dtc-xen 0.5.17-1 / postinst

#!/bin/sh

set -e

echoIfVerbose () {
	if [ ""$VERBOSE_INSTALL = "yes" ] ; then
		echo $1
	fi
}

debian_get_config () {
	. /usr/share/debconf/confmodule
	db_version 2.0

	db_get dtc-xen/conf_soap_login
	conf_soap_login=$RET
	db_get dtc-xen/conf_soap_pass
	conf_soap_pass=$RET
	db_get dtc-xen/conf_debian_repository
	conf_debian_repository=$RET
	db_get dtc-xen/conf_debian_release
	conf_debian_release=$RET
	db_get dtc-xen/conf_netmask
	conf_netmask=$RET
	db_get dtc-xen/conf_broadcast
	conf_broadcast=$RET
	db_get dtc-xen/conf_gateway
	conf_gateway=$RET
	db_get dtc-xen/conf_linux_kernel_name
	conf_linux_kernel_name=$RET
	db_get dtc-xen/conf_linux_domu_initrd
	conf_linux_domu_initrd=$RET
	db_get dtc-xen/conf_lvm_name
	conf_lvm_name=$RET
	db_get dtc-xen/conf_vps_mountpoint
	conf_vps_mountpoint=$RET
	db_get dtc-xen/conf_info_finish_setup
	db_unregister dtc-xen/conf_soap_pass
	db_stop
}

# Parameter:
# $1: field to search for
# $2: value to configure in it
replace_config_value () {
	# If the varibale appears commented out (which is sometimes the default), uncomment
	grep -Eq "^[ \t]*${1}=" ${DTCXEN_ETCPATH}/dtc-xen.conf || \
	grep -Eq "^#[ \t]${1}=" ${DTCXEN_ETCPATH}/dtc-xen.conf && \
		sed -i "s|^#[ \t]${1}=|${1}=|" ${DTCXEN_ETCPATH}/dtc-xen.conf

	# If the variable isn't present after the above, happend it at the end of the file
	grep -Eq "^[ \t]*${1}=" ${DTCXEN_ETCPATH}/dtc-xen.conf || \
	echo "${1}=" >>${DTCXEN_ETCPATH}/dtc-xen.conf

	# Finally, set the new value to the variable
	sed -i "s|^[ \t]*${1}=.*|${1}=${2}|" ${DTCXEN_ETCPATH}/dtc-xen.conf
}

write_debian_config_files () {
	replace_config_value provisioning_volgroup ${conf_lvm_name}
	replace_config_value provisioning_mount_point ${conf_vps_mountpoint}
	replace_config_value debian_repo ${conf_debian_repository}
	replace_config_value debian_release ${conf_debian_release}
	replace_config_value GATEWAY ${conf_gateway}
	replace_config_value NETMASK ${conf_netmask}
	replace_config_value BROADCAST ${conf_broadcast}
	replace_config_value KERNEL_RELEASE ${conf_linux_kernel_name}
	replace_config_value KMOD_PATH "/lib/modules/${conf_linux_kernel_name}"
	replace_config_value KERNELPATH "/boot/vmlinuz-${conf_linux_kernel_name}"
	if [ -f "/boot/initrd.img-${conf_linux_kernel_name}" ] ; then
		replace_config_value INITRDPATH "/boot/initrd.img-${conf_linux_kernel_name}"
	fi
	replace_config_value cert_passphrase ${cert_passphrase}
}

create_ssl_cert () {
	mkdir -p $DTCXEN_ETCPATH
	CWD=`pwd`
	cd $DTCXEN_ETCPATH

	# Check if we have an old passphrase stored!
	if [ -e ${DTCXEN_ETCPATH}/dtc-xen.conf ] ; then
		. ${DTCXEN_ETCPATH}/dtc-xen.conf
	fi
	if [ -z "${cert_passphrase}" ] ; then
		cert_passphrase=`dd if=/dev/random bs=64 count=1 2>|/dev/null | md5sum | cut -d' ' -f1`
	fi

	# If the config file exist, read the passphrase from the file
	echoIfVerbose "---> Generating SSL certs for the SOAP python server"
	rm -f $DTCXEN_ETCPATH/privkey.pem $DTCXEN_ETCPATH/dtc-xen.cert.csr $DTCXEN_ETCPATH/dtc-xen.cert.cert $DTCXEN_ETCPATH/dtc-xen.cert.key
	CERTPASS_TMP_FILE=`${MKTEMP} certfilepass.XXXXXX`  || exit 1
	echo $cert_passphrase >$CERTPASS_TMP_FILE
	OLD_UMASK=`umask`
	umask 0077
	( echo "US"; echo "the-state"; echo "My-ocation"; echo "GPLHost"; echo "No-unit"; echo $conf_soap_hostname;
	echo "webmaster@"$conf_soap_hostname; echo "challenge pass";
	echo $conf_cert_organization; ) | $OPENSSL req -passout file:$CERTPASS_TMP_FILE -new > $DTCXEN_ETCPATH/dtc-xen.cert.csr
	$OPENSSL rsa -passin file:$CERTPASS_TMP_FILE -in $DTCXEN_ETCPATH/privkey.pem -out $DTCXEN_ETCPATH/dtc-xen.cert.key
	$OPENSSL x509 -in $DTCXEN_ETCPATH/dtc-xen.cert.csr -out $DTCXEN_ETCPATH/dtc-xen.cert.cert -req -signkey $DTCXEN_ETCPATH/dtc-xen.cert.key -days 3650
	umask $OLD_UMASK
	rm $CERTPASS_TMP_FILE
	cd $CWD
}

manage_htpasswd () {
	if [ -e "/usr/bin/htpasswd" ] ;then
		HTPASSWD="/usr/bin/htpasswd"
	else
		if [ -e "/usr/sbin/htpasswd2" ] ;then
			HTPASSWD="/usr/sbin/htpasswd2"
		else
			echo "Didn't find any htpasswd binary: exiting !!!"
			exit 1;
		fi
	fi

