2 # ------------- Begin Post Install Functions -----------------
3 # These functions are included by various different installers.
5 # We assume that the following variables are defined in the main script:
6 # amanda_user: the amanda account username
7 # amanda_group: the amanda account's group
8 # AMANDAHOMEDIR: a directory to use as amanda's home
9 # dist: used on linux for the distro.
10 # install_log: a log file we append to
11 # os: Linux, Mac, Solaris, etc...
12 # SYSCONFDIR: location of system config files (ie, /etc)
13 # LOGDIR: logging directory for amanda
14 # encoder: either base64 or uuencode depending on the default for this platform
16 #TODO: gnutar-lists dir for solaris??
19 # Only needed on Solaris!
20 entry="amanda 10080/tcp # amanda backup services"
21 # make sure amanda is in /etc/services
22 if [ -z "`grep 'amanda' ${SYSCONFDIR}/services |grep '10080/tcp'`" ] ; then
23 logger "Adding amanda entry to ${SYSCONFDIR}/services."
24 echo "${entry}" >> ${SYSCONFDIR}/services
27 # make sure kamanda is in /etc/services
28 entry_2="amanda 10081/tcp famdc # amanda backup services (kerberos)"
29 if [ -z "`grep 'kamanda' /etc/services |grep '10081/tcp'`" ] ; then
30 logger "Adding kamanda entry to ${SYSCONFDIR}/services."
31 echo "${entry_2}" >> ${SYSCONFDIR}/services
36 logger "Creating ${AMANDATES}."
37 if [ ! -f ${AMANDATES} ] ; then
38 touch ${AMANDATES} || { logger "WARNING: Could not create Amandates." ; return 1; }
43 logger "Ensuring correct permissions for '${AMANDATES}'."
44 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDATES} || \
45 { logger "WARNING: Could not chown ${AMANDATES}" ; return 1; }
46 log_output_of chmod 0640 ${AMANDATES} || \
47 { logger "WARNING: Could not fix perms on ${AMANDATES}" ; return 1; }
48 if [ -x /sbin/restorecon ] ; then
49 log_output_of /sbin/restorecon ${AMANDATES} || \
50 { logger "WARNING: restorecon execution failed." ; return 1; }
55 # Install .gnupg directory
56 if [ ! -d ${AMANDAHOMEDIR}/.gnupg ] ; then
57 logger "Creating '${AMANDAHOMEDIR}/.gnupg'"
58 log_output_of mkdir ${AMANDAHOMEDIR}/.gnupg || \
59 { logger "WARNING: Could not create .gnupg dir" ; return 1; }
64 # Print $1 lines of random strings to stdout.
66 [ "$1" ] && [ $1 -gt 0 ] || \
67 { logger "Error: '$1' not valid number of lines" ; return 1 ; }
69 [ -f "${encoder}" ] || \
70 { logger "Warning: Encoder '${encoder}' was not found. Random passwords cannot be generated." ; return 1; }
72 # "foo" is a required parameter that we throw away.
73 *uuencode*) enc_cmd="${encoder} foo" ;;
74 *base64*) enc_cmd="${encoder}" ;;
76 # Uuencode leaves a header (and footer) line, but base64 does not.
77 # So we pad output with an extra line, and strip any trailing lines over
79 pad_lines=`expr $lines + 1`
80 # Increasing bs= is substantially faster than increasing count=.
81 # The number of bytes needed to start line wrapping is implementation
82 # specific. base64. 60b > 1 base64 encoded line for all versions tested.
83 block_size=`expr $pad_lines \* 60`
84 # Head -c is not portable.
85 dd bs=${block_size} count=1 if=/dev/urandom 2>/dev/null | \
89 { logger "Warning: Error generating random passphrase."; return 1; }
92 create_ampassphrase() {
93 # install am_passphrase file to server
94 logger "Checking '${AMANDAHOMEDIR}/.am_passphrase' file."
95 if [ ! -f ${AMANDAHOMEDIR}/.am_passphrase ] ; then
96 # Separate file creation from password creation to ease debugging.
97 logger "Creating '${AMANDAHOMEDIR}/.am_passphrase' file."
98 log_output_of touch ${AMANDAHOMEDIR}/.am_passphrase || \
99 { logger "WARNING: Could not create .am_passphrase." ; return 1; }
100 phrase=`get_random_lines 1` || return 1 # Error already logged
101 echo ${phrase} >>${AMANDAHOMEDIR}/.am_passphrase
103 logger "Info: ${AMANDAHOMEDIR}/.am_passphrase already exists."
105 # Fix permissions for both new or existing installations.
