diff --git a/README.md b/README.md index 937f2a4..33ced47 100644 --- a/README.md +++ b/README.md @@ -6,19 +6,19 @@ The following directory structure is created: ``` /etc - /greenboot.d - /check - /required - /wanted - /green - /red +└── greenboot + ├── check + │   ├── required.d + │   └── wanted.d + ├── green.d + └── red.d ``` ### Custom Health Checks You have multiple options to customize greenboot’s health checking behaviour: -* Drop scripts representing health checks that MUST NOT FAIL in order to reach a GREEN boot status into `/etc/greenboot.d/check/required`. -* Drop scripts representing health checks that MAY FAIL into `/etc/greenboot.d/check/wanted`. +* Drop scripts representing health checks that MUST NOT FAIL in order to reach a GREEN boot status into `/etc/greenboot/check/required.d`. +* Drop scripts representing health checks that MAY FAIL into `/etc/greenboot/check/wanted.d`. * Create oneshot health check service units that MUST NOT FAIL like the following and drop them into `/etc/systemd/system` (don't forget to `systemctl enable` them afterwards): ``` [Unit] @@ -47,7 +47,7 @@ WantedBy=greenboot.target ``` ### Custom GREEN Status Procedures -* Drop scripts representing procedures you want to run after a GREEN boot status has been reached into `/etc/greenboot.d/green`. +* Drop scripts representing procedures you want to run after a GREEN boot status has been reached into `/etc/greenboot/green.d`. ### Custom RED Status Procedures -* Drop scripts representing procedures you want to run after a RED boot status has been reached into `/etc/greenboot.d/red`. +* Drop scripts representing procedures you want to run after a RED boot status has been reached into `/etc/greenboot/red.d`. diff --git a/etc/greenboot.d/check/required/00_required_scripts_start.sh b/etc/greenboot.d/check/required/00_required_scripts_start.sh deleted file mode 100644 index f02a148..0000000 --- a/etc/greenboot.d/check/required/00_required_scripts_start.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -euo pipefail - -echo "Running greenboot Required Scripts" diff --git a/etc/greenboot.d/check/wanted/00_wanted_scripts_start.sh b/etc/greenboot.d/check/wanted/00_wanted_scripts_start.sh deleted file mode 100644 index bfee53a..0000000 --- a/etc/greenboot.d/check/wanted/00_wanted_scripts_start.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -euo pipefail - -echo "Running greenboot Wanted Scripts" diff --git a/etc/greenboot/check/required.d/00_required_scripts_start.sh b/etc/greenboot/check/required.d/00_required_scripts_start.sh new file mode 100644 index 0000000..5b4f51b --- /dev/null +++ b/etc/greenboot/check/required.d/00_required_scripts_start.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail + +echo "Running greenboot Required Health Check Scripts" diff --git a/etc/greenboot/check/wanted.d/00_wanted_scripts_start.sh b/etc/greenboot/check/wanted.d/00_wanted_scripts_start.sh new file mode 100644 index 0000000..b6a9397 --- /dev/null +++ b/etc/greenboot/check/wanted.d/00_wanted_scripts_start.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail + +echo "Running greenboot Wanted Health Check Scripts" diff --git a/etc/greenboot.d/green/00_greenboot_notification.sh b/etc/greenboot/green.d/00_greenboot_notification.sh similarity index 100% rename from etc/greenboot.d/green/00_greenboot_notification.sh rename to etc/greenboot/green.d/00_greenboot_notification.sh diff --git a/etc/greenboot/green.d/01_greenboot_motd.sh b/etc/greenboot/green.d/01_greenboot_motd.sh new file mode 100644 index 0000000..f71966b --- /dev/null +++ b/etc/greenboot/green.d/01_greenboot_motd.