CroneKorkN
730625e36c
every libs/*.py and hooks/*.py now starts with a one-line module docstring; every bin/* script starts with a `# purpose:` header. discovery-by-`ls`-and-read instead of by index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
71 lines
2.2 KiB
Python
Executable file
71 lines
2.2 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
# purpose: apt-update and full-upgrade every non-dummy debian node, then reboot in WireGuard-aware order.
|
|
|
|
from bundlewrap.repo import Repository
|
|
from os.path import realpath, dirname
|
|
from ipaddress import ip_interface
|
|
|
|
repo = Repository(dirname(dirname(realpath(__file__))))
|
|
nodes = [
|
|
node
|
|
for node in sorted(repo.nodes_in_group('debian'))
|
|
if not node.dummy
|
|
]
|
|
|
|
print('updating nodes:', sorted(node.name for node in nodes))
|
|
|
|
# UPDATE
|
|
|
|
for node in nodes:
|
|
print('--------------------------------------')
|
|
print('updating', node.name)
|
|
print('--------------------------------------')
|
|
repo.libs.wol.wake(node)
|
|
print(node.run('DEBIAN_FRONTEND=noninteractive apt update').stdout.decode())
|
|
print(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable').stdout.decode())
|
|
if int(node.run('DEBIAN_FRONTEND=noninteractive apt list --upgradable 2> /dev/null | grep upgradable | wc -l').stdout.decode()):
|
|
print(node.run('DEBIAN_FRONTEND=noninteractive apt -qy full-upgrade').stdout.decode())
|
|
|
|
# REBOOT IN ORDER
|
|
|
|
wireguard_servers = [
|
|
node
|
|
for node in nodes
|
|
if node.has_bundle('wireguard')
|
|
and (
|
|
ip_interface(node.metadata.get('wireguard/my_ip')).network.prefixlen <
|
|
ip_interface(node.metadata.get('wireguard/my_ip')).network.max_prefixlen
|
|
)
|
|
]
|
|
|
|
wireguard_s2s = [
|
|
node
|
|
for node in nodes
|
|
if node.has_bundle('wireguard')
|
|
and (
|
|
ip_interface(node.metadata.get('wireguard/my_ip')).network.prefixlen ==
|
|
ip_interface(node.metadata.get('wireguard/my_ip')).network.max_prefixlen
|
|
)
|
|
]
|
|
|
|
everything_else = [
|
|
node
|
|
for node in nodes
|
|
if not node.has_bundle('wireguard')
|
|
]
|
|
|
|
print('======================================')
|
|
|
|
for node in [
|
|
*everything_else,
|
|
*wireguard_s2s,
|
|
*wireguard_servers,
|
|
]:
|
|
try:
|
|
if node.run('test -e /var/run/reboot-required', may_fail=True).return_code == 0:
|
|
print('rebooting', node.name)
|
|
print(node.run('systemctl reboot').stdout.decode())
|
|
else:
|
|
print('not rebooting', node.name)
|
|
except Exception as e:
|
|
print(e)
|