npm - underpost - Versions diffs - 2.99.5 → 2.99.6 - Mend

underpost 2.99.5 → 2.99.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +3 -3
package/baremetal/commission-workflows.json +43 -6
package/bin/deploy.js +3 -0
package/cli.md +39 -15
package/examples/static-page/README.md +80 -13
package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml +40 -0
package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml +40 -0
package/manifests/deployment/dd-default-development/deployment.yaml +2 -2
package/manifests/deployment/dd-test-development/deployment.yaml +2 -2
package/package.json +2 -3
package/scripts/maas-setup.sh +13 -9
package/scripts/rocky-kickstart.sh +294 -0
package/src/cli/baremetal.js +229 -233
package/src/cli/cloud-init.js +25 -43
package/src/cli/index.js +40 -5
package/src/cli/kickstart.js +149 -0
package/src/cli/run.js +43 -10
package/src/cli/static.js +27 -1
package/src/client/components/core/Docs.js +22 -3
package/src/index.js +12 -1
package/src/server/backup.js +11 -4
package/src/server/client-build-docs.js +1 -1
package/src/server/conf.js +0 -22
package/src/server/cron.js +339 -130
package/src/server/dns.js +10 -0

package/scripts/rocky-kickstart.sh ADDED Viewed

@@ -0,0 +1,294 @@
+#!/bin/bash
+# Rocky Linux 9 - Anaconda %pre Ephemeral Commissioning Script
+# Variables ROOT_PASS, AUTHORIZED_KEYS, ADMIN_USER must be set before this script runs.
+set +e
+# 1. Set root password
+if [ -n "$ROOT_PASS" ]; then
+  echo "root:$ROOT_PASS" | chpasswd 2>/dev/null || \
+    echo "$ROOT_PASS" | passwd --stdin root 2>/dev/null || {
+      HASH=$(python3 -c "import crypt; print(crypt.crypt('$ROOT_PASS', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || \
+             openssl passwd -6 "$ROOT_PASS" 2>/dev/null)
+      [ -n "$HASH" ] && sed -i "s|^root:[^:]*:|root:$HASH:|" /etc/shadow 2>/dev/null
+    }
+fi
+# 2. SSH authorized_keys for root
+if [ -n "$AUTHORIZED_KEYS" ]; then
+  mkdir -p /root/.ssh && chmod 700 /root/.ssh
+  echo "$AUTHORIZED_KEYS" > /root/.ssh/authorized_keys
+  chmod 600 /root/.ssh/authorized_keys
+fi
+# 3. Create admin user
+if command -v useradd >/dev/null 2>&1; then
+  useradd -m -G wheel "$ADMIN_USER" 2>/dev/null || true
+else
+  NEXT_UID=$(awk -F: 'BEGIN{max=999} $3>max && $3<60000{max=$3} END{print max+1}' /etc/passwd 2>/dev/null || echo 1001)
+  if ! grep -q "^$ADMIN_USER:" /etc/passwd 2>/dev/null; then
+    echo "$ADMIN_USER:x:$NEXT_UID:$NEXT_UID:$ADMIN_USER:/home/$ADMIN_USER:/bin/bash" >> /etc/passwd
+    echo "$ADMIN_USER:x:$NEXT_UID:" >> /etc/group 2>/dev/null
+    echo "$ADMIN_USER:!:19000:0:99999:7:::" >> /etc/shadow 2>/dev/null
+    mkdir -p /home/$ADMIN_USER
+  fi
+fi
+if [ -n "$ROOT_PASS" ]; then
+  echo "$ADMIN_USER:$ROOT_PASS" | chpasswd 2>/dev/null || \
+    echo "$ROOT_PASS" | passwd --stdin "$ADMIN_USER" 2>/dev/null || {
+      HASH=$(python3 -c "import crypt; print(crypt.crypt('$ROOT_PASS', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || \
+             openssl passwd -6 "$ROOT_PASS" 2>/dev/null)
+      [ -n "$HASH" ] && sed -i "s|^$ADMIN_USER:[^:]*:|$ADMIN_USER:$HASH:|" /etc/shadow 2>/dev/null
+    }
+fi
+if [ -n "$AUTHORIZED_KEYS" ]; then
+  mkdir -p /home/$ADMIN_USER/.ssh && chmod 700 /home/$ADMIN_USER/.ssh
+  echo "$AUTHORIZED_KEYS" > /home/$ADMIN_USER/.ssh/authorized_keys
+  chmod 600 /home/$ADMIN_USER/.ssh/authorized_keys
+  chown -R $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh 2>/dev/null || true
+fi
+if [ -d /etc/sudoers.d ]; then
+  echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$ADMIN_USER
+  chmod 0440 /etc/sudoers.d/$ADMIN_USER
+elif [ -f /etc/sudoers ]; then
+  echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+fi
+# 4. Configure sshd
+if [ -f /etc/ssh/sshd_config ]; then
+  sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config
+  grep -q "^PasswordAuthentication" /etc/ssh/sshd_config || echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
