github.com/weaveworks/common@v0.0.0-20230728070032-dd9e68f319d5/tools/provisioning/setup.sh (about) 1 #!/bin/bash 2 # 3 # Description: 4 # Helper functions to programmatically provision (e.g. for CIT). 5 # Aliases on these functions are also created so that this script can be 6 # sourced in your shell, in your ~/.bashrc file, etc. and directly called. 7 # 8 # Usage: 9 # Source this file and call the relevant functions. 10 # 11 12 function ssh_public_key() { 13 echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZBgLQts30PYXEMJnCU21QC+1ZE0Sv/Ry48Au3nYXn1KNoW/7C2qQ3KO2ZnpZRHCstFiU8QIlB9edi0cgcAoDWBkCiFBZEORxMvohWtrRQzf+x59o48lVjA/Fn7G+9hmavhLaDf6Qe7OhH8XUshNtnIQIUvNEWXKE75k32wUbuF8ibhJNpOOYKL4tVXK6IIKg6jR88BwGKPY/NZCl/HbhjnDJY0zCU1pZSprN6o/S953y/XXVozkh1772fCNeu4USfbt0oZOEJ57j6EWwEYIJhoeAEMAoD8ELt/bc/5iex8cuarM4Uib2JHO6WPWbBQ0NlrARIOKLrxkjjfGWarOLWBAgvwQn5zLg1pKb7aI4+jbA+ZSrII5B2HuYE9MDlU8NPL4pHrRfapGLkG/Fe9zNPvScXh+9iSWfD6G5ZoISutjiJO/iVYN0QSuj9QEIj9tl20czFz3Dhnq4sPPl5hoLunyQfajY7C/ipv6ilJyrEc0V6Z9FdPhpEI+HOgJr2vDQTFscQuyfWuzGJDZf6zPdZWo2pBql9E7piARuNAjakylGar/ebkCgfy28XQoDbDT0P0VYp+E8W5EYacx+zc5MuNhRTvbsO12fydT8V61MtA78wM/b0059feph+0zTykEHk670mYVoE3erZX+U1/BVBLSV9QzopO6/Pgx2ryriJfQ== weaveworks-cit" 14 } 15 16 function decrypt() { 17 if [ -z "$1" ]; then 18 echo >&2 "Failed to decode and decrypt $2: no secret key was provided." 19 return 1 20 fi 21 # Set md5 because existing keys were encrypted that way and openssl default changed 22 echo "$3" | openssl base64 -d | openssl enc -md md5 -d -aes256 -pass "pass:$1" 23 } 24 25 function ssh_private_key() { 26 # The private key has been AES256-encrypted and then Base64-encoded using the following command: 27 # $ openssl enc -in /tmp/weaveworks_cit_id_rsa -e -aes256 -pass stdin | openssl base64 > /tmp/weaveworks_cit_id_rsa.aes.b64 28 # The below command does the reverse, i.e. base64-decode and AES-decrypt the file, and prints it to stdout. 29 # N.B.: Ask the password to Marc, or otherwise re-generate the SSH key using: 30 # $ ssh-keygen -t rsa -b 4096 -C "weaveworks-cit" 31 decrypt "$1" "SSH private key" "$( 32 cat <<EOF 33 U2FsdGVkX195fX5zswH1C5ho3hkYnrAG0SQmTubdc5vW6DSDgYlpxmoXufGAImqH 34 eaIhC8mEespdqOrIGOIBf0QU9Mm386R/tuxQMxCU/ZLYhuOYMmMtTytBzyDmI1Mf 35 NjfE7wTsPUzrys46ZJ5H/AHN/F/0N/jXIEwD+M8sSLshatBbgv49MUtZrVy7zVK6 36 zhb7kbYZAxuFQsv0M7PtBOM9WLp18ttmGjv/5ag/74ZDyj3HSC7/+7jTxUS4zxS6 37 XrWfiOUlugPjryIeOgkjbDIOqan/h45rECkX96ej+w685diiNMYpgzX7NgMHB5AW 38 PsK1mwnfuNzrm1Qep/wkO0t8Vp4Q5XKmhntKHByr/86R991WEtSpDkKx6T5IzNGU 39 +wSdMd59jmdrLwe2fjn3i8V7SULx6rC4gNQ3IsoZN7w8/LLhi3UlHlswu1rMOAZS 40 irITg+F5qjKYDfaXmW1k/RDy9N6pjkTuGck2SRxSfnIQZ2ncX4bLD9ymVBYmB++X 41 ylEcxYBZPbcVm3tbLRxaK4AUBLqywlt+4gn6hXIq3t3HIgAeFrTKO7fF8orVMIhU 42 3GrYJHMA4kNhXo4QIhCEkWex0wHFntNKb4ZvPRhKZiIq8JrGE5CVONQhN9z+A1Tp 43 XmGrVG5ywtQ4HrlLxeGzfXFaJRU2Uv+T/LeYWWili1tmRlQu54jGkkWRCPN4NLNX 44 5ZiFfej+4kWLQ3m12GL3NDjKHSdoSIBJxj9QvYwB6+wpLdCgHnOp3ItymBRJCuh+ 45 t5pyVUGMN/xCHu8sGOAWpZ5kJrzImduD46G17AoJ3IiKhJ+vXiafCwukZcpmNwEF 46 C1VKEPwIzJeTIIg7qyyNT/aDHaUMBC5C7pKkI70b0fmKyBxmmt36tlNE0cg344E7 47 sNh5C6x+0mSixhI0g9UsuvnNs0gt+GmbDp17KOISM0qc+39LbiGLmsP7zxweqOm6 48 3/tStFOx0VI2iJMIywbWgJvHgWWuzd5ZveJhbcjdckUDXZ45lcs4y9fMTri1Cj4O 49 hrQCsTqK/cpmx1ZIaPhws2Z2NsP942E7te/wq2mBx0HppT0i9ZJpwz9vLRisaqgF 50 LO8b9PE3kWhIejPmDy53iJExBcR/z9M336SDfeDrJkqXg1gytiSnyh2sCaOKlEQR 51 im3WAiiJaqH3k1+hQ3vLWgNfq1+Nu/EcLew9MbKMTmYsSKA9cLz8zB4ZevHipa2B 52 MyKOntCzX+ROAeTvjLWZvuf9J1XWQaOs15/N0nyCahQHBs38XPQbaruOHooZ8iHi 53 rjHLJvPEdMJ76L+qkW+YWnjzf7qxmi+XjeNzDwGGsYRLdz8BxVrOdAISXdsJh9zn 54 7KXh4vRnPFsgetIx9FHVpvy0f9+uE4AQHKQ3D2mC3+jnaonxZm3Sxh1IqGSQLEfD 55 Qy7mIv5YEc8QI4AFcfZyuL1MSRuYVPr+ZHvQaWaF3NpscH8F/anzyczqbxjmhqph 56 4iZifLrHCNQKnDTR5i+xUWJxWsTrWGDLEAKu2UQ2mU+XCMXSx3D2OzYkgN1v5fnC 57 epAoKPa4HkyoHbCG2sl0A6O6vuoRAtQ8/h/jkpCXgCrGPQq15mtkVUCqFKqhYJq1 58 ugAYrUqxMSaNUFOjH/AKHK7GIaAqaonFhAblxVTHhzJ3k//rBUoRhz8Xoj1rpkkY 59 aZE1Sz0FFwEjFSPimXQz6TXb0rR6Ga9KjmbIhzaQ+aEFpYXof9kwXQTkeoSV1GHa 60 RLJu3De1SYC0a7zJbjkHPSJ55RX2PEEzHGe/3xFbH8M24ox0E29ewNZtAZ7yNhyi 61 88xSonlJFt5sOBuk5bNsJ9AZ9pEekrNJ1BigkT4q+cA0gCUJJ0MuBrijdufqLDIw 62 p9ozT1vfWrtzLBqHOcRvhWGJ48VXliJjKzpN+fmFEqxifu0+sfxzroluNjhuKTF8 63 5P0rLohZ+Xtvze5WszSMrSFAmi3TUOSPrxGZ+fZfttkBae0uj/mTFUNo61pRZSxR 64 hpPyq8NlusfUscX81zE3jNansIVsf54TVM2cb5fBrdS+SYhc5izbEMjI958ZPndf 65 iJID3oWKrWbn7ebszS0g0T2Hurk4VALgECLAxYqP/S32SOB6Y9EcE1dUq0VI2kzs 66 /HvMW05iWGDQ9fYWba/X+cpKfrRFXWFfD8CndDLidY9kHe2Zq9nEz+C/Zfi4YQKt 67 7nLpC85fvIaAnRxDlW8O/Sj8+TBNPcrsxeuhYfilIcapVs8/Plbtc7M6z7v1LO5i 68 bFeCBLwv+ZB1OUcxjuzCNVGBSvmYQmJbq37WDqPd+a8hqkz8/khH/CmUjp/MDrQN 69 64HIe+/USU9LvOI4ZkT/w/POmU2uxKWIc/OiSWuDgr6QsPYEjgMj1sEU8xT5HwOr 70 m9uBBgU/Pt118cmRPZDa25qyGEbiGvnjFl1fh5WgDg3gNQStEsuKy2IILGrzDMX3 71 IxuGr793Jp2zxawxzAcqSNvhf2b16f4hBueKqBPvNEfiPGzBqz+x636kYvhuUYmU 72 KxWZpsfBLbn7EL7O8OorzPBNOLJOiz1YmZ7cST2EYD7aEOAQMQ5n/6uyS7bP+dHR 73 wSVelYhKH/zIklHSH3/ERCPpmiYPdcFXEuu5PoGB9bqGae4RGm41350iecPn/GEM 74 Ykjc0aSed31gcFMIO+WDUgIc6qqJZklW7YMNfeKjeXzmml0hVMJrxbtPSr042jem 75 qzu/FuFLs47vpc8ooBO6bOa/Foicq5ypxenVT0YWPlReFpK+BVRpyHrk+MeXqP6Q 76 ReAfxli9MrM0EQc2I0ok/OA3H61BE5cr1cR9Sj4CH9ZFJfoGDNvn64RL9p2C1SkQ 77 Y+kWGWPdwsw+iSXsw+864H/Noojs8saQtyognAxYEb/DinSaqlil6EUydCyVZCWx 78 kuYb2zBxeh3W8IZcmHIl/aaobk8KHWwv+1/KWS3M21PKFwkEKWl42kRTn14fXo7y 79 9MhmbCgVxi2lTtQfRqcH2GmGcEL8MPDptMs4HEJvjeLvdIIzT1Du7DDfU8tfuFZK 80 C8v1tjL57Tcm+ORroVyQrImwkOxfJUDKKlz52p6o1fGp7W249H9/r29I+e5LCx0R 81 aoywGfl0Mi8i1U6p2AhQu+ywsdDyZEnSMoKyIjDckpLbe00AhQLfBLSCHf4IYd9I 82 crMSo0axhB45e+sqZ2OSfbxIMWrHuFDzjLMTdtXzHsJ6910MnsjRjZKcFNaKpqyd 83 Lm3PeGG0admpmHsu6jQBEwAVby7SSJ/+m6oiqUAvNfDrWCDsd8tA5iFhUGe8qnTZ 84 QE8DGOOzd+GcEaC+93MK9jYaiGdbWgCSTVv/7akY/+sEd5bLBPc/HEnkWxuDlPnU 85 aK1A7g0b3ijODbHLBEE6a5BVZ/ZC9JlCh3UGuJubzgAfrxligRme3HEsH2oj5gIH 86 nHW2ehWNif+5Bhq+S/2WrhhYS8dY+WoEgaQW0VHJZLAu9FnjgOMQdbOxY8wCuNR4 87 PIvwM4yIhaEUy2Bh0OFmXRzaqP+ZqTub+IVLkSZ9ULAqt06SdPbxGjLwImv/QyNZ 88 mL7clr2JtyxYQiuqZ46y2WfM0Cv+NAVWh3R7DGxzWf1Oht4SfmYZTHtzLzbBnLjP 89 ZGRC9umNrSDw75KPRzDdRJsPIO/38B2CPv2ati1cdurleYvbOh+LKEThfmO/ay65 90 UU63fU0H1esBro/JW/z7jCLBJ1aO2rTmYCFwtxAsQPs/yNrATwmBjlnAEnzCzT6f 91 O1+AFT3I/dTEiHIaXfvQBGhSblIymlYXPiIG0gZSZH4370WhNg86o1yd34ITeH3j 92 JzuOkawQY3hQR5n1XPUQzioaqWIyFwxL98pMTQpskJtwMG+U0m6ahaMsi3bhwd5b 93 6srFj0qdUeaZFZVUkPqnYithICYL7FewAzA23hDZ8Pj5pLNtFHkcywGs2EEGeeTC 94 sV1QCESVDQcSzlZ6tJNmJgUTK9dUHrq4DQrk5Ozg/xQ64wgqeiPEiaqT8lSFDDY/ 95 NOTFPgbd1O3JNT3h7U59mTiDtdd4LFk4LRcu+A6q8G54aVTe/dqysllQi9eBO5qv 96 u+yV7W0ph96m7z1DHuhVTlM0fg2l//fuxnDZJICfg45BNhN/Zb9RhfS7Fhhq7M1c 97 bLu2Hteret0PXeC38dGv1Gah79KSrOw5k3kU/NG0ZlC01svkrNXLA6bcZuJWpajM 98 4fBkUc93wSLonIbSfXK7J3OQjI9fyu4aifxuS/D9GQlfckLFu8CMn+4qfMv6UBir 99 lr1hOLNqsUnfliUgnzp5EE7eWKcZKxwnJ4qsxuGDTytKyPPKetY2glOp0kkT2S/h 100 zOWN81VmhPqHPrBSgDvf0KZUtllx0NNGb0Pb9gW5hnGmH0VgeYsI8saR5wGuUkf4 101 EOF 102 )" 103 } 104 105 function set_up_ssh_private_key() { 106 if [ -z "$1" ]; then 107 echo >&2 "Failed to decode and decrypt SSH private key: no secret key was provided." 108 return 1 109 fi 110 local ssh_private_key_path="$HOME/.ssh/weaveworks_cit_id_rsa" 111 [ -e "$ssh_private_key_path" ] && rm -f "$ssh_private_key_path" 112 ssh_private_key "$1" >"$ssh_private_key_path" 113 chmod 400 "$ssh_private_key_path" 114 echo "$ssh_private_key_path" 115 } 116 117 function gcp_credentials() { 118 # The below GCP service account JSON credentials have been AES256-encrypted and then Base64-encoded using the following command: 119 # $ openssl enc -in ~/.ssh/weaveworks-cit.json -e -aes256 -pass stdin | openssl base64 > /tmp/weaveworks-cit.json.aes.b64 120 # The below command does the reverse, i.e. base64-decode and AES-decrypt the file, and prints it to stdout. 