Better cleanup handling + fix loki logs
This commit is contained in:
parent
b8e536d701
commit
82e5ef0c83
76
ctctl
76
ctctl
|
@ -1,18 +1,18 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
trap ctctl_clean INT
|
||||
trap ctctl_exit INT
|
||||
|
||||
# Print current environnement
|
||||
ctctl_current_env(){
|
||||
if [ -z "${CTCTL_DOMAIN}" ]; then
|
||||
echo "Unknown container domain"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
echo "Cluster: ${CTCTL_DOMAIN}"
|
||||
if [ -z "${CTCTL_ENV}" ]; then
|
||||
echo "Unknown container environment"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
echo "Namespace: ${CTCTL_ENV}"
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ ctctl_switch_env(){
|
|||
|
||||
if [ ! -e ~/.ctctl/${TARGET_DOM}/ctctl.conf ]; then
|
||||
echo "Env ${TARGET_DOM} doesn't exist"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
|
||||
# Clear any variable
|
||||
|
@ -136,7 +136,7 @@ ctctl_check_nomad_token(){
|
|||
ctctl_auth_env(){
|
||||
if [ -z "${CTCTL_DOMAIN}" ]; then
|
||||
echo "Unknown environment"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
|
||||
NEED_LOGIN=1
|
||||
|
@ -157,7 +157,7 @@ ctctl_auth_env(){
|
|||
fi
|
||||
if [ "${NEED_LOGIN}" = "1" ]; then
|
||||
echo "You're not connected on vault. Please enter your account password"
|
||||
export VAULT_TOKEN=$(vault login -field=token ${VAULT_AUTH_CONFIG:--method=ldap username=${CTCTL_USER:-$(whoami | sed -r 's/\@.*//')}} || kill -INT $$)
|
||||
export VAULT_TOKEN=$(vault login -field=token ${VAULT_AUTH_CONFIG:--method=ldap username=${CTCTL_USER:-$(whoami | sed -r 's/\@.*//')}} || ctctl_exit)
|
||||
echo "Logged on vault successfuly"
|
||||
else
|
||||
echo "Your vault token is valid"
|
||||
|
@ -197,22 +197,22 @@ ctctl_auth_env(){
|
|||
echo "Fecthing a Nomad token from vault"
|
||||
NOMAD_CREDS=$(vault read -format=json ${VAULT_PREFIX:-}nomad/creds/${NOMAD_ROLE})
|
||||
export NOMAD_TOKEN=$(echo -n ${NOMAD_CREDS} | jq -r .data.secret_id)
|
||||
export NOMAD_LEASE=$(echo -n ${NOMAD_CREDS} | jq -r .lease_id)
|
||||
export NOMAD_VAULT_LEASE=$(echo -n ${NOMAD_CREDS} | jq -r .lease_id)
|
||||
unset NOMAD_CREDS
|
||||
else
|
||||
echo "Nomad token is valid, renewing lease"
|
||||
vault lease renew ${NOMAD_LEASE} >/dev/null
|
||||
vault lease renew ${NOMAD_VAULT_LEASE} >/dev/null
|
||||
fi
|
||||
# Check if we have a valid consul token already
|
||||
if [ "$(ctctl_check_consul_token)" != "1" ]; then
|
||||
echo "Fetching a Consul token from vault"
|
||||
CONSUL_CREDS=$(vault read -format=json ${VAULT_PREFIX:-}consul/creds/${CONSUL_ROLE})
|
||||
export CONSUL_HTTP_TOKEN=$(echo -n ${CONSUL_CREDS} | jq -r .data.token)
|
||||
export CONSUL_LEASE=$(echo -n ${CONSUL_CREDS} | jq -r .lease_id)
|
||||
export CONSUL_VAULT_LEASE=$(echo -n ${CONSUL_CREDS} | jq -r .lease_id)
|
||||
unset CONSUL_CREDS
|
||||
else
|
||||
echo "Consul token is valid, renewing lease"
|
||||
vault lease renew ${CONSUL_LEASE} >/dev/null
|
||||
vault lease renew ${CONSUL_VAULT_LEASE} >/dev/null
|
||||
fi
|
||||
|
||||
ctctl_load_config
|
||||
|
@ -221,15 +221,15 @@ ctctl_auth_env(){
|
|||
ctctl_renew_leases(){
|
||||
# Renew vault token
|
||||
([ -n "${VAULT_TOKEN}" ] && vault token renew >/dev/null &)
|
||||
([ -n "${NOMAD_LEASE}" ] && vault lease renew ${NOMAD_LEASE} >/dev/null &)
|
||||
([ -n "${CONSUL_LEASE}" ] && vault lease renew ${CONSUL_LEASE} >/dev/null &)
|
||||
([ -n "${NOMAD_VAULT_LEASE}" ] && vault lease renew ${NOMAD_VAULT_LEASE} >/dev/null &)
|
||||
([ -n "${CONSUL_VAULT_LEASE}" ] && vault lease renew ${CONSUL_VAULT_LEASE} >/dev/null &)
|
||||
}
|
||||
|
||||
# Logout from the current env
|
||||
ctctl_logout_env(){
|
||||
