#!/bin/bash
#==============================================================================
# Copyright and license info is available in the LICENSE file included with
# the Server Deployment Package (SDP), and also available online:
# https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE
#------------------------------------------------------------------------------
set -u
# Usage Summary:
# p4login [<instance> [-s]]
#
# Usage Examples:
# 1. Typical usage for automation, with instance SDP_INSTANCE defined
# by sourcing p4_vars:
# source /p4/common/bin/p4_vars N
# p4login
#
# 2. Specify the 'abc' SDP instance (i.e. /p4/abc).
# p4login abc
#
# 3. Usage to login only the P4USER super user to P4PORT for SDP instance 1,
# honoring the SDP_ALWAYS_LOGIN setting:
# p4login 1 -s
#
# Description:
# p4login generates a login ticket for the SDP super user. It is called
# from cron scripts, and so does not normally generate output to stdout or
# stderr. Behaviour deponds on whether a P4AUTH server is defined, whether
# it is run on a p4d master/commit server or replica/edge, and on whether
# the auth.id configurable is set. If run on a replica, it the service
# user for the replica is also logged in as needed.
#
# It can login automation users defined by the optional SDP_AUTOMATION_USERS
# variable defined in /p4/common/config/p4_N.vars. If defined, this should
# contain a comma-delimited list of automation users, e.g.
# "export SDP_AUTOMATION_USERS=builder,trigger-user,p4review".
#
# The SDP_ALWYAYS_LOGIN variable, if set to 0, will cause p4login to
# first to a 'p4 login -s' check first, and continue with the actual
# login if necessary. If SDP_ALWAYS_LOGIN is set to 1 (the default),
# it will always try to login. Add "export SDP_ALWYAYS_LOGIN=0" to
# /p4/common/config/p4_N.vars to change the default for an instance,
# or to /p4/common/bin/p4_vars to change it globally.
#
# Normally output (stdout and stderr) is logged in $LOGS/p4login.log,
# unless unless SDP_INSTANCE isn't defined, in which case it bails
# immediately.
#
# An exit code of 0 indicates a valid login ticket exists, while a
# non-zero exit code indicates a failure to login.
#
export SDP_INSTANCE=${SDP_INSTANCE:-Unset}
export SDP_INSTANCE=${1:-$SDP_INSTANCE}
declare -i SDP_ALWAYS_LOGIN=${SDP_ALWAYS_LOGIN:-1}
declare -i SuperLoginOnly=0
declare AutomationUsers=${SDP_AUTOMATION_USERS:-""}
declare AuthID=
declare AuthServerPort=
declare Cmd=
declare ServiceUser=
declare TargetServerPort=
declare TicketExpiration=
declare Log=Unset
declare Version=3.1.5
declare -i OverallExitCode=0
declare -i LoginCount=0
function msg () { if [[ $Log != Unset ]]; then echo -e "$*" >> $Log; else echo -e "$*"; fi; }
function cmd () { msg "Executing: $*" >> $Log; $* >> $Log 2>&1 ; return $?; }
function bail () { msg "\nError: ${1:-Unknown Error}"; exit ${2:-1}; }
#------------------------------------------------------------------------------
# Function: login_user ($user, $port)
# Login specififed user into specified port.
# Return 0 if successful, 1 if not.
#------------------------------------------------------------------------------
function login_user () {
declare user=$1
declare port=$2
declare userType=
userType=$($P4BIN -ztag -F %Type% user -o $user)
userType=${userType:-unknown}
msg "Logging user $user (type=$userType) into port: $port."
TicketExpiration=$($P4BIN -ztag -F %TicketExpiration% -p $port -u $user login -s 2>/dev/null)
if [[ $TicketExpiration =~ [0-9]+ ]]; then
# A 'long-term' ticket is one that expires more than a month (31 days + 1 second) from now.
if [[ $TicketExpiration -ge 2678401 ]]; then
msg "User $user logged into $P4PORT with a long-term ticket. Login not required."
if [[ $SDP_ALWAYS_LOGIN -eq 1 ]]; then
msg "Doing login anyway as SDP_ALWAYS_LOGIN is enabled."
if [[ $user == $P4USER ]]; then
LoginCount=$((LoginCount+1))
Cmd="$P4BIN -p $port -u $user -s login -a"
msg Running: $Cmd
$Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1
else
LoginCount=$((LoginCount+1))
if [[ $userType == service ]]; then
Cmd="$P4BIN -p $port -u $P4USER -s login $user"
else
Cmd="$P4BIN -p $port -u $P4USER -s login -a $user"
fi
msg Running: $Cmd
$Cmd >> $Log 2>&1 || return 1
fi
fi
return 0
else
msg "Warning: User $user logged into $P4PORT with a short-term ticket. Attempting to extend."
if [[ $user == $P4USER ]]; then
LoginCount=$((LoginCount+1))
Cmd="$P4BIN -p $port -u $P4USER -s login -a"
msg Running: $Cmd
$Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1
else
LoginCount=$((LoginCount+1))
Cmd="$P4BIN -p $port -u $P4USER -s login -a $user"
msg Running: $Cmd
$Cmd >> $Log 2>&1 || return 1
fi
fi
else
msg "User $user is not logged into $P4PORT. Attempting to login."
