diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2018-12-09 01:53:23 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2018-12-09 01:53:23 +0100 |
| commit | 755a54f2233e2aa9a27d3ab018879f7efbe8c501 (patch) | |
| tree | 5d61aaafac00352b99a52dc20e13ba3fd7a35f34 /common | |
| parent | fixed acmetool self-signed cert handling (diff) | |
| parent | vm installation works now again (diff) | |
Merge branch 'new-repo-structure'
Diffstat (limited to 'common')
| -rw-r--r-- | common/utils.sh | 108 | ||||
| -rw-r--r-- | common/vm-install.yml | 56 |
2 files changed, 164 insertions, 0 deletions
diff --git a/common/utils.sh b/common/utils.sh new file mode 100644 index 00000000..3e31c568 --- /dev/null +++ b/common/utils.sh @@ -0,0 +1,108 @@ +## this file contains several helper functions, please source it to make use of them + +print_error() { + echo -e "\033[1;31mERROR:\033[1;0m $1" +} + +print_success() { + echo -e "\033[1;32mSuccess:\033[1;0m $1" +} + +print_info() { + echo -e "\033[1;37mInfo:\033[1;0m $1" +} + +########################### +## varibales from ansible hosts + +ansible_variable__get() { + local _var_name="$1" + local _hosts="$2" + + local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -m debug -a "var=$_var_name" | \ + jq -r ".plays[].tasks[].hosts[].$_var_name" | sort | uniq) + if [ $? -ne 0 ] || [ -z "$_result" ]; then + print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'" + return 1 + fi + + local _num_results=$(echo "$_result" | wc -l) + if [ $_num_results -ne 1 ]; then + print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" + return 2 + fi + + eval "$_var_name"='$(echo "$_result")' + return 0 +} + + +########################### +## vault environment handling + +vault_environment__get() { + echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' +} + +vault_environment__set() { + unset ANSIBLE_VAULT_IDENTITY_LIST + for e in "$@"; do + vault_environment__activate $e || return 1 + done +} + +vault_environment__activate() { + if [ -z "$1" ]; then + print_error "please specify an environment" + return 2 + fi + + if [ ! -f "gpg/get-vault-pass-$1" ]; then + print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" + return 1 + fi + + for e in $(vault_environment__get); do + if [ "$1" = "$e" ]; then + print_info "environment '$1' is already active" + return 0 # environment is already activated + fi + done + + if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then + export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" + else + export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" + fi + print_success "environment '$1' is now active" + return 0 +} + +vault_environment__deactivate() { + local new_list + + if [ -z "$1" ]; then + print_error "please specify an environment" + return 2 + fi + + new_list="" + for e in $(vault_environment__get); do + if [ "$1" != "$e" ]; then + if [ -z "$new_list" ]; then + new_list="$e@gpg/get-vault-pass-$e" + else + new_list="$new_list,$e@gpg/get-vault-pass-$e" + fi + fi + done + + if [ -z "$new_list" ]; then + unset ANSIBLE_VAULT_IDENTITY_LIST + else + export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" + fi + + print_success "environment '$1' is now deactivated" + return 0 +} diff --git a/common/vm-install.yml b/common/vm-install.yml new file mode 100644 index 00000000..5cc2a1c3 --- /dev/null +++ b/common/vm-install.yml @@ -0,0 +1,56 @@ +--- +- name: preperations and sanity checks + hosts: "{{ hostname }}" + gather_facts: no + tasks: + - name: setup variables + set_fact: + network_cooked: "{{ network }}" + install_cooked: "{{ install }}" + - name: create temporary host group for vm host + add_host: + name: "{{ vm_host }}" + inventory_dir: "{{ inventory_dir }}" + group: _vmhost_ + # TODO: add some sanity checks + +- name: basic installation + hosts: _vmhost_ + roles: + - role: vm/install + +- name: wait for new vm to start up + hosts: "{{ hostname }}" + gather_facts: no + tasks: + ## TODO: find a better way to fetch host key of new VMs + - name: disable ssh StrictHostKeyChecking for the next step + set_fact: + ansible_ssh_extra_args: -o StrictHostKeyChecking=no + - name: wait for vm to start up + wait_for_connection: + delay: 5 + timeout: 120 + - name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" + +- name: Apply VM configuration roles + hosts: "{{ hostname }}" + pre_tasks: + - name: make sure to update cached facts + setup: + roles: + - role: vm/grub + - role: vm/network + - role: vm/guest + +- import_playbook: "../{{ hostenv }}/{{ hostname }}.yml" + +- name: reboot and wait for VM come back + hosts: "{{ hostname }}" + gather_facts: no + roles: + - role: reboot-and-wait + reboot_delay: 10 + reboot_timeout: 120 |