This repository has been archived on 2020-05-07. You can view files and clone it, but cannot push or open issues or pull requests.
dokku-ansible-deploy/functions
2020-04-13 14:11:23 +02:00

231 lines
7.0 KiB
Bash
Executable File

#!/usr/bin/env bash
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
# shellcheck disable=SC1090
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
dokku-ansible-deploy-validate-dependencies() {
# shellcheck disable=SC2034
declare desc="check that plugin dependencies are available"
declare ANSIBLE_DIR="$DOKKU_ROOT/.ansible/"
if ! command -v "ansible-playbook" &>/dev/null; then
dokku_col_log_info1_quiet "Missing ansible dependency, run dokku plugin:install-dependencies"
exit 1
fi
if [[ ! -d $ANSIBLE_DIR ]]; then
dokku_col_log_info1_quiet "Missing $ANSIBLE_DIR, run dokku plugin:install-dependencies"
exit 0
fi
}
dokku-ansible-deploy-deploy-d-create() {
# shellcheck disable=SC2034
declare desc="create a system level deploy.d directory"
if [[ ! -d "$DOKKU_LIB_ROOT/data/deploy.d" ]]; then
dokku_col_log_info1_quiet "Creating $DOKKU_LIB_ROOT/data/deploy.d"
mkdir -p "$DOKKU_LIB_ROOT/data/deploy.d"
fi
}
dokku-ansible-deploy-vault-pass-cmd() {
# shellcheck disable=SC2034
declare desc="add new app vault password for decryption of passwords"
declare APP="$2"
declare VAULT_FILE="$DOKKU_LIB_ROOT/data/deploy.d/$APP/.vault.sh"
if [[ ! -n "$APP" ]]; then
dokku_col_log_info1_quiet "missing app name, try 'dokku ansible-deploy:vault-pass myappname'"
exit 1
fi
if [[ -f $VAULT_FILE ]]; then
dokku_col_log_info1_quiet "Vault password already setup for $APP"
exit 0
fi
# shellcheck disable=SC2162 disable=SC2116 disable=SC2006
read -sp "Please enter your vault password for $APP: `echo $'\n> '`" VAULT_PASSWD; echo
if [[ ! -d "$DOKKU_LIB_ROOT/data/deploy.d/$APP" ]]; then
dokku_col_log_info1_quiet "Creating $DOKKU_LIB_ROOT/data/deploy.d/$APP"
mkdir -p "$DOKKU_LIB_ROOT/data/deploy.d/$APP"
fi
{ echo "#!/bin/bash";
echo "";
echo "set -eu -o pipefail";
echo "";
echo "echo \"$VAULT_PASSWD\""; } > "$VAULT_FILE"
chmod +x "$VAULT_FILE"
dokku_col_log_info1_quiet "Generated $VAULT_FILE for $APP"
}
dokku-ansible-deploy-sudo-pass-cmd() {
# shellcheck disable=SC2034
declare desc="add new dokku user sudo password for sudo escalation"
dokku-ansible-deploy-deploy-d-create
declare VARS_FILE="$DOKKU_LIB_ROOT/data/deploy.d/vars.yml"
# shellcheck disable=SC2162 disable=SC2116 disable=SC2006
read -sp "Please enter your Dokku system user sudo password: `echo $'\n> '`" SUDO_PASSWD; echo
{ echo "---";
echo "ansible_become_password: \"$SUDO_PASSWD\""; } > "$VARS_FILE"
dokku_col_log_info1_quiet "Generated $VARS_FILE"
}
dokku-ansible-deploy-dependencies() {
# shellcheck disable=SC2034
declare desc="install plugin dependencies"
declare DEPENDENCIES="ansible python3 python3-dev python3-ruamel.yaml"
declare REQUIREMENTS="$PLUGIN_AVAILABLE_PATH/ansible-deploy/deps/requirements.yml"
dokku_col_log_info1_quiet "Ensuring the following packages are installed: $DEPENDENCIES"
export DEBIAN_FRONTEND=noninteractive
# shellcheck disable=SC2086
apt update && apt install -y $DEPENDENCIES
dokku_col_log_info1_quiet "Installing Ansible requirements"
ansible-galaxy install --role-file "$REQUIREMENTS" --force
dokku_col_log_info1_quiet "Copying Ansible library modules into place"
# shellcheck disable=SC2086
mkdir -p $DOKKU_ROOT/.ansible/{roles,plugins/modules}
# shellcheck disable=SC2086
cp -R $DOKKU_ROOT/.ansible/roles/*/library/* $DOKKU_ROOT/.ansible/plugins/modules
}
dokku-ansible-deploy-post-extract() {
