#!/bin/bash #============================================================================== # Copyright and license info is available in the LICENSE file included with # the Server Deployment Package (SDP), and also available online: # https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE #------------------------------------------------------------------------------ set -u # Usage Summary: # p4login [ [-s]] # # Usage Examples: # 1. Typical usage for automation, with instance SDP_INSTANCE defined # by sourcing p4_vars: # source /p4/common/bin/p4_vars N # p4login # # 2. Specify the 'abc' SDP instance (i.e. /p4/abc). # p4login abc # # 3. Usage to login only the P4USER super user to P4PORT for SDP instance 1, # honoring the SDP_ALWAYS_LOGIN setting: # p4login 1 -s # # Description: # p4login generates a login ticket for the SDP super user. It is called # from cron scripts, and so does not normally generate output to stdout or # stderr. Behaviour deponds on whether a P4AUTH server is defined, whether # it is run on a p4d master/commit server or replica/edge, and on whether # the auth.id configurable is set. If run on a replica, it the service # user for the replica is also logged in as needed. # # It can login automation users defined by the optional SDP_AUTOMATION_USERS # variable defined in /p4/common/config/p4_N.vars. If defined, this should # contain a comma-delimited list of automation users, e.g. # "export SDP_AUTOMATION_USERS=builder,trigger-user,p4review". # # The SDP_ALWYAYS_LOGIN variable, if set to 0, will cause p4login to # first to a 'p4 login -s' check first, and continue with the actual # login if necessary. If SDP_ALWAYS_LOGIN is set to 1 (the default), # it will always try to login. Add "export SDP_ALWYAYS_LOGIN=0" to # /p4/common/config/p4_N.vars to change the default for an instance, # or to /p4/common/bin/p4_vars to change it globally. # # Normally output (stdout and stderr) is logged in $LOGS/p4login.log, # unless unless SDP_INSTANCE isn't defined, in which case it bails # immediately. # # An exit code of 0 indicates a valid login ticket exists, while a # non-zero exit code indicates a failure to login. # export SDP_INSTANCE=${SDP_INSTANCE:-Unset} export SDP_INSTANCE=${1:-$SDP_INSTANCE} declare -i SDP_ALWAYS_LOGIN=${SDP_ALWAYS_LOGIN:-1} declare -i SuperLoginOnly=0 declare AutomationUsers=${SDP_AUTOMATION_USERS:-""} declare AuthID= declare AuthServerPort= declare Cmd= declare ServiceUser= declare TargetServerPort= declare TicketExpiration= declare Log=Unset declare Version=3.1.5 declare -i OverallExitCode=0 declare -i LoginCount=0 function msg () { if [[ $Log != Unset ]]; then echo -e "$*" >> $Log; else echo -e "$*"; fi; } function cmd () { msg "Executing: $*" >> $Log; $* >> $Log 2>&1 ; return $?; } function bail () { msg "\nError: ${1:-Unknown Error}"; exit ${2:-1}; } #------------------------------------------------------------------------------ # Function: login_user ($user, $port) # Login specififed user into specified port. # Return 0 if successful, 1 if not. #------------------------------------------------------------------------------ function login_user () { declare user=$1 declare port=$2 declare userType= userType=$($P4BIN -ztag -F %Type% user -o $user) userType=${userType:-unknown} msg "Logging user $user (type=$userType) into port: $port." TicketExpiration=$($P4BIN -ztag -F %TicketExpiration% -p $port -u $user login -s 2>/dev/null) if [[ $TicketExpiration =~ [0-9]+ ]]; then # A 'long-term' ticket is one that expires more than a month (31 days + 1 second) from now. if [[ $TicketExpiration -ge 2678401 ]]; then msg "User $user logged into $P4PORT with a long-term ticket. Login not required." if [[ $SDP_ALWAYS_LOGIN -eq 1 ]]; then msg "Doing login anyway as SDP_ALWAYS_LOGIN is enabled." if [[ $user == $P4USER ]]; then LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $user -s login -a" msg Running: $Cmd $Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1 else LoginCount=$((LoginCount+1)) if [[ $userType == service ]]; then Cmd="$P4BIN -p $port -u $P4USER -s login $user" else Cmd="$P4BIN -p $port -u $P4USER -s login -a $user" fi msg Running: $Cmd $Cmd >> $Log 2>&1 || return 1 fi fi return 0 else msg "Warning: User $user logged into $P4PORT with a short-term ticket. Attempting to extend." if [[ $user == $P4USER ]]; then LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $P4USER -s login -a" msg Running: $Cmd $Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1 else LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $P4USER -s login -a $user" msg Running: $Cmd $Cmd >> $Log 2>&1 || return 1 fi fi else msg "User $user is not logged