From 6423da2845b1d5f5602e72a18c929a8375f02945 Mon Sep 17 00:00:00 2001 From: Andrew Erickson Date: Wed, 10 Jan 2024 09:21:26 -0800 Subject: [PATCH] translations: update tc, add papertrail (#121) --- README.md | 29 +++++++++- builders/generic_translations_gcp.yaml | 1 + monopacker/secrets.py | 14 +++++ monopacker/template_packer.py | 8 ++- poetry.lock | 24 ++++---- .../relops-papertrail-syslog/01-install.sh | 40 ++++++++++++++ scripts/relops-papertrail-syslog/90-clean.sh | 14 +++++ .../relops-papertrail-tclogs/01-install.sh | 55 +++++++++++++++++++ scripts/relops-papertrail-tclogs/90-clean.sh | 14 +++++ .../taskcluster_version_translations.yaml | 2 +- tests/test_template_packer.py | 10 +++- 11 files changed, 193 insertions(+), 18 deletions(-) create mode 100644 scripts/relops-papertrail-syslog/01-install.sh create mode 100644 scripts/relops-papertrail-syslog/90-clean.sh create mode 100644 scripts/relops-papertrail-tclogs/01-install.sh create mode 100644 scripts/relops-papertrail-tclogs/90-clean.sh diff --git a/README.md b/README.md index 60d7add..f89c11b 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ The intention here is to create a single Packer + cloud-init configuration set t ### Install locally +#### Install Poetry and Python dependencies + Install Poetry (https://python-poetry.org/) if you don't already have it. ```shell @@ -43,6 +45,12 @@ poetry shell poetry install ``` +#### Install the GCP plugin for Packer + +```bash +packer plugins install github.com/hashicorp/googlecompute +``` + ## Usage See `monopacker --help` for details. @@ -57,7 +65,11 @@ monopacker build builder1 builder2 Note that you can get more logging from packer by setting `PACKER_LOG=1`. -### Developing Templates +### Template Development and Debugging + +See [TEMPLATING.md](./TEMPLATING.md) for information, another FAQ, and more. + +#### validate When developing templates, you can run the validation without running packer with `monopacker validate` (which otherwise has the same arguments as `monopacker build`): @@ -65,12 +77,23 @@ When developing templates, you can run the validation without running packer wit monopacker validate mynewbuilder ``` +#### view raw packer output + To see the generated packer template: ```shell monopacker packer-template mynewbuilder ``` -See [TEMPLATING.md](./TEMPLATING.md) for information, another FAQ, and more. +#### debugging when building + +```bash +monopacker build generic_translations_gcp --packer-args '-on-error=ask' +gcloud compute ssh --zone ... +# when done on host, in monopacker choose to 'c' cleanup +``` + +`-on-error=abort` can also be handy. + # FAQ @@ -124,4 +147,4 @@ Mostly, I just haven't tried to make this work. To run the tests for this library, run `poetry run pytest`. -To update dependencies, run `poetry update`. \ No newline at end of file +To update dependencies, run `poetry cache clear pypi --all && poetry update`. diff --git a/builders/generic_translations_gcp.yaml b/builders/generic_translations_gcp.yaml index e814d97..d2041a1 100644 --- a/builders/generic_translations_gcp.yaml +++ b/builders/generic_translations_gcp.yaml @@ -15,4 +15,5 @@ script_directories: - generic-worker-linux - worker-runner-linux - worker-runner-gw-systemd # TODO: merge with 'generic-worker-linux'? + - relops-papertrail-tclogs # needs to run after worker-runner-gw-systemd - translations-worker-requirements diff --git a/monopacker/secrets.py b/monopacker/secrets.py index 5584b9d..b9b222e 100755 --- a/monopacker/secrets.py +++ b/monopacker/secrets.