airship
/
divingbell
Code Issues Proposed changes

Blacklist Packages as an Extention of Apt 

- Extends apt daemonset to remove packages.
  - Uses a list of packages in remove and automove, so if a
    package gets installed that should not be it will be
    uninstalled when Divingbell runs again.

Change-Id: Id5c7ccead399a8c78621a0e593033e55412ff315
This commit is contained in:
Aaron Sheffield 2018-10-25 14:38:24 -05:00
parent 0f5567dc58
commit 3524908910
3 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
divingbell/templates/bin/_apt.sh.tpl
View File

@ -96,6 +96,19 @@ if [ ! -z "$INSTALLED_THIS_TIME" ]; then
sort ${persist_path}/packages -o ${persist_path}/packages sort ${persist_path}/packages -o ${persist_path}/packages
fi fi
######################################################
#Stage 4
#Remove blacklisted packages in conf.apt.blacklistpkgs
######################################################
{{- if hasKey .Values.conf.apt "blacklistpkgs" }}
{{- range .Values.conf.apt.blacklistpkgs }}
{{- $package := . }}
apt-get remove --autoremove -y {{ $package | squote }}
{{- end }}
apt-get autoremove -y
{{- end }}
exit 0 exit 0
EOF EOF

7
divingbell/values.yaml
View File

@ -24,6 +24,13 @@ images:
conf: conf:
chroot_mnt_path: '/mnt' chroot_mnt_path: '/mnt'
log_colors: False log_colors: False
apt:
blacklistpkgs:
- telnetd
- inetutils-telnetd
- telnetd-ssl
- nis
- ntpdate
## data.values.conf.sysctl ## data.values.conf.sysctl
# sysctl: # sysctl:

17
tools/gate/scripts/020-test-divingbell.sh
View File

@ -54,6 +54,7 @@ APT_PACKAGE3=python-simplejson
APT_VERSION3=3.8.1-1ubuntu2 APT_VERSION3=3.8.1-1ubuntu2
APT_PACKAGE4=less APT_PACKAGE4=less
APT_PACKAGE5=python-setuptools APT_PACKAGE5=python-setuptools
APT_PACKAGE6=telnetd
type lshw || apt -y install lshw type lshw || apt -y install lshw
nic_info="$(lshw -class network)" nic_info="$(lshw -class network)"
physical_nic='' physical_nic=''
@ -764,7 +765,8 @@ _test_apt_package_version(){
local pkg_name=$1 local pkg_name=$1
local pkg_ver=$2 local pkg_ver=$2
if [ ${pkg_ver} = "none" ]; then if [ ${pkg_ver} = "none" ]; then
if [[ $(dpkg -l | grep ${pkg_name}) ]]; then # Does not include residual-config
if [[ $(dpkg -l | grep ${pkg_name} | grep -v ^rc) ]]; then
echo "[FAIL] Package ${pkg_name} should not be installed" >> "${TEST_RESULTS}" echo "[FAIL] Package ${pkg_name} should not be installed" >> "${TEST_RESULTS}"
return 1 return 1
fi fi
@ -846,6 +848,19 @@ test_apt(){
get_container_status apt expect_failure get_container_status apt expect_failure
_test_clog_msg 'E: Unable to locate package some-random-name' _test_clog_msg 'E: Unable to locate package some-random-name'
echo '[SUCCESS] apt test5 passed successfully' >> "${TEST_RESULTS}" echo '[SUCCESS] apt test5 passed successfully' >> "${TEST_RESULTS}"
# Test blacklistpkgs
local overrides_yaml=${LOGS_SUBDIR}/${FUNCNAME}-set1.yaml
echo "conf:
apt:
packages:
- name: $APT_PACKAGE6
blacklistpkgs:
- $APT_PACKAGE6" > "${overrides_yaml}"
install_base "--values=${overrides_yaml}"
get_container_status apt
_test_apt_package_version $APT_PACKAGE6 none
echo '[SUCCESS] apt test6 passed successfully' >> "${TEST_RESULTS}"
} }
# test daemonset value overrides for hosts and labels # test daemonset value overrides for hosts and labels