From a9fca4619fe7dcb93fca0dd76f7618bd37c85499 Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@sunet.se>
Date: Wed, 9 Apr 2025 18:25:49 +0200
Subject: [PATCH] secrets & fleetlock

---
 .../health-checks.d/lb_healthcheck.py.check   | 71 +++++++++++++++++++
 .../overlay/etc/hiera/data/local.eyaml        | 37 ++++++++++
 .../overlay/etc/hiera/data/local.eyaml        | 37 ++++++++++
 3 files changed, 145 insertions(+)
 create mode 100755 lb-test-common/overlay/etc/sunet-machine-healthy/health-checks.d/lb_healthcheck.py.check
 create mode 100644 lb-test-sthb-1.komreg.net/overlay/etc/hiera/data/local.eyaml
 create mode 100644 lb-test-tug-1.komreg.net/overlay/etc/hiera/data/local.eyaml

diff --git a/lb-test-common/overlay/etc/sunet-machine-healthy/health-checks.d/lb_healthcheck.py.check b/lb-test-common/overlay/etc/sunet-machine-healthy/health-checks.d/lb_healthcheck.py.check
new file mode 100755
index 00000000..4c95aab8
--- /dev/null
+++ b/lb-test-common/overlay/etc/sunet-machine-healthy/health-checks.d/lb_healthcheck.py.check
@@ -0,0 +1,71 @@
+#!/usr/bin/env python3
+
+import yaml
+import subprocess
+import time
+import sys
+
+groupyaml = '/etc/hiera/data/group.yaml'
+
+def get_frontends(data):
+  try:
+    return list(data['sunet_frontend']['load_balancer']['websites'].keys())
+  except KeyError:
+    return []
+
+def check_docker_instance_status(instance):
+  cmd = f"docker inspect -f {r'{{.State.Status}}'} {instance}"
+  result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
+  return result.stdout.strip() == 'running'
+
+def is_exabgp_running():
+  cmd = ["systemctl", "is-active", "exabgp.service"]
+  result = subprocess.run(cmd, capture_output=True, text=True)
+  return result.stdout.strip() == 'active'
+
+def check_docker_instances(instances, max_retries=3, initial_wait=10):
+  for instance in instances:
+    retries = 0
+    while retries < max_retries:
+      if check_docker_instance_status(instance):
+        print(f"Instance: {instance} is running!")
+        break
+      else:
+        print(f"Instance: {instance} is not running! Will try again in {initial_wait * (2**retries)} seconds.")
+        time.sleep(initial_wait * (2**retries))
+        retries += 1
+    if retries == max_retries:
+      print(f"Max retries reached for instance: {instance}, exiting!")
+      sys.exit(1)
+
+def check_exabgp_running(max_retries=3, initial_wait=10):
+  retries = 0
+  while retries < max_retries:
+    if is_exabgp_running():
+      print("ExaBGP service is running!")
+      break
+    else:
+      print(f"Exabgp is not running! Will try again in {initial_wait * (2**retries)} seconds.")
+      time.sleep(initial_wait * (2**retries))
+      retries += 1
+  if retries == max_retries:
+    print(f"Max retries reached for checking if exabgp is running, exiting!")
