#!/usr/bin/perl -w ############################################################################### # # # Copyright, 2006, Los Alamos National Security, LLC. # # # # This software was produced under a U.S. Government contract by Los Alamos # # National Laboratory, which is operated by Los Alamos National Security, # # LLC., under Contract No. DE-AC52-06NA25396 with the U.S. Department of # # Energy. # # # # The U.S. Government is licensed to use, reproduce, and distribute this # # software. Permission is granted to the public to copy and use this software # # without charge, provided that this Notice and any statement of authorship # # are reproduced on all copies. # # # # Neither the Government nor the Los Alamos National Security, LLC., makes # # any warranty, express or implied, or assumes any liability or # # responsibility for the use of this software. # # # ############################################################################### # =========================================================================== # # Filename $RCSfile: $ # Description LANL RHUS registration # OS Red Hat Enterprise Linux # Author Giacomo G. Brussino, Jimmy Devenport, Dave Kennel # Last updated by $Author: Jimmy Devenport$ # Contact csd-unix@lanl.gov # Notes # Release $Revision: 6.0.6$ # Modified Date $Date: 07 Nov 2007$ # =========================================================================== # use strict; use warnings; use diagnostics; use Getopt::Std; use LWP::Simple; use Net::LDAP; ### Prototypes: sub listsg(); sub verifyzn(); sub verifysg(); sub getsgnm(); sub getlocsid(); sub getsatsid(); sub gethn(); sub get_ts(); sub fixapplet(); if ($< gt '0') { print "\n\aThis script must be run as root!\n\n"; exit 1; } ### Get command line options: ### a : architecture ### b: bypass ESD license check ### c: check registration ### e : install extras ### f: force registration ### g : system group ### h: help ### l: list system groups ### n: fully qualified hostname ### p : product (WS | ES | AS) ### r : release (3 | 4) ### s : scheduled update via cron ### t: fix rhn-applet ### u : update ### v: print version ### x: proxy ### z : Z number getopts("bcfhltva:g:n:p:r:s:u:z:e:x:"); our ($opt_a, $opt_b, $opt_c, $opt_f, $opt_g, $opt_h, $opt_l, $opt_n, $opt_p, $opt_r, $opt_s, $opt_t, $opt_u, $opt_v, $opt_z, $opt_e, $opt_x); ### LOTS CUT BETWEEN HERE print " UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES ------------------------------------------------------------------------------- * downloading necessary files client_config_update.py...\n"; unlink("client_config_update.py"); $cmd = $FETCH . $HTTPS_PUB_DIRECTORY . "/client_config_update.py"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; print " $CLIENT_OVERRIDES...\n"; unlink($CLIENT_OVERRIDES); $cmd = $FETCH . $HTTPS_PUB_DIRECTORY . "/" . $CLIENT_OVERRIDES; system($cmd) == 0 or die "System command $cmd failed: $?\n"; if (! -e "client_config_update.py") { print "\nERROR: client_config_update.py was not downloaded\n\n"; exit 1; } if (! -e "$CLIENT_OVERRIDES") { print "\nERROR: $CLIENT_OVERRIDES was not downloaded\n\n"; exit 1; } # update CLIENT_OVERRIDES with proxy server my $default_server=$sat; # default... our $proxy_server=$default_server; if (defined($opt_x)) { $proxy_server=$opt_x; } if ($default_server ne $proxy_server) { print "* using proxy server $proxy_server \n"; my $cmd = "cat " . $CLIENT_OVERRIDES . " | sed 's:" . $default_server . ":" . $proxy_server . ":' > " . $CLIENT_OVERRIDES . ".new"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; $cmd = "mv " . $CLIENT_OVERRIDES . ".new " . $CLIENT_OVERRIDES; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } print "* running the update scripts\n"; if (-e "/etc/sysconfig/rhn/rhn_register") { print " . rhn_register config file\n"; $cmd = "/usr/bin/python -u client_config_update.py"; $cmd = $cmd . " /etc/sysconfig/rhn/rhn_register " . $CLIENT_OVERRIDES; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } print " . up2date config file\n"; $cmd = "/usr/bin/python -u client_config_update.py"; $cmd = $cmd . " /etc/sysconfig/rhn/up2date " . $CLIENT_OVERRIDES; system($cmd) == 0 or die "System command $cmd failed: $?\n"; unlink("client_config_update.py"); unlink($CLIENT_OVERRIDES); ### Get the major version of up2date my $rev = `/bin/rpm -q --queryformat '%{version}' up2date`; $rev =~ s/\..*//; print "* importing Red Hat Public key\n"; if ($rev eq '2') { $cmd = `/usr/bin/up2date --gpg-flags`; $cmd = "/usr/bin/gpg $cmd --import /usr/share/rhn/RPM-GPG-KEY"; } elsif ($REL eq '5') { $cmd = "/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"; } else { $cmd = "/bin/rpm --import /usr/share/rhn/RPM-GPG-KEY"; } system($cmd) == 0 or die "System command $cmd failed: $?\n"; if ($ORG_GPG_KEY ne '') { print "* importing organizational GPG keys\n"; unlink($ORG_GPG_KEY); $cmd = $FETCH . $HTTPS_PUB_DIRECTORY . "/" . $ORG_GPG_KEY; system($cmd) == 0 or die "System command $cmd failed: $?\n"; if ($rev eq '2') { $cmd = `/usr/bin/up2date --gpg-flags`; $cmd = "/usr/bin/gpg $cmd --import $ORG_GPG_KEY"; } else { $cmd = "/bin/rpm --import " . $ORG_GPG_KEY; } } system($cmd) == 0 or die "System command $cmd failed: $?\n"; unlink($ORG_GPG_KEY); print "* attempting to install corporate public CA cert\n"; if ($USING_SSL eq '1') { if ($ORG_CA_CERT_IS_RPM_YN eq '1') { if (-e "/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT") { $cmd = "/bin/rpm -e rhn-org-trusted-ssl-cert"; system($cmd); } $cmd = "/bin/rpm -Uvh " . $HTTP_PUB_DIRECTORY . "/" . $ORG_CA_CERT; system($cmd); } else { unlink($ORG_CA_CERT); $cmd = $FETCH . $HTTP_PUB_DIRECTORY . "/" . $ORG_CA_CERT; system($cmd) == 0 or die "System command $cmd failed: $?\n"; $cmd = "/bin/mv " . $ORG_CA_CERT . " /usr/share/rhn/"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } } print " REGISTRATION ------------------------------------------------------------------------------- "; if ($KEY eq '') { print "\n*** ERROR: no activation key found.\n\n"; exit 1; } if ($reg eq '1') { print "Forcing registration...\n"; if ($lsid ne '0') { ### Delete /etc/sysconfig/rhn/systemid unlink("/etc/sysconfig/rhn/systemid"); print "The file /etc/sysconfig/rhn/systemid has been removed.\n"; } if ($ssid ne '0') { ### Delete system from satellite server my $url = $rhusregcgi.'?method=deletesystem&ssid=' . $ssid; my $result = get($url); if ($result) { print "The system has been deleted from the satellite; it will be registered again.\n"; } } } print "* registering\n"; $cmd = "/usr/sbin/rhnreg_ks --activationkey " . $KEY; if (system($cmd) eq '0') { if (-e "/usr/local/sbin/csdreg") { print "CSD registration: LANL Red Hat Update Service...\n"; $cmd = "/usr/local/sbin/csdreg -p \"LANL Red Hat Update Service Registration 6.0\" -z $ZN"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } } else { if (-e "/usr/local/sbin/csdreg") { print "Error: RHUS registration failed.\n"; $HN = gethn(); my $ver = `rpm -qi LANL-rhusreg | grep Version | awk -F: '{ print \$2 }' | awk '{ print \$1 }'`; $cmd = "/usr/local/sbin/csdreg -e \"Error: rhusreg $ver failed: $? ... /usr/sbin/rhnreg_ks --activationkey $KEY on host $HN\""; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } } if ($sgid ne '') { ### Get System ID (local) $lsid = getlocsid(); ### Add to system group print "* adding to system group "; my $url = $rhusregcgi.'