Prototype2.3-fix_ostemplate
This commit is contained in:
261
libsupabase.sh
261
libsupabase.sh
@@ -1,34 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
set -Eeuo pipefail
|
||||
|
||||
# ---------------------------
|
||||
# Logging / trap helpers
|
||||
# ---------------------------
|
||||
|
||||
# ----------------------------
|
||||
# Logging (ALLES nach STDERR!)
|
||||
# ----------------------------
|
||||
_ts() { date '+%F %T'; }
|
||||
|
||||
_is_tty() { [[ -t 1 ]]; }
|
||||
|
||||
_color() {
|
||||
local code="$1"; shift
|
||||
if _is_tty; then printf "\033[%sm%s\033[0m" "$code" "$*"; else printf "%s" "$*"; fi
|
||||
}
|
||||
|
||||
log() { echo "[$(_ts)] $*"; }
|
||||
info() { log "$(_color '36' 'INFO:') $*"; }
|
||||
warn() { log "$(_color '33' 'WARN:') $*"; }
|
||||
err() { log "$(_color '31' 'ERROR:') $*"; }
|
||||
|
||||
die() { err "$*"; exit 1; }
|
||||
|
||||
on_error() {
|
||||
local lineno="$1" cmd="$2" code="$3"
|
||||
err "Failed at line ${lineno}: ${cmd} (exit=${code})"
|
||||
exit 1
|
||||
}
|
||||
log() { echo "[$(_ts)] $*" >&2; }
|
||||
info() { log "INFO: $*"; }
|
||||
warn() { log "WARN: $*"; }
|
||||
die() { log "ERROR: $*"; exit 1; }
|
||||
|
||||
setup_traps() {
|
||||
trap 'on_error "$LINENO" "$BASH_COMMAND" "$?"' ERR
|
||||
trap 'die "Failed at line ${LINENO}: ${BASH_COMMAND} (exit=$?)"' ERR
|
||||
}
|
||||
|
||||
need_cmd() {
|
||||
@@ -38,10 +22,9 @@ need_cmd() {
|
||||
done
|
||||
}
|
||||
|
||||
# ---------------------------
|
||||
# ----------------------------
|
||||
# Proxmox helpers
|
||||
# ---------------------------
|
||||
|
||||
# ----------------------------
|
||||
pve_storage_exists() {
|
||||
local st="$1"
|
||||
pvesm status --storage "$st" >/dev/null 2>&1
|
||||
@@ -52,193 +35,117 @@ pve_bridge_exists() {
|
||||
[[ -d "/sys/class/net/${br}/bridge" ]]
|
||||
}
|
||||
|
||||
# Ensure Debian 12 template. Return "storage:vztmpl/xxx.tar.zst"
|
||||
# Return list of all VMIDs in the cluster (CT + VM), one per line.
|
||||
# No pipelines to "tail" etc. in-script -> avoids broken pipe.
|
||||
pve_cluster_vmids() {
|
||||
need_cmd pvesh python3
|
||||
local json
|
||||
json="$(pvesh get /cluster/resources --type vm --output-format json 2>/dev/null || true)"
|
||||
[[ -n "$json" ]] || return 0
|
||||
|
||||
python3 - <<'PY' <<<"$json"
|
||||
import json, sys
|
||||
try:
|
||||
data = json.loads(sys.stdin.read())
|
||||
except Exception:
|
||||
sys.exit(0)
|
||||
for r in data:
|
||||
vmid = r.get("vmid")
|
||||
if isinstance(vmid, int):
|
||||
print(vmid)
|
||||
PY
|
||||
}
|
||||
|
||||
pve_vmid_exists_cluster() {
|
||||
local vmid="$1"
|
||||
[[ "$vmid" =~ ^[0-9]+$ ]] || return 1
|
||||
pve_cluster_vmids | awk -v id="$vmid" '$1==id{found=1} END{exit found?0:1}'
|
||||
}
|
||||
|
||||
# Customer-safe CTID:
|
||||
# epoch - 1000000000 => e.g. 1768138201 -> 768138201
|
||||
pve_select_customer_ctid() {
|
||||
need_cmd date
|
||||
local base
|
||||
base="$(date +%s)"
|
||||
local ctid=$((base - 1000000000))
|
||||
|
||||
# ensure integer + not used
|
||||
while pve_vmid_exists_cluster "$ctid"; do
|
||||
ctid=$((ctid + 1))
|
||||
done
|
||||
echo "$ctid"
