2020-09-25 10:43:54 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
set -e
|
2020-09-23 06:32:50 +00:00
|
|
|
|
2020-09-23 07:31:36 +00:00
|
|
|
PLUGIN_COMPOSE=${PLUGIN_COMPOSE:-compose.yml}
|
2020-09-23 07:38:51 +00:00
|
|
|
PLUGIN_HOST=${PLUGIN_HOST:-swarm.autonomic.zone}
|
|
|
|
|
PLUGIN_PORT=${PLUGIN_PORT:-222}
|
2020-09-25 18:03:10 +00:00
|
|
|
PLUGIN_PURGE=${PLUGIN_PURGE:-"false"}
|
2020-09-23 07:38:51 +00:00
|
|
|
PLUGIN_USER=${PLUGIN_USER:-drone}
|
2021-06-05 06:33:03 +00:00
|
|
|
PLUGIN_RM=${PLUGIN_RM:-"false"}
|
2020-09-23 06:50:38 +00:00
|
|
|
|
2020-09-27 17:57:41 +00:00
|
|
|
REMOTE_DOCKER_HOST="ssh://$PLUGIN_USER@$PLUGIN_HOST:$PLUGIN_PORT"
|
|
|
|
|
|
|
|
|
|
create_networks() {
|
2020-09-27 19:38:39 +00:00
|
|
|
echo "--- start create_networks ---"
|
2020-09-27 19:43:39 +00:00
|
|
|
IFS=',' read -ra NETWORKS <<< "$PLUGIN_NETWORKS"
|
|
|
|
|
for NETWORK in "${NETWORKS[@]}"; do
|
2020-09-27 19:51:20 +00:00
|
|
|
echo "$NETWORK"
|
2020-09-27 17:57:41 +00:00
|
|
|
docker -H "$REMOTE_DOCKER_HOST" \
|
2020-09-27 19:35:02 +00:00
|
|
|
network create --driver=overlay "$NETWORK" --scope swarm || true
|
2020-09-27 19:51:20 +00:00
|
|
|
until [ -n "$(docker -H "$REMOTE_DOCKER_HOST" network ls -f "name=$NETWORK" -q)" ]; do sleep 1; done
|
2020-09-27 17:57:41 +00:00
|
|
|
done
|
2020-09-27 19:38:39 +00:00
|
|
|
echo "--- end create_networks ---"
|
2020-09-27 17:57:41 +00:00
|
|
|
}
|
2020-09-25 18:03:10 +00:00
|
|
|
|
2020-09-25 17:26:21 +00:00
|
|
|
generate_secrets() {
|
|
|
|
|
echo "--- start secrets ---"
|
2020-09-25 17:51:30 +00:00
|
|
|
# FIXME 3wc: use the yq docker image instead; couldn't easily get it working
|
|
|
|
|
VERSION=3.4.0
|
|
|
|
|
BINARY=yq_linux_amd64
|
|
|
|
|
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O /usr/bin/yq &&\
|
|
|
|
|
chmod +x /usr/bin/yq
|
2020-09-25 18:32:04 +00:00
|
|
|
|
2023-01-21 07:34:12 +00:00
|
|
|
# shellcheck disable=SC2086
|
2023-01-21 19:02:47 +00:00
|
|
|
for COMPOSE_FILE in ${PLUGIN_COMPOSE//:/ }; do
|
|
|
|
|
for SECRET in $(yq r "$COMPOSE_FILE" 'secrets.*.name'); do
|
2023-01-21 19:07:31 +00:00
|
|
|
echo "generating $SECRET"
|
2023-01-21 19:02:47 +00:00
|
|
|
SECRET=$(eval echo "$SECRET")
|
|
|
|
|
if docker -H "$REMOTE_DOCKER_HOST" secret ls | grep -q "$SECRET"; then
|
|
|
|
|
echo "Skipping existing secret $SECRET"
|
|
|
|
|
else
|
|
|
|
|
eval "echo \"generating $SECRET\""
|
|
|
|
|
PW=$(</dev/urandom tr -dc 'A-Za-z0-9' | head -c 40; echo)
|
|
|
|
|
eval "echo \"$PW\" | docker -H \"$REMOTE_DOCKER_HOST\" secret create \"$SECRET\" -";
|
|
|
|
|
fi
|
|
|
|
|
