zulip/scripts/zulip-puppet-apply

115 lines
3.4 KiB
Plaintext
Raw Normal View History

#!/usr/bin/env python3
import argparse
import configparser
import os
import re
import subprocess
import sys
import tempfile
import yaml
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
sys.path.insert(0, BASE_DIR)
from scripts.lib.puppet_cache import setup_puppet_modules
from scripts.lib.zulip_tools import assert_running_as_root, parse_os_release
assert_running_as_root()
parser = argparse.ArgumentParser(description="Run Puppet")
parser.add_argument(
"--force", "-f", action="store_true", help="Do not prompt with proposed changes"
)
parser.add_argument("--noop", action="store_true", help="Do not apply the changes")
parser.add_argument("--config", default="/etc/zulip/zulip.conf", help="Alternate zulip.conf path")
args, extra_args = parser.parse_known_args()
config = configparser.RawConfigParser()
config.read(args.config)
setup_puppet_modules()
distro_info = parse_os_release()
puppet_config = """
Exec { path => "/usr/sbin:/usr/bin:/sbin:/bin" }
"""
for pclass in re.split(r"\s*,\s*", config.get("machine", "puppet_classes")):
if " " in pclass:
print(
f"The `machine.puppet_classes` setting in {args.config} must be comma-separated, not space-separated!"
)
sys.exit(1)
puppet_config += f"include {pclass}\n"
# We use the Puppet configuration from the same Zulip checkout as this script
scripts_path = os.path.join(BASE_DIR, "scripts")
puppet_module_path = os.path.join(BASE_DIR, "puppet")
puppet_cmd = [
"puppet",
"apply",
f"--modulepath={puppet_module_path}:/srv/zulip-puppet-cache/current",
"-e",
puppet_config,
]
if args.noop:
puppet_cmd += ["--noop"]
puppet_cmd += extra_args
# Set the scripts path to be a factor so it can be used by Puppet code
puppet_env = os.environ.copy()
puppet_env["FACTER_zulip_conf_path"] = args.config
puppet_env["FACTER_zulip_scripts_path"] = scripts_path
def noop_would_change(puppet_cmd: list[str]) -> bool:
# --noop does not work with --detailed-exitcodes; see
# https://tickets.puppetlabs.com/browse/PUP-686
try:
lastrun_file = tempfile.NamedTemporaryFile()
subprocess.check_call(
# puppet_cmd may already contain --noop, but it is safe to
# supply twice
[*puppet_cmd, "--noop", "--lastrunfile", lastrun_file.name],
env=puppet_env,
)
with open(lastrun_file.name) as lastrun:
lastrun_data = yaml.safe_load(lastrun)
resources = lastrun_data.get("resources", {})
if resources.get("failed", 0) != 0:
sys.exit(2)
return resources.get("out_of_sync", 0) != 0
except subprocess.CalledProcessError:
sys.exit(2)
finally:
lastrun_file.close()
if not args.noop and not args.force:
if not noop_would_change([*puppet_cmd, "--show_diff"]):
sys.exit(0)
do_apply = None
while do_apply != "y":
sys.stdout.write("Apply changes? [y/N] ")
sys.stdout.flush()
do_apply = sys.stdin.readline().strip().lower()
if do_apply in ("", "n"):
sys.exit(0)
if args.noop and args.force:
if noop_would_change(puppet_cmd):
sys.exit(1)
else:
sys.exit(0)
ret = subprocess.call([*puppet_cmd, "--detailed-exitcodes"], env=puppet_env)
# ret = 0 => no changes, no errors
# ret = 2 => changes, no errors
# ret = 4 => no changes, yes errors
# ret = 6 => changes, yes errors
if ret not in (0, 2):
sys.exit(2)