Fixes #17132: Call promote API in rudder-node-to-relay

Normation · Apr 20, 2020 · b26b2de · b26b2de
1 parent 0b5ddba
commit b26b2de
Showing 1 changed file with 41 additions and 198 deletions.
diff --git a/rudder-webapp/SOURCES/rudder-node-to-relay b/rudder-webapp/SOURCES/rudder-node-to-relay
@@ -7,12 +7,12 @@ set -e
 #####################################################################################
 #
 # This file is part of Rudder.
-# 
+#
 # Rudder is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # In accordance with the terms of section 7 (7. Additional Terms.) of
 # the GNU General Public License version 3, the copyright holders add
 # the following Additional permissions:
@@ -25,19 +25,38 @@ set -e
 # documentation that, without modification of the Source Code, enables
 # supplementary functions or services in addition to those offered by
 # the Software.
-# 
+#
 # Rudder is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with Rudder.  If not, see <http://www.gnu.org/licenses/>.
 #
 #####################################################################################
 
 ECHO=/bin/echo
 RUDDER_OPT=/opt/rudder
+RUDDER_VAR=/var/rudder
+RUDDER_JSON="${RUDDER_VAR}/cfengine-community/inputs/rudder.json"
+
+rudder_json_value() {
+	cat "${RUDDER_JSON}" | jq -r ".$1"
+}
+
+if [ -f "${RUDDER_JSON}" ]; then
+  RUDDER_VERIFY_CERTIFICATES=$(rudder_json_value 'RUDDER_VERIFY_CERTIFICATES')
+fi
+
+if [ "${RUDDER_VERIFY_CERTIFICATES}" = "true" ]
+then
+  CERTIFICATE_OPTION=""
+else
+  CERTIFICATE_OPTION="--insecure"
+fi
+
+DOWNLOAD_COMMAND="curl --silent --show-error ${CERTIFICATE_OPTION} --location --proxy '' --globoff"
 
 usage() {
 	${ECHO} "Usage: $0 <UUID of the node to make a relay server>"
@@ -57,201 +76,25 @@ fi
 
 ${ECHO} -e "Rudder relay installation script starting, using UUID ${RELAY_UUID}.\n"
 
