Make init-network.sh sourceable, tune runner's tailscale hostname

2024-11-22 23:52:03 +00:00 · 2024-04-30 16:33:22 +02:00 · 2024-04-30 16:33:22 +02:00 · b74ce036fa
commit b74ce036fa
parent 6c0450f8ff
1 changed files with 46 additions and 21 deletions
--- a/tests/ci/worker/prepare-ci-ami.sh
+++ b/tests/ci/worker/prepare-ci-ami.sh
@ -155,31 +155,56 @@ apt-get install tailscale --yes --no-install-recommends

 # Create a common script for the instances
 mkdir /usr/local/share/scripts -p
-cat > /usr/local/share/scripts/init-network.sh << 'EOF'
-#!/usr/bin/env bash
+setup_cloudflare_dns() {
+    # Add cloudflare DNS as a fallback
+    # Get default gateway interface
+    local IFACE ETH_DNS CLOUDFLARE_NS new_dns
+    IFACE=$(ip --json route list | jq '.[]|select(.dst == "default").dev' --raw-output)
+    # `Link 2 (eth0): 172.31.0.2`
+    ETH_DNS=$(resolvectl dns "$IFACE") || :
+    CLOUDFLARE_NS=1.1.1.1
+    if [[ "$ETH_DNS" ]] && [[ "${ETH_DNS#*: }" != *"$CLOUDFLARE_NS"* ]]; then
+      # Cut the leading legend
+      ETH_DNS=${ETH_DNS#*: }
+      # shellcheck disable=SC2206
+      new_dns=(${ETH_DNS} "$CLOUDFLARE_NS")
+      resolvectl dns "$IFACE" "${new_dns[@]}"
+    fi
+}

-# Add cloudflare DNS as a fallback
-# Get default gateway interface
-IFACE=$(ip --json route list | jq '.[]|select(.dst == "default").dev' --raw-output)
-# `Link 2 (eth0): 172.31.0.2`
-ETH_DNS=$(resolvectl dns "$IFACE") || :
-CLOUDFLARE_NS=1.1.1.1
-if [[ "$ETH_DNS" ]] && [[ "${ETH_DNS#*: }" != *"$CLOUDFLARE_NS"* ]]; then
-  # Cut the leading legend
-  ETH_DNS=${ETH_DNS#*: }
-  # shellcheck disable=SC2206
-  new_dns=(${ETH_DNS} "$CLOUDFLARE_NS")
-  resolvectl dns "$IFACE" "${new_dns[@]}"
-fi
+setup_tailscale() {
+    # Setup tailscale, the very first action
+    local TS_API_CLIENT_ID TS_API_CLIENT_SECRET TS_AUTHKEY RUNNER_TYPE
+    TS_API_CLIENT_ID=$(aws ssm get-parameter --region us-east-1 --name /tailscale/api-client-id --query 'Parameter.Value' --output text --with-decryption)
+    TS_API_CLIENT_SECRET=$(aws ssm get-parameter --region us-east-1 --name /tailscale/api-client-secret --query 'Parameter.Value' --output text --with-decryption)

-# Setup tailscale, the very first action
-TS_API_CLIENT_ID=$(aws ssm get-parameter --region us-east-1 --name /tailscale/api-client-id --query 'Parameter.Value' --output text --with-decryption)
-TS_API_CLIENT_SECRET=$(aws ssm get-parameter --region us-east-1 --name /tailscale/api-client-secret --query 'Parameter.Value' --output text --with-decryption)
-export TS_API_CLIENT_ID TS_API_CLIENT_SECRET
-TS_AUTHKEY=$(get-authkey -tags tag:svc-core-ci-github -reusable -ephemeral)
-tailscale up --ssh --auth-key="$TS_AUTHKEY" --hostname="ci-runner-$INSTANCE_ID"
+    RUNNER_TYPE=$(/usr/local/bin/aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" --query "Tags[?Key=='github:runner-type'].Value" --output text)
+    RUNNER_TYPE=${RUNNER_TYPE:-unknown}
+    # Clean possible garbage from the runner type
+    RUNNER_TYPE=${RUNNER_TYPE//[^0-9a-z]/-}
+    TS_AUTHKEY=$(TS_API_CLIENT_ID="$TS_API_CLIENT_ID" TS_API_CLIENT_SECRET="$TS_API_CLIENT_SECRET" \
+                 get-authkey -tags tag:svc-core-ci-github -reusable -ephemeral)
+    tailscale up --ssh --auth-key="$TS_AUTHKEY" --hostname="ci-runner-$RUNNER_TYPE-$INSTANCE_ID"
+}
+
+cat > /usr/local/share/scripts/init-network.sh << EOF
+!/usr/bin/env bash
+$(declare -f setup_cloudflare_dns)
+
+$(declare -f setup_tailscale)
+
+# If the script is sourced, it will return now and won't execute functions
+return 0 &>/dev/null || :
+
+echo Setup Cloudflare DNS
+setup_cloudflare_dns
+
+echo Setup Tailscale VPN
+setup_tailscale
 EOF

+chmod +x /usr/local/share/scripts/init-network.sh
+

 # The following line is used in aws TOE check.
 touch /var/tmp/clickhouse-ci-ami.success