if [ -z "${CTCTL_DOMAIN}" ]; then
|
||||
echo "Unknown environment"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
echo "Disconecting from ${CTCTL_DOMAIN} environment"
|
||||
vault token revoke -self
|
||||
|
@ -260,14 +260,14 @@ ctctl_ls_build_docker_images(){
|
|||
ctctl_load_policies(){
|
||||
if [ "$(ctctl_check_env)" = "0" ]; then
|
||||
echo "Not currently in a valid env. Run ctctl (with no argument) and select your env first"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
|
||||
for DIR in ./output .; do
|
||||
if [ -d "${DIR}/vault/policies" ]; then
|
||||
if [ "$(ctctl_check_vault_token)" != "1" ]; then
|
||||
echo "No valid vault token. You have to authenticate first"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
for PFILE in $(ls ${DIR}/vault/policies/*.hcl 2>/dev/null); do
|
||||
if [ "${DIR}" = "./output" -a -e "$(echo ${PFILE} | sed -E 's|^\./output/|./|')" ]; then
|
||||
|
@ -283,9 +283,9 @@ ctctl_load_policies(){
|
|||
done
|
||||
fi
|
||||
if [ -d "${DIR}/consul/policies" ]; then
|
||||
if [ "$(check_consul_token)" != "1" ]; then
|
||||
if [ "$(ctctl_check_consul_token)" != "1" ]; then
|
||||
echo "No valid consul token. You have to authenticate first"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
CONSUL_CUR_POLICIES=$(consul acl policy list -format=json)
|
||||
for PFILE in $(ls ${DIR}/consul/policies/*.hcl 2>/dev/null); do
|
||||
|
@ -311,7 +311,7 @@ ctctl_load_policies(){
|
|||
if [ -d "${DIR}/nomad/policies" ]; then
|
||||
if [ "$(ctctl_check_nomad_token)" != "1" ]; then
|
||||
echo "No valid nomad token. You have to authenticate first"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
for PFILE in $(ls ${DIR}nomad/policies/*.hcl 2>/dev/null); do
|
||||
PNAME=$(basename ${PFILE} .hcl)
|
||||
|
@ -336,7 +336,7 @@ ctctl_load_consul_conf(){
|
|||
if [ -d "${DIR}/consul/config" ]; then
|
||||
if [ "$(ctctl_check_consul_token)" != "1" ]; then
|
||||
echo "No valid consul token. You have to authenticate first"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
# Note : service-defaults should be loaded before the others
|
||||
# but that should be the case
|
||||
|
@ -383,7 +383,7 @@ ctctl_load_consul_conf(){
|
|||
ctctl_build_required_images(){
|
||||
for DOCKER_IMAGE in $(ctctl_ls_build_docker_images); do
|
||||
if ! docker manifest inspect ${DOCKER_IMAGE} > /dev/null 2>&1; then
|
||||
build_image ${DOCKER_IMAGE}
|
||||
ctctl_build_image ${DOCKER_IMAGE}
|
||||
else
|
||||
echo "Image ${DOCKER_IMAGE} already available"
|
||||
fi
|
||||
|
@ -394,7 +394,7 @@ ctctl_build_required_images(){
|
|||
ctctl_build_selected_images(){
|
||||
local NO_CACHE=$1
|
||||
for DOCKER_IMAGE in $(ctctl_ls_build_docker_images | fzf -m --header "Select images to build (space to select, then enter)"); do
|
||||
build_image "${DOCKER_IMAGE}" ${NO_CACHE}
|
||||
ctctl_build_image "${DOCKER_IMAGE}" ${NO_CACHE}
|
||||
done
|
||||
}
|
||||
|
||||
|
@ -427,7 +427,7 @@ ctctl_build_image(){
|
|||
done
|
||||
if [ "${FOUND}" = "0" ]; then
|
||||
echo "Couldn't find Docker image directory"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
unset DOCKER_BUILDKIT
|
||||
}
|
||||
|
@ -568,10 +568,10 @@ ctctl_render_templates(){
|
|||
# Do not render templates from dependencies, variables files and images (images will be handled later)
|
||||
GOMPLATE_BUNDLE_ARGS+=(--exclude .git* --exclude deps/** --exclude variables.yml --exclude images/** --exclude templates/**)
|
||||
# This is used for two things
|
||||
# - Add the env.suffix to every files (except job files). This permit ctctl to simply infer the policy name from the file name
|
||||
# - Add the consul.suffix to every files (except job files). This allows ctctl to simply infer the policy name from the file name
|
||||
# - Put job files in the current dir for conveniance, and everything else in the output dir
|
||||
GOMPLATE_BUNDLE_ARGS+=(--output-map)
|
||||
GOMPLATE_BUNDLE_ARGS+=('[[ if (regexp.Match ".*\\.nomad(\\.hcl)?" .in) ]][[ .in ]][[ else ]]output/[[ .in | path.Dir ]]/[[ .in | path.Base | regexp.Replace "^([^\\.]+)\\.(.*)$" (printf "%s%s.%s" "$1" .ctx.env.suffix "$2") ]][[ end ]]')
|
||||
GOMPLATE_BUNDLE_ARGS+=('[[ if (regexp.Match ".*\\.nomad(\\.hcl)?" .in) ]][[ .in ]][[ else ]]output/[[ .in | path.Dir ]]/[[ .in | path.Base | regexp.Replace "^([^\\.]+)\\.(.*)$" (printf "%s%s.%s" "$1" .ctx.consul.suffix "$2") ]][[ end ]]')
|
||||
|
||||
echo
|
||||
|
||||
|
@ -682,11 +682,11 @@ ctctl_loki_logs(){
|
|||
|
||||
if [ -z "${LOKI_ADDR}" ]; then
|
||||
echo "You need to configure loki first (LOKI_ADDR, LOKI_USERNAME and LOKI_PASSWORD or LOKI_PWD_CMD)"
|
||||
kill -INT $$
|
||||
ctctl_exit
|
||||
fi
|
||||
|
||||
if [ -n "${LOKI_PWD_CMD}" ]; then
|
||||
export LOKI_PASSWORD=$(${LOKI_PWD_CMD})
|
||||
export LOKI_PASSWORD=$(eval ${LOKI_PWD_CMD})
|
||||
fi
|
||||
|
||||
LOGCLI_CMD="logcli query --include-label=job --include-label=group --include-label=task"
|
||||
|
@ -698,7 +698,7 @@ ctctl_loki_logs(){
|
|||
${LOGCLI_CMD} $@
|
||||
else
|
||||
# Exclude connect-proxy logs as it's often not wanted
|
||||
SELECTOR='{job=~"'$(ctctl_ls_jobs | sed -zE 's/\n/|/g' | sed -E 's/\s+//')'", task!~"connect-proxy-.+|tls-proxy|metrics-proxy"}'
|
||||
SELECTOR='{job=~"'$(ctctl_ls_jobs | sed -zE 's/\n/|/g' | sed -E 's/\s+//' | sed -E 's/\|$//')'", task!~"connect-proxy-.+|tls-proxy|metrics-proxy"}'
|
||||
echo "Running ${LOGCLI_CMD} $@ ${SELECTOR}"
|
||||
${LOGCLI_CMD} $@ "${SELECTOR}"
|
||||
fi
|
||||
|
@ -754,9 +754,14 @@ ctctl_get_conf(){
|
|||
# Return a space separated list of jobs the current dir
|
||||
ctctl_ls_jobs(){
|
||||
local JOBS=""
|
||||
for JOBFILE in $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \)); do
|
||||
echo $(nomad run -output ${JOBFILE} | jq -r '.Job.Name')
|
||||
done
|
||||
if [ $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \) | wc -l) -gt 0 ]; then
|
||||
for JOBFILE in $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \)); do
|
||||
echo $(nomad run -output ${JOBFILE} | jq -r '.Job.Name')
|
||||
done
|
||||
else
|
||||
# If current dir has no job file, return all running jobs
|
||||
nomad job status -short | grep -E '\s+running\s+' | cut -d' ' -f1
|
||||
fi
|
||||
unset JOB JOBFILE
|
||||
}
|
||||
|
||||
|
@ -831,21 +836,22 @@ ctctl_alloc_logs(){
|
|||
else
|
||||
TASK=$(echo "${TASKS}" | fzf --header "Select desired task")
|
||||
fi
|
||||
echo "Running nomad alloc logs -f -tail -n 50 ${ALLOC} ${TASK}"
|
||||
nomad alloc logs -f -tail -n 50 ${ALLOC} ${TASK}
|
||||
echo "Running nomad alloc logs -f ${ALLOC} ${TASK}"
|
||||
nomad alloc logs -f ${ALLOC} ${TASK}
|
||||
unset ALLOCS ALLOC TASKS TASK
|
||||
}
|
||||
|
||||
ctctl_clean(){
|
||||
ctctl_exit(){
|
||||
# Cleanup by unseting all functions
|
||||
for FUNC in $(declare -F | grep -E '^declare -f ctctl_' | sed -E 's/^declare -f //'); do
|
||||
unset -f ${FUNC}
|
||||
done
|
||||
# Remove trap on SIGINT
|
||||
trap - INT
|
||||
kill -INT $$
|
||||
}
|
||||
|
||||
export FZF_DEFAULT_OPTS=${FZF_DEFAULT_OPTS:-"--height=~10% --cycle --bind 'space:toggle' --marker='*'"}
|
||||
export FZF_DEFAULT_OPTS=${CTCTL_FZF_DEFAULT_OPTS:-"--height=~25% --cycle --bind 'space:toggle' --marker='*'"}
|
||||
|
||||
case $1 in
|
||||
current)
|
||||
|
@ -924,4 +930,4 @@ case $1 in
|
|||
;;
|
||||
esac
|
||||
|
||||
ctctl_clean
|
||||
ctctl_exit
|
||||
|
|
Loading…
Reference in New Issue