aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authornotgne22020-10-26 21:05:03 -0700
committernotgne22020-10-26 21:05:03 -0700
commit997d1151fd3d303eaa9c2c41312ff87eee986418 (patch)
tree229deae6687a5b454cf2417fcb022a78f8ac20b8 /src
parent30197f8a352c879f0070e059ebc117dc17e8270f (diff)
parentdf002c31a64409350a3cb8825364542c65a4d00a (diff)
Merge branch 'master' into review
Diffstat (limited to '')
-rw-r--r--src/activate.rs303
-rw-r--r--src/main.rs439
-rw-r--r--src/utils/data.rs74
-rw-r--r--src/utils/deploy.rs169
-rw-r--r--src/utils/mod.rs233
-rw-r--r--src/utils/push.rs137
6 files changed, 1355 insertions, 0 deletions
diff --git a/src/activate.rs b/src/activate.rs
new file mode 100644
index 0000000..4fdb59c
--- /dev/null
+++ b/src/activate.rs
@@ -0,0 +1,303 @@
+// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+//
+// SPDX-License-Identifier: MPL-2.0
+
+use clap::Clap;
+
+use futures_util::FutureExt;
+use std::process::Stdio;
+use tokio::fs;
+use tokio::process::Command;
+use tokio::time::timeout;
+
+use std::time::Duration;
+
+use futures_util::StreamExt;
+
+use std::path::Path;
+
+use inotify::Inotify;
+
+extern crate pretty_env_logger;
+#[macro_use]
+extern crate log;
+
+#[macro_use]
+extern crate serde_derive;
+
+#[macro_use]
+mod utils;
+
+/// Activation portion of the simple Rust Nix deploy tool
+#[derive(Clap, Debug)]
+#[clap(version = "1.0", author = "notgne2 <gen2@gen2.space>")]
+struct Opts {
+ profile_path: String,
+ closure: String,
+
+ /// Temp path for any temporary files that may be needed during activation
+ #[clap(long)]
+ temp_path: String,
+
+ /// Maximum time to wait for confirmation after activation
+ #[clap(long)]
+ confirm_timeout: u16,
+
+ /// Wait for confirmation after deployment and rollback if not confirmed
+ #[clap(long)]
+ magic_rollback: bool,
+
+ /// Command for bootstrapping
+ #[clap(long)]
+ bootstrap_cmd: Option<String>,
+
+ /// Auto rollback if failure
+ #[clap(long)]
+ auto_rollback: bool,
+}
+
+pub async fn deactivate(profile_path: &str) -> Result<(), Box<dyn std::error::Error>> {
+ error!("De-activating due to error");
+
+ let nix_env_rollback_exit_status = Command::new("nix-env")
+ .arg("-p")
+ .arg(&profile_path)
+ .arg("--rollback")
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .status()
+ .await?;
+
+ if !nix_env_rollback_exit_status.success() {
+ good_panic!("`nix-env --rollback` failed");
+ }
+
+ debug!("Listing generations");
+
+ let nix_env_list_generations_out = Command::new("nix-env")
+ .arg("-p")
+ .arg(&profile_path)
+ .arg("--list-generations")
+ .output()
+ .await?;
+
+ if !nix_env_list_generations_out.status.success() {
+ good_panic!("Listing `nix-env` generations failed");
+ }
+
+ let generations_list = String::from_utf8(nix_env_list_generations_out.stdout)?;
+
+ let last_generation_line = generations_list
+ .lines()
+ .last()
+ .expect("Expected to find a generation in list");
+
+ let last_generation_id = last_generation_line
+ .split_whitespace()
+ .next()
+ .expect("Expected to get ID from generation entry");
+
+ debug!("Removing generation entry {}", last_generation_line);
+ warn!("Removing generation by ID {}", last_generation_id);
+
+ let nix_env_delete_generation_exit_status = Command::new("nix-env")
+ .arg("-p")
+ .arg(&profile_path)
+ .arg("--delete-generations")
+ .arg(last_generation_id)
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .status()
+ .await?;
+
+ if !nix_env_delete_generation_exit_status.success() {
+ good_panic!("Failed to delete failed generation");
+ }
+
+ info!("Attempting to re-activate the last generation");
+
+ let re_activate_exit_status = Command::new(format!("{}/deploy-rs-activate", profile_path))
+ .env("PROFILE", &profile_path)
+ .current_dir(&profile_path)
+ .status()
+ .await?;
+
+ if !re_activate_exit_status.success() {
+ good_panic!("Failed to re-activate the last generation");
+ }
+
+ Ok(())
+}
+
+async fn deactivate_on_err<A, B: core::fmt::Debug>(profile_path: &str, r: Result<A, B>) -> A {
+ match r {
+ Ok(x) => x,
+ Err(err) => {
+ error!("Deactivating due to error: {:?}", err);
+ match deactivate(profile_path).await {
+ Ok(_) => (),
+ Err(err) => {
+ error!("Error de-activating, uh-oh: {:?}", err);
+ }
+ };
+
+ std::process::exit(1);
