Commit 9a3ff915 authored by atj's avatar atj
Browse files

Persist credentials through .profile instead of one off files

parent dd0782ea
Pipeline #11542 failed with stages
......@@ -5,10 +5,6 @@ set -x
# OpenStack credentials will be sourced by the gitlab runners
# Destroy any existing builder if one exists
./tear-down-queue.sh --no_source
./destroy-builder-image.sh --no_source
# Get script directory
SCRIPT_DIR=$(dirname $0)
......@@ -72,18 +68,13 @@ ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo bash -s' < $
echo "Provisioning the builder"
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo bash -s' < ${SCRIPT_DIR}/provision-builder.sh
# Copy Gitlab docker registry read only access token to VM and then move to correct directory
# Copy Dockerhub registry read only token to VM and then move to correct directory
# This credentials are available as files on the container-recipes created "kitchen" host
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} /gitlab-username cades@${VM_IP}:/home/cades/gitlab-username
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} /gitlab-readonly-token cades@${VM_IP}:/home/cades/gitlab-readonly-token
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} /dockerhub-readonly-username cades@${VM_IP}:/home/cades/dockerhub-readonly-username
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} /gitlab-readonly-token cades@${VM_IP}:/home/cades/gitlab-readonly-token
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/gitlab-username /home/builder'
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/gitlab-readonly-token /home/builder'
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/dockerhub-readonly-username /home/builder'
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/gitlab-readonly-token /home/builder'
# Copy readonly credentials to the builder, these variables must be set in the gitlab runner that's running this script
echo ${GITLAB_USERNAME} > ./builder_profile
echo ${GITLAB_READONLY_TOKEN} >> ./builder_profile
echo ${DOCKERHUB_READONLY_USERNAME} >> ./builder_profile
echo ${DOCKERHUB_READONLY_TOKEN} >> ./builder_profile
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} ./builder_profile cades@${VM_IP}:/home/cades/builder_profile
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/builder_profile /home/builder/.profile'
echo "Reboot the server to ensure its in a clean state before creating the snapshot"
openstack server reboot --wait ${VM_UUID}
......
#!/bin/bash
# OpenStack credentials
source /home/queue/openrc.sh
# General VM settings
BOOTIMG="BuilderImage"
ZONE="nova"
......
......@@ -3,9 +3,6 @@
set -e
set -o xtrace
export OS_CACERT=`pwd`/OpenStack.cer
echo "using OS_CACERT="${OS_CACERT}
# Get script directory
SCRIPT_DIR=$(pwd)
......@@ -52,10 +49,10 @@ ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo bash -s' < $
# Copy OpenStack credentials to VM and then move to correct directory
# These credentials are available as environment variables to the runners
unset OS_CACERT
printenv | grep ^OS_ > ${SCRIPT_DIR}/openrc.sh # "Reconstruct" openrc.sh
awk '{print "export "$0}' ${SCRIPT_DIR}/openrc.sh > tmp_awk && mv tmp_awk ${SCRIPT_DIR}/openrc.sh
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} ${SCRIPT_DIR}/openrc.sh cades@${VM_IP}:/home/cades/openrc.sh
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/openrc.sh /home/queue/openrc.sh'
printenv | grep ^OS_ > ./queue_profile # "Reconstruct" openrc.sh
awk '{print "export "$0}' ./queue_profile > tmp_awk && mv tmp_awk ./queue_profile
scp -o StrictHostKeyChecking=no -i ${KEY_FILE} ./queue_profile cades@${VM_IP}:/home/cades/queue_profile
ssh -o StrictHostKeyChecking=no -i ${KEY_FILE} cades@${VM_IP} 'sudo mv /home/cades/queue_profile /home/queue/.profile'
# Reboot to ensure Queue service, added in provisioning, is started
export OS_CACERT=`pwd`/OpenStack.cer
......
......@@ -6,11 +6,6 @@ set -o xtrace
# Get script directory
SCRIPT_DIR=$(dirname $0)
# OpenStack credentials
if [ "$1" != "--no_source" ]; then
source ${SCRIPT_DIR}/openrc.sh
fi
# Delete any builders up and running
openstack server list -f value --name Builder -c ID | while read ID; do
echo "Deleting server ${ID}"
......
#!/bin/bash
# OpenStack credentials
source /home/queue/openrc.sh
openstack server delete --wait $1
\ No newline at end of file
......@@ -3,11 +3,6 @@
# Get script directory
SCRIPT_DIR=$(dirname $0)
# OpenStack credentials
if [ "$1" != "--no_source" ]; then
source ${SCRIPT_DIR}/openrc.sh
fi
# Delete VMs
openstack server list -f value --name BuilderQueue -c ID | while read ID; do
echo "Deleting server ${ID}"
......
......@@ -7,5 +7,7 @@ set -o xtrace
mkdir artifacts
cd Scripts
./destroy-queue.sh
./destroy-builder-image.sh
./create-builder-image.sh
./bring-up-queue.sh
\ No newline at end of file
./create-queue.sh
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment