#!/usr/bin/env bash # Push the built binaries, dashboard, and systemd unit files to both # SDP VMs, then enable + start the services. # # 92 (micro): ~/SDP/agent-micro, sdp-agent-micro.service # 186 (gateway): ~/SDP/{control-plane,agent-gateway,dashboard}, # sdp-control-plane.service, sdp-agent-gateway.service # # Nginx is configured by hand on 186 (out of scope for this script). # Run scripts/build.sh first. # # Sudo: the user password and the sudo password are assumed to be the # same on both VMs. Every sudo call uses `sudo -S -p ''` and reads the # password from a per-VM here-string. If your sudo password differs # from the login password, switch to a NOPASSWD rule in # /etc/sudoers.d/sdp-deploy and remove the piping. set -euo pipefail cd "$(dirname "$0")/.." REPO_ROOT="$(pwd)" # ponytail: paths can be overridden by env so the same script works from CI. HOST_92="${SDP_92_HOST:-administrator@172.18.136.92}" PASS_92="${SDP_92_PASS:-password}" HOST_186="${SDP_186_HOST:-administrator@172.18.139.186}" PASS_186="${SDP_186_PASS:-Bre@kthrough2312}" if ! command -v sshpass >/dev/null 2>&1; then echo "sshpass not found. Install with: brew install sshpass" >&2 exit 1 fi # -tt forces a TTY so sudo -S works without a "no tty" error. SSH_92="sshpass -p $PASS_92 ssh -tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR" SCP_92="sshpass -p $PASS_92 scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR" SSH_186="sshpass -p $PASS_186 ssh -tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR" SCP_186="sshpass -p $PASS_186 scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR" # Wraps a command in `sudo -S -p ''` and pipes the password. The # leading -S makes sudo read the password from stdin; -p '' suppresses # the "[sudo] password for ..." prompt so it doesn't end up in the # remote PTY output and confuse downstream parsing. sudo_run() { local pw="$1"; shift printf '%s\n' "$pw" | sudo -S -p '' "$@" } # run_remote_sudo # Runs `cmd` on the remote host under sudo, piping the password # through `sudo -S -p ''`. We also force PAGER/SYSTEMD_PAGER=cat # inside the sh -c so any systemctl / journalctl call (even if # piped further) doesn't open a pager over the ssh -tt TTY. run_remote_sudo() { local ssh_prefix="$1" local pw="$2" shift 2 local inner="" for a in "$@"; do inner+=" '"$(printf %s "$a" | sed "s/'/'\\\\''/g")"'" done $ssh_prefix "printf '%s\n' '$pw' | sudo -S -p '' sh -c 'export PAGER=cat SYSTEMD_PAGER=cat; $inner'" } # ponytail: Wipe-and-replace. The deploys are stateful on the VM only via # SQLite + .log files in ~/SDP/data — we keep that. Binaries, dashboard, # and unit files in /etc/systemd/system are replaced cleanly. REMOTE_RESET='rm -rf ~/SDP/bin ~/SDP/dashboard && mkdir -p ~/SDP/bin ~/SDP/dashboard' # install_unit install_unit() { local ssh_prefix="$1" local unit="$2" local pw="$3" run_remote_sudo "$ssh_prefix" "$pw" "systemctl stop $unit || true" run_remote_sudo "$ssh_prefix" "$pw" "install -m 644 -o root -g root /tmp/$unit /etc/systemd/system/$unit" run_remote_sudo "$ssh_prefix" "$pw" "systemctl daemon-reload" run_remote_sudo "$ssh_prefix" "$pw" "systemctl enable $unit" } # status_block # Prints a short status + last 10 journal lines. Uses sudo -S for # journalctl (always root-only) but `systemctl status` works for # the administrator's own services without sudo on most distros. # PAGER/SYSTEMD_PAGER=cat and --output=cat on journalctl defeat # the pager that would otherwise kick in over the ssh -tt TTY. status_block() { local ssh_prefix="$1" local unit="$2" local pw="$3" $ssh_prefix "echo ' status:'; PAGER=cat SYSTEMD_PAGER=cat systemctl --no-pager --full status $unit 2>/dev/null | head -3" $ssh_prefix "echo ' journal (last 10):'; export PAGER=cat SYSTEMD_PAGER=cat; printf '%s\n' '$pw' | sudo -S -p '' journalctl -u $unit -n 10 --no-pager --output=cat 2>/dev/null | head -20" } # restart_unit restart_unit() { local ssh_prefix="$1" local unit="$2" local pw="$3" run_remote_sudo "$ssh_prefix" "$pw" "systemctl restart $unit" } echo "==> 92: $HOST_92" $SSH_92 "$HOST_92" "$REMOTE_RESET" $SCP_92 "$REPO_ROOT/bin/agent-micro" "$HOST_92:~/SDP/bin/agent-micro" $SCP_92 "$REPO_ROOT/systemd/sdp-agent-micro.service" "$HOST_92:/tmp/sdp-agent-micro.service" $SSH_92 "$HOST_92" "chmod +x ~/SDP/bin/agent-micro" install_unit "$SSH_92 $HOST_92" sdp-agent-micro.service "$PASS_92" restart_unit "$SSH_92 $HOST_92" sdp-agent-micro "$PASS_92" status_block "$SSH_92 $HOST_92" sdp-agent-micro "$PASS_92" echo " agent-micro installed" echo echo "==> 186: $HOST_186" $SSH_186 "$HOST_186" "$REMOTE_RESET" $SCP_186 "$REPO_ROOT/bin/control-plane" "$HOST_186:~/SDP/bin/control-plane" $SCP_186 "$REPO_ROOT/bin/agent-gateway" "$HOST_186:~/SDP/bin/agent-gateway" $SCP_186 -r "$REPO_ROOT/dashboard/out/." "$HOST_186:~/SDP/dashboard/" $SCP_186 "$REPO_ROOT/systemd/sdp-control-plane.service" "$HOST_186:/tmp/sdp-control-plane.service" $SCP_186 "$REPO_ROOT/systemd/sdp-agent-gateway.service" "$HOST_186:/tmp/sdp-agent-gateway.service" $SSH_186 "$HOST_186" "chmod +x ~/SDP/bin/control-plane ~/SDP/bin/agent-gateway" # Control plane first so the gateway agent has something to dial. install_unit "$SSH_186 $HOST_186" sdp-control-plane.service "$PASS_186" restart_unit "$SSH_186 $HOST_186" sdp-control-plane "$PASS_186" status_block "$SSH_186 $HOST_186" sdp-control-plane "$PASS_186" install_unit "$SSH_186 $HOST_186" sdp-agent-gateway.service "$PASS_186" restart_unit "$SSH_186 $HOST_186" sdp-agent-gateway "$PASS_186" status_block "$SSH_186 $HOST_186" sdp-agent-gateway "$PASS_186" echo " control-plane, agent-gateway, dashboard installed" echo echo "done. (configure nginx by hand on 186; see AGENTS.md for the location block.)"