+ }
+ }
+}
+
+pub async fn activation_confirmation(
+ profile_path: String,
+ temp_path: String,
+ confirm_timeout: u16,
+ closure: String,
+) -> Result<(), Box<dyn std::error::Error>> {
+ let lock_hash = &closure[11 /* /nix/store/ */ ..];
+ let lock_path = format!("{}/activating-{}", temp_path, lock_hash);
+
+ if let Some(parent) = Path::new(&lock_path).parent() {
+ fs::create_dir_all(parent).await?;
+ }
+
+ fs::File::create(&lock_path).await?;
+
+ let mut inotify = Inotify::init()?;
+ inotify.add_watch(lock_path, inotify::WatchMask::DELETE)?;
+
+ match fork::daemon(false, false).map_err(|x| x.to_string())? {
+ fork::Fork::Child => {
+ std::thread::spawn(move || {
+ let mut rt = tokio::runtime::Runtime::new().unwrap();
+
+ rt.block_on(async move {
+ info!("Waiting for confirmation event...");
+
+ let mut buffer = [0; 32];
+ let mut stream =
+ deactivate_on_err(&profile_path, inotify.event_stream(&mut buffer)).await;
+
+ deactivate_on_err(
+ &profile_path,
+ deactivate_on_err(
+ &profile_path,
+ deactivate_on_err(
+ &profile_path,
+ timeout(Duration::from_secs(confirm_timeout as u64), stream.next())
+ .await,
+ )
+ .await
+ .ok_or("Watcher ended prematurely"),
+ )
+ .await,
+ )
+ .await;
+ });
+ })
+ .join()
+ .unwrap();
+
+ info!("Confirmation successful!");
+
+ std::process::exit(0);
+ }
+ fork::Fork::Parent(_) => {
+ std::process::exit(0);
+ }
+ }
+}
+
+pub async fn activate(
+ profile_path: String,
+ closure: String,
+ bootstrap_cmd: Option<String>,
+ auto_rollback: bool,
+ temp_path: String,
+ confirm_timeout: u16,
+ magic_rollback: bool,
+) -> Result<(), Box<dyn std::error::Error>> {
+ info!("Activating profile");
+
+ let nix_env_set_exit_status = Command::new("nix-env")
+ .arg("-p")
+ .arg(&profile_path)
+ .arg("--set")
+ .arg(&closure)
+ .stdout(Stdio::null())
+ .status()
+ .await?;
+
+ if !nix_env_set_exit_status.success() {
+ good_panic!("Failed to update nix-env generation");
+ }
+
+ if let (Some(bootstrap_cmd), false) = (bootstrap_cmd, !Path::new(&profile_path).exists()) {
+ let bootstrap_status = Command::new("bash")
+ .arg("-c")
+ .arg(&bootstrap_cmd)
+ .env("PROFILE", &profile_path)
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .status()
+ .await;
+
+ match bootstrap_status {
+ Ok(s) if s.success() => (),
+ _ => {
+ tokio::fs::remove_file(&profile_path).await?;
+ good_panic!("Failed to execute bootstrap command");
+ }
+ }
+ }
+
+ let activate_status = Command::new(format!("{}/deploy-rs-activate", profile_path))
+ .env("PROFILE", &profile_path)
+ .current_dir(&profile_path)
+ .status()
+ .await;
+
+ let activate_status_all = match activate_status {
+ Ok(s) if s.success() => Ok(()),
+ Ok(_) => Err(std::io::Error::new(std::io::ErrorKind::Other, "Activation did not succeed")),
+ Err(x) => Err(x),
+ };
+
+ deactivate_on_err(&profile_path, activate_status_all).await;
+
+ info!("Activation succeeded!");
+
+ if magic_rollback {
+ info!("Performing activation confirmation steps");
+ deactivate_on_err(
+ &profile_path,
+ activation_confirmation(profile_path.clone(), temp_path, confirm_timeout, closure)
+ .await,
+ )
+ .await;
+ }
+
+ Ok(())
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+ if std::env::var("DEPLOY_LOG").is_err() {
+ std::env::set_var("DEPLOY_LOG", "info");
+ }
+
+ pretty_env_logger::init_custom_env("DEPLOY_LOG");
+
+ let opts: Opts = Opts::parse();
+
+ activate(
+ opts.profile_path,
+ opts.closure,
+ opts.bootstrap_cmd,
+ opts.auto_rollback,
+ opts.temp_path,
+ opts.confirm_timeout,
+ opts.magic_rollback,
+ )
+ .await?;
+
+ Ok(())
+}
diff --git a/src/main.rs b/src/main.rs
new file mode 100644
index 0000000..5dc6bb9
--- /dev/null
+++ b/src/main.rs
@@ -0,0 +1,439 @@
+// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+//
+// SPDX-License-Identifier: MPL-2.0
+
+use clap::Clap;
+
+use std::process::Stdio;
+use tokio::process::Command;
+
+use merge::Merge;
+
+extern crate pretty_env_logger;
+
+#[macro_use]
+extern crate log;
+
+#[macro_use]
+extern crate serde_derive;
+
+#[macro_use]
+mod utils;
+
+/// Simple Rust rewrite of a simple Nix Flake deployment tool
+#[derive(Clap, Debug)]
+#[clap(version = "1.0", author = "Serokell <https://serokell.io/>")]
+struct Opts {
+ /// The flake to deploy
+ #[clap(default_value = ".")]
