maas-cert-server

Merge ~rodsmith/maas-cert-server:fix-uuid-1000 into maas-cert-server:master

Proposed by Rod Smith on 2023-02-23

Status:

Merged

Approved by:

Rod Smith on 2023-02-25

Approved revision:

9a68685e619957a2ccc6c9cf2d8adbbdebc58962

Merged at revision:

f8ccf9659113562de1286a7bf321c0405ef2356f

Proposed branch:

~rodsmith/maas-cert-server:fix-uuid-1000

Merge into:

maas-cert-server:master

Diff against target:

253 lines (+82/-46)

2 files modified

debian/changelog (+8/-0)
usr/sbin/maniacs-setup (+74/-46)

Related bugs:

Bug #2004543: script depends on uid 1000	Undecided	New
Bug #2008022: maniacs-setup fails with MAAS 3.3.0	High	New

Link a bug report

Reviewer	Review Type	Date Requested	Status
Jeff Lane 		2023-02-23	Approve on 2023-02-24
Review via email: mp+437853@code.launchpad.net

Commit message

Updated maniacs-setup for MAAS 3.3.0 & to fix problem if no UID 1000 present

Description of the change

This started as a UID 1000 fix (for bug #2004543); but in fixing that bug, I discovered that the MAAS snap is now installing MAAS 3.3.0 by default, and that has created a series of problems for maniacs-setup, the most serious of which is described in bug #2008022. I also discovered a bug in MAAS 3.3.0 (bug #2008421), and incorporated a workaround for that. This MR therefore addresses all of these bug reports, and a number of minor tweaks (although it does not fix the MAAS bug; it just works around it).

Revision history for this message

Jeff Lane  (bladernr) wrote on 2023-02-24:

Seems OK to me. This fixes both the UID1000 issue as well as issues with MAAS 3.3.0.

review: Approve

Revision history for this message

Jeff Lane  (bladernr) wrote on 2023-02-24:

Additional comment: for future consideration, I wonder if we shouldn't be tying etiher MCS packaging, or have the script fail, if the right version of MAAS isn't there... each new version of MAAS seems to break things and I wonder thus if this shouldn't be more discrimatory and fail if, for example, 3.3.0 isn't installed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Rod Smith

hardware-certification-users

 diff --git a/debian/changelog b/debian/changelog
 index 0513a08..4c040cc 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,11 @@
++maas-cert-server (0.7.3-0ppa1) jammy; urgency=medium
++
++  * Fixed bug in maniacs-setup that caused it to fail if there
++    was no user with a UID of 1000 on the computer.
++  * Adjusted maniacs-setup to work with MAAS 3.3.0.
++
++ -- Rod Smith <rodsmith@louiswu.rodsbooks.com>  Thu, 23 Feb 2023 17:10:13 -0500
++
  maas-cert-server (0.7.2-0ppa1) jammy; urgency=medium
    * Clean up maniacs-setup code
 diff --git a/usr/sbin/maniacs-setup b/usr/sbin/maniacs-setup
 index 2ca34ca..adef490 100755
 --- a/usr/sbin/maniacs-setup
 +++ b/usr/sbin/maniacs-setup
@@ -144,7 +144,8 @@ setup_globals() {
      PROGRESS_TRACKER=$MCS_DATA/progress
      MIRROR_TRACKER=$MCS_DATA/apt-mirror.out
      RERUN=no
--    DEFAULT_USER=$(getent passwd | awk -v val=1000 -F ":" '$3==val{print $1}')
++    DEFAULT_USER=$(logname)
++    DEFAULT_GROUP=$(id -gn "$DEFAULT_USER")
      if [ -z "$DEFAULT_USER" ] ; then
          echo "The default user (who must have a UID of 1000) can't be determined!"
          echo "Exiting!"
@@ -167,7 +168,6 @@ setup_globals() {
      SUPPORTED_RELEASES=$(distro-info --supported)
      CLOUD_ARCHES="amd64 i386 arm64 armhf ppc64el s390x"
      CLOUD_MIRROR="$MIRROR_HOME/cloud"
--    RETRY=10
      MIRRORED=0
      # Any of the preceding values can be overridden in the config file....
@@ -219,6 +219,7 @@ setup_network_addresses() {
      INTERNAL_IP=$(ip -4 addr show "$INTERNAL_NET" | grep inet | tr -s " " | cut -d" " -f3 | cut -d"/" -f1)
      INTERNAL_BROADCAST=$(ip -4 addr show "$INTERNAL_NET" | grep inet | tr -s " " | cut -d" " -f5)
      INTERNAL_NETMASK=$(ip -4 addr show "$INTERNAL_NET" | grep inet | tr -s " " | cut -d" " -f3 | cut -d"/" -f2)
++    INTERNAL_NETBLOCK=$(ipcalc -n "$INTERNAL_IP"/"$INTERNAL_NETMASK" | grep Network | tr -s " " | cut -d " " -f 2) || true
      # INTERNAL_NETSTART is currently unused; but if necessary in the future,
      # uncomment the below line....
      # INTERNAL_NETSTART=$(ipcalc -n "$INTERNAL_IP"/"$INTERNAL_NETMASK" | grep Network | tr -s " " | cut -d " " -f 2 | cut -d "/" -f 1)
@@ -299,6 +300,7 @@ setup_postgresql() {
      echo "* you supply."
      get_password
      DB_PASS=$PASSWORD
++    sudo usermod -a -G "$DEFAULT_GROUP" postgres
      sudo -u postgres psql -c "CREATE USER \"maas\" WITH ENCRYPTED PASSWORD '$PASSWORD'"
      echo "*"
      echo "* Now creating a PostgresQL database (called 'maasdb')...."
@@ -331,24 +333,51 @@ reconfigure_controllers() {
      dpkg-reconfigure -fnoninteractive maas-rack-controller
+ }
++ENSURE_RUNNING_TRIES=2
  ensure_running() {
--    local job="$1"
--    local count=1
--    while true; do
--        if (service "$job" status | grep -qs "running"); then
--          break
--        fi
--        invoke-rc.d "$job" start
--        sleep 1
--        count=$((count+1))
--        if [ $count -gt $RETRY ]; then
--            echo "$job refused to start [$RETRY] times"
++    local controller_online="Offline"
++
++    local PRIMARY_RACK
++    PRIMARY_RACK=$(maas admin rack-controllers read | jshon -a -e system_id | tr -d '"')
++    controller_online=$(maas admin rack-controller read "$PRIMARY_RACK" | \
++                        jshon -e commissioning_status_name | tr -d '"' | \
++                        head -n 1)
++
++    # MAAS 3.3.0 sometimes doesn't finish its initial commissioning, so we
++    # restart it to give it a kick in the pants and wait for commissioning
++    # to complete....
++    if [[ $USE_SNAPS == 1 && $controller_online != "Passed" ]] ; then
++        echo "* Restarting MAAS"
++        snap restart maas.supervisor &> /dev/null
++        until maas admin events query &> /dev/null ; do
++            echo "* Waiting for MAAS to restart...."
++            sleep 2
++        done
++        # Sleep 5 more seconds, just for good measure....
++        sleep 5
++    fi
++
++    local TRIES_LEFT=20
++    while [[ $controller_online != "Passed" && $TRIES_LEFT -gt 0 ]] ; do
++        sleep 3
++        controller_online=$(maas admin rack-controller read "$PRIMARY_RACK" | \
++                            jshon -e commissioning_status_name | tr -d '"' | \
++                            head -n 1)
++        echo "* Waiting for the MAAS controller; current status is $controller_online...."
++        (( TRIES_LEFT-- )) || true
++    done
++    if [[ $TRIES_LEFT -eq 0 ]] ; then
++        if [[ $ENSURE_RUNNING_TRIES -gt 0 ]] ; then
++            # Sometimes even one restart fails, so try again....
++            ((ENSURE_RUNNING_TRIES--))
++            ensure_running
++        else
++            echo "* MAAS commissioning is incomplete; exiting!"
              exit 1
          fi
--    done
--}
--
++    fi
++} # ensure_running()
  login_maas_admin() {
      if [ $USE_SNAPS == 1 ] ; then
@@ -358,22 +387,22 @@ login_maas_admin() {
          local APIKEY
          APIKEY=$(maas-region apikey --username "$DEFAULT_USER" | tail -n1)
      fi
--    echo "Logging into maas at '$MAAS_URL' with '$APIKEY'"
++    echo "* Logging into maas at '$MAAS_URL' with '$APIKEY'"
++
      set +e
      local RETURN_CODE=1
      local TRIES_LEFT=20
      # MAAS can take a while to become accessible, so keep trying to
      # log in until it is available, or until we get tired of trying....
      while [[ $RETURN_CODE != 0 && $TRIES_LEFT -gt 0 ]] ; do
--        echo "Attempting a login...."
++        echo "* Attempting a login...."
          maas login admin "$MAAS_URL" "$APIKEY" &> /dev/null
          RETURN_CODE=$?
          (( TRIES_LEFT-- )) || true
--        if [ $RETURN_CODE != 0 ] ; then
--            sleep 3
--        fi
++        sleep 3
      done
      set -e
++    ensure_running
+ }
@@ -381,6 +410,7 @@ setup_maas_admin() {
      # Configure the MAAS admin user
      # Sadly, there's no way to test if the user has been created already,
      # so ignore errors for idempotence
++
      echo
      echo "***************************************************************************"
      if [ "$(check_set_progress "${FUNCNAME[0]}")" == "completed" ] ; then
@@ -775,7 +805,6 @@ setup_ip_ranges() {
      local third_octet_plus3
      local internal16
      local internal24
--    local cidr
      echo
      echo "***************************************************************************"
      if [ "$(check_set_progress "${FUNCNAME[0]}")" == "completed" ] ; then
@@ -790,26 +819,13 @@ setup_ip_ranges() {
      ((third_octet_plus1="$third_octet"+1))
      ((third_octet_plus2="$third_octet"+2))
      ((third_octet_plus3="$third_octet"+3))
--    cidr=$(ipcalc -n "$INTERNAL_IP"/"$INTERNAL_NETMASK" | grep Netmask | tr -s " " | cut -d " " -f4) || true
--    if [ -z "$cidr" ] ; then
--        local is_valid=false
--        local numbers='^[0-9]+$'
--        while [ "$is_valid" != true ] ; do
--            echo -n "* Could not compute the CIDR netmask! Please enter it here (1-31): "
--            read -r cidr
--            if [[ "$cidr" =~ $numbers ]] ; then
--                if [ "$cidr" -gt 0 ] && [ "$cidr" -lt 32 ] ; then
--                    is_valid=true
--                fi
--            fi
--        done
--    fi
++
      # In MAAS 2.1 and later, two IP address ranges can be explicitly marked,
      # leaving a third implied:
      # * A range managed by DHCP (set explicitly)
      # * A reserved range NOT used by MAAS (set explicitly)
      # * A range used by MAAS for "auto-assign" addresses (everything not set explicitly)
--    if [ "$cidr" -gt 24 ] ; then
++    if [ "$INTERNAL_NETMASK" -gt 24 ] ; then
