From dcf1ea76ad802c0fe038539c9476ce4f9cc4dde8 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 21 May 2018 02:45:46 +0200 Subject: [PATCH] revamped temporary directories --- ansible/.gitignore | 2 +- ansible/files/torwaechter/authorized_keys.sh | 42 ++++++++++++++++++++ ansible/files/torwaechter/post-receive | 28 +++++++++++++ .../files/torwaechter/update-keys-from-stdin.sh | 23 +++++++++++ ansible/files/tuer/authorized_keys.sh | 42 -------------------- ansible/files/tuer/post-receive | 28 ------------- ansible/files/tuer/update-keys-from-stdin.sh | 23 ----------- ansible/group_vars/all/main.yml | 3 ++ ansible/host_playbooks/torwaechter.yml | 42 ++++++++++++++++++++ ansible/host_vars/torwaechter/main.yml | 10 ++--- ansible/roles/openwrt-image/defaults/main.yml | 4 +- ansible/roles/openwrt-image/tasks/prepare.yml | 2 +- ansible/tuer.yml | 42 -------------------- 13 files changed, 147 insertions(+), 144 deletions(-) create mode 100755 ansible/files/torwaechter/authorized_keys.sh create mode 100755 ansible/files/torwaechter/post-receive create mode 100644 ansible/files/torwaechter/update-keys-from-stdin.sh delete mode 100755 ansible/files/tuer/authorized_keys.sh delete mode 100755 ansible/files/tuer/post-receive delete mode 100644 ansible/files/tuer/update-keys-from-stdin.sh create mode 100644 ansible/host_playbooks/torwaechter.yml delete mode 100644 ansible/tuer.yml diff --git a/ansible/.gitignore b/ansible/.gitignore index f525999..e573ad5 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -4,4 +4,4 @@ *.retry .*.sw? /.cache/ -/files/openwrt/ +/files/*/openwrt/ diff --git a/ansible/files/torwaechter/authorized_keys.sh b/ansible/files/torwaechter/authorized_keys.sh new file mode 100755 index 0000000..79ed2b5 --- /dev/null +++ b/ansible/files/torwaechter/authorized_keys.sh @@ -0,0 +1,42 @@ +#!/bin/sh +# Copyright © 2018 nicoo +# Distributed under the WTFPL v2 +# +# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE +# Version 2, December 2004 +# +# Copyright (C) 2004 Sam Hocevar +# +# Everyone is permitted to copy and distribute verbatim or modified +# copies of this license document, and changing it is allowed as long +# as the name is changed. +# +# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE +# TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION +# +# 0. You just DO WHAT THE FUCK YOU WANT TO. + +# This script processes the tuergit repository located at KEYS_DIR +# and outputs authorized_keys data for sshd. +# It is meant to be used as an AuthorizedKeysCommand + +set -e + +KEYS_DIR=${KEYS_DIR:-'/home/tuergit/keys.git'} +KEYS_OPTIONS='no-port-forwarding' + +cd "${KEYS_DIR}" +if git config hooks.keys_branch 2>/dev/null; then + KEYS_BRANCH="$(git config hooks.keys_branch)" +else + KEYS_BRANCH="master" +fi + +git show "${KEYS_BRANCH}:ssh/" | + while read user; do + [ -n "$user" ] || continue + git show "${KEYS_BRANCH}:ssh/${user}" | + while read key; do + echo "command=\"${user}\",${KEYS_OPTIONS}" "${key}" + done + done diff --git a/ansible/files/torwaechter/post-receive b/ansible/files/torwaechter/post-receive new file mode 100755 index 0000000..57f7b2c --- /dev/null +++ b/ansible/files/torwaechter/post-receive @@ -0,0 +1,28 @@ +#!/bin/sh +## (c) Bernhard Tittelbach 2017-10-28, Tschunk-License +## (c) nicoo 2018-05-20, Tschunk-License +## this is the post-recieve hook installed in /home/tuergit/keys.git/hooks/ + +set -eu + +keys_branch=$(git config hooks.keys_branch 2>/dev/null) +keys_file=$(git config hooks.keys_file 2>/dev/null) +keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null) + +keys_branch=${keys_branch:-master} +keys_file=${keys_file:-keys} +keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh} + +changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' ) + +catgitkeyfile() { + git show "${keys_branch}:${keys_file}" +} + +if git whatchanged --oneline $changedcommits | grep -qe "^:.*${keys_file}\$"; then + echo "./$keys_file changed in pushed commits. Updating keys in firmware!" + ## update door + catgitkeyfile | ${keys_pipe_to} +else + echo "./$keys_file not changed, not updating keys in firmware" +fi diff --git a/ansible/files/torwaechter/update-keys-from-stdin.sh b/ansible/files/torwaechter/update-keys-from-stdin.sh new file mode 100644 index 0000000..2a11eff --- /dev/null +++ b/ansible/files/torwaechter/update-keys-from-stdin.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -eu + +## this script takes keys on STDIN and programs teenstep eeprom + +MONIT_STOP="/etc/init.d/monit stop" +MONIT_START="/etc/init.d/monit start" +TUERDAEMON_STOP="/etc/init.d/tuer_core stop" +TUERDAEMON_START="/etc/init.d/tuer_core start" +UPDATE_KEYS_TOOL="/flash/tuer/update-keys /dev/door" + +## stop monit. it monit not installed or error. don't start monit again later +${MONIT_STOP} || MONIT_START="" +## stop door daemon. +${TUERDAEMON_STOP} +## give daemons time to stop +sleep 1 +# pipe me keys to program plz +${UPDATE_KEYS_TOOL} +## start daemon again +${TUERDAEMON_START} +${MONIT_START} + diff --git a/ansible/files/tuer/authorized_keys.sh b/ansible/files/tuer/authorized_keys.sh deleted file mode 100755 index 79ed2b5..0000000 --- a/ansible/files/tuer/authorized_keys.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# Copyright © 2018 nicoo -# Distributed under the WTFPL v2 -# -# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE -# Version 2, December 2004 -# -# Copyright (C) 2004 Sam Hocevar -# -# Everyone is permitted to copy and distribute verbatim or modified -# copies of this license document, and changing it is allowed as long -# as the name is changed. -# -# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE -# TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION -# -# 0. You just DO WHAT THE FUCK YOU WANT TO. - -# This script processes the tuergit repository located at KEYS_DIR -# and outputs authorized_keys data for sshd. -# It is meant to be used as an AuthorizedKeysCommand - -set -e - -KEYS_DIR=${KEYS_DIR:-'/home/tuergit/keys.git'} -KEYS_OPTIONS='no-port-forwarding' - -cd "${KEYS_DIR}" -if git config hooks.keys_branch 2>/dev/null; then - KEYS_BRANCH="$(git config hooks.keys_branch)" -else - KEYS_BRANCH="master" -fi - -git show "${KEYS_BRANCH}:ssh/" | - while read user; do - [ -n "$user" ] || continue - git show "${KEYS_BRANCH}:ssh/${user}" | - while read key; do - echo "command=\"${user}\",${KEYS_OPTIONS}" "${key}" - done - done diff --git a/ansible/files/tuer/post-receive b/ansible/files/tuer/post-receive deleted file mode 100755 index 57f7b2c..0000000 --- a/ansible/files/tuer/post-receive +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -## (c) Bernhard Tittelbach 2017-10-28, Tschunk-License -## (c) nicoo 2018-05-20, Tschunk-License -## this is the post-recieve hook installed in /home/tuergit/keys.git/hooks/ - -set -eu - -keys_branch=$(git config hooks.keys_branch 2>/dev/null) -keys_file=$(git config hooks.keys_file 2>/dev/null) -keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null) - -keys_branch=${keys_branch:-master} -keys_file=${keys_file:-keys} -keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh} - -changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' ) - -catgitkeyfile() { - git show "${keys_branch}:${keys_file}" -} - -if git whatchanged --oneline $changedcommits | grep -qe "^:.*${keys_file}\$"; then - echo "./$keys_file changed in pushed commits. Updating keys in firmware!" - ## update door - catgitkeyfile | ${keys_pipe_to} -else - echo "./$keys_file not changed, not updating keys in firmware" -fi diff --git a/ansible/files/tuer/update-keys-from-stdin.sh b/ansible/files/tuer/update-keys-from-stdin.sh deleted file mode 100644 index 2a11eff..0000000 --- a/ansible/files/tuer/update-keys-from-stdin.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -eu - -## this script takes keys on STDIN and programs teenstep eeprom - -MONIT_STOP="/etc/init.d/monit stop" -MONIT_START="/etc/init.d/monit start" -TUERDAEMON_STOP="/etc/init.d/tuer_core stop" -TUERDAEMON_START="/etc/init.d/tuer_core start" -UPDATE_KEYS_TOOL="/flash/tuer/update-keys /dev/door" - -## stop monit. it monit not installed or error. don't start monit again later -${MONIT_STOP} || MONIT_START="" -## stop door daemon. -${TUERDAEMON_STOP} -## give daemons time to stop -sleep 1 -# pipe me keys to program plz -${UPDATE_KEYS_TOOL} -## start daemon again -${TUERDAEMON_START} -${MONIT_START} - diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml index 0c8abc3..2d38019 100644 --- a/ansible/group_vars/all/main.yml +++ b/ansible/group_vars/all/main.yml @@ -1,4 +1,7 @@ --- +global_cache_dir: "{{ inventory_dir }}/.cache/" +global_artifacts_dir: "{{ inventory_dir }}/files/" + user_groups: noc: - equinox diff --git a/ansible/host_playbooks/torwaechter.yml b/ansible/host_playbooks/torwaechter.yml new file mode 100644 index 0000000..a5a695a --- /dev/null +++ b/ansible/host_playbooks/torwaechter.yml @@ -0,0 +1,42 @@ +--- +- hosts: torwaechter + connection: local + pre_tasks: + - name: Create go directories + file: + path: "{{ global_cache_dir }}/{{ inventory_hostname }}/{{ item }}" + state: directory + with_items: [ gopath, gocache ] + + - name: Clone necessary git repositories + git: + repo: https://github.com/realraum/{{ item }}.git + dest: "{{ global_cache_dir }}/{{ inventory_hostname }}/{{ item }}" + update: True + with_items: [ door_and_sensors ] + + - name: Download dependencies + command: go get -d ./... + args: + chdir: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/{{ item }}" + environment: + GOCACHE: "{{ global_cache_dir }}/{{ inventory_hostname }}/gocache" + GOPATH: "{{ global_cache_dir }}/{{ inventory_hostname }}/gopath" + with_items: [ door_client, door_daemon, update-keys ] + + - name: Cross-compile Go binaries + command: go build -ldflags "-s" + args: + chdir: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/{{ item }}" + environment: + GOCACHE: "{{ global_cache_dir }}/{{ inventory_hostname }}/gocache" + GOPATH: "{{ global_cache_dir }}/{{ inventory_hostname }}/gopath" + GO386: 387 + CGO_ENABLED: 0 + GOOS: linux + GOARCH: 386 + with_items: [ door_client, door_daemon, update-keys ] + + roles: + - role: openwrt-image + delegate_to: localhost diff --git a/ansible/host_vars/torwaechter/main.yml b/ansible/host_vars/torwaechter/main.yml index 86575c9..b8b796a 100644 --- a/ansible/host_vars/torwaechter/main.yml +++ b/ansible/host_vars/torwaechter/main.yml @@ -20,21 +20,21 @@ openwrt_mixin: # Go binaries /usr/local/bin/door_client: mode: '0755' - file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client" + file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client" /usr/local/bin/door_daemon: mode: '0755' - file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon" + file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon" /usr/local/bin/update-keys: mode: '0755' - file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys" + file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys" /usr/local/bin/authorized_keys.sh: mode: '0755' - file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh" + file: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/authorized_keys.sh" /usr/local/bin/update-keys-from-stdin.sh: mode: '0755' - file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh" + file: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh" /etc/ssh/sshd_config: content: | diff --git a/ansible/roles/openwrt-image/defaults/main.yml b/ansible/roles/openwrt-image/defaults/main.yml index 92932fc..cb4427d 100644 --- a/ansible/roles/openwrt-image/defaults/main.yml +++ b/ansible/roles/openwrt-image/defaults/main.yml @@ -1,12 +1,12 @@ --- openwrt_variant: lede openwrt_release: 17.01.4 -openwrt_download_dir: .cache/openwrt +openwrt_download_dir: "{{ global_cache_dir }}/openwrt" openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}.Linux-x86_64" openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz" openwrt_target: generic -openwrt_output_dir: files/openwrt/{{ inventory_hostname }} +openwrt_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/openwrt" openwrt_output_image_name_base: "{{ openwrt_variant }}-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}" openwrt_output_image_suffixes: - squashfs-sysupgrade.bin diff --git a/ansible/roles/openwrt-image/tasks/prepare.yml b/ansible/roles/openwrt-image/tasks/prepare.yml index b0847ec..3214f7c 100644 --- a/ansible/roles/openwrt-image/tasks/prepare.yml +++ b/ansible/roles/openwrt-image/tasks/prepare.yml @@ -90,5 +90,5 @@ - name: Symlink the cache repository file: state: link - src: "{{ playbook_dir }}/{{ openwrt_download_dir }}/dl" + src: "{{ openwrt_download_dir }}/dl" path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl" diff --git a/ansible/tuer.yml b/ansible/tuer.yml deleted file mode 100644 index 0d26eb3..0000000 --- a/ansible/tuer.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- hosts: torwaechter - connection: local - pre_tasks: - - name: Create go directories - file: - path: .cache/openwrt/tuer/{{ item }} - state: directory - with_items: [ gopath, gocache ] - - - name: Clone necessary git repositories - git: - repo: https://github.com/realraum/{{ item }}.git - dest: .cache/openwrt/tuer/{{ item }} - update: True - with_items: [ door_and_sensors ] - - - name: Download dependencies - command: go get -d ./... - args: - chdir: .cache/openwrt/tuer/door_and_sensors/{{ item }} - environment: - GOCACHE: "{{ playbook_dir }}/.cache/openwrt/tuer/gocache" - GOPATH: "{{ playbook_dir }}/.cache/openwrt/tuer/gopath" - with_items: [ door_client, door_daemon, update-keys ] - - - name: Cross-compile Go binaries - command: go build -ldflags "-s" - args: - chdir: .cache/openwrt/tuer/door_and_sensors/{{ item }} - environment: - GOCACHE: "{{ playbook_dir }}/.cache/openwrt/tuer/gocache" - GOPATH: "{{ playbook_dir }}/.cache/openwrt/tuer/gopath" - GO386: 387 - CGO_ENABLED: 0 - GOOS: linux - GOARCH: 386 - with_items: [ door_client, door_daemon, update-keys ] - - roles: - - role: openwrt-image - delegate_to: localhost -- 1.7.10.4