feat(node): Configuration revamp (SetupOS integration) (#3270)

NODE-1360 The IC-OS tool has been created, but not yet used by the IC-OS: #1539 This PR integrates the config tool into SetupOS. The config tool is utilized for config sanitization, organization, and access. Note that the *old* config is still being passed to HostOS, so this PR should have no impact on HostOS or GuestOS
dfinity · Jan 8, 2025 · 36e2b45 · 36e2b45
1 parent 1ed522a
commit 36e2b45
Show file tree

Hide file tree

Showing 20 changed files with 276 additions and 287 deletions.
diff --git a/ic-os/components/misc/config/setupos/config.sh b/ic-os/components/misc/config/setupos/config.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Shared config utilities.
+
+# Retrieves a value from the config.json file using a JSON path.
+# Arguments:
+#   $1 - JSON path to the desired value (e.g., '.icos_settings.nns_urls')
+# Note: If the key is not found, this function will return null.
+function get_config_value() {
+    local CONFIG_FILE="/var/ic/config/config.json"
+    local key=$1
+    jq -r "${key}" "${CONFIG_FILE}"
+}
diff --git a/ic-os/components/setupos-scripts/check-config.sh b/ic-os/components/setupos-scripts/check-config.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# check-config.sh verifies the existence of the configuration JSON file created by config.service,
+# halting the installation if not found.
+
+set -o nounset
+set -o pipefail
+
+SHELL="/bin/bash"
+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
+
+source /opt/ic/bin/functions.sh
+
+check_config_file() {
+    echo "* Checking Config..."
+    local CONFIG_FILE="/var/ic/config/config.json"
+
+    if [ -f "${CONFIG_FILE}" ]; then
+        local config_contents=$(cat "${CONFIG_FILE}")
+        echo -e "Configuration file '${CONFIG_FILE}' exists.\n"
+        echo -e "File contents:\n${config_contents}"
+    else
+        local service_logs=$(journalctl -u config.service --no-pager)
+        local log_message="Error creating SetupOS configuration. Configuration file '${CONFIG_FILE}' does not exist.\n\nConfig.service logs:\n${service_logs}"
+
+        log_and_halt_installation_on_error 1 "${log_message}"
+    fi
+}
+
+# Establish run order
+main() {
+    log_start "$(basename $0)"
+    check_config_file
+    log_end "$(basename $0)"
+}
+
+main
diff --git a/ic-os/components/setupos-scripts/check-hardware.sh b/ic-os/components/setupos-scripts/check-hardware.sh
@@ -32,8 +32,6 @@ GEN2_MINIMUM_AGGREGATE_DISK_SIZE=32000000000000
 GEN1_MINIMUM_DISK_SIZE=3200000000000
 GEN1_MINIMUM_AGGREGATE_DISK_SIZE=32000000000000
 
-CONFIG_DIR="/var/ic/config"
-
 function check_generation() {
     echo "* Checking Generation..."
 
@@ -249,6 +247,7 @@ function verify_disks() {
 
 function verify_deployment_path() {
     echo "* Verifying deployment path..."
+
     if [[ ${GENERATION} == 2 ]] && [[ ! -f "${CONFIG_DIR}/node_operator_private_key.pem" ]]; then
         echo -e "\n\n\n\n\n\n"
         echo -e "\033[1;31mWARNING: Gen2 hardware detected but no Node Operator Private Key found.\033[0m"
@@ -261,33 +260,6 @@ function verify_deployment_path() {
     fi
 }
 
-# TODO(NODE-1477): delete in configuration revamp integration
-CONFIG="${CONFIG:=/var/ic/config/config.ini}"
-
-function read_variables() {
-    # Read limited set of keys. Be extra-careful quoting values as it could
-    # otherwise lead to executing arbitrary shell code!
-    while IFS="=" read -r key value; do
-        case "$key" in
-            "node_reward_type") node_reward_type="${value}" ;;
-        esac
-    done <"${CONFIG}"
-}
-
-function validate_node_reward() {
-    read_variables
-    if [[ -z "$node_reward_type" ]]; then
-        echo "Node reward type is not set. Skipping validation."
-        return 0
-    fi
-
-    if [[ ! "$node_reward_type" =~ ^type[0-9]+(\.[0-9])?$ ]]; then
-        log_and_halt_installation_on_error 1 "Configuration error: node_reward_type is invalid: ${node_reward_type}"
-    fi
-
-    echo "Valid node reward type: ${node_reward_type}"
-}
-
 # Establish run order
 main() {
     log_start "$(basename $0)"
@@ -297,7 +269,6 @@ main() {
         verify_memory
         verify_disks
         verify_deployment_path
-        validate_node_reward
     else
         echo "* Hardware checks skipped by request via kernel command line"
         GENERATION=2

diff --git a/ic-os/components/setupos-scripts/check-network.sh b/ic-os/components/setupos-scripts/check-network.sh
@@ -6,24 +6,16 @@ set -o pipefail
 SHELL="/bin/bash"
 PATH="/sbin:/bin:/usr/sbin:/usr/bin"
 
+source /opt/ic/bin/config.sh
 source /opt/ic/bin/functions.sh
 
-CONFIG="${CONFIG:=/var/ic/config/config.ini}"
-DEPLOYMENT="${DEPLOYMENT:=/data/deployment.json}"
-
-function read_variables() {
-    # Read limited set of keys. Be extra-careful quoting values as it could
-    # otherwise lead to executing arbitrary shell code!
-    while IFS="=" read -r key value; do
-        case "$key" in
-            "ipv6_prefix") ipv6_prefix="${value}" ;;
-            "ipv6_gateway") ipv6_gateway="${value}" ;;
-            "ipv4_address") ipv4_address="${value}" ;;
-            "ipv4_prefix_length") ipv4_prefix_length="${value}" ;;
-            "ipv4_gateway") ipv4_gateway="${value}" ;;
-            "domain") domain="${value}" ;;
-        esac
-    done <"${CONFIG}"
+function read_config_variables() {
+    ipv6_prefix=$(get_config_value '.network_settings.ipv6_config.Deterministic.prefix')
+    ipv6_gateway=$(get_config_value '.network_settings.ipv6_config.Deterministic.gateway')
+    ipv4_address=$(get_config_value '.network_settings.ipv4_config.address')
+    ipv4_prefix_length=$(get_config_value '.network_settings.ipv4_config.prefix_length')
+    ipv4_gateway=$(get_config_value '.network_settings.ipv4_config.gateway')
+    domain_name=$(get_config_value '.network_settings.domain_name')
 }
 
 # WARNING: Uses 'eval' for command execution.
@@ -109,11 +101,13 @@ function print_network_settings() {
     echo "* Printing user defined network settings..."
     echo "  IPv6 Prefix : ${ipv6_prefix}"
     echo "  IPv6 Gateway: ${ipv6_gateway}"
-    if [[ -v ipv4_address && -n ${ipv4_address} && -v ipv4_prefix_length && -n ${ipv4_prefix_length} && -v ipv4_gateway && -n ${ipv4_gateway} && -v domain && -n ${domain} ]]; then
+    if [[ -n ${ipv4_address} && -n ${ipv4_prefix_length} && -n ${ipv4_gateway} ]]; then
         echo "  IPv4 Address: ${ipv4_address}"
         echo "  IPv4 Prefix Length: ${ipv4_prefix_length}"
         echo "  IPv4 Gateway: ${ipv4_gateway}"
-        echo "  Domain name : ${domain}"
+    fi
+    if [[ -n ${domain_name} ]]; then
+        echo "  Domain name : ${domain_name}"
     fi
     echo " "
 
@@ -134,10 +128,10 @@ function validate_domain_name() {
     local domain_part
     local -a domain_parts
 
-    IFS='.' read -ra domain_parts <<<"${domain}"
+    IFS='.' read -ra domain_parts <<<"${domain_name}"
 
     if [ ${#domain_parts[@]} -lt 2 ]; then
-        log_and_halt_installation_on_error 1 "Domain validation error: less than two domain parts in domain: ${domain}"
+        log_and_halt_installation_on_error 1 "Domain validation error: less than two domain parts in domain: ${domain_name}"
     fi
 
     for domain_part in "${domain_parts[@]}"; do
@@ -184,17 +178,13 @@ function ping_ipv6_gateway() {
     echo " "
 }
 
-function assemble_nns_nodes_list() {
-    NNS_URL_STRING=$(/opt/ic/bin/fetch-property.sh --key=.nns.url --config=${DEPLOYMENT})
-    IFS=',' read -r -a NNS_URL_LIST <<<"$NNS_URL_STRING"
-}
-
 function query_nns_nodes() {
     echo "* Querying NNS nodes..."
 
+    local nns_url_list=($(get_config_value '.icos_settings.nns_urls' | jq -r '.[]'))
     local success=false
-    # At least one of the provided URLs needs to work.
-    for url in "${NNS_URL_LIST[@]}"; do
+
+    for url in "${nns_url_list[@]}"; do
         # When running against testnets, we need to ignore self signed certs
         # with `--insecure`. This check is only meant to confirm from SetupOS
         # that NNS urls are reachable, so we do not mind that it is "weak".
@@ -218,7 +208,7 @@ function query_nns_nodes() {
 main() {
     log_start "$(basename $0)"
     if kernel_cmdline_bool_default_true ic.setupos.check_network; then
-        read_variables
+        read_config_variables
         get_network_settings
         print_network_settings
 
@@ -229,7 +219,6 @@ main() {
         fi
 
         ping_ipv6_gateway
-        assemble_nns_nodes_list
         query_nns_nodes
     else
         echo "* Network checks skipped by request via kernel command line"

diff --git a/ic-os/components/setupos-scripts/config.service b/ic-os/components/setupos-scripts/config.service
@@ -6,9 +6,9 @@ Before=setupos.service
 [Service]
 Type=oneshot
 RemainAfterExit=true
-ExecStart=/opt/ic/bin/output-wrapper.sh /dev/ttyS0 /opt/ic/bin/config.sh
-StandardOutput=tty
-StandardError=tty
+ExecStart=/opt/ic/bin/config create-setupos-config
+StandardOutput=journal+console
+StandardError=journal+console
 
 [Install]
 WantedBy=multi-user.target
diff --git a/ic-os/components/setupos-scripts/config.sh b/ic-os/components/setupos-scripts/config.sh