          echo "* Your internal network has too few addresses; please specify the values"
          echo "* for two IP address ranges: reserved (never used by MAAS) and DHCP"
          echo "* (used by MAAS with DHCP). Note that a third range is implicit -- those"
@@ -825,7 +841,7 @@ setup_ip_ranges() {
          echo -n "* High IP address for DHCP addresses: "
          read -r DHCP_RANGE_HIGH
      else
--        if [ "$cidr" = 24 ] ; then
++        if [ "$INTERNAL_NETMASK" = 24 ] ; then
              RESERVED_RANGE_LOW="$internal24.1"
              RESERVED_RANGE_HIGH="$internal24.9"
              DHCP_RANGE_LOW="$internal24.10"
@@ -833,7 +849,7 @@ setup_ip_ranges() {
              AUTO_ASSIGN_LOW="$internal24.128"
              AUTO_ASSIGN_HIGH="$internal24.254"
          fi
--        if [ "$cidr" = 23 ] ; then
++        if [ "$INTERNAL_NETMASK" = 23 ] ; then
              RESERVED_RANGE_LOW="$internal24.1"
              RESERVED_RANGE_HIGH="$internal24.50"
              DHCP_RANGE_LOW="$internal24.51"
@@ -841,7 +857,7 @@ setup_ip_ranges() {
              AUTO_ASSIGN_LOW="$internal16.$third_octet_plus1.0"
              AUTO_ASSIGN_HIGH="$internal16.$third_octet_plus1.254"
          fi
--        if [ "$cidr" -lt 23 ] ; then
++        if [ "$INTERNAL_NETMASK" -lt 23 ] ; then
              RESERVED_RANGE_LOW="$internal24.1"
              RESERVED_RANGE_HIGH="$internal24.255"
              DHCP_RANGE_LOW="$internal16.$third_octet_plus1.0"
@@ -863,14 +879,26 @@ setup_ip_ranges() {
      RANGES=$(maas admin ipranges read | grep end_ip) || true
      if [ -z "$RANGES" ] ; then
          echo "* Initializing rack controller"
--        maas admin ipranges create type=dynamic start_ip="$DHCP_RANGE_LOW" end_ip="$DHCP_RANGE_HIGH" > /dev/null
--        maas admin ipranges create type=reserved start_ip="$RESERVED_RANGE_LOW" end_ip="$RESERVED_RANGE_HIGH" > /dev/null
--        INTERNAL_FABRIC=$(maas admin ipranges read | jshon -a -e subnet -e vlan -e fabric | tr -d '"' | head -n 1)
--        PRIMARY_RACK=$(maas admin rack-controllers read | jshon -a -e hostname | tr -d '"')
--        maas admin vlan update "$INTERNAL_FABRIC" untagged dhcp_on=True primary_rack="$PRIMARY_RACK" > /dev/null
++        if dpkg --compare-versions "$MAAS_VERSION" "ge" "3.3" ; then
++            maas admin ipranges create type=dynamic start_ip="$DHCP_RANGE_LOW" \
++                 end_ip="$DHCP_RANGE_HIGH" cidr="$INTERNAL_NETBLOCK" > /dev/null
++            maas admin ipranges create type=reserved start_ip="$RESERVED_RANGE_LOW" \
++                 end_ip="$RESERVED_RANGE_HIGH" cidr="$INTERNAL_NETBLOCK" > /dev/null
++        else
++            maas admin ipranges create type=dynamic start_ip="$DHCP_RANGE_LOW" \
++                 end_ip="$DHCP_RANGE_HIGH" > /dev/null
++            maas admin ipranges create type=reserved start_ip="$RESERVED_RANGE_LOW" \
++                 end_ip="$RESERVED_RANGE_HIGH" > /dev/null
++        fi
++        INTERNAL_FABRIC=$(maas admin ipranges read | \
++                          jshon -a -e subnet -e vlan -e fabric | \
++                          tr -d '"' | head -n 1)
++        PRIMARY_RACK=$(maas admin rack-controllers read | jshon -a -e system_id | tr -d '"')
++        maas admin vlan update "$INTERNAL_FABRIC" untagged dhcp_on=True \
++             primary_rack="$PRIMARY_RACK" > /dev/null
          local SUBNET_ID
          SUBNET_ID=$(maas admin ipranges read | jshon -a -e subnet -e id | head -n 1)
--        maas admin subnet update "$SUBNET_ID" gateway_ip="$INTERNAL_IP"
++        maas admin subnet update "$SUBNET_ID" gateway_ip="$INTERNAL_IP" > /dev/null
      else
          echo "* Rack controller DHCP configuration already exists; leaving it alone!"
          echo "* You should use the MAAS web UI to reconfigure your ranges!"