# shellcheck disable=SC2034
declare desc="run the post-extract hook to setup the plugin"
dokku-ansible-deploy-validate-dependencies
declare APP="$1" TMPDIR="$2"
if [[ -d "$TMPDIR/deploy.d" ]] && [[ "$(ls -A "$TMPDIR/deploy.d")" ]]; then
mkdir -p "$DOKKU_LIB_ROOT/data/deploy.d/$APP"
cp -r "$TMPDIR/deploy.d/." "$DOKKU_LIB_ROOT/data/deploy.d/$APP"
dokku_col_log_info1_quiet "Copied deploy.d files into place"
if [[ -d "$TMPDIR/deploy.d/vault" ]]; then
if [[ ! -f "$DOKKU_LIB_ROOT/data/deploy.d/$APP/.vault.sh" ]]; then
dokku_col_log_info1_quiet "Vault directory discovered but missing vault password"
dokku_col_log_info1_quiet "Please run dokku ansible-deploy:vault-password $APP"
exit 1
fi
fi
fi
}
dokku-ansible-deploy-pre-deploy() {
# shellcheck disable=SC2034
declare desc="run the pre-deploy hook to setup an app"
dokku-ansible-deploy-validate-dependencies
declare APP="$1"
declare APP_DIR="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
declare VAULT_FILE="$APP_DIR/.vault.sh"
declare PRE_DEPLOY="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/plays/pre_deploy.yml"
dokku_col_log_info1_quiet "Running pre-deploy steps"
# shellcheck disable=SC2155
local CMD_ARGS="--inventory $(hostname), --connection local"
if [[ -f $VAULT_FILE ]]; then
dokku_col_log_info1_quiet "$APP vault password file $VAULT_FILE discovered"
CMD_ARGS="${CMD_ARGS} --vault-password-file $VAULT_FILE"
fi
dokku_col_log_info1_quiet "Running $PRE_DEPLOY"
# shellcheck disable=SC2086
ansible-playbook \
--extra-vars "app=$APP" \
--extra-vars "dokku_lib_root=$DOKKU_LIB_ROOT" \
--extra-vars "app_config_root=$APP_DIR" \
$CMD_ARGS \
$POST_DELETE
}
dokku-ansible-deploy-post-deploy() {
# shellcheck disable=SC2034
declare desc="run the post-deploy hook to finish an app setup"
dokku-ansible-deploy-validate-dependencies
declare APP="$1"
declare APP_DIR="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
declare VAULT_FILE="$APP_DIR/.vault.sh"
declare POST_DEPLOY="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/plays/post_deploy.yml"
dokku_col_log_info1_quiet "Running post-deploy steps"
# shellcheck disable=SC2155
local CMD_ARGS="--inventory $(hostname), --connection local"
if [[ -f $VAULT_FILE ]]; then
dokku_col_log_info1_quiet "$APP vault password file $VAULT_FILE discovered"
CMD_ARGS="${CMD_ARGS} --vault-password-file $VAULT_FILE"
fi
dokku_col_log_info1_quiet "Running $POST_DEPLOY"
# shellcheck disable=SC2086
ansible-playbook \
--extra-vars "app=$APP" \
--extra-vars "dokku_lib_root=$DOKKU_LIB_ROOT" \
--extra-vars "app_config_root=$APP_DIR" \
$CMD_ARGS \
$POST_DELETE
}
dokku-ansible-deploy-post-delete() {
# shellcheck disable=SC2034
declare desc="run the post-delete hook to remove an app"
dokku-ansible-deploy-validate-dependencies
declare APP="$1"
declare APP_DIR="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
declare VAULT_FILE="$APP_DIR/.vault.sh"
declare POST_DELETE="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/plays/post_delete.yml"
dokku_col_log_info1_quiet "Running post-delete steps"
# shellcheck disable=SC2155
local CMD_ARGS="--inventory $(hostname), --connection local"
if [[ -f $VAULT_FILE ]]; then
dokku_col_log_info1_quiet "$APP vault password file $VAULT_FILE discovered"
CMD_ARGS="${CMD_ARGS} --vault-password-file $VAULT_FILE"
fi
dokku_col_log_info1_quiet "Running $POST_DELETE"
# shellcheck disable=SC2086
ansible-playbook \
--extra-vars "app=$APP" \
--extra-vars "dokku_lib_root=$DOKKU_LIB_ROOT" \
--extra-vars "app_config_root=$APP_DIR" \
$CMD_ARGS \
$POST_DELETE
}