feat: ops-agent Fastify service met SSE, whitelist en systemd-unit
- ops-agent/: Node.js Fastify+TypeScript service
- GET /agent/v1/health
- POST /agent/v1/exec → SSE stream (stdout/stderr/exit events)
- Whitelist geladen uit /etc/ops-agent/commands.yml bij opstart
- Auth via Bearer shared secret (/etc/ops-agent/secret, mode 0640)
- Vier standaard commando's: docker_ps, git_status, systemctl_status,
caddy_show_config
- deploy/ops-agent/ops-agent.service: systemd-unit (User=ops-agent,
Restart=on-failure, StandardOutput=journal)
- deploy/ops-agent/setup.sh: aanmaken system-user, build, deploy,
systemctl enable --now ops-agent
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scrum4Me Agent
parent
ad9cde6fb7
commit
4bccbf28f3
12 changed files with 1030 additions and 0 deletions
54
deploy/ops-agent/setup.sh
Normal file
54
deploy/ops-agent/setup.sh
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
#!/usr/bin/env bash
|
||||
# Deploy ops-agent to the host.
|
||||
# Run as root.
|
||||
set -euo pipefail
|
||||
|
||||
REPO_DIR="$(cd "$(dirname "$0")/../.." && pwd)"
|
||||
INSTALL_DIR=/opt/ops-agent
|
||||
CONFIG_DIR=/etc/ops-agent
|
||||
SERVICE_FILE=/etc/systemd/system/ops-agent.service
|
||||
|
||||
echo "==> Creating ops-agent system user"
|
||||
if ! id ops-agent &>/dev/null; then
|
||||
useradd --system --no-create-home --shell /usr/sbin/nologin ops-agent
|
||||
fi
|
||||
|
||||
echo "==> Installing service files to ${INSTALL_DIR}"
|
||||
mkdir -p "${INSTALL_DIR}"
|
||||
rsync -a --delete \
|
||||
--exclude=node_modules \
|
||||
--exclude=.git \
|
||||
"${REPO_DIR}/ops-agent/" "${INSTALL_DIR}/"
|
||||
|
||||
echo "==> Installing Node dependencies"
|
||||
cd "${INSTALL_DIR}"
|
||||
npm ci --omit=dev 2>/dev/null || npm install --omit=dev
|
||||
|
||||
echo "==> Building TypeScript"
|
||||
npx tsc
|
||||
|
||||
chown -R ops-agent:ops-agent "${INSTALL_DIR}"
|
||||
|
||||
echo "==> Installing config dir"
|
||||
mkdir -p "${CONFIG_DIR}"
|
||||
if [ ! -f "${CONFIG_DIR}/commands.yml" ]; then
|
||||
cp "${REPO_DIR}/ops-agent/commands.yml.example" "${CONFIG_DIR}/commands.yml"
|
||||
echo " Installed default commands.yml — review before use"
|
||||
fi
|
||||
|
||||
echo "==> Generating shared secret (if not present)"
|
||||
if [ ! -f "${CONFIG_DIR}/secret" ]; then
|
||||
openssl rand -hex 32 > "${CONFIG_DIR}/secret"
|
||||
fi
|
||||
chown root:ops-agent "${CONFIG_DIR}/secret"
|
||||
chmod 0640 "${CONFIG_DIR}/secret"
|
||||
|
||||
echo "==> Installing systemd unit"
|
||||
cp "${REPO_DIR}/deploy/ops-agent/ops-agent.service" "${SERVICE_FILE}"
|
||||
|
||||
echo "==> Enabling and starting ops-agent"
|
||||
systemctl daemon-reload
|
||||
systemctl enable --now ops-agent
|
||||
|
||||
echo "==> Done. Status:"
|
||||
systemctl status ops-agent --no-pager
|
||||
Loading…
Add table
Add a link
Reference in a new issue