121 # N.B.: Ask the password to Marc, or otherwise re-generate the credentials for GCP, as per ../tools/provisioning/gcp/README.md. 122 decrypt "$1" "JSON credentials" "$( 123 cat <<EOF 124 U2FsdGVkX1+ocXXvu+jCI7Ka0GK9BbCIOKehuIbrvWZl/EhB44ebW7OyO8RTVqTg 125 xWuktqt+e0FDWerCFY5xHeVDBN0In9uH+IWfnXp4IcJIes16olZHnyS3e6+L5Xc6 126 oWm+ZQ15OMa9vA+t3CMpuuwd/EIC1OSyDaxK4Gcta91zH6sN97F0NVjciPyjNhly 127 3kx0uuHzI0KW4EGuAPxF1pOFwIvCJVwrtjygtyf9ymVZ1wGMe/oUyRolMBjfPJvi 128 YCF65zN1wghHtcqyatov/ZesiF/XEFn/wK5aUR+wAEoQdR5/hN7cL8qZteUUYGV4 129 O6tI8AoCKPHyU83KevwD0N34JIfwhloOQtnxBTwMCLpqIZzEFTnD/OL6afDkUHW+ 130 bWGQ3di92lLuOYOZ1mCfvblYZssDpVj79Uu8nwJPnaf334T6jDzc4N/cyaIyHsNz 131 ydJ7NXV9Ccs38JhQPDY+BkQAXZRXJVVgMLZIGU4ARxYaRFTnXdFE5bM4rRM4m4UY 132 lQbeoYrB6fH9eqpxc3A3CqHxGDTg+J8WqC/nZVX6NzBWCQVOxERi7KVfV6l387Qy 133 w5PRjl3X+3Z14k15eIOVb25ZnnmTwgKm/xdm3j47spStVRbMsa1nbXLINrYs0XoW 134 eVyYxHD3bWFZ7blTlGaNecmjECecQ7VS/EmNeNFiigaIeArB0GZcq0xx+J/VUXW+ 135 q3VCw2D5bYOCC1ApZ4iOXLXERfGyHetkt++veEJ61EZWcc0o2g9Ck4r7JYLFfEEz 136 Wik08WH+tGksYnCHH3gxjTGbLR7jsEKgBQkcsGsIwm/w950QfAug0C+X6csNJwPY 137 mm47hHfdSa3p6fgPNKVA2RXA/cAUzfNL65cm7vSjqWLaGPnkVAZwySIqZSUkjQz3 138 OOACnvmsJnHYO8q730MzSJ/qG+2v4nQ0e9OlbV4jqsrYKrFLcCJIUx2AhwddkIy6 139 EA7uJvt8MiBpErc+g1IdLxDhoU7pTnN3wocA8mufMcnNBRVv9v4oYY6eGWWo62op 140 +kpglrcouGjTV0LJDalp9ejxtjFQ+sCqvUzmgmcTD2iqP4+VX4/jglKeUnj4XeID 141 DwyCYNyZg70V/H7ZbLDfE5SJkH+iALJnQZGfPrXtn1RdoI7Hh9Ix0xYizGozwF72 142 WQC+Td17XpINn5kPr5j8CVps5C7NDbZR747XbfHkWRVVCt2gCf4R8JM2u+Gh8wPP 143 aj8ziSF9ndZr/jQy8cF2OrmGRemCDVabEiBdNRq6CxwuTwoMRREC5zT4mIFWrflv 144 UZvXfKiw4Dd4tohkOC/U6DfWNzzIy4UBvVZOgNjAyyJLChTHrHdxHbG7hloAlfGM 145 kijPYqQhsAL9LxTco7ANexSdMPfkHOLEGcY5or4z6WifRY9lRa1Fa4fguGHCRj/T 146 e67JFe5NM3Aq++8jLH/5ZpWP6xAiMLz/EYVNZ5nTnWnsz3yDSm7Fk8dtgRF0P7My 147 FpVWot2/B1eKWjfnwsqMg3yRH7k0bFaz7NzVbkHkUIsUgFzaH7/NlaaP9/GyYNKj 148 c7QC6MbTjgxK1wlGmjN+to59o+CLns+z6rv42u7JDEikLQ0jVRPDCd6zJk3Vnabs 149 wP2yohi/u2GraAevBcQIqxFRnk8F8Ds+kydNXxCfX3pXgGEp5bV8+ZrTt8HcQ4dv 150 23Oulur38vep0ghF4wCoIvbGauLCQqmc4Ct1phjyVMNKOx1VLXI37uoIh+0d+Y/6 151 hqxLYKCfvRmeSdAUBTxAihMY1vioNZ8iu83WDnxioREC+skejr3s2nENSA/bxl9h 