	# Generate the htpasswd file (each time, it doesn't mater)
	echoIfVerbose "---> Generating $DTCXEN_ETCPATH/htpasswd file for the SOAP python server"
	# Just in case there's no password set (which is the case if running debconf in non-interactive), generate a random one
	if [ -z ${conf_soap_pass} ] ; then
		echoIfVerbose "WARNING: No password set durring debconf, will pickup a random one."
		echoIfVerbose "Issue a dpkg-reconfigure dtc-xen to setup a real password."
		conf_soap_pass=`dd if=/dev/random bs=64 count=1 2>|/dev/null | md5sum | cut -d' ' -f1 | awk '{print substr($0,0,16)}'`
	fi
	$HTPASSWD -cb $DTCXEN_ETCPATH/htpasswd ${conf_soap_login} ${conf_soap_pass}
}

# All this function should NOT exist.
# These are ISSUES in Debian that I'm really not happy off...
# Fellow maintainers, please fix your packages
debian_fixups () {
	# Needs the /var/lib/rpm to setup CentOS, it's not there by default, so we add it
	# This will be fixed in the next yum package we'll release, but I really think this
	# should be fixed in the RPM package
	mkdir -p /var/lib/rpm

	# Xen packagers in Debian decided to omit the /etc/xen/auto folder, WHY???
	mkdir -p /etc/xen/auto

	# Delete an eventual cron job that was installed prior dtc-xen 0.4
	if [ -e /etc/cron.d/dtc-xen ] ; then
		rm -f /etc/cron.d/dtc-xen
	fi
}

VERBOSE_INSTALL=yes
DTCXEN_ETCPATH=/etc/dtc-xen
XEN_USER_HOME=/var/lib/dtc-xen/ttyssh_home
MKTEMP="mktemp -t"
OPENSSL=/usr/bin/openssl

################################
### EXECUTION STARTS HERE!!! ###
################################
if ! [ -e ${DTCXEN_ETCPATH}/dtc-xen.conf ] ; then
	cp /usr/share/dtc-xen/dtc-xen.conf ${DTCXEN_ETCPATH}
fi
debian_get_config
debian_fixups
create_ssl_cert
write_debian_config_files
manage_htpasswd
touch ${DTCXEN_ETCPATH}/authorized_keys2
# Make it safer...
chmod 600 ${DTCXEN_ETCPATH}/dtc-xen.conf
# Correct an eventual old version that was running with wrong rights
chmod 600 ${DTCXEN_ETCPATH}/privkey.pem
chmod 600 ${DTCXEN_ETCPATH}/dtc-xen.cert.cert ${DTCXEN_ETCPATH}/dtc-xen.cert.csr ${DTCXEN_ETCPATH}/dtc-xen.cert.key
# This is to be able to mount the VPS partitions in order to bootstrap.
mkdir -p ${conf_vps_mountpoint}
# Manage the dtc-xen users, so people can log through the physical console
# using ssh xenXX@node99999.example.com (where XX is the VPS number).
# We first add a group xenusers, then we add our 29 users.
mkdir -p ${XEN_USER_HOME}
if getent group xenusers >/dev/null ; then
	echoIfVerbose "Group xenusers already exists in /etc/group"
else
	echoIfVerbose "Add group xenusers"
	groupadd xenusers
fi
mkdir -p $XEN_USER_HOME

if [ -e ${DTCXEN_ETCPATH}/sources.list ] ; then
	cp /etc/apt/sources.list ${DTCXEN_ETCPATH}
fi

# Delete the old configuration files as we don't use them anymore,
# and we don't want to confuse our users.
if [ -e ${DTCXEN_ETCPATH}/dtc_create_vps.conf.sh ] ; then
	rm -f ${DTCXEN_ETCPATH}/dtc_create_vps.conf.sh
fi
if [ -e ${DTCXEN_ETCPATH}/soap.conf ] ; then
	rm -f ${DTCXEN_ETCPATH}/soap.conf
fi

# Automatically added by dh_installinit
if [ -x "/etc/init.d/dtc-xen" ]; then
	if [ ! -e "/etc/init/dtc-xen.conf" ]; then
		update-rc.d dtc-xen defaults >/dev/null
	fi
	invoke-rc.d dtc-xen start || exit $?
fi
# End automatically added section

# Automatically added by dh_python2:
if which pycompile >/dev/null 2>&1; then
	pycompile -p dtc-xen /usr/share/dtc-xen
fi

# End automatically added section

# Automatically added by dh_python2:
if which pycompile >/dev/null 2>&1; then
	pycompile -p dtc-xen /usr
fi

# End automatically added section


exit 0