975 lines
34 KiB
Perl
Raw Normal View History

#!/usr/bin/perl
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
use xCAT::TZUtils;
use xCAT::WinUtils;
package xCAT::Template;
use strict;
use xCAT::Table;
use File::Basename;
use File::Path;
#use Data::Dumper;
use Sys::Syslog;
use xCAT::ADUtils; #to allow setting of one-time machine passwords
use xCAT::Utils;
use xCAT::TableUtils;
use xCAT::NetworkUtils;
BEGIN
{
$::XCATROOT = $ENV{'XCATROOT'} ? $ENV{'XCATROOT'} : '/opt/xcat';
}
my $netdnssupport = eval {
require Net::DNS;
1;
};
my $tmplerr;
my $table;
my $key;
my $field;
my $idir;
my $node;
my %loggedrealms;
my $lastmachinepassdata;
my $localadminenabled; #indicate whether Windows template has local logins enabled or not
my %tab_replacement=(
"noderes:nfsserver"=>"noderes:xcatmaster",
"noderes:tftpserver"=>"noderes:xcatmaster",
);
sub subvars {
my $self = shift;
my $inf = shift;
my $outf = shift;
$tmplerr=undef; #clear tmplerr since we are starting fresh
$node = shift;
my $pkglistfile=shift;
my $media_dir = shift;
my $platform=shift;
my $partitionfile=shift;
my %namedargs = @_; #further expansion of this function will be named arguments, should have happened sooner.
unless ($namedargs{reusemachinepass}) {
$lastmachinepassdata->{password}="";
}
my $outh;
my $inh;
$idir = dirname($inf);
open($inh,"<",$inf);
unless ($inh) {
return "Unable to open $inf, aborting";
}
mkpath(dirname($outf));
open($outh,">",$outf);
unless($outh) {
return "Unable to open $outf for writing/creation, aborting";
}
my $inc;
#First load input into memory..
while (<$inh>) {
$inc.=$_;
}
close($inh);
my $master;
#my $sitetab = xCAT::Table->new('site');
my $noderestab = xCAT::Table->new('noderes');
#(my $et) = $sitetab->getAttribs({key=>"master"},'value');
my @masters = xCAT::TableUtils->get_site_attribute("master");
my $tmp = $masters[0];
if ( defined($tmp) ) {
$master = $tmp;
}
my $ipfn = xCAT::NetworkUtils->my_ip_facing($node);
if ($ipfn) {
$master = $ipfn;
}
my $et = $noderestab->getNodeAttribs($node,['xcatmaster']);
if ($et and $et->{'xcatmaster'}) {
$master = $et->{'xcatmaster'};
}
unless ($master) {
die "Unable to identify master for $node";
}
$ENV{XCATMASTER}=$master;
my @nodestatus = xCAT::TableUtils->get_site_attribute("nodestatus");
my $tmp=$nodestatus[0];
if( defined($tmp) ){
$ENV{NODESTATUS}=$tmp;
}
#replace the env with the right value so that correct include files can be found
$inc =~ s/#ENV:([^#]+)#/envvar($1)/eg;
if ($pkglistfile) {
#substitute the tag #INCLUDE_DEFAULT_PKGLIST# with package file name (for full install of rh, centos,SL, esx fedora)
$inc =~ s/#INCLUDE_DEFAULT_PKGLIST#/#INCLUDE:$pkglistfile#/g;
#substitute the tag #INCLUDE_DEFAULT_PKGLIST_S# with package file name (for full install of sles)
#substitute the tag #INCLUDE_DEFAULT_PERNLIST_S# with package file name (for full install sles
#substitute the tag #INCLUDE_DEFAULT_RMPKGLIST_S# with package file name (for full install sles)
$inc =~ s/#INCLUDE_DEFAULT_PKGLIST_S#/#INCLUDE_PKGLIST:$pkglistfile#/g;
$inc =~ s/#INCLUDE_DEFAULT_PTRNLIST_S#/#INCLUDE_PTRNLIST:$pkglistfile#/g;
$inc =~ s/#INCLUDE_DEFAULT_RMPKGLIST_S#/#INCLUDE_RMPKGLIST:$pkglistfile#/g;
}
