Closed porst17 closed 7 years ago
DRAFT (v.0.5):
hilbert
CLI (what should it be able to do):hilbert
tool to remote Linux systems using ssh-keys retrieved via rsync
from the source specified in station config file (e.g. via SFTP
URL)Notes:
ssh
and docker-machine
for virtual testing environments--debug
to output human readable action log--trace
to output each performed check and command--quiet
to suppress any aux. output--version
get the tool's version--help
should be available globally and for each local command--config_dir=<PATH>
overwrite for the configuration location (also ENV. Var. HILBERT_CONFIG_DIR
)--configs_cache=<PATH>
overwrite for the location of configs. cache (also ENV. Var. HILBERT_CONFIGS_CACHE
)Note about precedence rules for all possible config-related specifications:
CONFIG_DIR
):
~/.config/hilbert
orhilbert
or$HILBERT_CONFIG_DIR
or --config_dir=<PATH>
$CONFIG_DIR/STATIONS
CONFIGS_CACHE
)$HILBERT_CONFIGS_CACHE
or --configs_cache=<PATH>
local COMMAND [args]
: run command locally on the host system. This is the default/assumed driver.@remote REMOTE_STATION [opts] COMMAND [args]
: run hilbert's command on specified remote station:
hilbert
on remote system: $SSH $REMOTE_CONFIG_DIR/hilbert $opts $COMMAND $args
NOTE: remote commands may differ for different remote stations, use hilbert remote REMOTE_STATION local --cmds
to get them for a running prepared remote system REMOTE_STATION
. Only basic local commands are available by default.
--cmds
list available commandsshell [args]
- run a single shell command specified by $args (no default working directory)shutdown [args]
- run sudo -n -P /sbin/shutdown $args
poweroff [args]
- run sudo -n -P /sbin/poweroff $args
reboot [args]
- run sudo -n -P /sbin/reboot $args
ptmx [args]
- run ptmx work-around (maybe even --background
)Docker Engine
):docker
- run docker with corresponding args (if docker
is accessible).launch
- run docker-compose with corresponding args within necessary location after reading all station configs (if docker-compose
is accessible). See current templates/luncher.sh
Docker Engine
+ hilbert
):Note: the following actions should not run in parallel - they will require a locking mechanism
prepare
- run preparation actions (e.g. cleanup & pre-download). See current templates/prepare.sh
start_apps
- run services according to station config. See current templates/default.sh
switch_top
- switch the current GUI app to a different one. See current templates/topswitch.sh
finish_apps
- stop/kill/remove services according to station config. See current templates/finishall.sh
cfg_create REMOTE_STATION [args]
- create new child configuration inside the config. cache (--templates=PATH
, or ENV: HILBERT_TEMPLATES=<PATH>
). See current init.sh
cfg_refresh REMOTE_STATION [args]
- refresh configuration due to template changes (--templates=PATH
, or ENV: HILBERT_TEMPLATES=<PATH>
). See current refresh.sh
list_children
, list known remote systems in specified format (e.g. --output=json
). See current dockapp_dashboard/server/scripts/list_stations.sh
sync SOURCE TARGET
- sync this station configs + children config cache (--source= UPSTREAM
). See current sync.sh
. For example: hilbert sync <CMS_SFTP_URL> <CONFIGS_CACHE>
.forall [opts] COMMAND [args]
: run hilbert @remote $REMOTE_STATION $opts $COMMAND $args
for each known REMOTE_STATION
(according to config. cache). See current forall.sh
NOTE: at least remote system access configuration is required to be in the local config. cache
@shell REMOTE_STATION args
- run a single shell command on remote system (via specified access method). For example: $SSH $REMOTE_STATION_ID $args
@poweron REMOTE_STATION [args]
- trigger power-on (e.g. via WOL
). Non-blocking. Use option: --wait
to wait for complete system startup. For example: wakeonlan $REMOTE_MAC
. See current start.sh
@status REMOTE_STATION [args]
- get current status of remote system: e.g. OFF, inaccessible, virgin, ready, running, stopped... See current status.sh
@deploy REMOTE_STATION [args]
- deploy corresponding configs and hilbert
tool to the remote system. See current deploy.sh
. (maybe hilbert sync <CONFIGS_CACHE>/$REMOTE_STATION $REMOTE_STATION:$CONFIG_DIR
?)@lasttop REMOTE_STATION [args]
- get the latest chosen GUI app. from remote station. See current lastapp.sh
NOTE: complete remote system configuration is required to be in the local config. cache + Docker Engine should be available on the remote system + Hilbert
.
