diff --git a/scripts/network/domr/vm_data.sh b/scripts/network/domr/vm_data.sh new file mode 100644 index 00000000000..c8617234a50 --- /dev/null +++ b/scripts/network/domr/vm_data.sh @@ -0,0 +1,147 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +# $Id: vm_data.sh 9307 2010-06-08 00:43:08Z chiradeep $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/scripts/vm/hypervisor/xenserver/patch/vm_data.sh $ +# @VERSION@ + +usage() { + printf "Usage: %s: -r -v -F -f -d \n" $(basename $0) >&2 + exit 2 +} + +set -x +cert="/root/.ssh/id_rsa.cloud" +PORT=3922 + +create_htaccess() { + local domrIp=$1 + local vmIp=$2 + local folder=$3 + local file=$4 + + local result=0 + #rewrite rule in top level /latest folder to redirect + #to vm specific folder based on source ip + entry="RewriteRule ^$file$ ../$folder/%{REMOTE_ADDR}/$file [L,NC,QSA]" + htaccessFolder="/var/www/html/latest" + htaccessFile=$htaccessFolder/.htaccess + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "mkdir -p $htaccessFolder; touch $htaccessFile; grep -F \"$entry\" $htaccessFile; if [ \$? -gt 0 ]; then echo -e \"$entry\" >> $htaccessFile; fi" >/dev/null + result=$? + + if [ $result -eq 0 ] + then + #ensure that vm specific folder cannot be listed and that only + #the vm that owns the data can access the items in this directory + entry="Options -Indexes\\nOrder Deny,Allow\\nDeny from all\\nAllow from $vmIp" + htaccessFolder="/var/www/html/$folder/$vmIp" + htaccessFile=$htaccessFolder/.htaccess + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "mkdir -p $htaccessFolder; echo -e \"$entry\" > $htaccessFile" >/dev/null + result=$? + fi + + #support access by http:///latest/ (legacy, see above) also + # http:///latest/meta-data/ (correct) + if [ "$folder" == "metadata" ] || [ "$folder" == "meta-data" ] + then + entry="RewriteRule ^meta-data/(.+)$ ../$folder/%{REMOTE_ADDR}/\\\$1 [L,NC,QSA]" + htaccessFolder="/var/www/html/latest" + htaccessFile=$htaccessFolder/.htaccess + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "grep -F \"$entry\" $htaccessFile; if [ \$? -gt 0 ]; then echo -e \"$entry\" >> $htaccessFile; fi" >/dev/null + entry="RewriteRule ^meta-data/$ ../$folder/%{REMOTE_ADDR}/meta-data [L,NC,QSA]" + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "grep -F \"$entry\" $htaccessFile; if [ \$? -gt 0 ]; then echo -e \"$entry\" >> $htaccessFile; fi" >/dev/null + result=$? + fi + + return $result +} + +copy_vm_data_file() { + local domrIp=$1 + local vmIp=$2 + local folder=$3 + local file=$4 + local dataFile=$5 + + dest=/var/www/html/$folder/$vmIp/$file + metamanifest=/var/www/html/$folder/$vmIp/meta-data + scp -P $PORT -o StrictHostKeyChecking=no -i $cert $dataFile root@$domrIp:$dest >/dev/null + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "chmod 644 $dest" > /dev/null + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "touch $metamanifest; chmod 644 $metamanifest" > /dev/null + if [ "$folder" == "metadata" ] || [ "$folder" == "meta-data" ] + then + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "sed -i '/$file/d' $metamanifest; echo $file >> $metamanifest" > /dev/null + fi + + return $? +} + +delete_vm_data_file() { + local domrIp=$1 + local vmIp=$2 + local folder=$3 + local file=$4 + + vmDataFilePath="/var/www/html/$folder/$vmIp/$file" + ssh -p $PORT -o StrictHostKeyChecking=no -i $cert root@$domrIp "if [ -f $vmDataFilePath ]; then rm -rf $vmDataFilePath; fi" >/dev/null + return $? +} + +domrIp= +vmIp= +folder= +file= +dataFile= + +while getopts 'r:v:F:f:d:' OPTION +do + case $OPTION in + r) domrIp="$OPTARG" + ;; + v) vmIp="$OPTARG" + ;; + F) folder="$OPTARG" + ;; + f) file="$OPTARG" + ;; + d) dataFile="$OPTARG" + ;; + ?) usage + exit 1 + ;; + esac +done + +[ "$domrIp" == "" ] || [ "$vmIp" == "" ] || [ "$folder" == "" ] || [ "$file" == "" ] && usage +[ "$folder" != "userdata" ] && [ "$folder" != "metadata" ] && usage + +if [ "$dataFile" != "" ] +then + create_htaccess $domrIp $vmIp $folder $file + + if [ $? -gt 0 ] + then + exit 1 + fi + + copy_vm_data_file $domrIp $vmIp $folder $file $dataFile +else + delete_vm_data_file $domrIp $vmIp $folder $file +fi + +exit $?