zulip/scripts/lib/puppet_cache.py

import hashlib
import json
import os
import shutil
import subprocess
import tempfile
from urllib.request import urlopen

import yaml

from .zulip_tools import run

ZULIP_PATH = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
ZULIP_SRV_PATH = "/srv"

PUPPET_MODULES_CACHE_PATH = os.path.join(ZULIP_SRV_PATH, "zulip-puppet-cache")
PUPPET_DEPS_FILE_PATH = os.path.join(ZULIP_PATH, "puppet/deps.yaml")
PUPPET_THIRDPARTY = os.path.join(PUPPET_MODULES_CACHE_PATH, "current")


def generate_sha1sum_puppet_modules() -> str:
    data = {}
    with open(PUPPET_DEPS_FILE_PATH) as fb:
        data["deps.yaml"] = fb.read().strip()
    data["puppet-version"] = subprocess.check_output(
        # This is 10x faster than `puppet --version`
        ["ruby", "-r", "puppet/version", "-e", "puts Puppet.version"],
        text=True,
    ).strip()

    sha1sum = hashlib.sha1()
    sha1sum.update(json.dumps(data, sort_keys=True).encode())
    return sha1sum.hexdigest()


def setup_puppet_modules() -> None:
    sha1sum = generate_sha1sum_puppet_modules()
    target_path = os.path.join(PUPPET_MODULES_CACHE_PATH, sha1sum)
    success_stamp = os.path.join(target_path, ".success-stamp")
    # Check if a cached version already exists
    if not os.path.exists(success_stamp):
        do_puppet_module_install(target_path, success_stamp)

    if os.path.islink(PUPPET_THIRDPARTY):
        os.remove(PUPPET_THIRDPARTY)
    elif os.path.isdir(PUPPET_THIRDPARTY):
        shutil.rmtree(PUPPET_THIRDPARTY)
    os.symlink(target_path, PUPPET_THIRDPARTY)


def do_puppet_module_install(
    target_path: str,
    success_stamp: str,
) -> None:
    os.makedirs(target_path, exist_ok=True)
    with open(PUPPET_DEPS_FILE_PATH) as yaml_file:
        deps = yaml.safe_load(yaml_file)
    for module, metadata in deps.items():
        install_puppet_module(target_path, module, metadata["version"], metadata["sha256sum"])
    with open(success_stamp, "w"):
        pass


def install_puppet_module(
    target_path: str, module: str, version: str, expected_sha256sum: str
) -> None:
    with urlopen(f"https://forgeapi.puppet.com/v3/releases/{module}-{version}") as forge_resp:
        forge_data = json.load(forge_resp)

    forge_sha256sum = forge_data["file_sha256"]
    if forge_sha256sum != expected_sha256sum:
        raise Exception(
            f"Forge API returned unexpected SHA256 sum for {module}-{version}: "
            f"expected {expected_sha256sum}, got {forge_sha256sum}"
        )

    with tempfile.NamedTemporaryFile(
        prefix=f"zulip-puppet-{module}-{version}-",
        suffix=".tar.gz",
    ) as tarball:
        with urlopen("https://forgeapi.puppet.com" + forge_data["file_uri"]) as tarball_resp:
            tarball_content = tarball_resp.read()
            local_sha256sum = hashlib.sha256(tarball_content).hexdigest()
            if local_sha256sum != expected_sha256sum:
                raise Exception(
                    f"Downloaded file had unexpected SHA256 sum for {module}-{version}: "
                    f"expected {expected_sha256sum}, got {forge_sha256sum}"
                )
            tarball.write(tarball_content)
            tarball.flush()

        run(
            [
                "puppet",
                "module",
                "--modulepath",
                target_path,
                "install",
                tarball.name,
                "--ignore-dependencies",
            ],
        )
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00			`import hashlib`
			`import json`
			`import os`
			`import shutil`
			`import subprocess`
puppet: Pin with sha256sum verification. 2023-02-23 16:52:48 +01:00			`import tempfile`
			`from urllib.request import urlopen`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00
			`import yaml`

Remove support for Ubuntu 20.04 and Debian 11. Signed-off-by: Anders Kaseorg <andersk@mit.edu> 2024-03-25 22:31:39 +01:00			`from .zulip_tools import run`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00
			`ZULIP_PATH = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))`
			`ZULIP_SRV_PATH = "/srv"`

			`PUPPET_MODULES_CACHE_PATH = os.path.join(ZULIP_SRV_PATH, "zulip-puppet-cache")`
			`PUPPET_DEPS_FILE_PATH = os.path.join(ZULIP_PATH, "puppet/deps.yaml")`
			`PUPPET_THIRDPARTY = os.path.join(PUPPET_MODULES_CACHE_PATH, "current")`


			`def generate_sha1sum_puppet_modules() -> str:`
			`data = {}`
python: Remove default "r" mode for open(). Generated automatically by pyupgrade. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-02 23:19:49 +02:00			`with open(PUPPET_DEPS_FILE_PATH) as fb:`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00			`data["deps.yaml"] = fb.read().strip()`
			`data["puppet-version"] = subprocess.check_output(`
			# This is 10x faster than `puppet --version`
			`["ruby", "-r", "puppet/version", "-e", "puts Puppet.version"],`
python: Replace universal_newlines with text. This is supported in Python ≥ 3.7. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-01-22 07:52:54 +01:00			`text=True,`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00			`).strip()`

			`sha1sum = hashlib.sha1()`
python: Remove default "utf8" argument for encode(), decode(). Partially generated by pyupgrade. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-02 23:20:39 +02:00			`sha1sum.update(json.dumps(data, sort_keys=True).encode())`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00			`return sha1sum.hexdigest()`


			`def setup_puppet_modules() -> None:`
			`sha1sum = generate_sha1sum_puppet_modules()`
			`target_path = os.path.join(PUPPET_MODULES_CACHE_PATH, sha1sum)`
			`success_stamp = os.path.join(target_path, ".success-stamp")`
			`# Check if a cached version already exists`
			`if not os.path.exists(success_stamp):`
			`do_puppet_module_install(target_path, success_stamp)`

			`if os.path.islink(PUPPET_THIRDPARTY):`
			`os.remove(PUPPET_THIRDPARTY)`
			`elif os.path.isdir(PUPPET_THIRDPARTY):`
			`shutil.rmtree(PUPPET_THIRDPARTY)`
			`os.symlink(target_path, PUPPET_THIRDPARTY)`


			`def do_puppet_module_install(`
			`target_path: str,`
			`success_stamp: str,`
			`) -> None:`
			`os.makedirs(target_path, exist_ok=True)`
python: Remove default "r" mode for open(). Generated automatically by pyupgrade. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-02 23:19:49 +02:00			`with open(PUPPET_DEPS_FILE_PATH) as yaml_file:`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00			`deps = yaml.safe_load(yaml_file)`
puppet: Pin with sha256sum verification. 2023-02-23 16:52:48 +01:00			`for module, metadata in deps.items():`
			`install_puppet_module(target_path, module, metadata["version"], metadata["sha256sum"])`
puppet: Pull in pinned puppet modules. Using puppet modules from the puppet forge judiciously will allow us to simplify the configuration somewhat; this specifically pulls in the stdlib module, which we were already using parts of. 2021-05-25 03:05:40 +02:00			`with open(success_stamp, "w"):`
			`pass`
puppet: Pin with sha256sum verification. 2023-02-23 16:52:48 +01:00

			`def install_puppet_module(`
			`target_path: str, module: str, version: str, expected_sha256sum: str`
			`) -> None:`
			`with urlopen(f"https://forgeapi.puppet.com/v3/releases/{module}-{version}") as forge_resp:`
			`forge_data = json.load(forge_resp)`

			`forge_sha256sum = forge_data["file_sha256"]`
			`if forge_sha256sum != expected_sha256sum:`
			`raise Exception(`
			`f"Forge API returned unexpected SHA256 sum for {module}-{version}: "`
			`f"expected {expected_sha256sum}, got {forge_sha256sum}"`
			`)`

			`with tempfile.NamedTemporaryFile(`
			`prefix=f"zulip-puppet-{module}-{version}-",`
			`suffix=".tar.gz",`
			`) as tarball:`
			`with urlopen("https://forgeapi.puppet.com" + forge_data["file_uri"]) as tarball_resp:`
			`tarball_content = tarball_resp.read()`
			`local_sha256sum = hashlib.sha256(tarball_content).hexdigest()`
			`if local_sha256sum != expected_sha256sum:`
			`raise Exception(`
			`f"Downloaded file had unexpected SHA256 sum for {module}-{version}: "`
			`f"expected {expected_sha256sum}, got {forge_sha256sum}"`
			`)`
			`tarball.write(tarball_content)`
			`tarball.flush()`

			`run(`
			`[`
			`"puppet",`
			`"module",`
			`"--modulepath",`
			`target_path,`
			`"install",`
			`tarball.name,`
			`"--ignore-dependencies",`
			`],`
			`)`