+    sys.exit(1)
+
+with open(groupyaml, 'r') as f:
+  data = yaml.safe_load(f)
+
+frontends = get_frontends(data)
+instances = []
+
+for frontend in frontends:
+  instances.append(frontend + '-haproxy-1')
+  instances.append(frontend + '-monitor-1')
+  instances.append(frontend + '-config-1')
+
+instances.append('frontend-api-1')
+instances.append('frontend-telegraf-1')
+
+check_exabgp_running()
+check_docker_instances(instances)
+sys.exit(0)
diff --git a/lb-test-sthb-1.komreg.net/overlay/etc/hiera/data/local.eyaml b/lb-test-sthb-1.komreg.net/overlay/etc/hiera/data/local.eyaml
new file mode 100644
index 00000000..d11f2fe1
--- /dev/null
+++ b/lb-test-sthb-1.komreg.net/overlay/etc/hiera/data/local.eyaml
@@ -0,0 +1,37 @@
+---
+acme_c_ssh_key: >
+    ENC[PKCS7,MIIEYQYJKoZIhvcNAQcDoIIEUjCCBE4CAQAxggKFMIICgQIBAD
+    BpMFExCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
+    lBTUwxIjAgBgNVBAMMGWxiLXRlc3Qtc3RoYi0xLmtvbXJlZy5uZXQCFDPHJK
+    g1+IXKHUqBMyiDxc0qhJz2MA0GCSqGSIb3DQEBAQUABIICAHhuZn43Go8j1R
+    taCORk7erdvZaAUeX98O8pBZHbaR7yuTJLk70ek9Kz18oENZgdJshSqHVw0L
+    gGch9FbXxGahhN2qHJ2bilUUHH5MtIyMmOzc92h+s7JaL+IpdU8WT920vmuP
+    gxr0xMZBf9AyBInJIXU8ZDvjDMMpXsAnMypFw8LDgYSPWfbzqH+Pv7p9fx8R
+    EEz/bBJjTQUmUypw8KQj5OMYKIj5uqe47rttwyB/D2y/yDPJPfQtWzihAo2k
+    p3POZ/3FW8+PEqBW10GXE5k+uA6Wp8VUJasoaUkd28j2olvNifAhSM102iDi
+    g5tbieM0GqFSIyCtbQuBAv5p92koiuXVrgMj4IdBDC+In+2HphhmSBQBAwUW
+    lap/yVDzoL7XzPi6dl53vdO7XhtcLNlc/ffU2VdUvmKI4NMP7Rv67AgQj5/n
+    6Wh7HOtU2Ol2i6PqxIZkzb4NaLWpjv3qjYQsOyE/C1reZJ3YyndpbhdZPslP
+    Ve9ZbUMUZtPkkjRzXMEVq65hke9sJH4LclOQ7ebx4Q95ZfzN4EgNjKVj1pVG
+    QvHgeL+MRvljexaprJ51jcQVx66arYhf1y6pcFg+qK7H+KHHBQd1RlZ9sHTO
+    HO0X0MkSIIzxwdL62MsSgbVKsUzsjV5+DB5yKynX3kFXBIcJc2pgjTD2Xyzd
+    I/WTDEqAGmMIIBvgYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQZCxw12Mv0p
+    aDRHbL5iHD6ICCAZCMmoWZzkY94cJmoiWYFSdwcY4llDC90fXX7ZDFVUSpqP
+    +IAPKJ+Y80HFJd+Ijiwu9zwVw792nPQUhmFONgW9FHFn7cQMTxole6k5B8w/
+    eO1QcdiANhA4uJiRLPgN1vxpZO2M+TeBRsiXTqc5YcpaIFiCL6UFI6e6VPNq
+    Ffva1QNHG19kVpJbjefdWQ2zOpIVDPJgK5mvazozscpr0jw5tBhDAfZxQAHK
+    uFWQRD9GK4ECPHuKtOduj2MPri0qOmKV/2rccsRKW0HFqCnCiTSzu9Da3zTK
+    gsm7kIK2knrOsNBUDhPB3wxA9X054FGgwH87d9NRn7js7vZEzHkkERl7EKMs
+    jWYaXlnKIPyV7RlJMouYVJPfG9e93Flsow/ACMUlRhKtFdZ6SYTPWZ5T6DRa
