Compare commits
1 commit
main
...
inxi_archi
Author | SHA1 | Date | |
---|---|---|---|
Cayo Puigdefabregas | ae5f9c341a |
5
Makefile
5
Makefile
|
@ -44,11 +44,6 @@ boot_iso_uefi_secureboot:
|
|||
-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
|
||||
-boot menu=on
|
||||
|
||||
# when you change something, you need to refresh it this way
|
||||
regenerate_pxe_install:
|
||||
./deploy-workbench.sh
|
||||
pxe/install-pxe.sh
|
||||
|
||||
es_gen:
|
||||
$(MAKE) es_gen_po
|
||||
$(MAKE) es_gen_mo
|
||||
|
|
|
@ -327,7 +327,7 @@ echo 'Install requirements'
|
|||
apt-get install -y --no-install-recommends \
|
||||
sudo locales keyboard-configuration console-setup qrencode \
|
||||
python-is-python3 python3 python3-dev python3-pip pipenv \
|
||||
dmidecode smartmontools hwinfo pciutils lshw nfs-common inxi < /dev/null
|
||||
dmidecode smartmontools hwinfo pciutils lshw nfs-common < /dev/null
|
||||
|
||||
# Install lshw B02.19 utility using backports (DEPRECATED in Debian 12)
|
||||
#apt install -y -t ${VERSION_CODENAME}-backports lshw < /dev/null
|
||||
|
|
|
@ -9,7 +9,7 @@ set -u
|
|||
set -x
|
||||
|
||||
main() {
|
||||
sudo apt install qrencode smartmontools lshw hwinfo dmidecode inxi
|
||||
sudo apt install smartmontools lshw hwinfo dmidecode
|
||||
}
|
||||
|
||||
main "${@}"
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
# assuming server_ip using qemu
|
||||
server_ip=10.0.2.1
|
||||
nfs_allowed_lan=10.0.2.0/24
|
||||
server_ip=192.168.1.2
|
||||
nfs_allowed_lan=192.168.1.0/24
|
||||
tftp_path='/srv/pxe-tftp'
|
||||
nfs_path='/srv/pxe-nfs'
|
||||
|
|
|
@ -93,7 +93,6 @@ pxe-service=x86PC,"Network Boot",pxelinux
|
|||
enable-tftp
|
||||
tftp-root=${tftp_path}
|
||||
END
|
||||
sudo systemctl restart dnsmasq || true
|
||||
}
|
||||
|
||||
install_netboot() {
|
||||
|
|
|
@ -4,11 +4,7 @@ url = http://localhost:8000/api/v1/snapshot/
|
|||
# sample token that works with default deployment such as the previous two urls
|
||||
token = 5018dd65-9abd-4a62-8896-80f34ac66150
|
||||
|
||||
# Idhub
|
||||
# wb_sign_token = "27de6ad7-cee2-4fe8-84d4-c7eea9c969c8"
|
||||
# url_wallet = "http://localhost"
|
||||
|
||||
# path = /path/to/save
|
||||
# device = your_device_name
|
||||
# # erase = basic
|
||||
# legacy = True
|
||||
# legacy = true
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
import os
|
||||
import json
|
||||
import uuid
|
||||
import hashlib
|
||||
import argparse
|
||||
import configparser
|
||||
import urllib.parse
|
||||
|
@ -22,7 +21,7 @@ SNAPSHOT_BASE = {
|
|||
'uuid': str(uuid.uuid4()),
|
||||
'software': "workbench-script",
|
||||
'version': "0.0.1",
|
||||
'operator_id': "",
|
||||
'token_hash': "",
|
||||
'data': {},
|
||||
'erase': []
|
||||
}
|
||||
|
@ -46,7 +45,6 @@ def exec_cmd(cmd):
|
|||
logger.info(_('Running command `%s`'), cmd)
|
||||
return os.popen(cmd).read()
|
||||
|
||||
|
||||
@logs
|
||||
def exec_cmd_erase(cmd):
|
||||
logger.info(_('Running command `%s`'), cmd)
|
||||
|
@ -65,13 +63,13 @@ def convert_to_legacy_snapshot(snapshot):
|
|||
snapshot["schema_api"] = "1.0.0"
|
||||
snapshot["settings_version"] = "No Settings Version (NaN)"
|
||||
snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
|
||||
snapshot["data"]["smart"] = json.loads(snapshot["data"]["smartctl"])
|
||||
snapshot["data"].pop("smartctl")
|
||||
snapshot["data"]["smart"] = snapshot["data"]["disks"]
|
||||
snapshot["data"].pop("disks")
|
||||
snapshot["data"].pop("inxi")
|
||||
snapshot.pop("operator_id")
|
||||
snapshot.pop("erase")
|
||||
snapshot.pop("token_hash")
|
||||
|
||||
lshw = 'sudo lshw -json'
|
||||
lshw = 'sudo lshw -xml'
