def check_systemd_services(): "verify that systemd services are healthy and working" config = configuration.get_config() servicemap = yaml.safe_load( resource.get("//spire/resources:servicemap.yaml")) for service in servicemap["services"]: name = service["name"] kinds = service["kinds"] if len(kinds) == 0: raise Exception( "must have at least one kind specified in servicemap entry for %s" % name) for kind in kinds: if kind not in configuration.Node.VALID_NODE_KINDS: raise Exception("unknown kind: %s" % kind) for node in config.nodes: should_run = node.kind in kinds state = "active" if should_run else "inactive" instance = "%s:9100" % node.external_dns_name() expect_prometheus_query_bool( 'node_systemd_unit_state{instance=%s,name=%s,state="%s"}' % (repr(instance), repr(name), state), "node %s is %s service %s" % (node.hostname, "not running" if should_run else "running", name), # in the case that the service has never ran on this host, the node exporter won't report it, so that's # fine -- as long as we didn't expect it to be running anyway. accept_missing=(not should_run)) print("validated state of %d services" % len(servicemap["services"])) expect_prometheus_query_exact('sum(node_systemd_system_running)', len(config.nodes), "service management is running")
def __init__(self, obj, **kwargs): super(Player, self).__init__(obj) self.movement = movement.Momentum() self.size = vector(32, 32) self.image = pygame.transform.scale(resource.get('characters')[0][0], self.size) self.keys = {} self.new_keys = set() print 'instantiated player'
def fetch_signed_url(url: str, signature_url: str) -> bytes: signature = fetch_url(signature_url) data = fetch_url(url) keyring = resource.get("//upload:keyring.gpg") if not verify_gpg_signature(data, signature, keyring): command.fail("signature verification FAILED on %s!" % url) return data
def setup_supervisor_ssh(ops: command.Operations) -> None: "configure supervisor SSH access" config = configuration.get_config() for node in config.nodes: if node.kind != "supervisor": continue ssh_config = resource.get("//spire/resources:sshd_config") ssh_upload_bytes(ops, "upload new ssh configuration to @HOST", node, ssh_config, "/etc/ssh/sshd_config") ssh_cmd(ops, "reload ssh configuration on @HOST", node, "systemctl", "restart", "ssh") ssh_raw(ops, "shift aside old authorized_keys on @HOST", node, "if [ -f /root/.ssh/authorized_keys ]; then " + "mv /root/.ssh/authorized_keys " + "/root/original_authorized_keys; fi")
def gen_iso(iso_image, authorized_key, mode=None): "generate ISO" with tempfile.TemporaryDirectory() as d: config = configuration.get_config() inclusion = [] with open(os.path.join(d, "dns_bootstrap_lines"), "w") as outfile: outfile.write(setup.dns_bootstrap_lines()) inclusion += ["dns_bootstrap_lines"] util.copy(authorized_key, os.path.join(d, "authorized.pub")) util.writefile(os.path.join(d, "keyservertls.pem"), authority.get_pubkey_by_filename("./clusterca.pem")) inclusion += ["authorized.pub", "keyservertls.pem"] os.makedirs(os.path.join(d, "var/lib/dpkg/info")) scripts = { "//spire/resources:postinstall.sh": "postinstall.sh", "//spire/resources:prepartition.sh": "prepartition.sh", "//spire/resources:netcfg.postinst": "var/lib/dpkg/info/netcfg.postinst", } for source, destination in sorted(scripts.items()): resource.extract(source, os.path.join(d, destination)) os.chmod(os.path.join(d, destination), 0o755) inclusion.append(destination) util.writefile(os.path.join(d, "keyserver.domain"), configuration.get_keyserver_domain().encode()) inclusion.append("keyserver.domain") util.writefile(os.path.join(d, "vlan.txt"), b"%d\n" % config.vlan) inclusion.append("vlan.txt") resource.extract("//spire/resources:sshd_config", os.path.join(d, "sshd_config.new")) preseeded = resource.get("//spire/resources:preseed.cfg.in") generated_password = util.pwgen(20) creation_time = datetime.datetime.now().isoformat() git_hash = metadata.get_git_version().encode() add_password_to_log(generated_password, creation_time) print("generated password added to log") preseeded = preseeded.replace(b"{{HASH}}", util.mkpasswd(generated_password)) preseeded = preseeded.replace(b"{{BUILDDATE}}", creation_time.encode()) preseeded = preseeded.replace(b"{{GITHASH}}", git_hash) mirror = config.mirror if mirror.count("/") < 1 or mirror.count(".") < 1: command.fail( "invalid mirror specification '%s'; must be of the form HOST.NAME/PATH" ) mirror_host, mirror_dir = mirror.split("/", 1) preseeded = preseeded.replace(b"{{MIRROR-HOST}}", mirror_host.encode()) preseeded = preseeded.replace(b"{{MIRROR-DIR}}", ("/" + mirror_dir).encode()) preseeded = preseeded.replace(b"{{KERBEROS-REALM}}", config.realm.encode()) cidr_nodes = config.cidr_nodes node_cidr_prefix = ".".join( str(cidr_nodes.network_address).split(".")