summaryrefslogtreecommitdiff
path: root/common/utils.sh
blob: c21d9079ab913acb864b22145e9537b02ad5c54a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
## this file contains several helper functions, please source it to make use of them

print_error() {
  echo -e "\033[1;31mERROR:\033[1;0m $1"
}

print_success() {
  echo -e "\033[1;32mSuccess:\033[1;0m $1"
}

print_info() {
  echo -e "\033[1;37mInfo:\033[1;0m $1"
}

###########################
## varibales from ansible hosts

ansible_variable__get() {
  local _var_name="$1"
  local _hosts="$2"

  local _result=$(env ANSIBLE_STDOUT_CALLBACK="json" ansible "$_hosts" -e vault_ansible_become_password="" -m debug -a "msg={{ $_var_name }}" | \
    jq -r '.plays[].tasks[].hosts[] | select(.failed != true) | .msg' | sort | uniq)
  if [ $? -ne 0 ] || [ -z "$_result" ]; then
    print_error "failed to get value of variable '$_var_name' for host(s) '$_hosts'"
    return 1
  fi

  local _num_results=$(echo "$_result" | wc -l)
  if [ $_num_results -ne 1 ]; then
    print_error "the vairable '$_var_name' is not unique for the given hosts '$_hosts', got values: $(echo $_result | xargs | sed 's/ /, /g')"
    return 2
  fi

  eval "$_var_name"='$(echo "$_result")'
  return 0
}


###########################
## remove ssh known_hosts entries

remove_known_hosts() {
  local inventory_hostname="$1"
  local ssh_hostname=$(ssh -G "$inventory_hostname" | grep "^hostname " | awk '{ print($2) }' )
  local ssh_port=$(ssh -G "$inventory_hostname" | grep "^port " | awk '{ print($2) }' )
  local known_hosts_file=$(ssh -G "$inventory_hostname" | grep "^userknownhostsfile " | awk '{ print($2) }' )
  local known_hosts_file=${known_hosts_file/#\~/$HOME}

  local -a names
  names+=("$inventory_hostname")
  names+=("$ssh_hostname")
  names+=("$ssh_hostname:$ssh_port")
  names+=("[$ssh_hostname]:$ssh_port")

  ansible_variable__get ansible_host "$inventory_hostname" || exit 1
  names+=("$ansible_host")
  ansible_variable__get host_name "$inventory_hostname" || exit 1
  names+=("$host_name")
  ansible_variable__get host_domain "$inventory_hostname" > /dev/null 2>&1 && names+=("$host_name.$host_domain")

  local name=""
  for name in ${names[@]} ; do
    ssh-keygen -f "$known_hosts_file" -R "$name"
  done
}


###########################
## vault environment handling

vault_environment__get() {
  echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d'
}

vault_environment__set() {
  unset ANSIBLE_VAULT_IDENTITY_LIST
  for e in "$@"; do
    vault_environment__activate $e || return 1
  done
}

vault_environment__activate() {
  if [ -z "$1" ]; then
    print_error "please specify an environment"
    return 2
  fi

  if [ ! -f "gpg/get-vault-pass-$1" ]; then
    print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'"
    return 1
  fi

  local e=""
  for e in $(vault_environment__get); do
    if [ "$1" = "$e" ]; then
      print_info "environment '$1' is already active"
      return 0 # environment is already activated
    fi
  done

  local err_out=$(("gpg/get-vault-pass-$1" > /dev/null) 2>&1)
  if [ -n "$err_out" ]; then
    print_error "failed to activate environment: '$1' .. reading passphrase from 'gpg/get-vault-pass-$1' returned an error"
    return 1
  fi

  if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then
    export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1"
  else
    export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1"
  fi
  print_success "environment '$1' is now active"
  return 0
}

vault_environment__deactivate() {

  if [ -z "$1" ]; then
    print_error "please specify an environment"
    return 2
  fi

  local new_list=""
  local e=""
  for e in $(vault_environment__get); do
    if [ "$1" != "$e" ]; then
      if [ -z "$new_list" ]; then
        new_list="$e@gpg/get-vault-pass-$e"
      else
        new_list="$new_list,$e@gpg/get-vault-pass-$e"
      fi
    fi
  done

  if [ -z "$new_list" ]; then
    unset ANSIBLE_VAULT_IDENTITY_LIST
  else
    export ANSIBLE_VAULT_IDENTITY_LIST="$new_list"
  fi

  print_success "environment '$1' is now deactivated"
  return 0
}