if (("ubuntu" eq $platform) || ("debian" eq $platform)) {
# since debian/ubuntu uses a preseed file instead of a kickstart file, pkglist
# must be included via simple string replacement instead of using includefile()
# the first line of $pkglistfile is the space-delimited package list
# the additional lines are considered preseed directives and included as is
if ($pkglistfile) {
# handle empty and non-empty $pkglistfile's
if (open PKGLISTFILE, "<$pkglistfile") {
my $pkglist = '';
# append preseed directive lines
while (<PKGLISTFILE>) {
chomp $_;
if (/^\s*#.*/ ){
next;
}
$pkglist .= " " . $_;
}
$inc =~ s/#INCLUDE_DEFAULT_PKGLIST_PRESEED#/$pkglist/g;
close PKGLISTFILE;
}
} else {
# handle no $pkglistfile
$inc =~ s/#INCLUDE_DEFAULT_PKGLIST_PRESEED#//g;
}
}
#do *all* includes, recursive and all
my $doneincludes=0;
while (not $doneincludes) {
$doneincludes=1;
if ($inc =~ /#INCLUDE_PKGLIST:[^#^\n]+#/) {
$doneincludes=0;
$inc =~ s/#INCLUDE_PKGLIST:([^#^\n]+)#/includefile($1, 0, 1)/eg;
}
if ($inc =~ /#INCLUDE_PTRNLIST:[^#^\n]+#/) {
$doneincludes=0;
$inc =~ s/#INCLUDE_PTRNLIST:([^#^\n]+)#/includefile($1, 0, 2)/eg;
}
if ($inc =~ /#INCLUDE_RMPKGLIST:[^#^\n]+#/) {
$doneincludes=0;
$inc =~ s/#INCLUDE_RMPKGLIST:([^#^\n]+)#/includefile($1, 0, 3)/eg;
}
if ($inc =~ /#INCLUDE:[^#^\n]+#/) {
$doneincludes=0;
$inc =~ s/#INCLUDE:([^#^\n]+)#/includefile($1, 0, 0)/eg;
}
}
#support multiple paths of osimage in rh/sles diskfull installation
my @pkgdirs;
if ( defined($media_dir) ) {
@pkgdirs = split(",", $media_dir);
my $source;
my $source_in_pre;
my $c = 0;
foreach my $pkgdir(@pkgdirs) {
if( $platform =~ /^(rh|SL|centos)$/ ) {
if ( $c == 0 ) {
# After some tests, if we put the repo in pre scripts in the kickstart like for rhels6.x
# the rhels5.9 will not be installed successfully. So put in kickstart directly.
$source_in_pre .= "echo 'url --url http://'\$nextserver'/$pkgdir' >> /tmp/repos";
$source .= "url --url http://#TABLE:noderes:\$NODE:nfsserver#/$pkgdir\n"; #For rhels5.9
} else {
$source_in_pre .= "\necho 'repo --name=pkg$c --baseurl=http://'\$nextserver'/$pkgdir' >> /tmp/repos";
$source .= "repo --name=pkg$c --baseurl=http://#TABLE:noderes:\$NODE:nfsserver#/$pkgdir\n"; #for rhels5.9
}
} elsif ($platform =~ /^(sles|suse)/) {
my $http = "http://#TABLE:noderes:\$NODE:nfsserver#$pkgdir";
$source .= " <listentry>
<media_url>$http</media_url>
<product>SuSE-Linux-pkg$c</product>
<product_dir>/</product_dir>
<ask_on_error config:type=\"boolean\">false</ask_on_error> <!-- available since openSUSE 11.0 -->
<name>SuSE-Linux-pkg$c</name> <!-- available since openSUSE 11.1/SLES11 (bnc#433981) -->
</listentry>";
$source_in_pre .="<listentry><media_url>http://'\$nextserver'$pkgdir</media_url><product>SuSE-Linux-pkg$c</product><product_dir>/</product_dir><ask_on_error config:type=\"boolean\">false</ask_on_error><name>SuSE-Linux-pkg$c</name></listentry>";
}
$c++;
}
$inc =~ s/#INSTALL_SOURCES#/$source/g;
$inc =~ s/#INSTALL_SOURCES_IN_PRE#/$source_in_pre/g;
}
#Support hierarchical include
$inc =~ s/#ENV:([^#]+)#/envvar($1)/eg;
if ($inc =~ /#INCLUDE:[^#^\n]+#/) {
$inc =~ s/#INCLUDE:([^#^\n]+)#/includefile($1, 0, 0)/eg;
}
#ok, now do everything else..
$inc =~ s/#TABLE:([^:]+):([^:]+):([^#]+)#/tabdb($1,$2,$3)/eg;
$inc =~ s/#TABLEBLANKOKAY:([^:]+):([^:]+):([^#]+)#/tabdb($1,$2,$3,'1')/eg;
$inc =~ s/#INCLUDE_NOP:([^#^\n]+)#/includefile($1,1,0)/eg;
$inc =~ s/#INCLUDE_PKGLIST:([^#^\n]+)#/includefile($1,0,1)/eg;
$inc =~ s/#INCLUDE_PTRNLIST:([^#^\n]+)#/includefile($1,0,2)/eg;
$inc =~ s/#INCLUDE_RMPKGLIST:([^#^\n]+)#/includefile($1,0,3)/eg;
$inc =~ s/#INCLUDE:([^#^\n]+)#/includefile($1, 0, 0)/eg;
$inc =~ s/#XCATVAR:([^#]+)#/envvar($1)/eg;
$inc =~ s/#ENV:([^#]+)#/envvar($1)/eg;
$inc =~ s/#MACHINEPASSWORD#/machinepassword()/eg;
$inc =~ s/#CRYPT:([^:]+):([^:]+):([^#]+)#/crydb($1,$2,$3)/eg;
$inc =~ s/#COMMAND:([^#]+)#/command($1)/eg;
$inc =~ s/#KICKSTARTNET#/kickstartnetwork()/eg;
$inc =~ s/#ESXIPV6SETUP#/esxipv6setup()/eg;
$inc =~ s/#WINTIMEZONE#/xCAT::TZUtils::get_wintimezone()/eg;
$inc =~ s/#WINPRODKEY:([^#]+)#/get_win_prodkey($1)/eg;
$inc =~ s/#WINNETCFG#/windows_net_cfg()/eg;
$inc =~ s/#WINADJOIN#/windows_join_data()/eg;
$inc =~ s/#WINDNSCFG#/windows_dns_cfg()/eg;
$inc =~ s/#WINACCOUNTDATA#/windows_account_data()/eg;
$inc =~ s/#WINDISABLENULLADMIN#/windows_disable_null_admin()/eg;
$inc =~ s/#MANAGEDADDRESSMODE#/managed_address_mode()/eg;
$inc =~ s/#HOSTNAME#/$node/g;
To make the code easier to maintain we decided not to select autoyast config template file (compute.sdk.sles11.tmpl/compute.sles11), instead if the user want to do a SDK included full install, he should prepare a customized template from compute.sdk.sles11.tmpl, and copy it to /install/custom directory. This is for SLES 11 SP1 SDK DVD support (Patch 1) ==================================================================== Patch Reason: Design changed, To make the code easier to maintain we decided not to automate select autoyast config template file (compute.sdk.sles11.tmpl/compute.sles11), Patch detail: If the user want to do a SDK DVD included full install, he/she should prepare a customized template originated from compute.sdk.sles11.tmpl, and copy it under /install/custom ==================================================================== ==================================================================== Target Dist: SLES 11 SP1, for both full install and statelite install Aim: To enable users to install packages from SDK DVD during installation user impact: If the user add packages in .pkglist files, he/she should first do 'copycds' using SDK DVD iso. For full install, the user should prepare a .tmpl file for autoyast By-effect: N/A Limitations: 2nd installation DVD and 2nd SDK DVD not supported, both carries source packages. It seems they are not recognized by autoyast, and it's of no use to install sources pkgs on CNs. ==================================================================== git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@9980 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
2011-06-29 10:03:58 +00:00
my $nrtab = xCAT::Table->new("noderes");
my $tftpserver = $nrtab->getNodeAttribs($node, ['tftpserver']);
my $sles_sdk_media = "http://" . $tftpserver->{tftpserver} . $media_dir . "/sdk1";
$inc =~ s/#SLES_SDK_MEDIA#/$sles_sdk_media/eg;
#if user specify the partion file, replace the default partition strategy
if ($partitionfile){
#if the content of the partition file is definition replace the default is ok
my $partcontent = '';
my $scriptflag = 0;
if ($partitionfile =~ /^s:(.*)/){
$scriptflag = 1;
$partitionfile = $1;
}
if (-r $partitionfile){
open ($inh, "<", $partitionfile);
while (<$inh>){
$partcontent .= $_;
}
close ($inh);
#the content of the specified file is a script which can write partition definition into /tmp/partitionfile
if ($scriptflag){
#for redhat/sl/centos/kvm/fedora
if ($inc =~ /#XCAT_PARTITION_START#/) {
my $tempstr = "%include /tmp/partitionfile\n";
$inc =~ s/#XCAT_PARTITION_START#[\s\S]*#XCAT_PARTITION_END#/$tempstr/;
#modify the content in the file, and write into %pre part
$partcontent = "cat > /tmp/partscript << EOFEOF\n" . $partcontent . "\nEOFEOF\n";
$partcontent .= "chmod 755 /tmp/partscript\n";
$partcontent .= "/tmp/partscript\n";
#replace the #XCA_PARTITION_SCRIPT#
$inc =~ s/#XCA_PARTITION_SCRIPT#/$partcontent/;
}
#for sles/suse
elsif ($inc =~ /<!-- XCAT-PARTITION-START -->/){
my $tempstr = "<drive><device>XCATPARTITIONTEMP</device></drive>";
$inc =~ s/<!-- XCAT-PARTITION-START -->[\s\S]*<!-- XCAT-PARTITION-END -->/$tempstr/;
$partcontent = "cat > /tmp/partscript << EOFEOF\n" . $partcontent . "\nEOFEOF\n";
$partcontent .= "chmod 755 /tmp/partscript\n";
$partcontent .= "/tmp/partscript\n";
$inc =~ s/#XCA_PARTITION_SCRIPT#/$partcontent/;
}
}
else{
$partcontent =~ s/\s$//;
