From 949f4eacd2aa47833e1283de284aaed1c7ce91fe Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Thu, 21 Dec 2017 03:14:04 -0500 Subject: Move origin-gce roles and playbooks into openshift-ansible This moves all core functionality into the openshift-ansible repo, adds the necessary equivalent entrypoint to the openshift-ansible installer image, and ensures the dynamic inventory mechanisms in openshift-ansible continue to work. Notable changes from origin-gce: * playbook extensions changed to .yml * dynamic inventory subdirectory created to prevent accidental use * use the custom entrypoint entrypoint-gcp for this image * move tasks into openshift_gcp role --- images/installer/root/usr/local/bin/entrypoint-gcp | 51 ++++++++++++++++++++++ images/installer/root/usr/local/bin/user_setup | 2 + 2 files changed, 53 insertions(+) create mode 100755 images/installer/root/usr/local/bin/entrypoint-gcp (limited to 'images/installer/root') diff --git a/images/installer/root/usr/local/bin/entrypoint-gcp b/images/installer/root/usr/local/bin/entrypoint-gcp new file mode 100755 index 000000000..d0ffd9904 --- /dev/null +++ b/images/installer/root/usr/local/bin/entrypoint-gcp @@ -0,0 +1,51 @@ +#!/bin/bash +# +# This file sets up the user to run in the GCP environment. +# It provides dynamic inventory that works well when run in +# a container environment by setting up a default inventory. +# It assumes the user has provided a GCP service account token +# and ssh-privatekey file at "$(pwd)/inventory/dynamic/injected" +# and automatically links any YAML files found into the group +# vars directory, which allows the playbook to more easily be +# run in containerized contexts. + +WORK=$(pwd) +FILES="${WORK}/inventory/dynamic/injected" + +# Patch /etc/passwd file with the current user info. +# The current user's entry must be correctly defined in this file in order for +# the `ssh` command to work within the created container. + +if ! whoami &>/dev/null; then + echo "${USER:-default}:x:$(id -u):$(id -g):Default User:$HOME:/sbin/nologin" >> /etc/passwd +fi + +# Provide a "files_dir" variable that points to inventory/dynamic/injected +echo "files_dir: \"${FILES}\"" > "${WORK}/inventory/dynamic/gcp/group_vars/all/00_default_files_dir.yml" +# Add any injected variable files into the group vars directory +find "${FILES}" -name '*.yml' -or -name '*.yaml' -or -name vars | xargs -L1 -I {} ln -fs {} "${WORK}/inventory/dynamic/gcp/group_vars/all" +# Avoid sudo when running locally - nothing in the image requires it. +mkdir -p "${WORK}/inventory/dynamic/gcp/host_vars/localhost" +echo "ansible_become: no" > "${WORK}/inventory/dynamic/gcp/host_vars/localhost/00_skip_root.yaml" + +if [[ -z "${ANSIBLE_CONFIG-}" ]]; then + export ANSIBLE_CONFIG="${WORK}/inventory/dynamic/gcp/ansible.cfg" +fi + +# SSH requires the file to be owned by the current user, but Docker copies +# files in as root. Put the file into the ssh dir with the right permissions +if [[ -f "${FILES}/ssh-privatekey" ]]; then + keyfile="${HOME}/.ssh/google_compute_engine" + mkdir "${HOME}/.ssh" + rm -f "${keyfile}" + cat "${FILES}/ssh-privatekey" > "${keyfile}" + chmod 0600 "${keyfile}" + ssh-keygen -y -f "${keyfile}" > "${keyfile}.pub" +fi +if [[ -f "${FILES}/gce.json" ]]; then + gcloud auth activate-service-account --key-file="${FILES}/gce.json" +else + echo "No service account file found at ${FILES}/gce.json, bypassing login" +fi + +exec "$@" \ No newline at end of file diff --git a/images/installer/root/usr/local/bin/user_setup b/images/installer/root/usr/local/bin/user_setup index b76e60a4d..dba0af3e4 100755 --- a/images/installer/root/usr/local/bin/user_setup +++ b/images/installer/root/usr/local/bin/user_setup @@ -12,6 +12,8 @@ chmod g+rw /etc/passwd # ensure that the ansible content is accessible chmod -R g+r ${WORK_DIR} find ${WORK_DIR} -type d -exec chmod g+x {} + +# ensure that the dynamic inventory dir can have content created +find ${WORK_DIR} -type d -exec chmod g+wx {} + # no need for this script to remain in the image after running rm $0 -- cgit v1.2.3