xcat2 · samveen · Jul 4, 2019
diff --git a/xCAT-genesis-scripts/usr/bin/bmcsetup b/xCAT-genesis-scripts/usr/bin/bmcsetup
@@ -1,3 +1,4 @@
+#!/bin/bash
 # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
 # Lenovo (c) 2016
 #

diff --git a/xCAT-genesis-scripts/usr/bin/diskdiscover b/xCAT-genesis-scripts/usr/bin/diskdiscover
@@ -51,8 +51,8 @@
 # source raidutils
 #
 ###########################################
-str_dir_name=`dirname $0`
-. $str_dir_name/raidutils
+str_dir_name="$(dirname "$0")"
+. "$str_dir_name/raidutils"
 
 
 ############################################
@@ -83,8 +83,8 @@ if [ "x$input" == "x--help" -o "x$input" == "x-h" ]; then
       usagesc
       exit 0
 fi
-if [ -z $input ]; then
+if [ -z "$input" ]; then
       get_all_devices_for_raid
 else
-      get_devices_by_pciid $input
+      get_devices_by_pciid "$input"
 fi
diff --git a/xCAT-genesis-scripts/usr/bin/dodiscovery b/xCAT-genesis-scripts/usr/bin/dodiscovery
@@ -9,8 +9,7 @@ reqtime=0
 maxresptime=180
 
 minixcatd.awk &
-PUBKEY=`openssl rsa -in /etc/xcat/privkey.pem -pubout 2> /dev/null|grep -v "PUBLIC KEY"`
-PUBKEY=`echo $PUBKEY|sed -e 's/ //g'`
+PUBKEY="$(openssl rsa -in /etc/xcat/privkey.pem -pubout 2> /dev/null|awk '!/ PUBLIC KEY/{printf $0}')"
 export PUBKEY
 
 logger -s -t $log_label -p local4.info "Beginning node discovery process..."
@@ -98,8 +97,8 @@ if [ -r /sys/devices/virtual/dmi/id/product_name ]; then  #x86
 			fi
 			if [ -z "$MTM" -o "$MTM" == ":" ]; then
 				logger -s -t $log_label -p local4.warning "Couldn't find MTM information in FRU, falling back to DMI (MTMS-based discovery may fail)"
-				m=`cat /sys/devices/virtual/dmi/id/sys_vendor`
-				n=`cat /sys/devices/virtual/dmi/id/product_name`
+				read -r m </sys/devices/virtual/dmi/id/sys_vendor
+				read -r n </sys/devices/virtual/dmi/id/product_name
 				MTM="$m:$n"
 			fi
 		fi
@@ -128,7 +127,7 @@ elif [ -r /proc/device-tree/model ]; then #POWER
 fi
 
 # The MEMORY will look like this: 32868920
-MEMORY=`cat /proc/meminfo |grep MemTotal|awk '{printf "%.0fMB\n", $2/1024}'`
+MEMORY="$(awk '/MemTotal/{printf "%.0fMB\n", $2/1024}' /proc/meminfo)"
 
 # The DISKSIZE will look like this: sda:960GB,sdb:960GB,sdc:480GB,sdd:480GB (sorted by major,minor)
 DISKSIZE="$(grep -v name /proc/partitions |sort -g -k 1,2 |awk 'BEGIN{sep=""} /[^0-9]$/{printf("%s%s:%.0fGB", sep, $4, $3/1024^2) ; sep=","}')"
@@ -191,7 +190,7 @@ if [ -f "/usr/sbin/dmidecode" ]; then
 	if [ ${onboard#*.} = 0 ]; then
 		truncslot=${onboard%.*}
 		for obslot in `grep $truncslot /sys/class/net/*/device/uevent|sed -e s/.*=//`; do
-			if ! dmidecode -t 41|grep $obslot > /dev/null; then
+			if ! dmidecode -t 41|grep -q $obslot; then
 				obdevs=("${obdevs[@]}" $obslot)
 			fi
 		done
@@ -271,7 +270,7 @@ for dev in `ip link|grep -B1 ether|grep UP|awk '{print $2}'|sed -e s/://|grep -v
         echo "</nic>" >> /tmp/discopacket
 done
 if [ "$UUID" == "unknown" ]; then
-    UUID=`echo $MTM-$SERIAL-$MAC_OF_FIRST_UP_NIC | tr /A-Z/ /a-z/`
+    UUID="${MTM,,}-${SERIAL,,}-${MAC_OF_FIRST_UP_NIC,,}"
     echo "<uuid>$UUID</uuid>" >> /tmp/discopacket
 fi
 echo "<xcatpubkey>$PUBKEY</xcatpubkey>" >> /tmp/discopacket #this is not secure to use by itself, switch sourced pubkey for security

diff --git a/xCAT-genesis-scripts/usr/bin/dosysclone b/xCAT-genesis-scripts/usr/bin/dosysclone
@@ -19,7 +19,7 @@ ping_test
 
 get_scripts_directory
 
-if [ ! -z $HOSTNAME ]; then
+if [ ! -z "$HOSTNAME" ]; then
     logmsg
     logmsg "This hosts name is: $HOSTNAME"
 fi

diff --git a/xCAT-genesis-scripts/usr/bin/doxcat b/xCAT-genesis-scripts/usr/bin/doxcat
@@ -1,3 +1,4 @@
+#!/bin/bash
 #
 # 2013.02.07 Brian Elliott Finley <bfinley@us.ibm.com>
 #   - Added slash in front of "var" in the NICSTOBRINGUP dhclient section.

diff --git a/xCAT-genesis-scripts/usr/bin/getadapter b/xCAT-genesis-scripts/usr/bin/getadapter
@@ -1,5 +1,4 @@
 #!/bin/bash
-#set -x
 
 XCATPORT=3001
 export XCATPORT
@@ -18,35 +17,35 @@ echo "<xcatrequest>
 <command>getadapter</command>
 <action>update</action>"  >> "$ADAPTERFILE"
 
-#scan adapters have recognized by operating system
+# scan adapters that are recognized by operating system
 for n in /sys/class/net/*; do
     nic=${n##/sys/class/net/}
     if [ "$nic" == "lo" ]; then
         continue
     else
         echo '<nic>' >> "$ADAPTERFILE"
-        tmp=`udevadm info /sys/class/net/"$nic" | grep " INTERFACE" | awk -F '=' '{print $2}'`
+        tmp="$(udevadm info "/sys/class/net/$nic" | awk -F '=' '/ INTERFACE/{print $2}')"
         if [ -n "$tmp" ]; then
             echo "<interface>$tmp</interface>" >> "$ADAPTERFILE"
         fi
-        tmp=`udevadm info /sys/class/net/"$nic" | grep ID_NET_NAME | awk -F '=' '{print $2}'|sort -u| tr -s "\n" "/" | sed "s/\/$//g"`
+        tmp="$(udevadm info "/sys/class/net/$nic" | awk -F '=' '/ID_NET_NAME/{print $2}'|sort -u| tr -s "\n" "/" | sed 's#/$##g')"
         if [ -n "$tmp" ]; then
             echo "<predictablename>$tmp</predictablename>" >> "$ADAPTERFILE"
         fi
-        tmp=`udevadm info /sys/class/net/"$nic" | grep DEVPATH | awk -F 'devices' '{print $2}'`
+        tmp="$(udevadm info "/sys/class/net/$nic" | awk -F 'devices' '/DEVPATH/{print $2}')"
         if [ -n "$tmp" ]; then
             echo "<pcilocation>${tmp%/net*}</pcilocation>" >> "$ADAPTERFILE"
         fi
-        echo "<mac>`cat /sys/class/net/$nic/address`</mac>" >> "$ADAPTERFILE"
-        tmp=`udevadm info /sys/class/net/"$nic" | grep ID_VENDOR_FROM_DATABASE | awk -F '=' '{print $2}' | tr -s "\n" "/" | sed "s/\/$//g"`
+        echo "<mac>$(cat "/sys/class/net/$nic/address")</mac>" >> "$ADAPTERFILE"
+        tmp="$(udevadm info "/sys/class/net/$nic" | awk -F '=' '/ID_VENDOR_FROM_DATABASE/{print $2}' | tr -s "\n" "/" | sed 's#/$##g')"
         if [ -n "$tmp" ]; then
             echo "<vendor>$tmp</vendor>" >> "$ADAPTERFILE"
         fi
-        tmp=`udevadm info /sys/class/net/"$nic" | grep ID_MODEL_FROM_DATABASE | awk -F '=' '{print $2}'`
+        tmp="$(udevadm info /sys/class/net/"$nic" | awk -F '=' '/ID_MODEL_FROM_DATABASE/{print $2}')"
         if [ -n "$tmp" ]; then
             echo "<model>$tmp</model>" >> "$ADAPTERFILE"
         fi
-        tmp=`ip link show $nic`
+        tmp="$(ip link show "$nic")"
         if [ -n "$tmp" ]; then
             tmp=${tmp#*state }
             echo "<linkstate>${tmp% mode*}</linkstate>" >> "$ADAPTERFILE"
@@ -55,57 +54,55 @@ for n in /sys/class/net/*; do
     fi
 done
 
-for pci in `lspci |awk '/Ethernet/ {print $1}' `; do
+for pci in $(lspci |awk '/Ethernet/ {print $1}'); do
     if ! grep -q "$pci" "$ADAPTERFILE" 2>/dev/null; then
-        tmp=`lspci |grep "$pci"`
-        echo '<nic>' >> "$ADAPTERFILE"
-        echo "<pcilocation>$pci</pcilocation>" >> "$ADAPTERFILE"
-        echo "<model>${tmp##*:}</model>" >> "$ADAPTERFILE"
-        echo '</nic>' >> "$ADAPTERFILE"
-        fi
+        tmp="$(lspci |grep "$pci")"
+        echo "<nic>
+<pcilocation>$pci</pcilocation>
+<model>${tmp##*:}</model>
+</nic>" >> "$ADAPTERFILE"
+    fi
 done
 
-for pci in `lspci |awk '/Network/ {print $1}' `; do
+for pci in $(lspci |awk '/Network/ {print $1}'); do
     if ! grep -q "$pci" "$ADAPTERFILE" 2>/dev/null; then
-        tmp=`lspci |grep "$pci"`
-        echo '<nic>' >> "$ADAPTERFILE"
-        echo "<pcilocation>$pci</pcilocation>" >> "$ADAPTERFILE"
-        echo "<model>${tmp##*: }</model>" >> "$ADAPTERFILE"
-        echo '</nic>' >> "$ADAPTERFILE"
-        fi
+        tmp="$(lspci |grep "$pci")"
+        cat >> "$ADAPTERFILE" <<_END
+<nic>
+<pcilocation>$pci</pcilocation>
+<model>${tmp##*: }</model>
+</nic>
+_END
+    fi
 done
 
-for pci in `lspci |awk '/Mellanox/ {print $1}' `; do
+for pci in $(lspci |awk '/Mellanox/ {print $1}'); do
     if ! grep -q "$pci" "$ADAPTERFILE" 2>/dev/null; then
-        tmp=`lspci |grep "$pci"`
-        echo '<nic>' >> "$ADAPTERFILE"
-        echo "<pcilocation>$pci</pcilocation>" >> "$ADAPTERFILE"
-        echo "<model>${tmp##*: }</model>" >> "$ADAPTERFILE"
-        echo '</nic>' >> "$ADAPTERFILE"
-        fi
+        tmp="$(lspci |grep "$pci")"
+        cat >> "$ADAPTERFILE" <<_END
+<nic>
+<pcilocation>$pci</pcilocation>
+<model>${tmp##*: }</model>
+</nic>
+_END
+    fi
 done
 
 echo "</xcatrequest>" >> "$ADAPTERFILE"
 
-#cat "$ADAPTERFILE"
-
+if [ -f /etc/xcat/cert.pem -a -f /etc/xcat/certkey.pem ]; then # use client cert if available
+    SSL_CERT_OPTS=( -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem )
+fi
 if [ -n  "$XCATMASTER" ]; then
-    if [ -f /etc/xcat/cert.pem -a -f /etc/xcat/certkey.pem ]; then #use client cert if available
-        echo "using /etc/xcat/certkey.pem and /etc/xcat/cert.pem to transmit scan result to $XCATMASTER" >> "$SCANNICLOG"
-        openssl s_client -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem -connect $XCATMASTER:$XCATPORT  <"$ADAPTERFILE" >>"$SCANNICLOG" 2>&1
-    else
-        echo "transmit scan result without customer certificate to $XCATMASTER" >> "$SCANNICLOG"
-        openssl s_client -connect $XCATMASTER:$XCATPORT  <"$ADAPTERFILE"  >>"$SCANNICLOG" 2>&1
-    fi
+    TARGET="$XCATMASTER"
 else
-    dhcps=`awk -F ' |;' '/dhcp-server/ { print $(NF-1) }' /var/lib/dhclient/dhclient.leases | tail -n 1`
-    if [ -n "$dhcps" ]; then
-        if [ -f /etc/xcat/cert.pem -a -f /etc/xcat/certkey.pem ]; then #use client cert if available
-             echo "using /etc/xcat/certkey.pem and /etc/xcat/cert.pem to transmit scan result to $dhcps" >> "$SCANNICLOG"
-             openssl s_client -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem -connect $dhcps:$XCATPORT  <"$ADAPTERFILE" >>"$SCANNICLOG" 2>&1
-        else
-             echo "transmit scan result without customer certificate to $dhcps" >> "$SCANNICLOG"
-             openssl s_client -connect $dhcps:$XCATPORT  <"$ADAPTERFILE"  >>"$SCANNICLOG" 2>&1
-        fi
+    TARGET="$(awk -F ' |;' '/dhcp-server/ { print $(NF-1) }' /var/lib/dhclient/dhclient.leases | tail -n 1)"
+fi
+if [ -n "$TARGET" ]; then
+    if [[ "${#SSL_CERT_OPTS[@]}" -gt 0 ]]; then # using client cert
+        echo "using /etc/xcat/certkey.pem and /etc/xcat/cert.pem to transmit scan result to $TARGET" >> "$SCANNICLOG"
+    else
+        echo "transmit scan result without client certificate to $TARGET" >> "$SCANNICLOG"
     fi
+    openssl s_client "${SSL_CERT_OPTS[@]}" -connect "$TARGET:$XCATPORT"  <"$ADAPTERFILE"  >>"$SCANNICLOG" 2>&1
 fi
diff --git a/xCAT-genesis-scripts/usr/bin/getcert b/xCAT-genesis-scripts/usr/bin/getcert
@@ -5,37 +5,37 @@ if [ -z "$XCATDEST" ]; then
 	XCATDEST=$1
 fi
 #retry in case certkey.pem is not right, yet
-while ! openssl req -new -key /etc/xcat/certkey.pem -out /tmp/tls.csr -subj "/CN=`hostname`" >& /dev/null; do
+while ! openssl req -new -key /etc/xcat/certkey.pem -out /tmp/tls.csr -subj "/CN=$(hostname)" >& /dev/null; do
 	sleep 1
 done
-echo "<xcatrequest>
-<command>getcredentials</command>
-<arg>x509cert</arg>
-<callback_port>300</callback_port>
-<csr>" > /tmp/certreq.xml
-cat /tmp/tls.csr >> /tmp/certreq.xml
-echo "</csr>
-<sha512sig>
-</sha512sig>
-</xcatrequest>" >> /tmp/certreq.xml
+{
+  cat <<__HEAD 
+<xcatrequest>
+  <command>getcredentials</command>
+  <arg>x509cert</arg>
+  <callback_port>300</callback_port>
+  <csr>
+__HEAD 
+  cat /tmp/tls.csr
+  cat <<__FOOT
+  </csr>
+  <sha512sig>
+  </sha512sig>
+</xcatrequest>
+__FOOT
+} > /tmp/certreq.xml
 openssl dgst -sha512 -out /tmp/certreq.sha512 -sign /etc/xcat/privkey.pem /tmp/certreq.xml #chain off the switch published key
 openssl enc -e -a -in /tmp/certreq.sha512  > /tmp/certreq.b64sig
-cat /tmp/certreq.xml |while read line; do
-        if [ "$line" = "</sha512sig>" ]; then
-                cat /tmp/certreq.b64sig >> /tmp/certreq.xml.new
-        fi
-        echo $line >> /tmp/certreq.xml.new
-done
-mv /tmp/certreq.xml.new /tmp/certreq.xml
-rm /tmp/certreq.b64sig /tmp/certreq.sha512
-cat /tmp/certreq.xml | openssl s_client -connect $XCATDEST -quiet 2> /dev/null > /tmp/certresp.xml
-if grep 'BEGIN CERTIFICATE' /tmp/certresp.xml > /dev/null; then
-	awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' < /tmp/certresp.xml > /etc/xcat/cert.pem
-	#stop transmitting sysDesc, allowing the public key to age out of validity
-	for iface in `grep '^  e' /var/lib/lldpad/lldpad.conf|awk '{print $1}' `; do
-		lldptool -T -i $iface -V sysDesc enableTx=no >& /dev/null
-	done
+sed -i "/^<sha512sig>$/ r /tmp/certreq.b64sig" /tmp/certreq.xml
+openssl s_client -connect "$XCATDEST" -quiet </tmp/certreq.xml 2>/dev/null >/tmp/certresp.xml
+if grep -q 'BEGIN CERTIFICATE' /tmp/certresp.xml ; then
+    awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' < /tmp/certresp.xml > /etc/xcat/cert.pem
+    #stop transmitting sysDesc, allowing the public key to age out of validity
+    while read -r iface ; do
+        lldptool -T -i "$iface" -V sysDesc enableTx=no >& /dev/null
+    done < <(awk '/^  e/{print $1}' /var/lib/lldpad/lldpad.conf)
 fi
+rm /tmp/certreq.b64sig /tmp/certreq.sha512
 rm /tmp/certreq.xml
 rm /tmp/certresp.xml
-kill $CREDPID
+kill "$CREDPID"
diff --git a/xCAT-genesis-scripts/usr/bin/getdestiny b/xCAT-genesis-scripts/usr/bin/getdestiny
@@ -1,30 +1,27 @@
 #!/bin/bash
 if [ -z "$XCATDEST" ]; then
-	XCATDEST=$1
+    XCATDEST="$1"
 fi
 echo "<xcatrequest>
 <command>getdestiny</command>
 <callback_port>300</callback_port>
 </xcatrequest>" > /tmp/destreq.xml
 if [ -f /tmp/destiny.xml ]; then rm /tmp/destiny.xml; fi
-while [ ! -f /tmp/destiny.xml ] || grep error /tmp/destiny.xml; do
-	if [ -f /tmp/destiny.xml ]; then
-		timer=60
-		while [ $timer -gt 0 ]; do
-			echo -en  "Retrying in $timer seconds  \r" >&2
-			sleep 1
-			timer=$(($timer-1));
-		done
-	fi
-	echo "                                                         " >&2
-	if [ -f /etc/xcat/cert.pem -a -f /etc/xcat/certkey.pem ]; then #use client cert if available
-		cat /tmp/destreq.xml | openssl s_client -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem -connect $XCATDEST -quiet 2> /dev/null > /tmp/destiny.xml
-	else
-		cat /tmp/destreq.xml | openssl s_client -connect $XCATDEST -quiet 2> /dev/null > /tmp/destiny.xml
-	fi
+while [[ ! -f /tmp/destiny.xml ]] || grep error /tmp/destiny.xml; do
+    if [[ -f /tmp/destiny.xml ]]; then
+        for ((timer=60; timer>0; --timer)); do
+            echo -en  "Retrying in $timer seconds  \r" >&2
+            sleep 1
+        done
+    fi
+    echo "                                                         " >&2
+    if [ -f /etc/xcat/cert.pem -a -f /etc/xcat/certkey.pem ]; then #use client cert if available
+        SSL_CERT_OPTS=( -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem )
+    fi
+    openssl s_client "${SSL_CERT_OPTS[@]}" -connect "$XCATDEST" -quiet </tmp/destreq.xml 2> /dev/null > /tmp/destiny.xml
 done
 rm /tmp/destreq.xml
-DESTINY=`grep '<destiny>' /tmp/destiny.xml | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'`
+DESTINY="$(awk -F'>' '/<destiny>/{print $2}' /tmp/destiny.xml|awk -F'<' '{print $1}')"
 rm /tmp/destiny.xml
-echo $DESTINY
+echo "$DESTINY"
 
diff --git a/xCAT-genesis-scripts/usr/bin/getipmi b/xCAT-genesis-scripts/usr/bin/getipmi
@@ -10,11 +10,7 @@ fi
 
 # This section only works in genesis
 if [ -z "$XCATDEST" ]; then
-	for parm in `cat /proc/cmdline` ; do
-		if echo $parm |grep xcatd= > /dev/null; then
-			XCATDEST=`echo $parm |awk -F= '{print $2}'`
-		fi
-	done
+    read -r XCATDEST < <(grep xcatd= /proc/cmdline| sed 's/.*xcatd=\([^ ]*\).*/\1/')
 fi
 # This section works in diskless/diskful
 # The environment MASTER_IP and XCATDPORT is exported by mypostscript
@@ -27,10 +23,10 @@ for LANCHAN in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16; do
      then break;
    fi;
 done
-BMCMAC=`ipmitool lan print $LANCHAN|grep ^MAC|awk '{print $4}'` #bmcconfig may opt to use DHCP, if so we need to feed up the mac address
+BMCMAC=$(ipmitool lan print $LANCHAN | awk '/^MAC/{print $4}') #bmcconfig may opt to use DHCP, if so we need to feed up the mac address
 #TODO: need a way to get the DUID the service processor may use, perhaps reserve that for 'ibmsetup' since spec doesn't touch ipv6?
-IPMIMFG=`ipmitool mc info |grep "^Manufacturer ID"|awk  '{print $4}'`
-XPROD=`ipmitool mc info | grep "^Product ID"|awk '{print $4}'`
+IPMIMFG=$(ipmitool mc info | awk  '/^Manufacturer ID/{print $4}')
+XPROD=$(ipmitool mc info | awk '/^Product ID/{print $4}')
 if [ "$IPMIMFG" == "42817" -a "$XPROD" == "16975" ]; then
     ISOPENBMC=1
 else
@@ -45,20 +41,17 @@ echo "<xcatrequest>
 rm -f /tmp/ipmicfg.xml
 while [ ! -f /tmp/ipmicfg.xml ] || grep error /tmp/ipmicfg.xml; do
 	if [ -f /tmp/ipmicfg.xml ]; then
-		timer=60
-		while [ $timer -gt 0 ]; do
+		for ((timer=60; timer > 0; --timer)); do
 			sleep 1
 			echo -en  "Retrying in $timer seconds  \r"
-			timer=$(($timer-1));
 		done
 	fi
 	echo -en "                                                         \r";
 
 	if [ -f /etc/xcat/cert.pem -a -f /etc/xcat/certkey.pem ]; then #use client cert if available
-		cat /tmp/bmcreq.xml | openssl s_client -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem -connect $XCATDEST -quiet 2> /dev/null > /tmp/ipmicfg.xml
-	else
-		cat /tmp/bmcreq.xml | openssl s_client -connect $XCATDEST -quiet 2> /dev/null > /tmp/ipmicfg.xml
+            SSL_CERT_OPTS=( -key /etc/xcat/certkey.pem -cert /etc/xcat/cert.pem )
 	fi
+        openssl s_client "${SSL_CERT_OPTS[@]}" -connect "$XCATDEST" -quiet </tmp/bmcreq.xml 2>/dev/null >/tmp/ipmicfg.xml
 done
 rm /tmp/bmcreq.xml
-kill $CREDPID
+kill "$CREDPID"