forked from geertu/board-fram
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfram
executable file
·416 lines (343 loc) · 7.5 KB
/
fram
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
#!/bin/bash
# Board FRAM - Board Farm Remote Access Management
set -e
# Prevent local file globbing expansion
set -f
PATH="$HOME/bin:/usr/bin:/bin"
BOARD=$USER
USER=$1
function log()
{
echo "$(date +'%F %T') $BOARD $USER $*" >> fram.log
echo "$(date +'%F %T') $BOARD $USER $*" >> /tmp/fram.log
}
# Log access early
log "$SSH_ORIGINAL_COMMAND"
FRAM=$0
FRAMDIR=$(dirname $0)
if [ -d $FRAMDIR/.git ]; then
FRAMVER="version:$(git -C $FRAMDIR describe --always)"
FRAMVER=$FRAMVER-$(git -C $FRAMDIR log --oneline | wc -l)
fi
function usage()
{
# User commands help
cat <<END
Board FRAM - The Board Farm Remote Access Manager $FRAMVER
Valid commands are:
help This usage information
END
type "acc-$BOARD-on" >& /dev/null && cat <<END
acc [on|off|status*] Control board accessory switch
END
if type "power-$BOARD-sample" >& /dev/null; then
sample="|sample"
else
filler=" "
fi
cat <<END
console Access the board console (use "ssh -t")
lock Lock a board for exclusive access
steal Force release then immediately lock as new user
ls List the TFTP directory contents
power [on|off$sample|status*]$filler Control board power
release Release a board lock
reset Reset board
rsync Upload files to TFTP directory (use rsync)
status Show board status
ssh-proxy Open a netcat proxy path to the target
END
type "ssh-$BOARD" >& /dev/null && cat <<END
ssh SSH directly to the target
END
type "wake-$BOARD" >& /dev/null && cat <<END
wake Wake board by key
END
grep -q "\s$BOARD$" /etc/ethers && cat <<END
wol Wake board through Wake-on-LAN
END
cat <<END
Options marked with an asterisk are the default
END
# Admin commands help
test "$ADMIN" == "true" && cat <<END
Valid admin commands are:
logs View and monitor the logs
all-logs View and monitor the logs of all boards
shell Launch a shell (use "ssh -t")
release Release a board from any lock
END
# Show board-specific information, if available
test -f "$BOARD.txt" && cat "$BOARD.txt"
exit 0
}
# Load board-specific definitions, if available
test -f "$BOARD.cfg" && source "$BOARD.cfg"
# Initialise defaults
TFTP_ROOT=${TFTP_ROOT:-/var/lib/tftpboot}
# Handle board locking
LOCKFILE=${LOCKFILE:-/var/run/user/$UID/.$BOARD.lockfile}
LOCK_HOLD_TIME=${LOCK_HOLD_TIME:-3600} # seconds
function take_lock()
{
echo $USER > $LOCKFILE
}
function report_lock()
{
if [[ ! -e $LOCKFILE ]]; then
echo "Board is unlocked"
return 0
fi
LOCK_TIME="$(date -r $LOCKFILE +%s)"
LOCKUSER=$(< $LOCKFILE)
UNLOCK_TIME=$((LOCK_TIME + LOCK_HOLD_TIME))
# Lock expired
if [[ $UNLOCK_TIME < $(date +%s) ]];
then
echo "Board is unlocked. Last used by $LOCKUSER at $(date --date @$LOCK_TIME +%c)"
return 0
fi
echo "Board is in use by $LOCKUSER until $(date --date @$UNLOCK_TIME +%c)"
}
function check_lock()
{
# No lock, no problem.
if [[ ! -e $LOCKFILE ]]; then
set -C; set +e
take_lock
set +C; set -e
fi
LOCK_TIME="$(date -r $LOCKFILE +%s)"
LOCKUSER=$(< $LOCKFILE)
