Merge pull request 'feat: add turrisos support for installation check' (#191) from feat/add-turrisos-support-for-installation-check into main

Reviewed-on: https://gitea.obmondo.com/EnableIT/Linuxaid-cli/pulls/191

Author: ashish1099

constant/constants.go

@@ -7,17 +7,14 @@ const (
 	PuppetPackageName  = "puppet-agent"
 	PuppetPath         = "/sbin:/usr/sbin:/bin:/usr/bin:/opt/puppetlabs/puppet/bin"
 	PuppetConfig       = "/etc/puppetlabs/puppet/puppet.conf"
-	PuppetVersion      = "8.23.1"
+	OpenvoxVersion     = "8.24.2"
 	PuppetMajorVersion = "openvox8"
 	PuppetCertEnv      = "PUPPETCERT"
 	PuppetPrivKeyEnv   = "PUPPETPRIVKEY"
 	InstallTokenEnv    = "TOKEN"
 	ExternalFacterFile = "/etc/puppetlabs/facter/facts.d/new_installation.yaml"
 	PuppetPrivKeyPath  = "/etc/puppetlabs/puppet/ssl/private_keys"
 
-	// Openvox
-	OpenvoxAgentVersionTurris = "7.37.2"
-
 	// Lock and Disabled
 	AgentDisabledLockFile           = "/opt/puppetlabs/puppet/cache/state/agent_disabled.lock"
 	AgentRunningLockFile            = "/opt/puppetlabs/puppet/cache/state/agent_catalog_run.lock"

helper/os_release.go

@@ -10,24 +10,28 @@ import (
 )
 
 const (
-	constDistributionNameUbuntu      = "ubuntu"
-	constDistributionNameDebian      = "debian"
-	constDistributionNameSLES        = "sles"
-	constDistributionNameCentOS      = "centos"
-	constDistributionNameRHEL        = "rhel"
-	constDistributionNameOracleLinux = "ol"
+	ConstDistributionNameUbuntu      = "ubuntu"
+	ConstDistributionNameDebian      = "debian"
+	ConstDistributionNameSLES        = "sles"
+	ConstDistributionNameCentOS      = "centos"
+	ConstDistributionNameRHEL        = "rhel"
+	ConstDistributionNameOracleLinux = "ol"
+	ConstDistributionNameTurrisOS    = "turrisos"
 
-	constDistributionDebianUpdateRepoListCmd = "apt update"
-	constDistributionSLESUpdateRepoListCmd   = "zypper refresh"
-	constDistributionRHELUpdateRepoListCmd   = "yum repolist"
+	constDistributionDebianUpdateRepoListCmd  = "apt update"
+	constDistributionSLESUpdateRepoListCmd    = "zypper refresh"
+	constDistributionRHELUpdateRepoListCmd    = "yum repolist"
+	constDistributionOpenWRTUpdateRepoListCmd = "opkg update"
 
-	constDistributionDebianCheckCACertificatesCmd = "dpkg-query -W ca-certificates openssl"
-	constDistributionSLESCheckCACertificatesCmd   = "rpm -q ca-certificates openssl ca-certificates-cacert ca-certificates-mozilla"
-	constDistributionRHELCheckCACertificatesCmd   = "rpm -q ca-certificates openssl"
+	constDistributionDebianCheckCACertificatesCmd  = "dpkg-query -W ca-certificates openssl"
+	constDistributionSLESCheckCACertificatesCmd    = "rpm -q ca-certificates openssl ca-certificates-cacert ca-certificates-mozilla"
+	constDistributionRHELCheckCACertificatesCmd    = "rpm -q ca-certificates openssl"
+	constDistributionOpenWRTCheckCACertificatesCmd = "opkg list-installed ca-certificates openssl"
 
-	constDistributionDebianInstallCACertificatesCmd = "apt install -y ca-certificates"
-	constDistributionSLESInstallCACertificatesCmd   = "zypper install -y ca-certificates openssl ca-certificates-cacert ca-certificates-mozilla"
-	constDistributionRHELInstallCACertificatesCmd   = "yum install -y ca-certificates openssl"
+	constDistributionDebianInstallCACertificatesCmd  = "apt install -y ca-certificates"
+	constDistributionSLESInstallCACertificatesCmd    = "zypper install -y ca-certificates openssl ca-certificates-cacert ca-certificates-mozilla"
+	constDistributionRHELInstallCACertificatesCmd    = "yum install -y ca-certificates openssl"
+	constDistributionOpenWRTInstallCACertificatesCmd = "opkg install libopenssl openssl-util libopenssl-conf"
 )
 
