#!/usr/bin/env -S bash
API_BASE_URL=https://labmanager-api.edu-al.unipmn.it/api/1.0
MAX_RETRY=5
RETRY_DELAY=5
NORMAL_CONFIG_NAME=normale
DEBUG=0
# Sysadmin can override local vars here:
CONFFILE=/etc/default/labmanager
# Load configuration override if present:
if [ -e ${CONFFILE} ]; then
. ${CONFFILE}
fi
if [[ "-d" == "$2" ]]; then
DEBUG=1
fi
# execute a task and on fail execute it again MAX_RETRY times every RETRY_DELAY seconds
retry() {
local n=1
local max=$MAX_RETRY
local delay=$RETRY_DELAY
while true; do
"$@"
ret=$?
if [[ $ret == 0 ]]; then
return $ret
else
if [[ $n -lt $max ]]; then
((n++))
echo "Failed. Attempt $n/$max..." >&2
sleep $delay;
else
echo "Command failed after $n attempts." >&2
return $ret
fi
fi
done
}
debug() {
if [[ "${DEBUG}" == 1 ]]; then
echo >&2 "$@"
fi
}
# authenticate and get the token
getTokenJSON() {
# store the whole response with the status at the end
HTTP_RESPONSE=$(curl -s -k -w "HTTPSTATUS:%{http_code}" --max-time 10 -X POST -H "Content-Type: application/json" -d "{\"login\":\"guest\",\"pwd\":\"\"}" ${API_BASE_URL}/login)
ret=$?
if [[ $ret -ne 0 ]]; then
return $ret
fi
# extract the status
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
# check the status
if [[ $HTTP_STATUS -ne 200 ]]; then
return 1
else
# extract the body
HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g')
echo $HTTP_BODY
fi
}
# extract a value from a JSON structure
jsonValue() {
KEY=$1
num=$2
awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/\042'$KEY'\042/){print $(i+1)}}}' | tr -d '"' | sed -n ${num}p
}
stop() {
if [[ "$1" == "bootstop" ]]; then
echo "STOP esame-get-config-boot"
else
echo "STOP esame-get-config"
fi
}
# get configuration from WS
getConfigVars() {
echo "Authenticating to WS..."
TOKEN_JSON=`retry getTokenJSON`
if [[ "$TOKEN_JSON" == "" ]]; then
echo "Authentication failed!"
return 2
fi
TOKEN=`echo ${TOKEN_JSON} | jsonValue token 1`
MACHINE_NAME=`hostname`
echo "Getting machine configuration..."
MACHINE_JSON=`retry /usr/bin/curl -s -k --max-time 10 -H "Authorization: Bearer ${TOKEN}" -X GET ${API_BASE_URL}/machines/name/${MACHINE_NAME}`
MACHINE_ID=`echo $MACHINE_JSON | jsonValue id 1`
MACHINE_CONFIGS_ID=`echo $MACHINE_JSON | jsonValue configs_id 1`
CONFIG_NAME=`echo $MACHINE_JSON | jsonValue name 2`
EXAM_ID=`echo $MACHINE_JSON | jsonValue examid 1`
# web service returns "null" if there is no exam
# just set an empty string as value
if [[ "${EXAM_ID}" == "null" ]]; then
EXAM_ID=""
fi
if [[ "${CONFIG_NAME}" == "" ]]; then
echo "Error fetching machine configuration!"
return 1
fi
MACHINE_CONFIGS_ID_PREV=''
CONFIG_NAME_PREV=''
if [[ -e /local/config_name ]]
then
CONFIG_NAME_PREV=`cat /local/config_name`
fi
}
getConfigFile() {
echo "Downloading machine config file..."
# get configuration file
if [[ "${MACHINE_ID}" == "" ]]; then
echo "Error downloading config file (machine_id empty, maybe it is not in LabManager's DB)"
return 1
fi
retry /usr/bin/curl -s -k -o /local/esame-machine.conf --max-time 10 --header "Authorization: Bearer ${TOKEN}" -X GET ${API_BASE_URL}/machines/${MACHINE_ID}/configfile
ret=$?
if [[ $ret -ne 0 ]]; then
echo "Error downloading config file (ret=$ret)"
return 1
else
echo "Downloaded config file (ret=$ret)"
fi
}
getIpConfigFile() {
echo "Downloading machine iptables config file..."