if ($inc =~ /#XCAT_PARTITION_START#/){
$inc =~ s/#XCAT_PARTITION_START#[\s\S]*#XCAT_PARTITION_END#/$partcontent/;
}
elsif ($inc =~ /<!-- XCAT-PARTITION-START -->/){
$inc =~ s/<!-- XCAT-PARTITION-START -->[\s\S]*<!-- XCAT-PARTITION-END -->/$partcontent/;
}
}
}
}
if ($tmplerr) {
close ($outh);
return $tmplerr;
}
print $outh $inc;
close($outh);
return 0;
}
sub windows_disable_null_admin {
#in the event where windows_account_data has not set an administrator user, we explicitly disable the administrator user
unless ($localadminenabled) {
return "<RunSynchronousCommand wcm:action=\"add\">\r
<Order>100</Order>\r
<Path>cmd /c %systemroot%\\system32\\net.exe user Administrator /active:no</Path>\r
</RunSynchronousCommand>";
}
return "";
}
sub windows_account_data {
#this will add domain accounts if configured to be in active directory
#it will also put in an administrator password for local account, *if* specified
my $passtab = xCAT::Table->new('passwd',-create=>0);
my $useraccountxml="";
$localadminenabled=0;
if ($passtab) {
my $passent = $passtab->getAttribs({key=>"system",username=>"Administrator"},['password']);
if ($passent and $passent->{password}) {
$useraccountxml="<AdministratorPassword>\r\n<Value>".$passent->{password}."</Value>\r\n<PlainText>true</PlainText>\r\n</AdministratorPassword>\r\n";
$useraccountxml.="<!-- Plaintext=false would only protect against the most cursory over the shoulder glance, this implementation opts not to even give the illusion of privacy by only doing plaintext. -->\r\n";
$localadminenabled=1;
}
}
my $domain;
my $doment;
my $domaintab = xCAT::Table->new('domain',-create=>0);
if ($domaintab) {
$doment = $domaintab->getNodeAttribs($node,['authdomain','type'],prefetchcache=>1);
}
unless ($::XCATSITEVALS{directoryprovider} eq "activedirectory" or ($doment and $doment->{type} eq "activedirectory")) {
return $useraccountxml;
}
if ($doment and $doment->{authdomain}) {
$domain = $doment->{authdomain};
} else {
$domain = $::XCATSITEVALS{domain};
}
$useraccountxml.="<DomainAccounts><DomainAccountList>\r\n<DomainAccount wcm:action=\"add\">\r\n<Group>Administrators</Group>\r\n<Name>Domain Admins</Name>\r\n</DomainAccount>\r\n<Domain>".$domain."</Domain>\r\n</DomainAccountList>\r\n</DomainAccounts>\r\n";
return $useraccountxml;
}
sub windows_net_cfg {
if ($::XCATSITEVALS{managedaddressmode} =~ /static/) { return "<!-- WINCFG Static not supported -->"; }
unless ($::XCATSITEVALS{managedaddressmode} =~ /autoula/) {
return ""; #windows default behavior
}
#autoula,
my $hoststab;
my $mactab = xCAT::Table->new('mac',-create=>0);
unless ($mactab) { die "mac table should always exist prior to template processing when doing autoula"; }
my $ent = $mactab->getNodeAttribs($node,['mac'],prefetchcache=>1);
unless ($ent and $ent->{mac}) { die "missing mac data for $node"; }
my $suffix = $ent->{mac};
my $mac = $suffix;
$suffix = lc($suffix);
$mac =~ s/:/-/g;
unless ($hoststab) { $hoststab = xCAT::Table->new('hosts',-create=>1); }
my $ulaaddr = autoulaaddress($suffix);
$hoststab->setNodeAttribs($node,{ip=>$ulaaddr});
return '<component name="Microsoft-Windows-TCPIP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'."\r\n<Interfaces><Interface wcm:action=\"add\">\r\n<Ipv4Settings><DhcpEnabled>false</DhcpEnabled></Ipv4Settings><Ipv6Settings><DhcpEnabled>false</DhcpEnabled></Ipv6Settings>\r\n<Identifier>$mac</Identifier>\r\n<UnicastIpAddresses>\r\n<IpAddress wcm:action=\"add\" wcm:keyValue=\"1\">$ulaaddr/64</IpAddress>\r\n</UnicastIpAddresses>\r\n</Interface>\r\n</Interfaces>\r\n</component>\r\n";
}
sub windows_dns_cfg {
my $domain;
my $doment;
my $noderesent;
my $noderestab = xCAT::Table->new("noderes",-create=>0);
unless ($noderestab) { return ""; }
$noderesent = $noderestab->getNodeAttribs($node,['nameservers'],prefetchcache=>1);
unless ($noderesent and $noderesent->{nameservers}) { return ""; }
my $mac="==PRINIC==";
my $mactab = xCAT::Table->new('mac',-create=>0);
if ($mactab) {
my $macent = $mactab->getNodeAttribs($node,['mac'],prefetchcache=>1);
if ($macent and $macent->{mac}) {
$mac=$macent->{mac};
$mac=~ s/!.*//;
$mac=~ s/\|.*//;
$mac =~ s/:/-/g;
}
}
my $nameservers = $noderesent->{nameservers};
my $domaintab = xCAT::Table->new('domain',-create=>0);
if ($domaintab) {
$doment = $domaintab->getNodeAttribs($node,['authdomain'],prefetchcache=>1);
}
if ($doment and $doment->{authdomain}) {
$domain = $doment->{authdomain};
} else {
$domain = $::XCATSITEVALS{domain};
}
my $componentxml = '<component name="Microsoft-Windows-DNS-Client" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'."\r\n<DNSDomain>$domain</DNSDomain>\r\n".
