coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b5dc7604fd54358957ea6b244f36e6911dac012
the-custodian/Makefile
tegwick 7e1cfa005b SAND-WP-0004: delegate make e2e to validate run 
Replace e2e_framework monolith with wise-validator + sand-boxer shim.
Makefile invokes validate run; legacy python -m e2e_framework delegates
via shim.py with deprecation notice. Add verify-e2e-shim.sh.
2026-06-23 21:43:53 +02:00

196 lines
8.2 KiB
Makefile
Raw Blame History

# the-custodian top-level Makefile
#
# Custodian agent SSH identity
# ----------------------------
# make custodian-keygen — generate ~/.ssh/id_custodian_agent (one-time)
# and write the public key into railiance-infra
# ansible/inventory/group_vars/all.yaml
# make custodian-key-show — print the current public key (for manual ops)
#
# After keygen, run in railiance-infra:
# make provision-custodian-agent (deploys the key to all managed hosts)
#
# The private key is NEVER committed. The public key is committed via railiance-infra.
CUSTODIAN_KEY := $(HOME)/.ssh/id_custodian_agent
RAILIANCE_INFRA := $(HOME)/railiance-infra
AGENT_VARS_FILE := $(RAILIANCE_INFRA)/ansible/inventory/group_vars/all.yaml
.PHONY: ops-inventory-view
ops-inventory-view: ## Render the ops-hub service catalog now view
python3 ops/render_service_inventory.py
.PHONY: custodian-keygen
custodian-keygen: ## Generate custodian agent SSH keypair (one-time setup)
@if [ -f "$(CUSTODIAN_KEY)" ]; then \
echo "Key already exists at $(CUSTODIAN_KEY). Remove it first to regenerate."; \
exit 1; \
fi
ssh-keygen -t ed25519 -f "$(CUSTODIAN_KEY)" -C "custodian-agent" -N ""
@echo ""
@echo "Public key:"
@cat "$(CUSTODIAN_KEY).pub"
@echo ""
@PUBKEY=$$(cat "$(CUSTODIAN_KEY).pub") && \
python3 -c "\
import sys, re; \
content = open('$(AGENT_VARS_FILE)').read(); \
updated = re.sub(r'custodian_agent_pubkey:.*', 'custodian_agent_pubkey: \"' + sys.argv[1] + '\"', content); \
open('$(AGENT_VARS_FILE)', 'w').write(updated); \
print('Public key written to $(AGENT_VARS_FILE)')" "$$PUBKEY"
@echo ""
@echo "Next steps:"
@echo " 1. cd $(RAILIANCE_INFRA) && git add ansible/inventory/group_vars/all.yaml && git commit -m 'feat: add custodian agent public key'"
@echo " 2. cd $(RAILIANCE_INFRA) && make provision-custodian-agent"
.PHONY: custodian-key-show
custodian-key-show: ## Print the custodian agent public key
@test -f "$(CUSTODIAN_KEY).pub" || (echo "No key found at $(CUSTODIAN_KEY). Run: make custodian-keygen"; exit 1)
@cat "$(CUSTODIAN_KEY).pub"
## Deploy the custodian agent key directly via SSH (no Ansible required).
## Use when ansible is unavailable. Requires an existing admin key with SSH access.
## Usage: make custodian-key-deploy ADMIN_KEY=~/.ssh/id_ops
## make custodian-key-deploy ADMIN_KEY=~/.ssh/id_ops HOST=192.168.1.50 SSHUSER=admin
.PHONY: custodian-key-deploy
custodian-key-deploy:
@test -n "$(ADMIN_KEY)" || (echo "ERROR: ADMIN_KEY is required. Usage: make custodian-key-deploy ADMIN_KEY=~/.ssh/id_ops"; exit 1)
@test -f "$(CUSTODIAN_KEY).pub" || (echo "ERROR: No custodian key found. Run: make custodian-keygen"; exit 1)
$(eval PUBKEY := $(shell cat $(CUSTODIAN_KEY).pub))
@echo "Deploying custodian agent key to $(RAILIANCE_USER)@$(RAILIANCE_HOST)..."
@ssh -i "$(ADMIN_KEY)" -o StrictHostKeyChecking=no \
$(RAILIANCE_USER)@$(RAILIANCE_HOST) \
"mkdir -p ~/.ssh && chmod 700 ~/.ssh && \
echo '$(PUBKEY)' | grep -qF - ~/.ssh/authorized_keys 2>/dev/null || \
echo '$(PUBKEY)' >> ~/.ssh/authorized_keys && \
chmod 600 ~/.ssh/authorized_keys && \
echo 'Key deployed. Verifying...' && \
grep -c 'custodian-agent' ~/.ssh/authorized_keys | xargs -I{} echo '{} custodian-agent key(s) in authorized_keys'"
@echo "Done. Test with: make e2e-cron-list"
## Run e2e tests for a repo (wise-validator + sand-boxer)
## Usage: make e2e REPO=activity-core
## Prerequisites: validate and sandboxer on PATH
## cd ~/wise-validator && make install
## cd ~/sand-boxer && make install
## Host (one required): HOST=, SANDBOXER_HOST, or RAILIANCE01_HOST
## CoulombCore: export SANDBOXER_COMPOSE_CMD=podman-compose
##
## Options:
## REPO=<slug> repository name under ~/ (required)
## HOST=<host> sandbox host override
## USER= SSH user → SANDBOXER_SSH_USER
## KEY= SSH key → SANDBOXER_SSH_KEY (default: custodian key if present)
## KEEP=1 keep sandbox after run
## WORKSTREAM_ID= State Hub workstream for progress event
## NO_REPORT=1 skip State Hub reporting
REPO_PATH := $(HOME)/$(REPO)
SANDBOXER_HOST_VAL := $(if $(HOST),$(HOST),$(if $(SANDBOXER_HOST),$(SANDBOXER_HOST),$(RAILIANCE01_HOST)))
ifdef KEEP
E2E_KEEP_FLAG := --keep
else
E2E_KEEP_FLAG :=
endif
ifdef WORKSTREAM_ID
E2E_WS_FLAG := --workstream-id $(WORKSTREAM_ID)
else
E2E_WS_FLAG :=
endif
ifdef NO_REPORT
E2E_NO_REPORT_FLAG := --no-report
else
E2E_NO_REPORT_FLAG :=
endif
ifdef KEY
E2E_SSH_KEY_VAL := $(KEY)
else ifneq ($(wildcard $(CUSTODIAN_KEY)),)
E2E_SSH_KEY_VAL := $(CUSTODIAN_KEY)
