def check_systemd_services():
"verify that systemd services are healthy and working"
config = configuration.get_config()
servicemap = yaml.safe_load(
resource.get("//spire/resources:servicemap.yaml"))
for service in servicemap["services"]:
name = service["name"]
kinds = service["kinds"]
if len(kinds) == 0:
raise Exception(
"must have at least one kind specified in servicemap entry for %s"
% name)
for kind in kinds:
if kind not in configuration.Node.VALID_NODE_KINDS:
raise Exception("unknown kind: %s" % kind)
for node in config.nodes:
should_run = node.kind in kinds
state = "active" if should_run else "inactive"
instance = "%s:9100" % node.external_dns_name()
expect_prometheus_query_bool(
'node_systemd_unit_state{instance=%s,name=%s,state="%s"}' %
(repr(instance), repr(name), state),
"node %s is %s service %s" %
(node.hostname, "not running" if should_run else "running",
name),
# in the case that the service has never ran on this host, the node exporter won't report it, so that's
# fine -- as long as we didn't expect it to be running anyway.
accept_missing=(not should_run))
print("validated state of %d services" % len(servicemap["services"]))
expect_prometheus_query_exact('sum(node_systemd_system_running)',
len(config.nodes),
"service management is running")
def __init__(self, obj, **kwargs):
super(Player, self).__init__(obj)
self.movement = movement.Momentum()
self.size = vector(32, 32)
self.image = pygame.transform.scale(resource.get('characters')[0][0], self.size)
self.keys = {}
self.new_keys = set()
print 'instantiated player'
def fetch_signed_url(url: str, signature_url: str) -> bytes:
signature = fetch_url(signature_url)
data = fetch_url(url)
keyring = resource.get("//upload:keyring.gpg")
if not verify_gpg_signature(data, signature, keyring):
command.fail("signature verification FAILED on %s!" % url)
return data
def setup_supervisor_ssh(ops: command.Operations) -> None:
"configure supervisor SSH access"
config = configuration.get_config()
for node in config.nodes:
if node.kind != "supervisor":
continue
ssh_config = resource.get("//spire/resources:sshd_config")
ssh_upload_bytes(ops, "upload new ssh configuration to @HOST", node, ssh_config, "/etc/ssh/sshd_config")
ssh_cmd(ops, "reload ssh configuration on @HOST", node, "systemctl", "restart", "ssh")
ssh_raw(ops, "shift aside old authorized_keys on @HOST", node,
"if [ -f /root/.ssh/authorized_keys ]; then " +
"mv /root/.ssh/authorized_keys " +
"/root/original_authorized_keys; fi")
def gen_iso(iso_image, authorized_key, mode=None):
"generate ISO"
with tempfile.TemporaryDirectory() as d:
config = configuration.get_config()
inclusion = []
with open(os.path.join(d, "dns_bootstrap_lines"), "w") as outfile:
outfile.write(setup.dns_bootstrap_lines())
inclusion += ["dns_bootstrap_lines"]
util.copy(authorized_key, os.path.join(d, "authorized.pub"))
util.writefile(os.path.join(d, "keyservertls.pem"),
authority.get_pubkey_by_filename("./clusterca.pem"))
inclusion += ["authorized.pub", "keyservertls.pem"]
os.makedirs(os.path.join(d, "var/lib/dpkg/info"))
scripts = {
"//spire/resources:postinstall.sh":
"postinstall.sh",
"//spire/resources:prepartition.sh":
"prepartition.sh",
"//spire/resources:netcfg.postinst":
"var/lib/dpkg/info/netcfg.postinst",
}
for source, destination in sorted(scripts.items()):
resource.extract(source, os.path.join(d, destination))
os.chmod(os.path.join(d, destination), 0o755)
inclusion.append(destination)
util.writefile(os.path.join(d, "keyserver.domain"),
configuration.get_keyserver_domain().encode())
inclusion.append("keyserver.domain")
util.writefile(os.path.join(d, "vlan.txt"), b"%d\n" % config.vlan)
inclusion.append("vlan.txt")
resource.extract("//spire/resources:sshd_config",
os.path.join(d, "sshd_config.new"))
preseeded = resource.get("//spire/resources:preseed.cfg.in")
generated_password = util.pwgen(20)
creation_time = datetime.datetime.now().isoformat()
git_hash = metadata.get_git_version().encode()
add_password_to_log(generated_password, creation_time)
print("generated password added to log")
preseeded = preseeded.replace(b"{{HASH}}",
util.mkpasswd(generated_password))
preseeded = preseeded.replace(b"{{BUILDDATE}}", creation_time.encode())
preseeded = preseeded.replace(b"{{GITHASH}}", git_hash)
mirror = config.mirror
if mirror.count("/") < 1 or mirror.count(".") < 1:
command.fail(
"invalid mirror specification '%s'; must be of the form HOST.NAME/PATH"
)
mirror_host, mirror_dir = mirror.split("/", 1)
preseeded = preseeded.replace(b"{{MIRROR-HOST}}", mirror_host.encode())
preseeded = preseeded.replace(b"{{MIRROR-DIR}}",
("/" + mirror_dir).encode())
preseeded = preseeded.replace(b"{{KERBEROS-REALM}}",
config.realm.encode())
cidr_nodes = config.cidr_nodes
node_cidr_prefix = ".".join(
str(cidr_nodes.network_address).split(".")[:-1]) + "."
preseeded = preseeded.replace(b"{{IP-PREFIX}}",
node_cidr_prefix.encode())
node_cidr_gateway = next(cidr_nodes.hosts())
preseeded = preseeded.replace(b"{{GATEWAY}}",
str(node_cidr_gateway).encode())
preseeded = preseeded.replace(b"{{NETMASK}}",
str(cidr_nodes.netmask).encode())
preseeded = preseeded.replace(
b"{{NAMESERVERS}}",
" ".join(str(server_ip)
for server_ip in config.dns_upstreams).encode())
util.writefile(os.path.join(d, "preseed.cfg"), preseeded)
inclusion += ["sshd_config.new", "preseed.cfg"]
for package_name, (short_filename,
package_bytes) in packages.verified_download_full(
PACKAGES).items():
if ("/" in short_filename
or not short_filename.startswith(package_name + "_")
or not short_filename.endswith("_amd64.deb")):
raise ValueError("invalid package name: %s for %s" %
(short_filename, package_name))
util.writefile(os.path.join(d, short_filename), package_bytes)
inclusion.append(short_filename)
cddir = os.path.join(d, "cd")
os.mkdir(cddir)
subprocess.check_call(
["bsdtar", "-C", cddir, "-xzf", "/usr/share/homeworld/debian.iso"])
subprocess.check_call(["chmod", "+w", "--recursive", cddir])
if mode is not None:
if mode not in MODES:
command.fail("no such ISO mode: %s" % mode)
MODES[mode](d, cddir, inclusion)
with gzip.open(os.path.join(cddir, "initrd.gz"), "ab") as f:
f.write(
subprocess.check_output(
["cpio", "--create", "--format=newc"],
input="".join("%s\n" % filename
for filename in inclusion).encode(),
cwd=d))
files_for_md5sum = subprocess.check_output(
["find", ".", "-follow", "-type", "f", "-print0"],
cwd=cddir).decode().split("\0")
files_for_md5sum = [x for x in files_for_md5sum if x]
md5s = subprocess.check_output(["md5sum", "--"] + files_for_md5sum,
cwd=cddir)
util.writefile(os.path.join(cddir, "md5sum.txt"), md5s)
temp_iso = os.path.join(d, "temp.iso")
subprocess.check_call([
"xorriso", "-as", "mkisofs", "-quiet", "-o", temp_iso, "-r", "-J",
"-c", "boot.cat", "-b", "isolinux.bin", "-no-emul-boot",
"-boot-load-size", "4", "-boot-info-table", cddir
])
subprocess.check_call(["isohybrid", "-h", "64", "-s", "32", temp_iso])
util.copy(temp_iso, iso_image)
def get_apt_branch():
return resource.get("//upload:BRANCH_NAME").decode().rstrip()
def get_git_version():
return resource.get("//version:GIT_VERSION").decode().rstrip()
def get_apt_url():
return resource.get("//upload:DOWNLOAD_URL").decode().rstrip()
def __init__(self, filename_or_contents, load=True):
if load:
filename_or_contents = resource.get(filename_or_contents).decode()
self._template = filename_or_contents.split("\n")
def __init__(self, o):
super(Block, self).__init__(o)
corners = [vector(0,0), vector(0, 32), vector(32, 32), vector(32, 0)]
corners = [o.pos + v for v in corners]
self.edges = [edge.Edge(corners[i], corners[(i+1)%len(corners)]) for i in range(len(corners))]
self.image = pygame.transform.scale(resource.get('blocks')[2][15], (32, 32))
def get_single_kube_spec(path: str, extra_kvs: dict = None) -> str:
templ = resource.get(path).decode()
return template.yaml_template(templ, get_kube_spec_vars(extra_kvs))
self.hostname = config["hostname"]
self.kind = config["kind"]
self.ip = IPv4Address(config["ip"])
self.main_config = main_config
if self.kind not in Node.VALID_NODE_KINDS:
raise Exception("invalid node kind: %s" % self.kind)
def __repr__(self):
return "%s node %s (%s)" % (self.kind, self.hostname, self.ip)
def external_dns_name(self):
return "%s.%s" % (self.hostname, self.main_config.external_domain)
SCHEMA = yaml.safe_load(resource.get("//spire/resources:setup-schema.yaml"))
class Config:
def __init__(self, kv: dict):
jsonschema.validate(kv, SCHEMA)
self.external_domain = kv["cluster"]["external-domain"]
self.internal_domain = kv["cluster"]["internal-domain"]
self.etcd_token = kv["cluster"]["etcd-token"]
self.realm = kv["cluster"]["kerberos-realm"]
self.mirror = kv["cluster"]["mirror"]
self.user_grant_domain = kv["cluster"]["user-grant-domain"]
self.user_grant_email_domain = kv["cluster"]["user-grant-email-domain"]
# the vlan on the trunk that each server needs to attach to in order to access the internet. "0" to represent
def __init__(self, data):
for key, val in {k: d for k, d in data.items() if k in CARD_ATTRIBUTES}.items():
setattr(self, key, val)
self.template = resource.get("textures/card.png", sf.Texture)
self.texture = resource.get("textures/%s" % self.img_path, sf.Texture)
self.font = resource.get("fonts/CPB.otf", sf.Font)