@start REMOTE_STATION [args]
- ensure that remote station is UP, its configs are up-to-date and running all the prescribed services. See current dockapp_dashboard/server/scripts/start_station.sh
:
hilbert @poweron $REMOTE_STATION --wait
hilbert @deploy $REMOTE_STATION
hilbert @remote $REMOTE_STATION local prepare
hilbert @remote $REMOTE_STATION local start_apps
hilbert @lasttop $REMOTE_STATION
@top_switch REMOTE_STATION args
- gracefully stop the current GUI app. and start a new one (specified via arguments). See current dockapp_dashboard/server/scripts/appchange_station.sh
:
hilbert @remote $REMOTE_STATION local switch_top $args
hilbert @lasttop $REMOTE_STATION
@stop REMOTE_STATION [args]
- gracefully stop all the prescribed services and shut it down. See current dockapp_dashboard/server/scripts/stop_station.sh
:
hilbert @remote $REMOTE_STATION local finish_apps
hilbert @remote $REMOTE_STATION local poweroff
Some comments:
@elondaits, i am almost ready with my draft. Please wait a bit.
Let me know... but consider I get an email message when new things are posted and none when you edit your previous messages.
@elondaits Ok, i am mostly done.
I suggest we start discussing the use cases and usage scenarios.
To make implementation in bash simpler the following looks promising:
The global subcommand utility: http://people.tuebingen.mpg.de/maan/gsu/
gsu is a small library of bash functions intended to ease the task of writing and documenting large shell scripts with multiple subcommands, each providing different functionality. gsu is known to work on Linux, FreeBSD, NetBSD and MacOS.
For example: deploy configs and hilbert tool to remote Linux systems using ssh-keys retrieved via rsync from the source specified in station config file (e.g. via SFTP URL)
If I understand this right this suggests placing the ssh key to the remote station somewhere it can be fetched through ftp so the system can then issue ssh commands. If that's the idea... This is a crazy backdoor! It's possible that I misunderstood but then the text should be clarified because that's what I read now.
shell [args] - run a single shell command specified by $args (no default working directory)
I don't think it's a good idea to have a generic backdoor. Our system should, if possible, only allow remote execution of "safe" commands. ssh already does this, as well.
shutdown [args] - run sudo -n -P /sbin/shutdown $args
allowed args should be explicitly documented, validated and never ever sent directly from the hilbert invocation to the sudoed command. Otherwise one could do something like
shutdown "; rm -rf /*"
(or some smarter / trickier way of escaping things in bash) and piggyback a command. All user input is evil and should be treated as such.
--wait
in the start command work? If it is through polling then it's a very bad idea because it'll behave very badly in terms of working set and memory cache when running in parallel in many processes. It's much more effective to do the polling on a single thread for all stations like I do now in the dashboard and only wake their individual threads when MK indicates a change. If the dashboard is already doing this effort then we shouldn't have a --wait
in the CLI.list_children, list known remote systems...
when the description of the command says something different than the name it's a good indication that the name should be changed (list_remote_systems in this case, for instance)
Minimal hilbert
interface:
https://github.com/malex984/dockapp/blob/devel4_docs/mng/README.md#minimal-hilbert-interfaces
The purpose of actions that replace current scripts is the same as that of the superseded scripts. Same with semantics for now...
@elondaits Could you please move your comments to the shared Google Document and attach them to relevant places in the draft design.
Let us continue the discussion there.
I added them. Some were general comments that might be relevant to several parts or the document as a whole... so consider what they say and not only the place where I added them.
Has to be moved to https://github.com/hilbert/hilbert-cli/issues
I updates the google document:
See also "Configuration Design (super issue)": hilbert/hilbert-cli#13
More specifics on Hilbert-CLI-Station
local configuration:
Station::settings
should added to some ${HOME}/.config/hilbert-cli-station/settings.cfg
in some plain format, e.g. (%s=%s) % (key, value)
.default_application
& services
& applications
etc...${HOME}/.config/hilbert-cli-station/settings.cfg
is to be used by Hilbert-CLI-Station
tool itself. The settings may influence the general operation: (e.g. autostart
& autostart_delay
& default_application
/ services
etc.).${HOME}/.config/hilbert-cli-station/settings.cfg
are to be forwarded into containers created by Hilbert-CLI-Station
:
${HOME}/.config/hilbert-cli-station/
may be mounted (read-only) by each started containerenv-file
specification)Note: prior to starting some services/applications Hilbert-CLI-Station
may be required to run some special shell code on the host and set some environment variables before passing them into containers.
