Compare commits
27 commits
inxi_archi
...
main
Author | SHA1 | Date | |
---|---|---|---|
e2d38521f2 | |||
572253936f | |||
pedro | cf066b0b11 | ||
Cayo Puigdefabregas | 82e60dff24 | ||
Cayo Puigdefabregas | 4d2905799f | ||
Cayo Puigdefabregas | 7f224618ee | ||
Cayo Puigdefabregas | ea6fcf174b | ||
Cayo Puigdefabregas | 2eb6154267 | ||
Cayo Puigdefabregas | f90d67ff4d | ||
Cayo Puigdefabregas | 69654d1e7f | ||
Cayo Puigdefabregas | 7c1e0a4870 | ||
Cayo Puigdefabregas | ad2b375346 | ||
8914c309ec | |||
Cayo Puigdefabregas | b4e18e52da | ||
Cayo Puigdefabregas | 68a2df1b28 | ||
Cayo Puigdefabregas | b3003a4e00 | ||
Cayo Puigdefabregas | 83e717fb5e | ||
Cayo Puigdefabregas | 9832cbf5f2 | ||
Cayo Puigdefabregas | 57deefdcf4 | ||
Cayo Puigdefabregas | 5a50be493b | ||
Cayo Puigdefabregas | 03a25a4a63 | ||
Cayo Puigdefabregas | 56f15f6eae | ||
b255dddff7 | |||
fb7e768229 | |||
768851090a | |||
4cb3e34b6b | |||
b4d86fcc12 |
5
Makefile
5
Makefile
|
@ -44,6 +44,11 @@ boot_iso_uefi_secureboot:
|
||||||
-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
|
-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
|
||||||
-boot menu=on
|
-boot menu=on
|
||||||
|
|
||||||
|
# when you change something, you need to refresh it this way
|
||||||
|
regenerate_pxe_install:
|
||||||
|
./deploy-workbench.sh
|
||||||
|
pxe/install-pxe.sh
|
||||||
|
|
||||||
es_gen:
|
es_gen:
|
||||||
$(MAKE) es_gen_po
|
$(MAKE) es_gen_po
|
||||||
$(MAKE) es_gen_mo
|
$(MAKE) es_gen_mo
|
||||||
|
|
|
@ -327,7 +327,7 @@ echo 'Install requirements'
|
||||||
apt-get install -y --no-install-recommends \
|
apt-get install -y --no-install-recommends \
|
||||||
sudo locales keyboard-configuration console-setup qrencode \
|
sudo locales keyboard-configuration console-setup qrencode \
|
||||||
python-is-python3 python3 python3-dev python3-pip pipenv \
|
python-is-python3 python3 python3-dev python3-pip pipenv \
|
||||||
dmidecode smartmontools hwinfo pciutils lshw nfs-common < /dev/null
|
dmidecode smartmontools hwinfo pciutils lshw nfs-common inxi < /dev/null
|
||||||
|
|
||||||
# Install lshw B02.19 utility using backports (DEPRECATED in Debian 12)
|
# Install lshw B02.19 utility using backports (DEPRECATED in Debian 12)
|
||||||
#apt install -y -t ${VERSION_CODENAME}-backports lshw < /dev/null
|
#apt install -y -t ${VERSION_CODENAME}-backports lshw < /dev/null
|
||||||
|
|
|
@ -9,7 +9,7 @@ set -u
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
sudo apt install smartmontools lshw hwinfo dmidecode
|
sudo apt install qrencode smartmontools lshw hwinfo dmidecode inxi
|
||||||
}
|
}
|
||||||
|
|
||||||
main "${@}"
|
main "${@}"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
server_ip=192.168.1.2
|
# assuming server_ip using qemu
|
||||||
nfs_allowed_lan=192.168.1.0/24
|
server_ip=10.0.2.1
|
||||||
|
nfs_allowed_lan=10.0.2.0/24
|
||||||
tftp_path='/srv/pxe-tftp'
|
tftp_path='/srv/pxe-tftp'
|
||||||
nfs_path='/srv/pxe-nfs'
|
nfs_path='/srv/pxe-nfs'
|
||||||
|
|
|
@ -93,6 +93,7 @@ pxe-service=x86PC,"Network Boot",pxelinux
|
||||||
enable-tftp
|
enable-tftp
|
||||||
tftp-root=${tftp_path}
|
tftp-root=${tftp_path}
