@underpostnet/underpost 2.99.1 → 2.99.5

package/src/cli/cloud-init.js

@@ -261,6 +261,12 @@ curl -X POST \\
      * @param {boolean} params.ubuntuToolsBuild - Flag to determine if Ubuntu tools should be built.
      * @param {string} [params.bootcmd] - Optional custom commands to run during boot.
      * @param {string} [params.runcmd] - Optional custom commands to run during first boot.
+     * @param {object} [params.write_files] - Optional array of files to write during cloud-init, each with path, permissions, owner, and content.
+     * @param {string} [params.write_files[].path] - The file path where the content will be written on the target machine.
+     * @param {string} [params.write_files[].permissions] - The file permissions to set for the written file (e.g., '0644').
+     * @param {string} [params.write_files[].owner] - The owner of the written file (e.g., 'root:root').
+     * @param {string} [params.write_files[].content] - The content to write into the file.
+     * @param {boolean} [params.write_files[].defer] - Whether to defer writing the file until the 'final' stage of cloud-init.
      * @param {object} [authCredentials={}] - Optional MAAS authentication credentials.
      * @returns {object} The generated cloud-init configuration content.
      * @memberof UnderpostCloudInit
@@ -278,6 +284,15 @@ curl -X POST \\
         ubuntuToolsBuild,
         bootcmd: bootcmdParam,
         runcmd: runcmdParam,
+        write_files = [
+          {
+            path: '',
+            permissions: '',
+            owner: '',
+            content: '',
+            defer: false,
+          },
+        ],
       },
       authCredentials = { consumer_key: '', consumer_secret: '', token_key: '', token_secret: '' },
     ) {
@@ -305,6 +320,7 @@ curl -X POST \\
       let runcmd = [
         'echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"',
         'echo "Init runcmd"',
+        'systemctl enable --now ssh',
         'echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"',
       ];
 
@@ -334,12 +350,14 @@ curl -X POST \\
             name: process.env.MAAS_ADMIN_USERNAME,
             sudo: ['ALL=(ALL) NOPASSWD:ALL'],
             shell: '/bin/bash',
-            lock_passwd: false,
+            lock_passwd: true,
             groups: 'sudo,users,admin,wheel,lxd',
-            plain_text_passwd: process.env.MAAS_ADMIN_USERNAME,
+            // plain_text_passwd: process.env.MAAS_ADMIN_USERNAME,
             ssh_authorized_keys: [fs.readFileSync(`/home/dd/engine/engine-private/deploy/id_rsa.pub`, 'utf8')],
           },
         ],
+        disable_root: true,
+        ssh_pwauth: false,
         timezone,
         ntp: {
           enabled: true,
@@ -360,6 +378,7 @@ curl -X POST \\
           'smartmontools',
           'net-tools',
           'util-linux',
+          'openssh-server',
         ],
         resize_rootfs: false,
         growpart: { mode: 'off' },
@@ -380,7 +399,7 @@ curl -X POST \\
         final_message: '====== Cloud init finished ======',
         bootcmd,
         runcmd,
-        disable_root: true,
+        write_files,
         preserve_hostname: false,
         cloud_init_modules: [
           // minimal for commissioning
@@ -394,37 +413,37 @@ curl -X POST \\
           'ssh', // enable/configure SSH for temporary access
 
           // optional modules (commented out by default)
-          // 'migrator',
-          // 'seed_random',
-          // 'growpart',
-          // 'resizefs',
-          // 'users-groups',
+          'migrator',
+          'seed_random',
+          'growpart',
+          'resizefs',
+          'users-groups',
         ],
         cloud_config_modules: [
           // minimal so MAAS can run commissioning scripts
           'runcmd', // commissioning / final script execution
           'mounts', // mount devices during commissioning if needed
-          // 'ntp',             // optional — enable if you want time sync
+          'ntp', // optional — enable if you want time sync
 