# get ipconfig file
retry /usr/bin/curl -s -k -o /local/iptables --max-time 10 --header "Authorization: Bearer ${TOKEN}" -X GET ${API_BASE_URL}/machines/${MACHINE_ID}/ipconfigfile
ret=$?
if [[ $ret -ne 0 ]]; then
echo "Error downloading iptables config file (ret=$ret)"
return 1
else
echo "Downloaded iptables config file (ret=$ret)"
fi
}
updateCurrentConfigId() {
# Update this machine's current config id
HTTP_STATUS=`/usr/bin/curl -s -k -w "%{http_code}" -o /dev/null --max-time 10 -H "Content-Type: application/json" -H "Authorization: Bearer ${TOKEN}" \
-X PUT -d "{\"current_configs_id\":\"$MACHINE_CONFIGS_ID\"}" ${API_BASE_URL}/machines/${MACHINE_ID}/currentconfig`
if [[ $HTTP_STATUS -ne 200 ]]
then
echo "Error updating current config (http_status=$HTTP_STATUS)"
exit 1
else
echo "Updated current config (http_status=$HTTP_STATUS)"
fi
}
getConfig() {
getConfigVars
while [[ $? != 0 ]]; do
echo "Error fetching machine info!"
echo "If this is a new machine, did you add it into labmanager-admin?"
# to repeat until successful, just comment next line
return 1
sleep 30
getConfigVars
done
# back config files up
cp -f /local/esame-machine.conf /local/esame-machine.conf.prev >/dev/null 2>&1
cp -f /local/iptables /local/iptables.prev >/dev/null 2>&1
getConfigFile
if [[ $? != 0 ]]; then
echo "Error fetching machine config file!"
return 1
fi
getIpConfigFile
if [[ $? != 0 ]]; then
echo "Error fetching machine iptables file!"
return 1
fi
return 0
}
start() {
if [[ "$1" == "boot" ]]; then
echo "START esame-get-config-boot"
else
echo "START esame-get-config"
fi
getConfig
RESULT=$?
#echo "TOKEN_JSON: $TOKEN_JSON"
#echo "TOKEN: $TOKEN"
#echo "MACHINE_NAME: $MACHINE_NAME"
#echo "MACHINE_JSON: $MACHINE_JSON"
#echo "MACHINE_ID: $MACHINE_ID"
#echo "Exam ID: $EXAM_ID"
#echo "MACHINE_CONFIGS_ID: $MACHINE_CONFIGS_ID"
#echo "MACHINE_CONFIGS_ID_PREV: $MACHINE_CONFIGS_ID_PREV"
# any error?
if [[ $RESULT != 0 ]]; then
if [[ "$1" == "boot" ]]; then
echo "Fatal error(s): aborting esame and switching machine to normal state..."
# reset and remove exam configuration files
echo "$NORMAL_CONFIG_NAME" > /local/config_name
echo "" > /local/examid
#rm /local/esame-machine.conf >/dev/null 2>&1
#rm /local/esame-machine.conf.prev >/dev/null 2>&1
rm /local/iptables >/dev/null 2>&1
rm /local/iptables.prev >/dev/null 2>&1
rm /local/mk-homedir >/dev/null 2>&1
/usr/bin/systemctl start graphical.target && exit 0
fi
echo "Fatal error(s): missing or wrong web service reply, abort."
exit 1
fi
# extract systemd target name from configuration file
# default target on error/empty target
ESAME_TARGET="graphical"
RES_TARGET=`awk -F= -v key="ESAME_TARGET" '$1==key {print $2}' /local/esame-machine.conf | sed "s/\"//g"`
if [[ "${RES_TARGET}" != "" ]]; then
ESAME_TARGET=${RES_TARGET}
fi
# extract ESAME_USBGUARD from configuration file
ESAME_USB_GUARD=0
RES_USB_GUARD=`awk -F= -v key="ESAME_USB_GUARD" '$1==key {print $2}' /local/esame-machine.conf | sed "s/\"//g"`
if [[ "${RES_USB_GUARD}" != "" ]]; then
ESAME_USB_GUARD=${RES_USB_GUARD}
fi
# extract ESAME_AMQP from configuration file
ESAME_AMQP=0
RES_AMQP=`awk -F= -v key="ESAME_AMQP" '$1==key {print $2}' /local/esame-machine.conf | sed "s/\"//g"`
if [[ "${RES_AMQP}" != "" ]]; then
ESAME_AMQP=${RES_AMQP}
fi
if [[ -n "${CONFIG_NAME}" ]]; then
echo "Configuration: ${CONFIG_NAME}"
if [ "${EXAM_ID}" != "" ]; then
echo "Exam ID: ${EXAM_ID}"
fi
if [ "${ESAME_TARGET}" != "" ]; then
echo "Systemd Target: ${ESAME_TARGET}"
fi
fi
# the PC is already up and running
if [[ "$1" != "boot" ]]; then
# get current examid (if any)
EXAM_ID_CURRENT=""
if [[ -f /local/examid ]]; then
EXAM_ID_CURRENT=`cat /local/examid`
fi
# different examid?
if [[ "${EXAM_ID}" != "${EXAM_ID_CURRENT}" ]]; then
# reboot => normal
if [[ "${EXAM_ID}" == "" ]]; then
echo "Reboot to Normal!"