+  grep -q "^PermitRootLogin" /etc/ssh/sshd_config || echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
+  grep -q "^PubkeyAuthentication" /etc/ssh/sshd_config || echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
+else
+  mkdir -p /etc/ssh
+  cat > /etc/ssh/sshd_config << 'SSHEOF'
+Port 22
+PermitRootLogin yes
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys
+PasswordAuthentication yes
+ChallengeResponseAuthentication yes
+KbdInteractiveAuthentication yes
+UsePAM yes
+Subsystem sftp /usr/libexec/openssh/sftp-server
+SSHEOF
+fi
+if [ -d /etc/ssh/sshd_config.d ]; then
+  cat > /etc/ssh/sshd_config.d/00-underpost.conf << 'SSHCONF'
+PermitRootLogin yes
+PasswordAuthentication yes
+PubkeyAuthentication yes
+KbdInteractiveAuthentication yes
+SSHCONF
+fi
+if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+  ssh-keygen -A 2>/dev/null || {
+    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" 2>/dev/null
+    ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" 2>/dev/null
+    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" 2>/dev/null
+  }
+fi
+# 5. Initialize rpmdb and dnf repos
+mkdir -p /var/lib/rpm /var/cache/dnf /var/log/dnf /etc/yum.repos.d /etc/pki/rpm-gpg /etc/dnf/vars
+echo "9" > /etc/dnf/vars/releasever
+if ! grep -q "^VERSION_ID=" /etc/os-release 2>/dev/null; then
+  cat > /etc/os-release << 'OSREL'
+NAME="Rocky Linux"
+VERSION="9"
+ID="rocky"
+ID_LIKE="rhel centos fedora"
+VERSION_ID="9"
+PLATFORM_ID="platform:el9"
+PRETTY_NAME="Rocky Linux 9 (Ephemeral Anaconda)"
+ANSI_COLOR="0;32"
+HOME_URL="https://rockylinux.org/"
+OSREL
+fi
+[ ! -f /etc/system-release ] && echo "Rocky Linux release 9 (Ephemeral)" > /etc/system-release
+rpm --initdb 2>/dev/null || rpmdb --initdb 2>/dev/null || {
+  if command -v python3 >/dev/null 2>&1; then
+    python3 -c "
+import sqlite3, os
+db_path = '/var/lib/rpm/rpmdb.sqlite'
+if not os.path.exists(db_path):
+    conn = sqlite3.connect(db_path)
+    conn.execute('CREATE TABLE IF NOT EXISTS Packages (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Name (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Basenames (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Installtid (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Providename (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Requirename (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Dirnames (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Sha1header (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Sigmd5 (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.commit()
+    conn.close()
+" 2>/dev/null
+  fi
+}
+chmod -R 755 /var/lib/rpm 2>/dev/null
+REPO_ARCH=$(uname -m)
+rpm --import https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9 2>/dev/null || \
+  curl -fsSL https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9 -o /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 2>/dev/null || true
+cat > /etc/dnf/dnf.conf << 'DNFCONF'
+[main]
+gpgcheck=1
+installonly_limit=3
+clean_requirements_on_remove=True
+best=True
+skip_if_unavailable=True
+install_weak_deps=False
+tsflags=nodocs
+DNFCONF
+cat > /etc/yum.repos.d/rocky-baseos.repo << REPOEOF
+[baseos]
+name=Rocky Linux 9 - BaseOS
+baseurl=http://dl.rockylinux.org/pub/rocky/9/BaseOS/$REPO_ARCH/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF
+cat > /etc/yum.repos.d/rocky-appstream.repo << REPOEOF2
+[appstream]
+name=Rocky Linux 9 - AppStream
+baseurl=http://dl.rockylinux.org/pub/rocky/9/AppStream/$REPO_ARCH/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF2
+cat > /etc/yum.repos.d/rocky-extras.repo << REPOEOF3
+[extras]
+name=Rocky Linux 9 - Extras
+baseurl=http://dl.rockylinux.org/pub/rocky/9/extras/$REPO_ARCH/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF3
+cat > /etc/yum.repos.d/rocky-crb.repo << REPOEOF4
+[crb]
+name=Rocky Linux 9 - CRB
+baseurl=http://dl.rockylinux.org/pub/rocky/9/CRB/$REPO_ARCH/os/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF4
+cat > /etc/yum.repos.d/epel.repo << REPOEOF5
