diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-12-08 21:11:19 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-12-08 21:11:19 +0100 |
commit | 57cc6098cf6315b0c2fee544c94d43d2a47bbfa4 (patch) | |
tree | 3f8031db65b81c69a2c619c66d1fdcf546542c8d | |
parent | vault readme is outdated (diff) |
further improve script helpers
-rwxr-xr-x | apply-role.sh | 9 | ||||
-rw-r--r-- | common/utils.sh | 93 | ||||
-rw-r--r-- | environment.sh | 68 | ||||
-rwxr-xr-x | upgrade.sh | 9 | ||||
-rwxr-xr-x | vm-install.sh | 9 |
5 files changed, 105 insertions, 83 deletions
diff --git a/apply-role.sh b/apply-role.sh index 5af348d4..708a8357 100755 --- a/apply-role.sh +++ b/apply-role.sh @@ -9,11 +9,10 @@ shift role="$1" shift -source "${BASH_SOURCE%/*}/common/utils.sh" -get_ansible_variable env_group "$hosts" -if [ $? -ne 0 ]; then - exit 1 -fi +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$hosts" || exit 1 +vault_environment__set "$env_group" || exit 1 echo "######## applying the role '$role' to host(s) '$hosts' in environment '$env_group' ########" exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ "$env_group/generic.yaml" diff --git a/common/utils.sh b/common/utils.sh index 119305de..3e31c568 100644 --- a/common/utils.sh +++ b/common/utils.sh @@ -1,21 +1,108 @@ -## this contains several helper functions +## this file contains several helper functions, please source it to make use of them -get_ansible_variable() { +print_error() { + echo -e "\033[1;31mERROR:\033[1;0m $1" +} + +print_success() { + echo -e "\033[1;32mSuccess:\033[1;0m $1" +} + +print_info() { + echo -e "\033[1;37mInfo:\033[1;0m $1" +} + +########################### +## varibales from ansible hosts + +ansible_variable__get() { local _var_name="$1" local _hosts="$2" local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -m debug -a "var=$_var_name" | \ jq -r ".plays[].tasks[].hosts[].$_var_name" | sort | uniq) if [ $? -ne 0 ] || [ -z "$_result" ]; then + print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'" return 1 fi local _num_results=$(echo "$_result" | wc -l) if [ $_num_results -ne 1 ]; then - echo "ERROR: the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" + print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" return 2 fi eval "$_var_name"='$(echo "$_result")' return 0 } + + +########################### +## vault environment handling + +vault_environment__get() { + echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' +} + +vault_environment__set() { + unset ANSIBLE_VAULT_IDENTITY_LIST + for e in "$@"; do + vault_environment__activate $e || return 1 + done +} + +vault_environment__activate() { + if [ -z "$1" ]; then + print_error "please specify an environment" + return 2 + fi + + if [ ! -f "gpg/get-vault-pass-$1" ]; then + print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" + return 1 + fi + + for e in $(vault_environment__get); do + if [ "$1" = "$e" ]; then + print_info "environment '$1' is already active" + return 0 # environment is already activated + fi + done + + if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then + export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" + else + export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" + fi + print_success "environment '$1' is now active" + return 0 +} + +vault_environment__deactivate() { + local new_list + + if [ -z "$1" ]; then + print_error "please specify an environment" + return 2 + fi + + new_list="" + for e in $(vault_environment__get); do + if [ "$1" != "$e" ]; then + if [ -z "$new_list" ]; then + new_list="$e@gpg/get-vault-pass-$e" + else + new_list="$new_list,$e@gpg/get-vault-pass-$e" + fi + fi + done + + if [ -z "$new_list" ]; then + unset ANSIBLE_VAULT_IDENTITY_LIST + else + export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" + fi + + print_success "environment '$1' is now deactivated" + return 0 +} diff --git a/environment.sh b/environment.sh index 38a38340..7d99979a 100644 --- a/environment.sh +++ b/environment.sh @@ -1,71 +1,9 @@ ## -## must be sourced in your interactive shell or by scripts before using vault files +## must be sourced in your interactive shell session before using vault files +## scripts should source common/utils and call the functions directly ## -print_error() { - echo "\033[1;31mERROR:\033[1;0m $1" -} - -vault_environment__get() { - echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' -} - -vault_environment__set() { - unset ANSIBLE_VAULT_IDENTITY_LIST - for e in "$@"; do - vault_environment__activate $e - done -} - -vault_environment__activate() { - if [ -z "$1" ]; then - print_error "please specify an environment" - return - fi - - if [ ! -f "gpg/get-vault-pass-$1" ]; then - print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" - return - fi - - for e in $(vault_environment__get); do - if [ "$1" = "$e" ]; then - return - fi - done - - if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then - export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" - else - export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" - fi -} - -vault_environment__deactivate() { - local new_list - - if [ -z "$1" ]; then - print_error "please specify an environment" - return - fi - - new_list="" - for e in $(vault_environment__get); do - if [ "$1" != "$e" ]; then - if [ -z "$new_list" ]; then - new_list="$e@gpg/get-vault-pass-$e" - else - new_list="$new_list,$e@gpg/get-vault-pass-$e" - fi - fi - done - - if [ -z "$new_list" ]; then - unset ANSIBLE_VAULT_IDENTITY_LIST - else - export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" - fi -} +source common/utils.sh op="$1" if [ -n "$op" ]; then @@ -7,11 +7,10 @@ fi hosts="$1" shift -source "${BASH_SOURCE%/*}/common/utils.sh" -get_ansible_variable env_group "$hosts" -if [ $? -ne 0 ]; then - exit 1 -fi +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$hosts" || exit 1 +vault_environment__set "$env_group" || exit 1 echo "######## upgrading host(s) '$hosts' in environment '$env_group' ########" exec ansible-playbook -e "myhosts=$hosts" -e "myrole=upgrade" $@ "$env_group/generic.yaml" diff --git a/vm-install.sh b/vm-install.sh index 8d2bc665..933992cb 100755 --- a/vm-install.sh +++ b/vm-install.sh @@ -11,11 +11,10 @@ shift codename=$1 shift -source "${BASH_SOURCE%/*}/common/utils.sh" -get_ansible_variable env_group "$name" -if [ $? -ne 0 ]; then - exit 1 -fi +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$name" || exit 1 +vault_environment__set "$env_group" || exit 1 echo "installing vm: $name with $distro/$codename in environment '$env_group'" echo "" |