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 import io +import os import tarfile from ruamel.yaml import YAML @@ -27,3 +28,16 @@ def pack_secrets(secrets_file, secrets_tar): ti = tarfile.TarInfo(path) ti.size = len(value) tar.addfile(ti, io.BytesIO(value)) + +def generate_packer_secret_chmod_shell(secrets_file): + command_arr = [] + with open(secrets_file, "r") as f: + secrets = yaml.load(f) + for secret in secrets: + dirname = os.path.dirname(secret['path']) + command_arr.append(f"sudo chown -R root:root {dirname}") + command_arr.append(f"sudo chmod -R 0400 {dirname}") + + # dedupe the array + command_arr = list(dict.fromkeys(command_arr)) + return command_arr \ No newline at end of file diff --git a/monopacker/template_packer.py b/monopacker/template_packer.py index 9c8d158..bab720e 100755 --- a/monopacker/template_packer.py +++ b/monopacker/template_packer.py @@ -15,7 +15,7 @@ from ruamel.yaml import YAML from .filters import clean_gcp_image_name -from .secrets import pack_secrets +from .secrets import pack_secrets, generate_packer_secret_chmod_shell from .files import pack_files yaml = YAML(typ="safe") @@ -293,6 +293,12 @@ def generate_packer_template(*, ], 'only': linux_builders, }) + # chmod/chown all secret files (above only gets /etc/taskcluster) + pkr["provisioners"].append({ + 'type': 'shell', + 'inline': generate_packer_secret_chmod_shell(secrets_file), + 'only': linux_builders, + }) pkr["provisioners"].append({ 'type': 'shell', 'inline': [ diff --git a/poetry.lock b/poetry.lock index caf813c..c3e74e9 100644 --- a/poetry.lock +++ b/poetry.lock @@ -24,13 +24,13 @@ files = [ [[package]] name = "exceptiongroup" -version = "1.1.3" +version = "1.2.0" description = "Backport of PEP 654 (exception groups)" optional = false python-versions = ">=3.7" files = [ - {file = "exceptiongroup-1.1.3-py3-none-any.whl", hash = "sha256:343280667a4585d195ca1cf9cef84a4e178c4b6cf2274caef9859782b567d5e3"}, - {file = "exceptiongroup-1.1.3.tar.gz", hash = "sha256:097acd85d473d75af5bb98e41b61ff7fe35efe6675e4f9370ec6ec5126d160e9"}, + {file = "exceptiongroup-1.2.0-py3-none-any.whl", hash = "sha256:4bfd3996ac73b41e9b9628b04e079f193850720ea5945fc96a08633c66912f14"}, + {file = "exceptiongroup-1.2.0.tar.gz", hash = "sha256:91f5c769735f051a4290d52edd0858999b57e5876e9f85937691bd4c9fa3ed68"}, ] [package.extras] @@ -193,13 +193,13 @@ testing = ["pytest", "pytest-benchmark"] [[package]] name = "pyfakefs" -version = "5.3.0" +version = "5.3.2" description = "pyfakefs implements a fake file system that mocks the Python file system modules." optional = false python-versions = ">=3.7" files = [ - {file = "pyfakefs-5.3.0-py3-none-any.whl", hash = "sha256:33c1f891078c727beec465e75cb314120635e2298456493cc2cc0539e2130cbb"}, - {file = "pyfakefs-5.3.0.tar.gz", hash = "sha256:e3e35f65ce55ee8ecc5e243d55cfdbb5d0aa24938f6e04e19f0fab062f255020"}, + {file = "pyfakefs-5.3.2-py3-none-any.whl", hash = "sha256:5a62194cfa24542a3c9080b66ce65d78b2e977957edfd3cd6fe98e8349bcca32"}, + {file = "pyfakefs-5.3.2.tar.gz", hash = "sha256:a83776a3c1046d4d103f2f530029aa6cdff5f0386dffd59c15ee16926135493c"}, ] [[package]] @@ -252,24 +252,24 @@ python-versions = ">=3.6" files = [ {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:b42169467c42b692c19cf539c38d4602069d8c1505e97b86387fcf7afb766e1d"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-macosx_13_0_arm64.whl", hash = "sha256:07238db9cbdf8fc1e9de2489a4f68474e70dffcb32232db7c08fa61ca0c7c462"}, - {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:d92f81886165cb14d7b067ef37e142256f1c6a90a65cd156b063a43da1708cfd"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:fff3573c2db359f091e1589c3d7c5fc2f86f5bdb6f24252c2d8e539d4e45f412"}, + {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-manylinux_2_24_aarch64.whl", hash = "sha256:aa2267c6a303eb483de8d02db2871afb5c5fc15618d894300b88958f729ad74f"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:840f0c7f194986a63d2c2465ca63af8ccbbc90ab1c6001b1978f05119b5e7334"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:024cfe1fc7c7f4e1aff4a81e718109e13409767e4f871443cbff3dba3578203d"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-win32.whl", hash = "sha256:c69212f63169ec1cfc9bb44723bf2917cbbd8f6191a00ef3410f5a7fe300722d"}, {file = "ruamel.yaml.clib-0.2.8-cp310-cp310-win_amd64.whl", hash = "sha256:cabddb8d8ead485e255fe80429f833172b4cadf99274db39abc080e068cbcc31"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:bef08cd86169d9eafb3ccb0a39edb11d8e25f3dae2b28f5c52fd997521133069"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:b16420e621d26fdfa949a8b4b47ade8810c56002f5389970db4ddda51dbff248"}, - {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:b5edda50e5e9e15e54a6a8a0070302b00c518a9d32accc2346ad6c984aacd279"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:25c515e350e5b739842fc3228d662413ef28f295791af5e5110b543cf0b57d9b"}, + {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-manylinux_2_24_aarch64.whl", hash = "sha256:1707814f0d9791df063f8c19bb51b0d1278b8e9a2353abbb676c2f685dee6afe"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:46d378daaac94f454b3a0e3d8d78cafd78a026b1d71443f4966c696b48a6d899"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:09b055c05697b38ecacb7ac50bdab2240bfca1a0c4872b0fd309bb07dc9aa3a9"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-win32.whl", hash = "sha256:53a300ed9cea38cf5a2a9b069058137c2ca1ce658a874b79baceb8f892f915a7"}, {file = "ruamel.yaml.clib-0.2.8-cp311-cp311-win_amd64.whl", hash = "sha256:c2a72e9109ea74e511e29032f3b670835f8a59bbdc9ce692c5b4ed91ccf1eedb"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:ebc06178e8821efc9692ea7544aa5644217358490145629914d8020042c24aa1"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-macosx_13_0_arm64.whl", hash = "sha256:edaef1c1200c4b4cb914583150dcaa3bc30e592e907c01117c08b13a07255ec2"}, - {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:7048c338b6c86627afb27faecf418768acb6331fc24cfa56c93e8c9780f815fa"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d176b57452ab5b7028ac47e7b3cf644bcfdc8cacfecf7e71759f7f51a59e5c92"}, + {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-manylinux_2_24_aarch64.whl", hash = "sha256:1dc67314e7e1086c9fdf2680b7b6c2be1c0d8e3a8279f2e993ca2a7545fecf62"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:3213ece08ea033eb159ac52ae052a4899b56ecc124bb80020d9bbceeb50258e9"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:aab7fd643f71d7946f2ee58cc88c9b7bfc97debd71dcc93e03e2d174628e7e2d"}, {file = "ruamel.yaml.clib-0.2.8-cp312-cp312-win32.whl", hash = "sha256:5c365d91c88390c8d0a8545df0b5857172824b1c604e867161e6b3d59a827eaa"}, @@ -277,7 +277,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.8-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:a5aa27bad2bb83670b71683aae140a1f52b0857a2deff56ad3f6c13a017a26ed"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c58ecd827313af6864893e7af0a3bb85fd529f862b6adbefe14643947cfe2942"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-macosx_12_0_arm64.whl", hash = "sha256:f481f16baec5290e45aebdc2a5168ebc6d35189ae6fea7a58787613a25f6e875"}, - {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:3fcc54cb0c8b811ff66082de1680b4b14cf8a81dce0d4fbf665c2265a81e07a1"}, + {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-manylinux_2_24_aarch64.whl", hash = "sha256:77159f5d5b5c14f7c34073862a6b7d34944075d9f93e681638f6d753606c6ce6"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:7f67a1ee819dc4562d444bbafb135832b0b909f81cc90f7aa00260968c9ca1b3"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:4ecbf9c3e19f9562c7fdd462e8d18dd902a47ca046a2e64dba80699f0b6c09b7"}, {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:87ea5ff66d8064301a154b3933ae406b0863402a799b16e4a1d24d9fbbcbe0d3"}, @@ -285,7 +285,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.8-cp37-cp37m-win_amd64.whl", hash = "sha256:3f215c5daf6a9d7bbed4a0a4f760f3113b10e82ff4c5c44bec20a68c8014f675"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1b617618914cb00bf5c34d4357c37aa15183fa229b24767259657746c9077615"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-macosx_12_0_arm64.whl", hash = "sha256:a6a9ffd280b71ad062eae53ac1659ad86a17f59a0fdc7699fd9be40525153337"}, - {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:665f58bfd29b167039f714c6998178d27ccd83984084c286110ef26b230f259f"}, + {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-manylinux_2_24_aarch64.whl", hash = "sha256:305889baa4043a09e5b76f8e2a51d4ffba44259f6b4c72dec8ca56207d9c6fe1"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:700e4ebb569e59e16a976857c8798aee258dceac7c7d6b50cab63e080058df91"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:e2b4c44b60eadec492926a7270abb100ef9f72798e18743939bdbf037aab8c28"}, {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:e79e5db08739731b0ce4850bed599235d601701d5694c36570a99a0c5ca41a9d"}, @@ -293,7 +293,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.8-cp38-cp38-win_amd64.whl", hash = "sha256:56f4252222c067b4ce51ae12cbac231bce32aee1d33fbfc9d17e5b8d6966c312"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:03d1162b6d1df1caa3a4bd27aa51ce17c9afc2046c31b0ad60a0a96ec22f8001"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:bba64af9fa9cebe325a62fa398760f5c7206b215201b0ec825005f1b18b9bccf"}, - {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:9eb5dee2772b0f704ca2e45b1713e4e5198c18f515b52743576d196348f374d3"}, + {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-manylinux_2_24_aarch64.whl", hash = "sha256:a1a45e0bb052edf6a1d3a93baef85319733a888363938e1fc9924cb00c8df24c"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:da09ad1c359a728e112d60116f626cc9f29730ff3e0e7db72b9a2dbc2e4beed5"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:184565012b60405d93838167f425713180b949e9d8dd0bbc7b49f074407c5a8b"}, {file = "ruamel.yaml.clib-0.2.8-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:a75879bacf2c987c003368cf14bed0ffe99e8e85acfa6c0bfffc21a090f16880"}, diff --git a/scripts/relops-papertrail-syslog/01-install.sh b/scripts/relops-papertrail-syslog/01-install.sh new file mode 100644 index 0000000..01876b0 --- /dev/null +++ b/scripts/relops-papertrail-syslog/01-install.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +set -exv + +# init helpers +helpers_dir=${MONOPACKER_HELPERS_DIR:-"/etc/monopacker/scripts"} +for h in ${helpers_dir}/*.sh; do + . $h; +done + +# steps from https://papertrailapp.com/systems/setup?type=system&platform=unix#unix-manual + +sudo wget -O /etc/papertrail-bundle.pem \ + https://papertrailapp.com/tools/papertrail-bundle.pem + +# TODO: use helper functions +sudo apt update +sudo apt install rsyslog-gnutls -y + +# source secrets file +. /etc/relops/relops_papertrail_secrets + +export RSYSLOG_FILE=/etc/rsyslog.conf + +cat << EOF >> $RSYSLOG_FILE + +# papertrail config +\$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem +\$ActionSendStreamDriver gtls +\$ActionSendStreamDriverMode 1 +\$ActionSendStreamDriverAuthMode x509/name +\$ActionSendStreamDriverPermittedPeer *.papertrailapp.com + +*.* @@$PAPERTRAIL_HOST:$PAPERTRAIL_PORT + +EOF + +# restart service (or wait for new instances to boot up?) +# TOOD: remove/comment when testing is done +sudo service rsyslog restart \ No newline at end of file diff --git a/scripts/relops-papertrail-syslog/90-clean.sh b/scripts/relops-papertrail-syslog/90-clean.sh new file mode 100644 index 0000000..ac3f9b0 --- /dev/null +++ b/scripts/relops-papertrail-syslog/90-clean.