?method=setgroupmembership&lsid=' . $lsid.'&sgid='.$sgid; my $result = get($url); if (!$result) { print "System group assignment failed.\n\n"; exit 1; } $sgnm = getsgnm(); if ($sgnm ne "") { print "$sgnm\n"; } else { print "Default\n"; } } ### Set Profile Name if(defined($opt_n)) { print "* setting RHN profile to hostname: $HN"; my $url = $rhusregcgi.'?method=setprofilename&lsid=' . $lsid . '&hn=' . $HN; my $result = get($url); if (!$result) { print "Set profile name failed. Result: $result\n\n"; exit 1; } } ### Install rhncfg, rhncfg-client, rhncfg-actions if ($REL ne '5') { $cmd = "/usr/sbin/up2date rhncfg rhncfg-client rhncfg-actions "; system($cmd); fixapplet(); if ($ALLOW_CONFIG_ACTIONS eq 1) { print "* setting permissions to allow configuration management\n"; if (-e "/usr/bin/rhn-actions-control") { $cmd = "/usr/bin/rhn-actions-control --enable-all"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } else { print "Error setting permissions for configuration management. Please ensure that the activation key subscribes the system to the tools channel and up2date rhncfg-actions.\n\n"; exit 1; } } if (-e "/usr/bin/rhn-actions-control") { print "* setting permissions to allow or prevent remote commands\n"; if ($ALLOW_REMOTE_COMMANDS eq 1) { $cmd = "/usr/bin/rhn-actions-control --enable-run"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } else { $cmd = "/usr/bin/rhn-actions-control --disable-run"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } } else { print "Error setting permissions for remote commands. Please ensure that the activation key subscribes the system to the tools channel and up2date rhncfg-actions.\n\n"; exit 1; } } print " UPDATES ------------------------------------------------------------------------------- "; # check for existence of it first... if (-e "/var/spool/cron/root") { open ("CT","/var/spool/cron/root") or die "Cannot open root's crontab file for reading!\n"; my @ctlines=; if (grep /rhn_check/,@ctlines) { $SCHED=0; print "* crontab entry already present!\n"; } close CT; } else { print "* root's crontab doesn't exist yet... proceeding.\n"; } my $h = int(rand(5)); my $m = int(rand(59)); if ($SCHED) { open("CT", ">> /var/spool/cron/root") or die "Cannot open root's crontab file for appending!\n"; print "* adding crontab entry to check-in and install updates\n"; if ($REL eq '5') { print CT "$m $h * * * /usr/sbin/rhn_check > /dev/null 2>&1 && /usr/bin/yum --exclude=kernel* -y update > /dev/null 2>&1\n"; } else { print CT "$m $h * * * /usr/sbin/rhn_check > /dev/null 2>&1 && /usr/sbin/up2date -u > /dev/null 2>&1\n"; } close("CT"); } if ($FULLY_UPDATE_THIS_BOX) { if ($REL ne '5') { $cmd = "/usr/sbin/up2date up2date"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; $cmd = "/usr/sbin/up2date -p"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; print "* completely force updating the box, including ignored packages\n"; $cmd = "/usr/sbin/up2date -uf"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } else { print "* completely force updating the box, including ignored packages\n"; $cmd = "/usr/bin/yum -y update"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } } else { if ($REL ne '5') { print "* ensuring up2date itself is updated\n"; $cmd = "/usr/sbin/up2date up2date"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; $cmd = "/usr/sbin/up2date -p"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } else { print "* ensuring yum itself is updated\n"; $cmd = "/usr/bin/yum -y update yum"; system($cmd) == 0 or die "System command $cmd failed: $?\n"; } } ### NOT eof....