into $P4PORT. Attempting to login." if [[ $user == $P4USER ]]; then LoginCount=$((LoginCount+1)) Cmd="$P4BIN -p $port -u $P4USER -s login -a" msg Running: $Cmd $Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1 else # We cannot use the '-a' flag to 'p4 login' for service accounts, so # drop it for service accounts. Otherwise, '-a' is preferred for # robustness, since certain network interface card (NIC) # configurations with multiple IPs need tickets not bound to one of # multiple possible IPs. See 'p4 help login' for more. LoginCount=$((LoginCount+1)) if [[ $userType == service ]]; then Cmd="$P4BIN -p $port -u $P4USER -s login $user" else Cmd="$P4BIN -p $port -u $P4USER -s login -a $user" fi msg Running: $Cmd $Cmd >> $Log 2>&1 || return 1 fi fi } [[ $SDP_INSTANCE == Unset ]] && \ bail "The \$SDP_INSTANCE setting is not defined. It must be defined by doing:\n\n\tsource /p4/common/bin/p4_vars \n\nor by passing in the instance name as a parameter to this script.\n" source /p4/common/bin/p4_vars $SDP_INSTANCE ||\ bail "Failed to load SDP environment for instance $SDP_INSTANCE." Log=$LOGS/p4login.log rm -f "$Log" msg "${0##*/} v$Version Checking login status at $(date +'%a %Y-%m-%d %H:%M:%S %Z').\n" cmd p4 set P4TICKETS AuthID=$($P4DBIN -cshow | grep "auth.id" | cut -d ' ' -f 4) if [[ ${2:-Unset} == "-s" ]]; then msg "Logging in super user only." login_user "$P4USER" "$P4PORT" || OverallExitCode=1 LoginCount=1 else # First, if we are on a replica/edge, login the service user and super # user to the master server first, then to the local replica. if [[ -n "$SERVERID" && "$SERVERID" != "$P4MASTER_ID" ]]; then msg "\nDoing special replica/edge logins." TargetServerPort=$($P4DBIN -cshow | grep "${SERVERID}: P4TARGET" | cut -d ' ' -f 4) ServiceUser=$($P4DBIN -cshow | grep "${SERVERID}: serviceUser" | cut -d ' ' -f 4) if [[ -n "$AuthID" ]]; then msg "The auth.id configurable is set ($AuthID). Logging in to master P4PORT only." # Login the $P4USER super user first, whose password must match that # in /p4/common/config/.p4passwd.${P4SERVER}.admin. if [[ -n "$TargetServerPort" && -n "$ServiceUser" ]]; then login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1 login_user "$ServiceUser" "$TargetServerPort" || OverallExitCode=1 else msg "\nError: This is not the master (ServerID=$SERVERID), but could not determine P4TARGET and/or serviceUser for server $SERVERID." OverallExitCode=1 login_user "$P4USER" "$TargetServerPort" login_user "$ServiceUser" "$TargetServerPort" fi else msg "The auth.id configurable is not set. Logging in to both local and P4TARGET ports." if [[ -n "$TargetServerPort" && -n "$ServiceUser" ]]; then login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1 login_user "$P4USER" "$P4PORT" || OverallExitCode=1 login_user "$ServiceUser" "$TargetServerPort" || OverallExitCode=1 else msg "\nError: This is not the master (ServerID=$SERVERID), but could not determine P4TARGET and/or serviceUser for server $SERVERID." OverallExitCode=1 login_user "$P4USER" "$P4PORT" fi # AuthServerPort is the P4AUTH server; it is not related to the auth.id configurable. If a P4AUTH server # is defined, we need to login there, too. AuthServerPort=$($P4BIN -p $P4PORT configure show P4AUTH 2>/dev/null) if [[ -n "$AuthServerPort" ]]; then AuthServerPort=${AuthServerPort##*=} AuthServerPort=${AuthServerPort%% *} msg "Logging into P4AUTH server." login_user "$ServiceUser" "$AuthServerPort" || OverallExitCode=1 fi fi else msg "\nOperating on master/commit server, skipping replica/edge logins." login_user "$P4USER" "$P4PORT" || OverallExitCode=1 fi if [[ -n "$P4BROKERPORT" && "$P4BROKERPORT" != Unset ]]; then msg Logging $P4USER into broker. login_user "$P4USER" "$P4BROKERPORT" || OverallExitCode=1 fi # Next, login other automation users (which may or may not be super users) # using $P4USER's super powers to log them in without a password. if [[ -n "$AutomationUsers" ]]; then msg "\nLogging in special automation users defined by SDP_AUTOMATION_USERS setting in $P4CCFG/${P4SERVER}.vars." for user in ${AutomationUsers/,/ }; do msg "Logging in user $user." login_user "$user" "$P4PORT" || OverallExitCode=1 if [[ -z "$AuthID" ]]; then if [[ -n "$P4BROKERPORT" && "$P4BROKERPORT" != Unset ]]; then login_user "$user" "$P4BROKERPORT" || OverallExitCode=1 fi fi done fi fi if [[ $OverallExitCode -eq 0 ]]; then if [[ $LoginCount -gt 0 ]]; then msg "\nSuccess: All logins were successful, $LoginCount login(s) were needed." else msg "\nSuccess: No logins were needed." fi else msg "\nError: Some logins were not successful; $LoginCount were attempted. Review the output above." fi exit $OverallExitCode