# reboot => exam
else
echo "Reboot to Exam (exam id: ${EXAM_ID})"
fi
/usr/bin/systemctl reboot
fi
else
# at boot time
# update config_name file
echo "${CONFIG_NAME}" > /local/config_name
# no exam
# if [[ "$CONFIG_NAME" == "$NORMAL_CONFIG_NAME" ]]; then
if [[ "${EXAM_ID}" == "" ]]; then
# remove some files used by exam mode
#rm /local/esame-machine.conf >/dev/null 2>&1
#rm /local/esame-machine.conf.prev >/dev/null 2>&1
rm /local/iptables >/dev/null 2>&1
rm /local/iptables.prev >/dev/null 2>&1
rm /local/mk-homedir >/dev/null 2>&1
rm /local/usbguard >/dev/null 2>&1
# this is just cleaned up
echo "" > /local/examid
else
# if the examid of the session before the boot is different,
# then clean the exam user home (if the profile requires it)
EXAM_ID_PREV=""
# if the exam is already started, get examid from file
if [[ -f /local/examid ]]; then
EXAM_ID_PREV=`cat /local/examid`
fi
# different examid?
if [[ "${EXAM_ID}" != "${EXAM_ID_PREV}" ]]; then
# update the file with the current examid
echo "${EXAM_ID}" > /local/examid
# clean home dir if requested by the profile
touch /local/mk-homedir
fi
if [[ ${ESAME_USB_GUARD} == 1 ]]; then
touch /local/usbguard
else
rm /local/usbguard >/dev/null 2>&1
fi
fi
# if we use AMQP server, just disable esame-get-config.timer
if [[ ${ESAME_AMQP} == 1 ]]; then
systemctl disable esame-get-config.timer
systemctl stop esame-get-config.timer
# otherwise, enable it
else
systemctl enable esame-get-config.timer
systemctl start esame-get-config.timer
fi
# choose the correct target
# we have just booted/rebooted, update the current configuration via web service
updateCurrentConfigId
systemctl start ${ESAME_TARGET}.target && exit 0
# case "$CONFIG_NAME" in
# $NORMAL_CONFIG_NAME) # normal
# systemctl start graphical.target && exit 0
# ;;
# 'kiosk-dir' | 'kiosk-dir-esami' | 'kiosk-escher' | 'kiosk-freebrowsing' | 'kiosk-teco') # kiosk mode
# systemctl start esamekiosk.target && exit 0
# ;;
# 'show') # show mode, an exam mode with no limitations on USB ports and network
# systemctl start esameshow.target && exit 0
# ;;
# *) # all full desktop exams
# systemctl start esame.target && exit 0
# ;;
# esac
fi
# Runtime parameters
if [[ "$CONFIG_NAME" != "$NORMAL_CONFIG_NAME" ]]; then
# check if parameters are changed
cmp --silent /local/esame-machine.conf /local/esame-machine.conf.prev
if [[ $? -ne 0 ]]; then
/usr/bin/systemctl daemon-reload
echo "Configuration parameters changed: restart some services... "
# restart some exam services
#echo -n "USB..."
#/usr/bin/systemctl restart esame-usb
#echo " done."
KIOSK_URL_CHANGED=$(diff /local/esame-machine.conf /local/esame-machine.conf.prev | grep ESAME_KIOSK_URL -c)
if [[ $KIOSK_URL_CHANGED -ne 0 ]]; then
echo -n "Firefox Home..."
FIREFOX_PID=$(pgrep firefox)
if [[ "${FIREFOX_PID}" != "" ]]; then
FIREFOX_USER=$(ps -o user= -p ${FIREFOX_PID})
rm -f /local/${FIREFOX_USER}/.mozilla/firefox/n3bac2sw.default-release/lock
pkill firefox
sleep 2
/usr/bin/systemctl restart esame-firefox-home
echo " done."
# no way to restart firefox, I must miss something :(
#echo -n "Restarting Firefox..."
#su - ${FIREFOX_USER} -c 'nohup /usr/bin/firefox --display=:0.0 &'
#echo " done."
else
/usr/bin/systemctl restart esame-firefox-home
echo " done."
fi
fi
# USBGuard
if [[ ${ESAME_USB_GUARD} == 1 ]]; then
touch /local/usbguard
/usr/bin/systemctl restart usbguard
else
rm /local/usbguard >/dev/null 2>&1
# this one will not work anyway, as it is applied by kernel,
# so it needs a reboot
/usr/bin/systemctl stop usbguard
fi
echo
echo "All done."
fi
fi
}
args=("$@")
case "$1" in
'bootstart')
start "boot"
;;
'bootstop')
stop "boot"
;;
'start')
start
;;
'stop')
stop
;;
'restart')
stop
start
;;
*)
echo "Usage: $0 { bootstart | bootstop | start | stop | restart }";
exit 1;
;;
esac
exit 0