|
||||
hwinfo = 'sudo hwinfo --reallyall'
|
||||
lspci = 'sudo lspci -vv'
|
||||
|
||||
|
@ -252,7 +250,7 @@ def smartctl(all_disks, disk=None):
|
|||
data = exec_smart(disk['name'])
|
||||
data_list.append(data)
|
||||
|
||||
return json.dumps(data_list)
|
||||
return data_list
|
||||
|
||||
## End Command Functions ##
|
||||
|
||||
|
@ -264,7 +262,7 @@ def get_data(all_disks):
|
|||
inxi = "sudo inxi -afmnGEMABD -x 3 --edid --output json --output-file print"
|
||||
|
||||
data = {
|
||||
'smartctl': smartctl(all_disks),
|
||||
'disks': smartctl(all_disks),
|
||||
'dmidecode': exec_cmd(dmidecode),
|
||||
'inxi': exec_cmd(inxi)
|
||||
}
|
||||
|
@ -307,88 +305,33 @@ def save_snapshot_in_disk(snapshot, path, snap_uuid):
|
|||
logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n %s"), e)
|
||||
|
||||
|
||||
def send_to_sign_credential(snapshot, token, url):
|
||||
headers = {
|
||||
"Authorization": f"Bearer {token}",
|
||||
"Content-Type": "application/json"
|
||||
}
|
||||
|
||||
try:
|
||||
cred = {
|
||||
"type": "DeviceSnapshotV1",
|
||||
"save": False,
|
||||
"data": {
|
||||
"operator_id": snapshot["operator_id"],
|
||||
"dmidecode": snapshot["data"]["dmidecode"],
|
||||
"inxi": snapshot["data"]["inxi"],
|
||||
"smartctl": snapshot["data"]["smartctl"],
|
||||
"uuid": snapshot["uuid"],
|
||||
}
|
||||
}
|
||||
|
||||
data = json.dumps(cred).encode('utf-8')
|
||||
request = urllib.request.Request(url, data=data, headers=headers)
|
||||
with urllib.request.urlopen(request) as response:
|
||||
status_code = response.getcode()
|
||||
response_text = response.read().decode('utf-8')
|
||||
|
||||
if 200 <= status_code < 300:
|
||||
logger.info(_("Credential successfully signed"))
|
||||
res = json.loads(response_text)
|
||||
if res.get("status") == "success" and res.get("data"):
|
||||
return res["data"]
|
||||
return json.dumps(snapshot)
|
||||
else:
|
||||
logger.error(_("Credential cannot signed in '%s'"), url)
|
||||
return json.dumps(snapshot)
|
||||
|
||||
except Exception as e:
|
||||
logger.error(_("Credential not remotely builded to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
|
||||
return json.dumps(snapshot)
|
||||
|
||||
|
||||
# TODO sanitize url, if url is like this, it fails
|
||||
# url = 'http://127.0.0.1:8000/api/snapshot/'
|
||||
def send_snapshot_to_devicehub(snapshot, token, url, ev_uuid, legacy):
|
||||
def send_snapshot_to_devicehub(snapshot, token, url):
|
||||
url_components = urllib.parse.urlparse(url)
|
||||
ev_path = f"evidence/{ev_uuid}"
|
||||
components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
|
||||
ev_path = "evidence/{}".format(snapshot["uuid"])
|
||||
components = (url_components.schema, url_components.netloc, ev_path, '', '', '')
|
||||
ev_url = urllib.parse.urlunparse(components)
|
||||
# apt install qrencode
|
||||
qr = "echo {} | qrencode -t ANSI".format(ev_url)
|
||||
print(exec_cmd(qr))
|
||||
print(ev_url)
|
||||
|
||||
headers = {
|
||||
"Authorization": f"Bearer {token}",
|
||||
"Content-Type": "application/json"
|
||||
}
|
||||
try:
|
||||
data = snapshot.encode('utf-8')
|
||||
data = json.dumps(snapshot).encode('utf-8')
|
||||
request = urllib.request.Request(url, data=data, headers=headers)
|
||||
with urllib.request.urlopen(request) as response:
|
||||
status_code = response.getcode()
|
||||
response_text = response.read().decode('utf-8')
|
||||
#response_text = response.read().decode('utf-8')
|
||||
|
||||
if 200 <= status_code < 300:
|
||||
logger.info(_("Snapshot successfully sent to '%s'"), url)
|
||||
if legacy:
|
||||
try:
|
||||
response = json.loads(response_text)
|
||||
