mirror of https://github.com/apache/jclouds.git
Issue 621:don't start test instances with http-accessible services running as root
This commit is contained in:
parent
32e4065bb7
commit
c58dba41e9
|
@ -63,12 +63,14 @@ public class StubComputeServiceAdapter implements JCloudsNativeComputeServiceAda
|
|||
private final String passwordPrefix;
|
||||
private final Supplier<Set<? extends Location>> locationSupplier;
|
||||
private final Map<OsFamily, Map<String, String>> osToVersionMap;
|
||||
private final Map<String, Credentials> credentialStore;
|
||||
|
||||
@Inject
|
||||
public StubComputeServiceAdapter(ConcurrentMap<String, NodeMetadata> nodes, Supplier<Location> location,
|
||||
@Named("NODE_ID") Provider<Integer> idProvider, @Named("PUBLIC_IP_PREFIX") String publicIpPrefix,
|
||||
@Named("PRIVATE_IP_PREFIX") String privateIpPrefix, @Named("PASSWORD_PREFIX") String passwordPrefix,
|
||||
JustProvider locationSupplier, Map<OsFamily, Map<String, String>> osToVersionMap) {
|
||||
JustProvider locationSupplier, Map<OsFamily, Map<String, String>> osToVersionMap,
|
||||
Map<String, Credentials> credentialStore) {
|
||||
this.nodes = nodes;
|
||||
this.location = location;
|
||||
this.idProvider = idProvider;
|
||||
|
@ -77,6 +79,7 @@ public class StubComputeServiceAdapter implements JCloudsNativeComputeServiceAda
|
|||
this.passwordPrefix = passwordPrefix;
|
||||
this.locationSupplier = locationSupplier;
|
||||
this.osToVersionMap = osToVersionMap;
|
||||
this.credentialStore = credentialStore;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -140,7 +143,9 @@ public class StubComputeServiceAdapter implements JCloudsNativeComputeServiceAda
|
|||
|
||||
@Override
|
||||
public NodeMetadata getNode(String id) {
|
||||
return nodes.get(id);
|
||||
NodeMetadata node = nodes.get(id);
|
||||
return node == null ? null : NodeMetadataBuilder.fromNodeMetadata(node).credentials(
|
||||
credentialStore.get("node#" + node.getId())).build();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -17,7 +17,6 @@
|
|||
* ====================================================================
|
||||
*/
|
||||
package org.jclouds.compute;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static com.google.common.base.Predicates.and;
|
||||
import static com.google.common.base.Predicates.not;
|
||||
|
@ -30,11 +29,16 @@ import static com.google.common.collect.Maps.uniqueIndex;
|
|||
import static com.google.common.collect.Sets.filter;
|
||||
import static com.google.common.collect.Sets.newTreeSet;
|
||||
import static java.lang.String.format;
|
||||
import static java.lang.System.currentTimeMillis;
|
||||
import static java.util.logging.Logger.getAnonymousLogger;
|
||||
import static org.jclouds.compute.ComputeTestUtils.buildScript;
|
||||
import static org.jclouds.compute.RunScriptData.installAdminUserJBossAndOpenPorts;
|
||||
import static org.jclouds.compute.RunScriptData.startJBoss;
|
||||
import static org.jclouds.compute.options.RunScriptOptions.Builder.nameTask;
|
||||
import static org.jclouds.compute.options.RunScriptOptions.Builder.wrapInInitScript;
|
||||
import static org.jclouds.compute.options.TemplateOptions.Builder.blockOnComplete;
|
||||
import static org.jclouds.compute.options.TemplateOptions.Builder.inboundPorts;
|
||||
import static org.jclouds.compute.options.TemplateOptions.Builder.overrideCredentialsWith;
|
||||
import static org.jclouds.compute.options.TemplateOptions.Builder.runAsRoot;
|
||||
import static org.jclouds.compute.predicates.NodePredicates.TERMINATED;
|
||||
import static org.jclouds.compute.predicates.NodePredicates.all;
|
||||
import static org.jclouds.compute.predicates.NodePredicates.inGroup;
|
||||
|
@ -55,6 +59,8 @@ import java.util.Map.Entry;
|
|||
import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.concurrent.TimeoutException;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.jclouds.Constants;
|
||||
import org.jclouds.compute.domain.ComputeMetadata;
|
||||
|
@ -82,6 +88,7 @@ import org.jclouds.scriptbuilder.domain.Statements;
|
|||
import org.jclouds.scriptbuilder.statements.login.AdminAccess;
|
||||
import org.jclouds.ssh.SshClient;
|
||||
import org.jclouds.ssh.SshException;
|
||||
import org.jclouds.util.Strings2;
|
||||
import org.testng.annotations.AfterTest;
|
||||
import org.testng.annotations.BeforeGroups;
|
||||
import org.testng.annotations.Test;
|
||||
|
@ -89,6 +96,7 @@ import org.testng.annotations.Test;
|
|||
import com.google.common.base.Function;
|
||||
import com.google.common.base.Predicate;
|
||||
import com.google.common.base.Predicates;
|
||||
import com.google.common.base.Supplier;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.Iterables;
|
||||
import com.google.inject.Guice;
|
||||
|
@ -103,7 +111,8 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
|
||||
protected String group;
|
||||
|
||||
protected RetryablePredicate<IPSocket> socketTester;
|
||||
protected Predicate<IPSocket> socketTester;
|
||||
protected Predicate<IPSocket> preciseSocketTester;
|
||||
protected SortedSet<NodeMetadata> nodes;
|
||||
protected ComputeServiceContext context;
|
||||
protected ComputeService client;
|
||||
|
@ -117,6 +126,7 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
protected String endpoint;
|
||||
protected String apiversion;
|
||||
|
||||
|
||||
protected Properties setupProperties() {
|
||||
Properties overrides = new Properties();
|
||||
overrides.setProperty(Constants.PROPERTY_TRUST_ALL_CERTS, "true");
|
||||
|
@ -175,6 +185,12 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
protected void buildSocketTester() {
|
||||
SocketOpen socketOpen = Guice.createInjector(getSshModule()).getInstance(SocketOpen.class);
|
||||
socketTester = new RetryablePredicate<IPSocket>(socketOpen, 60, 1, TimeUnit.SECONDS);
|
||||
// wait a maximum of 30 seconds for port 8080 to open.
