mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-19 07:54:10 +00:00
7141c8b1b5
Extends cleanup script to completely remove Pulse footprint from hosts
when nodes are removed, not just SSH keys. Now removes: SSH keys, proxy
service, binaries, API tokens, pulse-monitor user, and LXC bind mounts.
Key improvements:
1. **flock Serialization**: Prevents concurrent cleanup runs
- Acquires exclusive lock on cleanup.lock file
- Prevents race conditions and cleanup loops
2. **Immediate Request File Deletion**: Delete cleanup-request.json
before any long-running operations to prevent re-triggering
3. **API Token Cleanup**: Removes all pulse-monitor@pam API tokens
- Tries JSON output first (Proxmox 7.0+)
- Falls back to table parsing with proper filtering (no decoration chars)
- Deletes pulse-monitor@pam user after removing all tokens
4. **LXC Bind Mount Removal**: Scans all container configs and removes
pulse-sensor-proxy bind mount entries
5. **Process Isolation for Uninstaller**: Uses systemd-run to spawn
isolated transient unit that won't be killed when proxy service stops
- Unit name: pulse-uninstall-{timestamp}
- Properties: Type=oneshot, Conflicts=pulse-sensor-proxy.service
- Runs non-blocking so cleanup service can exit cleanly
- Falls back to direct call if systemd-run unavailable
6. **Complete Service/Binary Removal**: Calls installer's --uninstall
- Stops and disables pulse-sensor-proxy.service
- Removes all systemd units
- Deletes all binaries from /opt/pulse/sensor-proxy/
- Removes configuration files
- Cleans up directories
Changes to cleanup script logic:
- Added LOCKFILE and INSTALLER_PATH configuration
- Acquire flock before processing (prevents concurrent runs)
- Delete request file immediately after reading
- Full localhost cleanup: SSH keys → API tokens → bind mounts → uninstall
- Remote cleanup still SSH-key-only (can't orchestrate uninstall remotely)
- Better error handling with appropriate log levels
Updated cleanup service unit:
- ExecStart now uses ${CLEANUP_SCRIPT_PATH} variable (new /opt location)
- Changed heredoc from 'SERVICE_EOF' to SERVICE_EOF for variable expansion
Addresses all issues documented in CLEANUP_TODO.md:
- ✅ Read-only filesystem (binaries now in /opt, removable)
- ✅ Process isolation (systemd-run transient unit)
- ✅ Cleanup loops (flock + immediate file deletion)
- ✅ API token parsing (JSON first, filtered table fallback)
The UI message is now accurate: "Removing this proxmox ve node also
scrubs the Pulse footprint on the host — the proxy service, SSH key,
API token, and bind mount are all cleaned up automatically."
Part of: CLEANUP_TODO.md Phase 2-4
Supersedes:
|
||
|---|---|---|
| .. | ||
| dev | ||
| lib | ||
| systemd | ||
| tests | ||
| .go-version | ||
| backup-claude-md.sh | ||
| build-release.sh | ||
| bundle.manifest | ||
| bundle.sh | ||
| clean-mock-alerts.sh | ||
| cleanup.sh | ||
| codex-router.sh | ||
| create-sensor-user.sh | ||
| docker-build.sh | ||
| generate-release-notes.sh | ||
| harden-sensor-proxy.sh | ||
| hot-dev.sh | ||
| install-container-agent.sh | ||
| install-docker-agent-v2.sh | ||
| install-docker-agent.sh | ||
| install-docker.sh | ||
| install-go-toolchain.sh | ||
| install-host-agent.ps1 | ||
| install-host-agent.sh | ||
| install-sensor-proxy.sh | ||
| package-helm-chart.sh | ||
| pulse-auto-update.sh | ||
| pulse-proxy-rotate-keys.sh | ||
| pulse-sensor-cleanup.sh | ||
| pulse-sensor-proxy.service | ||
| run-tests-mock.sh | ||
| secure-sensor-files.sh | ||
| setup-log-forwarding.sh | ||
| sync-production-config.sh | ||
| test-vm-disk.sh | ||
| toggle-mock.sh | ||
| trigger-release.sh | ||
| uninstall-host-agent.ps1 | ||
| uninstall-host-agent.sh | ||
| validate-published-release.sh | ||
| validate-release.sh | ||