done
|
2020-09-25 17:26:21 +00:00
|
|
|
done
|
|
|
|
|
echo "--- end secrets ---"
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-23 06:35:16 +00:00
|
|
|
load_deploy_key() {
|
2020-09-25 18:03:22 +00:00
|
|
|
echo "--- start ssh key load ---"
|
2020-09-23 07:24:15 +00:00
|
|
|
mkdir -p "$HOME/.ssh/"
|
2020-09-23 07:31:36 +00:00
|
|
|
ssh-keyscan -p "$PLUGIN_PORT" "$PLUGIN_HOST" > "$HOME/.ssh/known_hosts"
|
2020-09-23 07:24:15 +00:00
|
|
|
|
2023-04-17 01:49:27 +00:00
|
|
|
cat << EOF > "$HOME/.ssh/config"
|
|
|
|
|
Host *
|
2023-04-17 02:01:31 +00:00
|
|
|
HostKeyAlgorithms=+ssh-dss
|
2023-04-17 01:49:27 +00:00
|
|
|
EOF
|
|
|
|
|
|
2020-09-25 10:44:00 +00:00
|
|
|
# shellcheck disable=SC2046,SC2006
|
2020-09-23 07:24:15 +00:00
|
|
|
eval `ssh-agent`
|
2020-09-23 07:00:55 +00:00
|
|
|
echo "$PLUGIN_DEPLOY_KEY" | ssh-add -
|
2020-09-25 18:03:22 +00:00
|
|
|
echo "--- end ssh key load ---"
|
2020-09-23 06:32:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-09-25 18:04:36 +00:00
|
|
|
output_versions(){
|
|
|
|
|
echo "--- start versions"
|
2020-09-23 07:21:21 +00:00
|
|
|
docker version
|
2020-09-25 18:04:36 +00:00
|
|
|
echo "--- end versions"
|
|
|
|
|
}
|
2020-09-23 07:12:21 +00:00
|
|
|
|
2020-09-25 18:03:10 +00:00
|
|
|
run_stack_deploy() {
|
|
|
|
|
echo "--- start deploy ---"
|
2022-01-04 13:49:01 +00:00
|
|
|
|
2023-01-21 06:47:48 +00:00
|
|
|
if [[ -n "${PLUGIN_REG_USER}" ]] && [[ -n "${PLUGIN_REG_PASS}" ]]; then
|
2022-01-04 13:49:01 +00:00
|
|
|
echo "--- discovered secrets, assuming private registry, logging in ---"
|
2022-03-21 14:11:09 +00:00
|
|
|
docker -H "$REMOTE_DOCKER_HOST" login -u "${PLUGIN_REG_USER}" -p "${PLUGIN_REG_PASS}"
|
|
|
|
|
docker -H "$REMOTE_DOCKER_HOST" pull "${PLUGIN_IMAGE}"
|
2022-01-17 15:45:30 +00:00
|
|
|
echo "${PLUGIN_IMAGE}"
|
2022-01-04 13:49:01 +00:00
|
|
|
fi
|
2023-01-21 07:04:56 +00:00
|
|
|
echo "compose: $PLUGIN_COMPOSE"
|
2023-01-21 06:47:48 +00:00
|
|
|
# shellcheck disable=SC2086
|
|
|
|
|
docker -H "$REMOTE_DOCKER_HOST" stack deploy -c ${PLUGIN_COMPOSE//:/ -c } "$PLUGIN_STACK"
|
2020-09-25 18:03:10 +00:00
|
|
|
echo "--- end deploy ---"
|
2020-09-23 06:32:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-09-25 14:11:48 +00:00
|
|
|
run_stack_wait() {
|
2021-06-05 06:33:03 +00:00
|
|
|
export DOCKER_HOST="$REMOTE_DOCKER_HOST"
|
2020-09-27 22:42:49 +00:00
|
|
|
docker run --rm vitalets/docker-stack-wait-deploy \
|
2020-09-27 17:57:41 +00:00
|
|
|
| sed 's/True/true/' \
|
|
|
|
|
| bash /dev/stdin "$PLUGIN_STACK"
|
2020-09-27 22:42:49 +00:00
|
|
|
unset DOCKER_HOST