|
||||
}
|
||||
|
||||
# Ensure Debian 12 template exists and return "storage:vztmpl/<file>" on STDOUT ONLY.
|
||||
pve_template_ensure_debian12() {
|
||||
local store="$1"
|
||||
local tpl="debian-12-standard_12.12-1_amd64.tar.zst"
|
||||
|
||||
need_cmd pveam awk grep
|
||||
local preferred_store="$1"
|
||||
local tpl="debian-12-standard_12.12-1_amd64.tar.zst"
|
||||
local store="$preferred_store"
|
||||
|
||||
# Some storages (like local-zfs) don't support templates in pveam
|
||||
# Some storages (e.g. local-zfs) don't support templates in pveam.
|
||||
if ! pveam list "$store" >/dev/null 2>&1; then
|
||||
warn "pveam storage '${store}' not available for templates; falling back to 'local'"
|
||||
warn "pveam storage '$store' not available for templates; falling back to 'local'"
|
||||
store="local"
|
||||
fi
|
||||
|
||||
pveam update >/dev/null
|
||||
|
||||
# If not available locally, download
|
||||
if ! pveam list "$store" | awk '{print $2}' | grep -qx "$tpl"; then
|
||||
# Make sure template exists; download if missing
|
||||
if ! pveam list "$store" 2>/dev/null | awk '{print $2}' | grep -qx "$tpl"; then
|
||||
info "Downloading CT template to ${store}: ${tpl}"
|
||||
pveam update >/dev/null 2>&1 || true
|
||||
pveam download "$store" "$tpl" >/dev/null
|
||||
fi
|
||||
|
||||
# IMPORTANT: only echo the template ref on STDOUT
|
||||
echo "${store}:vztmpl/${tpl}"
|
||||
}
|
||||
|
||||
# Build net0 string with optional VLAN tag
|
||||
# Build net0 string, supports VLAN tag
|
||||
pve_build_net0() {
|
||||
local bridge="$1"
|
||||
local ip="$2"
|
||||
local ipcfg="$2"
|
||||
local vlan="${3:-}"
|
||||
|
||||
if [[ "$ip" == "dhcp" ]]; then
|
||||
if [[ -n "$vlan" ]]; then
|
||||
echo "name=eth0,bridge=${bridge},ip=dhcp,tag=${vlan}"
|
||||
else
|
||||
echo "name=eth0,bridge=${bridge},ip=dhcp"
|
||||
fi
|
||||
local base="name=eth0,bridge=${bridge},ip=${ipcfg}"
|
||||
if [[ -n "$vlan" ]]; then
|
||||
echo "${base},tag=${vlan}"
|
||||
else
|
||||
# static CIDR
|
||||
if [[ -n "$vlan" ]]; then
|
||||
echo "name=eth0,bridge=${bridge},ip=${ip},tag=${vlan}"
|
||||
else
|
||||
echo "name=eth0,bridge=${bridge},ip=${ip}"
|
||||
fi
|
||||
echo "${base}"
|
||||
fi
|
||||
}
|
||||
|
||||
pct_exec() {
|
||||
local ctid="$1"; shift
|
||||
# run a command inside CT with bash -lc
|
||||
pct exec "$ctid" -- bash -lc "$*"
|
||||
}
|
||||
|
||||
# Wait until CT has an IPv4 on eth0. Returns IP or empty.
|
||||
# Wait for IPv4 on eth0
|
||||
pct_wait_for_ip() {
|
||||
need_cmd pct awk cut head sleep
|
||||
local ctid="$1"
|
||||
local tries="${2:-60}"
|
||||
local delay="${3:-1}"
|
||||
|
||||
local ip=""
|
||||
while (( tries > 0 )); do
|
||||
local i ip
|
||||
for i in $(seq 1 "$tries"); do
|
||||
ip="$(pct exec "$ctid" -- bash -lc "ip -4 -o addr show dev eth0 2>/dev/null | awk '{print \$4}' | cut -d/ -f1 | head -n1" 2>/dev/null || true)"
|
||||
if [[ -n "$ip" ]]; then
|
||||
echo "$ip"
|
||||
return 0
|
||||
fi
|
||||
sleep "$delay"
|
||||
((tries--))
|
||||
sleep 1
|
||||
done
|
||||
echo ""