[:-1]) + "." preseeded = preseeded.replace(b"{{IP-PREFIX}}", node_cidr_prefix.encode()) node_cidr_gateway = next(cidr_nodes.hosts()) preseeded = preseeded.replace(b"{{GATEWAY}}", str(node_cidr_gateway).encode()) preseeded = preseeded.replace(b"{{NETMASK}}", str(cidr_nodes.netmask).encode()) preseeded = preseeded.replace( b"{{NAMESERVERS}}", " ".join(str(server_ip) for server_ip in config.dns_upstreams).encode()) util.writefile(os.path.join(d, "preseed.cfg"), preseeded) inclusion += ["sshd_config.new", "preseed.cfg"] for package_name, (short_filename, package_bytes) in packages.verified_download_full( PACKAGES).items(): if ("/" in short_filename or not short_filename.startswith(package_name + "_") or not short_filename.endswith("_amd64.deb")): raise ValueError("invalid package name: %s for %s" % (short_filename, package_name)) util.writefile(os.path.join(d, short_filename), package_bytes) inclusion.append(short_filename) cddir = os.path.join(d, "cd") os.mkdir(cddir) subprocess.check_call( ["bsdtar", "-C", cddir, "-xzf", "/usr/share/homeworld/debian.iso"]) subprocess.check_call(["chmod", "+w", "--recursive", cddir]) if mode is not None: if mode not in MODES: command.fail("no such ISO mode: %s" % mode) MODES[mode](d, cddir, inclusion) with gzip.open(os.path.join(cddir, "initrd.gz"), "ab") as f: f.write( subprocess.check_output( ["cpio", "--create", "--format=newc"], input="".join("%s\n" % filename for filename in inclusion).encode(), cwd=d)) files_for_md5sum = subprocess.check_output( ["find", ".", "-follow", "-type", "f", "-print0"], cwd=cddir).decode().split("\0") files_for_md5sum = [x for x in files_for_md5sum if x] md5s = subprocess.check_output(["md5sum", "--"] + files_for_md5sum, cwd=cddir) util.writefile(os.path.join(cddir, "md5sum.txt"), md5s) temp_iso = os.path.join(d, "temp.iso") subprocess.check_call([ "xorriso", "-as", "mkisofs", "-quiet", "-o", temp_iso, "-r", "-J", "-c", "boot.cat", "-b", "isolinux.bin", "-no-emul-boot", "-boot-load-size", "4", "-boot-info-table", cddir ]) subprocess.check_call(["isohybrid", "-h", "64", "-s", "32", temp_iso]) util.copy(temp_iso, iso_image)
def get_apt_branch(): return resource.get("//upload:BRANCH_NAME").decode().rstrip()
def get_git_version(): return resource.get("//version:GIT_VERSION").decode().rstrip()
def get_apt_url(): return resource.get("//upload:DOWNLOAD_URL").decode().rstrip()
def __init__(self, filename_or_contents, load=True): if load: filename_or_contents = resource.get(filename_or_contents).decode() self._template = filename_or_contents.split("\n")
def __init__(self, o): super(Block, self).__init__(o) corners = [vector(0,0), vector(0, 32), vector(32, 32), vector(32, 0)] corners = [o.pos + v for v in corners] self.edges = [edge.Edge(corners[i], corners[(i+1)%len(corners)]) for i in range(len(corners))] self.image = pygame.transform.scale(resource.get('blocks')[2][15], (32, 32))
def get_single_kube_spec(path: str, extra_kvs: dict = None) -> str: templ = resource.get(path).decode() return template.yaml_template(templ, get_kube_spec_vars(extra_kvs))
self.hostname = config["hostname"] self.kind = config["kind"] self.ip = IPv4Address(config["ip"]) self.main_config = main_config if self.kind not in Node.VALID_NODE_KINDS: raise Exception("invalid node kind: %s" % self.kind) def __repr__(self): return "%s node %s (%s)" % (self.kind, self.hostname, self.ip) def external_dns_name(self): return "%s.%s" % (self.hostname, self.main_config.external_domain) SCHEMA = yaml.safe_load(resource.get("//spire/resources:setup-schema.yaml")) class Config: def __init__(self, kv: dict): jsonschema.validate(kv, SCHEMA) self.external_domain = kv["cluster"]["external-domain"] self.internal_domain = kv["cluster"]["internal-domain"] self.etcd_token = kv["cluster"]["etcd-token"] self.realm = kv["cluster"]["kerberos-realm"] self.mirror = kv["cluster"]["mirror"] self.user_grant_domain = kv["cluster"]["user-grant-domain"] self.user_grant_email_domain = kv["cluster"]["user-grant-email-domain"] # the vlan on the trunk that each server needs to attach to in order to access the internet. "0" to represent
def __init__(self, data): for key, val in {k: d for k, d in data.items() if k in CARD_ATTRIBUTES}.items(): setattr(self, key, val) self.template = resource.get("textures/card.png", sf.Texture) self.texture = resource.get("textures/%s" % self.img_path, sf.Texture) self.font = resource.get("fonts/CPB.otf", sf.Font)