1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
# GOV.UK Mini Environment Admin
# Copyright © 2018 Christopher Baines <mail@cbaines.net>
#
# This file is part of the GOV.UK Mini Environment Admin.
#
# The GOV.UK Mini Environment Admin is free software: you can
# redistribute it and/or modify it under the terms of the GNU Affero
# General Public License as published by the Free Software Foundation,
# either version 3 of the License, or (at your option) any later
# version.
#
# The GOV.UK Mini Environment Admin is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with the GOV.UK Mini Environment Admin. If not, see
# <http://www.gnu.org/licenses/>.
module GovukGuix::BuildMiniEnvironment
extend ::ShellUtils
DEFAULT_ARGUMENTS = {
'rails-environment' => 'production',
'use-high-ports' => 'false',
'fallback' => true
}.freeze
def self.build(mini_environment_id, options)
logger.info(self.class) do
"Building mini environment #{mini_environment_id}"
end
mini_environment = MiniEnvironment.find(mini_environment_id)
remote_host = options[:run_remotely_on_host]
if remote_host && Guix.available_locally?
# TODO: This doesn't use the private key specified by the
# backend, so it'll only work when the default SSH key has
# access to the remote host.
# Copy the revision to the remote host, to ensure it's available
# there
run_command(
'guix',
'copy',
"--to=#{remote_host.user_at_address}",
mini_environment.govuk_guix_revision.store_path
)
end
data_snapshot_arguments = {}
if mini_environment.data_snapshot
data_snapshot_arguments[:data_snapshot] =
mini_environment.data_snapshot.store_path
end
output = run_command(
"#{mini_environment.govuk_guix_revision.store_path}/bin/govuk",
'system',
'build',
*hash_to_arguments(
DEFAULT_ARGUMENTS
.merge(options[:arguments])
.merge(data_snapshot_arguments)
),
*signon_user_arguments(mini_environment.signon_users),
*options[:services],
run_remotely_on_host: remote_host
)
last_non_empty_line = output.reverse.find do |line|
!line.strip.empty?
end
build_output = last_non_empty_line.strip
logger.debug(self.class) { "build_output: #{build_output}" }
unless options[:arguments][:type] == 'aws-packer-ami'
raise 'InvalidOutput' unless build_output.starts_with? '/gnu/store'
end
mini_environment.update(
backend_data: {
build_output: build_output
}
)
build_output
end
def self.signon_user_to_sexp(signon_user)
keys = %w(name email role passphrase)
sexp_contents = keys.zip(
signon_user.values_at(*keys)
).map do |(key, value)|
"#:#{key} \"#{value}\""
end
"(#{sexp_contents.join(' ')})"
end
def self.signon_user_arguments(signon_users)
signon_users.map do |signon_user|
"--signon-user=#{signon_user_to_sexp(signon_user)}"
end
end
end
|