+[epel]
+name=Extra Packages for Enterprise Linux 9
+metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=$REPO_ARCH
+gpgcheck=1
+enabled=1
+gpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
+skip_if_unavailable=1
+REPOEOF5
+rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 2>/dev/null || \
+  curl -fsSL https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 -o /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 2>/dev/null || true
+dnf makecache --releasever=9 --quiet 2>/dev/null || dnf makecache --releasever=9 2>/dev/null || true
+# Install sudo
+if ! command -v sudo >/dev/null 2>&1; then
+  dnf install -y --releasever=9 --nogpgcheck sudo 2>/dev/null || \
+    dnf install -y --releasever=9 --nogpgcheck --disableplugin='*' sudo 2>/dev/null || true
+fi
+if command -v sudo >/dev/null 2>&1; then
+  mkdir -p /etc/sudoers.d
+  echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$ADMIN_USER
+  chmod 0440 /etc/sudoers.d/$ADMIN_USER
+fi
+cat > /home/$ADMIN_USER/.bash_profile 2>/dev/null << PROFILEEOF
+if ! command -v sudo >/dev/null 2>&1; then
+  echo ""
+  echo "NOTE: sudo is not available. Use 'su -' to switch to root."
+  echo ""
+fi
+PROFILEEOF
+chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.bash_profile 2>/dev/null || true
+# Restart sshd
+if command -v systemctl >/dev/null 2>&1; then
+  systemctl restart sshd 2>/dev/null || systemctl restart sshd.service 2>/dev/null
+fi
+SSHD_PID=$(cat /var/run/sshd.pid 2>/dev/null || pidof sshd 2>/dev/null | awk '{print $1}')
+[ -n "$SSHD_PID" ] && kill -HUP "$SSHD_PID" 2>/dev/null
+if ! pidof sshd >/dev/null 2>&1; then
+  /usr/sbin/sshd 2>/dev/null || sshd 2>/dev/null
+fi
+# 6. Status report
+DETECTED_IP=$(ip -4 addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -d/ -f1 | head -1)
+echo ""
+echo "=============================================="
+echo "Underpost: Ephemeral SSHD Setup Complete"
+echo "=============================================="
+echo "Root login:  root / (password set: $([ -n "$ROOT_PASS" ] && echo 'yes' || echo 'no'))"
+echo "Admin user:  $ADMIN_USER / (password set: $([ -n "$ROOT_PASS" ] && echo 'yes' || echo 'no'))"
+echo "SSH keys:    $([ -n "$AUTHORIZED_KEYS" ] && echo 'configured' || echo 'NOT configured')"
+echo "sshd status: $(pidof sshd >/dev/null 2>&1 && echo "running (pid $(pidof sshd))" || echo 'NOT running')"
+echo "sudo:        $(command -v sudo >/dev/null 2>&1 && echo 'installed' || echo 'NOT available (use su -)')"
+echo "IP address:  $DETECTED_IP"
+echo "=============================================="
+# Physical console display (printf with \r\n for proper line breaks on serial/physical consoles)
+{
+  printf "\r\n"
+  printf "██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗\r\n"
+  printf "██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝\r\n"
+  printf "██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░\r\n"
+  printf "██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░\r\n"
+  printf "╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░\r\n"
+  printf "░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░\r\n"
+  printf "==============================================\r\n"
+  printf " Underpost Ephemeral Commissioning Active\r\n"
+  printf "==============================================\r\n"
+  printf " SSH as: root@%s\r\n" "$DETECTED_IP"
+  printf "     or: %s@%s\r\n" "$ADMIN_USER" "$DETECTED_IP"
+  printf " Key:    %s\r\n" "$([ -n "$AUTHORIZED_KEYS" ] && echo 'pubkey auth enabled' || echo 'password only')"
+  printf " dnf:    ready (BaseOS, AppStream, Extras, EPEL)\r\n"
+  printf "==============================================\r\n"
+  printf "\r\n"
+} > /dev/console 2>/dev/null || true
+# 7. Infinite wait loop - keep Anaconda live environment active
+while true; do
+  sleep 60
+  if ! pidof sshd >/dev/null 2>&1; then
+    echo "$(date): sshd not running, restarting..." >> /tmp/ks-pre.log
+    /usr/sbin/sshd 2>/dev/null || sshd 2>/dev/null
+  fi
+done