|
||||
return 1
|
||||
}
|
||||
|
||||
# ---------------------------
|
||||
# CTID strategy (your request)
|
||||
# ---------------------------
|
||||
# Customer-safe CTID:
|
||||
# CTID = (unix_time - 1000000000)
|
||||
# This is stable until 2038 and avoids collisions with typical low VMIDs.
|
||||
|
||||
customer_ctid_from_time() {
|
||||
local now
|
||||
now="$(date +%s)"
|
||||
echo $(( now - 1000000000 ))
|
||||
pct_exec() {
|
||||
local ctid="$1"; shift
|
||||
pct exec "$ctid" -- bash -lc "$*"
|
||||
}
|
||||
|
||||
# Check if a VMID exists cluster-wide using pvesh.
|
||||
# If pvesh fails (permissions/API), we still have a fallback.
|
||||
pve_vmid_exists_cluster() {
|
||||
local vmid="$1"
|
||||
need_cmd pvesh python3
|
||||
|
||||
# pvesh returns JSON; we parse safely in python
|
||||
local json
|
||||
json="$(pvesh get /cluster/resources --type vm --output-format json 2>/dev/null || true)"
|
||||
[[ -n "$json" ]] || return 1
|
||||
|
||||
python3 - "$vmid" <<'PY' 2>/dev/null
|
||||
import sys, json
|
||||
vmid = int(sys.argv[1])
|
||||
data = json.load(sys.stdin)
|
||||
for r in data:
|
||||
if int(r.get("vmid", -1)) == vmid:
|
||||
sys.exit(0)
|
||||
sys.exit(1)
|
||||
PY
|
||||
# Generate secrets without pipelines that trigger broken-pipe noise
|
||||
rand_hex_32() {
|
||||
need_cmd openssl
|
||||
openssl rand -hex 32
|
||||
}
|
||||
|
||||
# Select a CTID that does NOT exist cluster-wide.
|
||||
pve_select_customer_ctid() {
|
||||
local ctid
|
||||
ctid="$(customer_ctid_from_time)"
|
||||
|
||||
# If cluster check works, avoid collisions.
|
||||
if pve_vmid_exists_cluster "$ctid"; then
|
||||
# extremely unlikely, but add +1..+60 tries
|
||||
local i
|
||||
for i in $(seq 1 60); do
|
||||
if ! pve_vmid_exists_cluster "$((ctid+i))"; then
|
||||
echo "$((ctid+i))"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
die "CTID selection failed: all candidates busy"
|
||||
fi
|
||||
|
||||
echo "$ctid"
|
||||
}
|
||||
|
||||
# ---------------------------
|
||||
# Secrets (no 'tr: broken pipe')
|
||||
# ---------------------------
|
||||
|
||||
_rand_hex() {
|
||||
local nbytes="${1:-32}"
|
||||
if command -v openssl >/dev/null 2>&1; then
|
||||
openssl rand -hex "$nbytes"
|
||||
return 0
|
||||
fi
|
||||
if command -v python3 >/dev/null 2>&1; then
|
||||
python3 - <<PY
|
||||
import secrets
|
||||
print(secrets.token_hex(${nbytes}))
|
||||
PY
|
||||
return 0
|
||||
fi
|
||||
|
||||
# last resort: avoid pipefail by disabling locally
|
||||
(
|
||||
set +o pipefail
|
||||
LC_ALL=C tr -dc 'a-f0-9' </dev/urandom | head -c $((nbytes*2))
|
||||
)
|
||||
}
|
||||
|
||||
_rand_b64url() {
|
||||
local nbytes="${1:-32}"
|
||||
if command -v python3 >/dev/null 2>&1; then
|
||||
python3 - <<PY
|
||||
import secrets
|
||||
print(secrets.token_urlsafe(${nbytes}))
|
||||
PY
|
||||
return 0
|
||||
fi
|
||||
# fallback
|
||||
(
|
||||
set +o pipefail
|
||||
LC_ALL=C tr -dc 'A-Za-z0-9_-'
|
||||
) </dev/urandom | head -c $((nbytes*2))
|
||||
}
|
||||
|
||||
json_escape() {
|
||||
python3 - <<'PY'
|
||||
import json,sys
|
||||
print(json.dumps(sys.stdin.read())[1:-1])
|
||||
PY
|
||||
}
|
||||
|
||||
emit_result_json() {
|
||||
# Arguments are key=value pairs; prints a single JSON object
|
||||
# Example: emit_result_json "CTID=123" "CT_IP=1.2.3.4"
|
||||
python3 - "$@" <<'PY'
|
||||
import sys, json
|
||||
obj={}
|
||||
for kv in sys.argv[1:]:
|
||||
if "=" not in kv:
|
||||
continue
|
||||
k,v = kv.split("=",1)
|
||||
obj[k]=v
|
||||
print(json.dumps(obj, ensure_ascii=False))
|
||||
PY
|
||||
rand_pw_32() {
|
||||
need_cmd openssl
|
||||
# URL-safe-ish
|
||||
openssl rand -base64 32 | tr -d '\n' | tr '/+' 'Aa' | cut -c1-32
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user