diff options
author | Bernard Ogden <bernie.ogden@linaro.org> | 2016-03-07 10:57:30 +0000 |
---|---|---|
committer | Bernard Ogden <bernie.ogden@linaro.org> | 2016-03-07 10:57:30 +0000 |
commit | 292279ad970334ce84054a89a1f5a3bb133b165c (patch) | |
tree | 36dec24567dac646ebe7e2e79bc35678d7d63eba |
hold: a hacking session with an extreme timeout
Useful for keeping specific boards out of the pool.
Change-Id: Ifb3657843a3fbf2f2cc11bb3fbbe650b67515c12
-rw-r--r-- | hacking-session-debian.yaml | 17 | ||||
-rwxr-xr-x | invoke_session_debian | 109 | ||||
-rwxr-xr-x | setup_session_debian | 46 | ||||
-rwxr-xr-x | stop_hacking_debian | 4 |
4 files changed, 176 insertions, 0 deletions
diff --git a/hacking-session-debian.yaml b/hacking-session-debian.yaml new file mode 100644 index 0000000..7898113 --- /dev/null +++ b/hacking-session-debian.yaml @@ -0,0 +1,17 @@ +metadata: + name: hacking-session-debian + format: "Lava-Test-Shell Test Definition 1.0" + description: "SSH Hacking Session" + version: 1.0 + +params: + PUB_KEY: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzlCPpuwMRSXZNq4Mut/GuitOhEturcsl9X1iNjOMGZXbtfBC8TCSXqotkziuYXpej1FCdXn3FEQsVw6Mw3I9Wq1p9okkgzVdsNzHAIob8ras/e9kOeJZGY5gSGBYf3t1MubAyaa033MJ+e3NRC4sbUmeeN3d9PD+Wc9QC3en9qfSpm6hh9EFHOHOjFk5+W0YZ83AL1PgalqL/hCN2/p9a8S1fsfDkfTgEh1XFIOiLds0fNzzmyXepxuA1n696iuSFMCIwmNcCfwRwRgt012UPgZu3avegYbDyijk8EtgFBuEA5OvX91BTHmaSjicsD9nJN63ms88l9OZMeTlPVjkD" + +install: + deps: + - openssh-server + - wget +run: + steps: + - ./setup_session_debian "$PUB_KEY" + - ./invoke_session_debian "$GATEWAY" diff --git a/invoke_session_debian b/invoke_session_debian new file mode 100755 index 0000000..4651dd9 --- /dev/null +++ b/invoke_session_debian @@ -0,0 +1,109 @@ +#!/bin/bash +# Usage ./invoke_session <gateway> + +# If gateway isn't set we will guess it based on the default route +if [ -z "$1" ]; then + gateway=`ip route get 8.8.8.8 | grep via | cut -d ' ' -f3` +else + gateway=$1 +fi + +echo "Target's Gateway: $gateway" + +if ! grep 'invoke_session' /etc/rc.local +then + sed -i '/bin/a invoke_session &' /etc/rc.local +fi + +# Obtain target IP and Hostname +ip_addr=$(ifconfig `ip route get $gateway | cut -d ' ' -f3` | grep 'inet addr' |awk -F: '{split($2,a," "); print a[1] }') +hostname=$(cat /etc/hostname) + +# Set the PATH to use the LAVA api +echo "export PATH=/lava/bin/:$PATH" > ~/.bashrc + +# Are we running under sudo for the real user? +if [ -z "${SUDO_USER}" ]; then + REAL_USER=${USER} +else + REAL_USER=${SUDO_USER} +fi + +SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ${REAL_USER}@${ip_addr}" +echo "*******************************************************************************************************" +echo "* REAL_USER=${REAL_USER}, USER=${USER}, SUDO_USER=${SUDO_USER}" +echo "Please connect to: ${SSH_COMMAND} for access to (${hostname})" +echo "*******************************************************************************************************" +echo "" + +cat <<EOF > ~/.bash_logout +if [ $(who |egrep 'pts\/[0-9]+' |wc -l) -eq 1 ]; then + lava-test-case hacking-stopped-logout --result pass + stop_hacking +fi +EOF + +IRC_AVAILABLE=false +if [ ! -z "${IRC_USER}" ]; then + if apt-get install -qq python-irc; then + IRC_AVAILABLE=true + TMP_IRC_USER=hs-${RANDOM} + # make a unique user + cat <<EOF | python /usr/share/doc/python-irc/examples/irccat2.py ${IRC_SERVER} ${TMP_IRC_USER} ${IRC_USER} +Your hacking session is now ready +Please connect to: +${SSH_COMMAND} +EOF + fi +fi +if [ ! -z "${NOTIFY_URL}" ]; then + if apt-get install -qq wget; then + wget -O - "${NOTIFY_URL}?ssh=${ip_addr}" + fi +fi +echo "" +mkdir -p /run +mkdir -p /run/hacking +echo $$ > /run/hacking/hacking.pid +TIMESTAMP=`stat -c %Y /run/hacking/hacking.pid` +STARTED=false +TERMINATED=false +echo "Hacking session active..." +lava-test-case hacking-session-active --result pass +tail -f /var/log/syslog & +echo $! > /run/hacking/tail.pid +while [ -f /run/hacking/hacking.pid ] +do + date + echo "====================" + who + echo "====================" + echo "" + sleep 10 + LOGGEDIN=`who | grep pts | wc -l` + if ! $STARTED && [ $LOGGEDIN -gt 0 ]; then + STARTED=true + elif ! $STARTED && [ $LOGGEDIN -eq 0 ]; then + NOW=`date +%s` + ELAPSED=`expr $NOW - $TIMESTAMP` + if [ $ELAPSED -gt 619200 ]; then + echo "No user logged in. Terminating session..." + TERMINATED=true + if ${IRC_AVAILABLE}; then + # make a unique user + cat <<EOF | python /usr/share/doc/python-irc/examples/irccat2.py ${IRC_SERVER} ${TMP_IRC_USER} ${IRC_USER} +Your hacking session was terminated due to inactivity +There was no user logged in for ${ELAPSED} seconds. +EOF + fi + lava-test-case hacking-session-terminated --result fail --measurement ${ELAPSED} --units seconds + stop_hacking + fi + fi +done +echo "Hacking session ended..." +kill `cat /run/hacking/tail.pid` +rm /run/hacking/tail.pid +if ! ${TERMINATED}; then + lava-test-case hacking-session-terminated --result pass +fi diff --git a/setup_session_debian b/setup_session_debian new file mode 100755 index 0000000..f96553c --- /dev/null +++ b/setup_session_debian @@ -0,0 +1,46 @@ +#!/bin/bash +# Usage ./setup_session <pub_key> + +chmod a+x stop_hacking_debian +cp stop_hacking_debian /bin/stop_hacking +chmod a+x continue_hacking +cp continue_hacking /bin/continue_hacking +chmod a+x invoke_session_debian +cp invoke_session_debian /bin/invoke_session + +if [ $# -ne 1 ]; then + lava-test-case public-key-installed --result fail + exit 1 +fi + +mkdir -p ~/.ssh/ +echo $1 >> ~/.ssh/authorized_keys +if [ $? -ne 0 ]; then + lava-test-case public-key-installed --result fail +fi +chmod 0600 ~/.ssh/authorized_keys +echo "Public Key Installed: $1" +lava-test-case public-key-installed --result pass + +# Account for running under sudo +if [ ! -z "${SUDO_USER}" ]; then + echo "Fixing up ${HOME}/.ssh permissions to ${SUDO_USER}:${SUDO_GID}" + chown -R ${SUDO_USER}:${SUDO_GID} ${HOME}/.ssh +fi + +grep -P "^LogLevel" /etc/ssh/sshd_config +if [ $? -eq 0 ]; then + sed -i "s/^LogLevel\ [A-Z]\+/LogLevel\ DEBUG/g" /etc/ssh/sshd_config +else + echo "LogLevel DEBUG" >> /etc/ssh/sshd_config +fi + +/etc/init.d/ssh restart +echo "sshd re-started" +if [ $? -eq 0 ]; then + lava-test-case sshd-restart --result pass + echo "sshd re-started" +else + lava-test-case sshd-restart --result fail + echo "sshd re-start failed" +fi diff --git a/stop_hacking_debian b/stop_hacking_debian new file mode 100755 index 0000000..3c97348 --- /dev/null +++ b/stop_hacking_debian @@ -0,0 +1,4 @@ +#!/bin/bash +rm /run/hacking/hacking.pid +rm ~/.ssh/authorized_keys +/etc/init.d/ssh stop |