           // typically not required for basic commissioning (commented)
-          // 'emit_upstart',
-          // 'disk_setup',
-          // 'ssh-import-id',
-          // 'locale',
-          // 'set-passwords',
-          // 'grub-dpkg',
-          // 'apt-pipelining',
-          // 'apt-configure',
-          // 'package-update-upgrade-install', // heavy; do NOT enable by default
-          // 'landscape',
-          // 'timezone',
-          // 'puppet',
-          // 'chef',
-          // 'salt-minion',
-          // 'mcollective',
-          // 'disable-ec2-metadata',
-          // 'byobu',
-          // 'ssh-import-id', // duplicate in original list
+          'emit_upstart',
+          'disk_setup',
+          'ssh-import-id',
+          'locale',
+          'set-passwords',
+          'grub-dpkg',
+          'apt-pipelining',
+          'apt-configure',
+          'package-update-upgrade-install', // heavy; do NOT enable by default
+          'landscape',
+          'timezone',
+          'puppet',
+          'chef',
+          'salt-minion',
+          'mcollective',
+          'disable-ec2-metadata',
+          'byobu',
+          'ssh-import-id', // duplicate in original list
         ],
         cloud_final_modules: [
           // minimal suggestions so final scripts run and node reports status
@@ -432,64 +451,19 @@ curl -X POST \\
           'final-message', // useful for logs/reporting
 
           // optional / commented
-          // 'rightscale_userdata',
-          // 'scripts-vendor',
-          // 'scripts-per-once',
-          // 'scripts-user',
-          // 'ssh-authkey-fingerprints',
-          // 'keys-to-console',
-          // 'power-state-change', // use carefully (can poweroff/reboot)
+          'rightscale_userdata',
+          'scripts-vendor',
+          'scripts-per-once',
+          'scripts-user',
+          'ssh-authkey-fingerprints',
+          'keys-to-console',
+          'power-state-change', // use carefully (can poweroff/reboot)
         ],
       });
 
       return { cloudConfigSrc };
     },
 
-    /**
-     * @method authCredentialsFactory
-     * @description Retrieves MAAS API key credentials from the MAAS CLI.
-     * This method parses the output of `maas apikey` to extract the consumer key,
-     * consumer secret, token key, and token secret.
-     * @returns {object} An object containing the MAAS authentication credentials.
-     * @memberof UnderpostCloudInit
-     * @throws {Error} If the MAAS API key format is invalid.
-     */
-    authCredentialsFactory() {
-      // Expected formats:
-      // <consumer_key>:<consumer_token>:<secret> (older format)
-      // <consumer_key>:<consumer_secret>:<token_key>:<token_secret> (newer format)
-      // Commands used to generate API keys:
-      // maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}
-      // maas ${process.env.MAAS_ADMIN_USERNAME} account create-authorisation-token
-      // maas apikey --generate --username ${process.env.MAAS_ADMIN_USERNAME}
-      // Reference: https://github.com/CanonicalLtd/maas-docs/issues/647
-
-      const parts = shellExec(`maas apikey --with-names --username ${process.env.MAAS_ADMIN_USERNAME}`, {
-        stdout: true,
-      })
-        .trim()
-        .split(`\n`)[0] // Take only the first line of output.
-        .split(':'); // Split by colon to get individual parts.
-
-      let consumer_key, consumer_secret, token_key, token_secret;
-
-      // Determine the format of the API key and assign parts accordingly.
-      if (parts.length === 4) {
-        [consumer_key, consumer_secret, token_key, token_secret] = parts;
-      } else if (parts.length === 3) {
-        // Handle older 3-part format, setting consumer_secret as empty.
-        [consumer_key, token_key, token_secret] = parts;
-        consumer_secret = '""';
-        token_secret = token_secret.split(' MAAS consumer')[0].trim(); // Clean up token secret.
-      } else {
-        // Throw an error if the format is not recognized.
-        throw new Error('Invalid token format');
-      }
-
-      logger.info('Maas api token generated', { consumer_key, consumer_secret, token_key, token_secret });
-      return { consumer_key, consumer_secret, token_key, token_secret };
-    },
-
     /**
      * @method generateCloudConfig
      * @description Generates a generic cloud-init configuration string.
@@ -518,6 +492,7 @@ curl -X POST \\
         growpart,
         network,
         runcmd,
+        write_files,
         final_message,
         bootcmd,
         disable_root,
@@ -645,6 +620,21 @@ curl -X POST \\
         runcmd.forEach((cmd) => yaml.push(`  - ${cmd}`));
       }
 
+      if (write_files) {
+        yaml.push('write_files:');
+        write_files.forEach((file) => {
+          yaml.push(`  - path: ${file.path}`);
+          if (file.encoding) yaml.push(`    encoding: ${file.encoding}`);
+          if (file.owner) yaml.push(`    owner: ${file.owner}`);
+          if (file.permissions) yaml.push(`    permissions: '${file.permissions}'`);
+          if (file.defer) yaml.push(`    defer: ${file.defer}`);
+          if (file.content) {
+            yaml.push(`    content: |`);
+            file.content.split('\n').forEach((line) => yaml.push(`      ${line}`));
+          }
+        });
+      }
+
       if (final_message) yaml.push(`final_message: "${final_message}"`);
 
       if (bootcmd) {
@@ -669,6 +659,34 @@ curl -X POST \\
       }
 
       return yaml.join('\n');
+    } /**
+     * @method kernelParamsFactory
+     * @description Generates the kernel parameters for the target machine's bootloader configuration,
+     * including the necessary parameters to enable cloud-init with a specific configuration URL and logging settings.
+     * @param {array} cmd - The existing array of kernel parameters to which cloud-init parameters will be appended.
+     * @param {object} options - Options for generating kernel parameters.
+     * @param {string} options.ipDhcpServer - The IP address of the DHCP server.
+     * @param {object} [options.machine] - The machine information, including system_id for constructing the cloud-init configuration URL.
+     * @param {string} [options.machine.system_id] - The unique identifier of the machine, used to fetch the correct cloud-init preseed configuration from MAAS.
+     * @return {array} The modified array of kernel parameters with cloud-init parameters included.
+     * @memberof UnderpostCloudInit
+     */,
+    kernelParamsFactory(
+      macAddress,
+      cmd = [],
+      options = {
+        ipDhcpServer: '',
+        bootstrapHttpServerPort: 8888,
+        hostname: '',
+        machine: {
+          system_id: '',
+        },
+        authCredentials: { consumer_key: '', consumer_secret: '', token_key: '', token_secret: '' },
+      },
+    ) {
+      const { ipDhcpServer, bootstrapHttpServerPort, hostname } = options;
+      const cloudConfigUrl = `http://${ipDhcpServer}:${bootstrapHttpServerPort}/${hostname}/cloud-init/user-data`;
+      return cmd.concat([`cloud-config-url=${cloudConfigUrl}`]);
     },
   };
 }

package/src/cli/deploy.js

@@ -698,30 +698,12 @@ EOF`);
      * @memberof UnderpostDeploy
      */
     existsContainerFile({ podName, path }) {
-      if (podName === 'kind-worker') {
-        const isFile = JSON.parse(
-          shellExec(`docker exec ${podName} sh -c 'test -f "$1" && echo true || echo false' sh ${path}`, {
-            stdout: true,
-            disableLog: true,
-            silent: true,
-          }).trim(),
-        );
-        const isFolder = JSON.parse(
-          shellExec(`docker exec ${podName} sh -c 'test -d "$1" && echo true || echo false' sh ${path}`, {
-            stdout: true,
-            disableLog: true,
-            silent: true,
-          }).trim(),
-        );
-        return isFolder || isFile;
-      }
-      return JSON.parse(
-        shellExec(`kubectl exec ${podName} -- test -f ${path} && echo "true" || echo "false"`, {
-          stdout: true,
-          disableLog: true,
-          silent: true,
-        }).trim(),
-      );
+      const result = shellExec(`kubectl exec ${podName} -- test -f ${path} && echo "true" || echo "false"`, {
+        stdout: true,
+        disableLog: true,
+        silent: true,
+      }).trim();
+      return result === 'true';
     },
     /**
      * Checks the status of a deployment.

