underpost 2.8.82 → 2.8.84

package/src/cli/baremetal.js

@@ -1,5 +1,5 @@
 import { getNpmRootPath, getUnderpostRootPath } from '../server/conf.js';
-import { pbcopy, shellExec } from '../server/process.js';
+import { openTerminal, pbcopy, shellExec } from '../server/process.js';
 import dotenv from 'dotenv';
 import { loggerFactory } from '../server/logger.js';
 import { getLocalIPv4Address } from '../server/dns.js';
@@ -75,6 +75,9 @@ class UnderpostBaremetal {
       // Set default MAC address
       let macAddress = '00:00:00:00:00:00';
 
+      // Define the debootstrap architecture.
+      let debootstrapArch;
+
       // Define the database provider ID.
       const dbProviderId = 'postgresql-17';
 
@@ -88,7 +91,7 @@ class UnderpostBaremetal {
       const callbackMetaData = {
         args: { hostname, ipAddress, workflowId },
         options,
-        runnerHost: { architecture: UnderpostBaremetal.API.getHostArch(), ip: getLocalIPv4Address() },
+        runnerHost: { architecture: UnderpostBaremetal.API.getHostArch().alias, ip: getLocalIPv4Address() },
         nfsHostPath,
         tftpRootPath,
       };
@@ -119,8 +122,23 @@ class UnderpostBaremetal {
 
       // Handle NFS shell access option.
       if (options.nfsSh === true) {
+        const { debootstrap } = UnderpostBaremetal.API.workflowsConfig[workflowId];
         // Copy the chroot command to the clipboard for easy execution.
-        pbcopy(`sudo chroot ${nfsHostPath} /usr/bin/qemu-aarch64-static /bin/bash`);
+        if (debootstrap.image.architecture !== callbackMetaData.runnerHost.architecture)
+          switch (debootstrap.image.architecture) {
+            case 'arm64':
+              pbcopy(`sudo chroot ${nfsHostPath} /usr/bin/qemu-aarch64-static /bin/bash`);
+              break;
+
+            case 'amd64':
+              pbcopy(`sudo chroot ${nfsHostPath} /usr/bin/qemu-x86_64-static /bin/bash`);
+              break;
+
+            default:
+              break;
+          }
+        else pbcopy(`sudo chroot ${nfsHostPath} /bin/bash`);
+
         return; // Exit early as this is a specific interactive operation.
       }
 
@@ -131,6 +149,7 @@ class UnderpostBaremetal {
         shellExec(`chmod +x ${underpostRoot}/manifests/maas/nat-iptables.sh`);
         shellExec(`${underpostRoot}/manifests/maas/maas-setup.sh`);
         shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`);
+        return;
       }
 
       // Handle control server uninstallation.
@@ -148,6 +167,7 @@ class UnderpostBaremetal {
         shellExec(`sudo rm -rf /etc/maas`);
         shellExec(`sudo rm -rf /var/lib/maas`);
         shellExec(`sudo rm -rf /var/log/maas`);
+        return;
       }
 
       // Handle control server database installation.
@@ -157,16 +177,26 @@ class UnderpostBaremetal {
         shellExec(
           `node ${underpostRoot}/bin/deploy pg-drop-db ${process.env.DB_PG_MAAS_NAME} ${process.env.DB_PG_MAAS_USER}`,
         );
-        shellExec(`node ${underpostRoot}/bin/deploy maas db`);
+        shellExec(`node ${underpostRoot}/bin/deploy maas-db`);
+        return;
       }
 
       // Handle control server database uninstallation.
       if (options.controlServerDbUninstall === true) {
         shellExec(`node ${underpostRoot}/bin/deploy ${dbProviderId} uninstall`);
+        return;
+      }
+
+      // Set debootstrap architecture.
+      {
+        const { architecture } = UnderpostBaremetal.API.workflowsConfig[workflowId].debootstrap.image;
+        debootstrapArch = architecture;
       }
 
       // Handle NFS mount operation.
       if (options.nfsMount === true) {
+        // Mount binfmt_misc filesystem.
+        UnderpostBaremetal.API.mountBinfmtMisc({ nfsHostPath });
         UnderpostBaremetal.API.nfsMountCallback({ hostname, workflowId, mount: true });
       }
 
@@ -185,27 +215,16 @@ class UnderpostBaremetal {
         }
         logger.info('NFS root filesystem is not mounted, building...');
 
-        // Install necessary packages for debootstrap and QEMU.
-        shellExec(`sudo dnf install -y iptables-legacy`);
-        shellExec(`sudo dnf install -y debootstrap`);
-        shellExec(`sudo dnf install kernel-modules-extra-$(uname -r)`);
-        // Reset QEMU user-static binfmt for proper cross-architecture execution.
-        shellExec(`sudo podman run --rm --privileged multiarch/qemu-user-static --reset -p yes`);
-        shellExec(`sudo modprobe binfmt_misc`);
-        shellExec(`sudo mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc`);
-
         // Clean and create the NFS host path.
         shellExec(`sudo rm -rf ${nfsHostPath}/*`);
         shellExec(`mkdir -p ${nfsHostPath}`);
-        shellExec(`sudo chown -R root:root ${nfsHostPath}`);
-        shellExec(`sudo chmod 755 ${nfsHostPath}`);
 
-        let debootstrapArch;
+        // Mount binfmt_misc filesystem.
+        UnderpostBaremetal.API.mountBinfmtMisc({ nfsHostPath });
 
         // Perform the first stage of debootstrap.
         {
           const { architecture, name } = UnderpostBaremetal.API.workflowsConfig[workflowId].debootstrap.image;
-          debootstrapArch = architecture;
           shellExec(
             [
               `sudo debootstrap`,
@@ -272,44 +291,43 @@ class UnderpostBaremetal {
         }
       }
 
-      let resources, resource, machines;
-
       // Fetch boot resources and machines if commissioning or listing.
-      if (options.commission === true || options.ls === true) {
-        resources = JSON.parse(
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-resources read`, {
-            silent: true,
-            stdout: true,
-          }),
-        ).map((o) => ({
-          id: o.id,
-          name: o.name,
-          architecture: o.architecture,
-        }));
-        if (options.ls === true) {
-          console.table(resources);
-        }
-        machines = JSON.parse(
-          shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machines read`, {
-            stdout: true,
-            silent: true,
-          }),
-        ).map((m) => ({
-          system_id: m.interface_set[0].system_id,
-          mac_address: m.interface_set[0].mac_address,
-          hostname: m.hostname,
-          status_name: m.status_name,
-        }));
-        if (options.ls === true) {
-          console.table(machines);
-        }
+
+      let resources = JSON.parse(
+        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} boot-resources read`, {
+          silent: true,
+          stdout: true,
+        }),
+      ).map((o) => ({
+        id: o.id,
+        name: o.name,
+        architecture: o.architecture,
+      }));
+      if (options.ls === true) {
+        console.table(resources);
+      }
+      let machines = JSON.parse(
+        shellExec(`maas ${process.env.MAAS_ADMIN_USERNAME} machines read`, {
+          stdout: true,
+          silent: true,
+        }),
+      ).map((m) => ({
+        system_id: m.interface_set[0].system_id,
+        mac_address: m.interface_set[0].mac_address,
+        hostname: m.hostname,
+        status_name: m.status_name,
+      }));
+      if (options.ls === true) {
+        console.table(machines);
       }
 
       // Handle commissioning tasks (placeholder for future implementation).
       if (options.commission === true) {
         const { firmwares, networkInterfaceName, maas, netmask, menuentryStr } =
           UnderpostBaremetal.API.workflowsConfig[workflowId];
-        resource = resources.find((o) => o.architecture === maas.image.architecture && o.name === maas.image.name);
+        const resource = resources.find(
+          (o) => o.architecture === maas.image.architecture && o.name === maas.image.name,
+        );
         logger.info('Commissioning resource', resource);
 
