feat(Packaging): Build and release deb and rpm packages (#592)

* build deb and rpm packages. use test kitchen for testing locally * fix fedora version and remove suse for now * final os support * document how to install a package from url. Document how to run as root * newline * newline
observIQ · Mar 2, 2022 · 49d1d31 · 49d1d31
1 parent a5b004b
commit 49d1d31
Show file tree

Hide file tree

Showing 12 changed files with 355 additions and 6 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,4 +16,4 @@ gen/
 **/wix.dynamic.json
 stanza-plugins/
 **/plugins
-
+**/.kitchen
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,6 +1,6 @@
 builds:
   - id: stanza
-    binary: stanza_{{ .Os }}_{{ .Arch }}
+    binary: stanza
     main: ./cmd/stanza
     env:
       - CGO_ENABLED=0
@@ -19,7 +19,7 @@ builds:
     ldflags:
       - -X github.com/observiq/stanza/version.GitTag={{ .Tag }}
       - -X github.com/observiq/stanza/version.GitCommit={{ .FullCommit }}
-    no_unique_dist_dir: true
+    no_unique_dist_dir: false
     hooks:
       post: ./build/post.sh
 
@@ -29,6 +29,26 @@ archives:
     # skip archiving as tar.gz / zip
     format: binary
 
+nfpms:
+  - package_name: stanza
+    vendor: observIQ, Inc
+    maintainer: observIQ <[email protected]>
+    license: Apache 2.0
+    bindir: /usr/bin
+    formats:
+      - rpm
+      - deb
+    contents:
+      - src: artifacts/plugins
+        dst: /opt/observiq/stanza/plugins
+      - src: build/package/config.yaml
+        dst: /opt/observiq/stanza/config.yaml
+        file_info:
+          mode: 0640
+    scripts:
+      preinstall: './build/package/pre.sh'
+      postinstall: ./build/package/post.sh
+
 checksum:
   name_template: "{{ .ProjectName }}-v{{ .Version }}-SHA256SUMS"
   algorithm: sha256

diff --git a/.kitchen.yml b/.kitchen.yml
@@ -0,0 +1,41 @@
+provisioner:
+  name: shell
+  script:    'build/package/test/provision.sh'
+  root_path: '/home/vagrant/'
+
+verifier:
+  # cinc
+  name: inspec
+
+platforms:
+  # RHEL based
+  - name: centos-7
+  - name: rockylinux-8.5
+  - name: almalinux-8.5
+  - name: oracle-8.5
+  - name: fedora-30
+  - name: fedora-34
+  # Debian based
+  - name: debian-9
+  - name: debian-10
+  - name: debian-11
+  - name: ubuntu-16.04
+  - name: ubuntu-18.04
+  - name: ubuntu-20.04
+  - name: ubuntu-20.10
+
+driver:
+  name: vagrant
+  provider: virtualbox
+  synced_folders:
+    - ["./artifacts", "/home/vagrant/dist"]
+  customize:
+    memory: 1024
+  vagrantfiles:
+    - build/package/test/Vagrantfile
+
+suites:
+  - name: default
+    verifier:
+      inspec_tests:
+        - build/package/test/
diff --git a/README.md b/README.md
@@ -45,18 +45,62 @@ Utilize Plugins to get up and running quickly. Here's a quick list of Stanza's m
 
 ## Installation
 
-To install Stanza, we recommend using our single-line installer provided with each release. Stanza will automatically be running as a service upon completion. 
+### Linux Package Manager
+
+Linux packages are available for the following Linux Distributions:
+- RHEL 7 and 8
+- Alma, Rocky Linux 8
+- Oracle Linux 8
+- Fedora 30 and newer
+- Debian 9 and newer
+- Ubuntu LTS 16.04 and newer
+
+Once installed, Stanza will be running under a systemd server named `stanza` as the user `stanza`.
+
+#### RPM Install
+
+1. Copy the download link for the `rpm` package for your architecture from the [releases page](https://github.com/observIQ/stanza/releases).
+2. Install with `sudo yum install <paste link here>`
+3. Enable and start the service: `sudo systemctl enable --now stanza`
+
+#### DEB Install
+
+1. Copy the download link for the `deb` package for your architecture from the [releases page](https://github.com/observIQ/stanza/releases).
+2. Install with `sudo apt-get install <paste link here>`
+3. Enable and start the service: `sudo systemctl enable --now stanza`
+
+#### Changing the Runtime User
+
+Sometimes it may be nessisary to have Stanza run as `root`. This can be
+accomplished by creating a systemd override.
+
+Run `sudo systemctl edit stanza` and paste:
+```
+[Service]
+User=root
+Group=root
+```
+
+Restart Stanza: `sudo systemctl restart stanza`.
+
+### Linux / Macos Script
+
+- Single command install, requires the `curl` command
+- Stanza will automatically be running as a service
+- On Linux, Stanza will be running as the `root` user. On Macos, Stanza will be running as your current user.
 
