/// <summary>
/// <para>
/// Edits the [/etc/hosts] file on all hive nodes so that the line:
/// </para>
/// <code>
/// 127.0.1.1 {hostname}
/// </code>
/// <para>
/// is changed to:
/// </para>
/// <code>
/// {node.PrivateAddress} {hostname}
/// </code>
/// <para>
/// Hashicorp Vault cannot restart with the old setting, complaining about a
/// <b>""missing API address</b>.
/// </para>
/// </summary>
/// <param name="node">The target node.</param>
private void EditEtcHosts(SshProxy <NodeDefinition> node)
{
node.InvokeIdempotentAction(GetIdempotentTag("edit-etc-hosts"),
() =>
{
var etcHosts = node.DownloadText("/etc/hosts");
var sbEtcHosts = new StringBuilder();
using (var reader = new StringReader(etcHosts))
{
foreach (var line in reader.Lines())
{
if (line.StartsWith("127.0.1.1"))
{
var nodeAddress = node.PrivateAddress.ToString();
var separator = new string(' ', Math.Max(16 - nodeAddress.Length, 1));
sbEtcHosts.AppendLine($"{nodeAddress}{separator}{node.Name}");
}
else
{
sbEtcHosts.AppendLine(line);
}
}
}
node.UploadText("/etc/hosts", sbEtcHosts.ToString(), permissions: "644");
node.SudoCommand("systemctl restart vault");
});
}
/// <summary>
/// Edits the [neon-proxy-public-bridge.sh] and [neon-proxy-private-bridge.sh]
/// scripts to remove the [VAULT_CREDENTIALS] environment variable so the new
/// .NET based proxy bridge image will work properly.
/// </summary>
/// <param name="node">The target node.</param>
private void UpdateProxyBridgeScripts(SshProxy <NodeDefinition> node)
{
var scriptNames =
new string[]
{
"neon-proxy-public-bridge.sh",
"neon-proxy-private-bridge.sh"
};
foreach (var scriptName in scriptNames)
{
var scriptPath = LinuxPath.Combine(HiveHostFolders.Scripts, scriptName);
var scriptText = node.DownloadText(scriptName);
var sbEdited = new StringBuilder();
using (var reader = new StringReader(scriptText))
{
foreach (var line in reader.Lines())
{
if (!line.Contains("--env VAULT_CREDENTIALS="))
{
sbEdited.AppendLineLinux(line);
}
}
}
node.UploadText(scriptPath, sbEdited.ToString(), permissions: "700");
}
}
/// <summary>
/// Updates a service or container start script on a hive node with a new image.
/// </summary>
/// <param name="node">The target hive node.</param>
/// <param name="scriptName">The script name (without the <b>.sh</b>).</param>
/// <param name="image">The fully qualified image name.</param>
private static void UpdateStartScript(SshProxy <NodeDefinition> node, string scriptName, string image)
{
var scriptPath = LinuxPath.Combine(HiveHostFolders.Scripts, $"{scriptName}.sh");
node.Status = $"edit: {scriptPath}";
if (node.FileExists(scriptPath))
{
var curScript = node.DownloadText(scriptPath);
var sbNewScript = new StringBuilder();
// Scan for the generated code section and then replace the first
// line that looks like:
//
// TARGET_IMAGE=OLD-IMAGE
//
// with the new image and then upload the change.
using (var reader = new StringReader(curScript))
{
var inGenerated = false;
var wasEdited = false;
foreach (var line in reader.Lines())
{
if (wasEdited)
{
sbNewScript.AppendLine(line);
continue;
}
if (!inGenerated && line.StartsWith(ServiceHelper.ParamSectionMarker))
{
inGenerated = true;
}
if (line.StartsWith("TARGET_IMAGE="))
{
sbNewScript.AppendLine($"TARGET_IMAGE={image}");
wasEdited = true;
}
else
{
sbNewScript.AppendLine(line);
}
}
}
node.UploadText(scriptPath, sbNewScript.ToString(), permissions: "740");
}
node.Status = string.Empty;
}
/// <summary>
/// Update the Elasticsearch container launch scripts to enable automatic
/// memory settings based on any cgroup limits.
/// </summary>
/// <param name="node">The target node.</param>
private void UpdateElasticsearch(SshProxy <NodeDefinition> node)
{
// This method is called for all cluster nodes, even those
// that aren't currently hosting Elasticsearch, so we can
// update any scripts that may have been orphaned (for
// consistency).
//
// The update consists of replacing the script line that
// sets the [ES_JAVA_OPTS] environment variable with:
//
// --env ES_JAVA_OPTS=-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap \
//
// To ensure that this feature is enabled in favor of the
// old hacked memory level settings.
var scriptPath = LinuxPath.Combine(HiveHostFolders.Scripts, "neon-log-esdata.sh");
node.InvokeIdempotentAction(GetIdempotentTag("neon-log-esdata"),
() =>
{
if (node.FileExists(scriptPath))
{
node.Status = $"edit: {scriptPath}";
var orgScript = node.DownloadText(scriptPath);
var newScript = new StringBuilder();
foreach (var line in new StringReader(orgScript).Lines())
{
if (line.Contains("ES_JAVA_OPTS="))
{
newScript.AppendLine(" --env \"ES_JAVA_OPTS=-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap\" \\");
}
else
{
newScript.AppendLine(line);
}
}
node.UploadText(scriptPath, newScript.ToString(), permissions: "");
node.Status = string.Empty;
}
});
}