|
2020-09-25 14:11:48 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-05 06:33:03 +00:00
|
|
|
run_stack_rm() {
|
|
|
|
|
echo "--- start stack rm ---"
|
|
|
|
|
docker -H "$REMOTE_DOCKER_HOST" stack rm "$PLUGIN_STACK"
|
|
|
|
|
|
|
|
|
|
# See https://github.com/moby/moby/issues/30942#issuecomment-540699206
|
|
|
|
|
until [ -z "$(docker -H "$REMOTE_DOCKER_HOST" stack ps "$PLUGIN_STACK" -q)" ]; do sleep 1; done
|
|
|
|
|
|
|
|
|
|
echo "--- end stack rm ---"
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-25 18:04:36 +00:00
|
|
|
run_purge() {
|
|
|
|
|
echo "--- start purge ---"
|
2020-09-27 17:57:41 +00:00
|
|
|
docker -H "$REMOTE_DOCKER_HOST" stack rm "$PLUGIN_STACK"
|
2020-09-25 18:04:36 +00:00
|
|
|
|
2020-09-25 18:35:27 +00:00
|
|
|
# See https://github.com/moby/moby/issues/30942#issuecomment-540699206
|
2020-09-27 17:57:41 +00:00
|
|
|
until [ -z "$(docker -H "$REMOTE_DOCKER_HOST" stack ps "$PLUGIN_STACK" -q)" ]; do sleep 1; done
|
2023-01-21 20:31:03 +00:00
|
|
|
docker -H "$REMOTE_DOCKER_HOST" system prune --all --volumes --force || true
|
2020-09-26 14:14:32 +00:00
|
|
|
|
2020-09-25 21:45:50 +00:00
|
|
|
# try and remove all secrets; Docker will leave ones which are in use
|
2020-09-27 17:57:41 +00:00
|
|
|
docker -H "$REMOTE_DOCKER_HOST" secret ls --format '{{ .Name }}' | xargs -i sh -c "echo {}; docker -H \"$REMOTE_DOCKER_HOST\" secret rm {} || true"
|
2020-09-27 11:25:01 +00:00
|
|
|
echo "--- end purge ---"
|
2020-09-25 18:29:24 +00:00
|
|
|
}
|
|
|
|
|
|
2020-09-23 06:35:16 +00:00
|
|
|
run_plugin() {
|
2020-09-25 18:04:36 +00:00
|
|
|
echo "--- start ssh-stack-deploy ---"
|
2020-09-23 06:32:50 +00:00
|
|
|
load_deploy_key
|
2020-09-25 18:21:19 +00:00
|
|
|
output_versions
|
2020-09-25 17:26:21 +00:00
|
|
|
|
2020-09-27 17:57:41 +00:00
|
|
|
if [ -n "$PLUGIN_NETWORKS" ]; then
|
|
|
|
|
create_networks
|
|
|
|
|
fi
|
|
|
|
|
|
2020-09-25 17:26:21 +00:00
|
|
|
if [ -n "$PLUGIN_GENERATE_SECRETS" ]; then
|
|
|
|
|
generate_secrets
|
|
|
|
|
fi
|
|
|
|
|
|
2021-06-05 06:33:03 +00:00
|
|
|
if [ "$PLUGIN_RM" == "true" ]; then
|
|
|
|
|
run_stack_rm
|
|
|
|
|
fi
|
|
|
|
|
|
2020-09-23 06:32:50 +00:00
|
|
|
run_stack_deploy
|
2021-06-05 06:33:03 +00:00
|
|
|
|
2020-09-25 14:11:48 +00:00
|
|
|
run_stack_wait
|
2020-09-25 18:04:36 +00:00
|
|
|
|
|
|
|
|
if [ "$PLUGIN_PURGE" == "true" ]; then
|
|
|
|
|
run_purge
|
|
|
|
|
fi
|
2020-09-25 18:29:24 +00:00
|
|
|
|
2020-09-25 18:04:36 +00:00
|
|
|
echo "--- end ssh-stack-deploy ---"
|
2020-09-23 06:32:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
run_plugin
|