         // Clean and create TFTP root path.
@@ -466,8 +484,12 @@ menuentry '${menuentryStr}' {
         shellExec(`sudo sudo chmod 755 ${process.env.TFTP_ROOT}`);
       }
 
-      // Build cloud-init tools if commissioning or updating cloud-init.
+      // Final commissioning steps.
       if (options.commission === true || options.cloudInitUpdate === true) {
+        const { debootstrap, networkInterfaceName, chronyc, maas } = UnderpostBaremetal.API.workflowsConfig[workflowId];
+        const { timezone, chronyConfPath } = chronyc;
+
+        // Build cloud-init tools.
         UnderpostCloudInit.API.buildTools({
           workflowId,
           nfsHostPath,
@@ -475,15 +497,6 @@ menuentry '${menuentryStr}' {
           callbackMetaData,
           dev: options.dev,
         });
-      }
-
-      // Final commissioning steps.
-      if (options.commission === true) {
-        const { debootstrap, networkInterfaceName, chronyc, maas } = UnderpostBaremetal.API.workflowsConfig[workflowId];
-        const { timezone, chronyConfPath } = chronyc;
-
-        // Remove existing machines from MAAS.
-        machines = UnderpostBaremetal.API.removeMachines({ machines });
 
         // Run cloud-init reset and configure cloud-init.
         UnderpostBaremetal.API.crossArchRunner({
@@ -491,7 +504,8 @@ menuentry '${menuentryStr}' {
           debootstrapArch: debootstrap.image.architecture,
           callbackMetaData,
           steps: [
-            `/underpost/reset.sh`,
+            options.cloudInitUpdate === true ? '' : `/underpost/reset.sh`,
+            `chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo`,
             UnderpostCloudInit.API.configFactory({
               controlServerIp: callbackMetaData.runnerHost.ip,
               hostname,
@@ -505,6 +519,8 @@ menuentry '${menuentryStr}' {
           ],
         });
 
+        if (options.cloudInitUpdate === true) return;
+
         // Apply NAT iptables rules.
         shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
 
@@ -533,6 +549,9 @@ menuentry '${menuentryStr}' {
           ],
         });
 
+        // Remove existing machines from MAAS.
+        machines = UnderpostBaremetal.API.removeMachines({ machines });
+
         // Monitor commissioning process.
         UnderpostBaremetal.API.commissionMonitor({
           macAddress,
@@ -680,18 +699,8 @@ menuentry '${menuentryStr}' {
               fs.writeFileSync(`${nfsHostPath}/underpost/token-secret`, token_secret, 'utf8');
 
               // Open new terminals for live cloud-init logs.
-              shellExec(
-                `gnome-terminal -- bash -c "node ${underpostRoot}/bin baremetal --logs cloud; exec bash" & disown`,
-                {
-                  async: true,
-                },
-              );
-              shellExec(
-                `gnome-terminal -- bash -c "node ${underpostRoot}/bin baremetal --logs machine; exec bash" & disown`,
-                {
-                  async: true,
-                },
-              );
+              openTerminal(`node ${underpostRoot}/bin baremetal --logs cloud`);
+              openTerminal(`node ${underpostRoot}/bin baremetal --logs machine`);
             } catch (error) {
               logger.error(error, error.stack);
             } finally {
@@ -710,6 +719,29 @@ menuentry '${menuentryStr}' {
       }
     },
 
