blob: 88c86bc362378aa5961f8bd69d4bcac978c7d407 [file] [log] [blame]
#!/bin/sh
# COPYRIGHT NOTICE STARTS HERE
# Copyright 2018 © Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# COPYRIGHT NOTICE ENDS HERE
set -e
script_path=$(readlink -f "$0")
script_name=$(basename "$script_path")
ANSIBLE_DIR=$(dirname "$script_path")
ANSIBLE_CHROOT="${ANSIBLE_DIR}/ansible_chroot"
#
# functions
#
help()
{
echo "
NAME:
${script_name} - wrapper for ansible-playbook command
DESCRIPTION:
Run ansible playbook (or other command if it is there) inside a docker
container or a chroot environment.
By default the chroot is used because it has less dependencies and no
service needs to be run (provided that chroot command is installed).
Docker support is kept for compatibility reasons.
To run ansible docker image you must set environment variable:
ANSIBLE_DOCKER_IMAGE
So this wrapper can know by which name you have built the included
Dockerfile and also to trigger this different behaviour.
For example:
ANSIBLE_DOCKER_IMAGE=ansible
USAGE:
./${script_name}
This help
./${script_name} <args>
Run ansible-playbook command inside a chroot
ANSIBLE_DOCKER_IMAGE=<docker-image> ./${script_name} <args>
Run ansible-playbook command inside a docker container
REQUIREMENTS:
For the optimal usage your system should support overlay mount. Which
should be available on any recent kernel at least couple of years back.
Another requirement is the 'unshare' utility which is part of 'util-linux'
package and also is part of system for couple of years already.
The last is 'chroot' command itself and that is also part of system
basically everywhere.
"
}
#
# run playbook
#
# if no arg then print help and exit
if [ -z "$1" ] ; then
help
exit 0
fi
# we must be root
if [ "$(id -u)" -ne 0 ] ; then
echo ERROR: "I need root privileges and you are not root: $(id -nu)" >&2
exit 1
fi
# if env var is set then run in docker
if [ -n "$ANSIBLE_DOCKER_IMAGE" ] ; then
exec docker run --rm \
-v "${HOME}"/.ssh:/root/.ssh:rw \
-v "$ANSIBLE_DIR:/ansible:ro" \
-v "$ANSIBLE_DIR/application:/ansible/application:rw" \
-v "$ANSIBLE_DIR/certs/:/certs:rw" \
-it "${ANSIBLE_DOCKER_IMAGE}" "$@"
fi
# if not already there then unpack chroot
if ! [ -d "$ANSIBLE_CHROOT" ] ; then
if ! [ -f "$ANSIBLE_DIR"/docker/ansible_chroot.tgz ] ; then
echo ERROR: "Missing chroot archive: ${ANSIBLE_DIR}/ansible_chroot.tgz" >&2
exit 1
fi
echo INFO: "Unpacking chroot tar into: ${ANSIBLE_CHROOT}" >&2
if ! tar -C "$ANSIBLE_DIR" -xzf "$ANSIBLE_DIR"/docker/ansible_chroot.tgz ; then
echo ERROR: "Unpacking failed - ABORT" >&2
exit 1
fi
fi
# run chroot
mkdir -p "$ANSIBLE_DIR"/application
mkdir -p "$ANSIBLE_DIR"/certs
"$ANSIBLE_DIR"/docker/run_chroot.sh \
--mount rw:"${HOME}/.ssh":/root/.ssh \
--mount ro:"$ANSIBLE_DIR":/ansible \
--mount rw:"$ANSIBLE_DIR"/application:/ansible/application \
--mount rw:"$ANSIBLE_DIR"/certs:/certs \
--workdir /ansible \
execute "$ANSIBLE_CHROOT" ansible-playbook "$@"
exit 0