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail + +ln -snf /etc/greenboot/motd/greenboot.motd /run/greenboot/motd diff --git a/etc/greenboot/motd/greenboot.motd b/etc/greenboot/motd/greenboot.motd new file mode 100644 index 0000000..bd20863 --- /dev/null +++ b/etc/greenboot/motd/greenboot.motd @@ -0,0 +1 @@ +Health Check SUCCEEDED. Boot Status is GREEN. diff --git a/etc/greenboot/motd/redboot.motd b/etc/greenboot/motd/redboot.motd new file mode 100644 index 0000000..be725dc --- /dev/null +++ b/etc/greenboot/motd/redboot.motd @@ -0,0 +1,2 @@ +Health Check FAILED! Boot Status is RED! +Run `journalctl -u greenboot-healthcheck` for more information. diff --git a/etc/greenboot.d/red/00_redboot_notification.sh b/etc/greenboot/red.d/00_redboot_notification.sh similarity index 100% rename from etc/greenboot.d/red/00_redboot_notification.sh rename to etc/greenboot/red.d/00_redboot_notification.sh diff --git a/etc/greenboot/red.d/01_redboot_motd.sh b/etc/greenboot/red.d/01_redboot_motd.sh new file mode 100644 index 0000000..90c5d64 --- /dev/null +++ b/etc/greenboot/red.d/01_redboot_motd.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail + +ln -snf /etc/greenboot/motd/redboot.motd /run/greenboot/motd diff --git a/etc/greenboot.d/red/98_ostree_rollback.sh b/etc/greenboot/red.d/98_ostree_rollback.sh similarity index 100% rename from etc/greenboot.d/red/98_ostree_rollback.sh rename to etc/greenboot/red.d/98_ostree_rollback.sh diff --git a/etc/greenboot.d/red/99_reboot.sh b/etc/greenboot/red.d/99_reboot.sh similarity index 100% rename from etc/greenboot.d/red/99_reboot.sh rename to etc/greenboot/red.d/99_reboot.sh diff --git a/greenboot.spec b/greenboot.spec index 902592b..c15b3f6 100644 --- a/greenboot.spec +++ b/greenboot.spec @@ -4,7 +4,7 @@ %global build_timestamp %(date +"%Y%m%d%H%M%%S") Name: greenboot -Version: 0.1 +Version: 0.2 Release: 1%{?dist} Summary: Generic Health Check Framework for systemd License: LGPLv2+ @@ -19,11 +19,12 @@ Requires: systemd %description %{summary}. -%package notifications -Summary: Notification scripts for greenboot +%package motd +Summary: MotD updater for greenboot +Requires: pam >= 1.3.1 -%description notifications -Notification scripts for greenboot +%description motd +Message of the Day updater for greenboot %package ostree Summary: OSTree specific scripts for greenboot @@ -48,16 +49,23 @@ install -Dpm 0644 usr/lib/systemd/system/greenboot.target %{buildroot}%{_unitdir install -Dpm 0644 usr/lib/systemd/system/greenboot-healthcheck.service %{buildroot}%{_unitdir}/greenboot-healthcheck.service install -Dpm 0644 usr/lib/systemd/system/greenboot.service %{buildroot}%{_unitdir}/greenboot.service install -Dpm 0644 usr/lib/systemd/system/redboot.service %{buildroot}%{_unitdir}/redboot.service -mkdir -p %{buildroot}%{_sysconfdir}/%{name}.d/check/required -install -Dpm 0755 etc/greenboot.d/check/required/00_required_scripts_start.sh %{buildroot}%{_sysconfdir}/%{name}.d/check/required/00_required_scripts_start.sh -mkdir %{buildroot}%{_sysconfdir}/%{name}.d/check/wanted -install -Dpm 0755 etc/greenboot.d/check/wanted/00_wanted_scripts_start.sh %{buildroot}%{_sysconfdir}/%{name}.d/check/wanted/00_wanted_scripts_start.sh -mkdir %{buildroot}%{_sysconfdir}/%{name}.d/green -install -Dpm 0755 etc/greenboot.d/green/00_greenboot_notification.sh %{buildroot}%{_sysconfdir}/%{name}.d/green/00_greenboot_notification.sh -mkdir %{buildroot}%{_sysconfdir}/%{name}.d/red -install -Dpm 0755 etc/greenboot.d/red/00_redboot_notification.sh %{buildroot}%{_sysconfdir}/%{name}.d/red/00_redboot_notification.sh -install -Dpm 0755 etc/greenboot.d/red/98_ostree_rollback.sh %{buildroot}%{_sysconfdir}/%{name}.d/red/98_ostree_rollback.sh -install -Dpm 0755 etc/greenboot.d/red/99_reboot.sh %{buildroot}%{_sysconfdir}/%{name}.d/red/99_reboot.sh +mkdir -p %{buildroot}%{_sysconfdir}/%{name}/check/required.d +install -Dpm 0755 