#!/bin/bash ##### # ESGF IDP Services # description: Idp Services # #**************************************************************************** #* * #* Copyright (c) 2009, Lawrence Livermore National Security, LLC. * #* Produced at the Lawrence Livermore National Laboratory * #* Written by: Gavin M. Bell (gavin@llnl.gov) * #* LLNL-CODE-420962 * #* * #* All rights reserved. This file is part of the: * #* Earth System Grid Fed (ESGF) Node Software Stack, Version 1.0 * #* * #* For details, see http://esgf.org/ * #* Please also read this link * #* http://esgf.org/LICENSE * #* * #* * Redistribution and use in source and binary forms, with or * #* without modification, are permitted provided that the following * #* conditions are met: * #* * #* * Redistributions of source code must retain the above copyright * #* notice, this list of conditions and the disclaimer below. * #* * #* * Redistributions in binary form must reproduce the above copyright * #* notice, this list of conditions and the disclaimer (as noted below) * #* in the documentation and/or other materials provided with the * #* distribution. * #* * #* Neither the name of the LLNS/LLNL nor the names of its contributors * #* may be used to endorse or promote products derived from this * #* software without specific prior written permission. * #* * #* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * #* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * #* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * #* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LAWRENCE * #* LIVERMORE NATIONAL SECURITY, LLC, THE U.S. DEPARTMENT OF ENERGY OR * #* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * #* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * #* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * #* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * #* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * #* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * #* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * #* SUCH DAMAGE. * #* * #**************************************************************************** ##### #uses: perl, awk, ifconfig, tar, wget, curl, su, useradd, groupadd, # id, chmod, chown, chgrp, cut, svn, mkdir, killall, java, egrep, # lsof, unlink, ln, pax, keytool, openssl #note: usage of readlink not macosx friendly :-( usage of useradd / # groupadd is RedHat/CentOS dependent :-( DEBUG=${DEBUG:-0} VERBOSE=${VERBOSE:-0} esgf_idp_version=${esgf_idp_version:-"1.1.4"} #-------------- #User Defined / Setable (public) #-------------- esg_root_dir=${esg_root_dir:-${ESGF_HOME:-"/esg"}} install_prefix=${install_prefix:-"/usr/local"} workdir=${workdir:-~/workbench/esg} install_manifest=${install_manifest:-"${esg_root_dir}/esgf-install-manifest"} #-------------- date_format=${date_format:-"+%Y_%m_%d_%H%M%S"} force_install=${force_install:-0} tomcat_user=${tomcat_user:-tomcat} tomcat_group=${tomcat_group:-$tomcat_user} tomcat_install_dir=${CATALINA_HOME:-${install_prefix}/tomcat} init() { idp_dist_url=${esg_dist_url}/esgf-idp/esgf-idp.war idp_context_root=esgf-idp idp_service_app_home=${tomcat_install_dir}/webapps/${idp_context_root} idp_service_host=${idp_service_host:-${esgf_host:-$(hostname --fqdn)}} idp_service_port=${idp_service_port:-"443"} idp_service_endpoint=$(echo "https://${idp_service_host}$( if ((idp_service_port != 443)); then echo ":${idp_service_port}"; fi)/esgf-idp/idp/openidServer.htm") #------------------------------------------ #Security services associated with IDP #------------------------------------------ idp_security_attribute_service_app_home=${idp_service_app_home} idp_security_attribute_service_host=${idp_security_attribute_service_host:-${esgf_host:-$(hostname --fqdn)}} idp_security_attribute_service_port=${idp_security_attribute_service_port:-"443"} idp_security_attribute_service_endpoint=$(echo "https://${idp_security_attribute_service_host}$( if ((idp_security_attribute_service_port != 443)); then echo ":${idp_security_attribute_service_port}"; fi)/esgf-idp/saml/soap/secure/attributeService.htm") #------------------------------------------ #------------------------------------------ idp_security_registration_service_app_home=${idp_service_app_home} idp_security_registration_service_host=${idp_security_registration_service_host:-${esgf_host:-$(hostname --fqdn)}} idp_security_registration_service_port=${idp_security_registration_service_port:-"443"} idp_security_registration_service_endpoint=$(echo "https://${idp_security_registration_service_host}$( if ((idp_security_registration_service_port != 443)); then echo ":${idp_security_registration_service_port}"; fi)/esgf-idp/secure/registrationService.htm") #------------------------------------------ } ##### # Install The ESGF Idp Services ##### # - Takes boolean arg: 0 = setup / install mode (default) # 1 = updated mode # # In setup mode it is an idempotent install (default) # In update mode it will always pull down latest after archiving old # setup_idp() { init echo -n "Checking for idp services ${esgf_idp_version}" check_webapp_version "${idp_context_root}" "${esgf_idp_version}" local ret=$? ((ret == 0)) && (( ! force_install )) && echo " [OK]" && return 0 echo echo "*******************************" echo "Setting up The ESGF Idp Services" echo "*******************************" echo local upgrade=${1:-0} local default="Y" ((force_install)) && default="N" local dosetup if [ -d ${idp_service_app_home} ]; then echo "Detected an existing idp services installation..." read -p "Do you want to continue with idp services installation and setup? $([ "$default" = "N" ] && echo "[y/N]" || echo "[Y/n]") " dosetup [ -z "${dosetup}" ] && dosetup=${default} if [ "${dosetup}" != "Y" ] && [ "${dosetup}" != "y" ]; then echo "Skipping idp services installation and setup - will assume it's setup properly" return 0 fi local dobackup="Y" read -p "Do you want to make a back up of the existing distribution?? [Y/n] " dobackup [ -z "${dobackup}" ] && dobackup=${default} if [ "${dobackup}" = "Y" ] || [ "${dobackup}" = "y" ]; then echo "Creating a backup archive of this web application $idp_service_app_home" backup ${idp_service_app_home} fi echo fi mkdir -p ${workdir} [ $? != 0 ] && return 1 pushd ${workdir} >& /dev/null local idp_dist_file=$(pwd)/${idp_dist_url##*/} checked_get ${idp_dist_file} ${idp_dist_url} $((force_install)) (( $? > 1 )) && echo " ERROR: Could not download ${node_dist_url} :-(" && popd >& /dev/null && checked_done 1 stop_tomcat #---------------------------- #make room for new install set_aside_web_app ${idp_service_app_home} #---------------------------- mkdir -p ${idp_service_app_home} [ $? != 0 ] && echo "Could not create dir ${idp_service_app_home}" && popd >& /dev/null && checked_done 1 cd ${idp_service_app_home} echo "Expanding war ${idp_dist_file} in $(pwd)" $JAVA_HOME/bin/jar xf ${idp_dist_file} set_aside_web_app_cleanup ${idp_service_app_home} $? chown -R ${tomcat_user} ${idp_service_app_home} chgrp -R ${tomcat_group} ${idp_service_app_home} popd >& /dev/null #---------------------------- popd >& /dev/null write_idp_install_log write_security_lib_install_log checked_done 0 } write_idp_install_log() { echo "$(date ${date_format}) webapp:${idp_context_root}=${esgf_idp_version} ${idp_service_app_home}" >> ${install_manifest} dedup ${install_manifest} write_as_property idp_service_app_home write_as_property idp_service_endpoint write_as_property idp_security_attribute_service_app_home write_as_property idp_security_attribute_service_endpoint write_as_property idp_security_registration_service_app_home write_as_property idp_security_registration_service_endpoint return 0 } #NOTE: an identical implementation exists in the ORP installer... #(this should ideally only exist in one place i.e. a source "functions" file) write_security_lib_install_log() { [ -z "${esgf_security_version}" ] && echo "WARNING: [orp] Could not write install log entry for security library" && return 1 local last_recorded_version=$(sed -n 's/.*esgf-security=\(.[^ ]*\).*/\1/p' ${install_manifest}) [ -n "${last_recorded_version}" ] && [ "${last_recorded_version}" = "${esgf_security_version}" ] && return 0 echo "$(date ${date_format}) esgf->library:esgf-security=${esgf_security_version} " >> ${install_manifest} dedup ${install_manifest} return 0 } #-------------------------------------- # Clean / Uninstall this module... #-------------------------------------- clean_idp_webapp_subsystem() { init local doit="N" if [ -e ${idp_service_app_home} ]; then read -p "remove ESGF IDP web service? (${idp_service_app_home}) [y/N]: " doit if [ "doit" = "Y" ] || [ "$doit" = "y" ]; then echo "removing ${idp_service_app_home}" if [ -n ${idp_service_app_home} ]; then rm -rf ${idp_service_app_home} [ $? != 0 ] && echo "ERROR: Unable to remove ${idp_service_app_home}" && return 1 perl -n -i -e'print unless m!webapp:esgf-idp!' ${install_manifest} remove_property idp_service_app_home remove_property idp_service_endpoint remove_property idp_security_attribute_service_app_home remove_property idp_security_attribute_service_endpoint remove_property idp_security_registration_service_app_home remove_property idp_security_registration_service_endpoint fi fi fi return 0 }