From 17447210485bbe379beb9c7e9a3034e900110ed9 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 1 Dec 2018 23:14:05 +0100 Subject: moved to multi environment repo structure --- apply-role.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'apply-role.sh') diff --git a/apply-role.sh b/apply-role.sh index 3d39f345..a2b0ac4f 100755 --- a/apply-role.sh +++ b/apply-role.sh @@ -1,13 +1,15 @@ #!/bin/bash -if [ -z "$1" ] || [ -z "$2" ] ; then - echo "$0 " +if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then + echo "$0 " exit 1 fi +env="$1" +shift hosts="$1" shift role="$1" shift -echo "######## applying the role '$role' to host(s) '$hosts' ########" -exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ generic.yaml +echo "######## applying the role '$role' to host(s) '$hosts' in environment '$env' ########" +exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ "$env/generic.yaml" -- cgit v1.2.3 From ee42cc8340f26be2316120a1434c5289d5927da2 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 Dec 2018 16:53:43 +0100 Subject: improve handling of environment groups --- ansible.cfg | 1 + apply-role.sh | 16 ++++++++----- chaos-at-home/vm-install.yml | 2 ++ common/utils.sh | 21 +++++++++++++++++ common/vm-install.yml | 47 +++++++++++++++++++++++++++++++++++++++ dan/vm-install.yml | 2 ++ inventory/group_vars/all/main.yml | 2 +- inventory/hosts.ini | 10 ++++----- spreadspace/vm-install.yml | 2 ++ upgrade.sh | 16 ++++++++----- vm-install.sh | 11 ++++++--- vm-install.yml | 46 -------------------------------------- 12 files changed, 109 insertions(+), 67 deletions(-) create mode 100644 chaos-at-home/vm-install.yml create mode 100644 common/utils.sh create mode 100644 common/vm-install.yml create mode 100644 dan/vm-install.yml create mode 100644 spreadspace/vm-install.yml delete mode 100644 vm-install.yml (limited to 'apply-role.sh') diff --git a/ansible.cfg b/ansible.cfg index 8d436f20..4248b8ba 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -20,6 +20,7 @@ vault_id_match = True var_compression_level = 9 +bin_ansible_callbacks = True [ssh_connection] pipelining = True diff --git a/apply-role.sh b/apply-role.sh index a2b0ac4f..5af348d4 100755 --- a/apply-role.sh +++ b/apply-role.sh @@ -1,15 +1,19 @@ #!/bin/bash -if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then - echo "$0 " +if [ -z "$1" ] || [ -z "$2" ]; then + echo "$0 " exit 1 fi -env="$1" -shift hosts="$1" shift role="$1" shift -echo "######## applying the role '$role' to host(s) '$hosts' in environment '$env' ########" -exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ "$env/generic.yaml" +source "${BASH_SOURCE%/*}/common/utils.sh" +get_ansible_variable env_group "$hosts" +if [ $? -ne 0 ]; then + exit 1 +fi + +echo "######## applying the role '$role' to host(s) '$hosts' in environment '$env_group' ########" +exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ "$env_group/generic.yaml" diff --git a/chaos-at-home/vm-install.yml b/chaos-at-home/vm-install.yml new file mode 100644 index 00000000..b5d8bf2e --- /dev/null +++ b/chaos-at-home/vm-install.yml @@ -0,0 +1,2 @@ +--- +- import_playbook: ../common/vm-install.yml diff --git a/common/utils.sh b/common/utils.sh new file mode 100644 index 00000000..2749eda6 --- /dev/null +++ b/common/utils.sh @@ -0,0 +1,21 @@ +## this contains several helper functions + +get_ansible_variable() { + local _var_name="$1" + local _hosts="$2" + + local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -m debug -a "var=$_var_name" | \ + jq -r ".plays[].tasks[].hosts[].