Compare commits
10 commits
dc1df6671c
...
646c40daf1
Author | SHA1 | Date | |
---|---|---|---|
Johan Wassberg | 646c40daf1 | ||
Johan Wassberg | c72f5ccd86 | ||
b39960484f | |||
Patrik Lundin | df5558befb | ||
Patrik Lundin | 4b93d9c426 | ||
Micke Nordin | cacb97a22c | ||
Johan Wassberg | ecedda68e3 | ||
Micke Nordin | 71e112e009 | ||
1bd6524ad3 | |||
21c0cad8a0 |
15
addhost
15
addhost
|
@ -13,11 +13,12 @@ function usage() {
|
||||||
echo " <host> can be an IP number, or something that resolves to one"
|
echo " <host> can be an IP number, or something that resolves to one"
|
||||||
}
|
}
|
||||||
|
|
||||||
while getopts "bhn:" this; do
|
while getopts "bhnp:" this; do
|
||||||
case "${this}" in
|
case "${this}" in
|
||||||
h) usage; exit 0;;
|
h) usage; exit 0;;
|
||||||
b) cmd_do_bootstrap="yes" ;;
|
b) cmd_do_bootstrap="yes" ;;
|
||||||
n) cmd_fqdn="${OPTARG}" ; shift ;;
|
n) cmd_fqdn="${OPTARG}" ; shift ;;
|
||||||
|
p) cmd_proxy="${OPTARG}" ; shift ;;
|
||||||
*) echo "Unknown option ${this}"; echo ""; usage; exit 1;;
|
*) echo "Unknown option ${this}"; echo ""; usage; exit 1;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
@ -36,6 +37,10 @@ if test -z "$cmd_hostname"; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n $cmd_proxy ]]; then
|
||||||
|
proxyjump="-o ProxyJump=${cmd_proxy}"
|
||||||
|
fi
|
||||||
|
|
||||||
test -f cosmos.conf && . ./cosmos.conf
|
test -f cosmos.conf && . ./cosmos.conf
|
||||||
|
|
||||||
_remote=${remote:='ro'}
|
_remote=${remote:='ro'}
|
||||||
|
@ -57,8 +62,8 @@ fi
|
||||||
|
|
||||||
if [ "$cmd_do_bootstrap" = "yes" ]; then
|
if [ "$cmd_do_bootstrap" = "yes" ]; then
|
||||||
cosmos_deb=$(find apt/ -maxdepth 1 -name 'cosmos_*.deb' | sort -V | tail -1)
|
cosmos_deb=$(find apt/ -maxdepth 1 -name 'cosmos_*.deb' | sort -V | tail -1)
|
||||||
scp "$cosmos_deb" apt/bootstrap-cosmos.sh root@"$cmd_hostname":
|
scp $proxyjump "$cosmos_deb" apt/bootstrap-cosmos.sh root@"$cmd_hostname":
|
||||||
ssh root@"$cmd_hostname" ./bootstrap-cosmos.sh "$cmd_fqdn" "$rrepo" "$rtag"
|
ssh root@"$cmd_hostname" $proxyjump ./bootstrap-cosmos.sh "$cmd_fqdn" "$rrepo" "$rtag"
|
||||||
ssh root@"$cmd_hostname" cosmos update
|
ssh root@"$cmd_hostname" $proxyjump cosmos update
|
||||||
ssh root@"$cmd_hostname" cosmos apply
|
ssh root@"$cmd_hostname" $proxyjump cosmos apply
|
||||||
fi
|
fi
|
||||||
|
|
5
bump-tag
5
bump-tag
|
@ -173,12 +173,15 @@ tag_list="$(git tag -l "${tagpfx}-*")"
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [[ ${?} -ne 0 ]] || [[ -z "${tag_list}" ]]; then
|
if [[ ${?} -ne 0 ]] || [[ -z "${tag_list}" ]]; then
|
||||||
|
|
||||||
|
if [[ -z ${ALLOW_UNSIGNED_COMMITS_WITHOUT_TAGS} ]]; then
|
||||||
echo "No tags found, verifying all commits instead."
|
echo "No tags found, verifying all commits instead."
|
||||||
|
echo "Please set environment variable ALLOW_UNSIGNED_COMMITS_WITHOUT_TAGS if you want to disable this check."
