blob: d0ffd9904d4dd4c84b3b1c3917b57507b434df59 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/bin/bash
#
# This file sets up the user to run in the GCP environment.
# It provides dynamic inventory that works well when run in
# a container environment by setting up a default inventory.
# It assumes the user has provided a GCP service account token
# and ssh-privatekey file at "$(pwd)/inventory/dynamic/injected"
# and automatically links any YAML files found into the group
# vars directory, which allows the playbook to more easily be
# run in containerized contexts.
WORK=$(pwd)
FILES="${WORK}/inventory/dynamic/injected"
# Patch /etc/passwd file with the current user info.
# The current user's entry must be correctly defined in this file in order for
# the `ssh` command to work within the created container.
if ! whoami &>/dev/null; then
echo "${USER:-default}:x:$(id -u):$(id -g):Default User:$HOME:/sbin/nologin" >> /etc/passwd
fi
# Provide a "files_dir" variable that points to inventory/dynamic/injected
echo "files_dir: \"${FILES}\"" > "${WORK}/inventory/dynamic/gcp/group_vars/all/00_default_files_dir.yml"
# Add any injected variable files into the group vars directory
find "${FILES}" -name '*.yml' -or -name '*.yaml' -or -name vars | xargs -L1 -I {} ln -fs {} "${WORK}/inventory/dynamic/gcp/group_vars/all"
# Avoid sudo when running locally - nothing in the image requires it.
mkdir -p "${WORK}/inventory/dynamic/gcp/host_vars/localhost"
echo "ansible_become: no" > "${WORK}/inventory/dynamic/gcp/host_vars/localhost/00_skip_root.yaml"
if [[ -z "${ANSIBLE_CONFIG-}" ]]; then
export ANSIBLE_CONFIG="${WORK}/inventory/dynamic/gcp/ansible.cfg"
fi
# SSH requires the file to be owned by the current user, but Docker copies
# files in as root. Put the file into the ssh dir with the right permissions
if [[ -f "${FILES}/ssh-privatekey" ]]; then
keyfile="${HOME}/.ssh/google_compute_engine"
mkdir "${HOME}/.ssh"
rm -f "${keyfile}"
cat "${FILES}/ssh-privatekey" > "${keyfile}"
chmod 0600 "${keyfile}"
ssh-keygen -y -f "${keyfile}" > "${keyfile}.pub"
fi
if [[ -f "${FILES}/gce.json" ]]; then
gcloud auth activate-service-account --key-file="${FILES}/gce.json"
else
echo "No service account file found at ${FILES}/gce.json, bypassing login"
fi
exec "$@"
|