106 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.am_passphrase || \
107 { logger "WARNING: Could not chown .am_passphrase" ; return 1; }
108 log_output_of chmod 0600 ${AMANDAHOMEDIR}/.am_passphrase || \
109 { logger "WARNING: Could not fix permissions on .am_passphrase" ; return 1; }
113 [ -f ${AMANDAHOMEDIR}/.am_passphrase ] || \
114 { logger "Error: ${AMANDAHOMEDIR}/.am_passphrase is missing, can't create amcrypt key."; return 1; }
115 logger "Creating encryption key for amcrypt"
116 if [ ! -f ${AMANDAHOMEDIR}/.gnupg/am_key.gpg ]; then
117 # TODO: don't write this stuff to disk!
118 get_random_lines 50 >${AMANDAHOMEDIR}/.gnupg/am_key || return 1
119 exec 3<${AMANDAHOMEDIR}/.am_passphrase
120 # setting homedir prevents some errors, but creates a permissions
121 # warning. perms are fixed in check_gnupg.
122 log_output_of gpg --homedir ${AMANDAHOMEDIR}/.gnupg \
123 --no-permission-warning \
129 --output ${AMANDAHOMEDIR}/.gnupg/am_key.gpg \
130 ${AMANDAHOMEDIR}/.gnupg/am_key || \
131 { logger "WARNING: Error encrypting keys." ;
132 rm ${AMANDAHOMEDIR}/.gnupg/am_key;
134 # Be nice and clean up.
137 logger "Info: Encryption key '${AMANDAHOMEDIR}/.gnupg/am_key.gpg' already exists."
139 # Always try to delete unencrypted keys
140 rm -f ${AMANDAHOMEDIR}/.gnupg/am_key
144 logger "Ensuring correct permissions for '${AMANDAHOMEDIR}/.gnupg'."
145 log_output_of chown -R ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.gnupg || \
146 { logger "WARNING: Could not chown .gnupg dir." ; return 1; }
147 log_output_of chmod -R u=rwX,go= ${AMANDAHOMEDIR}/.gnupg || \
148 { logger "WARNING: Could not set permissions on .gnupg dir." ; return 1; }
149 # If am_key.gpg and .am_passphrase already existed, we should check
151 if [ -f ${AMANDAHOMEDIR}/.gnupg/am_key.gpg ] && [ -f ${AMANDAHOMEDIR}/.am_passphrase ]; then
152 exec 3<${AMANDAHOMEDIR}/.am_passphrase
153 # Perms warning will persist because we are not running as ${amanda_user}
154 log_output_of gpg --homedir ${AMANDAHOMEDIR}/.gnupg \
155 --no-permission-warning \
161 ${AMANDAHOMEDIR}/.gnupg/am_key.gpg || \
162 { logger "WARNING: .am_passphrase does not decrypt .gnupg/am_key.gpg.";
165 # Be nice and clean up.
170 create_amandahosts() {
171 # Install .amandahosts to server
172 if [ ! -f ${AMANDAHOMEDIR}/.amandahosts ] ; then
173 logger "Creating ${AMANDAHOMEDIR}/.amandahosts"
174 log_output_of touch ${AMANDAHOMEDIR}/.amandahosts || \
175 { logger "WARNING: Could not create .amandahosts file." ; return 1; }
179 check_amandahosts_entry() {
180 # Entries for client and server differ slightly
181 # $1 username (root, ${amanda_user})
182 # subsequent parameters are a list of programs to check (amindexd
183 # amidxtaped, or amdump)
184 logger "Checking '${AMANDAHOMEDIR}/.amandahosts' for '${@}' entries."
185 # Generate our grep expression
187 for prog in ${@} ; do
188 expr=${expr}"[[:blank:]]\+${prog}"
190 for host in localhost localhost.localdomain ; do
191 logger "Searching .amandahosts for ^${host}${expr}"
192 if `grep "^${host}${expr}" ${AMANDAHOMEDIR}/.amandahosts >> /dev/null` ; then
195 add_amandahosts_entry ${host} ${@}
200 add_amandahosts_entry() {
201 # Add entries to amandahosts.
202 # $@ is a fully formatted entry for amandahosts
203 logger "Appending '${@}' to amandahosts"
204 echo "${@}" >>${AMANDAHOMEDIR}/.amandahosts || \
205 { logger "WARNING: Could not append to .amandahosts" ; return 1; }
208 check_amandahosts_perms() {
209 logger "Ensuring correct permissions on .amandahosts"
210 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.amandahosts || \
211 { logger "WARNING: Could not chown .amandahosts." ; return 1; }
212 log_output_of chmod 0600 ${AMANDAHOMEDIR}/.amandahosts || \
213 { logger "WARNING: Could not fix permissions on .amandahosts" ; return 1; }
217 # SSH RSA key generation for amdump and amrecover
218 # $1 must be "server" or "client"
219 KEYDIR="${AMANDAHOMEDIR}/.ssh"
220 if [ $1 = "server" ] ; then
221 KEYFILE="id_rsa_amdump"
222 elif [ $1 = "client" ] ; then
223 KEYFILE="id_rsa_amrecover"
225 logger "Bad parameter to create_ssh_key" ; return 1
227 COMMENT="${amanda_user}@$1"
228 if [ ! -d ${KEYDIR} ] ; then
229 if [ -f ${KEYDIR} ] ; then
230 logger "Directory '${KEYDIR}' exists as a file. Renaming to '${KEYDIR}.save'."
