dani
/
ctctl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Better cleanup handling + fix loki logs

This commit is contained in:
Daniel Berteaud 2023-10-13 11:54:00 +02:00
parent b8e536d701
commit 82e5ef0c83
1 changed files with 41 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
ctctl
View File

@ -1,18 +1,18 @@
#!/usr/bin/env bash
trap ctctl_clean INT
trap ctctl_exit INT
# Print current environnement
ctctl_current_env(){
if [ -z "${CTCTL_DOMAIN}" ]; then
echo "Unknown container domain"
kill -INT $$
ctctl_exit
fi
echo "Cluster: ${CTCTL_DOMAIN}"
if [ -z "${CTCTL_ENV}" ]; then
echo "Unknown container environment"
kill -INT $$
ctctl_exit
fi
echo "Namespace: ${CTCTL_ENV}"
}
@ -54,7 +54,7 @@ ctctl_switch_env(){
if [ ! -e ~/.ctctl/${TARGET_DOM}/ctctl.conf ]; then
echo "Env ${TARGET_DOM} doesn't exist"
kill -INT $$
ctctl_exit
fi
# Clear any variable
@ -136,7 +136,7 @@ ctctl_check_nomad_token(){
ctctl_auth_env(){
if [ -z "${CTCTL_DOMAIN}" ]; then
echo "Unknown environment"
kill -INT $$
ctctl_exit
fi
NEED_LOGIN=1
@ -157,7 +157,7 @@ ctctl_auth_env(){
fi
if [ "${NEED_LOGIN}" = "1" ]; then
echo "You're not connected on vault. Please enter your account password"
export VAULT_TOKEN=$(vault login -field=token ${VAULT_AUTH_CONFIG:--method=ldap username=${CTCTL_USER:-$(whoami | sed -r 's/\@.*//')}} || kill -INT $$)
export VAULT_TOKEN=$(vault login -field=token ${VAULT_AUTH_CONFIG:--method=ldap username=${CTCTL_USER:-$(whoami | sed -r 's/\@.*//')}} || ctctl_exit)
echo "Logged on vault successfuly"
else
echo "Your vault token is valid"
@ -197,22 +197,22 @@ ctctl_auth_env(){
echo "Fecthing a Nomad token from vault"
NOMAD_CREDS=$(vault read -format=json ${VAULT_PREFIX:-}nomad/creds/${NOMAD_ROLE})
export NOMAD_TOKEN=$(echo -n ${NOMAD_CREDS} | jq -r .data.secret_id)
export NOMAD_LEASE=$(echo -n ${NOMAD_CREDS} | jq -r .lease_id)
export NOMAD_VAULT_LEASE=$(echo -n ${NOMAD_CREDS} | jq -r .lease_id)
unset NOMAD_CREDS
else
echo "Nomad token is valid, renewing lease"
vault lease renew ${NOMAD_LEASE} >/dev/null
vault lease renew ${NOMAD_VAULT_LEASE} >/dev/null
fi
# Check if we have a valid consul token already
if [ "$(ctctl_check_consul_token)" != "1" ]; then
echo "Fetching a Consul token from vault"
CONSUL_CREDS=$(vault read -format=json ${VAULT_PREFIX:-}consul/creds/${CONSUL_ROLE})
export CONSUL_HTTP_TOKEN=$(echo -n ${CONSUL_CREDS} | jq -r .data.token)
export CONSUL_LEASE=$(echo -n ${CONSUL_CREDS} | jq -r .lease_id)
export CONSUL_VAULT_LEASE=$(echo -n ${CONSUL_CREDS} | jq -r .lease_id)
unset CONSUL_CREDS
else
echo "Consul token is valid, renewing lease"
vault lease renew ${CONSUL_LEASE} >/dev/null
vault lease renew ${CONSUL_VAULT_LEASE} >/dev/null
fi
ctctl_load_config
@ -221,15 +221,15 @@ ctctl_auth_env(){
ctctl_renew_leases(){
# Renew vault token
([ -n "${VAULT_TOKEN}" ] && vault token renew >/dev/null &)
([ -n "${NOMAD_LEASE}" ] && vault lease renew ${NOMAD_LEASE} >/dev/null &)
([ -n "${CONSUL_LEASE}" ] && vault lease renew ${CONSUL_LEASE} >/dev/null &)
([ -n "${NOMAD_VAULT_LEASE}" ] && vault lease renew ${NOMAD_VAULT_LEASE} >/dev/null &)
