From 5843afcd9bc657479aca06419d0c0427f73c9ef4 Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Mon, 3 Mar 2014 16:00:22 +0000 Subject: deploy: Record deployment information in deployed system This commit introduces a new requirement: USERS MUST NOT HAVE SENSITIVE DATA IN THEIR ENVIRONMENT. Otherwise it will be leaked into the system. Note that configuration fields with 'PASSWORD' in their name are stripped before writing the /baserock/deployment.meta file, so the OpenStack OS_PASSWORD field is not leaked. We want this so that we can run hooks at upgrade-time in the future. These hooks might need to know how the system was configured and what releaseuu it was. I'm not quite sure how we will define 'release' yet, but by using `git tag` and `git describe` we are able to textually label a time period in the history of the system's source code. We already have the specific SHA1 of definitions.git stored in the system metadata, so this should give us enough to be able to implement specific hooks that work around any awkward upgrade complications we encounter in the future. --- tests.deploy/deploy-cluster.script | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'tests.deploy') diff --git a/tests.deploy/deploy-cluster.script b/tests.deploy/deploy-cluster.script index 0efc8d3c..3ef60479 100755 --- a/tests.deploy/deploy-cluster.script +++ b/tests.deploy/deploy-cluster.script @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2013 Codethink Limited +# Copyright (C) 2013-2014 Codethink Limited # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -29,8 +29,11 @@ cd "$DATADIR/workspace/branch1" "$SRCDIR/scripts/test-morph" build linux-system +GIT_DIR=test:morphs/.git git tag -a my-test-tag -m "Example tag" HEAD + "$SRCDIR/scripts/test-morph" --log "$DATADIR/deploy.log" \ deploy test_cluster \ + linux-system-2.EXAMPLE_PASSWORD="secret" \ linux-system-2.HOSTNAME="baserock-rocks-even-more" \ > /dev/null @@ -44,3 +47,15 @@ hostname2=$(tar -xf $outputdir/linux-system-2.tar ./etc/hostname -O) [ "$hostname1" = baserock-rocks ] [ "$hostname2" = baserock-rocks-even-more ] + +tar -xf $outputdir/linux-system-2.tar ./baserock/deployment.meta +metadata=baserock/deployment.meta + +# Check that 'git describe' of definitions repo was stored correctly +echo -n "definitions-version: " +"$SRCDIR/scripts/yaml-extract" $metadata definitions-version + +echo -n "configuration.HOSTNAME: " +"$SRCDIR/scripts/yaml-extract" $metadata configuration HOSTNAME + +! (grep -q "EXAMPLE_PASSWORD" $metadata) -- cgit v1.2.1