forked from azimuth-cloud/azimuth-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathseed-ssh
executable file
·95 lines (81 loc) · 2.98 KB
/
seed-ssh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/env bash
#####
## This script SSHs to the Terraform-provisioned seed node by querying the Terraform state for
## connection details
#####
set -eo pipefail
if [ -z "$AZIMUTH_CONFIG_ROOT" ] || [ -z "$AZIMUTH_CONFIG_ENVIRONMENT_ROOT" ]; then
echo "Please activate an environment" >&2
exit 1
fi
ansible_variable() {
ANSIBLE_LOAD_CALLBACK_PLUGINS=true \
ANSIBLE_STDOUT_CALLBACK=json \
ANSIBLE_JSON_INDENT=0 \
ansible -m debug -a "var=$1" all | \
jq -r -R "fromjson? | .plays[0].tasks[0].hosts.localhost.$1"
}
# Add the Terraform binary directory to the PATH, so we can use it if it was
# downloaded as part of a provision
# If not, we need Terraform to be available
terraform_binary_directory="$(ansible_variable terraform_binary_directory)"
export PATH="$terraform_binary_directory:$PATH"
# If tofu is available in the path, use that
if which tofu >/dev/null; then
terraform_binary_path="$(which tofu)"
elif which terraform >/dev/null; then
echo "OpenTofu is not installed - falling back to Terraform" >&2
echo "This may cause issues, especially when downloading providers" >&2
terraform_binary_path="$(which terraform)"
else
echo "Unable to find OpenTofu or Terraform" >&2
exit 1
fi
# Make a working directory for seed-ssh related stuff
work_dir="$(ansible_variable work_directory)/seed-ssh"
mkdir -p "$work_dir"
# Initialise the OpenTofu backend
terraform_backend_type="$(ansible_variable terraform_backend_type)"
if [ "$terraform_backend_type" = "local" ]; then
# If the OpenTofu backend is local, that means the provisioning is run on the current host
# Hence there should be a pre-existing Terraform project directory we can point at
terraform_dir="$(ansible_variable terraform_project_path)"
else
# If the OpenTofu backend type is something other than local, make an OpenTofu project
# directory containing a backend configuration that specifies the type and config
terraform_dir="$work_dir"
cat <<EOF > "$terraform_dir/backend.tf"
terraform {
backend "${terraform_backend_type}" {}
}
EOF
ansible_variable terraform_backend_config > "$terraform_dir/backend_config.json"
$terraform_binary_path \
-chdir="$terraform_dir" \
init \
-input=false \
-reconfigure \
-backend-config=$terraform_dir/backend_config.json
fi
# Read the required variables from the Terraform state
tfstate_file="$work_dir/tfstate"
$terraform_binary_path -chdir="$terraform_dir" state pull > "$tfstate_file"
node_ip="$(jq -r '.outputs.cluster_gateway_ip.value // ""' "$tfstate_file")"
deploy_key="$work_dir/deploy-key"
jq -r '.outputs.cluster_ssh_private_key.value // ""' "$tfstate_file" > "$deploy_key"
chmod 600 "$deploy_key"
if [ -z "$node_ip" ]; then
echo ""
echo "[ERROR] Unable to find node details in Terraform state" >&2
exit 1
fi
# Run the SSH command
exec \
ssh \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-o IdentitiesOnly=yes \
-A \
-i $deploy_key \
ubuntu@$node_ip \
"$@"