From bd87f53c8662fe7602a4fe7aa804e67c4d1ced42 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Wed, 31 Jan 2024 12:06:23 -0500 Subject: [PATCH] install-aws-server: Build a tool to smuggle scripts inline in the bootdata. --- puppet/zulip_ops/files/install-aws-cli | 3 --- tools/setup/bootstrap-aws-installer | 9 +++++++-- tools/setup/install-aws-server | 9 +++++++-- tools/setup/pack-local-script | 23 +++++++++++++++++++++++ 4 files changed, 37 insertions(+), 7 deletions(-) create mode 100755 tools/setup/pack-local-script diff --git a/puppet/zulip_ops/files/install-aws-cli b/puppet/zulip_ops/files/install-aws-cli index 179a5ee0c7..1a1086b70f 100755 --- a/puppet/zulip_ops/files/install-aws-cli +++ b/puppet/zulip_ops/files/install-aws-cli @@ -29,6 +29,3 @@ if [ ! -d "/srv/zulip-aws-tools/v2/$AWS_CLI_VERSION" ]; then ) rm -rf awscli.zip awscli.zip.sha256 aws/ fi - -# shellcheck disable=SC2034 -AWS="/srv/zulip-aws-tools/bin/aws" diff --git a/tools/setup/bootstrap-aws-installer b/tools/setup/bootstrap-aws-installer index 048bb190e0..bb9bbc09dd 100644 --- a/tools/setup/bootstrap-aws-installer +++ b/tools/setup/bootstrap-aws-installer @@ -38,8 +38,13 @@ export DEBIAN_FRONTEND=noninteractive apt-get -qy autoclean ) -# The following line gets subbed in with the contents of install-aws-cli -AWS= +# The following line gets subbed in by a call to pack-local-script, +# which will make $AWS_INSTALLER the path to a local copy of install-aws-cli +AWS_INSTALLER="inline!puppet/zulip_ops/files/install-aws-cli" + +# We then call it, to install the AWS CLI +"$AWS_INSTALLER" +AWS=/srv/zulip-aws-tools/bin/aws # Set up a bare-bones AWS configuration mkdir -p /root/.aws diff --git a/tools/setup/install-aws-server b/tools/setup/install-aws-server index 0df30181d7..c6955aa0e1 100755 --- a/tools/setup/install-aws-server +++ b/tools/setup/install-aws-server @@ -78,7 +78,8 @@ set -x cd "$(dirname "$0")/../.." -source ./puppet/zulip_ops/files/install-aws-cli +./puppet/zulip_ops/files/install-aws-cli +AWS=/srv/zulip-aws-tools/bin/aws zulip_install_config_file="$HOME/.zulip-install-server.conf" if [ ! -f "$zulip_install_config_file" ]; then @@ -157,7 +158,11 @@ BOOTDATA=$(mktemp) echo "REPO_URL=$REPO_URL" echo "BRANCH=$BRANCH" echo "SSH_SECRET_ID=$SSH_SECRET_ID" - sed '/^AWS=/ r ./puppet/zulip_ops/files/install-aws-cli' bootstrap-aws-installer + # Replace anything which looks like FOO="inline!bar/baz" with the + # output of pack-local-script, which will make "$FOO" inside the + # $BOOTDATA be the path to that script (smuggled inline and + # unpacked before use). + perl -ple 's|^(\w+)="inline!([^"]+)"|qx(./tools/setup/pack-local-script $1 $2)|e' ./tools/setup/bootstrap-aws-installer } >>"$BOOTDATA" TAG_ROLE_NAMES="$ROLES" diff --git a/tools/setup/pack-local-script b/tools/setup/pack-local-script new file mode 100755 index 0000000000..0cbe0e652b --- /dev/null +++ b/tools/setup/pack-local-script @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# This tool generates code in shell which is meant to be inline'd into +# a larger script; called with a variable name and a path, it produces +# a script which will result in that variable being set to the path to +# the contents of that path. +# +# This is used in bootstrap-aws-installer to bundle local files into +# the EC2 user data, so that those canonical versions can be used to +# bootstrap the host. +set -eu + +var="$1" +file="$2" + +encoded="$(gzip --stdout "$file" | base64)" +cat < "\$$var" +$encoded +encoded-shell-script +embedded-shell-output