+    VthM6uCKqqPxKWtYonpUWUmpkmKxGx4EuBNZ6fKfruXI1AIU3g1ZJ7QCBJq3
+    hwIbLRkZjv/ae2w4MOJKSobvZ42dPK8Xdzjc7llBb7nLBr5DZoe4OtE771d8
+    c7+rEljSLg]
+
+fleetlock_config:
+  eidas-test-frontends:
+    server: https://fl-test.knubbis.sunet.se
+    password: ENC[PKCS7,MIIC7QYJKoZIhvcNAQcDoIIC3jCCAtoCAQAxggKFMIICgQIBADBpMFExCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxIjAgBgNVBAMMGWxiLXRlc3Qtc3RoYi0xLmtvbXJlZy5uZXQCFDPHJKg1+IXKHUqBMyiDxc0qhJz2MA0GCSqGSIb3DQEBAQUABIICAD1eDj35KDIqkzuuIVyEOgUxI+oxm6xJp4iwkzYOOkIKS7sieYkA/wzxHYqDyg3zJGBxsFrpEpGQRP/rWj9DqCirClnToEoUqrXymSsCD9Gz77gBXZqXmpbICVMVWlOXeZ7LA2g9O8w8OG2AsYKorTC5udEB01mwueZfjmwhKJLWcBU5i6B0BvB1S5SConud9QuV8fx2wr1VMjvEEM5fGanrW6IlXtQuGfdVOiNOjb7v9lvSZ+xk0Xiiix5g++YSUw12MHWQrGTUJbWORlenQS+WZayaEtPcQqOb4W232FarE8OWvOROzozO5+NypQHtC91oMChCd3hByzc2y3+Ls1ZS2Ov+mdbeLvMocjuI6TjGXKhTKd8Iy8pIGKJqO8VhXwNORoBlK2152gqTPyL/1H805HYRbdX12UFqSQIfCliGKtbGFoHAizh3XfFkTEdymV9LSzqR+jqGxQTsLwmbpmPQre7EeEAPHw5R0TU6HutEKUaelJuBm9plYN19gVyRMMgmogNhx1YI/xn6eOd+wqeCW2n47NRN3ogv/PCujIymCOnx/KPSyEaVwc0zXDZYucQT6xvHFXZwEd7H0KEuymSv1POumj+w2HJQxR4x1Thd0K2JK2hZBCjP4BrX7cv+0+AEvNLu64K09AVGRe+TV1WSFQg74tgQKmr2lmPJ6pdbMEwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEEcbWfvYifEn5tvFePnugTyAIC6j/0ddAjdxhSsskddTq4cTtrzTIs+enD6CzNHu4RZq]
+cosmos_fleetlock_config:
+  fleetlock_group: eidas-test-frontends
+  fleetlock_healthcheck_timeout: 300
+  fleetlock_lock_timeout: 300
diff --git a/lb-test-tug-1.komreg.net/overlay/etc/hiera/data/local.eyaml b/lb-test-tug-1.komreg.net/overlay/etc/hiera/data/local.eyaml
new file mode 100644
index 00000000..5f03589f
--- /dev/null
+++ b/lb-test-tug-1.komreg.net/overlay/etc/hiera/data/local.eyaml
@@ -0,0 +1,37 @@
+---
+acme_c_ssh_key: >
+    ENC[PKCS7,MIIEYAYJKoZIhvcNAQcDoIIEUTCCBE0CAQAxggKEMIICgAIBAD
+    BoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
+    lBTUwxITAfBgNVBAMMGGxiLXRlc3QtdHVnLTEua29tcmVnLm5ldAIUMtNt7i
+    vC927EO0MzoBgDN9RQKlcwDQYJKoZIhvcNAQEBBQAEggIAvpKHYl/8mHRYFK
+    huNaGIWN9iOcChLCXqDpoek+SXpwWc2REeXhncDRKpaPwBzEcUoHRg2Bqzhu
+    +/r3I8Lb/FTszvv5CCEGY+jTzoMKcf2uzLSgmsugzQvmdjLlc6XrKZKUmgRo
+    Bt9n/PWqawAPnt9vcjd6Iy3AatI+xFOBeCmJB50pMJOQm8+B4aRGwDypuOTr
+    8obOrXmumOhuJkTLnkEJaee0qU5Be5niT6F8bjzWPM76EtRytNe7MR9bkWQx
+    Okvv3w6sTSUZEev/uW3dRc1NCgvJ58x2DrfwT9SNFP/R/tLmws2uYPJvDU4K