|
||||||
# %H = commit hash
|
# %H = commit hash
|
||||||
# %G? = show "G" for a good (valid) signature
|
# %G? = show "G" for a good (valid) signature
|
||||||
git_log="$(git log --pretty="format:%H${t}%G?" \
|
git_log="$(git log --pretty="format:%H${t}%G?" \
|
||||||
--first-parent \
|
--first-parent \
|
||||||
| grep -v "${t}G$")"
|
| grep -v "${t}G$")"
|
||||||
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
|
@ -255,7 +258,7 @@ while [[ -z "${ok}" ]]; do
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "${deftag}" != "${tagpfx}" ]; then
|
if [[ "${deftag}" != "${tagpfx}" ]]; then
|
||||||
echo -e "Using new tag \e[94m${this_tag}\e[0m according to pattern in cosmos.conf"
|
echo -e "Using new tag \e[94m${this_tag}\e[0m according to pattern in cosmos.conf"
|
||||||
else
|
else
|
||||||
echo -e "Using new tag \e[94m${this_tag}\e[0m"
|
echo -e "Using new tag \e[94m${this_tag}\e[0m"
|
||||||
|
|
|
@ -26,6 +26,7 @@ found = False
|
||||||
classes = dict()
|
classes = dict()
|
||||||
for reg, cls in rules.items():
|
for reg, cls in rules.items():
|
||||||
if re.search(reg, node_name):
|
if re.search(reg, node_name):
|
||||||
|
if cls:
|
||||||
classes.update(cls)
|
classes.update(cls)
|
||||||
found = True
|
found = True
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=run-cosmos fleetlock unlocker
|
||||||
|
After=network-online.target
|
||||||
|
Wants=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/local/bin/run-cosmos fleetlock-unlock
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -9,6 +9,7 @@ readonly LOCK_FD=200
|
||||||
readonly FLEETLOCK_CONFIG=/etc/run-cosmos-fleetlock-conf
|
readonly FLEETLOCK_CONFIG=/etc/run-cosmos-fleetlock-conf
|
||||||
readonly FLEETLOCK_DISABLE_FILE=/etc/run-cosmos-fleetlock-disable
|
readonly FLEETLOCK_DISABLE_FILE=/etc/run-cosmos-fleetlock-disable
|
||||||
readonly FLEETLOCK_TOOL=/usr/local/bin/sunet-fleetlock
|
readonly FLEETLOCK_TOOL=/usr/local/bin/sunet-fleetlock
|
||||||
|
readonly FLEETLOCK_UNLOCK_SERVICE=run-cosmos-fleetlock-unlocker.service
|
||||||
readonly HEALTHCHECK_TOOL=/usr/local/bin/sunet-machine-healthy
|
readonly HEALTHCHECK_TOOL=/usr/local/bin/sunet-machine-healthy
|
||||||
readonly HEALTHCHECK_DISABLE_FILE=/etc/run-cosmos-healthcheck-disable
|
readonly HEALTHCHECK_DISABLE_FILE=/etc/run-cosmos-healthcheck-disable
|
||||||
|
|
||||||
|
@ -33,8 +34,38 @@ eexit() {
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
oexit() {
|
||||||
|
local info_str="$*"
|
||||||
|
|
||||||
|
echo "$info_str"
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
|
||||||
|
fleetlock_enable_unlock_service() {
|
||||||
|
# In case e.g. the unit file has been removed "FragmentPath" will still
|
||||||
|
# return the old filename until daemon-reload is called, so do that here
|
||||||
|
# before we try checking for the FragmentPath.
|
||||||
|
need_reload=$(systemctl show --property NeedDaemonReload $FLEETLOCK_UNLOCK_SERVICE | awk -F= '{print $2}')
|
||||||
|
if [ "$need_reload" = "yes" ]; then
|
||||||
|
systemctl daemon-reload
|
||||||
|
fi
|
||||||
|
|
||||||
|
unit_file=$(systemctl show --property FragmentPath $FLEETLOCK_UNLOCK_SERVICE | awk -F= '{print $2}')
|
||||||
|
if [ -z "$unit_file" ]; then
|
||||||
|
# No unit file matching the service name, do nothing
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Enable the service if needed
|
||||||
|
systemctl is-enabled --quiet $FLEETLOCK_UNLOCK_SERVICE || systemctl enable --quiet $FLEETLOCK_UNLOCK_SERVICE
|
||||||
|
}
|
||||||
|
|
||||||
fleetlock_lock() {
|
fleetlock_lock() {
|
||||||
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
|
if [ ! -f $FLEETLOCK_DISABLE_FILE ] && [ -f $FLEETLOCK_CONFIG ] && [ -x $FLEETLOCK_TOOL ]; then
|
||||||
|
# Make sure the unlock service is enabled before we take a lock if
|
||||||
|
# cosmos ends up rebooting the machine before fleetlock_unlock() is
|
||||||
|
# called.
|
||||||
|
fleetlock_enable_unlock_service || return 1
|
||||||
local fleetlock_group=""
|
local fleetlock_group=""
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. $FLEETLOCK_CONFIG || return 1
|
. $FLEETLOCK_CONFIG || return 1
|
||||||
|
@ -66,8 +97,16 @@ fleetlock_unlock() {
|
||||||
|
|
||||||
machine_is_healthy() {
|
machine_is_healthy() {
|
||||||
if [ ! -f $HEALTHCHECK_DISABLE_FILE ] && [ -x $HEALTHCHECK_TOOL ]; then
|
if [ ! -f $HEALTHCHECK_DISABLE_FILE ] && [ -x $HEALTHCHECK_TOOL ]; then
|
||||||
|
local fleetlock_healthcheck_timeout=""
|
||||||
|
local optional_args=()
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
. $FLEETLOCK_CONFIG || return 1
|
||||||
|
if [ -n "$fleetlock_healthcheck_timeout" ]; then
|
||||||
|
optional_args+=("--timeout")
|
||||||
|
optional_args+=("$fleetlock_healthcheck_timeout")
|
||||||
|
fi
|
||||||
echo "Running any health checks"
|
echo "Running any health checks"
|
||||||
$HEALTHCHECK_TOOL || return 1
|
$HEALTHCHECK_TOOL "${optional_args[@]}" || return 1
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
@ -82,11 +121,22 @@ main () {
|
||||||
touch /var/run/last-cosmos-ok.stamp
|
touch /var/run/last-cosmos-ok.stamp
|
||||||
|
|
||||||
find /var/lib/puppet/reports/ -type f -mtime +10 -print0 | xargs -0 rm -f
|
find /var/lib/puppet/reports/ -type f -mtime +10 -print0 | xargs -0 rm -f
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
|
|
||||||
if [ -f /cosmos-reboot ]; then
|
if [ -f /cosmos-reboot ]; then
|
||||||
rm -f /cosmos-reboot
|
rm -f /cosmos-reboot
|
||||||
reboot
|
reboot
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Most of the time we just pass on any arguments to the underlying cosmos
|
||||||
|
# tools, if adding special cases here make sure to not shadow any arguments
|
||||||
|
# (like "-v") which users expect to be passed on to cosmos.
|
||||||
|
case "$1" in
|
||||||
|
"fleetlock-unlock")
|
||||||
|
lock "$PROGNAME" || oexit "$PROGNAME appears locked by a running run-cosmos, let it handle unlocking instead."
|
||||||
|
fleetlock_unlock || eexit "Unable to release fleetlock lock."
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
main "$@"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
|
ssh_proxy="${2}"
|
||||||
|
|
||||||
if [[ -z "${ip}" ]]; then
|
if [[ -z "${ip}" ]]; then
|
||||||
echo "Please specify a cloud image host that the script should do the following on:"
|
echo "Please specify a cloud image host that the script should do the following on:"
|
||||||
|
@ -9,6 +10,9 @@ if [[ -z "${ip}" ]]; then
|
||||||
echo " #4 reboot to start using the new kernel, updated packages etc."
|
echo " #4 reboot to start using the new kernel, updated packages etc."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
if [[ -n "${ssh_proxy}" ]]; then
|
||||||
|
proxyjump="-o ProxyJump=${ssh_proxy}"
|
||||||
|
fi
|
||||||
|
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
|
@ -21,5 +25,5 @@ script_dir=$(dirname "$0")
|
||||||
# ===
|
# ===
|
||||||
# userdel: user debian is currently used by process 1082
|
# userdel: user debian is currently used by process 1082
|
||||||
# ===
|
# ===
|
||||||
ssh "debian@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh
|
ssh "debian@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-enable-root.sh
|
||||||
ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh
|
ssh "root@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-setup.sh
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
ip="${1}"
|
ip="${1}"
|
||||||
|
ssh_proxy="${2}"
|
||||||
|
|
||||||
if [[ -z "${ip}" ]]; then
|
if [[ -z "${ip}" ]]; then
|
||||||
echo "Please specify a cloud image host that the script should do the following on:"
|
echo "Please specify a cloud image host that the script should do the following on:"
|
||||||
|
@ -10,6 +11,9 @@ if [[ -z "${ip}" ]]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "${ssh_proxy}" ]]; then
|
||||||
|
proxyjump="-o ProxyJump=${ssh_proxy}"
|
||||||
|
fi
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
# Make sure we read the additional scripts from the same directory as
|
# Make sure we read the additional scripts from the same directory as
|
||||||
|
@ -21,5 +25,5 @@ script_dir=$(dirname "$0")
|
||||||
# ===
|
# ===
|
||||||
# userdel: user ubuntu is currently used by process 44063
|
# userdel: user ubuntu is currently used by process 44063
|
||||||
# ===
|
# ===
|
||||||
ssh "ubuntu@${ip}" "bash -s" < "$script_dir"/iaas-enable-root.sh
|
ssh "ubuntu@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-enable-root.sh
|
||||||
ssh "root@${ip}" "bash -s" < "$script_dir"/iaas-setup.sh
|
ssh "root@${ip}" ${proxyjump} "bash -s" < "$script_dir"/iaas-setup.sh
|
||||||
|
|
Loading…
Reference in a new issue