"<Interfaces><Interface wcm:action=\"add\">\r\n<Identifier>$mac</Identifier>\r\n<DNSServerSearchOrder>\r\n";
my $idx=1;
foreach (split /,/,$nameservers) {
$componentxml.="<IpAddress wcm:action=\"add\" wcm:keyValue=\"$idx\">$_</IpAddress>\r\n";
$idx+=1;
}
$componentxml .= "</DNSServerSearchOrder>\r\n</Interface>\r\n</Interfaces>\r\n</component>\r\n";
return $componentxml;
}
#this will examine table data, decide *if* a Microsoft-Windows-UnattendedJoin is warranted
#there are two variants in how to proceed:
#-Hide domain administrator from node: xCAT will use MACHINEPASSWORD to do joining to AD. Currently requires SSL be enabled on DC. Samba 4 TODO
#-Provide domain administrator credentials, avoiding the SSL scenario. This is by default forbidden as it is high risk for exposing sensitive credentials.
# Also populate MachineObjectOU
sub windows_join_data {
my $doment;
my $domaintab = xCAT::Table->new('domain',-create=>0);
if ($domaintab) {
$doment = $domaintab->getNodeAttribs($node,['ou','type','authdomain','adminuser','adminpassword'],prefetchcache=>1);
}
unless ($::XCATSITEVALS{directoryprovider} eq "activedirectory" or ($doment and $doment->{type} eq "activedirectory")) {
return "";
}
#we are still here, meaning configuration has a domain and activedirectory set, probably want to join..
#TODO: provide a per-node 'disable' so that non-AD could be mixed into a nominally AD environment
my $prejoin =1;
if (defined $::XCATSITEVALS{prejoinactivedirectory} and not $::XCATSITEVALS{prejoinactivedirectory} ) {
$prejoin = 0;
}
my $domain;
my $ou;
if ($doment and $doment->{ou}) {
$ou = $doment->{ou};
}
if ($doment and $doment->{authdomain}) {
$domain = $doment->{authdomain};
} else {
$domain = $::XCATSITEVALS{domain};
}
my $componentxml = '<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'."\r\n<Identification>\r\n<JoinDomain>".$domain."</JoinDomain>\r\n";
if ($ou) {
$componentxml .= "<MachineObjectOU>".$ou."</MachineObjectOU>\r\n";
}
if ($prejoin) {
my $adinfo = machinepassword(wantref=>1); #TODO: needs rearranging in non prejoin case
#a note, MS is incorrect when they document unsecure join as " UnsecureJoin is performed, by using a null session with a pre-existing account. This means there is no authentication to the domain controller when configuring the machine account; it is done anonymously".
#the more informative bit is http://technet.microsoft.com/en-us/library/cc730845%28v=ws.10%29.aspx which says of 'securejoin': this method is actually less secure because the credentials reside in the ImageUnattend.xml file in plain text.
#xCAT is generating a one-time password that is kept as limited as is feasible for the deployment strategy
#in theory, a domain join will either fail of the one-time password is compromised and changed, or domain
#join will invalidate any 'snooped' one time password
$componentxml .= "<MachinePassword>".$adinfo->{password}."</MachinePassword>\n<UnsecureJoin>true</UnsecureJoin>\n";
} else { #this is the pass-through credentials case, currrently inaccessible until TODO, this must be used
#with care as used incorrectly, an LDAP manager account is at high risk of compromise
my $adminuser;
my $adminpass;
if ($doment and $doment->{adminuser}) {
$adminuser = $doment->{adminuser};
}
if ($doment and $doment->{adminpassword}) {
$adminpass = $doment->{adminpassword};
}
unless ($adminuser and $adminpass) {
my $passtab = xCAT::Table->new('passwd',-create=>0);
unless ($passtab) { sendmsg([1,"Error authenticating to Active Directory"],$node); return; }
my @adpents = $passtab->getAttribs({key=>'activedirectory'},['username','password','authdomain']);
my $adpent;
foreach $adpent (@adpents) {
if ($adpent and $adpent->{authdomain} and $adpent->{authdomain} ne $domain) { next; }
if ($adpent and $adpent->{username} and $adpent->{password}) {
$adminuser = $adpent->{username};
$adminpass = $adpent->{password};
last;
}
}
}
unless ($adminuser and $adminpass) { die "Missing active directory admin auth data from passwd table" }
$componentxml .= "<Credentials><Domain>".$domain."</Domain>\r\n<Username>".$adminuser."</Username>\r\n<Password>".$adminpass."</Password>\r\n</Credentials>\r\n";
}
$componentxml .= "</Identification>\r\n</component>\r\n";
}
sub get_win_prodkey {
my $osvariant = shift;
my $keytab = xCAT::Table->new("prodkey",-create=>0);
my $keyent;
if ($keytab) {
my @keyents = $keytab->getNodeAttribs($node,[qw/product key/]);
foreach my $tkey (@keyents) {
if ($tkey->{product} eq $osvariant) {
$keyent = $tkey;
last;
} elsif (not $tkey->{product}) {
$keyent = $tkey;
}
}
unless ($keyent) {
$keyent = $keytab->getAttribs({product=>$osvariant},"key");
}
}
if ($keyent and $keyent->{key}) {
return "<ProductKey><WillShowUI>OnError</WillShowUI><Key>".$keyent->{key}."</Key></ProductKey>";
}
if ($xCAT::WinUtils::kmskeymap{$osvariant}) {
return "<ProductKey><WillShowUI>OnError</WillShowUI><Key>".$xCAT::WinUtils::kmskeymap{$osvariant}."</Key></ProductKey>";
}
return ""; #in the event that we have no specified key and no KMS key, then try with no key, user may have used some other mechanism
}
sub managed_address_mode {
return $::XCATSITEVALS{managedaddressmode};
}
sub esxipv6setup {
if (not $::XCATSITEVALS{managedaddressmode} or $::XCATSITEVALS{managedaddressmode} =~ /v4/) { return ""; } # blank line for ipv4 schemes
my $v6addr;
if ($::XCATSITEVALS{managedaddressmode} eq "autoula") {
my $hoststab;
my $mactab = xCAT::Table->new('mac',-create=>0);
my $ent = $mactab->getNodeAttribs($node,['mac'],prefetchcache=>1);
my $suffix = $ent->{mac};
$suffix = lc($suffix);
unless ($mactab) { die "mac table should always exist prior to template processing when doing autoula"; }
#in autoula, because ESXi weasel doesn't seemingly grok IPv6 at all, we'll have to do it in %pre
unless ($hoststab) { $hoststab = xCAT::Table->new('hosts',-create=>1); }
$v6addr = autoulaaddress($suffix);
$hoststab->setNodeAttribs($node,{ip=>$v6addr});
} else {
my $hoststab = xCAT::Table->new('hosts',-create=>0);
unless ($hoststab) { die "unable to proceed, no hosts table to read from" }
my $ent = $hoststab->getNodeAttribs($node,["ip"],prefetchcache=>1);
unless ($ent and $ent->{ip}) { die "no hosts table entry with viable IP in hosts table for $node" }
$v6addr = $ent->{ip};
unless ($v6addr =~ /:/) { die "incorrect format for static ipv6 in hosts table for $node" }
}
return 'esxcfg-vmknic -i '.$v6addr.'/64 "Management Network"'." #ESXISTATICV6\n";
}
sub kickstartnetwork {
my $line = "network --onboot=yes --bootproto=";
my $hoststab;
my $mactab = xCAT::Table->new('mac',-create=>0);
unless ($mactab) { die "mac table should always exist prior to template processing when doing autoula"; }
my $ent = $mactab->getNodeAttribs($node,['mac'],prefetchcache=>1);
unless ($ent and $ent->{mac}) { die "missing mac data for $node"; }
my $suffix = $ent->{mac};
$suffix = lc($suffix);
if ($::XCATSITEVALS{managedaddressmode} eq "autoula") {
unless ($hoststab) { $hoststab = xCAT::Table->new('hosts',-create=>1); }
$line .= "static --device=$suffix --noipv4 --ipv6=";
my $ulaaddr = autoulaaddress($suffix);
$hoststab->setNodeAttribs($node,{ip=>$ulaaddr});
$line .= $ulaaddr;
} elsif ($::XCATSITEVALS{managedaddressmode} =~ /static/) {
return "#KSNET static unsupported";
} else {
$line .= "dhcp --device=$suffix";
}
return $line;
}
sub autoulaaddress {
my $suffix = shift;
my $prefix = $::XCATSITEVALS{autoulaprefix};
$suffix =~ /(..):(..:..):(..:..):(..)/;
my $leadbyte = $1;
my $mask = ((hex($leadbyte) & 2) ^ 2);
if ($mask) {
$leadbyte = hex($leadbyte) | $mask;
} else {
$leadbyte = hex($leadbyte) & 0xfd; #mask out the one bit
}
$suffix = sprintf("%02x$2ff:fe$3$4",$leadbyte);
return $prefix.$suffix;
}
sub machinepassword {
my %funargs = @_;
if ($lastmachinepassdata->{password}) { #note, this should only happen after another call
#to subvars that does *not* request reuse
#the issue being avoiding reuse in the installmonitor case
#subvars function clears this if appropriate
if ($funargs{wantref}) {
return $lastmachinepassdata;
}
return $lastmachinepassdata->{password};
}
my $passdata;
my $domaintab = xCAT::Table->new('domain');
$ENV{HOME}='/etc/xcat';