$_var_name" | sort | uniq) + if [ $? -ne 0 ] || [ -z "$_result" ]; then + return 1 + fi + + local _num_results=$(echo "$_result" | wc -l) + if [ $_num_results -ne 1 ]; then + echo "ERROR: hosts may only belong to one environment group but got: $(echo $_result | xargs | sed 's/ /, /g')" + return 1 + fi + + eval "$_var_name"='$(echo "$_result")' + return 0 +} diff --git a/common/vm-install.yml b/common/vm-install.yml new file mode 100644 index 00000000..a6faf827 --- /dev/null +++ b/common/vm-install.yml @@ -0,0 +1,47 @@ +--- +- name: preperations and sanity checks + hosts: "{{ vmname }}" + gather_facts: no + tasks: + - name: setup variables + set_fact: + vm_network_cooked: "{{ vm_network }}" + vm_install_cooked: "{{ vm_install }}" + - name: create temporary host group for vm host + add_host: + name: "{{ vm_install.host }}" + inventory_dir: "{{inventory_dir}}" + group: _vmhost_ + # TODO: add some sanity checks + +- name: basic installation + hosts: _vmhost_ + roles: + - role: vm/install + +- name: wait for new vm to start up + hosts: "{{ vmname }}" + gather_facts: no + tasks: + ## TODO: find a better way to fetch host key of new VMs + - name: disable ssh StrictHostKeyChecking for the next step + set_fact: + ansible_ssh_extra_args: -o StrictHostKeyChecking=no + - name: wait for vm to start up + wait_for_connection: + delay: 5 + timeout: 120 + - name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" + +### TODO: fix path to host_playbook +##- import_playbook: "host_playbooks/{{ vmname }}.yml" + +- name: reboot and wait for VM come back + hosts: "{{ vmname }}" + gather_facts: no + roles: + - role: reboot-and-wait + reboot_delay: 10 + reboot_timeout: 120 diff --git a/dan/vm-install.yml b/dan/vm-install.yml new file mode 100644 index 00000000..b5d8bf2e --- /dev/null +++ b/dan/vm-install.yml @@ -0,0 +1,2 @@ +--- +- import_playbook: ../common/vm-install.yml diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml index e30c383a..d23e3952 100644 --- a/inventory/group_vars/all/main.yml +++ b/inventory/group_vars/all/main.yml @@ -1,5 +1,5 @@ --- -sshserver_root_keys: "{{ ssh_keys.equinox[environment_group] | join('\n') }}" +sshserver_root_keys: "{{ ssh_keys.equinox[env_group] | join('\n') }}" equinox_user: name: equinox diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 37f8fc9b..5586ab3d 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -10,7 +10,7 @@ host_name={{ inventory_hostname }} [chaos-at-home:vars] host_domain=chaos-at-home.org -environment_group=chaos-at-home +env_group=chaos-at-home ansible_host={{ host_name }}.{{ host_domain }} ansible_user=root ansible_port=22000 @@ -26,7 +26,7 @@ keyserver [spreadspace:vars] host_domain=spreadspace.org -environment_group=spreadspace +env_group=spreadspace ansible_host={{ host_name }}.{{ host_domain }} ansible_user=root ansible_port=22000 @@ -43,7 +43,7 @@ emc-test [emc:vars] host_domain=spreadspace.org -environment_group=spreadspace +env_group=spreadspace [emc] emc-stats @@ -62,7 +62,7 @@ emc-00 [skillz:vars] host_domain=skillz.biz -environment_group=dan +env_group=dan [skillz] sk2013 host_name=2013 @@ -71,7 +71,7 @@ sk2016 host_name=2016 [elevate:vars] host_domain=elevate.at -environment_group=dan +env_group=dan [elevate] elemedia host_name=media diff --git a/spreadspace/vm-install.yml b/spreadspace/vm-install.yml new file mode 100644 index 00000000..b5d8bf2e --- /dev/null +++ b/spreadspace/vm-install.yml @@ -0,0 +1,2 @@ +--- +- import_playbook: ../common/vm-install.yml diff --git a/upgrade.sh b/upgrade.sh index 48849b82..e44379c5 100755 --- a/upgrade.sh +++ b/upgrade.sh @@ -1,13 +1,17 @@ #!/bin/bash -if [ -z "$1" ] || [ -z "$2" ]; then - echo "$0 " +if [ -z "$1" ]; then + echo "$0 " exit 1 fi -env="$1" -shift hosts="$1" shift -echo "######## upgrading host(s) '$hosts' in environment '$env' ########" -exec ansible-playbook -e "myhosts=$hosts" -e "myrole=upgrade" $@ "$env/generic.yaml" +source "${BASH_SOURCE%/*}/common/utils.sh" +get_ansible_variable env_group "$hosts" +if [ $? -ne 0 ]; then + exit 1 +fi + +echo "######## upgrading host(s) '$hosts' in environment '$env_group' ########" +exec ansible-playbook -e "myhosts=$hosts" -e "myrole=upgrade" $@ "$env_group/generic.yaml" diff --git a/vm-install.sh b/vm-install.sh index 0cc0be48..8d2bc665 100755 --- a/vm-install.sh +++ b/vm-install.sh @@ -4,7 +4,6 @@ if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then echo "$0 " exit 1 fi - name=$1 shift distro=$1 @@ -12,7 +11,13 @@ shift codename=$1 shift -echo "installing vm: $name with $distro/$codename" +source "${BASH_SOURCE%/*}/common/utils.sh" +get_ansible_variable env_group "$name" +if [ $? -ne 0 ]; then + exit 1 +fi + +echo "installing vm: $name with $distro/$codename in environment '$env_group'" echo "" echo "########## clearing old ssh host keys #########" @@ -20,4 +25,4 @@ echo "########## clearing old ssh host keys #########" echo "" echo "######## running the install playbook ########" -exec ansible-playbook -e "vmname=$name" -e "vmdistro=$distro" -e "vmdistcodename=$codename" $@ vm-install.yml +exec ansible-playbook -e "vmname=$name" -e "vmdistro=$distro" -e "vmdistcodename=$codename" $@ "$env_group/vm-install.yml" diff --git a/vm-install.yml b/vm-install.yml deleted file mode 100644 index e0685f9d..00000000 --- a/vm-install.