Tom Hubrecht
88d9b8c3e3
Some checks failed
Check meta / check_dns (pull_request) Successful in 19s
Check meta / check_meta (pull_request) Successful in 20s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / ap01 (pull_request) Successful in 1m15s
Build all the nodes / bridge01 (pull_request) Successful in 1m53s
Build all the nodes / geo01 (pull_request) Successful in 1m55s
Build all the nodes / geo02 (pull_request) Successful in 1m53s
Build all the nodes / compute01 (pull_request) Successful in 2m33s
Build all the nodes / rescue01 (pull_request) Successful in 2m13s
Build all the nodes / storage01 (pull_request) Successful in 1m57s
Run pre-commit on all files / check (pull_request) Successful in 30s
Build all the nodes / web02 (pull_request) Successful in 1m47s
Build all the nodes / vault01 (pull_request) Successful in 2m21s
Build all the nodes / web03 (pull_request) Successful in 1m40s
Build all the nodes / web01 (pull_request) Successful in 2m54s
Check meta / check_dns (push) Successful in 20s
Check meta / check_meta (push) Successful in 19s
Check workflows / check_workflows (push) Successful in 25s
Build all the nodes / ap01 (push) Successful in 1m16s
Build all the nodes / bridge01 (push) Successful in 1m41s
Build all the nodes / geo02 (push) Successful in 1m44s
Build all the nodes / geo01 (push) Successful in 1m53s
Build all the nodes / compute01 (push) Successful in 2m20s
Build all the nodes / rescue01 (push) Successful in 1m49s
Build all the nodes / storage01 (push) Successful in 1m46s
Build all the nodes / vault01 (push) Successful in 1m45s
Run pre-commit on all files / check (push) Successful in 30s
Build all the nodes / web02 (push) Has been cancelled
Build all the nodes / web01 (push) Has been cancelled
Build all the nodes / web03 (push) Has been cancelled
Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel.
124 lines
2.9 KiB
Bash
124 lines
2.9 KiB
Bash
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
shopt -s lastpipe
|
|
|
|
usage="$(basename "$0") [-h] [--diff] [NODE]
|
|
Check if deployed config is actually the one on master
|
|
By default check all nodes
|
|
|
|
where:
|
|
-h Show this help text
|
|
--diff Show diff with nvd
|
|
|
|
Exemple:
|
|
check-deployment web01"
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--help | -h)
|
|
echo "$usage"
|
|
exit 0
|
|
;;
|
|
|
|
--diff)
|
|
diff=y
|
|
;;
|
|
|
|
*)
|
|
if [[ -z ${node-} ]]; then
|
|
node="$1"
|
|
else
|
|
echo "Too many arguments. Help:"
|
|
echo "$usage"
|
|
exit 1
|
|
fi
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
#############
|
|
# go to tmp #
|
|
#############
|
|
|
|
TMP=$(mktemp -d)
|
|
GIT_TOP_LEVEL=$(git rev-parse --show-toplevel)
|
|
|
|
echo "Cloning local main..."
|
|
git clone -q --branch main --single-branch "$GIT_TOP_LEVEL" "$TMP"
|
|
pushd "$TMP" >/dev/null || exit 2
|
|
|
|
####################
|
|
# Evaluate configs #
|
|
####################
|
|
|
|
colmena_failed() {
|
|
>&2 echo "Colmena failed. Check your config. Logs:"
|
|
>&2 cat "$COLMENA_LOGS"
|
|
exit 3
|
|
}
|
|
|
|
COLMENA_LOGS=$(mktemp)
|
|
|
|
echo "Evaluating configs..."
|
|
# Disable warning because of '${}'
|
|
# shellcheck disable=SC2016
|
|
RESULTS=$(colmena eval -E '{ nodes, lib, ...}: lib.mapAttrsToList (k: v: { machine = k; path = v.config.system.build.toplevel; drv = v.config.system.build.toplevel.drvPath; domain = "${v.config.networking.hostName}.${v.config.networking.domain}"; }) nodes' 2>"$COLMENA_LOGS" || colmena_failed)
|
|
|
|
rm "$COLMENA_LOGS"
|
|
echo "Evaluation finished"
|
|
|
|
#####################################
|
|
# retrieve and check current-system #
|
|
#####################################
|
|
|
|
retrieve_current_system() {
|
|
# TODO implement a less invasive method
|
|
ssh -n "root@$1" "readlink -f /run/current-system"
|
|
}
|
|
|
|
return_status=0
|
|
echo "$RESULTS" | jq -c '.[]' |
|
|
while IFS=$'\n' read -r c; do
|
|
|
|
machine=$(echo "$c" | jq -r '.machine')
|
|
if [[ -n ${node-} ]] && [[ "$machine" != "$node" ]]; then
|
|
echo "Skipping ${machine}"
|
|
continue
|
|
fi
|
|
expected_path=$(echo "$c" | jq -r '.path')
|
|
domain=$(echo "$c" | jq -r '.domain')
|
|
drv_path=$(echo "$c" | jq -r '.drv')
|
|
|
|
err=0
|
|
current_path=$(retrieve_current_system "$domain") || err=1
|
|
if [[ "1" == "${err}" ]]; then
|
|
echo "❌ failed to contact $domain !"
|
|
continue
|
|
fi
|
|
|
|
if [ "$expected_path" == "$current_path" ]; then
|
|
echo "✅ $machine -> OK"
|
|
elif [[ -n ${diff-} ]]; then
|
|
nix-copy-closure --from "root@$domain" "$current_path"
|
|
nix-store -r "$drv_path"
|
|
echo "$machine -> error. nvd output:"
|
|
nvd diff "$expected_path" "$current_path"
|
|
return_status=1
|
|
else
|
|
echo "☠️ $machine -> error:"
|
|
echo " - Expected system: $expected_path"
|
|
echo " - Current system: $current_path"
|
|
return_status=1
|
|
fi
|
|
done
|
|
|
|
popd >/dev/null || exit 2
|
|
rm -r "$TMP"
|
|
|
|
exit $return_status
|