+    /DHbijDJt4Vdl8G7nDK3tdkMh/3gUNxCuew1igxnbkDppKAtr3XuhQsfzkXL
+    sgyIldYbSmgZbQuf+yDzN9meWn5edB4pXNGl1n8mOFPJch/Jjt4Ybwizst8Y
+    59FWhp1xrB+GtXyuMdeVtyX58YEgIRvjVe912RbpFU96VVf2/DQXj2lAmjvj
+    I9RqmjnBY2xBOPKzHV6rdrC9ppawURYxPRGgDOA7JW3+ekoTB1OlF4dxTZD5
+    ytQJygZvAwgVJwAHnhXN0eJZc/ra5qZ2NwXrrTr+HW5cEJo92H5OVVuuh+5H
+    MEITleduAzgQzyUDP+hhrMHSyPe2SP+H8K8EMsH6aYnSBufaUeA38B7394Kc
+    qssyohbRgwggG+BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCd4CyYzajGwN
+    hsVitZsMRbgIIBkIC0NzJK5xrkIvENF1HJ9E35qi1i44LPNXpw4n8JePASLz
+    IMbuog2me03ql+vTR1nGo4g3eUloxTHX+lBIdcKHM0qau38mkqO4jekZm/za
+    56+I8CY7/J+o2lEv1U49+kWU9b/+zJ8ref4kNHVR/EXSK8BneH8+WEHZ5rQT
+    h3+L0fVveJp3PkcZg66BvaUveITqgNfDjG3JWiLhyqU7P49CG3XZ70Y/TzMD
+    jH837Cpkdyj9kiB1xOCc9hJNnnbCpKf4+UIAtwMInDNM/DlZ6yoGpUEssveO
+    kno5P+rAT2AwvOvnIGV10sxrVTNnupTS8XrFDg8hZ4695mRPJ1TLQ1nYzJNk
+    /UUHVGleIjaEMdmgUl3tHTa591LyAnFtrrJ72ifLuh3NxZA/OAEVL75fTsvh
+    TmZtrrFkD6Vg/2SelguTYZxazAt3NSEkuYtmJDAZsLOB/TpvKsJ+SQKc0gTv
+    bYF668aB7wc0w7GZjKQ1fFvjUqtUyXe83in7CrMyTWcDOcbzJ1GJOPmHpnoq
+    sWz3qzS24=]
+
+fleetlock_config:
+  eidas-test-frontends:
+    server: https://fl-test.knubbis.sunet.se
+    password: ENC[PKCS7,MIIC7AYJKoZIhvcNAQcDoIIC3TCCAtkCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiLXRlc3QtdHVnLTEua29tcmVnLm5ldAIUMtNt7ivC927EO0MzoBgDN9RQKlcwDQYJKoZIhvcNAQEBBQAEggIAtdqAewDzon5oPq1tCO2DxJWVPz07K9bRP1//zC5600AhViDrDFtZ5bsf9dsaefgY2YT5QJCcYQiiM6sineDWgK6idXBQQqyrtsMqGOLjClxBwYXYBiK4fdn+8Igr1r88RDJUKSnuXiI8exp7B7yycQUNYnwA5w9pziesGhLGk7ghnbuhhkeBCfZ61xIYQdpgKIFmedmhsubpt4ZDdhok8lYtYhFhlsS4HWTf4Gf38+2h72u5PqC/gK81ylsssSLu+H180gE/lmEaHPZobTtqkCrXdK9h/lGrn7PkJs3odU0O89nYUlkmYp/HHNS0dmFzz7vVgrOhBmeT79DwBZmseWFfWM6nBQ/zDfyuMPOrdwuorMxrJOWXVWglq9HobMIP6eFU0ir3UswR7B1/GoZQLYCUC0uCUCKbVnjQtgfZ9ZHyLCny/leRMgFqneuVURczsrRTh9crL73G6uhgUKqbTG/TRa8as876IGGd0Xrk4q4tUTjGkIXO3pIHN2zI2BiIzFCJSYmvWTAVVY/G0mdqOV1Roa5az3lO0NHB/VHSA99dc5+LOmehvlCW2G5FKXw1O+kNDv4yFV0EeA9vUeKtIghZjOl8jkunW9vECOIoAGpdjlqzslg/jpySmytDnEgFkxke3wDfRcvmYh0Zsu5MT7/nXptc77UMi0HLXXT3O9QwTAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQGk3cpfuOPlPIdT+TKx/PkYAgb+1gj40iL6ErTwruQyPr8B5a8i+cfE3QDUL3slH/ykY=]
+cosmos_fleetlock_config:
+  fleetlock_group: eidas-test-frontends
+  fleetlock_healthcheck_timeout: 300
+  fleetlock_lock_timeout: 300