let Docker/Linux assume clustered mode

Author: qrkourier

.github/actions/nfpm/action.yml

@@ -0,0 +1,23 @@
+name: NFPM Packager
+description: Build Linux packages using NFPM
+inputs:
+  packager:
+    description: Which packager implementation to use [apk|archlinux|deb|ipk|rpm]
+    required: true
+  config:
+    description: Config file to be used
+    required: true
+  target:
+    description: Where to save the generated package (filename, folder or empty for current folder)
+    required: true
+runs:
+  using: docker
+  image: docker.io/goreleaser/nfpm:v2.42.0@sha256:31c856f5806306ba105111fec19e8679222c67c43ad09921a46f9400d99bbbb1
+  args:
+    - package
+    - --packager
+    - ${{ inputs.packager }}
+    - --config
+    - ${{ inputs.config }}
+    - --target
+    - ${{ inputs.target }}

.github/workflows/publish-linux-packages.yml

@@ -45,7 +45,6 @@ jobs:
       MINIMUM_SYSTEMD_VERSION: 232
       ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }}
       ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }}
-      NFPM_VERSION: "2.38.0"
     steps:
       - name: Checkout Workspace
         uses: actions/checkout@v4
@@ -64,10 +63,8 @@ jobs:
 
       - name: Build Package
         id: nfpm
-        uses: burningalchemist/action-gh-nfpm@eeac96f42da23d091eec0d0088bf05cac0ceb9f3
-        # uses: netfoundry/action-gh-nfpm@main
+        uses: ./.github/actions/nfpm
         with:
-          nfpm_version: ${{ env.NFPM_VERSION }}
           packager: ${{ matrix.packager }}
           config: dist/dist-packages/linux/nfpm-${{ matrix.package_name }}.yaml
           target: release/

.github/workflows/test-deployments.yml

@@ -14,13 +14,15 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  NFPM_VERSION: "2.38.0"
   I_AM_ROBOT: 1  # skip destruction warnings when running in CI
 
 jobs:
   build-linux-packages:
     name: Build ${{ matrix.package_name }} ${{ matrix.arch.gox }} ${{ matrix.packager }}
     runs-on: ubuntu-24.04
+    # this is necessary for testing the artifact in the next check which includes some distros with older glibc than
+    # the ubuntu runner VM
+    container: openziti/ziti-builder:v2
     strategy:
       matrix:
         package_name:
@@ -53,9 +55,8 @@ jobs:
 
       - name: Build Package
         id: nfpm
-        uses: burningalchemist/action-gh-nfpm@eeac96f42da23d091eec0d0088bf05cac0ceb9f3
+        uses: ./.github/actions/nfpm
         with:
-          nfpm_version: ${{ env.NFPM_VERSION }}
           packager: ${{ matrix.packager }}
           config: dist/dist-packages/linux/nfpm-${{ matrix.package_name }}.yaml
           target: release/
@@ -152,6 +153,8 @@ jobs:
               apt-get update
               apt-get install -y systemd                                     # install as impotent dep (not PID 1)
               dpkg --install ./release/openziti_*.${{ matrix.distro.type }}  # install CLI
+              # DEBUG phantom service already exists?
+              systemctl list-unit-files ziti-controller.service || true
               dpkg --install ./release/openziti-*.${{ matrix.distro.type }}  # install controller, router
               ;;
           esac
@@ -195,21 +198,9 @@ jobs:
         with:
           go-version-file: ./go.mod
 
-      - name: Install nfpm
-        shell: bash
-        run: |
-
-          set -o pipefail
-          set -o xtrace
-
-          echo ~/.local/bin >> $GITHUB_PATH
-          mkdir -p ~/.local/bin
-          wget -qO- https://github.com/goreleaser/nfpm/releases/download/v${NFPM_VERSION}/nfpm_${NFPM_VERSION}_Linux_x86_64.tar.gz | tar --directory ~/.local/bin -xz nfpm
-          nfpm --version
-
       - name: Bootstrap & Run
         shell: bash
-        run: ./dist/dist-packages/linux/linux.test.bash
+        run: ./dist/dist-packages/linux/linux.test.bash </dev/null
 