231 log_output_of mv ${KEYDIR} ${KEYDIR}.save || \
232 { logger "WARNING: Could not backup old .ssh directory." ; return 1; }
234 logger "Creating directory '${KEYDIR}'."
235 log_output_of mkdir ${KEYDIR} || \
236 { logger "WARNING: Could not create .ssh dir." ; return 1; }
238 if [ ! -f ${KEYDIR}/${KEYFILE} ] ; then
239 logger "Creating ssh RSA key in '${KEYDIR}/${KEYFILE}'"
240 log_output_of ssh-keygen -q -C $COMMENT -t rsa -f ${KEYDIR}/${KEYFILE} -N '' || \
241 { logger "WARNING: Error generating ssh key" ; return 1; }
243 logger "Setting ownership and permissions for '${KEYDIR}' and '${KEYDIR}/${KEYFILE}*'"
244 log_output_of chown ${amanda_user}:${amanda_group} ${KEYDIR} ${KEYDIR}/${KEYFILE}* || \
245 { logger "WARNING: Could not chown one of ${KEYDIR} or ${KEYFILE}"; return 1; }
246 log_output_of chmod 0750 ${KEYDIR} || \
247 { logger "WARNING: Could not fix permissions on ${KEYDIR}"; return 1; }
248 log_output_of chmod 0600 ${KEYDIR}/${KEYFILE}* || \
249 { logger "WARNING: Could not fix permissions on ${KEYFILE}"; return 1; }
253 # environment variables (~${amanda_user}/.profile)
254 logger "Checking for '${AMANDAHOMEDIR}/.profile'."
255 if [ ! -f ${AMANDAHOMEDIR}/.profile ] ; then
256 log_output_of touch ${AMANDAHOMEDIR}/.profile || \
257 { logger "WARNING: Could not create .profile" ; return 1; }
262 logger "Checking for ${SBINDIR} in path statement."
263 if [ -z "`grep PATH.*${SBINDIR} ${AMANDAHOMEDIR}/.profile`" ] ; then
264 echo "PATH=\"\$PATH:${SBINDIR}\"" >>${AMANDAHOMEDIR}/.profile || \
265 { logger "WARNING: Could not append to .profile" ; return 1; }
266 echo "export PATH" >>${AMANDAHOMEDIR}/.profile
270 sun_paths=/opt/csw/bin:/usr/ucb
271 if [ -z "`grep PATH ${AMANDAHOMEDIR}/.profile | grep ${sun_paths}`" ] ; then
272 echo "PATH=\"$PATH:${SBINDIR}:${sun_paths}\"" >>${AMANDAHOMEDIR}/.profile
276 logger "Setting ownership and permissions for '${AMANDAHOMEDIR}/.profile'"
277 log_output_of chown ${amanda_user}:${amanda_group} ${AMANDAHOMEDIR}/.profile || \
278 { logger "WARNING: Could not chown .profile." ; return 1; }
279 log_output_of chmod 0640 ${AMANDAHOMEDIR}/.profile || \
280 { logger "WARNING: Could not fix permissions on .profile" ; return 1; }
283 install_client_conf() {
284 # Install client config
285 if [ "$os" = "SunOS" ] ; then
286 install="install -m 0600 -u ${amanda_user} -g ${amanda_group}"
288 install="install -m 0600 -o ${amanda_user} -g ${amanda_group}"
290 logger "Checking '${SYSCONFDIR}/amanda/amanda-client.conf' file."
291 if [ ! -f ${SYSCONFDIR}/amanda/amanda-client.conf ] ; then
292 logger "Installing amanda-client.conf."
293 log_output_of ${install} ${AMANDAHOMEDIR}/example/amanda-client.conf \
294 ${SYSCONFDIR}/amanda/ || \
295 { logger "WARNING: Could not install amanda-client.conf" ; return 1; }
297 logger "Note: ${SYSCONFDIR}/amanda/amanda-client.conf exists. Please check ${AMANDAHOMEDIR}/example/amanda-client.conf for updates."
302 # Check for existence of and permissions on ${AMTMP}
303 logger "Checking for '${AMTMP}' dir."
304 if [ ! -d ${AMTMP} ]; then
305 logger "Create '${AMTMP}' dir."
306 log_output_of mkdir ${AMTMP} || \
307 { logger "WARNING: Could not create ${AMTMP}." ; return 1; }
308 log_output_of chown ${amanda_user}:${amanda_group} ${AMTMP} || \
309 { logger "WARNING: Could not chown ${AMTMP}" ; return 1; }
313 # ------------- End Post Install Functions -----------------