This repository has been archived by the owner on Oct 21, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathscion_install_script.sh
executable file
·362 lines (313 loc) · 11.3 KB
/
scion_install_script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
#!/bin/bash
set -e
shopt -s nullglob
UPGRADE_SCRIPT_LOCATION="/usr/bin/scionupgrade.sh"
usage="$(basename "$0") [-p PATCH_DIR] [-g GEN_DIR] [-v VPN_CONF_PATH] \
[-s SCION_SERVICE] [-z SCION_VI_SERVICE] [-a ALIASES_FILE] [-c] \
[-u UPGRADE_SCRIPT] [-t TIMER_SERVICE]
where:
-p PATCH_DIR apply patches from PATCH_DIR on cloned repo
-g GEN_DIR path to gen directory to be used
-v VPN_CONF_PATH path to OpenVPN configuration file
-s SCION_SERVICE path to SCION service file
-z SCION_VI_SERVICE path to SCION-viz service file
-a ALIASES_FILE adds useful command aliases in specified file
-c do not destroy user context on logout
-u UPGR_SCRIPT script used for upgrading scion, (will be copied to
path ${UPGRADE_SCRIPT_LOCATION})
-t TIMER_UPG_SERV name of sysd timer and system name for upgrades"
while getopts ":p:g:v:s:z:ha:cu:t:" opt; do
case $opt in
p)
patch_dir=$OPTARG
;;
g)
gen_dir=$OPTARG
;;
v)
vpn_config_file=$OPTARG
;;
s)
scion_service_path=$OPTARG
;;
z)
scion_viz_service=$OPTARG
;;
h)
echo "Displaying help:" >&2
echo "$usage" >&2
exit 1
;;
a)
aliases_file=$OPTARG
;;
c)
keep_user_context=true
;;
u)
upgrade_script=$OPTARG
;;
t)
upgrade_timer=${OPTARG}.timer
upgrade_service=${OPTARG}.service
;;
\?)
echo "Invalid option: -$OPTARG" >&2
echo "$usage" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
echo "$usage" >&2
exit 1
;;
esac
done
echo "Starting SCION installation..."
# Check if we are running on correct Ubuntu system
if [ -f /etc/os-release ]
then
. /etc/os-release
if [[ $NAME == "Ubuntu" && $VERSION_ID == 16.04* ]] ; then
echo "We are running on $NAME version $VERSION_ID seems okay"
else
echo "ERROR! We are not running on Ubuntu 16.04 system, shutting down!" >&2
exit 1
fi
else
echo "ERROR! This script can only be run on Ubuntu 16.04" >&2
exit 1
fi
sudo apt-get -y update
sudo apt-get -y install git
echo 'export GOPATH="$HOME/go"' >> ~/.profile
echo 'export PATH="$HOME/.local/bin:$GOPATH/bin:/usr/local/go/bin:$PATH"' >> ~/.profile
echo 'export SC="$GOPATH/src/github.com/scionproto/scion"' >> ~/.profile
echo 'export PYTHONPATH="$SC/python:$SC"' >> ~/.profile
source ~/.profile
mkdir -p "$GOPATH"
mkdir -p "$GOPATH/src/github.com/scionproto"
cd "$GOPATH/src/github.com/scionproto"
git config --global url.https://github.com/.insteadOf [email protected]:
git clone --recursive -b scionlab [email protected]:netsec-ethz/netsec-scion scion
cd scion
# Check if there is a patch directory
if [[ ( ! -z ${patch_dir+x} ) && -d ${patch_dir} ]]
then
echo "Applying patches:"
patch_files="$patch_dir/*.patch"
for f in $patch_files;
do
echo -e "\t$f"
git apply "$f"
done
git_username=$(git config user.name || true)
# We need to have git user in order to commit
if [ -z "$git_username" ]
then
echo "GIT user credentials not set, configuring defaults"
git config --global user.name "Scion User"
git config --global user.email "[email protected]"
fi
git commit -am "Applied platform dependent patches"
echo "Finished applying patches"
fi
MEMTOTAL=$(grep MemTotal /proc/meminfo | awk '{print $2}')
echo "Available memory is: $MEMTOTAL"
# if less than 4Gb
[[ $MEMTOTAL -lt 4194304 ]] && swapadded=1 || swapadded=0
if [ $swapadded -eq 1 ]; then
echo "Not enough memory, adding swap space..."
sudo fallocate -l 4G /tmp/swap
sudo mkswap /tmp/swap
sudo swapon /tmp/swap
echo "Swap space added."
else
echo "No swap space needed."
fi
echo "Building dependencies ..."
bash -c 'yes | GO_INSTALL=true ./env/deps'
echo "Building SCION ..."
