Update the worker to make it more generic

.github/workflows/release.yml

@@ -27,7 +27,7 @@ jobs:
         with:
             platforms: 'linux/amd64'
             package: 'src'
-            name: 'rhc-worker-bash-${{ steps.tagName.outputs.tag }}'
+            name: 'rhc-worker-${{ steps.tagName.outputs.tag }}'
             compress: 'true'
             dest: 'dist'
 

.packit.yaml

@@ -1,7 +1,7 @@
-specfile_path: packaging/rhc-worker-bash.spec
-upstream_package_name: rhc-worker-bash
-downstream_package_name: rhc-worker-bash
-upstream_project_url: https://github.com/oamg/rhc-worker-bash
+specfile_path: packaging/rhc-worker.spec
+upstream_package_name: rhc-worker
+downstream_package_name: rhc-worker
+upstream_project_url: https://github.com/oamg/rhc-worker
 
 srpm_build_deps: [golang, make]
 
@@ -10,22 +10,22 @@ jobs:
 - job: copr_build
   enable_net: true
   owner: "@oamg"
-  project: "rhc-worker-bash"
+  project: "rhc-worker"
   targets:
     - epel-7-x86_64
   trigger: pull_request
   actions:
     # do not get the version from a tag (git describe) but from the spec file
     get-current-version:
-      - grep -oP '^Version:\s+\K\S+' packaging/rhc-worker-bash.spec
+      - grep -oP '^Version:\s+\K\S+' packaging/rhc-worker.spec
     create-archive:
       - "make distribution-tarball"
-      - bash -c "ls -1 ./rhc-worker-bash-*.tar.gz"
+      - bash -c "ls -1 ./rhc-worker-*.tar.gz"
 
 - job: copr_build
   enable_net: true
   owner: "@oamg"
-  project: "rhc-worker-bash"
+  project: "rhc-worker"
   targets:
     - epel-7-x86_64
   trigger: commit
@@ -34,11 +34,11 @@ jobs:
     # bump spec so we get release starting with 2 and hence all the default branch builds will
     # have higher NVR than all the PR builds
     post-upstream-clone:
-      - rpmdev-bumpspec --comment='latest upstream build' ./packaging/rhc-worker-bash.spec
+      - rpmdev-bumpspec --comment='latest upstream build' ./packaging/rhc-worker.spec
 
     # do not get the version from a tag (git describe) but from the spec file
     get-current-version:
-      - grep -oP '^Version:\s+\K\S+' packaging/rhc-worker-bash.spec
+      - grep -oP '^Version:\s+\K\S+' packaging/rhc-worker.spec
     create-archive:
       - "make distribution-tarball"
-      - bash -c "ls -1 ./rhc-worker-bash-*.tar.gz"
+      - bash -c "ls -1 ./rhc-worker-*.tar.gz"