152 6ETVYwXxEshj2Im6xVZzX3W1fI6HK51M2ttglGLpzvwqPeWH/PFmRRtLjGTk9myM 153 wGOG2RBwoXR2UCOWwfg2iSE3iEJYAcLSFs1m71y7uXKF3wVb4Hpn11UljAUyo6lH 154 bRTgEfyulLS7VJ8Vj0pvxnE72qJPOSe5xMWgjVaqHUH6hSkra5EfkyXRk+49vIU1 155 z6TIX+AMYU2ZXvkDbTGck7nMNmQW7uBwHCy0JuYoM9g71UUyYAGb+vemGPvU77U5 156 UzKpGNYt6pMC+pPZkYWXq7553dP0o3iftArVp7DaweP134ROn4HYnSL/zpKXZnG/ 157 toWhQVjrw23kfTI4lOFNhfs+vw5sLSoBDXdDS09fjDxot5Ws1nxojUmx3HroTkcw 158 ce5bGW7FYWxxlY4yBPbliXJcJ/4yewDxWL2qOkGL+G5ztRMHPEOmfQrUtqB8tSMZ 159 Bn0eMSp1lnkloPkfNkRguxBbJDwbrl06fkmGTCyDjToqqBVVXSSRHA2+pJzsRGWA 160 0UuDkdINaSGgqX8GNa5iJaVGUKEUSbmM7G5maeKdgiwHn2qdJ73/rIHxg1DNC9UB 161 LP1+wWpfeAdqidpErXJ7PRpsIA3UBNcDhQALk9U3Y+33xQQOQYtaFwI/CBUGlVub 162 FgR0tWJZWd/GbRMP2MRH7CJ3//kkW8/O+pFRZfrtjc6ZMlChoRQyGA3OMissrGsW 163 GoXjO+3wwNDkZIUtLuYHQhUJ1u/n3wOsOp0gTQa0222ofVitPniGkCtqgVScBJTd 164 l9SNCvhDR9sAkkEDi0VAplPiJZHjhAFb+WmN6cwTH8CVjb0CKcu3rfCVHlbLqrwU 165 7JMq2gmoYcDs9+4SJu7BTc3++z1pPgvE4JBNk9SdDMa+du7e1YEemrbUfb/GSvkD 166 R97jYPXFD9g7IaHePZemLoRbwoMapDp6WJrfIYqoh3Vw7zh6ZfmcAjkELXei3DS1 167 sySA66syQKGk5G2xFxr3mQzywOa2JfstK1JftvzEmIpav6rCcaqdA0pM1PHJ5AVa 168 LjMEl6To9fk99Cfp77OY18/xPYfxrcEqt4yGTJP1RnGxLaY961T6PI7EYJ3mfeTx 169 CwROwr8ZoNc5OnRmh+rdJMsNG/qFvI1Ys0nE1EehyKizoXYQKkjcrWnjA0RDk/dq 170 kP2CuKF1ChBNSaKROttn8QOyOU7fxYFhqhnoH9JzYtxaw2EcGARkgCJtEVHRevzC 171 hRo4VM+zwS9iNMVJiHA2C9CY+LXwgCDBg60Gu8/cAzriDeDdKFCCNYDA3Eqp8gOE 172 LJC6/tcToHqLztWEvnB4h+Fs9GUZT1sLyHudQiiP8kR06Y4+Dq3sytk6B44VD0P2 173 EOF 174 )" 175 } 176 177 # shellcheck disable=2155 178 function do_on() { 179 # Set up everything required to run tests on Digital Ocean. 180 # Steps from ../tools/provisioning/do/README.md have been followed. 181 # All sensitive files have been encrypted, see respective functions. 182 if [ -z "$SECRET_KEY" ]; then 183 echo >&2 "Failed to configure for Digital Ocean: no value for the SECRET_KEY environment variable." 184 return 1 185 fi 186 187 # SSH public key: 188 export TF_VAR_do_public_key_path="$HOME/.ssh/weaveworks_cit_id_rsa.pub" 189 ssh_public_key >"$TF_VAR_do_public_key_path" 190 export DIGITALOCEAN_SSH_KEY_NAME="weaveworks-cit" 191 export TF_VAR_do_public_key_id=5228799 192 193 # SSH private key: 194 export TF_VAR_do_private_key_path=$(set_up_ssh_private_key "$SECRET_KEY") 195 196 # API token: 197 # The below Digital Ocean token has been AES256-encrypted and then Base64-encoded using the following command: 198 # $ openssl enc -in /tmp/digital_ocean_token.txt -e -aes256 -pass stdin | openssl base64 > /tmp/digital_ocean_token.txt.aes.b64 199 # The below command does the reverse, i.e. base64-decode and AES-decrypt the file, and prints it to stdout. 200 # N.B.: Ask the password to Marc, or otherwise re-generate the token for Digital Ocean, as per ../tools/provisioning/do/README.md. 201 export DIGITALOCEAN_TOKEN=$(decrypt "$SECRET_KEY" "Digital Ocean token" "U2FsdGVkX1/Gq5Rj9dDDraME8xK30JOyJ9dhfQzPBaaePJHqDPIG6of71DdJW0UyFUyRtbRflCPaZ8Um1pDJpU5LoNWQk4uCApC8+xciltT73uQtttLBG8FqgFBvYIHS") 202 export DIGITALOCEAN_TOKEN_NAME="weaveworks-cit" 203 export TF_VAR_client_ip=$(curl -s -X GET http://checkip.amazonaws.com/) 204 } 205 alias do_on='do_on' 206 207 function do_off() { 208 unset TF_VAR_do_public_key_path 209 unset DIGITALOCEAN_SSH_KEY_NAME 210 unset TF_VAR_do_public_key_id 211 unset TF_VAR_do_private_key_path 212 unset DIGITALOCEAN_TOKEN 213 unset DIGITALOCEAN_TOKEN_NAME 214 unset TF_VAR_client_ip 215 } 216 alias do_off='do_off' 217 218 # shellcheck disable=2155 219 function gcp_on() { 220 # Set up everything required to run tests on GCP. 221 # Steps from ../tools/provisioning/gcp/README.md have been followed. 222 # All sensitive files have been encrypted, see respective functions. 223 if [ -z "$SECRET_KEY" ]; then 224 echo >&2 "Failed to configure for Google Cloud Platform: no value for the SECRET_KEY environment variable." 225 return 1 226 fi 227 228 # SSH public key and SSH username: 229 export TF_VAR_gcp_public_key_path="$HOME/.ssh/weaveworks_cit_id_rsa.pub" 230 ssh_public_key >"$TF_VAR_gcp_public_key_path" 231 export TF_VAR_gcp_username=$(cut -d' ' -f3 "$TF_VAR_gcp_public_key_path" | cut -d'@' -f1) 232 233 # SSH private key: 234 export TF_VAR_gcp_private_key_path=$(set_up_ssh_private_key "$SECRET_KEY") 235 236 # JSON credentials: 237 export GOOGLE_CREDENTIALS_FILE="$HOME/.ssh/weaveworks-cit.json" 238 [ -e "$GOOGLE_CREDENTIALS_FILE" ] && rm -f "$GOOGLE_CREDENTIALS_FILE" 239 gcp_credentials "$SECRET_KEY" >"$GOOGLE_CREDENTIALS_FILE" 240 chmod 400 "$GOOGLE_CREDENTIALS_FILE" 241 export GOOGLE_CREDENTIALS=$(cat "$GOOGLE_CREDENTIALS_FILE") 242 243 export TF_VAR_client_ip=$(curl -s -X GET http://checkip.amazonaws.com/) 244 export TF_VAR_gcp_project="${PROJECT:-"weave-net-tests"}" 245 # shellcheck disable=2015 246 [ -z "$PROJECT" ] && echo >&2 "WARNING: no value provided for PROJECT environment variable: defaulted it to $TF_VAR_gcp_project." || true 247 } 248 alias gcp_on='gcp_on' 249 250 function gcp_off() { 251 unset TF_VAR_gcp_public_key_path 252 unset TF_VAR_gcp_username 253 unset TF_VAR_gcp_private_key_path 254 unset GOOGLE_CREDENTIALS_FILE 255 unset GOOGLE_CREDENTIALS 256 unset TF_VAR_client_ip 257 unset TF_VAR_gcp_project 258 } 259 alias gcp_off='gcp_off' 260 261 # shellcheck disable=2155 262 function aws_on() { 263 # Set up everything required to run tests on Amazon Web Services. 264 # Steps from ../tools/provisioning/aws/README.md have been followed. 265 # All sensitive files have been encrypted, see respective functions. 266 if [ -z "$SECRET_KEY" ]; then 267 echo >&2 "Failed to configure for Amazon Web Services: no value for the SECRET_KEY environment variable." 268 return 1 269 fi 270 271 # SSH public key: 272 export TF_VAR_aws_public_key_name="weaveworks_cit_id_rsa" 273 274 # SSH private key: 275 export TF_VAR_aws_private_key_path=$(set_up_ssh_private_key "$SECRET_KEY") 276 277 # The below AWS access key ID and secret access key have been AES256-encrypted and then Base64-encoded using the following commands: 278 # $ openssl enc -in /tmp/aws_access_key_id.txt -e -aes256 -pass stdin | openssl base64 > /tmp/aws_access_key_id.txt.aes.b64 279 # $ openssl enc -in /tmp/aws_secret_access_key.txt -e -aes256 -pass stdin | openssl base64 > /tmp/aws_secret_access_key.txt.aes.b64 280 # The below commands do the reverse, i.e. base64-decode and AES-decrypt the encrypted and encoded strings, and print it to stdout. 281 # N.B.: Ask the password to Marc, or otherwise re-generate the AWS access key ID and secret access key, as per ../tools/provisioning/aws/README.md. 282 export AWS_ACCESS_KEY_ID="$(decrypt "$SECRET_KEY" "AWS access key ID" "U2FsdGVkX18Txjm2PWSlJsToYm1vv4dMTtVLkRNiQbrC6Y6GuIHb1ao5MmGPJ1wf")" 283 export AWS_SECRET_ACCESS_KEY="$(decrypt "$SECRET_KEY" "AWS secret access key" "$( 284 cat <<EOF 285 U2FsdGVkX1/BFp/lQnSoy0LxUuDz0z0YnqxhO8KBrtt3x6YEWyVFzY34rFhpGiB7 286 IxYq20K87Zrx/Q/urMoWgg== 287 EOF 288 )")" 289 290 export TF_VAR_client_ip=$(curl -s -X GET http://checkip.amazonaws.com/) 291 } 292 alias aws_on='aws_on' 293 294 function aws_off() { 295 unset TF_VAR_aws_public_key_name 296 unset TF_VAR_aws_private_key_path 297 unset AWS_ACCESS_KEY_ID 298 unset AWS_SECRET_ACCESS_KEY 299 unset TF_VAR_client_ip 300 } 301 alias aws_off='aws_off' 302 303 function tf_ssh_usage() { 304 cat >&2 <<-EOF 305 ERROR: $1 306 307 Usage: 308 \$ tf_ssh <host ID (1-based)> [OPTION]... 