Add host-mode heartbeat: vetting-agent host + last-seen badge
CI / Lint + build + test (push) Has been cancelled
CI / Lint + build + test (push) Has been cancelled
vetting-agent gains a `host` subcommand that runs as a systemd service
installed by the quick-register one-liner, POSTing every 30s to
/api/v1/hosts/{mac}/heartbeat so the dashboard tile shows "online" or
"Nm ago" without waiting on WoL. Ships dormant client code for the
Phase 2 reboot_for_vetting command so the server can flip it on later
without a binary redeploy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+32
-11
@@ -25,30 +25,36 @@
|
||||
set -euo pipefail
|
||||
|
||||
BINARY=""
|
||||
AGENT_BINARY=""
|
||||
CONFIG_DIR="/etc/vetting"
|
||||
STATE_DIR="/var/lib/vetting"
|
||||
LOG_DIR="/var/log/vetting"
|
||||
ASSET_DIR="/var/lib/vetting/assets"
|
||||
SERVICE_USER="vetting"
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $0 [--binary PATH] [--config-dir DIR]
|
||||
Usage: $0 [--binary PATH] [--agent-binary PATH] [--config-dir DIR]
|
||||
|
||||
--binary PATH Path to a pre-built vetting binary (default:
|
||||
auto-detect ../bin/vetting-linux-amd64 relative to
|
||||
this script).
|
||||
--config-dir DIR Where to install vetting.yaml + systemd unit drop
|
||||
(default: /etc/vetting).
|
||||
-h, --help Print this message.
|
||||
--binary PATH Path to a pre-built vetting binary (default:
|
||||
auto-detect ../bin/vetting-linux-amd64 relative to
|
||||
this script).
|
||||
--agent-binary PATH Path to a pre-built vetting-agent linux-amd64 binary
|
||||
served at /assets/vetting-agent-linux-amd64 for the
|
||||
quick-register one-liner (default: auto-detect).
|
||||
--config-dir DIR Where to install vetting.yaml + systemd unit drop
|
||||
(default: /etc/vetting).
|
||||
-h, --help Print this message.
|
||||
EOF
|
||||
}
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--binary) BINARY="$2"; shift 2 ;;
|
||||
--config-dir) CONFIG_DIR="$2"; shift 2 ;;
|
||||
-h|--help) usage; exit 0 ;;
|
||||
*) echo "unknown arg: $1" >&2; usage; exit 2 ;;
|
||||
--binary) BINARY="$2"; shift 2 ;;
|
||||
--agent-binary) AGENT_BINARY="$2"; shift 2 ;;
|
||||
--config-dir) CONFIG_DIR="$2"; shift 2 ;;
|
||||
-h|--help) usage; exit 0 ;;
|
||||
*) echo "unknown arg: $1" >&2; usage; exit 2 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
@@ -73,6 +79,19 @@ if [[ -z "${BINARY}" || ! -x "${BINARY}" ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${AGENT_BINARY}" ]]; then
|
||||
for cand in \
|
||||
"${REPO_ROOT}/bin/vetting-agent.linux-amd64" \
|
||||
"${REPO_ROOT}/bin/vetting-agent-linux-amd64" \
|
||||
"${SCRIPT_DIR}/vetting-agent-linux-amd64"; do
|
||||
if [[ -x "${cand}" ]]; then AGENT_BINARY="${cand}"; break; fi
|
||||
done
|
||||
fi
|
||||
if [[ -z "${AGENT_BINARY}" || ! -x "${AGENT_BINARY}" ]]; then
|
||||
echo "could not find a vetting-agent binary; pass --agent-binary PATH or run 'make agent-linux' first" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "==> installing runtime dependencies"
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get update -qq
|
||||
@@ -90,10 +109,12 @@ fi
|
||||
echo "==> preparing directories"
|
||||
install -d -m 0755 -o "${SERVICE_USER}" -g "${SERVICE_USER}" "${STATE_DIR}"
|
||||
install -d -m 0755 -o "${SERVICE_USER}" -g "${SERVICE_USER}" "${LOG_DIR}"
|
||||
install -d -m 0755 -o "${SERVICE_USER}" -g "${SERVICE_USER}" "${ASSET_DIR}"
|
||||
install -d -m 0755 "${CONFIG_DIR}"
|
||||
|
||||
echo "==> installing binary"
|
||||
install -m 0755 "${BINARY}" /usr/local/bin/vetting
|
||||
install -m 0755 "${AGENT_BINARY}" "${ASSET_DIR}/vetting-agent-linux-amd64"
|
||||
|
||||
echo "==> installing config and systemd unit"
|
||||
# vetting.production.yaml uses absolute /var/lib/vetting + /var/log/vetting
|
||||
|
||||
@@ -41,6 +41,13 @@ pxe:
|
||||
tftp_root: "" # holds ipxe.efi + undionly.kpxe
|
||||
live_dir: "" # holds vmlinuz + initrd.img; served at /live/*
|
||||
|
||||
agent:
|
||||
# Directory containing vetting-agent-linux-amd64. The quick-register
|
||||
# one-liner downloads from /assets/vetting-agent-linux-amd64 and
|
||||
# installs it as a systemd service so the host keeps heartbeating.
|
||||
# Leave empty to disable the /assets/* route.
|
||||
asset_dir: "./var/assets"
|
||||
|
||||
# Notifications fire on StageFailed, SpecMismatch, HoldingOpened,
|
||||
# RunCompleted. Declare one or more notifiers and route each event
|
||||
# kind (and optionally severity) to a notifier by name. Delivery is
|
||||
|
||||
@@ -39,6 +39,11 @@ pxe:
|
||||
tftp_root: "/var/lib/vetting/tftp" # holds ipxe.efi + undionly.kpxe
|
||||
live_dir: "/var/lib/vetting/live" # holds vmlinuz + initrd.img; served at /live/*
|
||||
|
||||
agent:
|
||||
# Directory holding vetting-agent-linux-amd64, served at
|
||||
# /assets/vetting-agent-linux-amd64. install.sh drops the binary here.
|
||||
asset_dir: "/var/lib/vetting/assets"
|
||||
|
||||
# Notifications fire on StageFailed, SpecMismatch, HoldingOpened,
|
||||
# RunCompleted. Declare one or more notifiers and route each event
|
||||
# kind (and optionally severity) to a notifier by name. Delivery is
|
||||
|
||||
Reference in New Issue
Block a user