## this file contains several helper functions, please source it to make use of them print_error() { echo -e "\033[1;31mERROR:\033[1;0m $1" } print_success() { echo -e "\033[1;32mSuccess:\033[1;0m $1" } print_info() { echo -e "\033[1;37mInfo:\033[1;0m $1" } ########################### ## varibales from ansible hosts ansible_variable__get() { local _var_name="$1" local _hosts="$2" local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -e vault_ansible_become_password="" -m debug -a "msg={{ $_var_name }}" | \ jq -r '.plays[].tasks[].hosts[] | select(.failed != true) | .msg' | sort | uniq) if [ $? -ne 0 ] || [ -z "$_result" ]; then print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'" return 1 fi local _num_results=$(echo "$_result" | wc -l) if [ $_num_results -ne 1 ]; then print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')" return 2 fi eval "$_var_name"='$(echo "$_result")' return 0 } ########################### ## remove ssh known_hosts entries remove_known_hosts() { local inventory_hostname="$1" local ssh_hostname=$(ssh -G "$inventory_hostname" | grep "^hostname " | awk '{ print($2) }' ) local ssh_port=$(ssh -G "$inventory_hostname" | grep "^port " | awk '{ print($2) }' ) local known_hosts_file=$(ssh -G "$inventory_hostname" | grep "^userknownhostsfile " | awk '{ print($2) }' ) local known_hosts_file=${known_hosts_file/#\~/$HOME} local -a names names+=("$inventory_hostname") names+=("$ssh_hostname") names+=("$ssh_hostname:$ssh_port") names+=("[$ssh_hostname]:$ssh_port") ansible_variable__get ansible_host "$inventory_hostname" || exit 1 names+=("$ansible_host") ansible_variable__get host_name "$inventory_hostname" || exit 1 names+=("$host_name") ansible_variable__get host_domain "$inventory_hostname" > /dev/null 2>&1 && names+=("$host_name.$host_domain") local name="" for name in ${names[@]} ; do ssh-keygen -f "$known_hosts_file" -R "$name" done } ########################### ## vault environment handling vault_environment__get() { echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' } vault_environment__set() { unset ANSIBLE_VAULT_IDENTITY_LIST for e in "$@"; do vault_environment__activate $e || return 1 done } vault_environment__activate() { if [ -z "$1" ]; then print_error "please specify an environment" return 2 fi if [ ! -f "gpg/get-vault-pass-$1" ]; then print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" return 1 fi local e="" for e in $(vault_environment__get); do if [ "$1" = "$e" ]; then print_info "environment '$1' is already active" return 0 # environment is already activated fi done local err_out=$(("gpg/get-vault-pass-$1" > /dev/null) 2>&1) if [ -n "$err_out" ]; then print_error "failed to activate environment: '$1' .. reading passphrase from 'gpg/get-vault-pass-$1' returned an error" return 1 fi if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" else export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" fi print_success "environment '$1' is now active" return 0 } vault_environment__deactivate() { if [ -z "$1" ]; then print_error "please specify an environment" return 2 fi local new_list="" local e="" for e in $(vault_environment__get); do if [ "$1" != "$e" ]; then if [ -z "$new_list" ]; then new_list="$e@gpg/get-vault-pass-$e" else new_list="$new_list,$e@gpg/get-vault-pass-$e" fi fi done if [ -z "$new_list" ]; then unset ANSIBLE_VAULT_IDENTITY_LIST else export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" fi print_success "environment '$1' is now deactivated" return 0 }