CONTRIBUTING.md

@@ -98,7 +98,7 @@ can run a series of pre-defined hooks against our codebase to keep it clean and
 maintainable. Here is an example of output from `pre-commit` being run:
 
 ```
-(.venv3) [rhc-worker-bash]$ pre-commit run --all-files
+(.venv3) [rhc-worker]$ pre-commit run --all-files
 golangci-lint............................................................Passed
 fix end of files.........................................................Passed
 trim trailing whitespace.................................................Passed

Makefile

@@ -12,7 +12,7 @@
 
 # Project constants
 VERSION ?= 0.2
-PKGNAME ?= rhc-worker-bash
+PKGNAME ?= rhc-worker
 GO_SOURCES := $(wildcard src/*.go)
 PYTHON ?= python3
 PIP ?= pip3
@@ -45,7 +45,7 @@ clean:
 
 build: $(GO_SOURCES)
 	mkdir -p build
-	CGO_ENABLED=0 go build -o build/rhc-bash-worker $^
+	CGO_ENABLED=0 go build -o build/rhc-worker $^
 
 distribution-tarball:
 	go mod vendor

README.md

@@ -1,22 +1,22 @@
-![Tests](https://github.com/oamg/rhc-worker-bash/actions/workflows/tests.yml/badge.svg)
-[![codecov](https://codecov.io/github/oamg/rhc-worker-bash/branch/main/graph/badge.svg?token=6MRLOJS2SJ)](https://codecov.io/github/oamg/rhc-worker-bash)
+![Tests](https://github.com/oamg/rhc-worker/actions/workflows/tests.yml/badge.svg)
+[![codecov](https://codecov.io/github/oamg/rhc-worker/branch/main/graph/badge.svg?token=6MRLOJS2SJ)](https://codecov.io/github/oamg/rhc-worker)
 
 # RHC Worker Bash
 
 Remote Host Configuration (rhc) worker for executing bash scripts on hosts
 managed by Red Hat Insights.
 
-- [RHC Worker Bash](#rhc-worker-bash)
+- [RHC Worker Bash](#rhc-worker)
   - [General workflow of the worker](#general-workflow-of-the-worker)
   - [Getting started with local development](#getting-started-with-local-development)
     - [Publish first message](#publish-first-message)
     - [Worker playbooks](#worker-playbooks)
       - [Custom playbook](#custom-playbook)
       - [Convert2RHEL Playbook](#convert2rhel-playbook)
   - [FAQ](#faq)
-    - [Are there special environment variables used by `rhc-worker-bash`?](#are-there-special-environment-variables-used-by-rhc-worker-bash)
-    - [Can I change behavior of `rhc-worker-bash`?](#can-i-change-behavior-of-rhc-worker-bash)
-    - [Can I change the location of `rhc-worker-bash` config?](#can-i-change-the-location-of-rhc-worker-bash-config)
+    - [Are there special environment variables used by `rhc-worker`?](#are-there-special-environment-variables-used-by-rhc-worker)
+    - [Can I change behavior of `rhc-worker`?](#can-i-change-behavior-of-rhc-worker)
+    - [Can I change the location of `rhc-worker` config?](#can-i-change-the-location-of-rhc-worker-config)
   - [Contact](#contact)
     - [Package maintainers](#package-maintainers)
 
@@ -83,18 +83,19 @@ vagrant ssh -- -t 'rhcd --log-level trace \
 
 ### Worker playbooks
 
-There is an [example playbook](
-https://github.com/oamg/rhc-worker-bash/blob/main/development/nginx/data/example.yaml)
+There is an [example bash playbook](
+https://github.com/oamg/rhc-worker/blob/main/development/nginx/data/example_bash.yaml)
 available under `development/nginx/data`, with a minimal bash script to use
 during the worker execution.
 
 If there's a need to test any other playbook provided in this repository, one
 must change what playbook will be used during the message consumption in the
-[mqtt_publish.py](https://github.com/oamg/rhc-worker-bash/blob/main/development/python/mqtt_publish.py#L22)
+[mqtt_publish.py](https://github.com/oamg/rhc-worker/blob/main/development/python/mqtt_publish.py#L22)
 file with the name that corresponds the ones present in `development/nginx/data`. Currently, the ones available are:
 
-1. [example.yaml](https://github.com/oamg/rhc-worker-bash/blob/main/development/nginx/data/example.yaml)
-2. [convert2rhel.yaml](https://github.com/oamg/rhc-worker-bash/blob/main/development/nginx/data/convert2rhel.yaml)
+1. [example_bash.yaml](https://github.com/oamg/rhc-worker/blob/main/development/nginx/data/example_bash.yaml)
+2. [example_python.yaml](https://github.com/oamg/rhc-worker/blob/main/development/nginx/data/example_python.yaml)
+3. [convert2rhel.yaml](https://github.com/oamg/rhc-worker/blob/main/development/nginx/data/convert2rhel.yaml)
 
 #### Custom playbook
 
@@ -112,23 +113,23 @@ A specialized [Convert2RHEL](https://github.com/oamg/convert2rhel) playbook can
 
 ## FAQ
 
-### Are there special environment variables used by `rhc-worker-bash`?
+### Are there special environment variables used by `rhc-worker`?
 
 There is one special variable that must be set in order to run our worker and that is `YGG_SOCKET_ADDR`, this variable value is set by `rhcd` via `--socket-addr` option.
 
 Other than that there are no special variables, however if downloaded yaml file contained `content_vars` (like the example above), then before the execution of the bash script (`content`) all such variables are set as environment variables and prefixed with `RHC_WORKER_`, after script execution is done they are unset.
 
-### Can I change behavior of `rhc-worker-bash`?
+### Can I change behavior of `rhc-worker`?
 
-Yes, some values can be changed if config exists at `/etc/rhc/workers/rhc-worker-bash.yml`, **the config must have valid yaml format**, see all available fields below.
+Yes, some values can be changed if config exists at `/etc/rhc/workers/rhc-worker.yml`, **the config must have valid yaml format**, see all available fields below.
 
 Example of full config (with default values):
 
 ```yaml
-# rhc-worker-bash configuration
+# rhc-worker configuration
 
 # recipient directive to register with dispatcher
-directive: "rhc-worker-bash"
+directive: "rhc-worker"
 
 # whether to verify incoming yaml files
 verify_yaml: true
@@ -137,10 +138,10 @@ verify_yaml: true
 insights_core_gpg_check: true
 