else
E2E_SSH_KEY_VAL :=
endif
## Install e2e cron job on railiance01 for a repo.
## Usage: make e2e-cron-install REPO=activity-core
## Requires: RAILIANCE01_HOST / RAILIANCE01_USER set, or pass HOST= SSHUSER=
## The cron runs e2e/run-on-host.sh weekly (Sunday 03:13) on railiance01.
## Idempotent: safe to re-run (replaces existing entry for the same repo).
RAILIANCE_HOST := $(or $(HOST),$(RAILIANCE01_HOST),92.205.62.239)
RAILIANCE_USER := $(or $(SSHUSER),$(RAILIANCE01_USER),tegwick)
# Default SSH key: custodian agent identity (generated via make custodian-keygen)
# Override with KEY=~/.ssh/other_key if needed
RAILIANCE_KEY := $(or $(KEY),$(CUSTODIAN_KEY))
RAILIANCE_SSH := ssh -i "$(RAILIANCE_KEY)" -o StrictHostKeyChecking=no $(RAILIANCE_USER)@$(RAILIANCE_HOST)
.PHONY: e2e-cron-install
e2e-cron-install:
@test -n "$(REPO)" || (echo "ERROR: REPO is required."; exit 1)
$(eval REPO_PATH := $(HOME)/$(REPO))
$(eval REMOTE_REPO := /home/$(RAILIANCE_USER)/$(REPO))
$(eval CRON_CMD := $(REMOTE_REPO)/e2e/run-on-host.sh >> /var/log/$(REPO)-e2e.log 2>&1)
$(eval CRON_LINE := 13 3 * * 0 $(CRON_CMD))
@test -d "$(REPO_PATH)" || (echo "ERROR: local repo not found: $(REPO_PATH)"; exit 1)
@test -f "$(REPO_PATH)/e2e/run-on-host.sh" || (echo "ERROR: no e2e/run-on-host.sh in $(REPO_PATH)"; exit 1)
@echo "--- syncing $(REPO) to $(RAILIANCE_USER)@$(RAILIANCE_HOST):$(REMOTE_REPO)"
@rsync -az --delete \
--exclude=.git --exclude=__pycache__ --exclude='*.pyc' \
--exclude=.venv --exclude=node_modules \
-e "ssh -i $(RAILIANCE_KEY) -o StrictHostKeyChecking=no" \
"$(REPO_PATH)/" \
"$(RAILIANCE_USER)@$(RAILIANCE_HOST):$(REMOTE_REPO)/"
@echo "--- installing cron on $(RAILIANCE_USER)@$(RAILIANCE_HOST) for $(REPO)"
@$(RAILIANCE_SSH) "chmod +x $(REMOTE_REPO)/e2e/run-on-host.sh && \
( crontab -l 2>/dev/null | grep -v '$(REPO)-e2e' ; echo '$(CRON_LINE)' ) | crontab - && \
echo 'Cron installed:' && crontab -l | grep '$(REPO)-e2e'"
## Remove e2e cron job from railiance01 for a repo.
## Usage: make e2e-cron-remove REPO=activity-core
.PHONY: e2e-cron-remove
e2e-cron-remove:
@test -n "$(REPO)" || (echo "ERROR: REPO is required."; exit 1)
@$(RAILIANCE_SSH) "( crontab -l 2>/dev/null | grep -v '$(REPO)-e2e' ) | crontab - && echo 'Cron entry removed'"
## List e2e cron jobs on railiance01.
.PHONY: e2e-cron-list
e2e-cron-list:
@$(RAILIANCE_SSH) "crontab -l 2>/dev/null | grep 'e2e' || echo '(no e2e cron entries)'"
.PHONY: e2e
e2e:
@test -n "$(REPO)" || (echo "ERROR: REPO is required. Usage: make e2e REPO=activity-core"; exit 1)
@test -d "$(REPO_PATH)" || (echo "ERROR: repo path does not exist: $(REPO_PATH)"; exit 1)
@test -f "$(REPO_PATH)/e2e/e2e.yml" || (echo "ERROR: no e2e/e2e.yml in $(REPO_PATH)"; exit 1)
@command -v validate >/dev/null 2>&1 || (echo "ERROR: validate not on PATH. Install: cd ~/wise-validator && make install"; exit 1)
@command -v sandboxer >/dev/null 2>&1 || (echo "ERROR: sandboxer not on PATH. Install: cd ~/sand-boxer && make install"; exit 1)
@test -n "$(SANDBOXER_HOST_VAL)" || (echo "ERROR: set HOST, SANDBOXER_HOST, or RAILIANCE01_HOST"; exit 1)
SANDBOXER_HOST="$(SANDBOXER_HOST_VAL)" \
$(if $(USER),SANDBOXER_SSH_USER="$(USER)",) \
$(if $(E2E_SSH_KEY_VAL),SANDBOXER_SSH_KEY="$(E2E_SSH_KEY_VAL)",) \
validate run "$(REPO_PATH)" \
--host "$(SANDBOXER_HOST_VAL)" \
$(E2E_KEEP_FLAG) \
$(E2E_WS_FLAG) \
$(E2E_NO_REPORT_FLAG)
# Agent Management Targets
agents-list:
@echo "Installed agents:"
@ls agents/ 2>/dev/null | grep agent- | sed 's/agent-//g' | sed 's/.md//g' \
|| echo "No agents installed"
agents-update:
@echo "Updating agents..."
@kaizen-agentic update
agents-validate:
@echo "Validating agents..."
@kaizen-agentic validate agents/
Reference in New Issue View Git Blame Copy Permalink