#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-u <user>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-u <user> owner of warden client package (user for running detection scripts)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -u detector -k /etc/ssl/private/client.key -c /etc/ssl/certs/client.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling client package ... OK"
rm -rf $client_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
if [ -z $user ]; then
echo "Parameter -u <user> is not set!"
exit 1
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_client_chck()
{
old_package_version_file={$etc}/package_version
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden client package please use update.sh script."
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating warden client directory ... "
test -d $prefix || mkdir -p prefix
if cp -R ${dirname}/warden-client $prefix 2> $err; then
echo "OK"
else
err_clean
fi
echo -n "Copying files ... "
files=(CHANGELOG INSTALL LICENSE README README.cesnet)
for file in ${files[@]};
do
cp ${dirname}/warden-client/doc/$file ${client_path}/doc
done
test -d ${client_path}/ || mkdir -p ${client_path}/
cp ${dirname}/uninstall.sh ${client_path}/
echo "OK"
}
check_key()
{
echo -n "Checking certificate key file ... "
if su ${user} -c "test -r ${key}" 2> $err; then
echo "OK"
else
echo "Warning: certificate key file is not readable by user ${user}!"
fi
}
check_cert()
{
echo -n "Checking certificate file ... "
if su ${user} -c "test -r ${key}" 2> $err; then
echo "OK"
else
echo "Warning: certificate file is not readable by user ${user}!"
fi
}
make_conf_file()
{
echo -n "Creating configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://warden.cesnet.cz:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"${key}\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"${cert}\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"${ca_file}\";
#-------------------------------------------------------------------------------
# MAX_RCV_EVENTS_LIMIT - maximum number of events the client is allowd to get
# from the Warden server in one batch
#-------------------------------------------------------------------------------
\$MAX_RCV_EVENTS_LIMIT = 6000; #consumes app. 250 MB of memory
#-------------------------------------------------------------------------------
# CONNECTION_TIMEOUT - interval in seconds to timeout connection with Warden
# server. If your client timeouts, consider using higher
# timeout number. Also, in case of receiving clients, you
# can optimize the MAX_RCV_EVENTS_LIMIT value.
#-------------------------------------------------------------------------------
$CONNECTION_TIMEOUT = 60;
#-------------------------------------------------------------------------------
# Log options
#
# LOG_STDERR, LOG_SYSLOG - hide (0) or allow (1) error reporting on STDERR
# and/or to Syslog
# LOG_SYSLOG_FACILITY - specify a Syslog facility to log in
# LOG_VERBOSE - print only error message without a stack (0) or print debug info
# including err. message and stack (1)
#-------------------------------------------------------------------------------
\$LOG_STDERR = 1;
\$LOG_SYSLOG = 0;
\$LOG_SYSLOG_FACILITY = \"local7\";
\$LOG_VERBOSE = 0;
1;
" > $conf_file 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
change_permissions()
{
echo -n "Changing permissions to installed package ... "
chown -R $user: $client_path 2> $err || err_clean
chmod 644 ${etc}/package_version || err_clean
if chmod 600 $conf_file; then
echo "OK"
else
err_clean
fi
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite IO::Socket::SSL SOAP::Transport::HTTP FindBin DateTime Carp)
# read input
while getopts "d:u:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
u ) user=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
package_version=`cat ${dirname}/warden-client/etc/package_version`
key_file=`basename $key`
cert_file=`basename $cert`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
client_path="${prefix}/warden-client"
etc="${client_path}/etc"
conf_file="${etc}/warden-client.conf"
err="/tmp/warden-err"
# check if warden-client is installed
old_client_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# copy cert key file
check_key
# copy cert file
check_cert
# create conf file
make_conf_file
# change permissions
change_permissions
echo
echo "Please check configuration file in ${conf_file}!"
echo
echo "Warden client directory: $client_path"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
# cleanup section
rm -rf $err
exit 0