|
||||||
END
|
END
|
||||||
|
sudo systemctl restart dnsmasq || true
|
||||||
}
|
}
|
||||||
|
|
||||||
install_netboot() {
|
install_netboot() {
|
||||||
|
|
|
@ -4,7 +4,11 @@ url = http://localhost:8000/api/v1/snapshot/
|
||||||
# sample token that works with default deployment such as the previous two urls
|
# sample token that works with default deployment such as the previous two urls
|
||||||
token = 5018dd65-9abd-4a62-8896-80f34ac66150
|
token = 5018dd65-9abd-4a62-8896-80f34ac66150
|
||||||
|
|
||||||
|
# Idhub
|
||||||
|
# wb_sign_token = "27de6ad7-cee2-4fe8-84d4-c7eea9c969c8"
|
||||||
|
# url_wallet = "http://localhost"
|
||||||
|
|
||||||
# path = /path/to/save
|
# path = /path/to/save
|
||||||
# device = your_device_name
|
# device = your_device_name
|
||||||
# # erase = basic
|
# # erase = basic
|
||||||
# legacy = true
|
# legacy = True
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
import os
|
import os
|
||||||
import json
|
import json
|
||||||
import uuid
|
import uuid
|
||||||
|
import hashlib
|
||||||
import argparse
|
import argparse
|
||||||
import configparser
|
import configparser
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
|
@ -21,7 +22,7 @@ SNAPSHOT_BASE = {
|
||||||
'uuid': str(uuid.uuid4()),
|
'uuid': str(uuid.uuid4()),
|
||||||
'software': "workbench-script",
|
'software': "workbench-script",
|
||||||
'version': "0.0.1",
|
'version': "0.0.1",
|
||||||
'token_hash': "",
|
'operator_id': "",
|
||||||
'data': {},
|
'data': {},
|
||||||
'erase': []
|
'erase': []
|
||||||
}
|
}
|
||||||
|
@ -45,6 +46,7 @@ def exec_cmd(cmd):
|
||||||
logger.info(_('Running command `%s`'), cmd)
|
logger.info(_('Running command `%s`'), cmd)
|
||||||
return os.popen(cmd).read()
|
return os.popen(cmd).read()
|
||||||
|
|
||||||
|
|
||||||
@logs
|
@logs
|
||||||
def exec_cmd_erase(cmd):
|
def exec_cmd_erase(cmd):
|
||||||
logger.info(_('Running command `%s`'), cmd)
|
logger.info(_('Running command `%s`'), cmd)
|
||||||
|
@ -63,13 +65,13 @@ def convert_to_legacy_snapshot(snapshot):
|
||||||
snapshot["schema_api"] = "1.0.0"
|
snapshot["schema_api"] = "1.0.0"
|
||||||
snapshot["settings_version"] = "No Settings Version (NaN)"
|
snapshot["settings_version"] = "No Settings Version (NaN)"
|
||||||
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
|
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
|
||||||
snapshot["data"]["smart"] = snapshot["data"]["disks"]
|
snapshot["data"]["smart"] = json.loads(snapshot["data"]["smartctl"])
|
||||||
snapshot["data"].pop("disks")
|
snapshot["data"].pop("smartctl")
|
||||||
snapshot["data"].pop("inxi")
|
snapshot["data"].pop("inxi")
|
||||||
|
snapshot.pop("operator_id")
|
||||||
snapshot.pop("erase")
|
snapshot.pop("erase")
|
||||||
snapshot.pop("token_hash")
|
|
||||||
|
|
||||||
lshw = 'sudo lshw -xml'
|
lshw = 'sudo lshw -json'
|
||||||
hwinfo = 'sudo hwinfo --reallyall'
|
hwinfo = 'sudo hwinfo --reallyall'
|
||||||
lspci = 'sudo lspci -vv'
|
lspci = 'sudo lspci -vv'
|
||||||
|
|
||||||
|
@ -250,7 +252,7 @@ def smartctl(all_disks, disk=None):
|
||||||
data = exec_smart(disk['name'])
|
data = exec_smart(disk['name'])