./scion.sh build
if [ $swapadded -eq 1 ]; then
echo "Removing swap space..."
sudo swapoff /tmp/swap && sudo rm -f /tmp/swap || true
echo "Swap space removed."
fi
sudo bash -c 'cat > /etc/zookeeper/conf/zoo.cfg << ZOOCFG
tickTime=100
initLimit=10
syncLimit=5
dataDir=/var/lib/zookeeper
dataLogDir=/run/shm/host-zk
clientPort=2181
maxClientCnxns=0
autopurge.purgeInterval=1
ZOOCFG'
# Add cron script which removes old zk logs
sudo bash -c 'cat > /etc/cron.daily/zookeeper << CRON1
#!/bin/sh
/usr/share/zookeeper/bin/zkCleanup.sh -n 3
CRON1'
sudo chmod 755 /etc/cron.daily/zookeeper
# Add cron script to remove gen-cache contents
sudo bash -c "cat > /etc/cron.daily/clean_gen-cache << CRON2
#!/bin/sh
rm -f $SC/gen-cache/*
CRON2"
sudo chmod 755 /etc/cron.daily/clean_gen-cache
# Check if gen directory exists
if [[ ( ! -z ${gen_dir+x} ) && -d ${gen_dir} ]]
then
echo "Gen directory is specified! Using content from there!"
cp -r "$gen_dir" .
else
echo "Gen directory is NOT specified! Generating local (Tiny) topology!"
./scion.sh topology nodocker -c topology/Tiny.topo
fi
# ensure we have the default certificate needed by QUIC
if [ ! -e "gen-certs/tls.pem" -o ! -e "gen-certs/tls.key" ]; then
old=$(umask)
echo "Generating TLS cert"
mkdir -p "gen-certs"
umask 0177
openssl genrsa -out "gen-certs/tls.key" 2048
umask "$old"
openssl req -new -x509 -key "gen-certs/tls.key" -out "gen-certs/tls.pem" -days 3650 -subj /CN=scion_def_srv
fi
# Ensure gen-cache directory exists (some services fail to start otherwise (bug))
mkdir -p gen-cache
mkdir -p sub
cd sub
git clone [email protected]:netsec-ethz/scion-viz
cd scion-viz/python/web
pip3 install --user --require-hashes -r requirements.txt
python3 ./manage.py migrate
# Should we add aliases
if [[ (! -z ${aliases_file} ) ]]
then
echo "Adding aliases to $aliases_file"
echo "alias cdscion='cd $SC'" >> "$aliases_file"
echo "alias checkbeacons='tail -f $SC/logs/bs*.DEBUG'" >> "$aliases_file"
fi
if [[ ( ! -z ${vpn_config_file+x} ) && -r ${vpn_config_file} ]]
then
echo "VPN configuration specified! Configuring it!"
sudo apt-get -y install openvpn
sudo cp "$vpn_config_file" /etc/openvpn/client.conf
sudo chmod 600 /etc/openvpn/client.conf
sudo systemctl start openvpn@client
sudo systemctl enable openvpn@client
fi
tempfile=$(mktemp)
if [[ ( ! -z ${scion_service_path+x} ) && -r ${scion_service_path} ]]
then
echo "Registering SCION as startup service"
cp "$scion_service_path" "$tempfile"
# We need to replace template user with current username
sed -i "s/_USER_/$USER/g" "$tempfile"
sudo cp "$tempfile" /etc/systemd/system/scion.service
sudo systemctl enable scion.service
sudo systemctl start scion.service
rm "$tempfile"
else
echo "SCION systemd service file not specified! SCION won't run automatically on startup."
fi
if [[ ( ! -z ${scion_viz_service+x} ) && -r ${scion_viz_service} ]]
then
echo "Registering SCION-viz as startup service"
cp "$scion_viz_service" "$tempfile"
# We need to replace template user with current username
sed -i "s/_USER_/$USER/g" "$tempfile"
sudo cp "$tempfile" /etc/systemd/system/scion-viz.service
sudo systemctl enable scion-viz.service
sudo systemctl start scion-viz.service
rm "$tempfile"
else
echo "SCION-viz systemd service file not specified! SCION-viz won't run automatically on startup."