+ flake: String,
+ /// Check signatures when using `nix copy`
+ #[clap(short, long)]
+ checksigs: bool,
+ /// Extra arguments to be passed to nix build
+ extra_build_args: Vec<String>,
+
+ /// Keep the build outputs of each built profile
+ #[clap(short, long)]
+ keep_result: bool,
+ /// Location to keep outputs from built profiles in
+ #[clap(short, long)]
+ result_path: Option<String>,
+
+ /// Skip the automatic pre-build checks
+ #[clap(short, long)]
+ skip_checks: bool,
+
+ /// Override the SSH user with the given value
+ #[clap(long)]
+ ssh_user: Option<String>,
+ /// Override the profile user with the given value
+ #[clap(long)]
+ profile_user: Option<String>,
+ /// Override the SSH options used
+ #[clap(long)]
+ ssh_opts: Option<String>,
+ /// Override if the connecting to the target node should be considered fast
+ #[clap(long)]
+ fast_connection: Option<bool>,
+ /// Override if a rollback should be attempted if activation fails
+ #[clap(long)]
+ auto_rollback: Option<bool>,
+ /// Override hostname used for the node
+ #[clap(long)]
+ hostname: Option<String>,
+ /// Make activation wait for confirmation, or roll back after a period of time
+ #[clap(long)]
+ magic_rollback: Option<bool>,
+ /// How long activation should wait for confirmation (if using magic-rollback)
+ #[clap(long)]
+ confirm_timeout: Option<u16>,
+ /// Where to store temporary files (only used by magic-rollback)
+ #[clap(long)]
+ temp_path: Option<String>,
+}
+
+async fn push_all_profiles(
+ node: &utils::data::Node,
+ node_name: &str,
+ supports_flakes: bool,
+ repo: &str,
+ top_settings: &utils::data::GenericSettings,
+ check_sigs: bool,
+ cmd_overrides: &utils::CmdOverrides,
+ keep_result: bool,
+ result_path: Option<&str>,
+) -> Result<(), Box<dyn std::error::Error>> {
+ info!("Pushing all profiles for `{}`", node_name);
+
+ let mut profiles_list: Vec<&str> = node
+ .node_settings
+ .profiles_order
+ .iter()
+ .map(|x| x.as_ref())
+ .collect();
+
+ // Add any profiles which weren't in the provided order list
+ for profile_name in node.node_settings.profiles.keys() {
+ if !profiles_list.contains(&profile_name.as_str()) {
+ profiles_list.push(&profile_name);
+ }
+ }
+
+ for profile_name in profiles_list {
+ let profile = match node.node_settings.profiles.get(profile_name) {
+ Some(x) => x,
+ None => good_panic!("No profile was found named `{}`", profile_name),
+ };
+
+ let mut merged_settings = top_settings.clone();
+ merged_settings.merge(node.generic_settings.clone());
+ merged_settings.merge(profile.generic_settings.clone());
+
+ let deploy_data = utils::make_deploy_data(
+ top_settings,
+ node,
+ node_name,
+ profile,
+ profile_name,
+ cmd_overrides,
+ )?;
+
+ let deploy_defs = deploy_data.defs();
+
+ utils::push::push_profile(
+ supports_flakes,
+ check_sigs,
+ repo,
+ &deploy_data,
+ &deploy_defs,
+ keep_result,
+ result_path,
+ )
+ .await?;
+ }
+
+ Ok(())
+}
+
+#[inline]
+async fn deploy_all_profiles(
+ node: &utils::data::Node,
+ node_name: &str,
+ top_settings: &utils::data::GenericSettings,
+ cmd_overrides: &utils::CmdOverrides,
+) -> Result<(), Box<dyn std::error::Error>> {
+ info!("Deploying all profiles for `{}`", node_name);
+
+ let mut profiles_list: Vec<&str> = node
+ .node_settings
+ .profiles_order
+ .iter()
+ .map(|x| x.as_ref())
+ .collect();
+
+ // Add any profiles which weren't in the provided order list
+ for profile_name in node.node_settings.profiles.keys() {
+ if !profiles_list.contains(&profile_name.as_str()) {
+ profiles_list.push(&profile_name);
+ }
+ }
+
+ for profile_name in profiles_list {
+ let profile = match node.node_settings.profiles.get(profile_name) {
+ Some(x) => x,
+ None => good_panic!("No profile was found named `{}`", profile_name),
+ };
+
+ let mut merged_settings = top_settings.clone();
+ merged_settings.merge(node.generic_settings.clone());
+ merged_settings.merge(profile.generic_settings.clone());
+
+ let deploy_data = utils::make_deploy_data(
+ top_settings,
+ node,
+ node_name,
+ profile,
+ profile_name,
+ cmd_overrides,
+ )?;
+
+ let deploy_defs = deploy_data.defs();
+
+ utils::deploy::deploy_profile(&deploy_data, &deploy_defs).await?;
+ }
+
+ Ok(())
+}
+
+/// Returns if the available Nix installation supports flakes
+#[inline]
+async fn test_flake_support() -> Result<bool, Box<dyn std::error::Error>> {
+ debug!("Checking for flake support");
+
+ Ok(Command::new("nix")
+ .arg("eval")
+ .arg("--expr")
+ .arg("builtins.getFlake")
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .status()
+ .await?
+ .success())
+}
+
+async fn check_deployment(supports_flakes: bool, repo: &str, extra_build_args: &[String]) -> () {
+ info!("Running checks for flake in {}", repo);
+
+ let mut c = match supports_flakes {
+ true => Command::new("nix"),
+ false => Command::new("nix-build"),
+ };
+
+ let mut check_command = match supports_flakes {
+ true => {
+ c.arg("flake")
+ .arg("check")
+ .arg(repo)
+ }
+ false => {
+ c.arg("-E")
+ .arg("--no-out-link")
+ .arg(format!("let r = import {}/.; in (if builtins.isFunction r then (r {{}}) else r).checks.${{builtins.currentSystem}}", repo))
+ }
+ };
+
+ for extra_arg in extra_build_args {
+ check_command = check_command.arg(extra_arg);
+ }
+
+ let check_status = match check_command.status().await {
+ Ok(x) => x,
+ Err(err) => good_panic!("Error running checks for the given flake repo: {:?}", err),
+ };
+
+ if !check_status.success() {
+ good_panic!("Checks failed for the given flake repo");
+ }
+
+ ()
+}
+
+/// Evaluates the Nix in the given `repo` and return the processed Data from it
+async fn get_deployment_data(
+ supports_flakes: bool,
+ repo: &str,
+ extra_build_args: &[String],
+) -> Result<utils::data::Data, Box<dyn std::error::Error>> {
+ info!("Evaluating flake in {}", repo);
+
+ let mut c = match supports_flakes {
+ true => Command::new("nix"),
+ false => Command::new("nix-instantiate"),
+ };
+
+ let mut build_command = match supports_flakes {
+ true => {
+ c.arg("eval")
+ .arg("--json")
+ .arg(format!("{}#deploy", repo))
+ }
+ false => {
+ c
+ .arg("--strict")
+ .arg("--read-write-mode")
+ .arg("--json")
+ .arg("--eval")
+ .arg("-E")
+ .arg(format!("let r = import {}/.; in if builtins.isFunction r then (r {{}}).deploy else r.deploy", repo))
+ }
+ };
+
+ for extra_arg in extra_build_args {
+ build_command = build_command.arg(extra_arg);
+ }
+
+ let build_child = build_command.stdout(Stdio::piped()).spawn()?;
+
+ let build_output = build_child.wait_with_output().await?;
+
+ if !build_output.status.success() {
+ good_panic!(
+ "Error building deploy props for the provided flake: {}",
+ repo
+ );
+ }
+
+ let data_json = String::from_utf8(build_output.stdout)?;
+
+ Ok(serde_json::from_str(&data_json)?)
+}
+
+async fn run_deploy(
+ deploy_flake: utils::DeployFlake<'_>,
+ data: utils::data::Data,
+ supports_flakes: bool,
+ check_sigs: bool,
+ cmd_overrides: utils::CmdOverrides,
+ keep_result: bool,
+ result_path: Option<&str>,
+) -> Result<(), Box<dyn std::error::Error>> {
+ match (deploy_flake.node, deploy_flake.profile) {
+ (Some(node_name), Some(profile_name)) => {
+ let node = match data.nodes.get(node_name) {
+ Some(x) => x,
+ None => good_panic!("No node was found named `{}`", node_name),
+ };
+ let profile = match node.node_settings.profiles.get(profile_name) {
+ Some(x) => x,
+ None => good_panic!("No profile was found named `{}`", profile_name),
+ };
+
+ let deploy_data = utils::make_deploy_data(
+ &data.generic_settings,
+ node,
+ node_name,
+ profile,
+ profile_name,
+ &cmd_overrides,
+ )?;
+
+ let deploy_defs = deploy_data.defs();
+
+ utils::push::push_profile(
+ supports_flakes,
+ check_sigs,
+ deploy_flake.repo,
+ &deploy_data,
+ &deploy_defs,
+ keep_result,
+ result_path,
+ )
+ .await?;
+
+ utils::deploy::deploy_profile(&deploy_data, &deploy_defs).await?;
+ }
+ (Some(node_name), None) => {
+ let node = match data.nodes.get(node_name) {
+ Some(x) => x,
+ None => good_panic!("No node was found named `{}`", node_name),
+ };
+
+ push_all_profiles(
+ node,
+ node_name,
+ supports_flakes,
+ deploy_flake.repo,
+ &data.generic_settings,
+ check_sigs,
+ &cmd_overrides,
+ keep_result,
+ result_path,
+ )
+ .await?;
+
+ deploy_all_profiles(node, node_name, &data.generic_settings, &cmd_overrides).await?;
+ }
+ (None, None) => {
+ info!("Deploying all profiles on all nodes");
+
+ for (node_name, node) in &data.nodes {
+ push_all_profiles(
+ node,
+ node_name,
+ supports_flakes,
+ deploy_flake.repo,
+ &data.generic_settings,
+ check_sigs,
+ &cmd_overrides,
+ keep_result,
+ result_path,
+ )
+ .await?;
+ }
+
+ for (node_name, node) in &data.nodes {
+ deploy_all_profiles(node, node_name, &data.generic_settings, &cmd_overrides)
+ .await?;
+ }
+ }
+ (None, Some(_)) => {
+ good_panic!("Profile provided without a node, this is not (currently) supported")
+ }
+ };
+
+ Ok(())
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+ if std::env::var("DEPLOY_LOG").is_err() {
+ std::env::set_var("DEPLOY_LOG", "info");
+ }
+
+ pretty_env_logger::init_custom_env("DEPLOY_LOG");
+
+ let opts: Opts = Opts::parse();
+
+ let deploy_flake = utils::parse_flake(opts.flake.as_str());
+
+ let cmd_overrides = utils::CmdOverrides {
+ ssh_user: opts.ssh_user,
+ profile_user: opts.profile_user,
+ ssh_opts: opts.ssh_opts,
+ fast_connection: opts.fast_connection,
+ auto_rollback: opts.auto_rollback,
+ hostname: opts.hostname,
+ magic_rollback: opts.magic_rollback,
+ temp_path: opts.temp_path,
+ confirm_timeout: opts.confirm_timeout,
+ };
+
+ let supports_flakes = test_flake_support().await?;
+
+ if !supports_flakes {
+ warn!("A Nix version without flakes support was detected, support for this is work in progress");
+ }
+
+ if !opts.skip_checks {
+ check_deployment(supports_flakes, deploy_flake.repo, &opts.extra_build_args).await;
+ }
+
+ let data =
+ get_deployment_data(supports_flakes, deploy_flake.repo, &opts.extra_build_args).await?;
+
+ let result_path = opts.result_path.as_deref();
+
+ run_deploy(
+ deploy_flake,
+ data,
+ supports_flakes,
+ opts.checksigs,
+ cmd_overrides,
+ opts.keep_result,
+ result_path,
+ )
+ .await?;
+
+ Ok(())
+}
diff --git a/src/utils/data.rs b/src/utils/data.rs
new file mode 100644
index 0000000..6cf2c5a
--- /dev/null
+++ b/src/utils/data.rs
@@ -0,0 +1,74 @@
+// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+//
+// SPDX-License-Identifier: MPL-2.0
+
+use merge::Merge;
+
+use std::collections::HashMap;
+
+#[derive(Deserialize, Debug, Clone, Merge)]
+pub struct GenericSettings {
+ #[serde(rename(deserialize = "sshUser"))]
+ pub ssh_user: Option<String>,
+ pub user: Option<String>,
+ #[serde(
+ skip_serializing_if = "Vec::is_empty",
+ default,
+ rename(deserialize = "sshOpts")
+ )]
+ #[merge(strategy = merge::vec::append)]
+ pub ssh_opts: Vec<String>,
+ #[serde(rename(deserialize = "fastConnection"))]
+ pub fast_connection: Option<bool>,
+ #[serde(rename(deserialize = "autoRollback"))]
+ pub auto_rollback: Option<bool>,
+ #[serde(rename(deserialize = "confirmTimeout"))]
+ pub confirm_timeout: Option<u16>,
+ #[serde(rename(deserialize = "tempPath"))]
+ pub temp_path: Option<String>,
+ #[serde(rename(deserialize = "magicRollback"))]
+ pub magic_rollback: Option<bool>,
+}
+
+#[derive(Deserialize, Debug, Clone)]
+pub struct NodeSettings {
+ pub hostname: String,
+ pub profiles: HashMap<String, Profile>,
+ #[serde(
+ skip_serializing_if = "Vec::is_empty",
+ default,
+ rename(deserialize = "profilesOrder")
+ )]
+ pub profiles_order: Vec<String>,
+}
+
+#[derive(Deserialize, Debug, Clone)]
+pub struct ProfileSettings {
+ pub path: String,
+ pub bootstrap: Option<String>,
+ #[serde(rename(deserialize = "profilePath"))]
+ pub profile_path: Option<String>,
+}
+
+#[derive(Deserialize, Debug, Clone)]
+pub struct Profile {
+ #[serde(flatten)]
+ pub profile_settings: ProfileSettings,
+ #[serde(flatten)]
+ pub generic_settings: GenericSettings,
+}
+
+#[derive(Deserialize, Debug, Clone)]
+pub struct Node {
+ #[serde(flatten)]
+ pub generic_settings: GenericSettings,
+ #[serde(flatten)]
+ pub node_settings: NodeSettings,
+}
+
+#[derive(Deserialize, Debug, Clone)]
+pub struct Data {
+ #[serde(flatten)]
+ pub generic_settings: GenericSettings,
+ pub nodes: HashMap<String, Node>,
+}
diff --git a/src/utils/deploy.rs b/src/utils/deploy.rs
new file mode 100644
index 0000000..59217df
--- /dev/null
+++ b/src/utils/deploy.rs
@@ -0,0 +1,169 @@
+// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+//
+// SPDX-License-Identifier: MPL-2.0
+
+use std::borrow::Cow;
+use tokio::process::Command;
+
+fn build_activate_command(
+ activate_path_str: String,
+ sudo: &Option<String>,
+ profile_path: &str,
+ closure: &str,
+ bootstrap_cmd: &Option<String>,
+ auto_rollback: bool,
+ temp_path: &Cow<str>,
+ confirm_timeout: u16,
+ magic_rollback: bool,
+) -> String {
+ let mut self_activate_command = format!(
+ "{} '{}' '{}' --temp-path {} --confirm-timeout {}",
+ activate_path_str, profile_path, closure, temp_path, confirm_timeout
+ );
+
+ if magic_rollback {
+ self_activate_command = format!("{} --magic-rollback", self_activate_command);
+ }
+
+ if auto_rollback {
+ self_activate_command = format!("{} --auto-rollback", self_activate_command);
+ }
+
+ if let Some(ref bootstrap_cmd) = bootstrap_cmd {
+ self_activate_command = format!(
+ "{} --bootstrap-cmd '{}'",
+ self_activate_command, bootstrap_cmd
+ );
+ }
+
+ if let Some(sudo_cmd) = &sudo {
+ self_activate_command = format!("{} {}", sudo_cmd, self_activate_command);
+ }
+
+ self_activate_command
+}
+
+#[test]
+fn test_activation_command_builder() {
+ let activate_path_str = "/blah/bin/activate".to_string();
+ let sudo = Some("sudo -u test".to_string());
+ let profile_path = "/blah/profiles/test";
+ let closure = "/blah/etc";
+ let bootstrap_cmd = None;
+ let auto_rollback = true;
+ let temp_path = &"/tmp/deploy-rs".into();
+ let confirm_timeout = 30;
+ let magic_rollback = true;
+
+ assert_eq!(
+ build_activate_command(
+ activate_path_str,
+ &sudo,
+ profile_path,
+ closure,
+ &bootstrap_cmd,
+ auto_rollback,
+ temp_path,
+ confirm_timeout,
+ magic_rollback
+ ),
+ "sudo -u test /blah/bin/activate '/blah/profiles/test' '/blah/etc' --temp-path /tmp/deploy-rs --confirm-timeout 30 --magic-rollback --auto-rollback"
+ .to_string(),
+ );
+}
+
+pub async fn deploy_profile(
+ deploy_data: &super::DeployData<'_>,
+ deploy_defs: &super::DeployDefs<'_>,
+) -> Result<(), Box<dyn std::error::Error>> {
+ info!(
+ "Activating profile `{}` for node `{}`",
+ deploy_data.profile_name, deploy_data.node_name
+ );
+
+ let activate_path_str = super::deploy_path_to_activate_path_str(&deploy_defs.current_exe)?;
+
+ let temp_path: Cow<str> = match &deploy_data.merged_settings.temp_path {
+ Some(x) => x.into(),
+ None => "/tmp/deploy-rs".into(),
+ };
+
+ let confirm_timeout = deploy_data.merged_settings.confirm_timeout.unwrap_or(30);
+
+ let magic_rollback = deploy_data.merged_settings.magic_rollback.unwrap_or(false);
+
+ let auto_rollback = deploy_data.merged_settings.auto_rollback.unwrap_or(true);
+
+ let self_activate_command = build_activate_command(
+ activate_path_str,
+ &deploy_defs.sudo,
+ &deploy_defs.profile_path,
+ &deploy_data.profile.profile_settings.path,
+ &deploy_data.profile.profile_settings.bootstrap,
+ auto_rollback,
+ &temp_path,
+ confirm_timeout,
+ magic_rollback,
+ );
+
+ debug!("Constructed activation command: {}", self_activate_command);
+
+ let hostname = match deploy_data.cmd_overrides.hostname {
+ Some(ref x) => x,
+ None => &deploy_data.node.node_settings.hostname,
+ };
+
+ let mut c = Command::new("ssh");
+ let mut ssh_command = c
+ .arg("-t")
+ .arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname));
+
+ for ssh_opt in &deploy_data.merged_settings.ssh_opts {
+ ssh_command = ssh_command.arg(ssh_opt);
+ }
+
+ let ssh_exit_status = ssh_command.arg(self_activate_command).status().await?;
+
+ if !ssh_exit_status.success() {
+ good_panic!("Activation over SSH failed");
+ }
+
+ info!("Success activating!");
+
+ if magic_rollback {
+ info!("Attempting to confirm activation");
+
+ let mut c = Command::new("ssh");
+ let mut ssh_confirm_command = c.arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname));
+
+ for ssh_opt in &deploy_data.merged_settings.ssh_opts {
+ ssh_confirm_command = ssh_confirm_command.arg(ssh_opt);
+ }
+
+ let lock_hash = &deploy_data.profile.profile_settings.path[11 /* /nix/store/ */ ..];
+ let lock_path = format!("{}/activating-{}", temp_path, lock_hash);
+
+ let mut confirm_command = format!("rm {}", lock_path);
+ if let Some(sudo_cmd) = &deploy_defs.sudo {
+ confirm_command = format!("{} {}", sudo_cmd, confirm_command);
+ }
+
+ debug!(
+ "Attempting to run command to confirm deployment: {}",
+ confirm_command
+ );
+
+ let ssh_exit_status = ssh_confirm_command.arg(confirm_command).status().await?;
+
+ if !ssh_exit_status.success() {
+ good_panic!(
+ "Failed to confirm deployment, the node will roll back in <{} seconds",
+ confirm_timeout
+ );
+ }
+
+ info!("Deployment confirmed.");
+ }
+
+ Ok(())
+}
diff --git a/src/utils/mod.rs b/src/utils/mod.rs
new file mode 100644
index 0000000..a0e62e1
--- /dev/null
+++ b/src/utils/mod.rs
@@ -0,0 +1,233 @@
+// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+//
+// SPDX-License-Identifier: MPL-2.0
+
+use std::borrow::Cow;
+use std::path::PathBuf;
+
+use merge::Merge;
+
+#[macro_export]
+macro_rules! good_panic {
+ ($($tts:tt)*) => {{
+ error!($($tts)*);
+ std::process::exit(1);
+ }}
+}
+
+pub mod data;
+pub mod deploy;
+pub mod push;
+
+pub struct CmdOverrides {
+ pub ssh_user: Option<String>,
+ pub profile_user: Option<String>,
+ pub ssh_opts: Option<String>,
+ pub fast_connection: Option<bool>,
+ pub auto_rollback: Option<bool>,
+ pub hostname: Option<String>,
+ pub magic_rollback: Option<bool>,
+ pub temp_path: Option<String>,
+ pub confirm_timeout: Option<u16>,
+}
+
+#[derive(PartialEq, Debug)]
+pub struct DeployFlake<'a> {
+ pub repo: &'a str,
+ pub node: Option<&'a str>,
+ pub profile: Option<&'a str>,
+}
+
+pub fn parse_flake(flake: &str) -> DeployFlake {
+ let flake_fragment_start = flake.find('#');
+ let (repo, maybe_fragment) = match flake_fragment_start {
+ Some(s) => (&flake[..s], Some(&flake[s + 1..])),
+ None => (flake, None),
+ };
+
+ let (node, profile) = match maybe_fragment {
+ Some(fragment) => {
+ let fragment_profile_start = fragment.find('.');
+ match fragment_profile_start {
+ Some(s) => (Some(&fragment[..s]), Some(&fragment[s + 1..])),
+ None => (Some(fragment), None),
+ }
+ }
+ None => (None, None),
+ };
+
+ DeployFlake {
+ repo,
+ node,
+ profile,
+ }
+}
+
+#[test]
+fn test_parse_flake() {
+ assert_eq!(
+ parse_flake("../deploy/examples/system#example"),
+ DeployFlake {
+ repo: "../deploy/examples/system",
+ node: Some("example"),
+ profile: None
+ }
+ );
+
+ assert_eq!(
+ parse_flake("../deploy/examples/system#example.system"),
+ DeployFlake {
+ repo: "../deploy/examples/system",
+ node: Some("example"),
+ profile: Some("system")
+ }
+ );
+
+ assert_eq!(
+ parse_flake("../deploy/examples/system"),
+ DeployFlake {
+ repo: "../deploy/examples/system",
+ node: None,
+ profile: None,
+ }
+ );
+}
+
+pub struct DeployData<'a> {
+ pub node_name: &'a str,
+ pub node: &'a data::Node,
+ pub profile_name: &'a str,
+ pub profile: &'a data::Profile,
+
+ pub cmd_overrides: &'a CmdOverrides,
+
+ pub merged_settings: data::GenericSettings,
+}
+
+pub struct DeployDefs<'a> {
+ pub ssh_user: Cow<'a, str>,
+ pub profile_user: Cow<'a, str>,
+ pub profile_path: Cow<'a, str>,
+ pub current_exe: PathBuf,
+ pub sudo: Option<String>,
+}
+
+impl<'a> DeployData<'a> {
+ pub fn defs(&'a self) -> DeployDefs<'a> {
+ let ssh_user: Cow<str> = match self.merged_settings.ssh_user {
+ Some(ref u) => u.into(),
+ None => whoami::username().into(),
+ };
+
+ let profile_user: Cow<str> = match self.merged_settings.user {
+ Some(ref x) => x.into(),
+ None => match self.merged_settings.ssh_user {
+ Some(ref x) => x.into(),
+ None => good_panic!(
+ "Neither user nor sshUser set for profile `{}` of node `{}`",
+ self.profile_name,
+ self.node_name
+ ),
+ },
+ };
+
+ let profile_path: Cow<str> = match self.profile.profile_settings.profile_path {
+ None => match &profile_user[..] {
+ "root" => format!("/nix/var/nix/profiles/{}", self.profile_name).into(),
+ _ => format!(
+ "/nix/var/nix/profiles/per-user/{}/{}",
+ profile_user, self.profile_name
+ )
+ .into(),
+ },
+ Some(ref x) => x.into(),
+ };
+
+ let sudo: Option<String> = match self.merged_settings.user {
+ Some(ref user) if user != &ssh_user => Some(format!("sudo -u {}", user)),
+ _ => None,
+ };
+
+ let current_exe =
+ std::env::current_exe().expect("Expected to find current executable path");
+
+ if !current_exe.starts_with("/nix/store/") {
+ good_panic!("The deploy binary must be in the Nix store");
+ }
+
+ DeployDefs {
+ ssh_user,
+ profile_user,
+ profile_path,
+ current_exe,
+ sudo,
+ }
+ }
+}
+
+pub fn make_deploy_data<'a, 's>(
+ top_settings: &'s data::GenericSettings,
+ node: &'a data::Node,
+ node_name: &'a str,
+ profile: &'a data::Profile,
+ profile_name: &'a str,
+ cmd_overrides: &'a CmdOverrides,
+) -> Result<DeployData<'a>, Box<dyn std::error::Error>> {
+ let mut merged_settings = top_settings.clone();
+ merged_settings.merge(node.generic_settings.clone());
+ merged_settings.merge(profile.generic_settings.clone());
+
+ if cmd_overrides.ssh_user.is_some() {
+ merged_settings.ssh_user = cmd_overrides.ssh_user.clone();
+ }
+ if cmd_overrides.profile_user.is_some() {
+ merged_settings.user = cmd_overrides.profile_user.clone();
+ }
+ if let Some(ref ssh_opts) = cmd_overrides.ssh_opts {
+ merged_settings.ssh_opts = ssh_opts.split(' ').map(|x| x.to_owned()).collect();
+ }
+ if let Some(fast_connection) = cmd_overrides.fast_connection {
+ merged_settings.fast_connection = Some(fast_connection);
+ }
+ if let Some(auto_rollback) = cmd_overrides.auto_rollback {
+ merged_settings.auto_rollback = Some(auto_rollback);
+ }
+ if let Some(magic_rollback) = cmd_overrides.magic_rollback {
+ merged_settings.magic_rollback = Some(magic_rollback);
+ }
+
+ Ok(DeployData {
+ profile,
+ profile_name,
+ node,
+ node_name,
+
+ cmd_overrides,
+
+ merged_settings,
+ })
+}
+
+pub fn deploy_path_to_activate_path_str(
+ deploy_path: &std::path::Path,
+) -> Result<String, Box<dyn std::error::Error>> {
+ Ok(format!(
+ "{}/activate",
+ deploy_path
+ .parent()
+ .ok_or("Deploy path too short")?
