check with version

refactoring clj-cljs image install.sh
refactoring image install.sh checksum function graalvm kubeconform
5 changed files with 96 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -110,4 +110,5 @@ venv.bak/
 .clj-kondo/
 .lsp/
 .calva/
-.cpcache/
+.cpcache/
+infrastructure/backup/image/resources/backup-repository-state.edn
--- a/infrastructure/backup/doc/backup_dev_notes.md
+++ b/infrastructure/backup/doc/backup_dev_notes.md
@ -0,0 +1,44 @@
+## Init Statemachine
+
+### Inputs
+1. `restic-password: ""`
+2. `restic-password-to-rotate: ""`
+
+### Manual init the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+### Password Rotation
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. add new password to restic repository   
+    `restic key add ....`   
+    => Trigger ::   
+    field (1) credential current   
+    filed (2) credential new
+3. replace field (1) with (2) & clear (2)
+4. remove old key - ???  
+`restic remove ....`
+
+
+```mermaid
+stateDiagram-v2
+    [*] --> init
+    init --> backup_ready: trigger, restic-password !empty
+    backup_ready --> new_password_added: restic-password !empty && restic-password-to-rotate !empty 
+    new_password_added --> backup_ready: restic-password !empty && restic-password-to-rotate empty
+```
+
+### First Steps
+
+1. Cloud Testserver hochfahren
+2. Dort backup-restore deployment (leeres Secret mgl.?), neues Secret "rotation-credential-secret" als Daten
+3. mounten von angelegtem Secret in Pod backup-restore
+4. ba*bash*ka Skript in pod starten -> liest Secret ?leer
+5. Micha cons. 
--- a/infrastructure/backup/image/resources/restic_management.clj
+++ b/infrastructure/backup/image/resources/restic_management.clj
@ -0,0 +1,33 @@
+#! /usr/bin/env bb
+
+(ns restic-management
+  (:require
+   [clojure.spec.alpha :as s]
+   [clojure.java.io :as io]
+   [clojure.edn :as edn]))
+
+(s/def ::state string?)
+
+(s/def ::backup-repository-state
+  (s/keys :req-un [::state]))
+
+(def state {:state ""})
+
+(defn store-backup-repository-state [s]
+  (spit "backup-repository-state.edn" s))
+
+(defn read-backup-repository-state []
+   (try
+     (with-open [r (io/reader "backup-repository-state.edn")]
+       (edn/read (java.io.PushbackReader. r)))
+  
+     (catch java.io.IOException e
+       (printf "Couldn't open '%s': %s\n" "backup-repository-state.edn" (.getMessage e)))
+     (catch RuntimeException e
+       (printf "Error parsing edn file '%s': %s\n" "backup-repository-state.edn" (.getMessage e)))))
+
+(println (read-backup-repository-state))
+
+(println (:state (read-backup-repository-state)))
+
+(println (s/valid? ::backup-repository-state (read-backup-repository-state)))
--- a/infrastructure/clj-cljs/image/resources/install.sh
+++ b/infrastructure/clj-cljs/image/resources/install.sh
@ -6,7 +6,7 @@ function main() {
    upgradeSystem

    mkdir -p /usr/share/man/man1
-    apt-get -qqy install openjdk-17-jre-headless leiningen curl
+    apt-get -qqy install curl openjdk-17-jre-headless leiningen
    
    # shadow-cljs
    npm install -g npm
@ -15,14 +15,14 @@ function main() {
    # download kubeconform & graalvm
    kubeconform_version="0.6.4"

-    curl -SsLo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
+    curl -SsLo /tmp/kubeconform-linux-amd64.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
    curl -SsLo /tmp/CHECKSUMS https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/CHECKSUMS

    # checksum kubeconform
    checksum

    # install kubeconform
-    tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz --exclude=LICENSE
+    tar -C /usr/local/bin -xf /tmp/kubeconform-linux-amd64.tar.gz --exclude=LICENSE