|
||||
long maxWait = TimeUnit.SECONDS.toMillis(30);
|
||||
long interval = 50;
|
||||
// get more precise than default socket tester
|
||||
preciseSocketTester = new RetryablePredicate<IPSocket>(socketOpen, maxWait, interval, interval,
|
||||
TimeUnit.MILLISECONDS);
|
||||
}
|
||||
|
||||
abstract protected Module getSshModule();
|
||||
|
@ -201,9 +217,9 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
@Test(enabled = true)
|
||||
public void testImagesCache() throws Exception {
|
||||
client.listImages();
|
||||
long time = System.currentTimeMillis();
|
||||
long time = currentTimeMillis();
|
||||
client.listImages();
|
||||
long duration = System.currentTimeMillis() - time;
|
||||
long duration = currentTimeMillis() - time;
|
||||
assert duration < 1000 : format("%dms to get images", duration);
|
||||
}
|
||||
|
||||
|
@ -255,6 +271,14 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
|
||||
checkNodes(nodes, group);
|
||||
|
||||
// test adding AdminAccess later changes the default boot user, in this case to foo
|
||||
response = client.runScriptOnNode(get(nodes, 0).getId(), AdminAccess.builder().adminUsername("foo").build(), nameTask("adminUpdate"));
|
||||
|
||||
response = client.runScriptOnNode(get(nodes, 0).getId(), "echo $USER", wrapInInitScript(false)
|
||||
.runAsRoot(false));
|
||||
|
||||
assert response.getOutput().trim().equals("foo") : get(nodes, 0).getId() + ": " + response;
|
||||
|
||||
} finally {
|
||||
client.destroyNodesMatching(inGroup(group));
|
||||
}
|
||||
|
@ -509,27 +533,114 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
return filter(client.listNodesDetailsMatching(all()), and(inGroup(group), not(TERMINATED)));
|
||||
}
|
||||
|
||||
static class ServiceStats {
|
||||
long backgroundProcessSeconds;
|
||||
long socketOpenMilliseconds;
|
||||
long reportedStartupTimeMilliseconds;
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format(
|
||||
"[backgroundProcessSeconds=%s, socketOpenMilliseconds=%s, reportedStartupTimeMilliseconds=%s]",
|
||||
backgroundProcessSeconds, socketOpenMilliseconds, reportedStartupTimeMilliseconds);
|
||||
}
|
||||
}
|
||||
|
||||
protected ServiceStats trackAvailabilityOfProcessOnNode(Supplier<ExecResponse> bgProcess, String processName,
|
||||
NodeMetadata node, Pattern parseReported) {
|
||||
ServiceStats stats = new ServiceStats();
|
||||
long startSeconds = currentTimeMillis();
|
||||
|
||||
ExecResponse exec = bgProcess.get();
|
||||
stats.backgroundProcessSeconds = (currentTimeMillis() - startSeconds) / 1000;
|
||||
|
||||
IPSocket socket = new IPSocket(Iterables.get(node.getPublicAddresses(), 0), 8080);
|
||||
assert preciseSocketTester.apply(socket) : node;
|
||||
stats.socketOpenMilliseconds = currentTimeMillis() - startSeconds;
|
||||
|
||||
exec = client.runScriptOnNode(node.getId(), "./" + processName + " tail", runAsRoot(false)
|
||||
.wrapInInitScript(false));
|
||||
|
||||
Matcher matcher = parseReported.matcher(exec.getOutput());
|
||||
if (matcher.find())
|
||||
stats.reportedStartupTimeMilliseconds = new Long(matcher.group(1));
|
||||
|
||||
getAnonymousLogger().info(format("<< %s on node(%s) %s", bgProcess, node.getId(), stats));
|
||||
return stats;
|
||||
}
|
||||
|
||||
// started in 6462ms -
|
||||
public static final Pattern JBOSS_PATTERN = Pattern.compile("started in ([0-9]+)ms -");
|
||||
|
||||
protected ServiceStats trackAvailabilityOfJBossProcessOnNode(Supplier<ExecResponse> startProcess, NodeMetadata node) {
|
||||
return trackAvailabilityOfProcessOnNode(startProcess, "jboss", node, JBOSS_PATTERN);
|
||||
}
|
||||
|
||||
@Test(enabled = true)
|
||||
public void testCreateAndRunAService() throws Exception {
|
||||
|
||||
String group = this.group + "s";
|
||||
final String configuration = Strings2.toStringAndClose(RunScriptData.class
|
||||
.getResourceAsStream("/standalone-basic.xml"));
|
||||
try {
|
||||
client.destroyNodesMatching(inGroup(group));
|
||||
} catch (Exception e) {
|
||||
|
||||
}
|
||||
|
||||
template = client.templateBuilder().options(blockOnComplete(false).blockOnPort(8080, 600).inboundPorts(22, 8080))
|
||||
.build();
|
||||
|
||||
// note this is a dependency on the template resolution
|
||||
template.getOptions().runScript(
|
||||
RunScriptData.createScriptInstallAndStartJBoss(template.getImage()
|
||||
.getOperatingSystem()));
|
||||
try {
|
||||
NodeMetadata node = getOnlyElement(client.createNodesInGroup(group, 1, template));
|
||||
long startSeconds = currentTimeMillis();
|
||||
NodeMetadata node = getOnlyElement(client.createNodesInGroup(group, 1, inboundPorts(22, 8080).blockOnPort(22,
|
||||
300)));
|
||||
final String nodeId = node.getId();
|
||||
long createSeconds = (currentTimeMillis() - startSeconds) / 1000;
|
||||
|
||||
getAnonymousLogger().info(
|
||||
format("<< available node(%s) os(%s) in %ss", node.getId(), node.getOperatingSystem(), createSeconds));
|
||||
|
||||
startSeconds = currentTimeMillis();
|
||||
|
||||
// note this is a dependency on the template resolution so we have the right process per
|
||||
// operating system. moreover, we wish this to run as root, so that it can change ip
|
||||
// tables rules and setup our admin user
|
||||
client.runScriptOnNode(nodeId, installAdminUserJBossAndOpenPorts(node.getOperatingSystem()),
|
||||
nameTask("configure-jboss"));
|
||||
|
||||
long configureSeconds = (currentTimeMillis() - startSeconds) / 1000;
|
||||
|
||||
getAnonymousLogger().info(format("<< configured node(%s) in %ss", nodeId, configureSeconds));
|
||||
|
||||
trackAvailabilityOfJBossProcessOnNode(new Supplier<ExecResponse>() {
|
||||
|
||||
@Override
|
||||
public ExecResponse get() {
|
||||
return client.runScriptOnNode(nodeId, startJBoss(configuration), runAsRoot(false).blockOnComplete(false)
|
||||
.nameTask("jboss"));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "initial start of jboss";
|
||||
}
|
||||
|
||||
}, node);
|
||||
|
||||
client.runScriptOnNode(nodeId, "./jboss stop", runAsRoot(false).wrapInInitScript(false));
|
||||
|
||||
trackAvailabilityOfJBossProcessOnNode(new Supplier<ExecResponse>() {
|
||||
|
||||
@Override
|
||||
public ExecResponse get() {
|
||||
return client.runScriptOnNode(nodeId, "./jboss start", runAsRoot(false).wrapInInitScript(false));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "warm start of jboss";
|
||||
}
|
||||
|
||||
}, node);
|
||||
|
||||
checkHttpGet(node);
|
||||
} finally {
|
||||
client.destroyNodesMatching(inGroup(group));
|
||||
}
|
||||
|
@ -595,11 +706,11 @@ public abstract class BaseComputeServiceLiveTest {
|
|||
// no inbound ports
|
||||
TemplateOptions options = client.templateOptions().blockUntilRunning(false).inboundPorts();
|
||||
try {
|
||||
long time = System.currentTimeMillis();
|
||||
long time = currentTimeMillis();
|
||||
Set<? extends NodeMetadata> nodes = client.createNodesInGroup(group, 1, options);
|
||||
NodeMetadata node = getOnlyElement(nodes);
|
||||
assert node.getState() != NodeState.RUNNING;
|
||||
long duration = (System.currentTimeMillis() - time) / 1000;
|
||||
long duration = (currentTimeMillis() - time) / 1000;
|
||||
assert duration < nonBlockDurationSeconds : format("duration(%d) longer than expected(%d) seconds! ",
|
||||
duration, nonBlockDurationSeconds);
|
||||
} finally {
|
||||
|
|
|
@ -18,24 +18,28 @@
|
|||
*/
|
||||
package org.jclouds.compute;
|
||||
|
||||
import static java.lang.String.format;
|
||||
import static org.jclouds.compute.util.ComputeServiceUtils.execHttpResponse;
|
||||
import static org.jclouds.compute.util.ComputeServiceUtils.extractTargzIntoDirectory;
|
||||
import static org.jclouds.scriptbuilder.domain.Statements.appendFile;
|
||||
import static org.jclouds.scriptbuilder.domain.Statements.exec;
|
||||
import static org.jclouds.scriptbuilder.domain.Statements.interpret;
|
||||
import static org.jclouds.scriptbuilder.domain.Statements.newStatementList;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.util.Map;
|
||||
|
||||
import org.jclouds.compute.domain.OperatingSystem;
|
||||
import org.jclouds.compute.predicates.OperatingSystemPredicates;
|
||||
import org.jclouds.scriptbuilder.InitBuilder;
|
||||
import org.jclouds.scriptbuilder.domain.Statement;
|
||||
import org.jclouds.scriptbuilder.domain.Statements;
|
||||
import org.jclouds.scriptbuilder.domain.StatementList;
|
||||
import org.jclouds.scriptbuilder.statements.login.AdminAccess;
|
||||
|
||||
import com.google.common.base.Splitter;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import com.google.common.collect.ImmutableList.Builder;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -56,31 +60,35 @@ public class RunScriptData {
|
|||
throw new IllegalArgumentException("don't know how to handle" + os.toString());
|
||||
}
|
||||
|
||||
public static Statement authorizePortInIpTables(int port) {
|
||||
return Statements.newStatementList(// just in case iptables are being used, try to open 8080
|
||||
exec("iptables -I INPUT 1 -p tcp --dport " + port + " -j ACCEPT"),//
|
||||
// TODO gogrid rules only allow ports 22, 3389, 80 and 443.