+ .to_str()
+ .ok_or("Deploy path is not valid utf8")?
+ .to_owned()
+ ))
+}
+
+#[test]
+fn test_activate_path_generation() {
+ match deploy_path_to_activate_path_str(&std::path::PathBuf::from(
+ "/blah/blah/deploy-rs/bin/deploy",
+ )) {
+ Err(_) => panic!(""),
+ Ok(x) => assert_eq!(x, "/blah/blah/deploy-rs/bin/activate".to_string()),
+ }
+}
diff --git a/src/utils/push.rs b/src/utils/push.rs
new file mode 100644
index 0000000..5e87d5c
--- /dev/null
+++ b/src/utils/push.rs
@@ -0,0 +1,137 @@
+// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+//
+// SPDX-License-Identifier: MPL-2.0
+
+use std::process::Stdio;
+use tokio::process::Command;
+
+pub async fn push_profile(
+ supports_flakes: bool,
+ check_sigs: bool,
+ repo: &str,
+ deploy_data: &super::DeployData<'_>,
+ deploy_defs: &super::DeployDefs<'_>,
+ keep_result: bool,
+ result_path: Option<&str>,
+) -> Result<(), Box<dyn std::error::Error>> {
+ info!(
+ "Building profile `{}` for node `{}`",
+ deploy_data.profile_name, deploy_data.node_name
+ );
+
+ let mut build_c = if supports_flakes {
+ Command::new("nix")
+ } else {
+ Command::new("nix-build")
+ };
+
+ let mut build_command = if supports_flakes {
+ build_c.arg("build").arg("--no-link").arg(format!(
+ "{}#deploy.nodes.{}.profiles.{}.path",
+ repo, deploy_data.node_name, deploy_data.profile_name
+ ))
+ } else {
+ build_c
+ .arg(&repo)
+ .arg("--no-out-link")
+ .arg("-A")
+ .arg(format!(
+ "deploy.nodes.{}.profiles.{}.path",
+ deploy_data.node_name, deploy_data.profile_name
+ ))
+ };
+
+ build_command = match (keep_result, supports_flakes) {
+ (true, _) => {
+ let result_path = match result_path {
+ Some(x) => x,
+ None => "./.deploy-gc",
+ };
+
+ build_command.arg("--out-link").arg(format!(
+ "{}/{}/{}",
+ result_path, deploy_data.node_name, deploy_data.profile_name
+ ))
+ }
+ (false, false) => build_command.arg("--no-out-link"),
+ (false, true) => build_command.arg("--no-link"),
+ };
+
+ let build_exit_status = build_command.stdout(Stdio::null()).status().await?;
+
+ if !build_exit_status.success() {
+ good_panic!("`nix build` failed");
+ }
+
+ if let Ok(local_key) = std::env::var("LOCAL_KEY") {
+ info!(
+ "Signing key present! Signing profile `{}` for node `{}`",
+ deploy_data.profile_name, deploy_data.node_name
+ );
+
+ let sign_exit_status = Command::new("nix")
+ .arg("sign-paths")
+ .arg("-r")
+ .arg("-k")
+ .arg(local_key)
+ .arg(&deploy_data.profile.profile_settings.path)
+ .arg(&super::deploy_path_to_activate_path_str(
+ &deploy_defs.current_exe,
+ )?)
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .status()
+ .await?;
+
+ if !sign_exit_status.success() {
+ good_panic!("`nix sign-paths` failed");
+ }
+ }
+
+ debug!(
+ "Copying profile `{}` to node `{}`",
+ deploy_data.profile_name, deploy_data.node_name
+ );
+
+ let mut copy_command_ = Command::new("nix");
+ let mut copy_command = copy_command_.arg("copy");
+
+ if let Some(true) = deploy_data.merged_settings.fast_connection {
+ copy_command = copy_command.arg("--substitute-on-destination");
+ }
+
+ if !check_sigs {
+ copy_command = copy_command.arg("--no-check-sigs");
+ }
+
+ let ssh_opts_str = deploy_data
+ .merged_settings
+ .ssh_opts
+ // This should provide some extra safety, but it also breaks for some reason, oh well
+ // .iter()
+ // .map(|x| format!("'{}'", x))
+ // .collect::<Vec<String>>()
+ .join(" ");
+
+ let hostname = match deploy_data.cmd_overrides.hostname {
+ Some(ref x) => x,
+ None => &deploy_data.node.node_settings.hostname,
+ };
+
+ let copy_exit_status = copy_command
+ .arg("--to")
+ .arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname))
+ .arg(&deploy_data.profile.profile_settings.path)
+ .arg(&super::deploy_path_to_activate_path_str(
+ &deploy_defs.current_exe,
+ )?)
+ .env("NIX_SSHOPTS", ssh_opts_str)
+ .status()
+ .await?;
+
+ if !copy_exit_status.success() {
+ good_panic!("`nix copy` failed");
+ }
+
+ Ok(())
+}