etc/greenboot/check/required.d/00_required_scripts_start.sh %{buildroot}%{_sysconfdir}/%{name}/check/required.d/00_required_scripts_start.sh +mkdir %{buildroot}%{_sysconfdir}/%{name}/check/wanted.d +install -Dpm 0755 etc/greenboot/check/wanted.d/00_wanted_scripts_start.sh %{buildroot}%{_sysconfdir}/%{name}/check/wanted.d/00_wanted_scripts_start.sh +mkdir %{buildroot}%{_sysconfdir}/%{name}/green.d +install -Dpm 0755 etc/greenboot/green.d/00_greenboot_notification.sh %{buildroot}%{_sysconfdir}/%{name}/green.d/00_greenboot_notification.sh +install -Dpm 0755 etc/greenboot/green.d/01_greenboot_motd.sh %{buildroot}%{_sysconfdir}/%{name}/green.d/01_greenboot_motd.sh +mkdir %{buildroot}%{_sysconfdir}/%{name}/red.d +install -Dpm 0755 etc/greenboot/red.d/00_redboot_notification.sh %{buildroot}%{_sysconfdir}/%{name}/red.d/00_redboot_notification.sh +install -Dpm 0755 etc/greenboot/red.d/01_redboot_motd.sh %{buildroot}%{_sysconfdir}/%{name}/red.d/01_redboot_motd.sh +install -Dpm 0755 etc/greenboot/red.d/98_ostree_rollback.sh %{buildroot}%{_sysconfdir}/%{name}/red.d/98_ostree_rollback.sh +install -Dpm 0755 etc/greenboot/red.d/99_reboot.sh %{buildroot}%{_sysconfdir}/%{name}/red.d/99_reboot.sh +install -Dpm 0644 etc/greenboot/motd/greenboot.motd %{buildroot}%{_sysconfdir}/%{name}/motd/greenboot.motd +install -Dpm 0644 etc/greenboot/motd/redboot.motd %{buildroot}%{_sysconfdir}/%{name}/motd/redboot.motd +mkdir -p %{buildroot}/run/greenboot +mkdir -p %{buildroot}%{_sysconfdir}/motd.d +ln -snf /run/greenboot/motd %{buildroot}%{_sysconfdir}/motd.d/greenboot %post %systemd_post greenboot.target @@ -89,22 +97,28 @@ install -Dpm 0755 etc/greenboot.d/red/99_reboot.sh %{buildroot}%{_sysconfdir}/%{ %{_unitdir}/greenboot-healthcheck.service %{_unitdir}/greenboot.service %{_unitdir}/redboot.service -%dir %{_sysconfdir}/%{name}.d/check/required -%dir %{_sysconfdir}/%{name}.d/check/wanted -%dir %{_sysconfdir}/%{name}.d/green -%dir %{_sysconfdir}/%{name}.d/red - -%files notifications -%{_sysconfdir}/%{name}.d/check/required/00_required_scripts_start.sh -%{_sysconfdir}/%{name}.d/check/wanted/00_wanted_scripts_start.sh -%{_sysconfdir}/%{name}.d/green/00_greenboot_notification.sh -%{_sysconfdir}/%{name}.d/red/00_redboot_notification.sh +%dir %{_sysconfdir}/%{name}/check/required.d +%{_sysconfdir}/%{name}/check/required.d/00_required_scripts_start.sh +%dir %{_sysconfdir}/%{name}/check/wanted.d +%{_sysconfdir}/%{name}/check/wanted.d/00_wanted_scripts_start.sh +%dir %{_sysconfdir}/%{name}/green.d +%{_sysconfdir}/%{name}/green.d/00_greenboot_notification.sh +%dir %{_sysconfdir}/%{name}/red.d +%{_sysconfdir}/%{name}/red.d/00_redboot_notification.sh + +%files motd +%{_sysconfdir}/%{name}/motd/greenboot.motd +%{_sysconfdir}/%{name}/motd/redboot.motd +%{_sysconfdir}/%{name}/green.d/01_greenboot_motd.sh +%{_sysconfdir}/%{name}/red.d/01_redboot_motd.sh +%dir /run/greenboot +%config %{_sysconfdir}/motd.d/greenboot %files ostree -%{_sysconfdir}/%{name}.d/red/98_ostree_rollback.sh +%{_sysconfdir}/%{name}/red.d/98_ostree_rollback.sh %files reboot -%{_sysconfdir}/%{name}.d/red/99_reboot.sh +%{_sysconfdir}/%{name}/red.d/99_reboot.sh %changelog * Thu Jun 14 2018 Christian Glombek - 0.1-1 diff --git a/tests/Vagrantfile b/tests/Vagrantfile index 3d4c74a..ee749a0 100644 --- a/tests/Vagrantfile +++ b/tests/Vagrantfile @@ -10,15 +10,19 @@ Vagrant.configure("2") do |config| config.vm.provision "shell", inline: <<-SHELL curl https://copr.fedorainfracloud.org/coprs/lorbus/greenboot/repo/fedora-28/lorbus-greenboot-fedora-28.repo --output /etc/yum.repos.d/_copr_lorbus-greenboot.repo - rpm-ostree install greenboot greenboot-notifications + rpm-ostree install greenboot greenboot-motd rpm-ostree ex livefs - # mv /vagrant/10_failing_check.sh /etc/greenboot.d/check/required/10_failing_check.sh + # Uncomment the following line to test red boot status behaviour + # mv /home/vagrant/sync/10_failing_check.sh /etc/greenboot/check/required.d/10_failing_check.sh + # Add pam_motd to sshd pam config until openssh is rebuilt + # see https://src.fedoraproject.org/rpms/openssh/c/4ef6823ff4d342f144dfca9eaaa4ffe5b46a1258 + sed -i '/session optional pam_keyinit.so force revoke/a session optional pam_motd.so' /etc/pam.d/sshd systemctl enable greenboot.target systemctl start greenboot.target sleep 5 journalctl -u greenboot.target journalctl -u greenboot - journalctl -t greenboot.sh + journalctl -u greenboot-healthcheck SHELL end diff --git a/usr/libexec/greenboot/greenboot.sh b/usr/libexec/greenboot/greenboot.sh index c5dcf67..9e4fcf9 100755 --- a/usr/libexec/greenboot/greenboot.sh +++ b/usr/libexec/greenboot/greenboot.sh @@ -4,56 +4,56 @@ IFS=$'\n\t' run_required_scripts () { echo "Running Required Health Check Scripts..." - local required_scripts=`find /etc/greenboot.d/check/required -name '*.sh'` + local required_scripts=`find /etc/greenboot/check/required.d -name '*.sh'` local rc=0 for script in $required_scripts; do systemd-cat -t "$(basename $script)" bash $script || rc=$? if [ $rc -ne 0 ]; then - echo -e "\e[1;31mRequired Health Check Script '$(basename $script)' FAILURE (exit code '$rc')\e[0m" >&2 + echo "Required Health Check Script '$(basename $script)' FAILURE (exit code '$rc')" >&2 exit $rc fi - echo -e "\e[1;32mRequired Health Check Script '$(basename $script)' SUCCESS\e[0m" + echo "Required Health Check Script '$(basename $script)' SUCCESS" done } run_wanted_scripts () { echo "Running Wanted Health Check Scripts..." - local wanted_scripts=`find /etc/greenboot.d/check/wanted -name '*.sh'` + local wanted_scripts=`find /etc/greenboot/check/wanted.d -name '*.sh'` local rc=0 for script in $wanted_scripts; do systemd-cat -t "$(basename $script)" bash $script || rc=$? if [ $rc -eq 0 ]; then - echo -e "\e[1;32mWanted Health Check Script '$(basename $script)' SUCCESS\e[0m" + echo "Wanted Health Check Script '$(basename $script)' SUCCESS" else - echo -e "\e[1;31mWanted Health Check Script '$(basename $script)' FAILURE (exit code '$rc'). Continuing...\e[0m" >&2 + echo "Wanted Health Check Script '$(basename $script)' FAILURE (exit code '$rc'). Continuing..." >&2 fi done } run_green_scripts () { echo "Running Green Scripts..." - local green_scripts=`find /etc/greenboot.d/green -name '*.sh'` + local green_scripts=`find /etc/greenboot/green.d -name '*.sh'` local rc=0 for script in $green_scripts; do systemd-cat -t "$(basename $script)" bash $script || rc=$? if [ $rc -eq 0 ]; then - echo -e "\e[1;32mGreen Script '$(basename $script)' SUCCESS\e[0m" + echo "Green Script '$(basename $script)' SUCCESS" else - echo -e "\e[1;31mGreen Script '$(basename $script)' FAILURE (exit code '$rc'). Continuing...\e[0m" >&2 + echo "Green Script '$(basename $script)' FAILURE (exit code '$rc'). Continuing..." >&2 fi done } run_red_scripts () { echo "Running Red Scripts..." - local red_scripts=`find /etc/greenboot.d/red -name '*.sh'` + local red_scripts=`find /etc/greenboot/red.d -name '*.sh'` local rc=0 for script in $red_scripts; do systemd-cat -t "$(basename $script)" bash $script || rc=$? if [ $rc -eq 0 ]; then - echo -e "\e[1mRed Script '$(basename $script)' SUCCESS\e[0m" + echo "Red Script '$(basename $script)' SUCCESS" else - echo -e "\e[1;31mRed Script '$(basename $script)' FAILURE (exit code '$rc'). Continuing...\e[0m" >&2 + echo "Red Script '$(basename $script)' FAILURE (exit code '$rc'). Continuing..." >&2 fi done } @@ -70,7 +70,7 @@ case "$@" in run_red_scripts ;; *) - echo -e "\e[31mIllegal Command\e[0m" >&2 + echo "Illegal Command" >&2 exit 127 ;; esac