|
||||
// the above rule will be ignored, so we have to apply this
|
||||
// directly
|
||||
exec("iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport " + port + " -j ACCEPT"),//
|
||||
exec("iptables-save"));
|
||||
public static Statement authorizePortsInIpTables(int... ports) {
|
||||
Builder<Statement> builder = ImmutableList.<Statement> builder();
|
||||
for (int port : ports)
|
||||
builder.add(exec("iptables -I INPUT 1 -p tcp --dport " + port + " -j ACCEPT"));
|
||||
builder.add(exec("iptables-save"));
|
||||
return new StatementList(builder.build());
|
||||
}
|
||||
|
||||
public static Statement createScriptInstallAndStartJBoss(OperatingSystem os) {
|
||||
Map<String, String> envVariables = ImmutableMap.of("jbossHome", jbossHome);
|
||||
Statement toReturn = new InitBuilder(
|
||||
"jboss",
|
||||
jbossHome,
|
||||
jbossHome,
|
||||
envVariables,
|
||||
ImmutableList.<Statement> of(AdminAccess.standard(),//
|
||||
public static StatementList installAdminUserJBossAndOpenPorts(OperatingSystem os) throws IOException {
|
||||
return new StatementList(//
|
||||
AdminAccess.builder().adminUsername("web").build(),//
|
||||
installJavaAndCurl(os),//
|
||||
authorizePortInIpTables(8080),
|
||||
extractTargzIntoDirectory(URI.create(System.getProperty("test.jboss-url",
|
||||
authorizePortsInIpTables(22, 8080),//
|
||||
extractTargzIntoDirectory(URI.create(System.getProperty("test.jboss-url",//
|
||||
"http://d37gkgjhl3prlk.cloudfront.net/jboss-7.0.0.CR1.tar.gz")), "/usr/local"),//
|
||||
exec("{md} " + jbossHome), exec("mv /usr/local/jboss-*/* " + jbossHome),//
|
||||
changeStandaloneConfigToListenOnAllIPAddresses(),
|
||||
exec("chmod -R oug+r+w " + jbossHome)),//
|
||||
exec("chmod -R oug+r+w " + jbossHome),
|
||||
exec("chown -R web " + jbossHome));
|
||||
}
|
||||
|
||||
// NOTE do not name this the same as your login user, or the init process may kill you!
|
||||
public static InitBuilder startJBoss(String configuration) {
|
||||
return new InitBuilder(
|
||||
"jboss",
|
||||
jbossHome,
|
||||
jbossHome,
|
||||
ImmutableMap.of("jbossHome", jbossHome),
|
||||
ImmutableList.<Statement>of(appendFile(jbossHome + "/standalone/configuration/standalone-custom.xml", Splitter.on('\n').split(configuration))),
|
||||
ImmutableList
|
||||
.<Statement> of(interpret(new StringBuilder().append("java ").append(' ')
|
||||
.append("-server -Xms128m -Xmx128m -XX:MaxPermSize=128m -Djava.net.preferIPv4Stack=true -XX:+UseFastAccessorMethods -XX:+TieredCompilation -Xverify:none -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000").append(' ')
|
||||
|
@ -92,9 +100,9 @@ public class RunScriptData {
|
|||
.append("-logmodule org.jboss.logmanager").append(' ')
|
||||
.append("-jaxpmodule javax.xml.jaxp-provider").append(' ')
|
||||
.append("org.jboss.as.standalone").append(' ')
|
||||
.append("-Djboss.home.dir=$JBOSS_HOME")
|
||||
.append("-Djboss.home.dir=$JBOSS_HOME").append(' ')
|
||||
.append("--server-config=standalone-custom.xml")
|
||||
.toString())));
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
public static Statement normalizeHostAndDNSConfig() {
|
||||
|
@ -118,7 +126,9 @@ public class RunScriptData {
|
|||
|
||||
// TODO make this a cli option
|
||||
private static Statement changeStandaloneConfigToListenOnAllIPAddresses() {
|
||||
return exec("(cd $JBOSS_HOME/standalone/configuration && sed 's~inet-address value=.*/~any-address/~g' standalone.xml > standalone.xml.new && mv standalone.xml.new standalone.xml)");
|
||||
return exec(format(
|
||||
"(cd %s/standalone/configuration && sed 's~inet-address value=.*/~any-address/~g' standalone.xml > standalone.xml.new && mv standalone.xml.new standalone.xml)",
|
||||
jbossHome));
|
||||
}
|
||||
|
||||
public static String aptInstall = "apt-get install -f -y -qq --force-yes";
|
||||
|
@ -129,8 +139,7 @@ public class RunScriptData {
|
|||
exec("apt-get update -qq"),
|
||||
exec("which curl || " + aptInstall + " curl"),//
|
||||
exec(aptInstall + " openjdk-6-jdk"),//
|
||||
exec("rm -rf /var/cache/apt /usr/lib/vmware-tools"),//
|
||||
exec("echo \"export PATH=\\\"\\$JAVA_HOME/bin/:\\$PATH\\\"\" >> /root/.bashrc"));
|
||||
exec("echo \"export PATH=\\\"\\$JAVA_HOME/bin/:\\$PATH\\\"\" >> $HOME/.bashrc"));
|
||||
|
||||
public static String yumInstall = "yum --nogpgcheck -y install";
|
||||
|
||||
|
@ -138,11 +147,11 @@ public class RunScriptData {
|
|||
normalizeHostAndDNSConfig(),//
|
||||
exec("which curl || " + yumInstall + " curl"),//
|
||||
exec(yumInstall + " java-1.6.0-openjdk-devel"),//
|
||||
exec("echo \"export PATH=\\\"\\$JAVA_HOME/bin/:\\$PATH\\\"\" >> /root/.bashrc"));
|
||||
exec("echo \"export PATH=\\\"\\$JAVA_HOME/bin/:\\$PATH\\\"\" >> /etc/bashrc"));
|
||||
|
||||
public static final Statement ZYPPER_RUN_SCRIPT = newStatementList(//
|
||||
normalizeHostAndDNSConfig(),//
|
||||
exec("which curl || zypper install curl"),//
|
||||
exec("zypper install java-1.6.0-openjdk"),//
|
||||
exec("echo \"export PATH=\\\"\\$JAVA_HOME/bin/:\\$PATH\\\"\" >> /root/.bashrc"));
|
||||
exec("echo \"export PATH=\\\"\\$JAVA_HOME/bin/:\\$PATH\\\"\" >> /etc/bashrc"));
|
||||
}
|
||||
|
|
|
@ -81,15 +81,14 @@ public class StubComputeServiceIntegrationTest extends BaseComputeServiceLiveTes
|
|||
protected void buildSocketTester() {
|
||||
SocketOpen socketOpen = createMock(SocketOpen.class);
|
||||
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.1", 22))).andReturn(true);
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.2", 22))).andReturn(true);
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.3", 22))).andReturn(true);
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.4", 22))).andReturn(true);
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.5", 22))).andReturn(true);
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.1", 22))).andReturn(true).times(5);
|
||||
// restart of jboss
|
||||
expect(socketOpen.apply(new IPSocket("144.175.1.1", 8080))).andReturn(true).times(2);
|
||||
|
||||
|
||||
replay(socketOpen);
|
||||
|
||||
socketTester = new RetryablePredicate<IPSocket>(socketOpen, 60, 1, TimeUnit.SECONDS);
|
||||
preciseSocketTester = socketTester = new RetryablePredicate<IPSocket>(socketOpen, 1, 1, TimeUnit.MILLISECONDS);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -136,18 +135,24 @@ public class StubComputeServiceIntegrationTest extends BaseComputeServiceLiveTes
|
|||
SshClient client1 = createMock(SshClient.class);
|
||||
SshClient client1New = createMock(SshClient.class);
|
||||
SshClient client2 = createMock(SshClient.class);
|
||||
SshClient client2New = createMock(SshClient.class);
|
||||
SshClient client2Foo = createMock(SshClient.class);
|
||||
SshClient client3 = createMock(SshClient.class);
|
||||
SshClient client4 = createMock(SshClient.class);
|
||||
SshClient client5 = createMock(SshClient.class);
|
||||
|
||||
expect(factory.create(new IPSocket("144.175.1.1", 22), new Credentials("root", "password1"))).andReturn(
|
||||
client1);
|
||||
expect(factory.create(new IPSocket("144.175.1.1", 22), new Credentials("defaultAdminUsername", "privateKey"))).andReturn(
|
||||
client1New);
|
||||
expect(factory.create(new IPSocket("144.175.1.1", 22), new Credentials("web", "privateKey"))).andReturn(
|
||||
client1New).times(5);
|
||||
runScriptAndService(client1, client1New);
|
||||
|
||||
expect(factory.create(new IPSocket("144.175.1.2", 22), new Credentials("root", "password2"))).andReturn(
|
||||
client2).times(4);
|
||||
expect(factory.create(new IPSocket("144.175.1.2", 22), new Credentials("root", "password2"))).andReturn(
|
||||
client2New);
|
||||
expect(factory.create(new IPSocket("144.175.1.2", 22), new Credentials("foo", "privateKey"))).andReturn(
|
||||
client2Foo);
|
||||
expect(factory.create(new IPSocket("144.175.1.2", 22), new Credentials("root", "romeo"))).andThrow(
|
||||
new SshException("Auth fail"));
|
||||
|
||||
|
@ -171,6 +176,24 @@ public class StubComputeServiceIntegrationTest extends BaseComputeServiceLiveTes
|
|||
}
|
||||
client2.disconnect();
|
||||
|
||||
client2New.connect();
|
||||
try {
|
||||
runScript(client2New, "adminUpdate",
|
||||
Strings2.toStringAndClose(StubComputeServiceIntegrationTest.class
|
||||
.getResourceAsStream("/runscript_adminUpdate.sh")), 2);
|
||||
} catch (IOException e) {
|
||||
Throwables.propagate(e);
|
||||
}
|
||||
client2New.disconnect();
|
||||
|
||||
// check id
|
||||
client2Foo.connect();
|
||||
expect(client2Foo.getUsername()).andReturn("foo").atLeastOnce();
|
||||
expect(client2Foo.getHostAddress()).andReturn("foo").atLeastOnce();
|
||||
expect(client2Foo.exec("echo $USER\n")).andReturn(new ExecResponse("foo\n", "", 0));
|
||||
client2Foo.disconnect();
|
||||
|
||||
|
||||
expect(factory.create(new IPSocket("144.175.1.3", 22), new Credentials("root", "password3"))).andReturn(
|
||||
client3).times(2);
|
||||
expect(factory.create(new IPSocket("144.175.1.4", 22), new Credentials("root", "password4"))).andReturn(
|
||||
|
@ -207,6 +230,8 @@ public class StubComputeServiceIntegrationTest extends BaseComputeServiceLiveTes
|
|||
replay(client1);
|
||||
replay(client1New);
|
||||
replay(client2);
|
||||
replay(client2New);
|
||||
replay(client2Foo);
|
||||
replay(client3);
|
||||
replay(client4);
|
||||
replay(client5);
|
||||
|
@ -218,26 +243,50 @@ public class StubComputeServiceIntegrationTest extends BaseComputeServiceLiveTes
|
|||
client.connect();
|
||||
|
||||
try {
|
||||
String scriptName = "jboss";
|
||||
String scriptName = "configure-jboss";
|
||||
client.put("/tmp/init-" + scriptName, Strings2.toStringAndClose(StubComputeServiceIntegrationTest.class
|
||||
.getResourceAsStream("/initscript_with_jboss.sh")));
|
||||
expect(client.exec("chmod 755 /tmp/init-" + scriptName)).andReturn(EXEC_GOOD);
|
||||
expect(client.exec("ln -fs /tmp/init-" + scriptName + " " + scriptName)).andReturn(EXEC_GOOD);
|
||||
expect(client.getUsername()).andReturn("root").atLeastOnce();
|
||||
expect(client.getHostAddress()).andReturn(clientNew + "").atLeastOnce();
|
||||
expect(client.getHostAddress()).andReturn("localhost").atLeastOnce();
|
||||
expect(client.exec("./" + scriptName + " init")).andReturn(EXEC_GOOD);
|
||||
expect(client.exec("./" + scriptName + " start")).andReturn(EXEC_GOOD);
|
||||
expect(client.exec("./" + scriptName + " status")).andReturn(EXEC_GOOD);
|
||||
// next status says the script is done, since not found.
|
||||
expect(client.exec("./" + scriptName + " status")).andReturn(EXEC_BAD);
|
||||
expect(client.exec("./" + scriptName + " tail")).andReturn(EXEC_GOOD);
|
||||
expect(client.exec("./" + scriptName + " tailerr")).andReturn(EXEC_GOOD);
|
||||
// note we have to reconnect here, as we updated the login user.
|
||||
client.disconnect();
|
||||
|
||||
clientNew.connect();
|
||||
expect(clientNew.getUsername()).andReturn("defaultAdminUsername").atLeastOnce();
|
||||
expect(clientNew.getHostAddress()).andReturn(clientNew + "").atLeastOnce();
|
||||
scriptName = "jboss";
|
||||
clientNew.put("/tmp/init-" + scriptName, Strings2
|
||||
.toStringAndClose(StubComputeServiceIntegrationTest.class
|
||||
.getResourceAsStream("/runscript_jboss.sh")));
|
||||
expect(clientNew.exec("chmod 755 /tmp/init-" + scriptName)).andReturn(EXEC_GOOD);
|
||||
expect(clientNew.exec("ln -fs /tmp/init-" + scriptName + " " + scriptName)).andReturn(EXEC_GOOD);
|
||||
expect(clientNew.exec("sudo ./" + scriptName + " start")).andReturn(EXEC_GOOD);
|
||||
expect(clientNew.exec("sudo ./" + scriptName + " status")).andReturn(EXEC_GOOD);
|
||||
// next status says the script is done, since not found.
|
||||
expect(clientNew.exec("sudo ./" + scriptName + " status")).andReturn(EXEC_BAD);
|
||||
expect(clientNew.exec("sudo ./" + scriptName + " tail")).andReturn(EXEC_GOOD);
|
||||
expect(clientNew.exec("sudo ./" + scriptName + " tailerr")).andReturn(EXEC_GOOD);
|
||||
expect(clientNew.getUsername()).andReturn("web").atLeastOnce();
|
||||
expect(clientNew.getHostAddress()).andReturn("localhost").atLeastOnce();
|
||||
expect(clientNew.exec("./" + scriptName + " init")).andReturn(EXEC_GOOD);
|
||||
expect(clientNew.exec("./" + scriptName + " start")).andReturn(EXEC_GOOD);
|
||||
clientNew.disconnect();
|
||||
clientNew.connect();
|
||||
expect(clientNew.exec("./" + scriptName + " tail\n")).andReturn(EXEC_GOOD);
|
||||
clientNew.disconnect();
|
||||
|
||||
clientNew.connect();
|
||||
expect(clientNew.exec("./" + scriptName + " stop\n")).andReturn(EXEC_GOOD);
|
||||
clientNew.disconnect();
|
||||
|
||||
clientNew.connect();
|
||||
expect(clientNew.exec("./" + scriptName + " start\n")).andReturn(EXEC_GOOD);
|
||||
clientNew.disconnect();
|
||||
|
||||
clientNew.connect();
|
||||
expect(clientNew.exec("./" + scriptName + " tail\n")).andReturn(EXEC_GOOD);
|
||||
clientNew.disconnect();
|
||||
} catch (IOException e) {
|
||||
Throwables.propagate(e);
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ function findPid {
|
|||
return 1
|
||||
}
|
||||
local PATTERN="$1"; shift
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|awk '{print $2}'`
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|grep -v $$|awk '{print $2}'`
|
||||
[ -n "$_FOUND" ] && {
|
||||
export FOUND_PID=$_FOUND
|
||||
return 0
|
||||
|
@ -42,7 +42,7 @@ function forget {
|
|||
local LOG_DIR="$1"; shift
|
||||
mkdir -p $LOG_DIR
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" ] && {
|
||||
[ -n "$FOUND_PID" -a -f $LOG_DIR/stdout.log ] && {
|
||||
echo $INSTANCE_NAME already running pid [$FOUND_PID]
|
||||
} || {
|
||||
nohup $SCRIPT >$LOG_DIR/stdout.log 2>$LOG_DIR/stderr.log &
|
||||
|
@ -102,8 +102,7 @@ nslookup yahoo.com >/dev/null || echo nameserver 208.67.222.222 >> /etc/resolv.c
|
|||
apt-get update -qq
|
||||
which curl || apt-get install -f -y -qq --force-yes curl
|
||||
apt-get install -f -y -qq --force-yes openjdk-6-jdk
|
||||
rm -rf /var/cache/apt /usr/lib/vmware-tools
|
||||
echo "export PATH=\"\$JAVA_HOME/bin/:\$PATH\"" >> /root/.bashrc
|
||||
echo "export PATH=\"\$JAVA_HOME/bin/:\$PATH\"" >> $HOME/.bashrc
|
||||
|
||||
END_OF_SCRIPT
|
||||
|
||||
|
|
|
@ -8,14 +8,13 @@ function abort {
|
|||
exit 1
|
||||
}
|
||||
function default {
|
||||
export INSTANCE_NAME="jboss"
|
||||
export INSTANCE_HOME="/usr/local/jboss"
|
||||
export LOG_DIR="/usr/local/jboss"
|
||||
export INSTANCE_NAME="configure-jboss"
|
||||
export INSTANCE_HOME="/tmp/configure-jboss"
|
||||
export LOG_DIR="/tmp/configure-jboss"
|
||||
return 0
|
||||
}
|
||||
function jboss {
|
||||
export JBOSS_HOME="/usr/local/jboss"
|
||||
return 0
|
||||
function configure-jboss {
|
||||
return 0
|
||||
}
|
||||
function findPid {
|
||||
unset FOUND_PID;
|
||||
|
@ -24,7 +23,7 @@ function findPid {
|
|||
return 1
|
||||
}
|
||||
local PATTERN="$1"; shift
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|awk '{print $2}'`
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|grep -v $$|awk '{print $2}'`
|
||||
[ -n "$_FOUND" ] && {
|
||||
export FOUND_PID=$_FOUND
|
||||
return 0
|
||||
|
@ -43,7 +42,7 @@ function forget {
|
|||
local LOG_DIR="$1"; shift
|
||||
mkdir -p $LOG_DIR
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" ] && {
|
||||
[ -n "$FOUND_PID" -a -f $LOG_DIR/stdout.log ] && {
|
||||
echo $INSTANCE_NAME already running pid [$FOUND_PID]
|
||||
} || {
|
||||
nohup $SCRIPT >$LOG_DIR/stdout.log 2>$LOG_DIR/stderr.log &
|
||||
|
@ -57,72 +56,71 @@ export PATH=/usr/ucb/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
|||
case $1 in
|
||||
init)
|
||||
default || exit 1
|
||||
jboss || exit 1
|
||||
rm /etc/sudoers
|
||||
cat >> /etc/sudoers <<'END_OF_FILE'
|
||||
root ALL = (ALL) ALL
|
||||
%wheel ALL = (ALL) NOPASSWD:ALL
|
||||
END_OF_FILE
|
||||
chmod 0440 /etc/sudoers
|
||||
mkdir -p /home/users/defaultAdminUsername
|
||||
groupadd -f wheel
|
||||
useradd -s /bin/bash -g wheel -d /home/users/defaultAdminUsername -p 'crypt(randompassword)' defaultAdminUsername
|
||||
mkdir -p /home/users/defaultAdminUsername/.ssh
|
||||
cat >> /home/users/defaultAdminUsername/.ssh/authorized_keys <<'END_OF_FILE'
|
||||
publicKey
|
||||
END_OF_FILE
|
||||
chmod 600 /home/users/defaultAdminUsername/.ssh/authorized_keys
|
||||
chown -R defaultAdminUsername /home/users/defaultAdminUsername
|
||||
exec 3<> /etc/ssh/sshd_config && awk -v TEXT="PasswordAuthentication no
|
||||
PermitRootLogin no
|
||||
" 'BEGIN {print TEXT}{print}' /etc/ssh/sshd_config >&3
|
||||
/etc/init.d/sshd reload||/etc/init.d/ssh reload
|
||||
awk -v user=^${SUDO_USER:=${USER}}: -v password='crypt(randompassword)' 'BEGIN { FS=OFS=":" } $0 ~ user { $2 = password } 1' /etc/shadow >/etc/shadow.${SUDO_USER:=${USER}}
|
||||
test -f /etc/shadow.${SUDO_USER:=${USER}} && mv /etc/shadow.${SUDO_USER:=${USER}} /etc/shadow
|
||||
grep `hostname` /etc/hosts >/dev/null || awk -v hostname=`hostname` 'END { print $1" "hostname }' /proc/net/arp >> /etc/hosts
|
||||
nslookup yahoo.com >/dev/null || echo nameserver 208.67.222.222 >> /etc/resolv.conf
|
||||
apt-get update -qq
|
||||
which curl || apt-get install -f -y -qq --force-yes curl
|
||||
apt-get install -f -y -qq --force-yes openjdk-6-jdk
|
||||
rm -rf /var/cache/apt /usr/lib/vmware-tools
|
||||
echo "export PATH=\"\$JAVA_HOME/bin/:\$PATH\"" >> /root/.bashrc
|
||||
iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
|
||||
iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport 8080 -j ACCEPT
|
||||
iptables-save
|
||||
curl -q -s -S -L --connect-timeout 10 --max-time 600 --retry 20 -X GET http://d37gkgjhl3prlk.cloudfront.net/jboss-7.0.0.CR1.tar.gz |(mkdir -p /usr/local &&cd /usr/local &&tar -xpzf -)
|
||||
mkdir -p /usr/local/jboss
|
||||
mv /usr/local/jboss-*/* /usr/local/jboss
|
||||
(cd $JBOSS_HOME/standalone/configuration && sed 's~inet-address value=.*/~any-address/~g' standalone.xml > standalone.xml.new && mv standalone.xml.new standalone.xml)
|
||||
chmod -R oug+r+w /usr/local/jboss
|
||||
configure-jboss || exit 1
|
||||
mkdir -p $INSTANCE_HOME
|
||||
|
||||
# create runscript header
|
||||
cat > $INSTANCE_HOME/jboss.sh <<END_OF_SCRIPT
|
||||
cat > $INSTANCE_HOME/configure-jboss.sh <<END_OF_SCRIPT
|
||||
#!/bin/bash
|
||||
set +u
|
||||
shopt -s xpg_echo
|
||||
shopt -s expand_aliases
|
||||
PROMPT_COMMAND='echo -ne "\033]0;jboss\007"'
|
||||
PROMPT_COMMAND='echo -ne "\033]0;configure-jboss\007"'
|
||||
export PATH=/usr/ucb/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
export INSTANCE_NAME='jboss'
|
||||
export JBOSS_HOME='$JBOSS_HOME'
|
||||
export INSTANCE_NAME='configure-jboss'
|
||||
export INSTANCE_NAME='$INSTANCE_NAME'
|
||||
export INSTANCE_HOME='$INSTANCE_HOME'
|
||||
export LOG_DIR='$LOG_DIR'
|
||||
END_OF_SCRIPT
|
||||
|
||||
# add desired commands from the user
|
||||
cat >> $INSTANCE_HOME/jboss.sh <<'END_OF_SCRIPT'
|
||||
cat >> $INSTANCE_HOME/configure-jboss.sh <<'END_OF_SCRIPT'
|
||||
cd $INSTANCE_HOME
|
||||
java -server -Xms128m -Xmx128m -XX:MaxPermSize=128m -Djava.net.preferIPv4Stack=true -XX:+UseFastAccessorMethods -XX:+TieredCompilation -Xverify:none -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Dorg.jboss.boot.log.file=$JBOSS_HOME/standalone/log/boot.log -Dlogging.configuration=file:$JBOSS_HOME/standalone/configuration/logging.properties -jar $JBOSS_HOME/jboss-modules.jar -mp $JBOSS_HOME/modules -logmodule org.jboss.logmanager -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -Djboss.home.dir=$JBOSS_HOME
|
||||
rm /etc/sudoers
|
||||
cat >> /etc/sudoers <<'END_OF_FILE'
|
||||
root ALL = (ALL) ALL
|
||||
%wheel ALL = (ALL) NOPASSWD:ALL
|
||||
END_OF_FILE
|
||||
chmod 0440 /etc/sudoers
|
||||
mkdir -p /home/users/web
|
||||
groupadd -f wheel
|
||||
useradd -s /bin/bash -g wheel -d /home/users/web -p 'crypt(randompassword)' web