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: preperations and sanity checks - hosts: "{{ vmname }}" - gather_facts: no - tasks: - - name: setup variables - set_fact: - vm_network_cooked: "{{ vm_network }}" - vm_install_cooked: "{{ vm_install }}" - - name: create temporary host group for vm host - add_host: - name: "{{ vm_install.host }}" - inventory_dir: "{{inventory_dir}}" - group: _vmhost_ - # TODO: add some sanity checks - -- name: basic installation - hosts: _vmhost_ - roles: - - role: vm/install - -- name: wait for new vm to start up - hosts: "{{ vmname }}" - gather_facts: no - tasks: - ## TODO: find a better way to fetch host key of new VMs - - name: disable ssh StrictHostKeyChecking for the next step - set_fact: - ansible_ssh_extra_args: -o StrictHostKeyChecking=no - - name: wait for vm to start up - wait_for_connection: - delay: 5 - timeout: 120 - - name: reenable StrictHostKeyChecking - set_fact: - ansible_ssh_extra_args: "" - -- import_playbook: "host_playbooks/{{ vmname }}.yml" - -- name: reboot and wait for VM come back - hosts: "{{ vmname }}" - gather_facts: no - roles: - - role: reboot-and-wait - reboot_delay: 10 - reboot_timeout: 120 -- cgit v1.2.3 From 57cc6098cf6315b0c2fee544c94d43d2a47bbfa4 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 Dec 2018 21:11:19 +0100 Subject: further improve script helpers --- apply-role.sh | 9 +++--- common/utils.sh | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- environment.sh | 68 ++--------------------------------------- upgrade.sh | 9 +++--- vm-install.sh | 9 +++--- 5 files changed, 105 insertions(+), 83 deletions(-) (limited to 'apply-role.sh') diff --git a/apply-role.sh b/apply-role.sh index 5af348d4..708a8357 100755 --- a/apply-role.sh +++ b/apply-role.sh @@ -9,11 +9,10 @@ shift role="$1" shift -source "${BASH_SOURCE%/*}/common/utils.sh" -get_ansible_variable env_group "$hosts" -if [ $? -ne 0 ]; then - exit 1 -fi +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$hosts" || exit 1 +vault_environment__set "$env_group" || exit 1 echo "######## applying the role '$role' to host(s) '$hosts' in environment '$env_group' ########" exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ "$env_group/generic.yaml" diff --git a/common/utils.sh b/common/utils.sh index 119305de..3e31c568 100644 --- a/common/utils.sh +++ b/common/utils.sh @@ -1,21 +1,108 @@ -## this contains several helper functions +## this file contains several helper functions, please source it to make use of them -get_ansible_variable() { +print_error() { + echo -e "\033[1;31mERROR:\033[1;0m $1" +} + +print_success() { + echo -e "\033[1;32mSuccess:\033[1;0m $1" +} + +print_info() { + echo -e "\033[1;37mInfo:\033[1;0m $1" +} + +########################### +## varibales from ansible hosts + +ansible_variable__get() { local _var_name="$1" local _hosts="$2" local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -m debug -a "var=$_var_name" | \ jq -r ".plays[].tasks[].hosts[].$_var_name" | sort | uniq) if [ $? -ne 0 ] || [ -z "$_result" ]; then + print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'" return 1 fi local _num_results=$(echo "$_result" | wc -l) if [ $_num_results -ne 1 ]; then - echo "ERROR: the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" + print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" return 2 fi eval "$_var_name"='$(echo "$_result")' return 0 } + + +########################### +## vault environment handling + +vault_environment__get() { + echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' +} + +vault_environment__set() { + unset ANSIBLE_VAULT_IDENTITY_LIST + for e in "$@"; do + vault_environment__activate $e || return 1 + done +} + +vault_environment__activate() { + if [ -z "$1" ]; then + print_error "please specify an environment" + return 2 + fi + + if [ ! -f "gpg/get-vault-pass-$1" ]; then + print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" + return 1 + fi + + for e in $(vault_environment__get); do + if [ "$1" = "$e" ]; then + print_info "environment '$1' is already active" + return 0 # environment is already activated + fi + done + + if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then + export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" + else + export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" + fi + print_success "environment '$1' is now active" + return 0 +} + +vault_environment__deactivate() { + local new_list + + if [ -z "$1" ]; then + print_error "please specify an environment" + return 2 + fi + + new_list="" + for e in $(vault_environment__get); do + if [ "$1" != "$e" ]; then + if [ -z "$new_list" ]; then + new_list="$e@gpg/get-vault-pass-$e" + else + new_list="$new_list,$e@gpg/get-vault-pass-$e" + fi + fi + done + + if [ -z "$new_list" ]; then + unset ANSIBLE_VAULT_IDENTITY_LIST + else + export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" + fi + + print_success "environment '$1' is now deactivated" + return 0 +} diff --git a/environment.sh b/environment.sh index 38a38340..7d99979a 100644 --- a/environment.sh +++ b/environment.sh @@ -1,71 +1,9 @@ ## -## must be sourced in your interactive shell or by scripts before using vault files +## must be sourced in your interactive shell session before using vault files +## scripts should source common/utils and call the functions directly ## -print_error() { - echo "\033[1;31mERROR:\033[1;0m $1" -} - -vault_environment__get() { - echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' -} - -vault_environment__set() { - unset ANSIBLE_VAULT_IDENTITY_LIST - for e in "$@"; do - vault_environment__activate $e - done -} - -vault_environment__activate() { - if [ -z "$1" ]; then - print_error "please specify an environment" - return - fi - - if [ ! -f "gpg/get-vault-pass-$1" ]; then - print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" - return - fi - - for e in $(vault_environment__get); do - if [ "$1" = "$e" ]; then - return - fi - done - - if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then - export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" - else - export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" - fi -} - -vault_environment__deactivate() { - local new_list - - if [ -z "$1" ]; then - print_error "please specify an environment" - return - fi - - new_list="" - for e in $(vault_environment__get); do - if [ "$1" != "$e" ]; then - if [ -z "$new_list" ]; then - new_list="$e@gpg/get-vault-pass-$e" - else - new_list="$new_list,$e@gpg/get-vault-pass-$e" - fi - fi - done - - if [ -z "$new_list" ]; then - unset ANSIBLE_VAULT_IDENTITY_LIST - else - export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" - fi -} +source common/utils.sh op="$1" if [ -n "$op" ]; then diff --git a/upgrade.sh b/upgrade.sh index e44379c5..49e1b6f2 100755 --- a/upgrade.sh +++ b/upgrade.sh @@ -7,11 +7,10 @@ fi hosts="$1" shift -source "${BASH_SOURCE%/*}/common/utils.sh" -get_ansible_variable env_group "$hosts" -if [ $? -ne 0 ]; then - exit 1 -fi +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$hosts" || exit 1 +vault_environment__set "$env_group" || exit 1 echo "######## upgrading host(s) '$hosts' in environment '$env_group' ########" exec ansible-playbook -e "myhosts=$hosts" -e "myrole=upgrade" $@ "$env_group/generic.yaml" diff --git a/vm-install.sh b/vm-install.sh index 8d2bc665..933992cb 100755 --- a/vm-install.sh +++ b/vm-install.sh @@ -11,11 +11,10 @@ shift codename=$1 shift -source "${BASH_SOURCE%/*}/common/utils.sh" -get_ansible_variable env_group "$name" -if [ $? -ne 0 ]; then - exit 1 -fi +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$name" || exit 1 +vault_environment__set "$env_group" || exit 1 echo "installing vm: $name with $distro/$codename in environment '$env_group'" echo "" -- cgit v1.2.3