// SPDX-FileCopyrightText: 2020 Serokell
// SPDX-FileCopyrightText: 2020 Andreas Fuchs
// SPDX-FileCopyrightText: 2021 Yannik Sander
//
// SPDX-License-Identifier: MPL-2.0
use log::{debug, info};
use std::path::Path;
use thiserror::Error;
use tokio::process::Command;
use crate::{DeployDataDefsError, ProfileInfo};
struct ActivateCommandData<'a> {
sudo: &'a Option,
profile_info: &'a ProfileInfo,
closure: &'a str,
auto_rollback: bool,
temp_path: &'a Path,
confirm_timeout: u16,
magic_rollback: bool,
debug_logs: bool,
log_dir: Option<&'a str>,
dry_activate: bool,
boot: bool,
}
fn build_activate_command(data: &ActivateCommandData) -> String {
let mut self_activate_command = format!("{}/activate-rs", data.closure);
if data.debug_logs {
self_activate_command = format!("{} --debug-logs", self_activate_command);
}
if let Some(log_dir) = data.log_dir {
self_activate_command = format!("{} --log-dir {}", self_activate_command, log_dir);
}
self_activate_command = format!(
"{} activate '{}' {} --temp-path '{}'",
self_activate_command,
data.closure,
match data.profile_info {
ProfileInfo::ProfilePath { profile_path } =>
format!("--profile-path '{}'", profile_path),
ProfileInfo::ProfileUserAndName {
profile_user,
profile_name,
} => format!(
"--profile-user {} --profile-name {}",
profile_user, profile_name
),
},
data.temp_path.display()
);
self_activate_command = format!(
"{} --confirm-timeout {}",
self_activate_command, data.confirm_timeout
);
if data.magic_rollback {
self_activate_command = format!("{} --magic-rollback", self_activate_command);
}
if data.auto_rollback {
self_activate_command = format!("{} --auto-rollback", self_activate_command);
}
if data.dry_activate {
self_activate_command = format!("{} --dry-activate", self_activate_command);
}
if data.boot {
self_activate_command = format!("{} --boot", self_activate_command);
}
if let Some(sudo_cmd) = &data.sudo {
self_activate_command = format!("{} {}", sudo_cmd, self_activate_command);
}
self_activate_command
}
#[test]
fn test_activation_command_builder() {
let sudo = Some("sudo -u test".to_string());
let profile_info = &ProfileInfo::ProfilePath {
profile_path: "/blah/profiles/test".to_string(),
};
let closure = "/nix/store/blah/etc";
let auto_rollback = true;
let dry_activate = false;
let boot = false;
let temp_path = Path::new("/tmp");
let confirm_timeout = 30;
let magic_rollback = true;
let debug_logs = true;
let log_dir = Some("/tmp/something.txt");
assert_eq!(
build_activate_command(&ActivateCommandData {
sudo: &sudo,
profile_info,
closure,
auto_rollback,
temp_path,
confirm_timeout,
magic_rollback,
debug_logs,
log_dir,
dry_activate,
boot,
}),
"sudo -u test /nix/store/blah/etc/activate-rs --debug-logs --log-dir /tmp/something.txt activate '/nix/store/blah/etc' --profile-path '/blah/profiles/test' --temp-path '/tmp' --confirm-timeout 30 --magic-rollback --auto-rollback"
.to_string(),
);
}
struct WaitCommandData<'a> {
sudo: &'a Option,
closure: &'a str,
temp_path: &'a Path,
activation_timeout: Option,
debug_logs: bool,
log_dir: Option<&'a str>,
}
fn build_wait_command(data: &WaitCommandData) -> String {
let mut self_activate_command = format!("{}/activate-rs", data.closure);
if data.debug_logs {
self_activate_command = format!("{} --debug-logs", self_activate_command);
}
if let Some(log_dir) = data.log_dir {
self_activate_command = format!("{} --log-dir {}", self_activate_command, log_dir);
}
self_activate_command = format!(
"{} wait '{}' --temp-path '{}'",
self_activate_command,
data.closure,
data.temp_path.display(),
);
if let Some(activation_timeout) = data.activation_timeout {
self_activate_command = format!("{} --activation-timeout {}", self_activate_command, activation_timeout);
}
if let Some(sudo_cmd) = &data.sudo {
self_activate_command = format!("{} {}", sudo_cmd, self_activate_command);
}
self_activate_command
}
#[test]
fn test_wait_command_builder() {
let sudo = Some("sudo -u test".to_string());
let closure = "/nix/store/blah/etc";
let temp_path = Path::new("/tmp");
let activation_timeout = Some(600);
let debug_logs = true;
let log_dir = Some("/tmp/something.txt");
assert_eq!(
build_wait_command(&WaitCommandData {
sudo: &sudo,
closure,
temp_path,
activation_timeout,
debug_logs,
log_dir
}),
"sudo -u test /nix/store/blah/etc/activate-rs --debug-logs --log-dir /tmp/something.txt wait '/nix/store/blah/etc' --temp-path '/tmp' --activation-timeout 600"
.to_string(),
);
}
struct RevokeCommandData<'a> {
sudo: &'a Option,
closure: &'a str,
profile_info: ProfileInfo,
debug_logs: bool,
log_dir: Option<&'a str>,
}
fn build_revoke_command(data: &RevokeCommandData) -> String {
let mut self_activate_command = format!("{}/activate-rs", data.closure);
if data.debug_logs {
self_activate_command = format!("{} --debug-logs", self_activate_command);
}
if let Some(log_dir) = data.log_dir {
self_activate_command = format!("{} --log-dir {}", self_activate_command, log_dir);
}
self_activate_command = format!(
"{} revoke {}",
self_activate_command,
match &data.profile_info {
ProfileInfo::ProfilePath { profile_path } =>
format!("--profile-path '{}'", profile_path),
ProfileInfo::ProfileUserAndName {
profile_user,
profile_name,
} => format!(
"--profile-user {} --profile-name {}",
profile_user, profile_name
),
}
);
if let Some(sudo_cmd) = &data.sudo {
self_activate_command = format!("{} {}", sudo_cmd, self_activate_command);
}
self_activate_command
}
#[test]
fn test_revoke_command_builder() {
let sudo = Some("sudo -u test".to_string());
let closure = "/nix/store/blah/etc";
let profile_info = ProfileInfo::ProfilePath {
profile_path: "/nix/var/nix/per-user/user/profile".to_string(),
};
let debug_logs = true;
let log_dir = Some("/tmp/something.txt");
assert_eq!(
build_revoke_command(&RevokeCommandData {
sudo: &sudo,
closure,
profile_info,
debug_logs,
log_dir
}),
"sudo -u test /nix/store/blah/etc/activate-rs --debug-logs --log-dir /tmp/something.txt revoke --profile-path '/nix/var/nix/per-user/user/profile'"
.to_string(),
);
}
#[derive(Error, Debug)]
pub enum ConfirmProfileError {
#[error("Failed to run confirmation command over SSH (the server should roll back): {0}")]
SSHConfirm(std::io::Error),
#[error(
"Confirming activation over SSH resulted in a bad exit code (the server should roll back): {0:?}"
)]
SSHConfirmExit(Option),
}
pub async fn confirm_profile(
deploy_data: &super::DeployData<'_>,
deploy_defs: &super::DeployDefs,
temp_path: &Path,
ssh_addr: &str,
) -> Result<(), ConfirmProfileError> {
let mut ssh_confirm_command = Command::new("ssh");
ssh_confirm_command.arg(ssh_addr);
for ssh_opt in &deploy_data.merged_settings.ssh_opts {
ssh_confirm_command.arg(ssh_opt);
}