       - name: Debug Info
         if: always()

dist/dist-packages/linux/linux.test.bash

@@ -31,6 +31,10 @@ cleanup(){
                 sudo rm -r "/opt/openziti/etc/${ETC}"
             fi
         )||true
+        if [[ -s /opt/openziti/etc/${ETC}/bootstrap.env ]]
+        then
+            rm -f /opt/openziti/etc/${ETC}/bootstrap.env
+        fi
     done
     if [[ -d "${ZITI_CONSOLE_LOCATION}" ]]
     then
@@ -62,32 +66,38 @@ BASEDIR="$(cd "$(dirname "${0}")" && pwd)"
 REPOROOT="$(cd "${BASEDIR}/../../.." && pwd)"
 cd "${REPOROOT}"
 
-declare -a BINS=(grep go nc nfpm curl unzip)
+declare -a BINS=(grep go nc docker curl unzip)
 for BIN in "${BINS[@]}"; do
     checkCommand "$BIN"
 done
 
 : "${I_AM_ROBOT:=0}"
 : "${ZITI_GO_VERSION:=$(grep -E '^go \d+\.\d*' "./go.mod" | cut -d " " -f2)}"
+: "${ZITI_USER:=admin}"
 : "${ZITI_PWD:=ziggypw}"
 : "${TMPDIR:=$(mktemp -d)}"
 : "${ZITI_CTRL_ADVERTISED_ADDRESS:="ctrl1.127.0.0.1.sslip.io"}"
 : "${ZITI_CTRL_ADVERTISED_PORT:="12801"}"
 : "${ZITI_ROUTER_PORT:="30223"}"
-: "${ZITI_ROUTER_NAME:="linux-router1"}"
+: "${ZITI_ROUTER_NAME:="router1"}"
 : "${ZITI_ROUTER_ADVERTISED_ADDRESS:="${ZITI_ROUTER_NAME}.127.0.0.1.sslip.io"}"
 : "${ZITI_ENROLL_TOKEN:="${TMPDIR}/${ZITI_ROUTER_NAME}.jwt"}"
 : "${ZITI_CONSOLE_LOCATION:="/opt/openziti/share/consoletest"}"
+# default is amd64 image manifest matching .github/actions/nfpm/action.yml
+: "${NFPM_VERSION:=docker.io/goreleaser/nfpm:v2.42.0@sha256:31c856f5806306ba105111fec19e8679222c67c43ad09921a46f9400d99bbbb1}"
 
 export \
 ZITI_GO_VERSION \
+ZITI_USER \
 ZITI_PWD \
 ZITI_CTRL_ADVERTISED_ADDRESS \
 ZITI_CTRL_ADVERTISED_PORT \
+ZITI_CONSOLE_LOCATION \
 ZITI_ROUTER_PORT \
 ZITI_ROUTER_NAME \
 ZITI_ROUTER_ADVERTISED_ADDRESS \
-ZITI_ENROLL_TOKEN
+ZITI_ENROLL_TOKEN \
+DEBUG=1 \
 
 cleanup
 
@@ -100,30 +110,37 @@ done
 mkdir -p ./release
 go build -o ./release/ ./...
 
+docker_nfpm(){
+    docker run --rm \
+    --user "${UID:-0}" \
+    --volume "${TMPDIR}":/mnt/packages \
+    --volume ./dist:/mnt/dist \
+    --volume ./release:/mnt/release \
+    --workdir /mnt \
+    --env ZITI_VENDOR \
+    --env ZITI_MAINTAINER \
+    --env ZITI_HOMEPAGE \
+    --env MINIMUM_SYSTEMD_VERSION \
+    "${NFPM_VERSION}" \
+    "${@}"
+}
+
 for PKG in openziti{,-controller,-router}
 do
     ZITI_HOMEPAGE="https://openziti.io" \
     ZITI_VENDOR="netfoundry" \
     ZITI_MAINTAINER="Maintainers <[email protected]>" \
     MINIMUM_SYSTEMD_VERSION="232" \
-    nfpm pkg \
+    docker_nfpm pkg \
     --packager deb \
-    --target  "$TMPDIR" \
+    --target  ./packages \
     --config "./dist/dist-packages/linux/nfpm-${PKG}.yaml"
 done
 
 sudo dpkg --install "${TMPDIR}/openziti_"*.deb
 sudo dpkg --install "${TMPDIR}/openziti-"{controller,router}_*.deb
 
