From 12212f37738e4ace276d4a062fd7ce05c5f05e15 Mon Sep 17 00:00:00 2001
From: Nicolas Iselin <nicolas.github@iselin.ch>
Date: Sat, 25 Nov 2023 18:14:12 +0100
Subject: [PATCH] feat: abort when running twice or no connectivity

---
 templates/usr/local/bin/potos-ansible-pull.j2 | 73 +++++++++++--------
 1 file changed, 43 insertions(+), 30 deletions(-)

diff --git a/templates/usr/local/bin/potos-ansible-pull.j2 b/templates/usr/local/bin/potos-ansible-pull.j2
index 7d8ebbb..f2731f9 100644
--- a/templates/usr/local/bin/potos-ansible-pull.j2
+++ b/templates/usr/local/bin/potos-ansible-pull.j2
@@ -3,7 +3,7 @@
 #
 # Pulls the latest potos playbooks and then continues to run them against localhost.
 # to enforce {{ potos_basics_client_name }} client specification.
-# Notification and warning is displayed to the end user if 
+# Notification and warning is displayed to the end user if
 {% if potos_basics_enable_reboot_reminder %}
 #  * machine has not been rebooted for more than {{ potos_basics_reboot_reminder_days }} days
 {% endif %}
@@ -130,46 +130,57 @@ CheckToolAvailable /usr/bin/tr
 CheckToolAvailable /usr/bin/uptime
 CheckToolAvailable /usr/bin/virtualenv
 CheckToolAvailable /usr/bin/wall
+CheckToolAvailable /usr/bin/nmcli
 
-# Check if virtualenv directory exists
-[ -d '{{ potos_basics_ansible_virtenvdir }}' ] || /usr/bin/mkdir -p {{ potos_basics_ansible_virtenvdir }} || die "Couldn't create VirtualEnv directory"
-
-# Clear and create working directory
-/usr/bin/rm -rf {{ potos_basics_ansible_workdir }} || die "Couldn't create Ansible work directory"
-/usr/bin/mkdir -p {{ potos_basics_ansible_workdir }} || die "Couldn't create Ansible work directory"
-
-# Get latest playbook of given version
-/usr/bin/git clone \
-    --depth 1 --single-branch \
-    -b {{ potos_basics_playbook_version }} \
-    https://github.com/projectpotos/ansible-plays-potos.git \
-    {{ potos_basics_ansible_workdir }} 2>&1 || die "Failed to checkout playbook repository"
-
-# Adjust ansible config with client
-/usr/bin/sed -i 's|/var/log/potos|{{ potos_basics_ansible_logdir }}|' {{ potos_basics_ansible_workdir }}/ansible.cfg
-
-# Run Ansible with custom ansible.cfg, use flock to prevent concurrent runs
-ANSIBLE_CONFIG={{ potos_basics_ansible_workdir }}/ansible.cfg
+# use flock to prevent concurrent runs
 /usr/bin/mkdir -p /var/lock || die "Failed create lock directory"
 if [ ! -f /var/lock/{{ potos_basics_client_name | lower }}.lock ]; then
   /usr/bin/touch /var/lock/{{ potos_basics_client_name | lower }}.lock || die "Failed create lock file"
 fi
 
 exec {flockfd}</var/lock/{{ potos_basics_client_name | lower }}.lock
-/usr/bin/flock -x "$flockfd" || die "Failed to aquire lock"
+/usr/bin/flock -n "$flockfd" || die "Other instance already running, aborting"
 
-# Create virtualenv if not exists
-/usr/bin/virtualenv {{ potos_basics_ansible_virtenvdir }} || die "Failed create virtualenv"
-source  {{ potos_basics_ansible_virtenvdir }}/bin/activate  || die "Failed activate virtualenv"
-pip3 install ansible-core=={{ potos_basics_ansible_version }} || die "Failed install ansible-core in virtualenv"
+# Check connectivity
+CONNECTIVITY=$( LANG=C /usr/bin/nmcli -g CONNECTIVITY g status )
+if [[ "${CONNECTIVITY}" == "full" ]]
+then
+  # fetch all config information via network
 
