Compare commits
No commits in common. "646c40daf11b7d40de737dcfd9feb25847674d8e" and "dc1df6671cd220a03da15a53c5870dbd7f0bc07d" have entirely different histories.
646c40daf1
...
dc1df6671c
15
addhost
15
addhost
|
@ -13,12 +13,11 @@ function usage() {
|
||||||
echo " <host> can be an IP number, or something that resolves to one"
|
echo " <host> can be an IP number, or something that resolves to one"
|
||||||
}
|
}
|
||||||
|
|
||||||
while getopts "bhnp:" this; do
|
while getopts "bhn:" this; do
|
||||||
case "${this}" in
|
case "${this}" in
|
||||||
h) usage; exit 0;;
|
h) usage; exit 0;;
|
||||||
b) cmd_do_bootstrap="yes" ;;
|
b) cmd_do_bootstrap="yes" ;;
|
||||||
n) cmd_fqdn="${OPTARG}" ; shift ;;
|
n) cmd_fqdn="${OPTARG}" ; shift ;;
|
||||||
p) cmd_proxy="${OPTARG}" ; shift ;;
|
|
||||||
*) echo "Unknown option ${this}"; echo ""; usage; exit 1;;
|
*) echo "Unknown option ${this}"; echo ""; usage; exit 1;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
@ -37,10 +36,6 @@ if test -z "$cmd_hostname"; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n $cmd_proxy ]]; then
|
|
||||||
proxyjump="-o ProxyJump=${cmd_proxy}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
test -f cosmos.conf && . ./cosmos.conf
|
test -f cosmos.conf && . ./cosmos.conf
|
||||||
|
|
||||||
_remote=${remote:='ro'}
|
_remote=${remote:='ro'}
|
||||||
|
@ -62,8 +57,8 @@ fi
|
||||||
|
|
||||||
if [ "$cmd_do_bootstrap" = "yes" ]; then
|
if [ "$cmd_do_bootstrap" = "yes" ]; then
|
||||||
cosmos_deb=$(find apt/ -maxdepth 1 -name 'cosmos_*.deb' | sort -V | tail -1)
|
cosmos_deb=$(find apt/ -maxdepth 1 -name 'cosmos_*.deb' | sort -V | tail -1)
|
||||||
scp $proxyjump "$cosmos_deb" apt/bootstrap-cosmos.sh root@"$cmd_hostname":
|
scp "$cosmos_deb" apt/bootstrap-cosmos.sh root@"$cmd_hostname":
|
||||||
ssh root@"$cmd_hostname" $proxyjump ./bootstrap-cosmos.sh "$cmd_fqdn" "$rrepo" "$rtag"
|
ssh root@"$cmd_hostname" ./bootstrap-cosmos.sh "$cmd_fqdn" "$rrepo" "$rtag"
|
||||||
ssh root@"$cmd_hostname" $proxyjump cosmos update
|
ssh root@"$cmd_hostname" cosmos update
|
||||||
ssh root@"$cmd_hostname" $proxyjump cosmos apply
|
ssh root@"$cmd_hostname" cosmos apply
|
||||||
fi
|
fi
|
||||||
|
|
5
bump-tag
5
bump-tag
|
@ -173,15 +173,12 @@ tag_list="$(git tag -l "${tagpfx}-*")"
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [[ ${?} -ne 0 ]] || [[ -z "${tag_list}" ]]; then
|
if [[ ${?} -ne 0 ]] || [[ -z "${tag_list}" ]]; then
|
||||||
|
|
||||||
if [[ -z ${ALLOW_UNSIGNED_COMMITS_WITHOUT_TAGS} ]]; then
|
|
||||||
echo "No tags found, verifying all commits instead."
|
echo "No tags found, verifying all commits instead."
|
||||||
echo "Please set environment variable ALLOW_UNSIGNED_COMMITS_WITHOUT_TAGS if you want to disable this check."
|
|
||||||
# %H = commit hash
|
# %H = commit hash
|
||||||
# %G? = show "G" for a good (valid) signature
|
# %G? = show "G" for a good (valid) signature
|
||||||
git_log="$(git log --pretty="format:%H${t}%G?" \
|
git_log="$(git log --pretty="format:%H${t}%G?" \
|
||||||
--first-parent \
|
--first-parent \
|
||||||
| grep -v "${t}G$")"
|
| grep -v "${t}G$")"
|
||||||
fi
|
|
||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
|
@ -258,7 +255,7 @@ while [[ -z "${ok}" ]]; do
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
if [[ "${deftag}" != "${tagpfx}" ]]; then
|
if [ "${deftag}" != "${tagpfx}" ]; then
|
||||||
echo -e "Using new tag \e[94m${this_tag}\e[0m according to pattern in cosmos.conf"
|
echo -e "Using new tag \e[94m${this_tag}\e[0m according to pattern in cosmos.conf"
|
||||||
else
|
else
|
||||||
echo -e "Using new tag \e[94m${this_tag}\e[0m"
|
echo -e "Using new tag \e[94m${this_tag}\e[0m"
|
||||||
|
|
|
@ -26,7 +26,6 @@ found = False
|
||||||
classes = dict()
|
classes = dict()
|
||||||
for reg, cls in rules.items():
|
for reg, cls in rules.items():
|
||||||
if re.search(reg, node_name):
|
if re.search(reg, node_name):
|
||||||
if cls:
|
|
||||||
classes.update(cls)
|
classes.update(cls)
|
||||||
found = True
|
found = True
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=run-cosmos fleetlock unlocker
|
|
||||||
After=network-online.target
|
|
||||||
Wants=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
ExecStart=/usr/local/bin/run-cosmos fleetlock-unlock
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -9,7 +9,6 @@ readonly LOCK_FD=200
|
||||||
readonly FLEETLOCK_CONFIG=/etc/run-cosmos-fleetlock-conf
|
readonly FLEETLOCK_CONFIG=/etc/run-cosmos-fleetlock-conf
|
||||||
readonly FLEETLOCK_DISABLE_FILE=/etc/run-cosmos-fleetlock-disable
|
readonly FLEETLOCK_DISABLE_FILE=/etc/run-cosmos-fleetlock-disable
|
||||||
readonly FLEETLOCK_TOOL=/usr/local/bin/sunet-fleetlock
|
readonly FLEETLOCK_TOOL=/usr/local/bin/sunet-fleetlock
|
||||||
readonly FLEETLOCK_UNLOCK_SERVICE=run-cosmos-fleetlock-unlocker.service
|
|
||||||
readonly HEALTHCHECK_TOOL=/usr/local/bin/sunet-machine-healthy
|
readonly HEALTHCHECK_TOOL=/usr/local/bin/sunet-machine-healthy
|
||||||
readonly HEALTHCHECK_DISABLE_FILE=/etc/run-cosmos-healthcheck-disable
|
readonly HEALTHCHECK_DISABLE_FILE=/etc/run-cosmos-healthcheck-disable
|
||||||
|
|
||||||
|
@ -34,38 +33,8 @@ eexit() {
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
oexit() {
|
|
||||||
local info_str="$*"
|
|
||||||
|
|
||||||
echo "$info_str"
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
fleetlock_enable_unlock_service() {
|
|
||||||
# In case e.g. the unit file has been removed "FragmentPath" will still
|
|
||||||
# return the old filename until daemon-reload is called, so do that here
|
|
||||||
# before we try checking for the FragmentPath.
|
|
||||||
need_reload=$(systemctl show --property NeedDaemonReload $FLEETLOCK_UNLOCK_SERVICE | awk -F= '{print $2}')
|
|
||||||
if [ "$need_reload" = "yes" ]; then
|
|
||||||
systemctl daemon-reload
|
|
||||||
fi
|
|
||||||
|
|
||||||
unit_file=$(systemctl show --property FragmentPath $FLEETLOCK_UNLOCK_SERVICE | awk -F= '{print $2}')
|
|
||||||
if [ -z "$unit_file" ]; then
|
|
||||||
# No unit file matching the service name, do nothing
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Enable the service if needed
|
|
||||||
systemctl is-enabled --quiet $FLEETLOCK_UNLOCK_SERVICE || systemctl enable --quiet $FLEETLOCK_UNLOCK_SERVICE
|
|
||||||
}
|
|
||||||
|
|
||||||
fleetlock_lock() {
|
fleetlock_lock() {
|
||||||
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
|
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
|
||||||
# Make sure the unlock service is enabled before we take a lock if
|
|
||||||
# cosmos ends up rebooting the machine before fleetlock_unlock() is
|
|
||||||
# called.
|
|
||||||
fleetlock_enable_unlock_service || return 1
|
|
||||||
local fleetlock_group=""
|
local fleetlock_group=""
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. $FLEETLOCK_CONFIG || return 1
|
. $FLEETLOCK_CONFIG || return 1
|
||||||
|
@ -97,16 +66,8 @@ fleetlock_unlock() {
|
||||||
|
|
||||||
machine_is_healthy() {
|
machine_is_healthy() {
|
||||||
if [ ! -f $HEALTHCHECK_DISABLE_FILE ] && [ -x $HEALTHCHECK_TOOL ]; then
|
if [ ! -f $HEALTHCHECK_DISABLE_FILE ] && [ -x $HEALTHCHECK_TOOL ]; then
|
||||||
local fleetlock_healthcheck_timeout=""
|
|
||||||
local optional_args=()
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
. $FLEETLOCK_CONFIG || return 1
|
|
||||||
if [ -n "$fleetlock_healthcheck_timeout" ]; then
|
|
||||||
optional_args+=("--timeout")
|
|
||||||
optional_args+=("$fleetlock_healthcheck_timeout")
|
|
||||||
fi
|
|
||||||
echo "Running any health checks"
|
echo "Running any health checks"
|
||||||
$HEALTHCHECK_TOOL "${optional_args[@]}" || return 1
|
$HEALTHCHECK_TOOL || return 1
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
@ -121,22 +82,11 @@ main () {
|
||||||
touch /var/run/last-cosmos-ok.stamp
|
touch /var/run/last-cosmos-ok.stamp
|
||||||
|
|
||||||
find /var/lib/puppet/reports/ -type f -mtime +10 -print0 | xargs -0 rm -f
|
find /var/lib/puppet/reports/ -type f -mtime +10 -print0 | xargs -0 rm -f
|
||||||
|
}
|
||||||
|
|
||||||
|
main "$@"
|
||||||
|
|
||||||
if [ -f /cosmos-reboot ]; then
|
if [ -f /cosmos-reboot ]; then
|
||||||
rm -f /cosmos-reboot
|
rm -f /cosmos-reboot
|
||||||
reboot
|
reboot
|
||||||
fi
|
fi
|
||||||
}
|
|
||||||
|
|
||||||
# Most of the time we just pass on any arguments to the underlying cosmos
|
|
||||||
# tools, if adding special cases here make sure to not shadow any arguments
|
|
||||||
# (like "-v") which users expect to be passed on to cosmos.
|
|
||||||
case "$1" in
|
|
||||||
"fleetlock-unlock")
|
|
||||||
lock "$PROGNAME" || oexit "$PROGNAME appears locked by a running run-cosmos, let it handle unlocking instead."
|
|
||||||
fleetlock_unlock || eexit "Unable to release fleetlock lock."
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
main "$@"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
ssh_proxy="${2}"
|
|
||||||
|
|
||||||
if [[ -z "${ip}" ]]; then
|
if [[ -z "${ip}" ]]; then
|
||||||
echo "Please specify a cloud image host that the script should do the following on:"
|
echo "Please specify a cloud image host that the script should do the following on:"
|
||||||
|
@ -10,9 +9,6 @@ if [[ -z "${ip}" ]]; then
|
||||||
echo " #4 reboot to start using the new kernel, updated packages etc."
|
echo " #4 reboot to start using the new kernel, updated packages etc."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if [[ -n "${ssh_proxy}" ]]; then
|
|
||||||
proxyjump="-o ProxyJump=${ssh_proxy}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
|
@ -25,5 +21,5 @@ script_dir=$(dirname "$0")
|
||||||
# ===
|
# ===
|
||||||
# userdel: user debian is currently used by process 1082
|
# userdel: user debian is currently used by process 1082
|
||||||
# ===
|
# ===
|
||||||
ssh "debian@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-enable-root.sh
|
ssh "debian@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh
|
||||||
ssh "root@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-setup.sh
|
ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
ssh_proxy="${2}"
|
|
||||||
|
|
||||||
if [[ -z "${ip}" ]]; then
|
if [[ -z "${ip}" ]]; then
|
||||||
echo "Please specify a cloud image host that the script should do the following on:"
|
echo "Please specify a cloud image host that the script should do the following on:"
|
||||||
|
@ -11,9 +10,6 @@ if [[ -z "${ip}" ]]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "${ssh_proxy}" ]]; then
|
|
||||||
proxyjump="-o ProxyJump=${ssh_proxy}"
|
|
||||||
fi
|
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
# Make sure we read the additional scripts from the same directory as
|
# Make sure we read the additional scripts from the same directory as
|
||||||
|
@ -25,5 +21,5 @@ script_dir=$(dirname "$0")
|
||||||
# ===
|
# ===
|
||||||
# userdel: user ubuntu is currently used by process 44063
|
# userdel: user ubuntu is currently used by process 44063
|
||||||
# ===
|
# ===
|
||||||
ssh "ubuntu@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-enable-root.sh
|
ssh "ubuntu@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh
|
||||||
ssh "root@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-setup.sh
|
ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh
|
||||||
|
|
Loading…
Reference in a new issue