# Have lock, no problem.
if [[ "$LOCKUSER" == "$USER" ]]; then
# Refresh the timestamp
take_lock
return 0
fi
UNLOCK_TIME=$((LOCK_TIME + LOCK_HOLD_TIME))
# Lock expired
if [[ $UNLOCK_TIME < $(date +%s) ]];
then
echo "Board lock released from $LOCKUSER, and now owned by $USER"
take_lock
return 0
fi
# Lock not expired. Call rejected
echo -n "Operation denied: "; report_lock
echo "$(date +'%F %T') $BOARD $USER REJECTED: Board locked by $LOCKUSER" >> fram.log
exit 13 ## -EACCES - Permission Denied
}
# Admin commands must be enabled explicitly by setting ADMIN_USERS
ADMIN=false
for admin in "${ADMIN_USERS[@]}"; do
if [ "$USER" == "$admin" ]; then
ADMIN=true
break
fi
done
# Handle help and welcome early, as they do not need locking
case "$SSH_ORIGINAL_COMMAND" in
help)
usage
;;
"")
# Welcome banner
if [ "$ADMIN" == "true" ]; then
echo "Welcome master $USER, your wish is my command"
else
echo "Welcome $USER"
fi
exit 0
esac
# Admin commands
if [ "$ADMIN" == "true" ]; then
case "$SSH_ORIGINAL_COMMAND" in
logs)
tail -f fram.log
exit;
;;
all-logs)
tail -f /tmp/fram.log
exit;
;;
shell)
exec /bin/bash -l
;;
release)
report_lock
rm -f $LOCKFILE
echo "Lock released"
exit 0
;;
scp*)
$SSH_ORIGINAL_COMMAND
exit 0
;;
esac
fi
# User commands
function parseCommand() {
case "$1" in
acc)
check_lock
# Optional
if type "acc-$BOARD-on" >& /dev/null; then
case "$2" in
on|1)
"acc-$BOARD-on"
exit 0
;;
off|0)
"acc-$BOARD-off"
exit 0
;;
status|*)
"acc-$BOARD-status"
exit 0
;;
esac
fi
;;& # fallthrough
console)
"screen-$BOARD"
exit 0
;;
lock)
report_lock
check_lock
take_lock
echo -n "Lock granted: "; report_lock
exit 0
;;
steal)
report_lock
take_lock
echo -n "Board lock stolen: "; report_lock
exit 0
;;
ls)
exec ls -lAh "$TFTP_ROOT/$BOARD"
;;
power)
case "$2" in
on|1)
check_lock
"power-$BOARD-on"
exit 0
;;
off|0)
check_lock
"power-$BOARD-off"
exit 0
;;
sample)
# Optional
type "power-$BOARD-sample" >& /dev/null && { "power-$BOARD-sample"; exit 0; }
;;
status|*)
"power-$BOARD-status"
exit 0
;;
esac
;;& # fallthrough
release)
check_lock
rm $LOCKFILE
exit 0
;;
reset)
check_lock
"reset-$BOARD"
exit 0
;;
pwd)
echo "/"
;;
rsync*)
# Silence check_lock output to prevent breaking rsync. Ideally
# we should report back failures through the RSync MOTD.
check_lock >> /dev/null ## Silent operation
export SSH_ORIGINAL_COMMAND
if [[ $SSH_ORIGINAL_COMMAND =~ .*nfs ]] ; then
mkdir -p /opt/root/$BOARD
exec /usr/bin/rrsync "/opt/root/$BOARD"
else
exec /usr/bin/rrsync "$TFTP_ROOT/$BOARD"
fi
;;
scp)
shift;
case "$1" in
-t) shift; scp -t "$TFTP_ROOT/$BOARD"/"$*"; ;;
*) echo "Not supported?" ;;
esac
;;
status)
# Report the board lock status
report_lock
# Show board status
power=$("power-$BOARD-status")
if [ "$power" == "1" ]; then
power=on
else
power=off
fi
status="power: $power"
# Optional
if type "acc-$BOARD-status" >& /dev/null; then
acc=$("acc-$BOARD-status")
if [ "$acc" == "1" ]; then
acc=on
else
acc=off
fi
status="$status / acc: $acc"
fi
echo "$status"
exit 0
;;
ssh-proxy)
nc $BOARD_IP 22
;;
wait-for-ssh)
# Allow the visual spinner updates to be disabled
if [ "$1" = "-s" ]; then
silent=true
shift
fi
i=0
spin='-\|/'
$silent echo -n "Waiting for $BOARD: "
until nc -zq 1 $BOARD_IP 22 2>/dev/null; do
i=$(( (i+1) % 4 ))
$slient printf "\b${spin:$i:1}"
sleep 1
done
$silent echo ""
;;
ssh)
shift;
if type "ssh-$BOARD" >& /dev/null; then
ssh-$BOARD "$@"
else
echo "SSH is not supported on this board currently"
fi
;;
wake)
check_lock
# Optional
type "wake-$BOARD" >& /dev/null && { "wake-$BOARD"; exit 0; }
;;& # fallthrough
wol)
check_lock
# Optional
grep -q "\s$BOARD$" /etc/ethers && exec wakeonlan "$BOARD"
;;& # fallthrough
*)
echo "Unknown command $SSH_ORIGINAL_COMMAND"
usage
;;
esac
}
parseCommand $SSH_ORIGINAL_COMMAND