package/src/cli/env.js

@@ -8,6 +8,7 @@ import { getNpmRootPath, writeEnv } from '../server/conf.js';
 import fs from 'fs-extra';
 import { loggerFactory } from '../server/logger.js';
 import dotenv from 'dotenv';
+import { pbcopy } from '../server/process.js';
 
 dotenv.config();
 
@@ -72,9 +73,10 @@ class UnderpostRootEnv {
      * @param {object} options - Options for getting the environment variable.
      * @param {boolean} [options.plain=false] - If true, returns the environment variable value as a string.
      * @param {boolean} [options.disableLog=false] - If true, disables logging of the environment variable value.
+     * @param {boolean} [options.copy=false] - If true, copies the environment variable value to the clipboard.
      * @memberof UnderpostEnv
      */
-    get(key, value, options = { plain: false, disableLog: false }) {
+    get(key, value, options = { plain: false, disableLog: false, copy: false }) {
       const exeRootPath = `${getNpmRootPath()}/underpost`;
       const envPath = `${exeRootPath}/.env`;
       if (!fs.existsSync(envPath)) {
@@ -84,6 +86,7 @@ class UnderpostRootEnv {
       const env = dotenv.parse(fs.readFileSync(envPath, 'utf8'));
       if (!options.disableLog)
         options?.plain === true ? console.log(env[key]) : logger.info(`${key}(${typeof env[key]})`, env[key]);
+      if (options.copy === true) pbcopy(env[key]);
       return env[key];
     },
     /**

package/src/cli/image.js

@@ -8,7 +8,7 @@ import fs from 'fs-extra';
 import dotenv from 'dotenv';
 import { loggerFactory } from '../server/logger.js';
 import Underpost from '../index.js';
-import { getUnderpostRootPath } from '../server/conf.js';
+import { getNpmRootPath, getUnderpostRootPath } from '../server/conf.js';
 import { shellExec } from '../server/process.js';
 
 dotenv.config();
@@ -32,7 +32,7 @@ class UnderpostImage {
      * @param {boolean} [options.kind=false] - If true, load image into Kind cluster.
      * @param {boolean} [options.kubeadm=false] - If true, load image into Kubeadm cluster.
      * @param {boolean} [options.k3s=false] - If true, load image into K3s cluster.
-     * @param {string} [options.path=false] - Path to the Dockerfile context.
+     * @param {string} [options.path=''] - Path to the Dockerfile context.
      * @param {boolean} [options.dev=false] - If true, use development mode.
      * @param {string} [options.version=''] - Version tag for the image.
      * @param {string} [options.imageName=''] - Custom name for the image.
@@ -43,7 +43,7 @@ class UnderpostImage {
         kind: false,
         kubeadm: false,
         k3s: false,
-        path: false,
+        path: '',
         dev: false,
         version: '',
         imageName: '',
@@ -79,8 +79,6 @@ class UnderpostImage {
      * @param {boolean} [options.kind=false] - If true, load the image archive into a Kind cluster.
      * @param {boolean} [options.kubeadm=false] - If true, load the image archive into a Kubeadm cluster (uses 'ctr').
      * @param {boolean} [options.k3s=false] - If true, load the image archive into a K3s cluster (uses 'k3s ctr').
-     * @param {boolean} [options.secrets=false] - If true, load secrets from the .env file for the build.
-     * @param {string} [options.secretsPath=''] - Custom path to the .env file for secrets.
      * @param {boolean} [options.reset=false] - If true, perform a no-cache build.
      * @param {boolean} [options.dev=false] - If true, use development mode.
      * @memberof UnderpostImage
@@ -96,27 +94,11 @@ class UnderpostImage {
         kind: false,
         kubeadm: false,
         k3s: false,
-        secrets: false,
-        secretsPath: '',
         reset: false,
         dev: false,
       },
     ) {
-      let {
-        path,
-        imageName,
-        version,
-        imagePath,
-        dockerfileName,
-        podmanSave,
-        secrets,
-        secretsPath,
-        kind,
-        kubeadm,
-        k3s,
-        reset,
-        dev,
-      } = options;
+      let { path, imageName, version, imagePath, dockerfileName, podmanSave, kind, kubeadm, k3s, reset, dev } = options;
       if (!path) path = '.';
       if (!imageName) imageName = `rockylinux9-underpost:${Underpost.version}`;
       if (!imagePath) imagePath = '.';
@@ -126,29 +108,14 @@ class UnderpostImage {
       if (imagePath && typeof imagePath === 'string' && !fs.existsSync(imagePath))
         fs.mkdirSync(imagePath, { recursive: true });
       const tarFile = `${imagePath}/${imageName.replace(':', '_')}.tar`;
-      let secretsInput = ' ';
-      let secretDockerInput = '';
       let cache = '';
-      if (secrets === true) {
-        const envObj = dotenv.parse(
-          fs.readFileSync(
-            secretsPath && typeof secretsPath === 'string' ? secretsPath : `${getNpmRootPath()}/underpost/.env`,
-            'utf8',
-          ),
-        );
-        for (const key of Object.keys(envObj)) {
-          secretsInput += ` && export ${key}="${envObj[key]}" `; // Example: $(cat gitlab-token.txt)
-          secretDockerInput += ` --secret id=${key},env=${key} \ `;
-        }
-      }
       if (reset === true) cache += ' --rm --no-cache';
-      if (path && typeof path === 'string')
+      if (path)
         shellExec(
-          `cd ${path}${secretsInput}&& sudo podman build -f ./${
+          `cd ${path} && sudo podman build -f ./${
             dockerfileName && typeof dockerfileName === 'string' ? dockerfileName : 'Dockerfile'
-          } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache}${secretDockerInput} --network host`,
+          } -t ${imageName} --pull=never --cap-add=CAP_AUDIT_WRITE${cache} --network host`,
         );
-
       if (podmanSave === true) {
         if (fs.existsSync(tarFile)) fs.removeSync(tarFile);
         shellExec(`podman save -o ${tarFile} ${podManImg}`);