+    /**
+     * @method mountBinfmtMisc
+     * @description Mounts the binfmt_misc filesystem to enable QEMU user-static binfmt support.
+     * This is necessary for cross-architecture execution within a chroot environment.
+     * @param {object} params - The parameters for the function.
+     * @param {string} params.nfsHostPath - The path to the NFS root filesystem on the host.
+     * @returns {void}
+     */
+    mountBinfmtMisc({ nfsHostPath }) {
+      // Install necessary packages for debootstrap and QEMU.
+      shellExec(`sudo dnf install -y iptables-legacy`);
+      shellExec(`sudo dnf install -y debootstrap`);
+      shellExec(`sudo dnf install kernel-modules-extra-$(uname -r)`);
+      // Reset QEMU user-static binfmt for proper cross-architecture execution.
+      shellExec(`sudo podman run --rm --privileged multiarch/qemu-user-static --reset -p yes`);
+      // Mount binfmt_misc filesystem.
+      shellExec(`sudo modprobe binfmt_misc`);
+      shellExec(`sudo mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc`);
+      // Set ownership and permissions for the NFS host path.
+      shellExec(`sudo chown -R root:root ${nfsHostPath}`);
+      shellExec(`sudo chmod 755 ${nfsHostPath}`);
+    },
+
     /**
      * @method removeMachines
      * @description Deletes all specified machines from MAAS.
@@ -903,8 +935,8 @@ EOF`);
     getHostArch() {
       // `uname -m` returns e.g. 'x86_64' or 'aarch64'
       const machine = shellExec('uname -m', { stdout: true }).trim();
-      if (machine === 'x86_64') return 'amd64';
-      if (machine === 'aarch64') return 'arm64';
+      if (machine === 'x86_64') return { alias: 'amd64', name: 'x86_64' };
+      if (machine === 'aarch64') return { alias: 'arm64', name: 'aarch64' };
       throw new Error(`Unsupported host architecture: ${machine}`);
     },
 

package/src/cli/cloud-init.js

@@ -198,17 +198,23 @@ TOKEN_SECRET=$(cat /underpost/token-secret)
 echo ">>> Starting MAAS machine commissioning for system_id: $MACHINE_ID …"
 
 curl -X POST \\
- --fail --location --verbose --include --raw --trace-ascii /dev/stdout\\
- --header "Authorization:\\
- OAuth oauth_version=1.0,\\
- oauth_signature_method=PLAINTEXT,\\
- oauth_consumer_key=$CONSUMER_KEY,\\
- oauth_token=$TOKEN_KEY,\\
- oauth_signature=&$TOKEN_SECRET,\\
- oauth_nonce=$(uuidgen),\\
- oauth_timestamp=$(date +%s)"\\
- http://${callbackMetaData.runnerHost.ip}:5240/MAAS/api/2.0/machines/$MACHINE_ID/op-commission \\
- 2>&1 | tee /underpost/enlistment.log || echo "ERROR: MAAS commissioning returned code $?"`,
+  --fail --location --verbose --include --raw --trace-ascii /dev/stdout\\
+  --header "Authorization:\\
+  OAuth oauth_version=1.0,\\
+  oauth_signature_method=PLAINTEXT,\\
+  oauth_consumer_key=$CONSUMER_KEY,\\
+  oauth_token=$TOKEN_KEY,\\
+  oauth_signature=&$TOKEN_SECRET,\\
+  oauth_nonce=$(uuidgen),\\
+  oauth_timestamp=$(date +%s)"\\
+  -F "commissioning_scripts=20-maas-01-install-lldpd"\\
+  -F "enable_ssh=1"\\
+  -F "skip_bmc_config=1"\\
+  -F "skip_networking=1"\\
+  -F "skip_storage=1"\\
+  -F "testing_scripts=none"\\
+  http://${callbackMetaData.runnerHost.ip}:5240/MAAS/api/2.0/machines/$MACHINE_ID/op-commission \\
+  2>&1 | tee /underpost/enlistment.log || echo "ERROR: MAAS commissioning returned code $?"`,
             'utf8',
           );
 
@@ -365,6 +371,9 @@ packages:
   - htop
   - snapd
   - chrony
+  - lldpd
+  - lshw
+
 resize_rootfs: false
 growpart:
   mode: "off"
@@ -470,7 +479,7 @@ cloud_final_modules:
   - scripts-per-once
   - scripts-per-boot
 #  - scripts-per-instance
-#  - scripts-user
+  - scripts-user
   - ssh-authkey-fingerprints
   - keys-to-console
 #  - phone-home