([ -n "${CONSUL_VAULT_LEASE}" ] && vault lease renew ${CONSUL_VAULT_LEASE} >/dev/null &)
}
# Logout from the current env
ctctl_logout_env(){
if [ -z "${CTCTL_DOMAIN}" ]; then
echo "Unknown environment"
kill -INT $$
ctctl_exit
fi
echo "Disconecting from ${CTCTL_DOMAIN} environment"
vault token revoke -self
@ -260,14 +260,14 @@ ctctl_ls_build_docker_images(){
ctctl_load_policies(){
if [ "$(ctctl_check_env)" = "0" ]; then
echo "Not currently in a valid env. Run ctctl (with no argument) and select your env first"
kill -INT $$
ctctl_exit
fi
for DIR in ./output .; do
if [ -d "${DIR}/vault/policies" ]; then
if [ "$(ctctl_check_vault_token)" != "1" ]; then
echo "No valid vault token. You have to authenticate first"
kill -INT $$
ctctl_exit
fi
for PFILE in $(ls ${DIR}/vault/policies/*.hcl 2>/dev/null); do
if [ "${DIR}" = "./output" -a -e "$(echo ${PFILE} | sed -E 's|^\./output/|./|')" ]; then
@ -283,9 +283,9 @@ ctctl_load_policies(){
done
fi
if [ -d "${DIR}/consul/policies" ]; then
if [ "$(check_consul_token)" != "1" ]; then
if [ "$(ctctl_check_consul_token)" != "1" ]; then
echo "No valid consul token. You have to authenticate first"
kill -INT $$
ctctl_exit
fi
CONSUL_CUR_POLICIES=$(consul acl policy list -format=json)
for PFILE in $(ls ${DIR}/consul/policies/*.hcl 2>/dev/null); do
@ -311,7 +311,7 @@ ctctl_load_policies(){
if [ -d "${DIR}/nomad/policies" ]; then
if [ "$(ctctl_check_nomad_token)" != "1" ]; then
echo "No valid nomad token. You have to authenticate first"
kill -INT $$
ctctl_exit
fi
for PFILE in $(ls ${DIR}nomad/policies/*.hcl 2>/dev/null); do
PNAME=$(basename ${PFILE} .hcl)
@ -336,7 +336,7 @@ ctctl_load_consul_conf(){
if [ -d "${DIR}/consul/config" ]; then
if [ "$(ctctl_check_consul_token)" != "1" ]; then
echo "No valid consul token. You have to authenticate first"
kill -INT $$
ctctl_exit
fi
# Note : service-defaults should be loaded before the others
# but that should be the case
@ -383,7 +383,7 @@ ctctl_load_consul_conf(){
ctctl_build_required_images(){
for DOCKER_IMAGE in $(ctctl_ls_build_docker_images); do
if ! docker manifest inspect ${DOCKER_IMAGE} > /dev/null 2>&1; then
build_image ${DOCKER_IMAGE}
ctctl_build_image ${DOCKER_IMAGE}
else
echo "Image ${DOCKER_IMAGE} already available"
fi
@ -394,7 +394,7 @@ ctctl_build_required_images(){
ctctl_build_selected_images(){
local NO_CACHE=$1
for DOCKER_IMAGE in $(ctctl_ls_build_docker_images | fzf -m --header "Select images to build (space to select, then enter)"); do
build_image "${DOCKER_IMAGE}" ${NO_CACHE}
ctctl_build_image "${DOCKER_IMAGE}" ${NO_CACHE}
done
}
@ -427,7 +427,7 @@ ctctl_build_image(){
done
if [ "${FOUND}" = "0" ]; then
echo "Couldn't find Docker image directory"
kill -INT $$
ctctl_exit
fi
unset DOCKER_BUILDKIT
}
@ -568,10 +568,10 @@ ctctl_render_templates(){
# Do not render templates from dependencies, variables files and images (images will be handled later)
GOMPLATE_BUNDLE_ARGS+=(--exclude .git* --exclude deps/** --exclude variables.yml --exclude images/** --exclude templates/**)
# This is used for two things
# - Add the env.suffix to every files (except job files). This permit ctctl to simply infer the policy name from the file name
# - Add the consul.suffix to every files (except job files). This allows ctctl to simply infer the policy name from the file name
# - Put job files in the current dir for conveniance, and everything else in the output dir
GOMPLATE_BUNDLE_ARGS+=(--output-map)
GOMPLATE_BUNDLE_ARGS+=('[[ if (regexp.Match ".*\\.nomad(\\.hcl)?" .in) ]][[ .in ]][[ else ]]output/[[ .in | path.Dir ]]/[[ .in | path.Base | regexp.Replace "^([^\\.]+)\\.(.*)$" (printf "%s%s.%s" "$1" .ctx.env.suffix "$2") ]][[ end ]]')
GOMPLATE_BUNDLE_ARGS+=('[[ if (regexp.Match ".*\\.nomad(\\.hcl)?" .in) ]][[ .in ]][[ else ]]output/[[ .in | path.Dir ]]/[[ .in | path.Base | regexp.Replace "^([^\\.]+)\\.(.*)$" (printf "%s%s.%s" "$1" .ctx.consul.suffix "$2") ]][[ end ]]')
echo
@ -682,11 +682,11 @@ ctctl_loki_logs(){
if [ -z "${LOKI_ADDR}" ]; then
echo "You need to configure loki first (LOKI_ADDR, LOKI_USERNAME and LOKI_PASSWORD or LOKI_PWD_CMD)"
kill -INT $$
ctctl_exit
fi
if [ -n "${LOKI_PWD_CMD}" ]; then
export LOKI_PASSWORD=$(${LOKI_PWD_CMD})
export LOKI_PASSWORD=$(eval ${LOKI_PWD_CMD})
fi
LOGCLI_CMD="logcli query --include-label=job --include-label=group --include-label=task"
@ -698,7 +698,7 @@ ctctl_loki_logs(){
${LOGCLI_CMD} $@
else
# Exclude connect-proxy logs as it's often not wanted
SELECTOR='{job=~"'$(ctctl_ls_jobs | sed -zE 's/\n/|/g' | sed -E 's/\s+//')'", task!~"connect-proxy-.+|tls-proxy|metrics-proxy"}'
SELECTOR='{job=~"'$(ctctl_ls_jobs | sed -zE 's/\n/|/g' | sed -E 's/\s+//' | sed -E 's/\|$//')'", task!~"connect-proxy-.+|tls-proxy|metrics-proxy"}'
echo "Running ${LOGCLI_CMD} $@ ${SELECTOR}"
${LOGCLI_CMD} $@ "${SELECTOR}"
fi
@ -754,9 +754,14 @@ ctctl_get_conf(){
# Return a space separated list of jobs the current dir
ctctl_ls_jobs(){
local JOBS=""
for JOBFILE in $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \)); do
echo $(nomad run -output ${JOBFILE} | jq -r '.Job.Name')
done
if [ $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \) | wc -l) -gt 0 ]; then
for JOBFILE in $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \)); do
echo $(nomad run -output ${JOBFILE} | jq -r '.Job.Name')
done
else
# If current dir has no job file, return all running jobs
nomad job status -short | grep -E '\s+running\s+' | cut -d' ' -f1
fi
unset JOB JOBFILE
}
@ -831,21 +836,22 @@ ctctl_alloc_logs(){
else
TASK=$(echo "${TASKS}" | fzf --header "Select desired task")
fi
echo "Running nomad alloc logs -f -tail -n 50 ${ALLOC} ${TASK}"
nomad alloc logs -f -tail -n 50 ${ALLOC} ${TASK}
echo "Running nomad alloc logs -f ${ALLOC} ${TASK}"
nomad alloc logs -f ${ALLOC} ${TASK}
unset ALLOCS ALLOC TASKS TASK
}
ctctl_clean(){
ctctl_exit(){
# Cleanup by unseting all functions
for FUNC in $(declare -F | grep -E '^declare -f ctctl_' | sed -E 's/^declare -f //'); do
unset -f ${FUNC}
done
# Remove trap on SIGINT
trap - INT
kill -INT $$
}
export FZF_DEFAULT_OPTS=${FZF_DEFAULT_OPTS:-"--height=~10% --cycle --bind 'space:toggle' --marker='*'"}
export FZF_DEFAULT_OPTS=${CTCTL_FZF_DEFAULT_OPTS:-"--height=~25% --cycle --bind 'space:toggle' --marker='*'"}
case $1 in
current)
@ -924,4 +930,4 @@ case $1 in
;;
esac
ctctl_clean
ctctl_exit