isle/go-workspace/src/bootstrap/bootstrap.go

// Package bootstrap deals with the creation of bootstrap files
package bootstrap

import (
	"context"
	crypticnet "cryptic-net"
	"cryptic-net/garage"
	"cryptic-net/nebula"
	"cryptic-net/tarutil"
	"fmt"
	"io"
	"io/fs"
)

// GetHashFromFS returns the hash of the contents of the given bootstrap file.
// It may return nil if the bootstrap file doesn't have a hash.
func GetHashFromFS(bootstrapFS fs.FS) ([]byte, error) {

	b, err := fs.ReadFile(bootstrapFS, tarutil.HashBinPath)

	if err != nil {
		return nil, fmt.Errorf("reading file %q from bootstrap fs: %w", tarutil.HashBinPath, err)
	}

	return b, nil
}

// GetHashFromReader reads the given tgz file as an fs.FS, and passes that to
// GetHashFromFS.
func GetHashFromReader(r io.Reader) ([]byte, error) {

	bootstrapFS, err := tarutil.FSFromReader(r)
	if err != nil {
		return nil, fmt.Errorf("reading tar fs from reader: %w", err)
	}

	return GetHashFromFS(bootstrapFS)
}

func newBootstrap(
	ctx context.Context,
	into io.Writer,
	hostname provider,
	nebulaCerts provider,
	nebulaHosts provider,
	garageRPCSecret provider,
	garageGlobalBucketKey provider,
	garageHosts provider,
) error {

	pairs := []struct {
		path     string
		provider provider
	}{
		{"hostname", hostname},
		{"nebula/certs", nebulaCerts},
		{"nebula/hosts", nebulaHosts},
		{"garage/rpc-secret.txt", garageRPCSecret},
		{"garage/global-bucket-key.yml", garageGlobalBucketKey},
		{"garage/hosts", garageHosts},
	}

	w := tarutil.NewTGZWriter(into)

	for _, pair := range pairs {

		if err := pair.provider(ctx, w, pair.path); err != nil {
			return fmt.Errorf("populating %q in new bootstrap: %w", pair.path, err)
		}
	}

	return w.Close()
}

// NewForThisHost generates a new bootstrap file for the current host, based on
// the existing environment as well as data in garage.
func NewForThisHost(env *crypticnet.Env, into io.Writer) error {

	client, err := garage.GlobalBucketAPIClient(env)
	if err != nil {
		return fmt.Errorf("creating client for global bucket: %w", err)
	}

	return newBootstrap(
		env.Context,
		into,
		provideFromFS(env.BootstrapFS),    // hostname
		provideDirFromFS(env.BootstrapFS), // nebulaCerts
		provideDirFromGarage(client),      // nebulaHosts
		provideFromFS(env.BootstrapFS),    // garageRPCSecret
		provideFromFS(env.BootstrapFS),    // garageGlobalBucketKey
		provideDirFromGarage(client),      // garageHosts
	)
}

// NewForHost generates a new bootstrap file for an arbitrary host, based on the
// given admin file's FS and data in garage.
func NewForHost(env *crypticnet.Env, adminFS fs.FS, name string, into io.Writer) error {

	host, ok := env.Hosts[name]
	if !ok {
		return fmt.Errorf("unknown host %q, make sure host entry has been created", name)
	}

	client, err := garage.GlobalBucketAPIClient(env)
	if err != nil {
		return fmt.Errorf("creating client for global bucket: %w", err)
	}

	nebulaHostCert, err := nebula.NewHostCert(adminFS, host.Nebula)
	if err != nil {
		return fmt.Errorf("creating new nebula host key/cert: %w", err)
	}

	nebulaHostCertDir := map[string][]byte{
		"ca.crt":   nebulaHostCert.CACert,
		"host.key": nebulaHostCert.HostKey,
		"host.crt": nebulaHostCert.HostCert,
	}

	return newBootstrap(
		env.Context,
		into,
		provideFromBytes([]byte(name)),       // hostname
		provideDirFromMap(nebulaHostCertDir), // nebulaCerts
		provideDirFromGarage(client),         // nebulaHosts
		provideFromFS(adminFS),               // garageRPCSecret
		provideFromFS(adminFS),               // garageGlobalBucketKey
		provideDirFromGarage(client),         // garageHosts
	)
}
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`// Package bootstrap deals with the creation of bootstrap files`
			`package bootstrap`

			`import (`
Refactor how bootstrap files are created The new code makes it a lot clearer what the sources of each file/directory is, and makes it more difficult to forget to add a file or directory. This will be helpful when it comes to bootstrapping an entire network, which will require yet a third way of generating bootstrap files. 2022-10-11 19:24:53 +00:00			`"context"`
			`crypticnet "cryptic-net"`
			`"cryptic-net/garage"`
			`"cryptic-net/nebula"`
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`"cryptic-net/tarutil"`
			`"fmt"`
			`"io"`
			`"io/fs"`
			`)`

			`// GetHashFromFS returns the hash of the contents of the given bootstrap file.`
			`// It may return nil if the bootstrap file doesn't have a hash.`
			`func GetHashFromFS(bootstrapFS fs.FS) ([]byte, error) {`

			`b, err := fs.ReadFile(bootstrapFS, tarutil.HashBinPath)`

			`if err != nil {`
			`return nil, fmt.Errorf("reading file %q from bootstrap fs: %w", tarutil.HashBinPath, err)`
			`}`

			`return b, nil`
			`}`

			`// GetHashFromReader reads the given tgz file as an fs.FS, and passes that to`
			`// GetHashFromFS.`
			`func GetHashFromReader(r io.Reader) ([]byte, error) {`

			`bootstrapFS, err := tarutil.FSFromReader(r)`
			`if err != nil {`
			`return nil, fmt.Errorf("reading tar fs from reader: %w", err)`
			`}`

			`return GetHashFromFS(bootstrapFS)`
			`}`
Refactor how bootstrap files are created The new code makes it a lot clearer what the sources of each file/directory is, and makes it more difficult to forget to add a file or directory. This will be helpful when it comes to bootstrapping an entire network, which will require yet a third way of generating bootstrap files. 2022-10-11 19:24:53 +00:00
			`func newBootstrap(`
			`ctx context.Context,`
			`into io.Writer,`
			`hostname provider,`
			`nebulaCerts provider,`
			`nebulaHosts provider,`
			`garageRPCSecret provider,`
			`garageGlobalBucketKey provider,`
			`garageHosts provider,`
			`) error {`

			`pairs := []struct {`
			`path string`
			`provider provider`
			`}{`
			`{"hostname", hostname},`
			`{"nebula/certs", nebulaCerts},`
			`{"nebula/hosts", nebulaHosts},`
			`{"garage/rpc-secret.txt", garageRPCSecret},`
			`{"garage/global-bucket-key.yml", garageGlobalBucketKey},`
			`{"garage/hosts", garageHosts},`
			`}`

			`w := tarutil.NewTGZWriter(into)`

			`for _, pair := range pairs {`

			`if err := pair.provider(ctx, w, pair.path); err != nil {`
			`return fmt.Errorf("populating %q in new bootstrap: %w", pair.path, err)`
			`}`
			`}`

			`return w.Close()`
			`}`

			`// NewForThisHost generates a new bootstrap file for the current host, based on`
			`// the existing environment as well as data in garage.`
			`func NewForThisHost(env *crypticnet.Env, into io.Writer) error {`

			`client, err := garage.GlobalBucketAPIClient(env)`
			`if err != nil {`
			`return fmt.Errorf("creating client for global bucket: %w", err)`
			`}`

			`return newBootstrap(`
			`env.Context,`
			`into,`
			`provideFromFS(env.BootstrapFS), // hostname`
			`provideDirFromFS(env.BootstrapFS), // nebulaCerts`
			`provideDirFromGarage(client), // nebulaHosts`
			`provideFromFS(env.BootstrapFS), // garageRPCSecret`
			`provideFromFS(env.BootstrapFS), // garageGlobalBucketKey`
			`provideDirFromGarage(client), // garageHosts`
			`)`
			`}`

			`// NewForHost generates a new bootstrap file for an arbitrary host, based on the`
			`// given admin file's FS and data in garage.`
			`func NewForHost(env *crypticnet.Env, adminFS fs.FS, name string, into io.Writer) error {`

			`host, ok := env.Hosts[name]`
			`if !ok {`
			`return fmt.Errorf("unknown host %q, make sure host entry has been created", name)`
			`}`

			`client, err := garage.GlobalBucketAPIClient(env)`
			`if err != nil {`
			`return fmt.Errorf("creating client for global bucket: %w", err)`
			`}`

			`nebulaHostCert, err := nebula.NewHostCert(adminFS, host.Nebula)`
			`if err != nil {`
			`return fmt.Errorf("creating new nebula host key/cert: %w", err)`
			`}`

			`nebulaHostCertDir := map[string][]byte{`
			`"ca.crt": nebulaHostCert.CACert,`
			`"host.key": nebulaHostCert.HostKey,`
			`"host.crt": nebulaHostCert.HostCert,`
			`}`

			`return newBootstrap(`
			`env.Context,`
			`into,`
			`provideFromBytes([]byte(name)), // hostname`
			`provideDirFromMap(nebulaHostCertDir), // nebulaCerts`
			`provideDirFromGarage(client), // nebulaHosts`
			`provideFromFS(adminFS), // garageRPCSecret`
			`provideFromFS(adminFS), // garageGlobalBucketKey`
			`provideDirFromGarage(client), // garageHosts`
			`)`
			`}`