package/src/cli/index.js

@@ -138,9 +138,6 @@ program
   .option('--head-components <paths>', 'Comma-separated SSR head component paths.')
   .option('--body-components <paths>', 'Comma-separated SSR body component paths.')
 
-  .option('--deploy-id <deploy-id>', 'Build static assets for a specific deployment ID.')
-  .option('--build', 'Triggers the static build process for the specified deployment ID.')
-  .option('--build-host <build-host>', 'Sets a custom build host for static documents or assets.')
   .option('--build-path <build-path>', 'Sets a custom build path for static documents or assets.')
   .option('--env <env>', 'Sets the environment for the static build (e.g., "development", "production").')
   .option('--minify', 'Minify HTML output (default: true for production).')
@@ -165,6 +162,7 @@ program
   .option('--filter <keyword>', 'Filters the list by matching key or value (only for list operation).')
   .option('--deploy-id <deploy-id>', 'Sets the deployment configuration ID for the operation context.')
   .option('--build', 'Sets the build context for the operation.')
+  .option('--copy', 'Copies the configuration value to the clipboard (only for get operation).')
   .description(`Manages Underpost configurations using various operators.`)
   .action((...args) => Underpost.env[args[0]](args[1], args[2], args[3]));
 
@@ -320,8 +318,6 @@ program
   .option('--kubeadm', 'Set kubeadm cluster env image context management.')
   .option('--k3s', 'Set k3s cluster env image context management.')
   .option('--node-name', 'Set node name for kubeadm or k3s cluster env image context management.')
-  .option('--secrets', 'Includes Dockerfile environment secrets during the build.')
-  .option('--secrets-path [secrets-path]', 'Specifies a custom path for Dockerfile environment secrets.')
   .option('--reset', 'Performs a build without using the cache.')
   .option('--dev', 'Use development mode.')
   .option('--pull-dockerhub <dockerhub-image>', 'Sets a custom Docker Hub image for base image pulls.')
@@ -557,6 +553,20 @@ program
   .option('--retry-count <count>', 'Sets HTTPProxy per-route retry count (e.g., 3).')
   .option('--retry-per-try-timeout <duration>', 'Sets HTTPProxy retry per-try timeout (e.g., "150ms").')
   .option('--disable-private-conf-update', 'Disables updates to private configuration during execution.')
+  .option('--logs', 'Streams logs during the runner execution.')
+  .option('--monitor-status <status>', 'Sets the status to monitor for pod/resource (default: "Running").')
+  .option(
+    '--monitor-status-kind-type <kind-type>',
+    'Sets the Kubernetes resource kind type to monitor (default: "pods").',
+  )
+  .option(
+    '--monitor-status-delta-ms <milliseconds>',
+    'Sets the polling interval in milliseconds for status monitoring (default: 1000).',
+  )
+  .option(
+    '--monitor-status-max-attempts <attempts>',
+    'Sets the maximum number of status check attempts (default: 600).',
+  )
   .description('Runs specified scripts using various runners.')
   .action(Underpost.run.callback);
 
@@ -596,7 +606,13 @@ program
   .action(Underpost.lxd.callback);
 
 program
-  .command('baremetal [workflow-id] [ip-address] [hostname] [ip-file-server] [ip-config] [netmask] [dns-server]')
+  .command('baremetal [workflow-id]')
+  .option('--ip-address <ip-address>', 'The IP address of the control server or the local machine.')
+  .option('--hostname <hostname>', 'The hostname of the target baremetal machine.')
+  .option('--ip-file-server <ip-file-server>', 'The IP address of the file server (NFS/TFTP).')
+  .option('--ip-config <ip-config>', 'IP configuration string for the baremetal machine.')
+  .option('--netmask <netmask>', 'Netmask of network.')
+  .option('--dns-server <dns-server>', 'DNS server IP address.')
   .option('--control-server-install', 'Installs the baremetal control server.')
   .option('--control-server-uninstall', 'Uninstalls the baremetal control server.')
   .option('--control-server-restart', 'Restarts the baremetal control server.')
@@ -609,6 +625,10 @@ program
   )
   .option('--ipxe', 'Chainloads iPXE to normalize identity before commissioning.')
   .option('--ipxe-rebuild', 'Forces rebuild of iPXE binary with embedded boot script.')
+  .option(
+    '--ipxe-build-iso <iso-path>',
+    'Builds a standalone iPXE ISO with embedded script for the specified workflow ID.',
+  )
   .option('--install-packer', 'Installs Packer CLI.')
   .option(
     '--packer-maas-image-template <template-path>',
@@ -652,7 +672,17 @@ program
   .option('--rocky-tools-test', 'Tests rocky linux tools in chroot environment.')
   .option('--bootcmd <bootcmd-list>', 'Comma-separated list of boot commands to execute.')
   .option('--runcmd <runcmd-list>', 'Comma-separated list of run commands to execute.')
-  .option('--logs <log-id>', 'Displays logs for log id: dhcp, cloud, machine, cloud-config.')
+  .option(
+    '--logs <log-id>',
+    `Displays logs for log id: ${[
+      'dhcp',
+      'dhcp-lease',
+      'dhcp-lan',
+      'cloud-init',
+      'cloud-init-machine',
+      'cloud-init-config',
+    ]}`,
+  )
   .option('--dev', 'Sets the development context environment for baremetal operations.')
   .option('--ls', 'Lists available boot resources and machines.')
   .description(

package/src/cli/repository.js

@@ -152,6 +152,7 @@ class UnderpostRepository {
           .map((commitData, i) => `${i === 0 ? '' : ' && '}git ${diffCmd} ${commitData.hash}`)
           .join('');
         if (history[0]) {
+          let index = history.length;
           for (const commit of history) {
             console.log(
               shellExec(`git show -s --format=%ci ${commit.hash}`, {
@@ -160,7 +161,8 @@ class UnderpostRepository {
                 disableLog: true,
               }).trim().green,
             );
-            console.log(commit.hash.yellow, commit.message);
+            console.log(`${index}`.magenta, commit.hash.yellow, commit.message);
+            index--;
             console.log(
               shellExec(`git show --name-status --pretty="" ${commit.hash}`, {
                 stdout: true,