Small enhacements, new render command
This commit is contained in:
parent
2776831640
commit
92a01638f1
|
@ -3,7 +3,7 @@ _ctctl(){
|
|||
_init_completion || return
|
||||
|
||||
case $prev in
|
||||
auth|disconnect|prep|current|tokens|list|build|build-no-cache|volumes|logs|conf)
|
||||
auth|disconnect|render|current|tokens|list|build|build-no-cache|volumes|logs|conf)
|
||||
return
|
||||
;;
|
||||
switch)
|
||||
|
@ -12,7 +12,7 @@ _ctctl(){
|
|||
;;
|
||||
esac
|
||||
|
||||
COMPREPLY=($(compgen -W 'auth switch current disconnect prep tokens list build build-no-cache volumes logs conf' -- "$cur"))
|
||||
COMPREPLY=($(compgen -W 'auth switch current disconnect render prep tokens list build build-no-cache volumes logs conf' -- "$cur"))
|
||||
} &&
|
||||
complete -F _ctctl ctctl
|
||||
|
||||
|
|
40
ctctl
40
ctctl
|
@ -52,7 +52,6 @@ load_config(){
|
|||
source ~/.ctctl/${CTCTL_DOMAIN}/ctctl.local.conf
|
||||
set +o allexport
|
||||
fi
|
||||
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -71,8 +70,8 @@ switch_env(){
|
|||
kill -INT $$
|
||||
fi
|
||||
|
||||
# Clean any variable
|
||||
for VAR in $(printenv | perl -ne '/^((CTCTL|CONSUL|VAULT|NOMAD)_[^=]+)=.*/ && print "$1\n"'); do
|
||||
# Clear any variable
|
||||
for VAR in $(printenv | grep -E '^(CTCTL|CONSUL|VAULT|NOMAD)_.*' | sed -E 's/^([^=]+)=.*/\1/'); do
|
||||
unset ${VAR}
|
||||
done
|
||||
|
||||
|
@ -93,11 +92,9 @@ switch_env(){
|
|||
# Authenticate
|
||||
auth_env
|
||||
|
||||
local NAMESPACE_LIST=$(ls_namespace)
|
||||
|
||||
if [ -z "${TARGET_NAMESPACE}" ]; then
|
||||
if [ $(echo -n ${NAMESPACE_LIST} | wc -w) -eq 1 ]; then
|
||||
TARGET_NAMESPACE=${NAMESPACE_LIST}
|
||||
if [ $(ls_namespace | wc -w) -eq 1 ]; then
|
||||
TARGET_NAMESPACE=$(ls_namespace)
|
||||
else
|
||||
echo "Select the namespace you are working in"
|
||||
TARGET_NAMESPACE=$(ls_namespace | ${FZF_CMD})
|
||||
|
@ -112,9 +109,19 @@ switch_env(){
|
|||
|
||||
# Check if we have a valid token for vault
|
||||
check_vault_token(){
|
||||
vault read auth/token/lookup-self > /dev/null 2>&1
|
||||
if [ $? == 0 ]; then
|
||||
vault token lookup > /dev/null 2>&1
|
||||
if vault token lookup > /dev/null 2>&1; then
|
||||
echo 1
|
||||
elif [ -n "${VAULT_TOKEN:-}" -a -e ~/.vault-token ]; then
|
||||
# If VAULT_TOKEN is defined, unset it and try again. This is because we might
|
||||
# have a valid token in ~/.vault-token but an expired token is set in VAULT_TOKEN
|
||||
# and is taking precedence
|
||||
export VAULT_TOKEN=$(cat ~/.vault-token)
|
||||
if vault token lookup > /dev/null 2>&1; then
|
||||
echo 1
|
||||
else
|
||||
echo 0
|
||||
fi
|
||||
else
|
||||
echo 0
|
||||
fi
|
||||
|
@ -163,7 +170,7 @@ auth_env(){
|
|||
echo "Your vault token is valid"
|
||||
vault token renew > /dev/null 2>&1
|
||||
fi
|
||||
VAULT_TOKEN_INFO=$(vault read -format=json auth/token/lookup-self)
|
||||
VAULT_TOKEN_INFO=$(vault token lookup -format=json)
|
||||
# TODO make the role selection more generic
|
||||
if [ "$(echo $VAULT_TOKEN_INFO | jq '.data.policies | any(. == "admin-policy" or .== "admin")')" == "true" ]; then
|
||||
NOMAD_ROLE=admin
|
||||
|
@ -192,7 +199,7 @@ auth_env(){
