-
Notifications
You must be signed in to change notification settings - Fork 296
/
devices.sh
executable file
·99 lines (81 loc) · 3.33 KB
/
devices.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env bash
set -o nounset
set -o pipefail
SHELL="/bin/bash"
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
CONFIG_DIR="/var/ic/config"
function mount_config_partition() {
echo "* Mounting hostOS config partition..."
vgchange -ay hostlvm
log_and_reboot_on_error "${?}" "Unable to activate hostOS config partition."
mount /dev/mapper/hostlvm-config /media
log_and_reboot_on_error "${?}" "Unable to mount hostOS config partition."
}
function copy_config_files() {
echo "* Copying 'config.ini' to hostOS config partition..."
if [ -f "${CONFIG_DIR}/config.ini" ]; then
cp ${CONFIG_DIR}/config.ini /media/
log_and_reboot_on_error "${?}" "Unable to copy 'config.ini' to hostOS config partition."
else
log_and_reboot_on_error "1" "Configuration file 'config.ini' does not exist."
fi
echo "* Copying SSH authorized keys..."
if [ -d "${CONFIG_DIR}/ssh_authorized_keys" ]; then
cp -r ${CONFIG_DIR}/ssh_authorized_keys /media/
log_and_reboot_on_error "${?}" "Unable to copy SSH authorized keys to hostOS config partition."
else
log_and_reboot_on_error "1" "Directory 'ssh_authorized_keys' does not exist."
fi
echo "* Copying node operator private key..."
if [ -f "${CONFIG_DIR}/node_operator_private_key.pem" ]; then
cp ${CONFIG_DIR}/node_operator_private_key.pem /media/
log_and_reboot_on_error "${?}" "Unable to copy node operator private key to hostOS config partition."
else
echo "node_operator_private_key.pem does not exist, requiring HSM."
fi
if [ -f "${CONFIG_DIR}/default_firewall_whitelist.conf" ]; then
cp ${CONFIG_DIR}/default_firewall_whitelist.conf /media/
log_and_reboot_on_error "${?}" "Unable to copy default_firewall_whitelist.conf to hostOS config partition."
fi
echo "* Copying deployment.json to config partition..."
cp /data/deployment.json /media/
log_and_reboot_on_error "${?}" "Unable to copy deployment.json to hostOS config partition."
echo "* Copying NNS public key to hostOS config partition..."
cp /data/nns_public_key.pem /media/
log_and_reboot_on_error "${?}" "Unable to copy NNS public key to hostOS config partition."
}
function insert_hsm_if_necessary() {
if [ ! -f "${CONFIG_DIR}/node_operator_private_key.pem" ]; then
retry=0
while [ -z "$(lsusb | grep -E 'Nitro|Clay')" ]; do
let retry=retry+1
if [ ${retry} -ge 3600 ]; then
log_and_reboot_on_error "1" "Nitrokey HSM USB device could not be detected, giving up."
break
else
echo "* Please insert Nitrokey HSM USB device..."
sleep 3
fi
done
fi
}
function unmount_config_partition() {
echo "* Unmounting hostOS config partition..."
sync
log_and_reboot_on_error "${?}" "Unable to synchronize cached writes to persistent storage."
umount /media
log_and_reboot_on_error "${?}" "Unable to unmount hostOS config partition."
vgchange -an hostlvm
log_and_reboot_on_error "${?}" "Unable to deactivate hostOS config partition."
}
# Establish run order
main() {
source /opt/ic/bin/functions.sh
log_start "$(basename $0)"
mount_config_partition
copy_config_files
insert_hsm_if_necessary
unmount_config_partition
log_end "$(basename $0)"
}
main