From 54ff8f23ed774762de9d9686aa6eb05508ffe9e1 Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@silique.fr>
Date: Thu, 22 Jun 2023 16:22:54 +0200
Subject: [PATCH] better update_images script

---
 ansible/sbin/update_images | 48 ++++++++++++++++++++++++++++++++++----
 1 file changed, 43 insertions(+), 5 deletions(-)

diff --git a/ansible/sbin/update_images b/ansible/sbin/update_images
index 92c545e..dd73e12 100755
--- a/ansible/sbin/update_images
+++ b/ansible/sbin/update_images
@@ -1,5 +1,12 @@
 #!/bin/bash -e
 
+TLS_SERVER=$1
+if [ -z "$TLS_SERVER" ]; then
+    echo "$0 nom_tls_server"
+    exit 1
+fi
+DO_NOT_START=$2
+REBOOT_EVERY_MONDAY=$3
 # root dir configuration
 RISOTTO_DIR="/var/lib/risotto"
 RISOTTO_IMAGE_DIR="$RISOTTO_DIR/images"
@@ -16,34 +23,65 @@ ls /var/lib/risotto/images_files/ | while read image; do
     if [ -d /var/lib/risotto/images_files/"$image" ]; then
         echo
         echo "Install image $image" | tee -a /var/log/risotto/update_images.log
-        /usr/local/sbin/build_image "$image" "$1" | tee -a /var/log/risotto/update_images.log || (echo "PROBLEME" | tee -a /var/log/risotto/update_images.log; true)
+        /usr/local/sbin/build_image "$image" | tee -a /var/log/risotto/update_images.log || (echo "PROBLEME" | tee -a /var/log/risotto/update_images.log; true)
     fi
 done
 
+idx=0
+if [ -z "$DO_NOT_START" ]; then
+    machinectl reboot "$TLS_SERVER" || machinectl start "$TLS_SERVER"
+    while true; do
+        status=$(machinectl -q shell "$TLS_SERVER" /usr/bin/systemctl is-system-running 2>/dev/null || echo "not started")
+        if echo "$status" | grep -q degraded || echo "$status" | grep -q running; then
+            break
+        fi
+        idx=$((idx+1))
+        if [ $idx = 60 ]; then
+            echo "le serveur $TLS_SERVER n'a pas encore redémarré"
+            break
+        fi
+        sleep 2
+    done
+fi
+
 MACHINES=""
 for nspawn in $(ls /etc/systemd/nspawn/*.nspawn); do
-    nspawn_file=$(basename $nspawn)
+    nspawn_file=$(basename "$nspawn")
     machine=${nspawn_file%.*}
     MACHINES="$MACHINES$machine "
     MACHINE_MACHINES_DIR="/var/lib/machines/$machine"
     IMAGE_NAME_RISOTTO_IMAGE_NAME="$(cat $RISOTTO_DIR/machines_informations/$machine.image)"
     MACHINE_INFO="$RISOTTO_DIR/machines_informations/"
     VERSION_MACHINE="$MACHINE_INFO/$machine.version"
+    if [ -n "$REBOOT_EVERY_MONDAY" ] && [ "$(date +%u)" = 1 ]; then
+        # update TLS certificate every monday, so stop container
+        machinectl stop "$machine" 2> /dev/null || true
+        while true; do
+            machinectl status "$machine" > /dev/null 2>&1 || break
+            sleep 1
+        done
+    fi
+    if [ ! -d "$MACHINE_MACHINES_DIR" ]; then
+        rm -f "$VERSION_MACHINE"
+    fi
     diff -q "$RISOTTO_IMAGE_DIR/$IMAGE_NAME_RISOTTO_IMAGE_NAME".version "$VERSION_MACHINE" &> /dev/null || (
         echo "Reinstall machine $machine"
-        machinectl stop $machine || true
+        machinectl stop "$machine" 2> /dev/null || true
         while true; do
             machinectl status "$machine" > /dev/null 2>&1 || break
             sleep 1
         done
         rm -rf "$MACHINE_MACHINES_DIR"
         mkdir "$MACHINE_MACHINES_DIR"
-        cp -a --reflink=auto $RISOTTO_IMAGE_DIR/$IMAGE_NAME_RISOTTO_IMAGE_NAME/* $MACHINE_MACHINES_DIR
+        cp -a --reflink=auto "$RISOTTO_IMAGE_DIR/$IMAGE_NAME_RISOTTO_IMAGE_NAME/"* "$MACHINE_MACHINES_DIR"
         cp -a --reflink=auto "$RISOTTO_IMAGE_DIR/$IMAGE_NAME_RISOTTO_IMAGE_NAME".version "$VERSION_MACHINE"
     )
 done
-if [ -z "$1" ]; then
+if [ -z "$DO_NOT_START" ]; then
+    echo "start $MACHINES"
     machinectl start $MACHINES
+    sleep 5
+    journalctl -n 100 --no-pager
     diagnose
 fi
 exit 0