-# Get how many access credentials we got for LDAP and SQL in /opt/rudder/etc/rudder-web.properties
-# (should have 2 for each, user and password)
-LDAP_CREDENTIALS=$(grep -c -E "^ldap.auth(dn|pw)[ \t]*=" /opt/rudder/etc/rudder-web.properties || true)
-
-if [ -f /opt/rudder/etc/rudder-web.properties -a ${LDAP_CREDENTIALS} -eq 2 ]; then
-  # Get the database access credentials from the rudder-web.properties file
-  LDAP_USER="$(grep -E '^ldap.authdn[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)"
-  LDAP_PASSWORD="$(grep -E '^ldap.authpw[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)"
-  LDAP_SERVER="$(grep -E '^ldap.host[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d '=' -f 2-)"
-  LDAP_PORT="$(grep -E '^ldap.port[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d '=' -f 2-)"
-else
-  # No database access credentials in rudder-web.properties... Try anyway using "guessed" values.
-  echo "WARNING: Database access credentials are missing in /opt/rudder/etc/rudder-web.properties, trying to guess adequate values."
-  LDAP_USER=$(grep "^rootdn" /opt/rudder/etc/openldap/slapd.conf | sed "s/\w*\s*['\"]\?\([^\"']*\)['\"]\?$/\1/")
-  LDAP_PASSWORD=$(grep "^rootpw" /opt/rudder/etc/openldap/slapd.conf | sed "s/\w*\s*['\"]\?\([^\"']*\)['\"]\?$/\1/")
-  LDAP_SERVER='localhost'
-  LDAP_PORT='389'
-fi
-
-# Commands
-LDAP_PARAMETERS="-H ldap://${LDAP_SERVER}:${LDAP_PORT}/ -D ${LDAP_USER} -w ${LDAP_PASSWORD} -x"
-
-JETTY_INIT="service rudder-jetty"
-
-LDAPSEARCH="ldapsearch ${LDAP_PARAMETERS} -LLL"
-LDAPMODRDN="ldapmodrdn ${LDAP_PARAMETERS}"
-LDAPADD="ldapadd ${LDAP_PARAMETERS}"
-LDAPDELETE="ldapdelete ${LDAP_PARAMETERS}"
-
-PSQL="psql -q -h ${SQL_SERVER} -p ${SQL_PORT} -U ${SQL_USER}"
-
-#######################################################################################################################
-## Delete the old entries
-#######################################################################################################################
-
-# We need to read the actual UUID from LDAP to make sure we get the same case. LDAP is insensitive to this, but the
-# Rudder web interface will misbehave if the wrong case is used
-RELAY_UUID=$(${LDAPSEARCH} -s base -b "nodeId=${RELAY_UUID},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration" nodeId 2>/dev/null | grep "^nodeId:" | sed 's%nodeId: %%' || true)
-EXISTING_NODEID=$(${LDAPSEARCH} -s base -b "nodeGroupId=hasPolicyServer-${RELAY_UUID},groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration" nodeId 2>/dev/null | grep "^nodeId:" || true)
-EXISTING_NETWORKS=$(${LDAPSEARCH} -s base -b "directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration" directiveVariable 2>/dev/null | grep "^directiveVariable: ALLOWEDNETWORK\[" || true)
-EXISTING_TYPE=$(${LDAPSEARCH} -s base -b "nodeId=${RELAY_UUID},ou=Nodes,cn=rudder-configuration" isSystem 2>/dev/null | grep "^isSystem:" || true)
-RELAY_HOSTNAME=$(${LDAPSEARCH} -s base -b "nodeId=${RELAY_UUID},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration" nodeHostname 2>/dev/null | grep "^nodeHostname:" | sed 's%nodeHostname: %%' || true)
-
-if [ "${RELAY_HOSTNAME}" = "" ]; then
-	${ECHO} "ERROR: Cannot find the machine (inventory not found), aborting."
-	exit 1
-fi
-
-if [ "${EXISTING_TYPE}" = "isSystem: FALSE" ]; then
-	${ECHO} -e "INFO: The machine is identified as a regular node, whose name is ${RELAY_HOSTNAME}\n"
-elif [ "${EXISTING_TYPE}" = "isSystem: TRUE" ]; then
-	${ECHO} "INFO: The machine ${RELAY_HOSTNAME} is already either a Rudder relay or root server."
+# Scale-out-relay API call (must have the plugin installed)
+API_URL="https://127.0.0.1/rudder/api/latest/scaleoutrelay/promote/${RELAY_UUID}"
+TOKEN_SYSTEM=$(cat /var/rudder/run/api-token)
+curl_command="${DOWNLOAD_COMMAND} --header \"X-API-Token: ${TOKEN_SYSTEM}\" --request POST \"${API_URL}\""
+response=$(eval ${curl_command} )
+result_api=$(echo "$response" | jq -r '.result')
+
+if [ "${result_api}" = "error" ]; then
+	${ECHO} "ERROR: Promote ${RELAY_UUID} have failed"
+	error_details=$(echo "$response" | jq -r '.errorDetails')
+	${ECHO} "Reason: ${error_details}"
 	exit 1
 else
-	${ECHO} "ERROR: The machine cannot be identified as a functionnal Rudder node (internal inconsistency: isSystem=${EXISTING_TYPE}), aborting."
-	exit 1
-fi
-
-TMPFILE=`mktemp`
-${ECHO} -n "INFO: Deleting old entries if applicable. Backups will be stored in ${TMPFILE}..."
-
-${ECHO} "# $0: Transforming ${RELAY_UUID} (${RELAY_HOSTNAME}) into a Rudder relay server on `date`" > ${TMPFILE}
-${LDAPSEARCH} -s base -b "nodeId=${RELAY_UUID},ou=Nodes,cn=rudder-configuration" >> ${TMPFILE}
-${LDAPDELETE} "nodeId=${RELAY_UUID},ou=Nodes,cn=rudder-configuration" >/dev/null
-
-${ECHO} " Done."
-
-#######################################################################################################################
-## Switching the node to Policy server type 
-#######################################################################################################################
-
-${ECHO} -n "INFO: Changing the machine type to relay server..."
-${LDAPADD} <<EOF >/dev/null 2>&1 || echo -n " entries already exist."
-dn: nodeId=${RELAY_UUID},ou=Nodes,cn=rudder-configuration
-objectClass: top
-objectClass: rudderNode
-objectClass: rudderPolicyServer
-cn: ${RELAY_UUID}
-isBroken: FALSE
-isSystem: TRUE
-nodeId: ${RELAY_UUID}
-description: A relay server
-EOF
-${ECHO} " Done."
-
-#######################################################################################################################
-## Node groups (including special target) 
-#######################################################################################################################
-
-${ECHO} -n "INFO: Adding special group entries for relay server..."
-${LDAPADD} <<EOF >/dev/null 2>&1 || echo -n " entries already exist."
-dn: nodeGroupId=hasPolicyServer-${RELAY_UUID},groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
-objectClass: nodeGroup
-objectClass: top
-cn: All classic Nodes managed by ${RELAY_UUID} policy server
-description: All classic Nodes known by Rudder directly connected to the ${RELAY_UUID} server. This group exists only as internal purpose and should not be used to configure Nodes.
-isDynamic: TRUE
-nodeGroupId: hasPolicyServer-${RELAY_UUID}
-isSystem: TRUE
-isEnabled: TRUE
-jsonNodeGroupQuery: {"select":"nodeAndPolicyServer","composition":"And","where":[{"objectType":"node","attribute":"policyServerId","comparator":"eq","value":"${RELAY_UUID}"},{"objectType":"node","attribute":"agentName","comparator":"eq","value":"cfengine"}]}
-${EXISTING_NODEID}
-
-dn: ruleTarget=policyServer:${RELAY_UUID},groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
-objectClass: specialRuleTarget
-objectClass: top
-ruleTarget: policyServer:${RELAY_UUID}
-cn: ${RELAY_UUID} policy server
-description: Only the ${RELAY_UUID} policy server
-isEnabled: TRUE
-isSystem: TRUE
-
-EOF
-${ECHO} " Done."
+	${ECHO} "Done."
 
-#######################################################################################################################
-## Directives
-#######################################################################################################################
+	${ECHO} -n "INFO: Triggering promises generation..."
+	curl --proxy '' -k "https://localhost/rudder/api/deploy/reload"
+	${ECHO} " Done."
 
-${ECHO} -n "INFO: Adding special Directives for relay server..."
-${LDAPADD} <<EOF >/dev/null 2>&1 || echo -n " entries already exist."
-dn: directiveId=${RELAY_UUID}-distributePolicy,activeTechniqueId=distributePolicy,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
-objectClass: directive
-objectClass: top
-directiveId: ${RELAY_UUID}-distributePolicy
-cn: ${RELAY_UUID}-Distribute Policy
-description: Distribute policy - Technical
-techniqueVersion: 0:1.0
-isEnabled: TRUE
-isSystem: TRUE
-directivePriority: 0
-
-# common (has policy server)
-
-dn: directiveId=common-${RELAY_UUID},activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
-objectClass: directive
-objectClass: top
-directiveId: common-${RELAY_UUID}
-cn: Common-${RELAY_UUID}
-description: Common - Technical
-techniqueVersion: 0:1.0
-isEnabled: TRUE
-isSystem: TRUE
-directivePriority: 0
-directiveVariable: OWNER[0]:\${rudder.node.admin}
-directiveVariable: UUID[0]:\${rudder.node.id}
-directiveVariable: POLICYSERVER[0]:${RELAY_HOSTNAME}
-directiveVariable: POLICYSERVER_ID[0]:root
-directiveVariable: POLICYSERVER_ADMIN[0]:root
-${EXISTING_NETWORKS}
-directiveVariable: POLICYCHILDREN[0]:\${rudder.hasPolicyServer-${RELAY_UUID}.target.hostname}
-directiveVariable: ADMIN[0]:\${rudder.hasPolicyServer-${RELAY_UUID}.target.admin}
-directiveVariable: CHILDRENID[0]:\${rudder.hasPolicyServer-${RELAY_UUID}.target.id}
-
-EOF
-${ECHO} " Done."
-
-#######################################################################################################################
-## Rules
-#######################################################################################################################
-
-${ECHO} -n "INFO: Adding special Rules for relay server..."
-${LDAPADD} <<EOF >/dev/null 2>&1 || echo -n " entries already exist."
-dn: ruleId=${RELAY_UUID}-DP,ou=Rules,ou=Rudder,cn=rudder-configuration
-objectClass: rule
-objectClass: top
-ruleId: ${RELAY_UUID}-DP
-ruleTarget: policyServer:${RELAY_UUID}
-directiveId: ${RELAY_UUID}-distributePolicy
-cn: distributePolicy
-description: Distribute Policy - Technical
-isEnabled: TRUE
-isSystem: TRUE
-longDescription: This rule allows to distribute policies to nodes
-serial: 0
-
-dn: ruleId=hasPolicyServer-${RELAY_UUID},ou=Rules,ou=Rudder,cn=rudder-configuration
-objectClass: rule
-objectClass: top
-ruleId: hasPolicyServer-${RELAY_UUID}
-ruleTarget: group:hasPolicyServer-${RELAY_UUID}
-directiveId: common-${RELAY_UUID}
-cn: Rudder system policy: basic setup (common)
-description: Common - Technical
-isEnabled: TRUE
-isSystem: TRUE
-longDescription: This is the basic system rule which all nodes must have.
-serial: 0
-
-EOF
-
-${ECHO} " Done."
-
-${ECHO} -n "INFO: Triggering promises generation..."
-curl --proxy '' -k "https://localhost/rudder/api/deploy/reload"
-${ECHO} " Done."
-
-${ECHO} -e "\nSuccess: all steps completed successfully."
+	${ECHO} -e "\nSuccess: all steps completed successfully."
+	exit 0
+fi