52 lines
1.7 KiB
Bash
52 lines
1.7 KiB
Bash
wi-init(){
|
|
wi-login $1 $2
|
|
|
|
echo " >> Init << "
|
|
echo "------------------------------"
|
|
|
|
mkdir -p ~/.ssh &> /dev/null
|
|
|
|
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
|
python3 -m venv /opt/ansible &> /dev/null
|
|
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
|
|
|
curl \
|
|
-H "X-Vault-Token: ${config["login",$ORG]}" \
|
|
-X GET \
|
|
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
|
|
|
|
chmod 700 ~/.ssh/init
|
|
|
|
mkdir -p ~/.ansible > /dev/null
|
|
|
|
if [ ! -f ~/.ansible/vars.yml ]
|
|
then
|
|
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
|
|
|
|
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
|
|
|
|
echo "---" > ~/.ansible/vars.yml
|
|
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
|
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
|
|
echo "vault:" >> ~/.ansible/vars.yml
|
|
echo " ansible:" >> ~/.ansible/vars.yml
|
|
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
|
|
echo " hashicorp:" >> ~/.ansible/vars.yml
|
|
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
|
|
|
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
|
|
fi
|
|
|
|
GIT_DOMAIN="git.cwinfo.net"
|
|
GIT_PORT="2222"
|
|
GIT_REPOSITORY="warengroup-private/infra-plus"
|
|
|
|
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
|
|
|
|
export HVT=${config["login",$ORG]}
|
|
|
|
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
|
|
|
|
unset HVT
|
|
}
|