diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2014-03-03 16:00:22 +0000 |
|---|---|---|
| committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2014-03-04 14:48:04 +0000 |
| commit | 5843afcd9bc657479aca06419d0c0427f73c9ef4 (patch) | |
| tree | 89701f1c63a11da664cebd11185bc00f2ab75d32 /tests.deploy | |
| parent | 25e6196c435dc9f9b71440f22879ea91beca41e6 (diff) | |
| download | morph-5843afcd9bc657479aca06419d0c0427f73c9ef4.tar.gz | |
deploy: Record deployment information in deployed system
This commit introduces a new requirement: USERS MUST NOT HAVE SENSITIVE
DATA IN THEIR ENVIRONMENT. Otherwise it will be leaked into the system.
Note that configuration fields with 'PASSWORD' in their name are
stripped before writing the /baserock/deployment.meta file, so the
OpenStack OS_PASSWORD field is not leaked.
We want this so that we can run hooks at upgrade-time in the future.
These hooks might need to know how the system was configured and what
releaseuu it was. I'm not quite sure how we will define 'release' yet,
but by using `git tag` and `git describe` we are able to textually label
a time period in the history of the system's source code. We already
have the specific SHA1 of definitions.git stored in the system metadata,
so this should give us enough to be able to implement specific hooks
that work around any awkward upgrade complications we encounter in the
future.
Diffstat (limited to 'tests.deploy')
| -rwxr-xr-x | tests.deploy/deploy-cluster.script | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/tests.deploy/deploy-cluster.script b/tests.deploy/deploy-cluster.script index 0efc8d3c..3ef60479 100755 --- a/tests.deploy/deploy-cluster.script +++ b/tests.deploy/deploy-cluster.script @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2013 Codethink Limited +# Copyright (C) 2013-2014 Codethink Limited # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -29,8 +29,11 @@ cd "$DATADIR/workspace/branch1" "$SRCDIR/scripts/test-morph" build linux-system +GIT_DIR=test:morphs/.git git tag -a my-test-tag -m "Example tag" HEAD + "$SRCDIR/scripts/test-morph" --log "$DATADIR/deploy.log" \ deploy test_cluster \ + linux-system-2.EXAMPLE_PASSWORD="secret" \ linux-system-2.HOSTNAME="baserock-rocks-even-more" \ > /dev/null @@ -44,3 +47,15 @@ hostname2=$(tar -xf $outputdir/linux-system-2.tar ./etc/hostname -O) [ "$hostname1" = baserock-rocks ] [ "$hostname2" = baserock-rocks-even-more ] + +tar -xf $outputdir/linux-system-2.tar ./baserock/deployment.meta +metadata=baserock/deployment.meta + +# Check that 'git describe' of definitions repo was stored correctly +echo -n "definitions-version: " +"$SRCDIR/scripts/yaml-extract" $metadata definitions-version + +echo -n "configuration.HOSTNAME: " +"$SRCDIR/scripts/yaml-extract" $metadata configuration HOSTNAME + +! (grep -q "EXAMPLE_PASSWORD" $metadata) |