|
||||||
data_list.append(data)
|
data_list.append(data)
|
||||||
|
|
||||||
return data_list
|
return json.dumps(data_list)
|
||||||
|
|
||||||
## End Command Functions ##
|
## End Command Functions ##
|
||||||
|
|
||||||
|
@ -262,7 +264,7 @@ def get_data(all_disks):
|
||||||
inxi = "sudo inxi -afmnGEMABD -x 3 --edid --output json --output-file print"
|
inxi = "sudo inxi -afmnGEMABD -x 3 --edid --output json --output-file print"
|
||||||
|
|
||||||
data = {
|
data = {
|
||||||
'disks': smartctl(all_disks),
|
'smartctl': smartctl(all_disks),
|
||||||
'dmidecode': exec_cmd(dmidecode),
|
'dmidecode': exec_cmd(dmidecode),
|
||||||
'inxi': exec_cmd(inxi)
|
'inxi': exec_cmd(inxi)
|
||||||
}
|
}
|
||||||
|
@ -305,33 +307,88 @@ def save_snapshot_in_disk(snapshot, path, snap_uuid):
|
||||||
logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e)
|
logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e)
|
||||||
|
|
||||||
|
|
||||||
|
def send_to_sign_credential(snapshot, token, url):
|
||||||
|
headers = {
|
||||||
|
"Authorization": f"Bearer {token}",
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
}
|
||||||
|
|
||||||
|
try:
|
||||||
|
cred = {
|
||||||
|
"type": "DeviceSnapshotV1",
|
||||||
|
"save": False,
|
||||||
|
"data": {
|
||||||
|
"operator_id": snapshot["operator_id"],
|
||||||
|
"dmidecode": snapshot["data"]["dmidecode"],
|
||||||
|
"inxi": snapshot["data"]["inxi"],
|
||||||
|
"smartctl": snapshot["data"]["smartctl"],
|
||||||
|
"uuid": snapshot["uuid"],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data = json.dumps(cred).encode('utf-8')
|
||||||
|
request = urllib.request.Request(url, data=data, headers=headers)
|
||||||
|
with urllib.request.urlopen(request) as response:
|
||||||
|
status_code = response.getcode()
|
||||||
|
response_text = response.read().decode('utf-8')
|
||||||
|
|
||||||
|
if 200 <= status_code < 300:
|
||||||
|
logger.info(_("Credential successfully signed"))
|
||||||
|
res = json.loads(response_text)
|
||||||
|
if res.get("status") == "success" and res.get("data"):
|
||||||
|
return res["data"]
|
||||||
|
return json.dumps(snapshot)
|
||||||
|
else:
|
||||||
|
logger.error(_("Credential cannot signed in '%s'"), url)
|
||||||
|
return json.dumps(snapshot)
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(_("Credential not remotely builded to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
|
||||||
|
return json.dumps(snapshot)
|
||||||
|
|
||||||
|
|
||||||
# TODO sanitize url, if url is like this, it fails
|
# TODO sanitize url, if url is like this, it fails
|
||||||
# url = 'http://127.0.0.1:8000/api/snapshot/'
|
# url = 'http://127.0.0.1:8000/api/snapshot/'
|
||||||
def send_snapshot_to_devicehub(snapshot, token, url):
|
def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid, legacy):
|
||||||
url_components = urllib.parse.urlparse(url)
|
url_components = urllib.parse.urlparse(url)
|
||||||
ev_path = "evidence/{}".format(snapshot["uuid"])
|
ev_path = f"evidence/{ev_uuid}"
|
||||||
components = (url_components.schema, url_components.netloc, ev_path, '', '', '')
|