if [[ $user == $P4USER ]]; then
LoginCount=$((LoginCount+1))
Cmd="$P4BIN -p $port -u $P4USER -s login -a"
msg Running: $Cmd
$Cmd < /p4/common/config/.p4passwd.${P4SERVER}.admin >> $Log 2>&1 || return 1
else
# We cannot use the '-a' flag to 'p4 login' for service accounts, so
# drop it for service accounts. Otherwise, '-a' is preferred for
# robustness, since certain network interface card (NIC)
# configurations with multiple IPs need tickets not bound to one of
# multiple possible IPs. See 'p4 help login' for more.
LoginCount=$((LoginCount+1))
if [[ $userType == service ]]; then
Cmd="$P4BIN -p $port -u $P4USER -s login $user"
else
Cmd="$P4BIN -p $port -u $P4USER -s login -a $user"
fi
msg Running: $Cmd
$Cmd >> $Log 2>&1 || return 1
fi
fi
}
[[ $SDP_INSTANCE == Unset ]] && \
bail "The \$SDP_INSTANCE setting is not defined. It must be defined by doing:\n\n\tsource /p4/common/bin/p4_vars <instance>\n\nor by passing in the instance name as a parameter to this script.\n"
source /p4/common/bin/p4_vars $SDP_INSTANCE ||\
bail "Failed to load SDP environment for instance $SDP_INSTANCE."
Log=$LOGS/p4login.log
rm -f "$Log"
msg "${0##*/} v$Version Checking login status at $(date +'%a %Y-%m-%d %H:%M:%S %Z').\n"
cmd p4 set P4TICKETS
AuthID=$($P4DBIN -cshow | grep "auth.id" | cut -d ' ' -f 4)
if [[ ${2:-Unset} == "-s" ]]; then
msg "Logging in super user only."
login_user "$P4USER" "$P4PORT" || OverallExitCode=1
LoginCount=1
else
# First, if we are on a replica/edge, login the service user and super
# user to the master server first, then to the local replica.
if [[ -n "$SERVERID" && "$SERVERID" != "$P4MASTER_ID" ]]; then
msg "\nDoing special replica/edge logins."
TargetServerPort=$($P4DBIN -cshow | grep "${SERVERID}: P4TARGET" | cut -d ' ' -f 4)
ServiceUser=$($P4DBIN -cshow | grep "${SERVERID}: serviceUser" | cut -d ' ' -f 4)
if [[ -n "$AuthID" ]]; then
msg "The auth.id configurable is set ($AuthID). Logging in to master P4PORT only."
# Login the $P4USER super user first, whose password must match that
# in /p4/common/config/.p4passwd.${P4SERVER}.admin.
if [[ -n "$TargetServerPort" && -n "$ServiceUser" ]]; then
login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1
login_user "$ServiceUser" "$TargetServerPort" || OverallExitCode=1
else
msg "\nError: This is not the master (ServerID=$SERVERID), but could not determine P4TARGET and/or serviceUser for server $SERVERID."
OverallExitCode=1
login_user "$P4USER" "$TargetServerPort"
login_user "$ServiceUser" "$TargetServerPort"
fi
else
msg "The auth.id configurable is not set. Logging in to both local and P4TARGET ports."
if [[ -n "$TargetServerPort" && -n "$ServiceUser" ]]; then
login_user "$P4USER" "$TargetServerPort" || OverallExitCode=1
login_user "$P4USER" "$P4PORT" || OverallExitCode=1
login_user "$ServiceUser" "$TargetServerPort" || OverallExitCode=1
else
msg "\nError: This is not the master (ServerID=$SERVERID), but could not determine P4TARGET and/or serviceUser for server $SERVERID."
OverallExitCode=1
login_user "$P4USER" "$P4PORT"
fi
# AuthServerPort is the P4AUTH server; it is not related to the auth.id configurable. If a P4AUTH server
# is defined, we need to login there, too.
AuthServerPort=$($P4BIN -p $P4PORT configure show P4AUTH 2>/dev/null)
if [[ -n "$AuthServerPort" ]]; then
AuthServerPort=${AuthServerPort##*=}
AuthServerPort=${AuthServerPort%% *}
msg "Logging into P4AUTH server."
login_user "$ServiceUser" "$AuthServerPort" || OverallExitCode=1
fi
fi
else
msg "\nOperating on master/commit server, skipping replica/edge logins."
login_user "$P4USER" "$P4PORT" || OverallExitCode=1
fi
if [[ -n "$P4BROKERPORT" && "$P4BROKERPORT" != Unset ]]; then
msg Logging $P4USER into broker.
login_user "$P4USER" "$P4BROKERPORT" || OverallExitCode=1
fi
# Next, login other automation users (which may or may not be super users)
# using $P4USER's super powers to log them in without a password.
if [[ -n "$AutomationUsers" ]]; then
msg "\nLogging in special automation users defined by SDP_AUTOMATION_USERS setting in $P4CCFG/${P4SERVER}.vars."