309 Examples: 310 \$ tf_ssh 1 311 \$ tf_ssh 1 -o LogLevel VERBOSE 312 \$ tf_ssh 1 -i ~/.ssh/custom_private_key_id_rsa 313 Available machines: 314 EOF 315 cat -n >&2 <<<"$(terraform output public_etc_hosts)" 316 } 317 318 # shellcheck disable=SC2155 319 function tf_ssh() { 320 [ -z "$1" ] && tf_ssh_usage "No host ID provided." && return 1 321 local ip="$(sed "$1q;d" <<<"$(terraform output public_etc_hosts)" | cut -d ' ' -f 1)" 322 shift # Drop the first argument, corresponding to the machine ID, to allow passing other arguments to SSH using "$@" -- see below. 323 [ -z "$ip" ] && tf_ssh_usage "Invalid host ID provided." && return 1 324 # shellcheck disable=SC2029 325 ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" "$(terraform output username)@$ip" 326 } 327 alias tf_ssh='tf_ssh' 328 329 function tf_ansi_usage() { 330 cat >&2 <<-EOF 331 ERROR: $1 332 333 Usage: 334 \$ tf_ansi <playbook or playbook ID (1-based)> [OPTION]... 335 Examples: 336 \$ tf_ansi setup_weave-net_dev 337 \$ tf_ansi 1 338 \$ tf_ansi 1 -vvv --private-key=~/.ssh/custom_private_key_id_rsa 339 \$ tf_ansi setup_weave-kube --extra-vars "docker_version=1.12.6 kubernetes_version=1.5.6" 340 Available playbooks: 341 EOF 342 cat -n >&2 <<<"$(for file in "$(dirname "${BASH_SOURCE[0]}")"/../../config_management/*.yml; do basename "$file" | sed 's/.yml//'; done)" 343 } 344 345 # shellcheck disable=SC2155,SC2064 346 function tf_ansi() { 347 [ -z "$1" ] && tf_ansi_usage "No Ansible playbook provided." && return 1 348 local id="$1" 349 shift # Drop the first argument to allow passing other arguments to Ansible using "$@" -- see below. 350 if [[ "$id" =~ ^[0-9]+$ ]]; then 351 local playbooks=(../../config_management/*.yml) 352 local path="${playbooks[(($id - 1))]}" # Select the ith entry in the list of playbooks (0-based). 353 else 354 local path="$(dirname "${BASH_SOURCE[0]}")/../../config_management/$id.yml" 355 fi 356 local inventory="$(mktemp /tmp/ansible_inventory_XXX)" 357 trap 'rm -f $inventory' SIGINT SIGTERM RETURN 358 echo -e "$(terraform output ansible_inventory)" >"$inventory" 359 [ ! -r "$path" ] && tf_ansi_usage "Ansible playbook not found: $path" && return 1 360 ansible-playbook "$@" -u "$(terraform output username)" -i "$inventory" --ssh-extra-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" "$path" 361 } 362 alias tf_ansi='tf_ansi'