|
|||
# Check if we have a valid nomad token already
|
||||
if [ "$(check_nomad_token)" != "1" ]; then
|
||||
echo "Fecthing a Nomad token from vault"
|
||||
NOMAD_CREDS=$(vault read -format=json nomad/creds/${NOMAD_ROLE})
|
||||
NOMAD_CREDS=$(vault read -format=json ${VAULT_PREFIX:-}nomad/creds/${NOMAD_ROLE})
|
||||
export NOMAD_TOKEN=$(echo -n ${NOMAD_CREDS} | jq -r .data.secret_id)
|
||||
export NOMAD_LEASE=$(echo -n ${NOMAD_CREDS} | jq -r .lease_id)
|
||||
unset NOMAD_CREDS
|
||||
|
@ -203,7 +210,7 @@ auth_env(){
|
|||
# Check if we have a valid consul token already
|
||||
if [ "$(check_consul_token)" != "1" ]; then
|
||||
echo "Fetching a Consul token from vault"
|
||||
CONSUL_CREDS=$(vault read -format=json consul/creds/${CONSUL_ROLE})
|
||||
CONSUL_CREDS=$(vault read -format=json ${VAULT_PREFIX:-}consul/creds/${CONSUL_ROLE})
|
||||
export CONSUL_HTTP_TOKEN=$(echo -n ${CONSUL_CREDS} | jq -r .data.token)
|
||||
export CONSUL_LEASE=$(echo -n ${CONSUL_CREDS} | jq -r .lease_id)
|
||||
unset CONSUL_CREDS
|
||||
|
@ -250,7 +257,7 @@ ls_namespace(){
|
|||
ls_build_docker_images(){
|
||||
(for JOB in $(find . -maxdepth 1 \( -name \*.nomad -o -name \*.nomad.hcl \)); do
|
||||
nomad run -output $JOB | jq '.Job.TaskGroups' | jq '.[] | .Tasks' | jq -r '.[] | .Config.image' 2>/dev/null
|
||||
done) | grep -E "${DOCKER_BUILD_REPO_REGEX:-docker-repo.ehtrace.com}" | sort -u
|
||||
done) | grep -E "${CTCTL_DOCKER_BUILD_REPO_REGEX:-docker-repo.ehtrace.com}" | sort -u
|
||||
}
|
||||
|
||||
# Load policies for vault, Consul and Nomad
|
||||
|
@ -419,7 +426,8 @@ render_templates(){
|
|||
FILE=$(basename ${TEMPLATE} .tpl)
|
||||
DEST=${DIR}/${FILE}
|
||||
echo "Rendering ${TEMPLATE} into ${DEST}"
|
||||
levant render -var-file ${MERGED_CONF} -log-level=WARN ${TEMPLATE} > ${DEST}
|
||||
# Note: render twice, so included templates get rendered too
|
||||
levant render -var-file ${MERGED_CONF} -log-level=WARN <(levant render -var-file ${MERGED_CONF} -log-level=WARN ${TEMPLATE}) > ${DEST}
|
||||
nomad fmt ${DEST}
|
||||
done
|
||||
|
||||
|
@ -559,6 +567,10 @@ case $1 in
|
|||
ls_env
|
||||
renew_leases
|
||||
;;
|
||||
render)
|
||||
render_templates
|
||||
renew_leases
|
||||
;;
|
||||
prep)
|
||||
render_templates
|
||||
load_policies
|
||||
|
|
|
@ -8,9 +8,15 @@
|
|||
# export EHT_MAVEN_PWD=$(vault kv get -field=pwd kv/admin/maven)
|
||||
# export CTCTL_DOCKER_BUILD_OPTS="--secret id=EHT_MAVEN_PWD"
|
||||
|
||||
# VAULT_AUTH_CONFIG define options for vault login, for example
|
||||
# CTCTL_DOCKER_BUILD_REPO_REGEX defines a regex against which docker image will be compared
|
||||
# and if it matches, images will be built and pushed to it during prep/build/build-no-cache
|
||||
|
||||
# VAULT_AUTH_CONFIG defines options for vault login, for example
|
||||
# VAULT_AUTH_CONFIG="-method=approle role_id=XXXXXX secret_id=YYYYY"
|
||||
|
||||
# VAULT_PREFIX defines a prefix to prepend to all vault paths
|
||||
# VAULT_PREFIX="prd/"
|
||||
|
||||
# If using Loki, you can configure access to it
|
||||
# LOKI_ADDR=https://loki.domain.tld
|
||||
# LOKI_USER=loki
|
||||
|
|
Loading…
Reference in New Issue