-DEBUG=1 \
-ZITI_ENROLL_TOKEN=/tmp/${ZITI_ROUTER_NAME}.jwt \
-sudo /opt/openziti/etc/controller/bootstrap.bash << CTRL
-ZITI_CTRL_ADVERTISED_ADDRESS="${ZITI_CTRL_ADVERTISED_ADDRESS}"
-ZITI_CTRL_ADVERTISED_PORT="${ZITI_CTRL_ADVERTISED_PORT}"
-ZITI_CONSOLE_LOCATION="${ZITI_CONSOLE_LOCATION}"
-ZITI_USER="admin"
-ZITI_PWD="${ZITI_PWD}"
-CTRL
+sudo -E bash -x /opt/openziti/etc/controller/bootstrap.bash
 
 sudo systemctl start ziti-controller.service
 sudo systemd-run \
@@ -133,48 +150,66 @@ sudo systemd-run \
 systemctl is-active ziti-controller.service
 
 # shellcheck disable=SC2140
-login_cmd="ziti edge login ${ZITI_CTRL_ADVERTISED_ADDRESS}:${ZITI_CTRL_ADVERTISED_PORT}"\
-" --yes"\
-" --username admin"\
-" --password ${ZITI_PWD}"
-ATTEMPTS=10
+zitiLogin(){
+    ziti edge login "${ZITI_CTRL_ADVERTISED_ADDRESS}:${ZITI_CTRL_ADVERTISED_PORT}" \
+    --yes \
+    --username "${ZITI_USER}" \
+    --password "${ZITI_PWD}"
+}
+ATTEMPTS=9
 DELAY=3
-until ! ((ATTEMPTS)) || ${login_cmd}
+until ! (( --ATTEMPTS )) || zitiLogin
 do
-    (( ATTEMPTS-- ))
     echo "Waiting for controller login"
     sleep ${DELAY}
 done
-ziti edge create edge-router "${ZITI_ROUTER_NAME}" -to "${ZITI_ENROLL_TOKEN}"
+if ! (( ATTEMPTS )); then
+    echo "ERROR: timeout waiting for controller login" >&2
+    exit 1
+fi
+
+zitiRouter() {
+    ziti edge create edge-router "${ZITI_ROUTER_NAME}" -to "${ZITI_ENROLL_TOKEN}"
+}
 
-# fetch and install ziti console
+ATTEMPTS=9
+DELAY=3
+until ! (( --ATTEMPTS )) || zitiRouter
+do
+    echo "Waiting for router creation"
+    sleep ${DELAY}
+
+done
+if ! (( ATTEMPTS )); then
+    echo "ERROR: timeout waiting for router creation" >&2
+    exit 1
+fi
+
+# mock ziti console html
 sudo mkdir -p "${ZITI_CONSOLE_LOCATION}"
 sudo tee "${ZITI_CONSOLE_LOCATION}/index.html" <<< "I am ZAC"
 sudo chmod -R +rX "${ZITI_CONSOLE_LOCATION}"
 
-sudo /opt/openziti/etc/router/bootstrap.bash << ROUTER
-ZITI_CTRL_ADVERTISED_ADDRESS="${ZITI_CTRL_ADVERTISED_ADDRESS}"
-ZITI_CTRL_ADVERTISED_PORT="${ZITI_CTRL_ADVERTISED_PORT}"
-ZITI_ROUTER_ADVERTISED_ADDRESS="${ZITI_ROUTER_ADVERTISED_ADDRESS}"
-ZITI_ROUTER_PORT="${ZITI_ROUTER_PORT}"
-ZITI_ENROLL_TOKEN="${ZITI_ENROLL_TOKEN}"
-ROUTER
+sudo -E bash -x /opt/openziti/etc/router/bootstrap.bash
+
 sudo systemctl start ziti-router.service
 sudo systemd-run \
 --wait --quiet \
 --service-type=oneshot \
 --property=TimeoutStartSec=20s \
 systemctl is-active ziti-router.service
 