public_url = response.get('public_url')
|
||||
dhid = response.get('dhid')
|
||||
if public_url:
|
||||
# apt install qrencode
|
||||
qr = "echo {} | qrencode -t ANSI".format(public_url)
|
||||
print(exec_cmd(qr))
|
||||
print("url: {}".format(public_url))
|
||||
if dhid:
|
||||
print("dhid: {}".format(dhid))
|
||||
except Exception:
|
||||
logger.error(response_text)
|
||||
else:
|
||||
qr = "echo {} | qrencode -t ANSI".format(ev_url)
|
||||
print(exec_cmd(qr))
|
||||
print(f"url: {ev_url}")
|
||||
else:
|
||||
logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n %s"), ev_uuid, url, response_text)
|
||||
logger.error(_("Snapshot cannot sent to '%s'"), url)
|
||||
|
||||
except Exception as e:
|
||||
logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n %s"), url, e)
|
||||
|
@ -413,12 +356,10 @@ def load_config(config_file="settings.ini"):
|
|||
device = config.get('settings', 'device', fallback=None)
|
||||
erase = config.get('settings', 'erase', fallback=None)
|
||||
legacy = config.get('settings', 'legacy', fallback=None)
|
||||
url_wallet = config.get('settings', 'url_wallet', fallback=None)
|
||||
wb_sign_token = config.get('settings', 'wb_sign_token', fallback=None)
|
||||
else:
|
||||
logger.error(_("Config file '%s' not found. Using default values."), config_file)
|
||||
path = os.path.join(os.getcwd())
|
||||
url, token, device, erase, legacy, url_wallet, wb_sign_token = (None,)*7
|
||||
url, token, device, erase, legacy = None, None, None, None, None
|
||||
|
||||
return {
|
||||
'path': path,
|
||||
|
@ -426,9 +367,7 @@ def load_config(config_file="settings.ini"):
|
|||
'token': token,
|
||||
'device': device,
|
||||
'erase': erase,
|
||||
'legacy': legacy,
|
||||
'wb_sign_token': wb_sign_token,
|
||||
'url_wallet': url_wallet
|
||||
'legacy': legacy
|
||||
}
|
||||
|
||||
def parse_args():
|
||||
|
@ -482,7 +421,6 @@ def main():
|
|||
config_file = args.config
|
||||
|
||||
config = load_config(config_file)
|
||||
legacy = config.get("legacy")
|
||||
|
||||
# TODO show warning if non root, means data is not complete
|
||||
# if annotate as potentially invalid snapshot (pending the new API to be done)
|
||||
|
@ -493,37 +431,22 @@ def main():
|
|||
snapshot = gen_snapshot(all_disks)
|
||||
snap_uuid = snapshot["uuid"]
|
||||
|
||||
if config['erase'] and config['device'] and not legacy:
|
||||
if config['erase'] and config['device'] and not config.get("legacy"):
|
||||
snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
|
||||
elif config['erase'] and not legacy:
|
||||
elif config['erase'] and not config.get("legacy"):
|
||||
snapshot['erase'] = gen_erase(all_disks, config['erase'])
|
||||
|
||||
if legacy:
|
||||
|
||||
if config.get("legacy"):
|
||||
convert_to_legacy_snapshot(snapshot)
|
||||
snapshot = json.dumps(snapshot)
|
||||
else:
|
||||
url_wallet = config.get("url_wallet")
|
||||
wb_sign_token = config.get("wb_sign_token")
|
||||
|
||||
if wb_sign_token:
|
||||
tk = wb_sign_token.encode("utf8")
|
||||
snapshot["operator_id"] = hashlib.sha3_256(tk).hexdigest()
|
||||
|
||||
if url_wallet and wb_sign_token:
|
||||
snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet)
|
||||
else:
|
||||
snapshot = json.dumps(snapshot)
|
||||
|
||||
save_snapshot_in_disk(snapshot, config['path'], snap_uuid)
|
||||
|
||||
if config['url']:
|
||||
send_snapshot_to_devicehub(
|
||||
snapshot,
|
||||
config['token'],
|
||||
config['url'],
|
||||
snap_uuid,
|
||||
legacy
|
||||
)
|
||||
send_snapshot_to_devicehub(snapshot, config['token'], config['url'])
|
||||
|
||||
logger.info(_("END"))
|
||||
|
||||
|
|
Loading…
Reference in a new issue