    #install pyb
    apt-get -qqy install python3 python3-pip git
@ -36,15 +36,9 @@ function main() {
 }

 function checksum() {
-    checksum_var=$(awk '{print $1}' /tmp/CHECKSUMS|sed -n '2p')
-    sha256sum_var=$(sha256sum /tmp/kubeconform.tar.gz|awk '{print $1}')
-    
-    if [ $checksum_var == $sha256sum_var ]; then
-        echo "Kubeconform checksum verification succesful" 
-    else
-        echo "Failure in kubeconform checksum verification"
-        exit 1
-    fi
+    awk '{print $1 "  /tmp/" $2}' /tmp/CHECKSUMS|sed -n '2p' > /tmp/kubeconform-checksum
+    cat /tmp/kubeconform-checksum
+    sha256sum -c --status /tmp/kubeconform-checksum
 }

 source /tmp/install_functions_debian.sh
--- a/infrastructure/clj/image/resources/install.sh
+++ b/infrastructure/clj/image/resources/install.sh
@ -12,7 +12,7 @@ function main() {
    kubeconform_version="0.6.4"
    graalvm_jdk_version="21.0.2"

-    curl -SsLo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
+    curl -SsLo /tmp/kubeconform-linux-amd64.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
    curl -SsLo /tmp/CHECKSUMS https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/CHECKSUMS
    curl -SsLo /tmp/graalvm-community-jdk.tar.gz https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-${graalvm_jdk_version}/graalvm-community-jdk-${graalvm_jdk_version}_linux-x64_bin.tar.gz
    curl -SsLo /tmp/graalvm-checksum https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-${graalvm_jdk_version}/graalvm-community-jdk-${graalvm_jdk_version}_linux-x64_bin.tar.gz.sha256
@ -21,7 +21,7 @@ function main() {
    checksum

    # install kubeconform
-    tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz --exclude=LICENSE
+    tar -C /usr/local/bin -xf /tmp/kubeconform-linux-amd64.tar.gz --exclude=LICENSE

    # install graalvm
    tar -C /usr/lib/jvm/ -xf /tmp/graalvm-community-jdk.tar.gz
@ -36,25 +36,21 @@ function main() {
    pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages 

    #check
-    native-image --help
-    lein --help
+    native-image --version
+    lein -v

    cleanupDocker
    } > /dev/null
 }

 function checksum() {
-    checksum_kubeconform=$(awk '{print $1}' /tmp/CHECKSUMS|sed -n '2p')
-    sha256sum_kubeconform=$(sha256sum /tmp/kubeconform.tar.gz|awk '{print $1}')
-    checksum_graalvm_jdk=$(awk '{print $1}' /tmp/graalvm-checksum)
-    sha256sum_graalvm_jdk=$(sha256sum /tmp/graalvm-community-jdk.tar.gz|awk '{print $1}')
-
-    if [ $checksum_kubeconform == $sha256sum_kubeconform -a $checksum_graalvm_jdk == $sha256sum_graalvm_jdk ]; then
-        echo "Kubeconform & graalvm_jdk checksum verification succesful" 
-    else
-        echo "Failure in kubeconform|graalvm_jdk checksum verification"
-        exit 1
-    fi
+    #kubeconform
+    awk '{print $1 "  /tmp/" $2}' /tmp/CHECKSUMS|sed -n '2p' > /tmp/kubeconform-checksum
+    sha256sum -c --status /tmp/kubeconform-checksum
+    
+    #graalvm
+    echo "  /tmp/graalvm-community-jdk.tar.gz"|tee -a /tmp/graalvm-checksum
+    sha256sum -c --status /tmp/graalvm-checksum
 }

 source /tmp/install_functions_debian.sh
Author	SHA1	Message	Date
Mirco	4fa849b72b	check with version	1 month ago
Mirco	48bbbe6f6e	refactoring clj-cljs image install.sh	1 month ago
Mirco	bf843edb80	refactoring image install.sh checksum function graalvm kubeconform	1 month ago
Mirco	5e8c21c521	dev-notes first steps	1 month ago
Mirco	3bc3a0cd7e	Statemachine credRot devnotes	1 month ago
Michael Jerger	56bc215f26	read / write state	1 month ago