For instance: auto-detection of variables for using some currently running native services or device configurations: PULSE_SOCKET/PULSE_COOKIE
(pulseaudion), DISPLAY/XAUTHORITY
(x11), DOCKER_SOCKET
(Docker Engine) etc.
Note: services started by Hilbert-CLI-Station
(e.g. x11 / qrhandler
) are to follow pre-defined schema to enable local access (e.g. share sockets via /tmp/
or by serving on localhost
network address). They will also have to create individual temporary (single session only) config-files (e.g. in /tmp/
) specifying corresponding access settings (e.g. with DISPLAY=...
& XAUTHORITY=...
).
Of course Hilbert-CLI-Station
may provide some auto-detection for some standard services e.g. X11, pulseaudio, docker, but what about general case?
IMO in general Hilbert-CLI-Station
should be able to run some custom script on the host system (which may create something in /tmp/
) before creating a docker container with a service or an application.
NOTE: It has to be attached to service/application definition in general YAML configuration: Suggestion: Service::auto_detections
.
This issue is a super-issue again that needs to be split up. I already modified the issue description. @malex984 Please prepare the individual issues and add them to the list. A summary of the results should be added and updated on a regular basis, e.g. each time a sub-issue is closed (you can add commit-like comments to this issue and reference them in the description to make clear with state is reflected in the description).
Note: this one is in hilbert-docker-images
since it was inherited by default from dockapp
repository.
@porst17 Q: What about using hilbert/hilbert-cli#14 as a super issue instead of this one?
Please let me elaborate on the operation of Hilbert-CLI-Server
:
According to https://github.com/hilbert/hilbert-docker-images/issues/28#issuecomment-257195798 ${SPECIAL_USERS_HOME}/.config/hilbert-cli-station
will contain all local settings and resources (e.g. docker-compose.yml
generated for this station) required for running Hilbert-CLI-Station
on the host.
In particular:
auto_detection
, which may also result in further environment variables$PWD
, $HOME/.ssh
or /tmp/.ssh
, $HILBERT_SERVER_CONFIG_PATH
, $HILBERT_OMD_PATH
, $HILBERT_REGISTRY_DATA_PATH
) as data volumes (read-only or read-write according to corresponding definition in the docker-compose.yml
). Let me extend https://github.com/hilbert/hilbert-docker-images/issues/28#issuecomment-257339008 wrt Server specifics:
Hilbert-CLI-Server
on the Server only may accept a local setting like HILBERT_SERVER_SYNC_URL
(which is a part of Station::settings
), which would enable Hilbert-CLI-Server
to reload (sync
?) the configuration-related files and docker-image tarballs from some external location using the predefined syncing mechanism (e.g. rsync over sFTP or SSH). Station::settings
may explicitly specify that location, e.g. via a variable like HILBERT_SERVER_CONFIG_PATH
, which may default to ${SPECIAL_USERS_HOME}/.config/hilbert-cli-server
on the host system.I missed that this issue is still listed under hilbert-docker-images
. Feel free to move relevant stuff over to hilbert/hilbert-cli#14 and then close this issue.
For reference: command aliases
CLI server/client tools were initially implemented within https://github.com/hilbert/hilbert-cli/pull/34
Corresponding design is in the "Management Back-end" Document.
Current CLI: https://gist.github.com/malex984/59d2b62c5098eb1005100f9249719505
Further implementation will be due to https://github.com/hilbert/hilbert-cli/issues/14
Please use this issue to create and discuss a specification for the new unified command line interface.
Never reference anything below this line in the comments. It may change at any time.
Sub-issues to solve:
Hilbert-CLI-Server
Design (works with the general YAML config, communicates with CMS)Hilbert-CLI-Station
Design (e.g. https://github.com/hilbert/hilbert-docker-images/issues/28#issuecomment-257195798, written in BASH, sourced local config)