let lock_path = super::make_lock_path(temp_path, &deploy_data.profile.profile_settings.path);
let mut confirm_command = format!("rm {}", lock_path.display());
if let Some(sudo_cmd) = &deploy_defs.sudo {
confirm_command = format!("{} {}", sudo_cmd, confirm_command);
}
debug!(
"Attempting to run command to confirm deployment: {}",
confirm_command
);
let ssh_confirm_exit_status = ssh_confirm_command
.arg(confirm_command)
.status()
.await
.map_err(ConfirmProfileError::SSHConfirm)?;
match ssh_confirm_exit_status.code() {
Some(0) => (),
a => return Err(ConfirmProfileError::SSHConfirmExit(a)),
};
info!("Deployment confirmed.");
Ok(())
}
#[derive(Error, Debug)]
pub enum DeployProfileError {
#[error("Failed to spawn activation command over SSH: {0}")]
SSHSpawnActivate(std::io::Error),
#[error("Failed to run activation command over SSH: {0}")]
SSHActivate(std::io::Error),
#[error("Activating over SSH resulted in a bad exit code: {0:?}")]
SSHActivateExit(Option),
#[error("Failed to run wait command over SSH: {0}")]
SSHWait(std::io::Error),
#[error("Waiting over SSH resulted in a bad exit code: {0:?}")]
SSHWaitExit(Option),
#[error("Error confirming deployment: {0}")]
Confirm(#[from] ConfirmProfileError),
#[error("Deployment data invalid: {0}")]
InvalidDeployDataDefs(#[from] DeployDataDefsError),
}
pub async fn deploy_profile(
deploy_data: &super::DeployData<'_>,
deploy_defs: &super::DeployDefs,
dry_activate: bool,
boot: bool,
) -> Result<(), DeployProfileError> {
if !dry_activate {
info!(
"Activating profile `{}` for node `{}`",
deploy_data.profile_name, deploy_data.node_name
);
}
let temp_path: &Path = match &deploy_data.merged_settings.temp_path {
Some(x) => x,
None => Path::new("/tmp"),
};
let confirm_timeout = deploy_data.merged_settings.confirm_timeout.unwrap_or(30);
let activation_timeout = deploy_data.merged_settings.activation_timeout;
let magic_rollback = deploy_data.merged_settings.magic_rollback.unwrap_or(true);
let auto_rollback = deploy_data.merged_settings.auto_rollback.unwrap_or(true);
let self_activate_command = build_activate_command(&ActivateCommandData {
sudo: &deploy_defs.sudo,
profile_info: &deploy_data.get_profile_info()?,
closure: &deploy_data.profile.profile_settings.path,
auto_rollback,
temp_path: temp_path,
confirm_timeout,
magic_rollback,
debug_logs: deploy_data.debug_logs,
log_dir: deploy_data.log_dir,
dry_activate,
boot,
});
debug!("Constructed activation command: {}", self_activate_command);
let hostname = match deploy_data.cmd_overrides.hostname {
Some(ref x) => x,
None => &deploy_data.node.node_settings.hostname,
};
let ssh_addr = format!("{}@{}", deploy_defs.ssh_user, hostname);
let mut ssh_activate_command = Command::new("ssh");
ssh_activate_command.arg(&ssh_addr);
for ssh_opt in &deploy_data.merged_settings.ssh_opts {
ssh_activate_command.arg(&ssh_opt);
}
if !magic_rollback || dry_activate || boot {
let ssh_activate_exit_status = ssh_activate_command
.arg(self_activate_command)
.status()
.await
.map_err(DeployProfileError::SSHActivate)?;
match ssh_activate_exit_status.code() {
Some(0) => (),
a => return Err(DeployProfileError::SSHActivateExit(a)),
};
if dry_activate {
info!("Completed dry-activate!");
} else if boot {
info!("Success activating for next boot, done!");
} else {
info!("Success activating, done!");
}
} else {
let self_wait_command = build_wait_command(&WaitCommandData {
sudo: &deploy_defs.sudo,
closure: &deploy_data.profile.profile_settings.path,
temp_path: temp_path,
activation_timeout: activation_timeout,
debug_logs: deploy_data.debug_logs,
log_dir: deploy_data.log_dir,
});
debug!("Constructed wait command: {}", self_wait_command);
let ssh_activate = ssh_activate_command
.arg(self_activate_command)
.spawn()
.map_err(DeployProfileError::SSHSpawnActivate)?;
info!("Creating activation waiter");
let mut ssh_wait_command = Command::new("ssh");
ssh_wait_command.arg(&ssh_addr);
for ssh_opt in &deploy_data.merged_settings.ssh_opts {
ssh_wait_command.arg(ssh_opt);
}
let (send_activate, recv_activate) = tokio::sync::oneshot::channel();
let (send_activated, recv_activated) = tokio::sync::oneshot::channel();
let thread = tokio::spawn(async move {
let o = ssh_activate.wait_with_output().await;
let maybe_err = match o {
Err(x) => Some(DeployProfileError::SSHActivate(x)),
Ok(ref x) => match x.status.code() {
Some(0) => None,
a => Some(DeployProfileError::SSHActivateExit(a)),
},
};
if let Some(err) = maybe_err {
send_activate.send(err).unwrap();
}
send_activated.send(()).unwrap();
});
tokio::select! {
x = ssh_wait_command.arg(self_wait_command).status() => {
debug!("Wait command ended");
match x.map_err(DeployProfileError::SSHWait)?.code() {
Some(0) => (),
a => return Err(DeployProfileError::SSHWaitExit(a)),
};
},
x = recv_activate => {
debug!("Activate command exited with an error");
return Err(x.unwrap());
},
}
info!("Success activating, attempting to confirm activation");
let c = confirm_profile(deploy_data, deploy_defs, temp_path, &ssh_addr).await;
recv_activated.await.unwrap();
c?;
thread
.await
.map_err(|x| DeployProfileError::SSHActivate(x.into()))?;
}
Ok(())
}
#[derive(Error, Debug)]
pub enum RevokeProfileError {
#[error("Failed to spawn revocation command over SSH: {0}")]
SSHSpawnRevoke(std::io::Error),
#[error("Error revoking deployment: {0}")]
SSHRevoke(std::io::Error),
#[error("Revoking over SSH resulted in a bad exit code: {0:?}")]
SSHRevokeExit(Option),
#[error("Deployment data invalid: {0}")]
InvalidDeployDataDefs(#[from] DeployDataDefsError),
}
pub async fn revoke(
deploy_data: &crate::DeployData<'_>,
deploy_defs: &crate::DeployDefs,
) -> Result<(), RevokeProfileError> {
let self_revoke_command = build_revoke_command(&RevokeCommandData {
sudo: &deploy_defs.sudo,
closure: &deploy_data.profile.profile_settings.path,
profile_info: deploy_data.get_profile_info()?,
debug_logs: deploy_data.debug_logs,
log_dir: deploy_data.log_dir,
});
debug!("Constructed revoke command: {}", self_revoke_command);
let hostname = match deploy_data.cmd_overrides.hostname {
Some(ref x) => x,
None => &deploy_data.node.node_settings.hostname,
};
let ssh_addr = format!("{}@{}", deploy_defs.ssh_user, hostname);
let mut ssh_activate_command = Command::new("ssh");
ssh_activate_command.arg(&ssh_addr);
for ssh_opt in &deploy_data.merged_settings.ssh_opts {
ssh_activate_command.arg(&ssh_opt);
}
let ssh_revoke = ssh_activate_command
.arg(self_revoke_command)
.spawn()
.map_err(RevokeProfileError::SSHSpawnRevoke)?;
let result = ssh_revoke.wait_with_output().await;
match result {
Err(x) => Err(RevokeProfileError::SSHRevoke(x)),
Ok(ref x) => match x.status.code() {
Some(0) => Ok(()),
a => Err(RevokeProfileError::SSHRevokeExit(a)),
},
}
}