feat: add support bundle and raw audit export
This commit is contained in:
Mikhail Chusavitin
@@ -8,6 +8,7 @@ echo "=== bee chroot setup ==="
|
||||
# Enable bee services
|
||||
systemctl enable bee-network.service
|
||||
systemctl enable bee-nvidia.service
|
||||
systemctl enable bee-preflight.service
|
||||
systemctl enable bee-audit.service
|
||||
systemctl enable bee-web.service
|
||||
systemctl enable bee-sshsetup.service
|
||||
@@ -26,8 +27,8 @@ chmod +x /usr/local/bin/bee 2>/dev/null || true
|
||||
# Reload udev rules
|
||||
udevadm control --reload-rules 2>/dev/null || true
|
||||
|
||||
# Create log directory
|
||||
mkdir -p /var/log
|
||||
# Create export directory
|
||||
mkdir -p /appdata/bee/export
|
||||
|
||||
if [ -f /etc/sudoers.d/bee ]; then
|
||||
chmod 0440 /etc/sudoers.d/bee
|
||||
|
||||
@@ -96,7 +96,7 @@ done
|
||||
|
||||
echo ""
|
||||
echo "-- systemd services --"
|
||||
for svc in bee-nvidia bee-network bee-audit bee-web; do
|
||||
for svc in bee-nvidia bee-network bee-preflight bee-audit bee-web; do
|
||||
if systemctl is-active --quiet "$svc" 2>/dev/null; then
|
||||
ok "service active: $svc"
|
||||
else
|
||||
@@ -104,6 +104,20 @@ for svc in bee-nvidia bee-network bee-audit bee-web; do
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "-- runtime health --"
|
||||
if [ -f /appdata/bee/export/runtime-health.json ] && [ -s /appdata/bee/export/runtime-health.json ]; then
|
||||
ok "runtime: runtime-health.json present and non-empty"
|
||||
else
|
||||
fail "runtime: runtime-health.json missing or empty"
|
||||
fi
|
||||
|
||||
if [ -f /appdata/bee/export/runtime-health.log ]; then
|
||||
info "last runtime log line: $(tail -1 /appdata/bee/export/runtime-health.log)"
|
||||
else
|
||||
warn "runtime: no log found at /appdata/bee/export/runtime-health.log"
|
||||
fi
|
||||
|
||||
for svc in ssh bee-sshsetup; do
|
||||
if systemctl is-active --quiet "$svc" 2>/dev/null \
|
||||
|| systemctl show "$svc" --property=ActiveState 2>/dev/null | grep -q "inactive\|exited"; then
|
||||
@@ -126,37 +140,37 @@ fi
|
||||
|
||||
echo ""
|
||||
echo "-- audit last run --"
|
||||
if [ -f /var/log/bee-audit.json ] && [ -s /var/log/bee-audit.json ]; then
|
||||
if [ -f /appdata/bee/export/bee-audit.json ] && [ -s /appdata/bee/export/bee-audit.json ]; then
|
||||
ok "audit: bee-audit.json present and non-empty"
|
||||
info "size: $(du -sh /var/log/bee-audit.json | cut -f1)"
|
||||
info "size: $(du -sh /appdata/bee/export/bee-audit.json | cut -f1)"
|
||||
else
|
||||
fail "audit: bee-audit.json missing or empty"
|
||||
fi
|
||||
|
||||
if [ -f /var/log/bee-audit.log ]; then
|
||||
last_line=$(tail -1 /var/log/bee-audit.log)
|
||||
if [ -f /appdata/bee/export/bee-audit.log ]; then
|
||||
last_line=$(tail -1 /appdata/bee/export/bee-audit.log)
|
||||
info "last log line: $last_line"
|
||||
if grep -q "audit output written" /var/log/bee-audit.log 2>/dev/null; then
|
||||
if grep -q "audit output written" /appdata/bee/export/bee-audit.log 2>/dev/null; then
|
||||
ok "audit: completed successfully"
|
||||
else
|
||||
warn "audit: 'audit output written' not found in log — may have failed"
|
||||
fi
|
||||
if grep -q "nvidia: enrichment skipped\|nvidia.*skipped\|enrichment skipped" /var/log/bee-audit.log 2>/dev/null; then
|
||||
reason=$(grep -E "nvidia.*skipped|enrichment skipped" /var/log/bee-audit.log | tail -1)
|
||||
if grep -q "nvidia: enrichment skipped\|nvidia.*skipped\|enrichment skipped" /appdata/bee/export/bee-audit.log 2>/dev/null; then
|
||||
reason=$(grep -E "nvidia.*skipped|enrichment skipped" /appdata/bee/export/bee-audit.log | tail -1)
|
||||
fail "audit: nvidia enrichment skipped — $reason"
|
||||
else
|
||||
ok "audit: nvidia enrichment OK (no skip message)"
|
||||
fi
|
||||
else
|
||||
warn "audit: no log found at /var/log/bee-audit.log"
|
||||
warn "audit: no log found at /appdata/bee/export/bee-audit.log"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "-- bee web --"
|
||||
if [ -f /var/log/bee-web.log ]; then
|
||||
info "last web log line: $(tail -1 /var/log/bee-web.log)"
|
||||
if [ -f /appdata/bee/export/bee-web.log ]; then
|
||||
info "last web log line: $(tail -1 /appdata/bee/export/bee-web.log)"