$ENV{LDAPRC}='ad.ldaprc';
my $ou;
my $domain;
if ($domaintab) {
my $ouent = $domaintab->getNodeAttribs($node,['ou','authdomain'],prefetchcache=>1);
if ($ouent and $ouent->{ou}) {
$ou = $ouent->{ou};
}
if ($ouent and $ouent->{authdomain}) {
$domain = $ouent->{authdomain};
}
}
$passdata->{ou}=$ou;
#my $sitetab = xCAT::Table->new('site');
#unless ($sitetab) {
# return "ERROR: unable to open site table";
#}
#(my $et) = $sitetab->getAttribs({key=>"domain"},'value');
unless ($domain) {
my @domains = xCAT::TableUtils->get_site_attribute("domain");
my $tmp = $domains[0];
if (defined($tmp)) {
$domain = $tmp;
} else {
return "ERROR: no domain set in site table or in domain.authdomain for $node";
}
}
$passdata->{domain}=$domain;
my $realm = uc($domain);
$realm =~ s/\.$//;
$realm =~ s/^\.//;
$ENV{KRB5CCNAME}="/tmp/xcat/krbcache.$realm.$$";
unless ($loggedrealms{$realm}) {
my $passtab = xCAT::Table->new('passwd',-create=>0);
unless ($passtab) { sendmsg([1,"Error authenticating to Active Directory"],$node); return; }
my @adpents = $passtab->getAttribs({key=>'activedirectory'},['username','password','authdomain']);
my $adpent;
my $username;
my $password;
foreach $adpent (@adpents) {
if ($adpent and $adpent->{authdomain} and $adpent->{authdomain} ne $domain) { next; }
if ($adpent and $adpent->{username} and $adpent->{password}) {
$username = $adpent->{username};
$password = $adpent->{password};
last;
}
}
unless ($username and $password) {
return "ERROR: activedirectory entry missing from passwd table";
}
my $err = xCAT::ADUtils::krb_login(username=>$adpent->{username},password=>$adpent->{password},realm=>$realm);
if ($err) {
return "ERROR: authenticating to Active Directory";
}
$loggedrealms{$realm}=1;
}
#my $server = $sitetab->getAttribs({key=>'directoryserver'},['value']);
my $server;
my @servers = xCAT::TableUtils->get_site_attribute("directoryserver");
my $tmp = $servers[0];
if (defined($tmp)) {
$server = $tmp;
} else {
$server = '';
if ($netdnssupport) {
my $res = Net::DNS::Resolver->new;
my $query = $res->query("_ldap._tcp.$domain","SRV");
if ($query) {
foreach my $srec ($query->answer) {
$server = $srec->{target};
}
}
}
unless ($server) {
sendmsg([1,"Unable to determine a directory server to communicate with, try site.directoryserver"]);
return;
}
}
$passdata->{dc} = $server;
my %args = (
node => $node,
dnsdomain => $domain,
directoryserver => $server,
changepassondupe => 1,
);
if ($ou) { $args{ou} = $ou };
my $data = xCAT::ADUtils::add_host_account(%args);
if ($data->{error}) {
return "ERROR: ".$data->{error};
} else {
$passdata->{password}=$data->{password};
$lastmachinepassdata=$passdata;
if ($funargs{wantref}) {
return $passdata;
}
return $data->{password};
}
}
sub includefile
{
my $file = shift;
my $special=shift;
my $pkglist=shift; #1 means package list,
#2 means pattern list, pattern list starts with @,
#3 means remove package list, packages to be removed start with -.
my $text = "";
unless ($file =~ /^\//) {
$file = $idir."/".$file;
}
open(INCLUDE,$file) || return "#INCLUDEBAD:cannot open $file#";
my $pkgb = "";
my $pkge = "";
if ($pkglist) {
if ($pkglist == 2) {
$pkgb = "<pattern>";
$pkge = "</pattern>";
} else {
$pkgb = "<package>";
$pkge = "</package>";
}
}
while(<INCLUDE>) {
if ($pkglist == 1) {
s/#INCLUDE:/#INCLUDE_PKGLIST:/;
} elsif ($pkglist == 2) {
s/#INCLUDE:/#INCLUDE_PTRNLIST:/;
} elsif ($pkglist == 3) {
s/#INCLUDE:/#INCLUDE_RMPKGLIST:/;
}
if (( $_ =~ /^\s*#/ ) || ( $_ =~ /^\s*$/ )) {
$text .= "$_";
} else {
my $tmp=$_;
chomp($tmp); #remove return char
$tmp =~ s/\s*$//; #removes trailing spaces
next if (($pkglist == 1) && (($tmp=~/^\s*@/) || ($tmp=~/^\s*-/))); #for packge list, do not include the lines start with @
if ($pkglist == 2) { #for pattern list, only include the lines start with @
if ($tmp =~/^\s*@(.*)/) {
$tmp=$1;
$tmp =~s/^\s*//; #removes leading spaces
} else { next; }
} elsif ($pkglist == 3) { #for rmpkg list, only include the lines start with -
if ($tmp =~/^\s*-(.*)/) {
$tmp=$1;
$tmp =~s/^\s*//; #removes leading spaces
} else { next; }
}
$text .= "$pkgb$tmp$pkge\n";
}
}
close(INCLUDE);
if ($special) {
$text =~ s/\$/\\\$/g;
$text =~ s/`/\\`/g;
}
chomp($text);
return($text);
}
sub command
{
my $command = shift;
my $r;
# if(($r = `$command`) == 0) {
# chomp($r);
# return($r);
# }
# else {
# return("#$command: failed $r#");
# }
$r = `$command`;
chomp($r);
return($r);
}
sub envvar
{
my $envvar = shift;
if($envvar =~ /^\$/) {
$envvar =~ s/^\$//;
}
return($ENV{$envvar});
}
sub genpassword {
#Generate a pseudo-random password of specified length
my $length = shift;
my $password='';
my $characters= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890';
srand; #have to reseed, rand is not rand otherwise
while (length($password) < $length) {
$password .= substr($characters,int(rand 63),1);
}
return $password;
}
sub crydb
{
my $result = tabdb(@_);
# 1 - MD5, 5 - SHA256, 6 - SHA512
unless (($result =~ /^\$1\$/) || ($result =~ /^\$5\$/) || ($result =~ /^\$6\$/)) {
$result = crypt($result,'$1$'.genpassword(8));
}
return $result;
}
sub tabdb
{
my $table = shift;
my $key = shift;
my $field = shift;
my $blankok = shift;
if( %::GLOBAL_TAB_HASH && defined( $::GLOBAL_TAB_HASH{$table} ) ) {
if( !defined( $::GLOBAL_TAB_HASH{$table}{$key}) ) {
return "''";
}
if( defined($::GLOBAL_TAB_HASH{$table}{$key}{$field}) ) {
return "'".$::GLOBAL_TAB_HASH{$table}{$key}{$field}."'";
} else {
return "''";
}
}
my $tabh = xCAT::Table->new($table);
unless ($tabh) {
$tmplerr="Unable to open table named $table";
if ($table =~ /\.tab/) {
$tmplerr .= " (.tab should not be specified as part of the table name in xCAT 2, as seems to be the case here)";
}
return "";
}
my $ent;
my $bynode=0;
if ($key eq "THISNODE" or $key eq '$NODE') {
$ent = $tabh->getNodeAttribs($node,[$field]);
$key="node=$node";
} else {
my %kp;
foreach (split /,/,$key) {
my $key;
my $val;
if ($_ eq 'THISNODE' or $_ eq '$NODE') {
$bynode=1;
} else {
($key,$val) = split /=/,$_;
$kp{$key}=$val;
}
}
if ($bynode) {
my @ents = $tabh->getNodeAttribs($node,[keys %kp,$field]);
my $tent; #Temporary ent
TENT: foreach $tent (@ents) {
foreach (keys %kp) {
unless ($kp{$_} eq $tent->{$_}) {
next TENT;
}
} #If still here, we found it
$ent = $tent;
}
} else {
($ent) = $tabh->getAttribs(\%kp,$field);
}
}
$tabh->close;
unless($ent and defined($ent->{$field})) {
unless ($blankok) {
if ($field eq "xcatmaster") {
my $ipfn = xCAT::NetworkUtils->my_ip_facing($node);
if ($ipfn) {
return $ipfn;
}
}
#$tmplerr="Unable to find requested $field from $table, with $key";
my $rep=get_replacement($table,$key,$field);
if ($rep) {
return tabdb($rep->[0], $rep->[1], $rep->[2]);
} else {
$tmplerr="Unable to find requested $field from $table, with $key"
}
}
return "";
#return "#TABLEBAD:$table:field $field not found#";
}
return $ent->{$field};
#if($key =~ /^\$/) {
# $key =~ s/^\$//;
# $key = $ENV{$key};
#}
#if($field =~ /^\$/) {
# $field =~ s/^\$//;
# $field = $ENV{$field};
#}
#if($field == '*') {
# $field = 1;
# $all = 1;
#}
#--$field;
#if($field < 0) {
# return "#TABLE:field not found#"
#}
#open(TAB,$table) || \
# return "#TABLE:cannot open $table#";
#while(<TAB>) {
# if(/^$key(\t|,| )/) {
# m/^$key(\t|,| )+(.*)/;
# if($all == 1) {
# return "$2";
# }
# @fields = split(',',$2);
# if(defined $fields[$field]) {
# return "$fields[$field]";
# }
# else {
# return "#TABLE:field not found#"
# }
# }
#}
#close(TAB);
#return "#TABLE:key not found#"
}
sub get_replacement {
my $table=shift;
my $key=shift;
my $field=shift;
my $rep;
if (exists($tab_replacement{"$table:$field"})) {
my $repstr=$tab_replacement{"$table:$field"};
if ($repstr) {
my @a=split(':', $repstr);
if (@a > 2) {
$rep=\@a;
} else {
$rep->[0]=$a[0];
$rep->[1]=$key;
$rep->[2]=$a[1];
}
}
}
return $rep;
}
# This routine is used in the creation of the mypostscript file and is defined
# in /opt/xcat/share/xcat/templates/mypostcript/mypostscript.tmpl
# It cannot be moved to another perl library, due to migration problems.
#
sub enablesshbetweennodes
{
my $node = shift;
my $result;
my $enablessh=xCAT::TableUtils->enablessh($node);
if ($enablessh == 1) {
$result = "'YES'";
} else {
$result = "'NO'";
}
return $result;
}
1;