diff --git a/configs/update-backend.sh b/configs/update-backend.sh new file mode 100755 index 00000000..efeb1aab --- /dev/null +++ b/configs/update-backend.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +IP_BACKEND=192.168.3.92 +IMG_BACKEND=fickit-backend-squashfs.img +IMG_METADATA=fickit-metadata.iso + +echo "Sending image..." +rsync -v -e ssh "${IMG_BACKEND}" "${IMG_METADATA}" "root@${IP_BACKEND}:/var/lib/fic/outofsync/" || exit 1 + +echo "Done!" +echo "Now, execute upgrade_image on backend, through iDRAC interface." diff --git a/fickit-backend.yml b/fickit-backend.yml index acce499b..a4a9d6c7 100644 --- a/fickit-backend.yml +++ b/fickit-backend.yml @@ -447,6 +447,39 @@ files: #!/bin/sh nsenter -t 1 -m ctr -n services.linuxkit t ls mode: "0755" + - path: usr/bin/upgrade_image + contents: | + #!/bin/sh + + echo "Erasing image..." + [ -d /boot/imgs ] || mount /dev/sda1 /boot || exit 1 + mv /var/lib/fic/outofsync/fickit-backend-squashfs.img /boot/imgs/fickit-backend-squashfs.img || \ + exit 1 + + if [ $(sha3sum /var/lib/fic/outofsync/fickit-metadata.iso | cut -d " " -f 1) != $(sha3sum /boot/imgs/fickit-metadata.iso | cut -d " " -f 1) ] + then + ISO=$(mktemp -d) + mount /var/lib/fic/outofsync/fickit-metadata.iso "${ISO}" + + NEW_KEY=$(sed -rn 's/.*"content": "([^"]+)"$/\1/p' "${ISO}/user-data" | head -n 1) + OLD_KEY=$(cat /run/config/dm-crypt/key) + + [ "${NEW_KEY}" != "${OLD_KEY}" ] && { + read -p "DM-CRYPT key changed in metadata, are you sure you want to erase it? (y/N) " V + [ "$V" != "y" ] && [ "$V" != "Y" ] && exit 1; + }; + + cp /boot/imgs/fickit-metadata.iso /boot/imgs/fickit-metadata.iso.bak || exit 1; + mv /var/lib/fic/outofsync/fickit-metadata.iso /boot/imgs/fickit-backend-squashfs.img || exit 1; + dd if=/boot/imgs/fickit-metadata.iso of="$2" || exit 1; + + echo + echo "Metadata erased" + fi + + echo + echo "Done! You can reboot now." + mode: "0755" - path: usr/bin/iptables source: configs/nsenter_iptables.sh mode: "0755"