-### Linux/macOS
 ```shell
 sh -c "$(curl -fsSlL https://github.com/observiq/stanza/releases/latest/download/unix-install.sh)" unix-install.sh
 ```
-### Windows
+
+### Windows Script
+
 ```pwsh
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; Invoke-Expression ((New-Object net.webclient).DownloadString('https://github.com/observiq/stanza/releases/latest/download/windows-install.ps1')); Log-Agent-Install
 ```
 
 ### Kubernetes
+
 To deploy Stanza to Kubernetes, AKS, EKS, GKE or Openshift check out the installation guides [here](/docs/examples/k8s).
 
 ## Configuration

diff --git a/build/package/config.yaml b/build/package/config.yaml
@@ -0,0 +1,35 @@
+pipeline:
+  # An example input that generates a single log entry when Stanza starts up.
+  - type: generate_input
+    count: 1
+    entry:
+      record: This is a sample log generated by Stanza
+    output: example_output
+
+  # An example input that monitors the contents of a file.
+  # For more info: https://github.com/observIQ/stanza/blob/master/docs/operators/file_input.md
+  #
+  # - type: file_input
+  #   include:
+  #     - /sample/file/path
+  #   output: example_output
+
+  # An example output that sends captured logs to stdout.
+  - id: example_output
+    type: stdout
+
+  # An example output that sends captured logs to google cloud logging.
+  # For more info: https://github.com/observIQ/stanza/blob/master/docs/operators/google_cloud_output.md
+  #
+  # - id: example_output
+  #   type: google_cloud_output
+  #   credentials_file: /my/credentials/file
+
+  # An example output that sends captured logs to elasticsearch.
+  # For more info: https://github.com/observIQ/stanza/blob/master/docs/operators/elastic_output.md
+  #
+  # - id: example_output
+  #   type: elastic_output
+  #   addresses:
+  #     - http://my_node_address:9200
+  #   api_key: my_api_key
diff --git a/build/package/post.sh b/build/package/post.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+set -e
+
+create_systemd_service() {
+    if [ -d "/usr/lib/systemd/system" ]; then
+      systemd_service_dir="/usr/lib/systemd/system"
+    elif [ -d "/lib/systemd/system" ]; then
+      systemd_service_dir="/lib/systemd/system"
+    elif [ -d "/etc/systemd/system" ]; then
+      systemd_service_dir="/etc/systemd/system"
+    else
+      echo "failed to detect systemd service file directory"
+      exit 1
+    fi
+
+    echo "detected service file directory: ${systemd_service_dir}"
+
+    systemd_service_file="${systemd_service_dir}/stanza.service"
+
+    cat <<EOF > ${systemd_service_file}
+[Unit]
+Description=Stanza Log Agent
+After=network.target
+StartLimitIntervalSec=120
+StartLimitBurst=5
+
+[Service]
+Type=simple
+User=stanza
+Group=stanza
+Environment=PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+WorkingDirectory=/opt/observiq/stanza
+ExecStart=/usr/bin/stanza --log_file stanza.log --database stanza.db
+SuccessExitStatus=143
+TimeoutSec=120
+StandardOutput=null
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    chmod 0644 "${systemd_service_file}"
+    chown root:root "${systemd_service_file}"
+
+    systemctl daemon-reload
+
+    echo "configured systemd service"
+}
+
+init_type() {
+  systemd_test="$(systemctl 2>/dev/null || : 2>&1)"
+  if command printf "$systemd_test" | grep -q '\-.mount'; then
+    command printf "systemd"
+    return
+  fi
+
+  command printf "unknown"
+  return
+}
+
+install_service() {
+  service_type="$(init_type)"
+  case "$service_type" in
+    systemd)