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -exv + +# init helpers +helpers_dir=${MONOPACKER_HELPERS_DIR:-"/etc/monopacker/scripts"} +for h in ${helpers_dir}/*.sh; do + . $h; +done + +rm -rf /usr/src/* + +# Do one final package cleanup, just in case. +apt-get autoremove -y --purge diff --git a/scripts/relops-papertrail-tclogs/01-install.sh b/scripts/relops-papertrail-tclogs/01-install.sh new file mode 100644 index 0000000..d6666f7 --- /dev/null +++ b/scripts/relops-papertrail-tclogs/01-install.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +set -exv + +# init helpers +helpers_dir=${MONOPACKER_HELPERS_DIR:-"/etc/monopacker/scripts"} +for h in ${helpers_dir}/*.sh; do + . $h; +done + +## using remote-syslog2 (recommended by PT) +# - issues +# - no service... + +# cd /tmp +# wget https://github.com/papertrail/remote_syslog2/releases/download/v0.21/remote-syslog2_0.21_amd64.deb +# sudo dpkg -i remote-syslog*.deb + +## using systemd & ncat (used in ronin-puppet) + +# nmap provides ncat +apt update +apt install -y ncat + +export SERVICE_FILE=/etc/systemd/system/papertrail.service +# TODO: support multipe units? +export UNIT_TO_MONITOR="generic-worker" + +# source secrets file +. /etc/relops/relops_papertrail_secrets + +cat << EOF >> $SERVICE_FILE +[Unit] +Description=Papertrail +After=systemd-journald.service +Requires=systemd-journald.service +[Service] +ExecStart=/bin/sh -c "journalctl -u $UNIT_TO_MONITOR -f | ncat --ssl $PAPERTRAIL_HOST $PAPERTRAIL_PORT" +TimeoutStartSec=0 +Restart=on-failure +RestartSec=5s +[Install] +WantedBy=multi-user.target + +EOF + +# reload systemctl so it knows about config +systemctl daemon-reload + +# enable the service on boot +systemctl enable papertrail + +# TODO: start also? can verify it's format is correct... +# - shouldn't be any output on builder (w-m is not started) +systemctl start papertrail \ No newline at end of file diff --git a/scripts/relops-papertrail-tclogs/90-clean.sh b/scripts/relops-papertrail-tclogs/90-clean.sh new file mode 100644 index 0000000..ac3f9b0 --- /dev/null +++ b/scripts/relops-papertrail-tclogs/90-clean.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -exv + +# init helpers +helpers_dir=${MONOPACKER_HELPERS_DIR:-"/etc/monopacker/scripts"} +for h in ${helpers_dir}/*.sh; do + . $h; +done + +rm -rf /usr/src/* + +# Do one final package cleanup, just in case. +apt-get autoremove -y --purge diff --git a/template/vars/taskcluster_version_translations.yaml b/template/vars/taskcluster_version_translations.yaml index 1d7d9cd..ac85684 100644 --- a/template/vars/taskcluster_version_translations.yaml +++ b/template/vars/taskcluster_version_translations.yaml @@ -1,3 +1,3 @@ # This defines the current Taskcluster version, the default version for worker-runner and workers. env_vars: - TASKCLUSTER_VERSION: 55.1.1 + TASKCLUSTER_VERSION: 59.1.3 diff --git a/tests/test_template_packer.py b/tests/test_template_packer.py index d484138..c1dcae2 100644 --- a/tests/test_template_packer.py +++ b/tests/test_template_packer.py @@ -172,7 +172,9 @@ def test_generate_packer_template(tmpdir): type: openstack """)) - secrets_file.write(json.dumps([])) + # TODO: add a fake secret json... missing test coverage + # secrets_file.write(json.dumps([])) + secrets_file.write(json.dumps([{'name': 'blah_key', 'path': '/etc/taskcluster/secrets/test_blah', 'value': 'test123'}])) scripts_dir.mkdir("facebook-worker").join("01-fb.sh").write("echo hello") @@ -240,6 +242,12 @@ def test_generate_packer_template(tmpdir): ], 'only': ['linux'], }, + {'inline': ['sudo chown -R root:root ' + '/etc/taskcluster/secrets', + 'sudo chmod -R 0400 /etc/taskcluster/secrets'], + 'only': ['linux'], + 'type': 'shell', + }, { 'type': 'shell', 'inline': [