This function reads from stdin.
0N/A#
0N/Afunction reduce_null_str {
0N/A while read value; do
0N/A if [ "$value" = '""' ]; then
0N/A echo ''
0N/A else
0N/A echo $value
0N/A fi
0N/A done
0N/A}
0N/A
0N/A#
0N/A# Perform a pkgrecv from the given origin to the given repository.
0N/A# We assume that the repository exists.
0N/A#
0N/A# Usage:
0N/A# pkgrecv_from_origin <repo> <origin> <key path> <cert path> <FMRI>
0N/A# <cache dir> <http_proxy> <https_proxy>
0N/A#
0N/Afunction pkgrecv_from_origin {
0N/A
0N/A typeset repo=$1
0N/A typeset origin=$2
0N/A typeset key=$(echo $3 | reduce_null_str)
0N/A typeset cert=$(echo $4 | reduce_null_str)
0N/A typeset SMF_FMRI=$5
0N/A typeset cachedir=$6
0N/A typeset http_proxy=$(echo $7 | reduce_null_str)
0N/A typeset https_proxy=$(echo $8 | reduce_null_str)
0N/A
0N/A typeset instance=$(echo $SMF_FMRI | $AWK -F: '{print $NF}')
0N/A typeset debug_flag=$($SVCPROP -p config/debug $SMF_FMRI)
0N/A typeset LOG=/var/log/pkg/mirror/mirror.$instance.log
0N/A
0N/A export http_proxy=$http_proxy
0N/A export https_proxy=$https_proxy
0N/A
0N/A TSTAMP=$($DATE +%Y%m%dT%H%M%SZ)
0N/A echo "$TSTAMP: $SMF_FMRI updates to $repo from $origin :" \
0N/A >> $LOG
0N/A
0N/A if [ -n "$key" ] && [ -n "$cert" ]; then
0N/A key="--key $key"
0N/A cert="--cert $cert"
0N/A fi
0N/A # show the command we're running
0N/A if [ "$debug_flag" = "true" ] ; then
0N/A echo $PKGRECV -s $origin -c "$cachedir"/$instance \
0N/A -d "$repo" -m all-timestamps $key $cert '*'
0N/A fi
0N/A $PKGRECV -s $origin -c "$cachedir"/$instance -d "$repo" \
0N/A -m all-timestamps $key $cert '*' > $LOG.tmp 2>&1
0N/A EXIT=$?
0N/A
0N/A if [ "$debug_flag" = "true" ]; then
0N/A $CAT $LOG.tmp >> $LOG
0N/A elif [ $EXIT -ne 0 ]; then
0N/A #
0N/A # in the case of errors, getting the full pkgrecv output
0N/A # can be helpful.
0N/A #
0N/A $CAT $LOG.tmp >> $LOG
0N/A else
0N/A # otherwise, we only log messages containing pkg5 FMRIs
0N/A $GREP 'pkg:/' $LOG.tmp >> $LOG
0N/A # we only destroy the cache if a pkgrecv was successful
0N/A $RM -rf "$cachedir"/$instance
0N/A fi
0N/A $PKGREPO -s "$repo" refresh
0N/A $RM $LOG.tmp
0N/A return $EXIT
0N/A}
0N/A
0N/A# $1 start | stop | an FMRI containing configuration
0N/Acase "$1" in
0N/A'start')
0N/A smf_schedule_updates
0N/A if [ $? -eq 0 ]; then
0N/A result=$SMF_EXIT_OK
0N/A else
0N/A echo "Problem mirroring repository for $SMF_FMRI"
0N/A result=$SMF_EXIT_ERR_FATAL
0N/A fi
0N/A ;;
0N/A
0N/A'stop')
0N/A smf_unschedule_updates
0N/A if [ $? -eq 0 ]; then
0N/A result=$SMF_EXIT_OK
0N/A else
0N/A echo "Problem mirroring repository for $SMF_FMRI"
0N/A result=$SMF_EXIT_ERR_FATAL
0N/A fi
0N/A ;;
0N/A
0N/A#
0N/A# A note on logging.
0N/A#
0N/A# The following log files are created while this service is running:
0N/A#
0N/A# /var/log/pkg/mirror/mirror.<instance>.log
0N/A# This is the top-level log file for the service. This log
0N/A# shows a summary of each pkgrecv, listing a timestamp and the
0N/A# packages that were received during that run of the cron job.
0N/A#
0N/A# /var/log/pkg/mirror/mirror.<instance>.run.<pid>
0N/A# This is a temporary log file, which should contain very little
0N/A# output - it exists to capture all other output from the service
0N/A# If 'config/debug' is set, then this file will also include the
0N/A# full pkgrecv(1) command that is executed.
0N/A#
0N/A# /var/log/pkg/mirror/mirror.<instance>.log.tmp
0N/A# Another temporary log file, which captures the complete output
0N/A# of each pkgrecv command as it runs. At the end of the pkgrecv
0N/A# process, we extract a summary and append it to
0N/A# mirror.<instance>.log. If 'config/debug' is set, the contents
0N/A# of this log are appended to mirror.<instance>.log. If any errors
0N/A# were encountered while running pkgrecv, the contents of this log
0N/A# are appended to mirror.<instance>.log.
4N/A#
0N/A
0N/A'refresh')
4N/A typeset instance=$(echo $SMF_FMRI | $AWK -F: '{print $NF}')
4N/A typeset LOG=/var/log/pkg/mirror/mirror.$instance.log
0N/A typeset debug_flag=$($SVCPROP -p config/debug $SMF_FMRI)
0N/A
0N/A # Most output should get captured by update_repository, but we
0N/A # capture any remaining output.
0N/A update_repository $SMF_FMRI > $LOG.run.$$ 2>&1
0N/A RET=$?
0N/A
0N/A if [ -s $LOG.run.$$ ]; then
0N/A cat $LOG.run.$$ >> $LOG
0N/A fi
0N/A
0N/A if [ "$debug_flag" = "false" ]; then
0N/A $RM $LOG.run.$$
0N/A fi
0N/A
0N/A if [ $RET -eq 0 ]; then
0N/A result=$SMF_EXIT_OK
0N/A else
0N/A echo "Mirror refresh failed: see $LOG for more detail."
5N/A # try to remove the cron job so we don't keep failing
5N/A smf_unschedule_updates
5N/A result=$SMF_EXIT_ERR_FATAL
fi
;;
esac
exit $result