+      create_systemd_service
+      ;;
+    *)
+      echo "could not detect init system, skipping service configuration"
+  esac
+}
+
+finish_permissions() {
+    # Set owner:group to stanza:stanza on all files and directories
+    chown -R stanza:stanza /opt/observiq/stanza
+
+    # Goreleaser does not set plugin file permissions, so do them here
+    chmod 0644 /opt/observiq/stanza/plugins/*
+}
+
+
+finish_permissions
+install_service
diff --git a/build/package/pre.sh b/build/package/pre.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+username="stanza"
+
+if id "$username" &>/dev/null; then
+    # Skip all user config if already exists
+    echo "User ${username} already exists"
+    exit 0
+fi
+
+useradd --shell /sbin/nologin --create-home --system "$username"
diff --git a/build/package/test/Vagrantfile b/build/package/test/Vagrantfile
@@ -0,0 +1,4 @@
+# Base config merges with config generated by CINC test kitchen
+Vagrant.configure("2") do |config|
+    config.vbguest.auto_update = false
+end
diff --git a/build/package/test/inspec.rb b/build/package/test/inspec.rb
@@ -0,0 +1,49 @@
+[
+    '/opt/observiq/stanza',
+    '/opt/observiq/stanza/plugins',
+].each do |dir|
+    describe file(dir) do
+        its('mode') { should cmp '0755' }
+        its('owner') { should eq 'stanza' }
+        its('group') { should eq 'stanza' }
+        its('type') { should cmp 'directory' }
+    end
+end
+
+describe file('/opt/observiq/stanza/stanza.db') do
+    its('mode') { should cmp '0600' }
+    its('owner') { should eq 'stanza' }
+    its('group') { should eq 'stanza' }
+    its('type') { should cmp 'file' }
+end
+
+describe file('/opt/observiq/stanza/stanza.log') do
+    its('mode') { should cmp '0644' }
+    its('owner') { should eq 'stanza' }
+    its('group') { should eq 'stanza' }
+    its('type') { should cmp 'file' }
+end
+
+describe file('/opt/observiq/stanza/config.yaml') do
+    its('mode') { should cmp '0640' }
+    its('owner') { should eq 'stanza' }
+    its('group') { should eq 'stanza' }
+    its('type') { should cmp 'file' }
+end
+
+describe file('/usr/bin/stanza') do
+    its('mode') { should cmp '0755' }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('type') { should cmp 'file' }
+end
+
+# Stanza can install on Centos 6 but we do not support the
+# centos 6 init system.
+if !os[:release].start_with?('6')
+    describe systemd_service('stanza') do
+        it { should be_installed }
+        it { should be_enabled }
+        it { should be_running }
+    end
+end
diff --git a/build/package/test/provision.sh b/build/package/test/provision.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+
+rpm_install() {
+    sudo rpm -i './dist/stanza_*_linux_amd64.rpm'
+}
+
+deb_install() {
+    sudo apt-get install -y -f ./dist/stanza_*_linux_amd64.deb
+}
+
+start() {
+    # Stanza can install on Centos 6 but we do not support the
+    # centos 6 init system.
+    if command -v systemctl &> /dev/null; then
+        sudo systemctl enable stanza
+        sudo systemctl start stanza
+    fi
+}
+
+if command -v "dpkg" > /dev/null ; then
+    deb_install
+elif command -v "rpm" > /dev/null ; then
+    rpm_install
+else
+    echo "failed to detect plaform type"
+    exit 1
+fi
+start
diff --git a/build/post.sh b/build/post.sh
@@ -18,3 +18,5 @@ fi
 if [ ! -f ./artifacts/windows-install.ps1 ]; then
     cp ./scripts/windows-install.ps1 ./artifacts/windows-install.ps1
 fi
+
+tar -xf ./artifacts/stanza-plugins.tar.gz -C ./artifacts