Filter out the inspect rules on the proxy

The host inspect script on the proxy only needs the SCC credentials, running all the others makes the install longer.
mbussolotto · May 22, 2024 · b2b77d7 · b2b77d7
1 parent 45c5489
commit b2b77d7
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 22 deletions.
diff --git a/mgradm/cmd/inspect/podman.go b/mgradm/cmd/inspect/podman.go
@@ -38,7 +38,7 @@ func podmanInspect(
 			return fmt.Errorf(L("failed to find the image of the currently running server container: %s"))
 		}
 	}
-	inspectResult, err := shared_podman.Inspect(serverImage, flags.PullPolicy)
+	inspectResult, err := shared_podman.Inspect(serverImage, flags.PullPolicy, false)
 	if err != nil {
 		return utils.Errorf(err, L("inspect command failed"))
 	}

diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go
@@ -70,7 +70,7 @@ func installForPodman(
 		return errors.New(L("install podman before running this command"))
 	}
 
-	inspectedHostValues, err := utils.InspectHost()
+	inspectedHostValues, err := utils.InspectHost(false)
 	if err != nil {
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}

diff --git a/mgradm/shared/podman/podman.go b/mgradm/shared/podman/podman.go
@@ -221,7 +221,7 @@ func RunMigration(serverImage string, pullPolicy string, sshAuthSocket string, s
 		extraArgs = append(extraArgs, "-v", sshKnownhostsPath+":/etc/ssh/ssh_known_hosts")
 	}
 
-	inspectedHostValues, err := utils.InspectHost()
+	inspectedHostValues, err := utils.InspectHost(false)
 	if err != nil {
 		return "", "", "", utils.Errorf(err, L("cannot inspect host values"))
 	}
@@ -281,7 +281,7 @@ func RunPgsqlVersionUpgrade(image types.ImageFlags, migrationImage types.ImageFl
 			}
 		}
 
-		inspectedHostValues, err := utils.InspectHost()
+		inspectedHostValues, err := utils.InspectHost(false)
 		if err != nil {
 			return utils.Errorf(err, L("cannot inspect host values"))
 		}
@@ -427,7 +427,7 @@ func Inspect(serverImage string, pullPolicy string) (map[string]string, error) {
 		return map[string]string{}, utils.Errorf(err, L("failed to create temporary directory"))
 	}
 
-	inspectedHostValues, err := utils.InspectHost()
+	inspectedHostValues, err := utils.InspectHost(false)
 	if err != nil {
 		return map[string]string{}, utils.Errorf(err, L("cannot inspect host values"))
 	}

diff --git a/mgrpxy/shared/podman/podman.go b/mgrpxy/shared/podman/podman.go
@@ -131,7 +131,7 @@ func getHttpProxyConfig() string {
 // GetContainerImage returns a proxy image URL.
 func GetContainerImage(flags *utils.ProxyImageFlags, name string) (string, error) {
 	image := flags.GetContainerImage(name)
-	inspectedHostValues, err := shared_utils.InspectHost()
+	inspectedHostValues, err := shared_utils.InspectHost(true)
 	if err != nil {
 		return "", shared_utils.Errorf(err, L("cannot inspect host values"))
 	}
@@ -202,7 +202,7 @@ func Upgrade(globalFlags *types.GlobalFlags, flags *PodmanProxyUpgradeFlags, cmd
 
 func getContainerImage(flags *utils.ProxyImageFlags, name string) (string, error) {
 	image := flags.GetContainerImage(name)
-	inspectedHostValues, err := shared_utils.InspectHost()
+	inspectedHostValues, err := shared_utils.InspectHost(true)
 	if err != nil {
 		return "", shared_utils.Errorf(err, L("cannot inspect host values"))
 	}

diff --git a/shared/podman/utils.go b/shared/podman/utils.go
@@ -191,14 +191,14 @@ func getGraphRoot() (string, error) {
 }
 
 // Inspect check values on a given image and deploy.
-func Inspect(serverImage string, pullPolicy string) (map[string]string, error) {
+func Inspect(serverImage string, pullPolicy string, proxyHost bool) (map[string]string, error) {
 	scriptDir, err := os.MkdirTemp("", "mgradm-*")
 	defer os.RemoveAll(scriptDir)
 	if err != nil {
 		return map[string]string{}, utils.Errorf(err, L("failed to create temporary directory"))
 	}
 
-	inspectedHostValues, err := utils.InspectHost()
+	inspectedHostValues, err := utils.InspectHost(proxyHost)
 	if err != nil {
 		return map[string]string{}, utils.Errorf(err, L("cannot inspect host values"))
 	}

diff --git a/shared/templates/inspectTemplate.go b/shared/templates/inspectTemplate.go
@@ -14,15 +14,18 @@ import (
 const inspectTemplate = `#!/bin/bash
 # inspect.sh, generated by mgradm
 {{- range .Param }}
+	{{- if or (not $.ProxyHost) (and $.ProxyHost .Proxy ) }}
 echo "{{ .Variable }}=$({{ .CLI }})" >> {{ $.OutputFile }}
 {{- end }}
+{{- end }}
 exit 0
 `
 
 // InspectTemplateData represents information used to create inspect script.
 type InspectTemplateData struct {
 	Param      []types.InspectData
 	OutputFile string
+	ProxyHost  bool
 }
 
 // Render will create inspect script.

diff --git a/shared/types/inspect.go b/shared/types/inspect.go
@@ -10,6 +10,7 @@ package types
 type InspectData struct {
 	Variable string
 	CLI      string
+	Proxy    bool
 }
 
 /* InspectFile represent where the inspect file should be stored
@@ -22,9 +23,10 @@ type InspectFile struct {
 }
 
 // NewInspectData creates an InspectData instance.
-func NewInspectData(variable string, cli string) InspectData {
+func NewInspectData(variable string, cli string, proxy bool) InspectData {
 	return InspectData{
 		Variable: variable,
 		CLI:      cli,
+		Proxy:    proxy,
 	}
 }
diff --git a/shared/utils/utils.go b/shared/utils/utils.go
@@ -39,15 +39,15 @@ var imageValid = regexp.MustCompile("^((?:[^:/]+(?::[0-9]+)?/)?[^:]+)(?::([^:]+)
 var InspectScriptFilename = "inspect.sh"
 
 var inspectValues = []types.InspectData{
-	types.NewInspectData("uyuni_release", "cat /etc/*release | grep 'Uyuni release' | cut -d ' ' -f3 || true"),
-	types.NewInspectData("suse_manager_release", "cat /etc/*release | grep 'SUSE Manager release' | cut -d ' ' -f4 || true"),
-	types.NewInspectData("architecture", "lscpu | grep Architecture | awk '{print $2}' || true"),
-	types.NewInspectData("fqdn", "cat /etc/rhn/rhn.conf 2>/dev/null | grep 'java.hostname' | cut -d' ' -f3 || true"),
-	types.NewInspectData("image_pg_version", "rpm -qa --qf '%{VERSION}\\n' 'name=postgresql[0-8][0-9]-server'  | cut -d. -f1 | sort -n | tail -1 || true"),
-	types.NewInspectData("current_pg_version", "(test -e /var/lib/pgsql/data/PG_VERSION && cat /var/lib/pgsql/data/PG_VERSION) || true"),
-	types.NewInspectData("registration_info", "env LC_ALL=C LC_MESSAGES=C LANG=C transactional-update --quiet register --status 2>/dev/null || true"),
-	types.NewInspectData("scc_username", "cat /etc/zypp/credentials.d/SCCcredentials 2>&1 /dev/null | grep username | cut -d= -f2 || true"),
-	types.NewInspectData("scc_password", "cat /etc/zypp/credentials.d/SCCcredentials 2>&1 /dev/null | grep password | cut -d= -f2 || true"),
+	types.NewInspectData("uyuni_release", "cat /etc/*release | grep 'Uyuni release' | cut -d ' ' -f3 || true", false),
+	types.NewInspectData("suse_manager_release", "cat /etc/*release | grep 'SUSE Manager release' | cut -d ' ' -f4 || true", false),
+	types.NewInspectData("architecture", "lscpu | grep Architecture | awk '{print $2}' || true", false),
+	types.NewInspectData("fqdn", "cat /etc/rhn/rhn.conf 2>/dev/null | grep 'java.hostname' | cut -d' ' -f3 || true", false),
+	types.NewInspectData("image_pg_version", "rpm -qa --qf '%{VERSION}\\n' 'name=postgresql[0-8][0-9]-server'  | cut -d. -f1 | sort -n | tail -1 || true", false),
+	types.NewInspectData("current_pg_version", "(test -e /var/lib/pgsql/data/PG_VERSION && cat /var/lib/pgsql/data/PG_VERSION) || true", false),
+	types.NewInspectData("registration_info", "env LC_ALL=C LC_MESSAGES=C LANG=C transactional-update --quiet register --status 2>/dev/null || true", false),
+	types.NewInspectData("scc_username", "cat /etc/zypp/credentials.d/SCCcredentials 2>&1 /dev/null | grep username | cut -d= -f2 || true", true),
+	types.NewInspectData("scc_password", "cat /etc/zypp/credentials.d/SCCcredentials 2>&1 /dev/null | grep password | cut -d= -f2 || true", true),
 }
 
 // InspectOutputFile represents the directory and the basename where the inspect values are stored.
@@ -338,14 +338,14 @@ func ReadInspectData(scriptDir string, prefix ...string) (map[string]string, err
 }
 
 // InspectHost check values on a host machine.
-func InspectHost() (map[string]string, error) {
+func InspectHost(serverHost bool) (map[string]string, error) {
 	scriptDir, err := os.MkdirTemp("", "mgradm-*")
 	defer os.RemoveAll(scriptDir)
 	if err != nil {
 		return map[string]string{}, Errorf(err, L("failed to create temporary directory"))
 	}
 
-	if err := GenerateInspectHostScript(scriptDir); err != nil {
+	if err := GenerateInspectHostScript(scriptDir, serverHost); err != nil {
 		return map[string]string{}, err
 	}
 
@@ -362,10 +362,11 @@ func InspectHost() (map[string]string, error) {
 }
 
 // GenerateInspectContainerScript create the host inspect script.
-func GenerateInspectHostScript(scriptDir string) error {
+func GenerateInspectHostScript(scriptDir string, proxyHost bool) error {
 	data := templates.InspectTemplateData{
 		Param:      inspectValues,
 		OutputFile: scriptDir + "/" + InspectOutputFile.Basename,
+		ProxyHost:  proxyHost,
 	}
 
 	scriptPath := filepath.Join(scriptDir, InspectScriptFilename)