-cd /var/lib/{{ potos_basics_client_name }}/ansible
-ansible-playbook {% if potos_basics_ansible_vault_key_check.stat.exists %}--vault-password-file=/etc/potos/ansible_vault_key {% endif %}-i {{ potos_basics_ansible_inventory }} {{ potos_basics_ansible_workdir }}/prepare.yml -e "potos_runtype=$RUN_TYPE"
-ansible-playbook {% if potos_basics_ansible_vault_key_check.stat.exists %}--vault-password-file=/etc/potos/ansible_vault_key {% endif %}-i {{ potos_basics_ansible_inventory }} {{ potos_basics_ansible_workdir }}/playbook.yml -e "potos_runtype=$RUN_TYPE"
+  # Check if virtualenv directory exists
+  [ -d '{{ potos_basics_ansible_virtenvdir }}' ] || /usr/bin/mkdir -p {{ potos_basics_ansible_virtenvdir }} || die "Couldn't create VirtualEnv directory"
 
-deactivate
+  # Clear and create working directory
+  /usr/bin/rm -rf {{ potos_basics_ansible_workdir }} || die "Couldn't create Ansible work directory"
+  /usr/bin/mkdir -p {{ potos_basics_ansible_workdir }} || die "Couldn't create Ansible work directory"
 
-exec {flockfd}<&-
+  # Get latest playbook of given version
+  /usr/bin/git clone \
+      --depth 1 --single-branch \
+      -b {{ potos_basics_playbook_version }} \
+      https://github.com/projectpotos/ansible-plays-potos.git \
+      {{ potos_basics_ansible_workdir }} 2>&1 || die "Failed to checkout playbook repository"
+
+  # Adjust ansible config with client
+  /usr/bin/sed -i 's|/var/log/potos|{{ potos_basics_ansible_logdir }}|' {{ potos_basics_ansible_workdir }}/ansible.cfg
+
+  # Run Ansible with custom ansible.cfg
+  ANSIBLE_CONFIG={{ potos_basics_ansible_workdir }}/ansible.cfg
+
+  # Create virtualenv if not exists
+  /usr/bin/virtualenv {{ potos_basics_ansible_virtenvdir }} || die "Failed create virtualenv"
+  source  {{ potos_basics_ansible_virtenvdir }}/bin/activate  || die "Failed activate virtualenv"
+  pip3 install ansible-core=={{ potos_basics_ansible_version }} || die "Failed install ansible-core in virtualenv"
+
+  cd /var/lib/{{ potos_basics_client_name }}/ansible
+  ansible-playbook {% if potos_basics_ansible_vault_key_check.stat.exists %}--vault-password-file=/etc/potos/ansible_vault_key {% endif %}-i {{ potos_basics_ansible_inventory }} {{ potos_basics_ansible_workdir }}/prepare.yml -e "potos_runtype=$RUN_TYPE"
+  ansible-playbook {% if potos_basics_ansible_vault_key_check.stat.exists %}--vault-password-file=/etc/potos/ansible_vault_key {% endif %}-i {{ potos_basics_ansible_inventory }} {{ potos_basics_ansible_workdir }}/playbook.yml -e "potos_runtype=$RUN_TYPE"
+
+  deactivate
+
+else
+  die "insufficient connectivity, abort"
+fi
 
 logfile=$(/usr/bin/grep 'log_path =' ansible.cfg | /usr/bin/sed 's/log_path = //g')
 
@@ -182,6 +193,8 @@ if [[ "0" -ne "$(/usr/bin/test -e "$logfile" && /usr/bin/grep failed= "$logfile"
     /usr/bin/notify-send -u critical --expire-time=0 "${ANSIBLE_MESSAGE}"
     /usr/bin/wall "${ANSIBLE_MESSAGE}"
 fi
+
+exec {flockfd}<&-
 {% if potos_basics_enable_reboot_reminder %}
 # Check if machine has not been rebooted for more than {{ potos_basics_reboot_reminder_days }} days
 UPTIME_DATE=$(/usr/bin/uptime --since | /usr/bin/awk '{print $1}' | /usr/bin/tr -d '-')