|
||||
else
|
||||
warn "web: no log found at /var/log/bee-web.log"
|
||||
warn "web: no log found at /appdata/bee/export/bee-web.log"
|
||||
fi
|
||||
|
||||
if bash -c 'exec 3<>/dev/tcp/127.0.0.1/80 && printf "GET /healthz HTTP/1.0\r\nHost: localhost\r\n\r\n" >&3 && grep -q "^ok$" <&3'; then
|
||||
|
||||
@@ -9,7 +9,8 @@
|
||||
Hardware Audit LiveCD
|
||||
Build: %%BUILD_INFO%%
|
||||
|
||||
Logs: /var/log/bee-audit.json /var/log/bee-network.log
|
||||
Export dir: /appdata/bee/export
|
||||
Self-check: /appdata/bee/export/runtime-health.json
|
||||
|
||||
Open TUI: bee-tui
|
||||
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
[Unit]
|
||||
Description=Bee: run hardware audit
|
||||
After=bee-network.service bee-nvidia.service
|
||||
After=bee-network.service bee-nvidia.service bee-preflight.service
|
||||
Before=bee-web.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/local/bin/bee audit --runtime livecd --output file:/var/log/bee-audit.json; rc=$?; if [ "$rc" -ne 0 ]; then echo "[bee-audit] WARN: audit exited with rc=$rc"; fi; exit 0'
|
||||
StandardOutput=append:/var/log/bee-audit.log
|
||||
StandardError=append:/var/log/bee-audit.log
|
||||
ExecStart=/bin/sh -c '/usr/local/bin/bee audit --runtime livecd --output file:/appdata/bee/export/bee-audit.json; rc=$?; if [ "$rc" -ne 0 ]; then echo "[bee-audit] WARN: audit exited with rc=$rc"; fi; exit 0'
|
||||
StandardOutput=append:/appdata/bee/export/bee-audit.log
|
||||
StandardError=append:/appdata/bee/export/bee-audit.log
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -6,8 +6,8 @@ Before=network-online.target bee-audit.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/bee-network.sh
|
||||
StandardOutput=append:/var/log/bee-network.log
|
||||
StandardError=append:/var/log/bee-network.log
|
||||
StandardOutput=append:/appdata/bee/export/bee-network.log
|
||||
StandardError=append:/appdata/bee/export/bee-network.log
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -6,8 +6,8 @@ Before=bee-audit.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/bee-nvidia-load
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
StandardOutput=append:/appdata/bee/export/bee-nvidia.log
|
||||
StandardError=append:/appdata/bee/export/bee-nvidia.log
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
||||
14
iso/overlay/etc/systemd/system/bee-preflight.service
Normal file
14
iso/overlay/etc/systemd/system/bee-preflight.service
Normal file
@@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=Bee: runtime preflight self-check
|
||||
After=bee-network.service bee-nvidia.service
|
||||
Before=bee-audit.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/local/bin/bee preflight --output file:/appdata/bee/export/runtime-health.json; rc=$?; if [ "$rc" -ne 0 ]; then echo "[bee-preflight] WARN: preflight exited with rc=$rc"; fi; exit 0'
|
||||
StandardOutput=append:/appdata/bee/export/runtime-health.log
|
||||
StandardError=append:/appdata/bee/export/runtime-health.log
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -6,6 +6,8 @@ Before=ssh.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/bee-sshsetup
|
||||
StandardOutput=append:/appdata/bee/export/bee-sshsetup.log
|
||||
StandardError=append:/appdata/bee/export/bee-sshsetup.log
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -5,11 +5,11 @@ Wants=bee-audit.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/local/bin/bee web --listen :80 --audit-path /var/log/bee-audit.json --title "Bee Hardware Audit"
|
||||
ExecStart=/usr/local/bin/bee web --listen :80 --audit-path /appdata/bee/export/bee-audit.json --export-dir /appdata/bee/export --title "Bee Hardware Audit"
|
||||
Restart=always
|
||||
RestartSec=2
|
||||
StandardOutput=append:/var/log/bee-web.log
|
||||
StandardError=append:/var/log/bee-web.log
|
||||
StandardOutput=append:/appdata/bee/export/bee-web.log
|
||||
StandardError=append:/appdata/bee/export/bee-web.log
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -20,10 +20,10 @@ fi
|
||||
|
||||
for iface in $interfaces; do
|
||||
log "bringing up $iface"
|
||||
ip link set "$iface" up 2>/dev/null || { log "WARN: could not bring up $iface"; continue; }
|
||||
ip link set "$iface" up || { log "WARN: could not bring up $iface"; continue; }
|
||||
|
||||
# DHCP in background — non-blocking, retries indefinitely
|
||||
dhclient -nw "$iface" 2>/dev/null &
|
||||
# DHCP in background — non-blocking, keep dhclient verbose output in the service log.
|
||||
dhclient -4 -v -nw "$iface" &
|
||||
log "DHCP started for $iface (pid $!)"
|
||||
done
|
||||
|
||||
|
||||
@@ -16,12 +16,15 @@ fi
|
||||
log "module dir: $NVIDIA_KO_DIR"
|
||||
ls "$NVIDIA_KO_DIR"/*.ko 2>/dev/null | sed 's/^/ /' || true
|
||||
|
||||
# Some kernels expose backlight helper symbols only after loading `video`.
|
||||
modprobe video >/dev/null 2>&1 && log "loaded helper module: video" || log "helper module unavailable: video"
|
||||
|
||||
# Load modules via insmod (direct load — no depmod needed)
|
||||
for mod in nvidia nvidia-modeset nvidia-uvm; do
|
||||
ko="$NVIDIA_KO_DIR/${mod}.ko"
|
||||
[ -f "$ko" ] || ko="$NVIDIA_KO_DIR/${mod//-/_}.ko"
|
||||
if [ -f "$ko" ]; then
|
||||
if insmod "$ko" 2>/dev/null; then
|
||||
if insmod "$ko"; then
|
||||
log "loaded: $mod"
|
||||
else
|
||||
log "WARN: failed to load: $mod"
|
||||
@@ -33,25 +36,25 @@ for mod in nvidia nvidia-modeset nvidia-uvm; do
|
||||
done
|
||||
|
||||
# Create /dev/nvidia* device nodes (udev rules absent since we use .run installer)
|
||||
nvidia_major=$(grep -m1 ' nvidiactl$' /proc/devices 2>/dev/null | awk '{print $1}')
|
||||
nvidia_major=$(grep -m1 ' nvidiactl$' /proc/devices | awk '{print $1}')
|
||||
if [ -n "$nvidia_major" ]; then
|
||||
mknod -m 666 /dev/nvidiactl c "$nvidia_major" 255 2>/dev/null \
|
||||
mknod -m 666 /dev/nvidiactl c "$nvidia_major" 255 \
|
||||
&& log "created /dev/nvidiactl (major $nvidia_major)" \
|
||||
|| log "WARN: /dev/nvidiactl already exists or mknod failed"
|
||||
for i in 0 1 2 3 4 5 6 7; do
|
||||
mknod -m 666 "/dev/nvidia$i" c "$nvidia_major" "$i" 2>/dev/null || true
|
||||
mknod -m 666 "/dev/nvidia$i" c "$nvidia_major" "$i" || true
|
||||
done
|
||||
log "created /dev/nvidia{0-7}"
|
||||
else
|
||||
log "WARN: nvidiactl not in /proc/devices — no GPU hardware present?"
|
||||
fi
|
||||
|
||||
uvm_major=$(grep -m1 ' nvidia-uvm$' /proc/devices 2>/dev/null | awk '{print $1}')
|
||||
uvm_major=$(grep -m1 ' nvidia-uvm$' /proc/devices | awk '{print $1}')
|
||||
if [ -n "$uvm_major" ]; then
|
||||
mknod -m 666 /dev/nvidia-uvm c "$uvm_major" 0 2>/dev/null \
|
||||
mknod -m 666 /dev/nvidia-uvm c "$uvm_major" 0 \
|
||||
&& log "created /dev/nvidia-uvm (major $uvm_major)" \
|
||||
|| log "WARN: /dev/nvidia-uvm already exists"
|
||||
mknod -m 666 /dev/nvidia-uvm-tools c "$uvm_major" 1 2>/dev/null || true
|
||||
mknod -m 666 /dev/nvidia-uvm-tools c "$uvm_major" 1 || true
|
||||
else
|
||||
log "WARN: nvidia-uvm not in /proc/devices"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user