Add undeploy command: full inverse of deploy
Implements `mcp undeploy <service>` which tears down all infrastructure for a service: removes mc-proxy routes, DNS records, TLS certificates, stops and removes containers, releases allocated ports, and marks the service inactive. This fills the gap between `stop` (temporary pause) and `purge` (registry cleanup). Undeploy is the complete teardown that returns the node to the state before the service was deployed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -176,6 +176,25 @@ func (p *CertProvisioner) issueCert(ctx context.Context, serviceName, commonName
|
||||
return nil
|
||||
}
|
||||
|
||||
// RemoveCert removes TLS certificate and key files for a service.
|
||||
func (p *CertProvisioner) RemoveCert(serviceName string) error {
|
||||
if p == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
certPath := filepath.Join(p.certDir, serviceName+".pem")
|
||||
keyPath := filepath.Join(p.certDir, serviceName+".key")
|
||||
|
||||
for _, path := range []string{certPath, keyPath} {
|
||||
if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
|
||||
return fmt.Errorf("remove %s: %w", path, err)
|
||||
}
|
||||
}
|
||||
|
||||
p.logger.Info("cert removed", "service", serviceName)
|
||||
return nil
|
||||
}
|
||||
|
||||
// certTimeRemaining returns the time until the leaf certificate at
|
||||
// path expires. Returns (0, false) if the cert cannot be read or parsed.
|
||||
func certTimeRemaining(path string) (time.Duration, bool) {
|
||||
|
||||
100
internal/agent/undeploy.go
Normal file
100
internal/agent/undeploy.go
Normal file
@@ -0,0 +1,100 @@
|
||||
package agent
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
mcpv1 "git.wntrmute.dev/mc/mcp/gen/mcp/v1"
|
||||
"git.wntrmute.dev/mc/mcp/internal/registry"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
// UndeployService fully tears down a service: removes routes, DNS records,
|
||||
// TLS certificates, stops and removes containers, releases ports, and marks
|
||||
// the service inactive. This is the inverse of Deploy.
|
||||
func (a *Agent) UndeployService(ctx context.Context, req *mcpv1.UndeployServiceRequest) (*mcpv1.UndeployServiceResponse, error) {
|
||||
a.Logger.Info("UndeployService", "service", req.GetName())
|
||||
|
||||
if req.GetName() == "" {
|
||||
return nil, status.Error(codes.InvalidArgument, "service name is required")
|
||||
}
|
||||
|
||||
serviceName := req.GetName()
|
||||
|
||||
components, err := registry.ListComponents(a.DB, serviceName)
|
||||
if err != nil {
|
||||
return nil, status.Errorf(codes.Internal, "list components: %v", err)
|
||||
}
|
||||
|
||||
var results []*mcpv1.ComponentResult
|
||||
dnsRemoved := false
|
||||
|
||||
for _, c := range components {
|
||||
r := a.undeployComponent(ctx, serviceName, &c, &dnsRemoved)
|
||||
results = append(results, r)
|
||||
}
|
||||
|
||||
// Mark the service as inactive.
|
||||
if err := registry.UpdateServiceActive(a.DB, serviceName, false); err != nil {
|
||||
a.Logger.Warn("failed to mark service inactive", "service", serviceName, "err", err)
|
||||
}
|
||||
|
||||
return &mcpv1.UndeployServiceResponse{Results: results}, nil
|
||||
}
|
||||
|
||||
// undeployComponent tears down a single component. The dnsRemoved flag
|
||||
// tracks whether DNS has already been removed for this service (DNS is
|
||||
// per-service, not per-component).
|
||||
func (a *Agent) undeployComponent(ctx context.Context, serviceName string, c *registry.Component, dnsRemoved *bool) *mcpv1.ComponentResult {
|
||||
containerName := ContainerNameFor(serviceName, c.Name)
|
||||
r := &mcpv1.ComponentResult{Name: c.Name, Success: true}
|
||||
|
||||
// 1. Remove mc-proxy routes.
|
||||
if len(c.Routes) > 0 && a.Proxy != nil {
|
||||
if err := a.Proxy.RemoveRoutes(ctx, serviceName, c.Routes); err != nil {
|
||||
a.Logger.Warn("failed to remove routes", "service", serviceName, "component", c.Name, "err", err)
|
||||
}
|
||||
}
|
||||
|
||||
// 2. Remove DNS records (once per service).
|
||||
if len(c.Routes) > 0 && a.DNS != nil && !*dnsRemoved {
|
||||
if err := a.DNS.RemoveRecord(ctx, serviceName); err != nil {
|
||||
a.Logger.Warn("failed to remove DNS record", "service", serviceName, "err", err)
|
||||
}
|
||||
*dnsRemoved = true
|
||||
}
|
||||
|
||||
// 3. Remove TLS certs (L7 routes only).
|
||||
if hasL7Routes(c.Routes) && a.Certs != nil {
|
||||
if err := a.Certs.RemoveCert(serviceName); err != nil {
|
||||
a.Logger.Warn("failed to remove TLS cert", "service", serviceName, "err", err)
|
||||
}
|
||||
}
|
||||
|
||||
// 4. Stop and remove the container.
|
||||
if err := a.Runtime.Stop(ctx, containerName); err != nil {
|
||||
a.Logger.Info("stop container (ignored)", "container", containerName, "error", err)
|
||||
}
|
||||
if err := a.Runtime.Remove(ctx, containerName); err != nil {
|
||||
a.Logger.Info("remove container (ignored)", "container", containerName, "error", err)
|
||||
}
|
||||
|
||||
// 5. Release allocated ports.
|
||||
if a.PortAlloc != nil {
|
||||
hostPorts, err := registry.GetRouteHostPorts(a.DB, serviceName, c.Name)
|
||||
if err == nil {
|
||||
for _, port := range hostPorts {
|
||||
a.PortAlloc.Release(port)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 6. Update registry state.
|
||||
if err := registry.UpdateComponentState(a.DB, serviceName, c.Name, "removed", "removed"); err != nil {
|
||||
r.Success = false
|
||||
r.Error = fmt.Sprintf("update state: %v", err)
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
Reference in New Issue
Block a user