 # temporary directory in which the temporary files with executed bash scripts are created
-temporary_worker_directory: "/var/lib/rhc-worker-bash"
+temporary_worker_directory: "/var/lib/rhc-worker"
 ```
 
-### Can I change the location of `rhc-worker-bash` config?
+### Can I change the location of `rhc-worker` config?
 
 No, not right now. If you want this feature please create an issue or upvote already existing issue.
 

development/nginx/data/example.yml → development/nginx/data/example_bash.yml

@@ -4,9 +4,9 @@
     insights_signature: |
       ascii_armored gpg signature
     insights_signature_exclude: "/vars/insights_signature,/vars/content_vars"
+    interpreter: /bin/bash
     content: |
-      #!/bin/sh
-      echo "Hello, world!"
+      echo "Hello, world!" > /root/bash.txt
     content_vars:
       # variables that will be handed to the script as environment vars
       # will be prefixed with RHC_WORKER_*

development/nginx/data/example_python.yml

@@ -0,0 +1,20 @@
+- name: Hello World Example
+  vars:
+    # Signature to validate that no one tampered with script
+    insights_signature: |
+      ascii_armored gpg signature
+    insights_signature_exclude: "/vars/insights_signature,/vars/content_vars"
+    interpreter: /usr/bin/python
+    content: |
+      def main():
+        print("Hello, Python!")
+
+        with open("/root/python.txt", "w") as handler:
+          handler.write("Hello, Python!")
+
+      main()
+    content_vars:
+      # variables that will be handed to the script as environment vars
+      # will be prefixed with RHC_WORKER_*
+      FOO: bar
+      BAR: foo

development/python/mqtt_publish.py

@@ -12,20 +12,20 @@ def get_ip_address():
   return host_ip
 
 # This is changed everytime you refresh the box and register the machine again.
-CLIENT_ID = "26468815-8407-4058-bcc8-6bcb4eae51c1"
+CLIENT_ID = "f7fb5fa0-9580-4c18-9658-f95885cb31b5"
 BROKER = '127.0.0.1'
 BROKER_PORT = 1883
 TOPIC = f"yggdrasil/{CLIENT_ID}/data/in"
 
 # NOTE: currently can be whatever you placed inside devleopment/nginx/data folder
-SERVED_FILENAME = "example.yml"
+SERVED_FILENAME = "example_bash.yml"
 
 MESSAGE = {
   "type": "data",
   "message_id": str(uuid.uuid4()),
   "version": 1,
   "sent": "2021-01-12T14:58:13+00:00", # str(datetime.datetime.now().isoformat()),
-  "directive": 'rhc-worker-bash',
+  "directive": 'rhc-worker',
   "content": f'http://{get_ip_address()}:8000/data/{SERVED_FILENAME}',
   "metadata": {
       "correlation_id": "00000000-0000-0000-0000-000000000000",

go.mod

@@ -1,4 +1,4 @@
-module github.com/oamg/rhc-worker-bash
+module github.com/oamg/rhc-worker
 
 go 1.16
 

packaging/rhc-worker-bash.spec → packaging/rhc-worker.spec

@@ -4,8 +4,7 @@
 %define debug_package %{nil}
 
 %global repo_orgname oamg
-%global repo_name rhc-worker-bash
-%global binary_name rhc-bash-worker
+%global repo_name rhc-worker
 %global rhc_libexecdir %{_libexecdir}/rhc
 %{!?_root_sysconfdir:%global _root_sysconfdir %{_sysconfdir}}
 %global rhc_worker_conf_dir %{_root_sysconfdir}/rhc/workers
@@ -45,28 +44,28 @@ managed by Red Hat Insights.
 
 %build
 mkdir -p _gopath/src
-ln -fs $(pwd)/src _gopath/src/%{binary_name}-%{version}
-ln -fs $(pwd)/vendor _gopath/src/%{binary_name}-%{version}/vendor
+ln -fs $(pwd)/src _gopath/src/%{repo_name}-%{version}
+ln -fs $(pwd)/vendor _gopath/src/%{repo_name}-%{version}/vendor
 export GOPATH=$(pwd)/_gopath
-pushd _gopath/src/%{binary_name}-%{version}
+pushd _gopath/src/%{repo_name}-%{version}
 %if %{use_go_toolset_1_16}
 scl enable go-toolset-1.16 -- %{gobuild}
 %else
 %{gobuild}
 %endif
-strip %{binary_name}-%{version}
+strip %{repo_name}-%{version}
 popd
 
 
 %install
-# Create a temporary directory /var/lib/rhc-worker-bash - used mainly for storing temporary files
