update-grid-servers

#!/usr/bin/env nix-shell
#!nix-shell -i bash -p jp

#
# Tell all servers belonging to a certain grid that they should update
# themselves to the latest configuration associated with that grid.
#

set -euxo pipefail

# Find the location of this script so we can refer to data files with a known
# relative location.
HERE=$(dirname $0)

# Get the path to the ssh key which authorizes us to deliver this
# notification.
DEPLOY_KEY=$1
shift

# Get the name of the grid to which we're going to deliver notification.  This
# corresponds to the name of one of the directories in the top-level `morph`
# directory.
GRIDNAME=$1
shift

# Tell one server to update itself.
update_one_node() {
    grid_name=$1
    shift

    deploy_key=$1
    shift

    node=$1
    shift

    # Avoid both the "host key unknown" prompt and the possibility for a
    # man-in-the-middle attack (on every single deploy!) by referring to a
    # pre-initialized known hosts file for this grid.
    #
    # Then use the specified deploy key to authenticate as the deployment user
    # and trigger the update on the host.  There's no command here because the
    # deployment key is restricted *only* the deloyment update command and the
    # ssh server will supply that command itself.
    ssh -o "UserKnownHostsFile=${HERE}/known_hosts.${grid_name}" -i "${deploy_key}" "deployment@${node}"
}

# Tell all servers belonging to one grid to update themselves.
update_grid_nodes() {
    deploy_key=$1
    shift

    gridname=$1
    shift

    case "$gridname" in
	"production")
	    grid_dir=./morph/grid/production
	    domain=private.storage
	    ;;

	"staging")
	    grid_dir=./morph/grid/testing
	    domain=privatestorage-staging.com
	    ;;

	*)
	    echo "Unknown grid: ${gridname}"
	    exit 1
    esac

    # Find the names of all hosts that belong to this grid.  This list includes
    # one extra string, "network", which is morph configuration stuff and we need
    # to filter out later.
    nodes=$(nix eval --json "(builtins.concatStringsSep \" \" (builtins.attrNames (import $grid_dir/grid.nix)))" | jp --unquoted @)

    # Tell every server in the network to update itself.
    for node in ${nodes}; do
	if [ "${node}" = "network" ]; then
	    # This isn't a server, it's part of the morph configuration.
	    continue
	fi
	update_one_node "${gridname}" "${deploy_key}" "${node}.${domain}"
    done
}

update_grid_nodes "${DEPLOY_KEY}" "${GRIDNAME}"