Documentation
¶
Overview ¶
package bootstrap provides cleanup and signal handling for bootstrap sessions. This file contains functionality to recover from crashes, handle graceful shutdown, and clean up orphaned temporary keys from remote hosts.
package bootstrap provides functionality for bootstrapping new hosts by creating temporary SSH keys, managing bootstrap sessions, and performing atomic account setup. This package handles the complex workflow of securely adding new hosts to Keymaster without requiring manual system key distribution.
Index ¶
- Constants
- func CleanupAllActiveSessions() error
- func CleanupExpiredSessions() error
- func InstallSignalHandler()
- func RecoverFromCrash() error
- func RegisterSession(session *BootstrapSession)
- func StartSessionReaper()
- func UnregisterSession(sessionID string)
- type BootstrapSession
- type SessionStatus
- type TemporaryKeyPair
Constants ¶
const BootstrapTimeout = 30 * time.Minute
BootstrapTimeout is the maximum duration a bootstrap session can remain active.
Variables ¶
This section is empty.
Functions ¶
func CleanupAllActiveSessions ¶
func CleanupAllActiveSessions() error
CleanupAllActiveSessions attempts to remove temporary keys from remote hosts and clean up all currently active bootstrap sessions.
func CleanupExpiredSessions ¶
func CleanupExpiredSessions() error
CleanupExpiredSessions removes bootstrap sessions that have exceeded their timeout. This should be called periodically to prevent database accumulation.
func InstallSignalHandler ¶
func InstallSignalHandler()
InstallSignalHandler sets up signal handling for graceful shutdown. This ensures that temporary keys are cleaned up even if the program is interrupted. It's safe to call this multiple times - subsequent calls are ignored.
func RecoverFromCrash ¶
func RecoverFromCrash() error
RecoverFromCrash identifies and cleans up orphaned bootstrap sessions. This should be called during application startup to handle sessions that were interrupted by a program crash or force-kill.
func RegisterSession ¶
func RegisterSession(session *BootstrapSession)
RegisterSession adds a bootstrap session to the active sessions registry. This ensures the session can be cleaned up even if the program crashes.
func StartSessionReaper ¶
func StartSessionReaper()
StartSessionReaper launches a background goroutine that periodically cleans up expired bootstrap sessions. This helps prevent database accumulation.
func UnregisterSession ¶
func UnregisterSession(sessionID string)
UnregisterSession removes a bootstrap session from the active sessions registry. This should be called when a session completes successfully or is manually cancelled.
Types ¶
type BootstrapSession ¶
type BootstrapSession struct {
ID string // Unique session identifier
PendingAccount model.Account // Account data to be created (not yet in DB)
TempKeyPair *TemporaryKeyPair // Temporary SSH key for initial access
SelectedKeys []string // Comments of keys to assign to the account
Status SessionStatus // Current state of the bootstrap process
CreatedAt time.Time // When the session was created
ExpiresAt time.Time // When the session expires and should be cleaned up
}
BootstrapSession represents an ongoing bootstrap operation for a new host. Sessions are persisted to the database to enable recovery from crashes or interruptions.
func NewBootstrapSession ¶
func NewBootstrapSession(username, hostname, label, tags string) (*BootstrapSession, error)
NewBootstrapSession creates a new bootstrap session with a temporary key pair. The session is assigned a unique ID and configured with reasonable defaults.
func (*BootstrapSession) Cleanup ¶
func (s *BootstrapSession) Cleanup()
Cleanup securely wipes sensitive data from memory. This should be called when the session is no longer needed.
func (*BootstrapSession) Delete ¶
func (s *BootstrapSession) Delete() error
Delete removes the bootstrap session from the database.
func (*BootstrapSession) GetBootstrapCommand ¶
func (s *BootstrapSession) GetBootstrapCommand() string
GetBootstrapCommand returns the shell command that should be pasted on the target host to install the temporary SSH key. This command creates the .ssh directory if needed, adds the temporary key, and sets proper permissions.
func (*BootstrapSession) IsExpired ¶
func (s *BootstrapSession) IsExpired() bool
IsExpired returns true if the session has exceeded its timeout duration.
func (*BootstrapSession) Save ¶
func (s *BootstrapSession) Save() error
Save persists the bootstrap session to the database.
func (*BootstrapSession) UpdateStatus ¶
func (s *BootstrapSession) UpdateStatus(status SessionStatus) error
UpdateStatus changes the session status in the database.
type SessionStatus ¶
type SessionStatus string
SessionStatus represents the current state of a bootstrap session.
const ( // StatusActive indicates the session is actively being used for bootstrap. StatusActive SessionStatus = "active" // StatusCommitting indicates the session is in the final deployment phase. StatusCommitting SessionStatus = "committing" // StatusCompleted indicates the bootstrap was successful and session can be cleaned up. StatusCompleted SessionStatus = "completed" // StatusFailed indicates the bootstrap failed and session should be cleaned up. StatusFailed SessionStatus = "failed" // StatusOrphaned indicates the session was abandoned (e.g., due to program crash). StatusOrphaned SessionStatus = "orphaned" )
type TemporaryKeyPair ¶
type TemporaryKeyPair struct {
// contains filtered or unexported fields
}
TemporaryKeyPair holds a temporary SSH key pair used during bootstrap. The private key is kept in memory only and should be securely wiped after use.
func (*TemporaryKeyPair) Cleanup ¶
func (t *TemporaryKeyPair) Cleanup()
Cleanup securely overwrites the private key in memory.
func (*TemporaryKeyPair) GetPrivateKeyPEM ¶
func (t *TemporaryKeyPair) GetPrivateKeyPEM() []byte
GetPrivateKeyPEM returns the PEM-encoded private key for SSH authentication. This should only be used for establishing the initial connection.
func (*TemporaryKeyPair) GetPublicKey ¶
func (t *TemporaryKeyPair) GetPublicKey() string
GetPublicKey returns the public key in authorized_keys format.
Source Files