-install -d %{buildroot}%{_sharedstatedir}/%{binary_name}/
+# Create a temporary directory /var/lib/rhc-worker - used mainly for storing temporary files
+install -d %{buildroot}%{_sharedstatedir}/%{repo_name}/
 
-install -D -m 755 _gopath/src/%{binary_name}-%{version}/%{binary_name}-%{version} %{buildroot}%{rhc_libexecdir}/%{binary_name}
+install -D -m 755 _gopath/src/%{repo_name}-%{version}/%{repo_name}-%{version} %{buildroot}%{rhc_libexecdir}/%{repo_name}
 install -D -d -m 755 %{buildroot}%{rhc_worker_conf_dir}
 
 %files
-%{rhc_libexecdir}/%{binary_name}
+%{rhc_libexecdir}/%{repo_name}
 %license LICENSE
 %doc README.md
 

rhc-worker.yml

@@ -0,0 +1,11 @@
+# recipient directive to register with dispatcher
+directive: "rhc-worker"
+
+# whether to verify incoming yaml files
+verify_yaml: false
+
+# perform the insights-client GPG check on the insights-core egg
+insights_core_gpg_check: false
+
+# temporary directory in which the temporary script will be placed and executed.
+temporary_worker_directory: "/var/lib/rhc-worker"

src/fixtures_test.go

@@ -7,6 +7,7 @@ var ExampleYamlData = []byte(
   vars:
     insights_signature: "ascii_armored gpg signature"
     insights_signature_exclude: "/vars/insights_signature,/vars/content_vars"
+    interpreter: /bin/bash
     content: |
         #!/bin/sh
         echo "$RHC_WORKER_FOO $RHC_WORKER_BAR!"

src/main.go

@@ -14,9 +14,9 @@ import (
 )
 
 // Initialized in main
-const configFilePath = "/etc/rhc/workers/rhc-worker-bash.yml"
-const logDir = "/var/log/rhc-worker-bash"
-const logFileName = "rhc-worker-bash.log"
+const configFilePath = "/etc/rhc/workers/rhc-worker.yml"
+const logDir = "/var/log/rhc-worker"
+const logFileName = "rhc-worker.log"
 
 var yggdDispatchSocketAddr string
 var config *Config
@@ -52,11 +52,11 @@ func main() {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	defer cancel()
 
-	// Register as a handler of the "rhc-worker-bash" type.
+	// Register as a handler of the "rhc-worker" type.
 	r, err := c.Register(
 		ctx,
 		&pb.RegistrationRequest{
-			Handler:         "rhc-worker-bash",
+			Handler:         "rhc-worker",
 			Pid:             int64(os.Getpid()),
 			DetachedContent: true,
 		})

src/runner.go

@@ -15,6 +15,7 @@ type signedYamlContentVars struct {
 	InsightsSignature        string            `yaml:"insights_signature"`
 	InsightsSignatureExclude string            `yaml:"insights_signature_exclude"`
 	Content                  string            `yaml:"content"`
+	Interpreter              string            `yaml:"interpreter"`
 	ContentVars              map[string]string `yaml:"content_vars"`
 }
 
@@ -119,16 +120,16 @@ func processSignedScript(incomingContent []byte) string {
 	yamlContent := signedYamlArray[0]
 
 	// Write the file contents to the temporary disk
-	log.Infoln("Writing temporary bash script")
+	log.Infof("Writing temporary script to %s", *config.TemporaryWorkerDirectory)
 	scriptFileName := writeFileToTemporaryDir(
 		[]byte(yamlContent.Vars.Content), *config.TemporaryWorkerDirectory)
 	defer os.Remove(scriptFileName)
 
-	log.Infoln("Processing bash script ...")
+	log.Infoln("Processing script ...")
 
 	// Execute script
-	log.Infoln("Executing bash script...")
-	cmd := exec.Command("/bin/sh", scriptFileName)
+	log.Infoln("Executing script...")
+	cmd := exec.Command(yamlContent.Vars.Interpreter, scriptFileName) //nolint:gosec
 	setEnvVariablesForCommand(cmd, yamlContent.Vars.ContentVars)
 
 	out, err := cmd.Output()
@@ -137,6 +138,6 @@ func processSignedScript(incomingContent []byte) string {
 		return ""
 	}
 
-	log.Infoln("Bash script executed successfully")
+	log.Infoln("Script executed successfully.")
 	return string(out)
 }