-
Notifications
You must be signed in to change notification settings - Fork 462
/
component.go
103 lines (87 loc) · 2.48 KB
/
component.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package sshdensurer
import (
"bytes"
_ "embed"
"text/template"
"github.com/Masterminds/sprig/v3"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/utils/ptr"
extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
"github.com/gardener/gardener/pkg/component/extensions/operatingsystemconfig/original/components"
"github.com/gardener/gardener/pkg/utils"
)
var (
tplEnableSSHName = "sshd-enable"
//go:embed templates/scripts/enable-sshd.tpl.sh
tplEnableSSHScript string
tplEnableSSH *template.Template
tplDisableSSHName = "sshd-disable"
//go:embed templates/scripts/disable-sshd.tpl.sh
tplDisableSSHScript string
tplDisableSSH *template.Template
)
func init() {
var err error
tplEnableSSH, err = template.
New(tplEnableSSHName).
Funcs(sprig.TxtFuncMap()).
Parse(tplEnableSSHScript)
utilruntime.Must(err)
tplDisableSSH, err = template.
New(tplDisableSSHName).
Funcs(sprig.TxtFuncMap()).
Parse(tplDisableSSHScript)
utilruntime.Must(err)
}
const (
pathScript = "/var/lib/sshd-ensurer/run.sh"
)
type component struct{}
// New returns a new sshd-ensurer component.
func New() *component {
return &component{}
}
func (component) Name() string {
return "sshd-ensurer"
}
func (component) Config(ctx components.Context) ([]extensionsv1alpha1.Unit, []extensionsv1alpha1.File, error) {
var script bytes.Buffer
if ctx.SSHAccessEnabled {
if err := tplEnableSSH.Execute(&script, nil); err != nil {
return nil, nil, err
}
} else {
if err := tplDisableSSH.Execute(&script, nil); err != nil {
return nil, nil, err
}
}
sshdEnsurerFile := extensionsv1alpha1.File{
Path: pathScript,
Permissions: ptr.To[int32](0755),
Content: extensionsv1alpha1.FileContent{
Inline: &extensionsv1alpha1.FileContentInline{
Encoding: "b64",
Data: utils.EncodeBase64(script.Bytes()),
},
},
}
sshdEnsurerUnit := extensionsv1alpha1.Unit{
Name: "sshd-ensurer.service",
Command: ptr.To(extensionsv1alpha1.CommandStart),
Content: ptr.To(`[Unit]
Description=Ensure SSHD service is enabled or disabled
DefaultDependencies=no
[Service]
Type=simple
Restart=always
RestartSec=15
ExecStart=` + pathScript + `
[Install]
WantedBy=multi-user.target`),
FilePaths: []string{sshdEnsurerFile.Path},
}
return []extensionsv1alpha1.Unit{sshdEnsurerUnit}, []extensionsv1alpha1.File{sshdEnsurerFile}, nil
}