modules/roles/files/static-mirroring/static-master-ssh-wrap

   1 #!/bin/bash
   2
   3 # Copyright (c) 2009, 2010, 2012 Peter Palfrader
   4 #
   5 # Permission is hereby granted, free of charge, to any person obtaining
   6 # a copy of this software and associated documentation files (the
   7 # "Software"), to deal in the Software without restriction, including
   8 # without limitation the rights to use, copy, modify, merge, publish,
   9 # distribute, sublicense, and/or sell copies of the Software, and to
  10 # permit persons to whom the Software is furnished to do so, subject to
  11 # the following conditions:
  12 #
  13 # The above copyright notice and this permission notice shall be
  14 # included in all copies or substantial portions of the Software.
  15 #
  16 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  17 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  18 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  19 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  20 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  21 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  22 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  23
  24 set -e
  25 set -u
  26
  27 MYLOGNAME="`basename "$0"`[$$]"
  28 BASEDIR="/home/staticsync/static-master"
  29 COMPONENTLIST=/etc/static-components.conf
  30
  31 usage() {
  32         echo "local Usage: $0 <host>"
  33         echo "via ssh orig command:"
  34         echo "                      rsync <stuff>"
  35         echo "                      static-master-update-component <component>"
  36 }
  37
  38 one_more_arg() {
  39         if [ "$#" -lt 1 ]; then
  40                 usage >&2
  41                 exit 1
  42         fi
  43 }
  44
  45 info() {
  46         logger -p daemon.info -t "$MYLOGNAME" "$1"
  47 }
  48
  49 croak() {
  50         logger -s -p daemon.warn -t "$MYLOGNAME" "$1"
  51         exit 1
  52 }
  53
  54 do_rsync() {
  55         local remote_host="$1"; shift
  56         local args="--server --sender -vlHtrze.iLsf --safe-links ."
  57
  58         for component in $(awk -v this_host="$(hostname -f)" '$1 == this_host {print $2}' $COMPONENTLIST); do
  59           if [ "$*" = "$args $component/-new-/" ] || [ "$*" = "$args ./$component/-new-/" ] ; then
  60                   local path="$BASEDIR/master/$component-current-push"
  61                   info "serving $remote_host with $path"
  62                   rsync $args "$path/."
  63                   return
  64           elif [ "$*" = "$args $component/-live-/" ] || [ "$*" = "$args ./$component/-live-/" ] ; then
  65                   local path="$BASEDIR/master/$component-current-live"
  66                   info "host $remote_host wants $path, acquiring lock"
  67                   exec 200< "$path"
  68                   if ! flock -s -w 0 200; then
  69                         echo >&2 "Cannot acquire shared lock on $path - this should mean an update is already underway anyway."
  70                         exit 1
  71                   fi
  72                   rsync $args "$path/."
  73                   return
  74           fi
  75         done
  76
  77         info "NOT allowed for $remote_host: rsync $*"
  78         echo >&2 "This rsync command ($@) not allowed."
  79         exit 1
  80 }
  81
  82 do_update_component() {
  83         local remote_host="$1"; shift
  84
  85         one_more_arg "$@"
  86         component="$1"
  87         shift
  88
  89         hit="$(
  90                 awk -v this_host="$(hostname -f)" -v component="$component" -v host="$remote_host" '
  91                   $1 == this_host && $2 == component {
  92                           if ($3 == host) {
  93                                   print $4
  94                                   exit
  95                           }
  96                           split($5,extra,",")
  97                           for (i in extra) {
  98                                   if (host == extra[i]) {
  99                                           printf "%s:%s\n", $3, $4
 100                                           exit
 101                                   }
 102                           }
 103                           exit
 104                   }' "$COMPONENTLIST"
 105                 )"
 106         if [ -n "$hit" ]; then
 107                 exec static-master-update-component "$component"
 108                 echo >&2 "Exec failed"
 109                 croak "exec failed"
 110         else
 111                 info "Not whitelisted: $remote_host update $component"
 112                 echo >&2 "Not whitelisted: $remote_host update $component"
 113                 exit 1
 114         fi
 115 }
 116
 117
 118 if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
 119         usage
 120         exit 0
 121 fi
 122
 123 one_more_arg "$@"
 124 remote_host="$1"
 125 shift
 126
 127
 128 # check/parse remote command line
 129 if [ -z "${SSH_ORIGINAL_COMMAND:-}" ] ; then
 130         croak "Did not find SSH_ORIGINAL_COMMAND"
 131 fi
 132 set "dummy" ${SSH_ORIGINAL_COMMAND}
 133 shift
 134
 135 info "host $remote_host called with $*"
 136
 137 one_more_arg "$@"
 138 action="$1"
 139 shift
 140
 141 case "$action" in
 142         rsync)
 143                 do_rsync "$remote_host" "$@"
 144                 ;;
 145         static-master-update-component)
 146                 do_update_component "$remote_host" "$@"
 147                 ;;
 148         *)
 149                 croak "Invalid operation '$action'"
 150                 ;;
 151 esac