components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
|
||||||
ev_url = urllib.parse.urlunparse(components)
|
ev_url = urllib.parse.urlunparse(components)
|
||||||
# apt install qrencode
|
# apt install qrencode
|
||||||
qr = "echo {} | qrencode -t ANSI".format(ev_url)
|
|
||||||
print(exec_cmd(qr))
|
|
||||||
print(ev_url)
|
|
||||||
|
|
||||||
headers = {
|
headers = {
|
||||||
"Authorization": f"Bearer {token}",
|
"Authorization": f"Bearer {token}",
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json"
|
||||||
}
|
}
|
||||||
try:
|
try:
|
||||||
data = json.dumps(snapshot).encode('utf-8')
|
data = snapshot.encode('utf-8')
|
||||||
request = urllib.request.Request(url, data=data, headers=headers)
|
request = urllib.request.Request(url, data=data, headers=headers)
|
||||||
with urllib.request.urlopen(request) as response:
|
with urllib.request.urlopen(request) as response:
|
||||||
status_code = response.getcode()
|
status_code = response.getcode()
|
||||||
#response_text = response.read().decode('utf-8')
|
response_text = response.read().decode('utf-8')
|
||||||
|
|
||||||
if 200 <= status_code < 300:
|
if 200 <= status_code < 300:
|
||||||
logger.info(_("Snapshot successfully sent to '%s'"), url)
|
logger.info(_("Snapshot successfully sent to '%s'"), url)
|
||||||
|
if legacy:
|
||||||
|
try:
|
||||||
|
response = json.loads(response_text)
|
||||||
|
public_url = response.get('public_url')
|
||||||
|
dhid = response.get('dhid')
|
||||||
|
if public_url:
|
||||||
|
# apt install qrencode
|
||||||
|
qr = "echo {} | qrencode -t ANSI".format(public_url)
|
||||||
|
print(exec_cmd(qr))
|
||||||
|
print("url: {}".format(public_url))
|
||||||
|
if dhid:
|
||||||
|
print("dhid: {}".format(dhid))
|
||||||
|
except Exception:
|
||||||
|
logger.error(response_text)
|
||||||
|
else:
|
||||||
|
qr = "echo {} | qrencode -t ANSI".format(ev_url)
|
||||||
|
print(exec_cmd(qr))
|
||||||
|
print(f"url: {ev_url}")
|
||||||
else:
|
else:
|
||||||
logger.error(_("Snapshot cannot sent to '%s'"), url)
|
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"), ev_uuid, url, response_text)
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
|
logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
|
||||||
|
@ -356,10 +413,12 @@ def load_config(config_file="settings.ini"):
|
||||||
device = config.get('settings', 'device', fallback=None)
|
device = config.get('settings', 'device', fallback=None)
|
||||||
erase = config.get('settings', 'erase', fallback=None)
|
erase = config.get('settings', 'erase', fallback=None)
|
||||||
legacy = config.get('settings', 'legacy', fallback=None)
|
legacy = config.get('settings', 'legacy', fallback=None)
|
||||||
|
url_wallet = config.get('settings', 'url_wallet', fallback=None)
|
||||||
|
wb_sign_token = config.get('settings', 'wb_sign_token', fallback=None)
|
||||||
else:
|
else:
|
||||||
logger.error(_("Config file '%s' not found. Using default values."), config_file)
|
logger.error(_("Config file '%s' not found. Using default values."), config_file)
|
||||||
path = os.path.join(os.getcwd())
|
path = os.path.join(os.getcwd())
|
||||||