|
||||
mkdir -p /home/users/web/.ssh
|
||||
cat >> /home/users/web/.ssh/authorized_keys <<'END_OF_FILE'
|
||||
publicKey
|
||||
END_OF_FILE
|
||||
chmod 600 /home/users/web/.ssh/authorized_keys
|
||||
chown -R web /home/users/web
|
||||
exec 3<> /etc/ssh/sshd_config && awk -v TEXT="PasswordAuthentication no
|
||||
PermitRootLogin no
|
||||
" 'BEGIN {print TEXT}{print}' /etc/ssh/sshd_config >&3
|
||||
/etc/init.d/sshd reload||/etc/init.d/ssh reload
|
||||
awk -v user=^${SUDO_USER:=${USER}}: -v password='crypt(randompassword)' 'BEGIN { FS=OFS=":" } $0 ~ user { $2 = password } 1' /etc/shadow >/etc/shadow.${SUDO_USER:=${USER}}
|
||||
test -f /etc/shadow.${SUDO_USER:=${USER}} && mv /etc/shadow.${SUDO_USER:=${USER}} /etc/shadow
|
||||
grep `hostname` /etc/hosts >/dev/null || awk -v hostname=`hostname` 'END { print $1" "hostname }' /proc/net/arp >> /etc/hosts
|
||||
nslookup yahoo.com >/dev/null || echo nameserver 208.67.222.222 >> /etc/resolv.conf
|
||||
apt-get update -qq
|
||||
which curl || apt-get install -f -y -qq --force-yes curl
|
||||
apt-get install -f -y -qq --force-yes openjdk-6-jdk
|
||||
echo "export PATH=\"\$JAVA_HOME/bin/:\$PATH\"" >> $HOME/.bashrc
|
||||
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
|
||||
iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
|
||||
iptables-save
|
||||
curl -q -s -S -L --connect-timeout 10 --max-time 600 --retry 20 -X GET http://d37gkgjhl3prlk.cloudfront.net/jboss-7.0.0.CR1.tar.gz |(mkdir -p /usr/local &&cd /usr/local &&tar -xpzf -)
|
||||
mkdir -p /usr/local/jboss
|
||||
mv /usr/local/jboss-*/* /usr/local/jboss
|
||||
(cd /usr/local/jboss/standalone/configuration && sed 's~inet-address value=.*/~any-address/~g' standalone.xml > standalone.xml.new && mv standalone.xml.new standalone.xml)
|
||||
chmod -R oug+r+w /usr/local/jboss
|
||||
chown -R web /usr/local/jboss
|
||||
|
||||
END_OF_SCRIPT
|
||||
|
||||
# add runscript footer
|
||||
cat >> $INSTANCE_HOME/jboss.sh <<'END_OF_SCRIPT'
|
||||
cat >> $INSTANCE_HOME/configure-jboss.sh <<'END_OF_SCRIPT'
|
||||
exit 0
|
||||
END_OF_SCRIPT
|
||||
|
||||
chmod u+x $INSTANCE_HOME/jboss.sh
|
||||
chmod u+x $INSTANCE_HOME/configure-jboss.sh
|
||||
;;
|
||||
status)
|
||||
default || exit 1
|
||||
|
|
|
@ -23,7 +23,7 @@ function findPid {
|
|||
return 1
|
||||
}
|
||||
local PATTERN="$1"; shift
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|awk '{print $2}'`
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|grep -v $$|awk '{print $2}'`
|
||||
[ -n "$_FOUND" ] && {
|
||||
export FOUND_PID=$_FOUND
|
||||
return 0
|
||||
|
@ -42,7 +42,7 @@ function forget {
|
|||
local LOG_DIR="$1"; shift
|
||||
mkdir -p $LOG_DIR
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" ] && {
|
||||
[ -n "$FOUND_PID" -a -f $LOG_DIR/stdout.log ] && {
|
||||
echo $INSTANCE_NAME already running pid [$FOUND_PID]
|
||||
} || {
|
||||
nohup $SCRIPT >$LOG_DIR/stdout.log 2>$LOG_DIR/stderr.log &
|
||||
|
@ -81,8 +81,7 @@ nslookup yahoo.com >/dev/null || echo nameserver 208.67.222.222 >> /etc/resolv.c
|
|||
apt-get update -qq
|
||||
which curl || apt-get install -f -y -qq --force-yes curl
|
||||
apt-get install -f -y -qq --force-yes openjdk-6-jdk
|
||||
rm -rf /var/cache/apt /usr/lib/vmware-tools
|
||||
echo "export PATH=\"\$JAVA_HOME/bin/:\$PATH\"" >> /root/.bashrc
|
||||
echo "export PATH=\"\$JAVA_HOME/bin/:\$PATH\"" >> $HOME/.bashrc
|
||||
|
||||
END_OF_SCRIPT
|
||||
|
||||
|
|
|
@ -0,0 +1,140 @@
|
|||
#!/bin/bash
|
||||
set +u
|
||||
shopt -s xpg_echo
|
||||
shopt -s expand_aliases
|
||||
unset PATH JAVA_HOME LD_LIBRARY_PATH
|
||||
function abort {
|
||||
echo "aborting: $@" 1>&2
|
||||
exit 1
|
||||
}
|
||||
function default {
|
||||
export INSTANCE_NAME="adminUpdate"
|
||||
export INSTANCE_HOME="/tmp/adminUpdate"
|
||||
export LOG_DIR="/tmp/adminUpdate"
|
||||
return 0
|
||||
}
|
||||
function adminUpdate {
|
||||
return 0
|
||||
}
|
||||
function findPid {
|
||||
unset FOUND_PID;
|
||||
[ $# -eq 1 ] || {
|
||||
abort "findPid requires a parameter of pattern to match"
|
||||
return 1
|
||||
}
|
||||
local PATTERN="$1"; shift
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|grep -v $$|awk '{print $2}'`
|
||||
[ -n "$_FOUND" ] && {
|
||||
export FOUND_PID=$_FOUND
|
||||
return 0
|
||||
} || {
|
||||
return 1
|
||||
}
|
||||
}
|
||||
function forget {
|
||||
unset FOUND_PID;
|
||||
[ $# -eq 3 ] || {
|
||||
abort "forget requires parameters INSTANCE_NAME SCRIPT LOG_DIR"
|
||||
return 1
|
||||
}
|
||||
local INSTANCE_NAME="$1"; shift
|
||||
local SCRIPT="$1"; shift
|
||||
local LOG_DIR="$1"; shift
|
||||
mkdir -p $LOG_DIR
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" -a -f $LOG_DIR/stdout.log ] && {
|
||||
echo $INSTANCE_NAME already running pid [$FOUND_PID]
|
||||
} || {
|
||||
nohup $SCRIPT >$LOG_DIR/stdout.log 2>$LOG_DIR/stderr.log &
|
||||
sleep 1
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" ] || abort "$INSTANCE_NAME did not start"
|
||||
}
|
||||
return 0
|
||||
}
|
||||
export PATH=/usr/ucb/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
case $1 in
|
||||
init)
|
||||
default || exit 1
|
||||
adminUpdate || exit 1
|
||||
mkdir -p $INSTANCE_HOME
|
||||
|
||||
# create runscript header
|
||||
cat > $INSTANCE_HOME/adminUpdate.sh <<END_OF_SCRIPT
|
||||
#!/bin/bash
|
||||
set +u
|
||||
shopt -s xpg_echo
|
||||
shopt -s expand_aliases
|
||||
PROMPT_COMMAND='echo -ne "\033]0;adminUpdate\007"'
|
||||
export PATH=/usr/ucb/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
export INSTANCE_NAME='adminUpdate'
|
||||
export INSTANCE_NAME='$INSTANCE_NAME'
|
||||
export INSTANCE_HOME='$INSTANCE_HOME'
|
||||
export LOG_DIR='$LOG_DIR'
|
||||
END_OF_SCRIPT
|
||||
|
||||
# add desired commands from the user
|
||||
cat >> $INSTANCE_HOME/adminUpdate.sh <<'END_OF_SCRIPT'
|
||||
cd $INSTANCE_HOME
|
||||
rm /etc/sudoers
|
||||
cat >> /etc/sudoers <<'END_OF_FILE'
|
||||
root ALL = (ALL) ALL
|
||||
%wheel ALL = (ALL) NOPASSWD:ALL
|
||||
END_OF_FILE
|
||||
chmod 0440 /etc/sudoers
|
||||
mkdir -p /home/users/foo
|
||||
groupadd -f wheel
|
||||
useradd -s /bin/bash -g wheel -d /home/users/foo -p 'crypt(randompassword)' foo
|
||||
mkdir -p /home/users/foo/.ssh
|
||||
cat >> /home/users/foo/.ssh/authorized_keys <<'END_OF_FILE'
|
||||
publicKey
|
||||
END_OF_FILE
|
||||
chmod 600 /home/users/foo/.ssh/authorized_keys
|
||||
chown -R foo /home/users/foo
|
||||
exec 3<> /etc/ssh/sshd_config && awk -v TEXT="PasswordAuthentication no
|
||||
PermitRootLogin no
|
||||
" 'BEGIN {print TEXT}{print}' /etc/ssh/sshd_config >&3