 type CertificateManagerCommands struct {
@@ -57,24 +61,30 @@ func IsSupportedOS() (CertificateManagerCommands, error) {
 // 3. command to install CA certificates
 func getCommandsForInstallingCACertificates() (CertificateManagerCommands, error) {
 	switch os.Getenv("ID") {
-	case constDistributionNameUbuntu, constDistributionNameDebian:
+	case ConstDistributionNameUbuntu, ConstDistributionNameDebian:
 		return CertificateManagerCommands{
 			updateRepoListCmd:        constDistributionDebianUpdateRepoListCmd,
 			checkCACertificatesCmd:   constDistributionDebianCheckCACertificatesCmd,
 			installCACertificatesCmd: constDistributionDebianInstallCACertificatesCmd,
 		}, nil
-	case constDistributionNameSLES:
+	case ConstDistributionNameSLES:
 		return CertificateManagerCommands{
 			updateRepoListCmd:        constDistributionSLESUpdateRepoListCmd,
 			checkCACertificatesCmd:   constDistributionSLESCheckCACertificatesCmd,
 			installCACertificatesCmd: constDistributionSLESInstallCACertificatesCmd,
 		}, nil
-	case constDistributionNameCentOS, constDistributionNameRHEL, constDistributionNameOracleLinux:
+	case ConstDistributionNameCentOS, ConstDistributionNameRHEL, ConstDistributionNameOracleLinux:
 		return CertificateManagerCommands{
 			updateRepoListCmd:        constDistributionRHELUpdateRepoListCmd,
 			checkCACertificatesCmd:   constDistributionRHELCheckCACertificatesCmd,
 			installCACertificatesCmd: constDistributionRHELInstallCACertificatesCmd,
 		}, nil
+	case ConstDistributionNameTurrisOS:
+		return CertificateManagerCommands{
+			updateRepoListCmd:        constDistributionOpenWRTUpdateRepoListCmd,
+			checkCACertificatesCmd:   constDistributionOpenWRTCheckCACertificatesCmd,
+			installCACertificatesCmd: constDistributionOpenWRTInstallCACertificatesCmd,
+		}, nil
 	}
 	return CertificateManagerCommands{}, errors.New("unknown distribution")
 }

helper/provisioner/provisioner.go

@@ -41,22 +41,22 @@ func NewService(apiClient api.ObmondoClient, puppet *puppet.Service, webtee *web
 
 func (s *Provisioner) ProvisionPuppet() {
 	switch os.Getenv("ID") {
-	case "ubuntu", "debian":
+	case helper.ConstDistributionNameUbuntu, helper.ConstDistributionNameDebian:
 		if err := s.provisionForDebian(); err != nil {
 			slog.Error("failed to install puppet", slog.Any("error", err))
 			os.Exit(1)
 		}
-	case "sles":
+	case helper.ConstDistributionNameSLES:
 		if err := s.provisionForSuse(); err != nil {
 			slog.Error("failed to install puppet", slog.Any("error", err))
 			os.Exit(1)
 		}
-	case "centos", "rhel", "ol":
+	case helper.ConstDistributionNameCentOS, helper.ConstDistributionNameRHEL, helper.ConstDistributionNameOracleLinux:
 		if err := s.provisionForRedHat(); err != nil {
 			slog.Error("failed to install puppet", slog.Any("error", err))
 			os.Exit(1)
 		}
-	case "turrisos":
+	case helper.ConstDistributionNameTurrisOS:
 		s.provisionForTurris()
 	default:
 		slog.Error("unknown distribution, exiting")
@@ -85,7 +85,7 @@ func (s *Provisioner) provisionForDebian() error {
 		return errors.New("unsupported system architecture")
 	}
 
-	fullPuppetVersion := fmt.Sprintf("%s-1+%s", constant.PuppetVersion, ubuntuVersion)
+	fullPuppetVersion := fmt.Sprintf("%s-1+%s", constant.OpenvoxVersion, ubuntuVersion)
 	packageName := fmt.Sprintf("openvox-agent_%s_%s.deb", fullPuppetVersion, runtime.GOARCH)
 	downloadPath := filepath.Join(tmpDir, packageName)
 	url := fmt.Sprintf("https://repos.obmondo.com/openvox/apt/pool/%s/o/openvox-agent/%s",
@@ -116,7 +116,7 @@ func (s *Provisioner) provisionForRedHat() error {
 		return errors.New("unsupported system architecture")
 	}
 
-	fullPuppetVersion := fmt.Sprintf("%s-1.el%s", constant.PuppetVersion, majRelease)
+	fullPuppetVersion := fmt.Sprintf("%s-1.el%s", constant.OpenvoxVersion, majRelease)
 	packageName := fmt.Sprintf("openvox-agent-%s.%s", fullPuppetVersion, runtimeArch)
 	downloadPath := filepath.Join(tmpDir, packageName+".rpm")
 	url := fmt.Sprintf("https://repos.obmondo.com/openvox/yum/%s/el/%s/%s/%s.rpm",
@@ -148,7 +148,7 @@ func (s *Provisioner) provisionForSuse() error {
 		return errors.New("unsupported system architecture")
 	}
 
-	fullPuppetVersion := fmt.Sprintf("%s-1.sles%s", constant.PuppetVersion, majRelease)
+	fullPuppetVersion := fmt.Sprintf("%s-1.sles%s", constant.OpenvoxVersion, majRelease)
 	packageName := fmt.Sprintf("openvox-agent-%s.%s", fullPuppetVersion, runtimeArch)
 	downloadPath := filepath.Join(tmpDir, packageName+".rpm")
 	url := fmt.Sprintf("https://repos.obmondo.com/openvox/sles/%s/%s/%s/%s.rpm",
@@ -169,6 +169,6 @@ func (s *Provisioner) provisionForTurris() {
 	s.webtee.RemoteLogObmondo([]string{"opkg update"}, s.certName)
 	s.webtee.RemoteLogObmondo([]string{"opkg install ruby ruby-stdlib ruby-dev ruby-gems"}, s.certName)
 
-	installCmd := []string{fmt.Sprintf("gem install -v %s --no-document openvox", constant.OpenvoxAgentVersionTurris)}
+	installCmd := []string{fmt.Sprintf("gem install -v %s --no-document openvox", constant.OpenvoxVersion)}
 	s.webtee.RemoteLogObmondo(installCmd, s.certName)
 }

pkg/puppet/puppet.go

@@ -56,17 +56,20 @@ func (*Service) EnableAgent() error {
 
 // Disable puppet-agent service (sanity-check)
 func (s *Service) DisableAgentService() {
-	// Disable unattended-upgrades so puppet-agent package does not update
-	s.webtee.RemoteLogObmondo([]string{
-		"puppet resource service unattended-upgrades ensure=stopped enable=false",
-	}, s.certName)
+	// There is no init script named unattended-upgrades, and puppet in /etc/init.d/ in TurrisOS system
+	if os.Getenv("ID") != helper.ConstDistributionNameTurrisOS {
+		// Disable unattended-upgrades so puppet-agent package does not update
+		s.webtee.RemoteLogObmondo([]string{
+			"puppet resource service unattended-upgrades ensure=stopped enable=false",
+		}, s.certName)
 
-	// Stop puppet agent service, since we manage it via run_puppet service
-	s.webtee.RemoteLogObmondo([]string{
-		"puppet resource service puppet ensure=stopped enable=false",
-	}, s.certName)
+		// Stop puppet agent service, since we manage it via run_puppet service
+		s.webtee.RemoteLogObmondo([]string{
+			"puppet resource service puppet ensure=stopped enable=false",
+		}, s.certName)
 
-	slog.Debug("puppet agent service disabled")
+		slog.Debug("puppet agent service disabled")
+	}
 }
 
 // Disable agent with message
@@ -94,7 +97,14 @@ func (s *Service) RunAgent(remoteLog bool, noopMode string) int {
 	slog.Info("running puppet agent", slog.String("mode", noopMode))
 	pipe := script.Exec(cmd)
 	if _, err := pipe.Stdout(); err != nil {
-		if !slices.Contains(constant.PuppetSuccessExitCodes, pipe.ExitStatus()) {
+		// We're patching the error handling for turrisos for now, since we're still updating
+		// linuxaid support. Once done, we'll remove this special handling.
+		successStatusCodes := constant.PuppetSuccessExitCodes
+		if os.Getenv("ID") == helper.ConstDistributionNameTurrisOS {
+			successStatusCodes = append(successStatusCodes, 4, 6) // nolint: mnd
+		}
+
+		if !slices.Contains(successStatusCodes, pipe.ExitStatus()) {
 			slog.Error("stdout error", slog.Any("error", err))
 		}
 	}
@@ -145,7 +155,7 @@ noop = true
 environment = %s
 `
 	content := fmt.Sprintf(cfg, s.openvoxServer, s.certName, s.openvoxEnv)
-	if _, err := script.Echo(content).WriteFile(constant.PuppetConfig); err != nil {
+	if err := os.WriteFile(constant.PuppetConfig, []byte(content), os.FileMode(os.O_TRUNC|os.O_CREATE)); err != nil {
 		s.webtee.RemoteLogObmondo([]string{fmt.Sprintf("echo failed to configure puppet: %s", err)}, s.certName)
 		os.Exit(1)
 	}

pkg/webtee/webtee.go

@@ -13,6 +13,7 @@ import (
 	"sync"
 
 	"gitea.obmondo.com/EnableIT/linuxaid-cli/constant"
+	"gitea.obmondo.com/EnableIT/linuxaid-cli/helper"
 	api "gitea.obmondo.com/EnableIT/linuxaid-cli/pkg/obmondo"
 )
 
@@ -108,7 +109,14 @@ func (w *Webtee) RemoteLogObmondo(command []string, certname string) {
 }
 
 func shouldIgnorePuppetAgentError(command []string, exitCode int) bool {
-	return strings.Contains(strings.Join(command, " "), "puppet agent") && slices.Contains(constant.PuppetSuccessExitCodes, exitCode)
+	// We're patching the error handling for turrisos for now, since we're still updating
+	// linuxaid support. Once done, we'll remove this special handling.
+	successStatusCodes := constant.PuppetSuccessExitCodes
+	if os.Getenv("ID") == helper.ConstDistributionNameTurrisOS {
+		successStatusCodes = append(successStatusCodes, 4, 6) // nolint: mnd
+	}
+
+	return strings.Contains(strings.Join(command, " "), "puppet agent") && slices.Contains(successStatusCodes, exitCode)
 }
 
 // readPipe reads a pipe, wraps every line in an "echo" command, prints it, and sends the line to