url, token, device, erase, legacy = None, None, None, None, None
|
url, token, device, erase, legacy, url_wallet, wb_sign_token = (None,)*7
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'path': path,
|
'path': path,
|
||||||
|
@ -367,7 +426,9 @@ def load_config(config_file="settings.ini"):
|
||||||
'token': token,
|
'token': token,
|
||||||
'device': device,
|
'device': device,
|
||||||
'erase': erase,
|
'erase': erase,
|
||||||
'legacy': legacy
|
'legacy': legacy,
|
||||||
|
'wb_sign_token': wb_sign_token,
|
||||||
|
'url_wallet': url_wallet
|
||||||
}
|
}
|
||||||
|
|
||||||
def parse_args():
|
def parse_args():
|
||||||
|
@ -421,6 +482,7 @@ def main():
|
||||||
config_file = args.config
|
config_file = args.config
|
||||||
|
|
||||||
config = load_config(config_file)
|
config = load_config(config_file)
|
||||||
|
legacy = config.get("legacy")
|
||||||
|
|
||||||
# TODO show warning if non root, means data is not complete
|
# TODO show warning if non root, means data is not complete
|
||||||
# if annotate as potentially invalid snapshot (pending the new API to be done)
|
# if annotate as potentially invalid snapshot (pending the new API to be done)
|
||||||
|
@ -431,22 +493,37 @@ def main():
|
||||||
snapshot = gen_snapshot(all_disks)
|
snapshot = gen_snapshot(all_disks)
|
||||||
snap_uuid = snapshot["uuid"]
|
snap_uuid = snapshot["uuid"]
|
||||||
|
|
||||||
if config['erase'] and config['device'] and not config.get("legacy"):
|
if config['erase'] and config['device'] and not legacy:
|
||||||
snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
|
snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
|
||||||
elif config['erase'] and not config.get("legacy"):
|
elif config['erase'] and not legacy:
|
||||||
snapshot['erase'] = gen_erase(all_disks, config['erase'])
|
snapshot['erase'] = gen_erase(all_disks, config['erase'])
|
||||||
|
|
||||||
|
if legacy:
|
||||||
if config.get("legacy"):
|
|
||||||
convert_to_legacy_snapshot(snapshot)
|
convert_to_legacy_snapshot(snapshot)
|
||||||
snapshot = json.dumps(snapshot)
|
snapshot = json.dumps(snapshot)
|
||||||
else:
|
else:
|
||||||
snapshot = json.dumps(snapshot)
|
url_wallet = config.get("url_wallet")
|
||||||
|
wb_sign_token = config.get("wb_sign_token")
|
||||||
|
|
||||||
|
if wb_sign_token:
|
||||||
|
tk = wb_sign_token.encode("utf8")
|
||||||
|
snapshot["operator_id"] = hashlib.sha3_256(tk).hexdigest()
|
||||||
|
|
||||||
|
if url_wallet and wb_sign_token:
|
||||||
|
snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet)
|
||||||
|
else:
|
||||||
|
snapshot = json.dumps(snapshot)
|
||||||
|
|
||||||
save_snapshot_in_disk(snapshot, config['path'], snap_uuid)
|
save_snapshot_in_disk(snapshot, config['path'], snap_uuid)
|
||||||
|
|
||||||
if config['url']:
|
if config['url']:
|
||||||
send_snapshot_to_devicehub(snapshot, config['token'], config['url'])
|
send_snapshot_to_devicehub(
|
||||||
|
snapshot,
|
||||||
|
config['token'],
|
||||||
|
config['url'],
|
||||||
|
snap_uuid,
|
||||||
|
legacy
|
||||||
|
)
|
||||||
|
|
||||||
logger.info(_("END"))
|
logger.info(_("END"))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue