Compare commits

..

No commits in common. "646c40daf11b7d40de737dcfd9feb25847674d8e" and "dc1df6671cd220a03da15a53c5870dbd7f0bc07d" have entirely different histories.

7 changed files with 60 additions and 138 deletions

15
addhost
View file

@ -13,12 +13,11 @@ function usage() {
echo " <host> can be an IP number, or something that resolves to one" echo " <host> can be an IP number, or something that resolves to one"
} }
while getopts "bhnp:" this; do while getopts "bhn:" this; do
case "${this}" in case "${this}" in
h) usage; exit 0;; h) usage; exit 0;;
b) cmd_do_bootstrap="yes" ;; b) cmd_do_bootstrap="yes" ;;
n) cmd_fqdn="${OPTARG}" ; shift ;; n) cmd_fqdn="${OPTARG}" ; shift ;;
p) cmd_proxy="${OPTARG}" ; shift ;;
*) echo "Unknown option ${this}"; echo ""; usage; exit 1;; *) echo "Unknown option ${this}"; echo ""; usage; exit 1;;
esac esac
done done
@ -37,10 +36,6 @@ if test -z "$cmd_hostname"; then
exit 1 exit 1
fi fi
if [[ -n $cmd_proxy ]]; then
proxyjump="-o ProxyJump=${cmd_proxy}"
fi
test -f cosmos.conf && . ./cosmos.conf test -f cosmos.conf && . ./cosmos.conf
_remote=${remote:='ro'} _remote=${remote:='ro'}
@ -62,8 +57,8 @@ fi
if [ "$cmd_do_bootstrap" = "yes" ]; then if [ "$cmd_do_bootstrap" = "yes" ]; then
cosmos_deb=$(find apt/ -maxdepth 1 -name 'cosmos_*.deb' | sort -V | tail -1) cosmos_deb=$(find apt/ -maxdepth 1 -name 'cosmos_*.deb' | sort -V | tail -1)
scp $proxyjump "$cosmos_deb" apt/bootstrap-cosmos.sh root@"$cmd_hostname": scp "$cosmos_deb" apt/bootstrap-cosmos.sh root@"$cmd_hostname":
ssh root@"$cmd_hostname" $proxyjump ./bootstrap-cosmos.sh "$cmd_fqdn" "$rrepo" "$rtag" ssh root@"$cmd_hostname" ./bootstrap-cosmos.sh "$cmd_fqdn" "$rrepo" "$rtag"
ssh root@"$cmd_hostname" $proxyjump cosmos update ssh root@"$cmd_hostname" cosmos update
ssh root@"$cmd_hostname" $proxyjump cosmos apply ssh root@"$cmd_hostname" cosmos apply
fi fi

View file

@ -173,15 +173,12 @@ tag_list="$(git tag -l "${tagpfx}-*")"
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [[ ${?} -ne 0 ]] || [[ -z "${tag_list}" ]]; then if [[ ${?} -ne 0 ]] || [[ -z "${tag_list}" ]]; then
if [[ -z ${ALLOW_UNSIGNED_COMMITS_WITHOUT_TAGS} ]]; then
echo "No tags found, verifying all commits instead." echo "No tags found, verifying all commits instead."
echo "Please set environment variable ALLOW_UNSIGNED_COMMITS_WITHOUT_TAGS if you want to disable this check."
# %H = commit hash # %H = commit hash
# %G? = show "G" for a good (valid) signature # %G? = show "G" for a good (valid) signature
git_log="$(git log --pretty="format:%H${t}%G?" \ git_log="$(git log --pretty="format:%H${t}%G?" \
--first-parent \ --first-parent \
| grep -v "${t}G$")" | grep -v "${t}G$")"
fi
else else
@ -258,7 +255,7 @@ while [[ -z "${ok}" ]]; do
esac esac
done done
if [[ "${deftag}" != "${tagpfx}" ]]; then if [ "${deftag}" != "${tagpfx}" ]; then
echo -e "Using new tag \e[94m${this_tag}\e[0m according to pattern in cosmos.conf" echo -e "Using new tag \e[94m${this_tag}\e[0m according to pattern in cosmos.conf"
else else
echo -e "Using new tag \e[94m${this_tag}\e[0m" echo -e "Using new tag \e[94m${this_tag}\e[0m"

View file

@ -26,7 +26,6 @@ found = False
classes = dict() classes = dict()
for reg, cls in rules.items(): for reg, cls in rules.items():
if re.search(reg, node_name): if re.search(reg, node_name):
if cls:
classes.update(cls) classes.update(cls)
found = True found = True

View file

@ -1,11 +0,0 @@
[Unit]
Description=run-cosmos fleetlock unlocker
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/run-cosmos fleetlock-unlock
[Install]
WantedBy=multi-user.target

View file

@ -9,7 +9,6 @@ readonly LOCK_FD=200
readonly FLEETLOCK_CONFIG=/etc/run-cosmos-fleetlock-conf readonly FLEETLOCK_CONFIG=/etc/run-cosmos-fleetlock-conf
readonly FLEETLOCK_DISABLE_FILE=/etc/run-cosmos-fleetlock-disable readonly FLEETLOCK_DISABLE_FILE=/etc/run-cosmos-fleetlock-disable
readonly FLEETLOCK_TOOL=/usr/local/bin/sunet-fleetlock readonly FLEETLOCK_TOOL=/usr/local/bin/sunet-fleetlock
readonly FLEETLOCK_UNLOCK_SERVICE=run-cosmos-fleetlock-unlocker.service
readonly HEALTHCHECK_TOOL=/usr/local/bin/sunet-machine-healthy readonly HEALTHCHECK_TOOL=/usr/local/bin/sunet-machine-healthy
readonly HEALTHCHECK_DISABLE_FILE=/etc/run-cosmos-healthcheck-disable readonly HEALTHCHECK_DISABLE_FILE=/etc/run-cosmos-healthcheck-disable
@ -34,38 +33,8 @@ eexit() {
exit 1 exit 1
} }
oexit() {
local info_str="$*"
echo "$info_str"
exit 0
}
fleetlock_enable_unlock_service() {
# In case e.g. the unit file has been removed "FragmentPath" will still
# return the old filename until daemon-reload is called, so do that here
# before we try checking for the FragmentPath.
need_reload=$(systemctl show --property NeedDaemonReload $FLEETLOCK_UNLOCK_SERVICE | awk -F= '{print $2}')
if [ "$need_reload" = "yes" ]; then
systemctl daemon-reload
fi
unit_file=$(systemctl show --property FragmentPath $FLEETLOCK_UNLOCK_SERVICE | awk -F= '{print $2}')
if [ -z "$unit_file" ]; then
# No unit file matching the service name, do nothing
return 0
fi
# Enable the service if needed
systemctl is-enabled --quiet $FLEETLOCK_UNLOCK_SERVICE || systemctl enable --quiet $FLEETLOCK_UNLOCK_SERVICE
}
fleetlock_lock() { fleetlock_lock() {
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
# Make sure the unlock service is enabled before we take a lock if
# cosmos ends up rebooting the machine before fleetlock_unlock() is
# called.
fleetlock_enable_unlock_service || return 1
local fleetlock_group="" local fleetlock_group=""
# shellcheck source=/dev/null # shellcheck source=/dev/null
. $FLEETLOCK_CONFIG || return 1 . $FLEETLOCK_CONFIG || return 1
@ -97,16 +66,8 @@ fleetlock_unlock() {
machine_is_healthy() { machine_is_healthy() {
if [ ! -f $HEALTHCHECK_DISABLE_FILE ] && [ -x $HEALTHCHECK_TOOL ]; then if [ ! -f $HEALTHCHECK_DISABLE_FILE ] && [ -x $HEALTHCHECK_TOOL ]; then
local fleetlock_healthcheck_timeout=""
local optional_args=()
# shellcheck source=/dev/null
. $FLEETLOCK_CONFIG || return 1
if [ -n "$fleetlock_healthcheck_timeout" ]; then
optional_args+=("--timeout")
optional_args+=("$fleetlock_healthcheck_timeout")
fi
echo "Running any health checks" echo "Running any health checks"
$HEALTHCHECK_TOOL "${optional_args[@]}" || return 1 $HEALTHCHECK_TOOL || return 1
fi fi
return 0 return 0
} }
@ -121,22 +82,11 @@ main () {
touch /var/run/last-cosmos-ok.stamp touch /var/run/last-cosmos-ok.stamp
find /var/lib/puppet/reports/ -type f -mtime +10 -print0 | xargs -0 rm -f find /var/lib/puppet/reports/ -type f -mtime +10 -print0 | xargs -0 rm -f
}
main "$@"
if [ -f /cosmos-reboot ]; then if [ -f /cosmos-reboot ]; then
rm -f /cosmos-reboot rm -f /cosmos-reboot
reboot reboot
fi fi
}
# Most of the time we just pass on any arguments to the underlying cosmos
# tools, if adding special cases here make sure to not shadow any arguments
# (like "-v") which users expect to be passed on to cosmos.
case "$1" in
"fleetlock-unlock")
lock "$PROGNAME" || oexit "$PROGNAME appears locked by a running run-cosmos, let it handle unlocking instead."
fleetlock_unlock || eexit "Unable to release fleetlock lock."
;;
*)
main "$@"
;;
esac

View file

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
ip="${1}" ip="${1}"
ssh_proxy="${2}"
if [[ -z "${ip}" ]]; then if [[ -z "${ip}" ]]; then
echo "Please specify a cloud image host that the script should do the following on:" echo "Please specify a cloud image host that the script should do the following on:"
@ -10,9 +9,6 @@ if [[ -z "${ip}" ]]; then
echo " #4 reboot to start using the new kernel, updated packages etc." echo " #4 reboot to start using the new kernel, updated packages etc."
exit 1 exit 1
fi fi
if [[ -n "${ssh_proxy}" ]]; then
proxyjump="-o ProxyJump=${ssh_proxy}"
fi
set -x set -x
@ -25,5 +21,5 @@ script_dir=$(dirname "$0")
# === # ===
# userdel: user debian is currently used by process 1082 # userdel: user debian is currently used by process 1082
# === # ===
ssh "debian@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-enable-root.sh ssh "debian@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh
ssh "root@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-setup.sh ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh

View file

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
ip="${1}" ip="${1}"
ssh_proxy="${2}"
if [[ -z "${ip}" ]]; then if [[ -z "${ip}" ]]; then
echo "Please specify a cloud image host that the script should do the following on:" echo "Please specify a cloud image host that the script should do the following on:"
@ -11,9 +10,6 @@ if [[ -z "${ip}" ]]; then
exit 1 exit 1
fi fi
if [[ -n "${ssh_proxy}" ]]; then
proxyjump="-o ProxyJump=${ssh_proxy}"
fi
set -x set -x
# Make sure we read the additional scripts from the same directory as # Make sure we read the additional scripts from the same directory as
@ -25,5 +21,5 @@ script_dir=$(dirname "$0")
# === # ===
# userdel: user ubuntu is currently used by process 44063 # userdel: user ubuntu is currently used by process 44063
# === # ===
ssh "ubuntu@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-enable-root.sh ssh "ubuntu@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh
ssh "root@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-setup.sh ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh