#!/bin/sh # shellcheck source=../lib/load-configuration . "${0%/*}/../lib/load-configuration" # shellcheck disable=SC2016 usage() { >&2 echo '' >&2 echo 'manage-slaves $action [parameters]: manage the list of build slaves' >&2 echo '' >&2 echo 'possible actions:' >&2 echo ' add $name $owner $ssh-key-fingerprint' >&2 echo ' disable $name' >&2 echo ' enable $name' exit 1 } if [ $# -eq 0 ]; then usage fi if errors=$( printf '%s\n' "$@" | \ grep -vx '[-0-9a-zA-Z=+/]\+' ); then >&2 echo 'The following parameters contain invalid characters:' printf '%s\n' "${errors}" | \ sed ' s/^/"/ s/$/"/ ' >&2 usage fi case "$1" in 'add') shift if [ $# -ne 3 ]; then >&2 printf '"add" expects 3 parameters, %s were given\n' "$#" usage fi person_id=$( # shellcheck disable=SC2016 { printf 'SELECT `persons`.`id`' printf ' FROM `persons`' printf ' WHERE `persons`.`name`="%s"' \ "${2}" } | \ mysql_run_query ) if [ -z "${person_id}" ]; then >&2 printf 'Cannot find person "%s" in the database.\n' \ "${2}" usage fi duplicate=$( # shellcheck disable=SC2016 { printf 'SELECT CONCAT(' printf '"ssh-key: ",' printf '`ssh_keys`.`fingerprint`' printf ')' printf ' FROM `ssh_keys`' printf ' WHERE `ssh_keys`.`fingerprint`="%s";\n' \ "${3}" printf 'SELECT CONCAT(' printf '"build-slave: ",' printf '`build_slaves`.`name`' printf ')' printf ' FROM `build_slaves`' printf ' WHERE `build_slaves`.`name`="%s";\n' \ "${1}" } | \ mysql_run_query ) if [ -n "${duplicate}" ]; then >&2 printf 'Some entry already existed in the database:\n%s\n' \ "${duplicate}" usage fi # shellcheck disable=SC2016 { printf 'INSERT INTO `ssh_keys`(`owner`,`fingerprint`)' printf ' VALUES' printf ' (%s,"%s");\n' \ "${person_id}" \ "${3}" printf 'INSERT INTO `build_slaves`(' printf '`name`,' printf '`ssh_key`,' printf '`is_sane`,' printf '`access_allowed`' printf ') VALUES' printf '("%s",LAST_INSERT_ID(),1,1);\n' \ "${1}" } | \ mysql_run_query printf 'command="%s/bin/slave-build-connect %s" ssh-rsa %s %s@%s\n' \ "${base_dir}" \ "${1}" \ "${3}" \ "${2}" \ "${1}" >> \ ~/".ssh/authorized_keys" ;; 'disable'|'enable') action="${1}" shift if [ $# -ne 1 ]; then >&2 printf '"%s" expects one parameter, %s were given\n' \ "${action}" \ "$#" usage fi infos=$( # shellcheck disable=SC2016 { printf 'SELECT' printf ' `build_slaves`.`id`,' printf 'CONCAT(' printf '"command=\\\"%s/bin/slave-build-connect ",' \ "${base_dir}" printf '`build_slaves`.`name`,' printf '"\\\" ssh-rsa ",' printf '`ssh_keys`.`fingerprint`,' printf '" ",' printf '`persons`.`name`,' printf '"@",' printf '`build_slaves`.`name`' printf ')' printf ' FROM `build_slaves`' mysql_join_build_slaves_ssh_keys mysql_join_ssh_keys_persons printf ' WHERE `build_slaves`.`name`="%s"' \ "${1}" printf ' AND `build_slaves`.`access_allowed`=' if [ "${action}" = 'disable' ]; then printf 1 else printf 0 fi printf ';\n' } | \ mysql_run_query | \ tr '\t' ' ' ) if [ -z "${infos}" ]; then >&2 printf 'Cannot find build slave "%s" in the database to %s.\n' \ "${1}" \ "${action}" usage fi if [ "${action}" = 'disable' ]; then grep -vF "$( printf '%s\n' "${infos}" | \ sed ' s/^\S\+ // s/\s\+\S\+$// ' )" ~/".ssh/authorized_keys" | \ sponge ~/".ssh/authorized_keys" else printf '%s\n' "${infos}" | \ sed 's/^\S\+ //' >> \ ~/".ssh/authorized_keys" fi # shellcheck disable=SC2016 { printf 'UPDATE `build_slaves`' printf ' SET `build_slaves`.`access_allowed`=' if [ "${action}" = 'disable' ]; then printf 0 else printf 1 fi printf ' WHERE `build_slaves`.`id`=%s;\n' \ "${infos%% *}" } | \ mysql_run_query ;; *) >&2 printf 'unknown action "%s"\n' "$1" usage ;; esac