fi
if [[ $keep_user_context = true ]]
then
sudo sh -c 'echo RemoveIPC=no >> /etc/systemd/logind.conf'
sudo systemctl reload-or-restart systemd-logind.service
fi
if [[ ( ! -z ${upgrade_script+x} ) ]]
then
echo "Copying scion upgrade script"
chmod +x ${upgrade_script}
sudo cp ${upgrade_script} ${UPGRADE_SCRIPT_LOCATION}
else
echo "SCION upgrade script not specified."
fi
if [[ ( ! -z ${upgrade_service+x} ) && -r ${upgrade_service} \
&& ( ! -z ${upgrade_timer+x} ) && -r ${upgrade_timer} \
&& ( ! -z ${UPGRADE_SCRIPT_LOCATION+x} ) && -r ${UPGRADE_SCRIPT_LOCATION} ]]
then
echo "Registering SCION periodic upgrade service"
cp "$upgrade_service" "$tempfile"
sed -i "s/_USER_/$USER/g" "$tempfile"
sudo cp "$tempfile" /etc/systemd/system/scionupgrade.service
rm "$tempfile"
cp "$upgrade_timer" "$tempfile"
sed -i "s/_USER_/$USER/g" "$tempfile"
sudo cp "$tempfile" /etc/systemd/system/scionupgrade.timer
rm "$tempfile"
sudo systemctl enable scionupgrade.timer
sudo systemctl enable scionupgrade.service
sudo systemctl start scionupgrade.timer
sudo systemctl start scionupgrade.service
if [ -d "/vagrant" ]; then # iff this is a VM
# registering the upgrade service also means "manage SCION", including keep time sync'ed
sudo apt-get install -y --no-remove ntp || true
sudo sed -i -- 's/^\(\s*start-stop-daemon\s*--start\s*--quiet\s*--oknodo\s*--exec\s*\/usr\/sbin\/VBoxService\)$/\1 -- --disable-timesync/g' /etc/init.d/virtualbox-guest-utils || true
# restart virtual box guest services and NTPd :
sudo systemctl daemon-reload || true
sudo systemctl restart virtualbox-guest-utils
sudo systemctl enable ntp || true
# we want ntpd to use the -g flag (no panic threshold):
if ! egrep -- '^NTPD_OPTS=.*-g.*$' /etc/default/ntp >/dev/null; then
sudo sed -i "s/^NTPD_OPTS='\(.*\)'/NTPD_OPTS=\'\\1\ -g'/g" /etc/default/ntp
fi
if ! grep 'tinker panic 0' /etc/ntp.conf; then
# set panic limit to 0 (disable)
echo -e "tinker panic 0\n" | sudo tee -a /etc/ntp.conf >/dev/null
fi
if ! egrep -- '^pool.*maxpoll.*$' /etc/ntp.conf; then
sudo sed -i 's/\(pool .*\)$/\1 minpoll 1 maxpoll 6/g' /etc/ntp.conf
fi
sudo systemctl restart ntp || true
# system updates, ensure unattended-upgrades is installed
if ! dpkg-query -W --showformat='${Status}\n' unattended-upgrades|grep "install ok installed" >/dev/null; then
sudo apt-get install -f --no-remove unattended-upgrades
fi
if [ ! -f /etc/apt/apt.conf.d/51unattended-upgrades ]; then
echo "Configuring unattended-upgrades"
echo 'Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}ESM:${distro_codename}";
};
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";' | sudo tee /etc/apt/apt.conf.d/51unattended-upgrades >/dev/null
fi
if [ ! -x /etc/update-motd.d/99-scionlab-upgrade ]; then
cat << "MOTD1" | sudo tee /etc/update-motd.d/99-scionlab-upgrade > /dev/null
#!/bin/bash
SC=/home/ubuntu/go/src/github.com/scionproto/scion
cd "$SC"
[[ -f "scionupgrade.auto.inprogress" ]] && dirtybuild=1 || dirtybuild=0
if [ $dirtybuild -eq 1 ]; then
printf "\n"
printf "===========================================================================\n"
printf "================= WARNING !! ==============================================\n"
printf "===========================================================================\n"
printf " SCIONLab is updating. Please wait until it finishes to run scion.sh start\n"
printf "===========================================================================\n"
printf "\n"
fi
MOTD1
sudo chmod 755 /etc/update-motd.d/99-scionlab-upgrade
fi
fi
else
echo "SCION periodic upgrade service and timer files are not provided."
fi