Use a script on firewall nodes to update config

So we can get some feedback to firewall master.
This commit is contained in:
Timotej Lazar 2023-06-27 08:51:01 +02:00
parent 4fb2d2c732
commit b55ae4d305

View file

@ -171,11 +171,6 @@ def push(version=None):
if version is None: if version is None:
version = db.load('settings').get('version', 0) version = db.load('settings').get('version', 0)
# Write wanted version to file for uploading to firewall nodes.
version_file = pathlib.Path.home() / 'config' / 'version'
with open(version_file, 'w') as f:
print(version, file=f)
nodes = db.read('nodes') nodes = db.read('nodes')
tar_file = pathlib.Path.home() / 'config' / f'{version}.tar.gz' tar_file = pathlib.Path.home() / 'config' / f'{version}.tar.gz'
@ -186,17 +181,19 @@ def push(version=None):
syslog.syslog(f'wanted to push version {version} but {version}.tar.gz doesn’t exist') syslog.syslog(f'wanted to push version {version} but {version}.tar.gz doesn’t exist')
return return
# Push config tarfile. # Push config tarfile to node. There sshd runs a forced command that
syslog.syslog(f'updating {node} from {node_version} to {version}') # reads in a tarball, copies files to /etc and reloads services.
result = subprocess.run([f'sftp -o ConnectTimeout=10 root@{node}'], syslog.syslog(f'updating config for {node} from v{node_version} to v{version}')
shell=True, text=True, capture_output=True, result = subprocess.run([f'ssh -T -o ConnectTimeout=10 root@{node}'],
input=f'put {tar_file}\nput {version_file}\n') stdin=open(tar_file), shell=True, capture_output=True)
if result.returncode == 0: if result.returncode == 0:
nodes[node] = version nodes[node] = version
db.write('nodes', nodes) db.write('nodes', nodes)
syslog.syslog(f'successfully updated config for {node} to v{version}')
else: else:
syslog.syslog(f'error updating node {node}: {result.stderr}')
done = False done = False
syslog.syslog(f'error updating config for node {node} to v{version}: {result.stderr}')
# TODO notify by mail
return done return done
except Exception as e: except Exception as e: