forked from gravitational/teleport
/
azure_installer.go
104 lines (94 loc) · 3.37 KB
/
azure_installer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/*
* Teleport
* Copyright (C) 2023 Gravitational, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package server
import (
"context"
"crypto/rand"
"fmt"
"net/url"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3"
"github.com/aws/aws-sdk-go/aws"
"github.com/gravitational/trace"
"golang.org/x/sync/errgroup"
apievents "github.com/gravitational/teleport/api/types/events"
"github.com/gravitational/teleport/lib/cloud/azure"
)
// AzureInstaller handles running commands that install Teleport on Azure
// virtual machines.
type AzureInstaller struct {
Emitter apievents.Emitter
}
// AzureRunRequest combines parameters for running commands on a set of Azure
// virtual machines.
type AzureRunRequest struct {
Client azure.RunCommandClient
Instances []*armcompute.VirtualMachine
Params []string
Region string
ResourceGroup string
ScriptName string
PublicProxyAddr string
ClientID string
}
// Run runs a command on a set of virtual machines and then blocks until the
// commands have completed.
func (ai *AzureInstaller) Run(ctx context.Context, req AzureRunRequest) error {
script, err := getInstallerScript(req.ScriptName, req.PublicProxyAddr, req.ClientID)
if err != nil {
return trace.Wrap(err)
}
g, ctx := errgroup.WithContext(ctx)
// Somewhat arbitrary limit to make sure Teleport doesn't have to install
// hundreds of nodes at once.
g.SetLimit(10)
for _, inst := range req.Instances {
inst := inst
g.Go(func() error {
runRequest := azure.RunCommandRequest{
Region: req.Region,
ResourceGroup: req.ResourceGroup,
VMName: aws.StringValue(inst.Name),
Parameters: req.Params,
Script: script,
}
return trace.Wrap(req.Client.Run(ctx, runRequest))
})
}
return trace.Wrap(g.Wait())
}
func getInstallerScript(installerName, publicProxyAddr, clientID string) (string, error) {
installerURL, err := url.Parse(fmt.Sprintf("https://%s/v1/webapi/scripts/installer/%v", publicProxyAddr, installerName))
if err != nil {
return "", trace.Wrap(err)
}
if clientID != "" {
q := installerURL.Query()
q.Set("azure-client-id", clientID)
installerURL.RawQuery = q.Encode()
}
// Azure treats scripts with the same content as the same invocation and
// won't run them more than once. This is fine when the installer script
// succeeds, but it makes troubleshooting much harder when it fails. To
// work around this, we generate a random string and append it as a comment
// to the script, forcing Azure to see each invocation as unique.
nonce := make([]byte, 8)
// No big deal if rand.Read fails, the script is still valid.
_, _ = rand.Read(nonce)
script := fmt.Sprintf("curl -s -L %s| bash -s $@ #%x", installerURL, nonce)
return script, nil
}