-ATTEMPTS=10
+isOnline(){
+    ziti edge list edge-routers -j | jq '.data[0].isOnline'
+}
+ATTEMPTS=9
 DELAY=3
-until ! ((ATTEMPTS)) || [[ $(ziti edge list edge-routers -j | jq '.data[0].isOnline') == "true" ]]
+until ! (( --ATTEMPTS )) || [[ "$(isOnline)" == "true" ]]
 do
-    (( ATTEMPTS-- ))
     echo "INFO: waiting for router to be online"
     sleep ${DELAY}
 done
-if [[ $(ziti edge list edge-routers -j | jq '.data[0].isOnline') == "true" ]]
+if [[ "$(isOnline)" == "true" ]]
 then
     echo "INFO: router is online"
 else
@@ -199,12 +234,19 @@ ATTEMPTS=5
 DELAY=3
 
 # verify console is available
-curl_cmd="curl -skSfw '%{http_code}\t%{url}\n' -o/dev/null \"https://${ZITI_CTRL_ADVERTISED_ADDRESS}:${ZITI_CTRL_ADVERTISED_PORT}/zac/\""
-until ! (( ATTEMPTS-- )) || eval "${curl_cmd}" &> /dev/null
+getZac(){
+    curl -kfw '%{http_code}\t%{url}\n' -o/dev/null \
+        "https://${ZITI_CTRL_ADVERTISED_ADDRESS}:${ZITI_CTRL_ADVERTISED_PORT}/zac/"
+}
+
+until ! (( --ATTEMPTS )) || getZac &> /dev/null
 do
     echo "Waiting for zac"
     sleep ${DELAY}
 done
-eval "${curl_cmd}"
+if ! (( ATTEMPTS )); then
+    echo "ERROR: timeout waiting for zac" >&2
+    exit 1
+fi
 
 cleanup

dist/dist-packages/linux/nfpm-openziti-controller.yaml

@@ -18,9 +18,6 @@ contents:
   - dst: /lib/systemd/system/
     src: ./dist/dist-packages/linux/openziti-controller/ziti-controller.service
 
-  - dst: /etc/systemd/system/ziti-controller.service.d/override.conf
-    src: ./dist/dist-packages/linux/openziti-controller/ziti-controller.service.override.conf
-
   - dst: /opt/openziti/etc/controller
     type: dir
     file_info:
@@ -37,11 +34,15 @@ contents:
   - dst: /opt/openziti/etc/controller/
     src: ./dist/dist-packages/linux/openziti-controller/bootstrap.bash
 
+  - dst: /opt/openziti/etc/controller/
+    src: ./dist/dist-packages/linux/openziti-controller/uninstall.bash
+
   - dst: /opt/openziti/etc/controller/
     src: ./dist/dist-packages/linux/openziti-controller/entrypoint.bash
 depends:
   - openziti  # ziti CLI
   - systemd (>= ${MINIMUM_SYSTEMD_VERSION})
 
 scripts:
+  preinstall: ./dist/dist-packages/linux/openziti-controller/preinstall.bash
   postinstall: ./dist/dist-packages/linux/openziti-controller/postinstall.bash

dist/dist-packages/linux/nfpm-openziti-router.yaml

@@ -18,9 +18,6 @@ contents:
   - dst: /lib/systemd/system/
     src: ./dist/dist-packages/linux/openziti-router/ziti-router.service
 
-  - dst: /etc/systemd/system/ziti-router.service.d/override.conf
-    src: ./dist/dist-packages/linux/openziti-router/ziti-router.service.override.conf
-
   - dst: /opt/openziti/etc/router
     type: dir
     file_info: