From 22c703948bcb2224cbfd8022d5a74c3f43ebf276 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20Ospal=C3=BD?= Date: Wed, 19 Dec 2018 15:07:22 +0100 Subject: [PATCH] Add the wrapper for running the ansible MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This script can run ansible playbook inside the docker container or (default) in the chroot environment. Change-Id: I713d6d76a4e20fc365a0ac7f47482004608354f6 Issue-ID: OOM-1551 Signed-off-by: Petr Ospalý --- ansible/run_playbook.sh | 132 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100755 ansible/run_playbook.sh diff --git a/ansible/run_playbook.sh b/ansible/run_playbook.sh new file mode 100755 index 00000000..88c86bc3 --- /dev/null +++ b/ansible/run_playbook.sh @@ -0,0 +1,132 @@ +#!/bin/sh + +# COPYRIGHT NOTICE STARTS HERE + +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# COPYRIGHT NOTICE ENDS HERE + + +set -e + +script_path=$(readlink -f "$0") +script_name=$(basename "$script_path") +ANSIBLE_DIR=$(dirname "$script_path") +ANSIBLE_CHROOT="${ANSIBLE_DIR}/ansible_chroot" + + +# +# functions +# + +help() +{ + echo " +NAME: + ${script_name} - wrapper for ansible-playbook command + +DESCRIPTION: + Run ansible playbook (or other command if it is there) inside a docker + container or a chroot environment. + + By default the chroot is used because it has less dependencies and no + service needs to be run (provided that chroot command is installed). + + Docker support is kept for compatibility reasons. + + To run ansible docker image you must set environment variable: + ANSIBLE_DOCKER_IMAGE + + So this wrapper can know by which name you have built the included + Dockerfile and also to trigger this different behaviour. + + For example: + ANSIBLE_DOCKER_IMAGE=ansible + +USAGE: + ./${script_name} + This help + + ./${script_name} + Run ansible-playbook command inside a chroot + + ANSIBLE_DOCKER_IMAGE= ./${script_name} + Run ansible-playbook command inside a docker container + +REQUIREMENTS: + For the optimal usage your system should support overlay mount. Which + should be available on any recent kernel at least couple of years back. + + Another requirement is the 'unshare' utility which is part of 'util-linux' + package and also is part of system for couple of years already. + + The last is 'chroot' command itself and that is also part of system + basically everywhere. +" +} + + +# +# run playbook +# + +# if no arg then print help and exit +if [ -z "$1" ] ; then + help + exit 0 +fi + +# we must be root +if [ "$(id -u)" -ne 0 ] ; then + echo ERROR: "I need root privileges and you are not root: $(id -nu)" >&2 + exit 1 +fi + +# if env var is set then run in docker +if [ -n "$ANSIBLE_DOCKER_IMAGE" ] ; then + exec docker run --rm \ + -v "${HOME}"/.ssh:/root/.ssh:rw \ + -v "$ANSIBLE_DIR:/ansible:ro" \ + -v "$ANSIBLE_DIR/application:/ansible/application:rw" \ + -v "$ANSIBLE_DIR/certs/:/certs:rw" \ + -it "${ANSIBLE_DOCKER_IMAGE}" "$@" +fi + +# if not already there then unpack chroot +if ! [ -d "$ANSIBLE_CHROOT" ] ; then + if ! [ -f "$ANSIBLE_DIR"/docker/ansible_chroot.tgz ] ; then + echo ERROR: "Missing chroot archive: ${ANSIBLE_DIR}/ansible_chroot.tgz" >&2 + exit 1 + fi + + echo INFO: "Unpacking chroot tar into: ${ANSIBLE_CHROOT}" >&2 + if ! tar -C "$ANSIBLE_DIR" -xzf "$ANSIBLE_DIR"/docker/ansible_chroot.tgz ; then + echo ERROR: "Unpacking failed - ABORT" >&2 + exit 1 + fi +fi + +# run chroot +mkdir -p "$ANSIBLE_DIR"/application +mkdir -p "$ANSIBLE_DIR"/certs +"$ANSIBLE_DIR"/docker/run_chroot.sh \ + --mount rw:"${HOME}/.ssh":/root/.ssh \ + --mount ro:"$ANSIBLE_DIR":/ansible \ + --mount rw:"$ANSIBLE_DIR"/application:/ansible/application \ + --mount rw:"$ANSIBLE_DIR"/certs:/certs \ + --workdir /ansible \ + execute "$ANSIBLE_CHROOT" ansible-playbook "$@" + +exit 0 -- 2.16.6