|
||||
/etc/init.d/sshd reload||/etc/init.d/ssh reload
|
||||
awk -v user=^${SUDO_USER:=${USER}}: -v password='crypt(randompassword)' 'BEGIN { FS=OFS=":" } $0 ~ user { $2 = password } 1' /etc/shadow >/etc/shadow.${SUDO_USER:=${USER}}
|
||||
test -f /etc/shadow.${SUDO_USER:=${USER}} && mv /etc/shadow.${SUDO_USER:=${USER}} /etc/shadow
|
||||
|
||||
END_OF_SCRIPT
|
||||
|
||||
# add runscript footer
|
||||
cat >> $INSTANCE_HOME/adminUpdate.sh <<'END_OF_SCRIPT'
|
||||
exit 0
|
||||
END_OF_SCRIPT
|
||||
|
||||
chmod u+x $INSTANCE_HOME/adminUpdate.sh
|
||||
;;
|
||||
status)
|
||||
default || exit 1
|
||||
findPid $INSTANCE_NAME || exit 1
|
||||
echo [$FOUND_PID]
|
||||
;;
|
||||
stop)
|
||||
default || exit 1
|
||||
findPid $INSTANCE_NAME || exit 1
|
||||
[ -n "$FOUND_PID" ] && {
|
||||
echo stopping $FOUND_PID
|
||||
kill -9 $FOUND_PID
|
||||
}
|
||||
;;
|
||||
start)
|
||||
default || exit 1
|
||||
forget $INSTANCE_NAME $INSTANCE_HOME/$INSTANCE_NAME.sh $LOG_DIR || exit 1
|
||||
;;
|
||||
tail)
|
||||
default || exit 1
|
||||
tail $LOG_DIR/stdout.log
|
||||
;;
|
||||
tailerr)
|
||||
default || exit 1
|
||||
tail $LOG_DIR/stderr.log
|
||||
;;
|
||||
run)
|
||||
default || exit 1
|
||||
$INSTANCE_HOME/$INSTANCE_NAME.sh
|
||||
;;
|
||||
esac
|
||||
exit 0
|
|
@ -0,0 +1,227 @@
|
|||
#!/bin/bash
|
||||
set +u
|
||||
shopt -s xpg_echo
|
||||
shopt -s expand_aliases
|
||||
unset PATH JAVA_HOME LD_LIBRARY_PATH
|
||||
function abort {
|
||||
echo "aborting: $@" 1>&2
|
||||
exit 1
|
||||
}
|
||||
function default {
|
||||
export INSTANCE_NAME="jboss"
|
||||
export INSTANCE_HOME="/usr/local/jboss"
|
||||
export LOG_DIR="/usr/local/jboss"
|
||||
return 0
|
||||
}
|
||||
function jboss {
|
||||
export JBOSS_HOME="/usr/local/jboss"
|
||||
return 0
|
||||
}
|
||||
function findPid {
|
||||
unset FOUND_PID;
|
||||
[ $# -eq 1 ] || {
|
||||
abort "findPid requires a parameter of pattern to match"
|
||||
return 1
|
||||
}
|
||||
local PATTERN="$1"; shift
|
||||
local _FOUND=`ps auxwww|grep "$PATTERN"|grep -v " $0"|grep -v grep|grep -v $$|awk '{print $2}'`
|
||||
[ -n "$_FOUND" ] && {
|
||||
export FOUND_PID=$_FOUND
|
||||
return 0
|
||||
} || {
|
||||
return 1
|
||||
}
|
||||
}
|
||||
function forget {
|
||||
unset FOUND_PID;
|
||||
[ $# -eq 3 ] || {
|
||||
abort "forget requires parameters INSTANCE_NAME SCRIPT LOG_DIR"
|
||||
return 1
|
||||
}
|
||||
local INSTANCE_NAME="$1"; shift
|
||||
local SCRIPT="$1"; shift
|
||||
local LOG_DIR="$1"; shift
|
||||
mkdir -p $LOG_DIR
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" -a -f $LOG_DIR/stdout.log ] && {
|
||||
echo $INSTANCE_NAME already running pid [$FOUND_PID]
|
||||
} || {
|
||||
nohup $SCRIPT >$LOG_DIR/stdout.log 2>$LOG_DIR/stderr.log &
|
||||
sleep 1
|
||||
findPid $INSTANCE_NAME
|
||||
[ -n "$FOUND_PID" ] || abort "$INSTANCE_NAME did not start"
|
||||
}
|
||||
return 0
|
||||
}
|
||||
export PATH=/usr/ucb/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
case $1 in
|
||||
init)
|
||||
default || exit 1
|
||||
jboss || exit 1
|
||||
cat >> /usr/local/jboss/standalone/configuration/standalone-custom.xml <<'END_OF_FILE'
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server name="basic" xmlns="urn:jboss:domain:1.0">
|
||||
<extensions>
|
||||
<extension module="org.jboss.as.connector"/>
|
||||
<extension module="org.jboss.as.deployment-scanner"/>
|
||||
<extension module="org.jboss.as.ee"/>
|
||||
<extension module="org.jboss.as.logging"/>
|
||||
<extension module="org.jboss.as.naming"/>
|
||||
<extension module="org.jboss.as.security"/>
|
||||
<extension module="org.jboss.as.threads"/>
|
||||
<extension module="org.jboss.as.transactions"/>
|
||||
<extension module="org.jboss.as.web"/>
|
||||
<!--
|
||||
<extension module="org.jboss.as.weld"/>
|
||||
-->
|
||||
</extensions>
|
||||
<profile>
|
||||
<subsystem xmlns="urn:jboss:domain:logging:1.0">
|
||||
<console-handler name="CONSOLE" autoflush="true">
|
||||
<level name="INFO"/>
|
||||
<formatter>
|
||||
<pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
|
||||
</formatter>
|
||||
</console-handler>
|
||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
||||
<level name="INFO"/>
|
||||
<formatter>
|
||||
<pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
|
||||
</formatter>
|
||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
||||
<suffix value=".yyyy-MM-dd"/>
|
||||
</periodic-rotating-file-handler>
|
||||
<logger category="com.arjuna">
|
||||
<level name="WARN"/>
|
||||
</logger>
|
||||
<logger category="org.apache.tomcat.util.modeler">
|
||||
<level name="WARN"/>
|
||||
</logger>
|
||||
<logger category="sun.rmi">
|
||||
<level name="WARN"/>
|
||||
</logger>
|
||||
<root-logger>
|
||||
<level name="INFO"/>
|
||||
<handlers>
|
||||
<handler name="CONSOLE"/>
|
||||
<handler name="FILE"/>
|
||||
</handlers>
|
||||
</root-logger>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:1.0">
|
||||
<deployment-scanner name="default" path="deployments" scan-enabled="true" scan-interval="5000" relative-to="jboss.server.base.dir" deployment-timeout="60"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ee:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:naming:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:resource-adapters:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:security:1.0">
|
||||
<security-domains>
|
||||
<security-domain name="other" cache-type="default">
|
||||
<authentication>
|
||||
<login-module code="UsersRoles" flag="required"/>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:threads:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:1.0">
|
||||
<core-environment>
|
||||
<process-id>
|
||||
<uuid/>
|
||||
</process-id>
|
||||
</core-environment>
|
||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
||||
<coordinator-environment default-timeout="300"/>
|
||||
<object-store/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:web:1.0">
|
||||
<connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http"/>
|
||||
<virtual-server name="localhost" enable-welcome-root="true">
|
||||
<alias name="example.com"/>
|
||||
</virtual-server>
|
||||
</subsystem>
|
||||
<!--
|
||||
<subsystem xmlns="urn:jboss:domain:weld:1.0"/>
|
||||
-->
|
||||
</profile>
|
||||
<interfaces>
|
||||
<interface name="public">
|
||||
<any-address/>
|
||||
</interface>
|
||||
</interfaces>
|
||||
<socket-binding-group name="standard-sockets" default-interface="public">
|
||||
<socket-binding name="http" port="8080"/>
|
||||
<socket-binding name="https" port="8443"/>
|
||||
<socket-binding name="jmx-connector-registry" port="1090"/>
|
||||
<socket-binding name="jmx-connector-server" port="1091"/>
|
||||
<socket-binding name="jndi" port="1099"/>
|
||||
<socket-binding name="osgi-http" port="8090"/>
|
||||
<socket-binding name="remoting" port="4447"/>
|
||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
||||
<socket-binding name="txn-status-manager" port="4713"/>
|
||||
</socket-binding-group>
|
||||
</server>
|
||||
|
||||
END_OF_FILE
|
||||
mkdir -p $INSTANCE_HOME
|
||||
|
||||
# create runscript header
|
||||
cat > $INSTANCE_HOME/jboss.sh <<END_OF_SCRIPT
|
||||
#!/bin/bash
|
||||
set +u
|
||||
shopt -s xpg_echo
|
||||
shopt -s expand_aliases
|
||||
PROMPT_COMMAND='echo -ne "\033]0;jboss\007"'
|
||||
export PATH=/usr/ucb/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
export INSTANCE_NAME='jboss'
|
||||
export JBOSS_HOME='$JBOSS_HOME'
|
||||
export INSTANCE_NAME='$INSTANCE_NAME'
|
||||
export INSTANCE_HOME='$INSTANCE_HOME'
|
||||
export LOG_DIR='$LOG_DIR'
|
||||
END_OF_SCRIPT
|
||||
|
||||
# add desired commands from the user
|
||||
cat >> $INSTANCE_HOME/jboss.sh <<'END_OF_SCRIPT'
|
||||
cd $INSTANCE_HOME
|
||||
java -server -Xms128m -Xmx128m -XX:MaxPermSize=128m -Djava.net.preferIPv4Stack=true -XX:+UseFastAccessorMethods -XX:+TieredCompilation -Xverify:none -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Dorg.jboss.boot.log.file=$JBOSS_HOME/standalone/log/boot.log -Dlogging.configuration=file:$JBOSS_HOME/standalone/configuration/logging.properties -jar $JBOSS_HOME/jboss-modules.jar -mp $JBOSS_HOME/modules -logmodule org.jboss.logmanager -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -Djboss.home.dir=$JBOSS_HOME --server-config=standalone-custom.xml
|
||||
END_OF_SCRIPT
|
||||
|
||||
# add runscript footer
|
||||
cat >> $INSTANCE_HOME/jboss.sh <<'END_OF_SCRIPT'
|
||||
exit 0
|
||||
END_OF_SCRIPT
|
||||
|
||||
chmod u+x $INSTANCE_HOME/jboss.sh
|
||||
;;
|
||||
status)
|
||||
default || exit 1
|
||||
findPid $INSTANCE_NAME || exit 1
|
||||
echo [$FOUND_PID]
|
||||
;;
|
||||
stop)
|
||||
default || exit 1
|
||||
findPid $INSTANCE_NAME || exit 1
|
||||
[ -n "$FOUND_PID" ] && {
|
||||
echo stopping $FOUND_PID
|
||||
kill -9 $FOUND_PID
|
||||
}
|
||||
;;
|
||||
start)
|
||||
default || exit 1
|
||||
forget $INSTANCE_NAME $INSTANCE_HOME/$INSTANCE_NAME.sh $LOG_DIR || exit 1
|
||||
;;
|
||||
tail)
|
||||
default || exit 1
|
||||
tail $LOG_DIR/stdout.log
|
||||
;;
|
||||
tailerr)
|
||||
default || exit 1
|
||||
tail $LOG_DIR/stderr.log
|
||||
;;
|
||||
run)
|
||||
default || exit 1
|
||||
$INSTANCE_HOME/$INSTANCE_NAME.sh
|
||||
;;
|
||||
esac
|
||||
exit 0
|
|
@ -0,0 +1,103 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server name="basic" xmlns="urn:jboss:domain:1.0">
|
||||
<extensions>
|
||||
<extension module="org.jboss.as.connector"/>
|
||||
<extension module="org.jboss.as.deployment-scanner"/>
|
||||
<extension module="org.jboss.as.ee"/>
|
||||
<extension module="org.jboss.as.logging"/>
|
||||
<extension module="org.jboss.as.naming"/>
|
||||
<extension module="org.jboss.as.security"/>
|
||||
<extension module="org.jboss.as.threads"/>
|
||||
<extension module="org.jboss.as.transactions"/>
|
||||
<extension module="org.jboss.as.web"/>
|
||||
<!--
|
||||
<extension module="org.jboss.as.weld"/>
|
||||
-->
|
||||
</extensions>
|
||||
<profile>
|
||||
<subsystem xmlns="urn:jboss:domain:logging:1.0">
|
||||
<console-handler name="CONSOLE" autoflush="true">
|
||||
<level name="INFO"/>
|
||||
<formatter>
|
||||
<pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
|
||||
</formatter>
|
||||
</console-handler>
|
||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
||||
<level name="INFO"/>
|
||||
<formatter>
|
||||
<pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
|
||||
</formatter>
|
||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
||||
<suffix value=".yyyy-MM-dd"/>
|
||||
</periodic-rotating-file-handler>
|
||||
<logger category="com.arjuna">
|
||||
<level name="WARN"/>
|
||||
</logger>
|
||||
<logger category="org.apache.tomcat.util.modeler">
|
||||
<level name="WARN"/>
|
||||
</logger>
|
||||
<logger category="sun.rmi">
|
||||
<level name="WARN"/>
|
||||
</logger>
|
||||
<root-logger>
|
||||
<level name="INFO"/>
|
||||
<handlers>
|
||||
<handler name="CONSOLE"/>
|
||||
<handler name="FILE"/>
|
||||
</handlers>
|
||||
</root-logger>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:1.0">
|
||||
<deployment-scanner name="default" path="deployments" scan-enabled="true" scan-interval="5000" relative-to="jboss.server.base.dir" deployment-timeout="60"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ee:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:naming:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:resource-adapters:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:security:1.0">
|
||||
<security-domains>
|
||||
<security-domain name="other" cache-type="default">
|
||||
<authentication>
|
||||
<login-module code="UsersRoles" flag="required"/>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:threads:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:1.0">
|
||||
<core-environment>
|
||||
<process-id>
|
||||
<uuid/>
|
||||
</process-id>
|
||||
</core-environment>
|
||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
||||
<coordinator-environment default-timeout="300"/>
|
||||
<object-store/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:web:1.0">
|
||||
<connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http"/>
|
||||
<virtual-server name="localhost" enable-welcome-root="true">
|
||||
<alias name="example.com"/>
|
||||
</virtual-server>
|
||||
</subsystem>
|
||||
<!--
|
||||
<subsystem xmlns="urn:jboss:domain:weld:1.0"/>
|
||||
-->
|
||||
</profile>
|
||||
<interfaces>
|
||||
<interface name="public">
|
||||
<any-address/>
|
||||
</interface>
|
||||
</interfaces>
|
||||
<socket-binding-group name="standard-sockets" default-interface="public">
|
||||
<socket-binding name="http" port="8080"/>
|
||||
<socket-binding name="https" port="8443"/>
|
||||
<socket-binding name="jmx-connector-registry" port="1090"/>
|
||||
<socket-binding name="jmx-connector-server" port="1091"/>
|
||||
<socket-binding name="jndi" port="1099"/>
|
||||
<socket-binding name="osgi-http" port="8090"/>
|
||||
<socket-binding name="remoting" port="4447"/>
|
||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
||||
<socket-binding name="txn-status-manager" port="4713"/>
|
||||
</socket-binding-group>
|
||||
</server>
|
Loading…
Reference in New Issue