for user in ${AutomationUsers/,/ }; do
msg "Logging in user $user."
login_user "$user" "$P4PORT" || OverallExitCode=1
if [[ -z "$AuthID" ]]; then
if [[ -n "$P4BROKERPORT" && "$P4BROKERPORT" != Unset ]]; then
login_user "$user" "$P4BROKERPORT" || OverallExitCode=1
fi
fi
done
fi
fi
if [[ $OverallExitCode -eq 0 ]]; then
if [[ $LoginCount -gt 0 ]]; then
msg "\nSuccess: All logins were successful, $LoginCount login(s) were needed."
else
msg "\nSuccess: No logins were needed."
fi
else
msg "\nError: Some logins were not successful; $LoginCount were attempted. Review the output above."
fi
exit $OverallExitCode
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #5 | 25113 | Robert Cowham | Merge latest changes from dev | ||
| #4 | 23205 | Robert Cowham | Merged all changes from dev to test | ||
| #3 | 22142 | Robert Cowham | Merge in latest changes from Dev | ||
| #2 | 20726 | Robert Cowham | Catch up from dev | ||
| #1 | 18586 | Robert Cowham | Branching using cowhamr.sdp.dev | ||
| //guest/perforce_software/sdp/dev/Server/Unix/p4/common/bin/p4login | |||||
| #7 | 18209 | Russell C. Jackson (Rusty) |
Added missing auto source of p4_vars to eliminate the need to use p4master_run. Missed in early changes to support that behavior. |
||
| #6 | 16029 | C. Thomas Tyler |
Routine merge to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
| #5 | 15605 | C. Thomas Tyler |
Per review, Rusty noted a preference for the current behvaior, i.e. always doing a login if p4login is called. This version introduces SDP_ALWAYS_LOGIN, which defaults to 1 (enabled), which preserves the traditional 'always login each time the script is run' behavior, while allowing the new 'login only if a ticket is not available' behavior. (An advantage of the traditional behavior is that it fixes the case where a human admin does a 'p4 login' but forgets the '-a' on a server a network card configuration setup such that 'p4 login -a' is required). Customers desiring the 'login only if required' can set SDP_ALWAYS_LOGIN=0 in p4_vars. Also includes style improvements. #review-15606 |
||
| #4 | 15559 | C. Thomas Tyler |
Enhancements to p4login: * Enhanced handling for the cose where p4login is run with no environment defined. * Now checks login status first, and only does a login if ticket expires in less than a month. * Enhanced auditability. * Added comments. #review-15560 |
||
| #3 | 13906 | C. Thomas Tyler |
Normalized P4INSTANCE to SDP_INSTANCE to get Unix/Windows implementations in sync. Reasons: 1. Things that interact with SDP in both Unix and Windows environments shoudn't have to account for this obscure SDP difference between Unix and Windows. (I came across this doing CBD work). 2. The Windows and Unix scripts have different variable names for defining the same concept, the SDP instance. Unix uses P4INSTANCE, while Windows uses SDP_INSTANCE. 3. This instance tag, a data set identifier, is an SDP concept. I prefer the SDP_INSTANCE name over P4INSTANCE, so I prpose to normalize to SDP_INSTANCE. 4. The P4INSTANCE name makes it look like a setting that might be recognized by the p4d itself, which it is not. (There are other such things such as P4SERVER that could perhaps be renamed as a separate task; but I'm not sure we want to totally disallow the P4 prefix for variable names. It looks too right to be wrong in same cases, like P4BIN and P4DBIN. That's a discussion for another day, outside the scope of this task). Meanwhile: * Fixed a bug in the Windows 2013.3 upgrade script that was referencing undefined P4INSTANCE, as the Windows environment defined only SDP_INSTANCE. * Had P4INSTANCE been removed completely, this change would likely cause trouble for users doing updates for existing SDP installations. So, though it involves slight technical debt, I opted to keep a redundant definition of P4INSTANCE in p4_vars.template, with comments indicating SDP_INSTANCE should be used in favor of P4INSTANCE, with a warning that P4INSTANCE may go away in a future release. This should avoid unnecessary upgrade pain. * In mkdirs.sh, the varialbe name was INSTANCE rather than SDP_INSTANCE. I changed that as well. That required manual change rather than sub/replace to avoid corrupting other similar varialbe names (e.g. MASTERINSTANCE). This is a trivial change technically (a substitute/replace, plus tweaks in p4_vars.template), but impacts many files. |
||
| #2 | 12169 | Russell C. Jackson (Rusty) |
Updated copyright date to 2015 Updated shell scripts to require an instance parameter to eliminate the need for calling p4master_run. Python and Perl still need it since you have to set the environment for them to run in. Incorporated comments from reviewers. Left the . instead of source as that seems more common in the field and has the same functionality. |
||
| #1 | 10638 | C. Thomas Tyler | Populate perforce_software-sdp-dev. | ||
| //guest/perforce_software/sdp/main/Server/Unix/p4/common/bin/p4login | |||||
| #1 | 10148 | C. Thomas Tyler | Promoted the Perforce Server Deployment Package to The Workshop. | ||