Our CI infrastructure and developers have different requirements,
but really the overlap is almost complete and it's a shame that
we require developers to perform manual steps before we can use
our tools.
Flavors are a very simple and effective way to deal with the
issue: we'll be able to configure guests differently based on
whether they will be used for CI or development.
The default flavor is developer, which doesn't require the vault
password and as such can be used by anyone out of the box: the
Jenkins setup is skipped in this case.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/lcitool | 35 ++++++++++++++++++++++++++++++++---
guests/site.yml | 1 +
2 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 883e0eb..bf270f1 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -59,13 +59,39 @@ load_install_config() {
load_config() {
CONFIG_DIR="$HOME/.config/$PROGRAM_NAME"
+ mkdir -p "$CONFIG_DIR" >/dev/null 2>&1 || {
+ die "$PROGRAM_NAME: $CONFIG_DIR: Unable to create config directory"
+ }
+
+ FLAVOR_FILE="$CONFIG_DIR/flavor"
VAULT_PASS_FILE="$CONFIG_DIR/vault-password"
ROOT_PASS_FILE="$CONFIG_DIR/root-password"
- # Make sure required passwords exist and are not invalid (empty)
- test -f "$VAULT_PASS_FILE" && test "$(cat
"$VAULT_PASS_FILE")" || {
- die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password"
+ # Two flavors are supported: developer (default) and ci. Read the
+ # flavor from configuration, validate it and write it back in case
+ # it was not present
+ FLAVOR="$(cat "$FLAVOR_FILE" 2>/dev/null)"
+ FLAVOR=${FLAVOR:-developer}
+ test "$FLAVOR" = developer || test "$FLAVOR" = ci || {
+ die "$PROGRAM_NAME: Invalid flavor '$FLAVOR'"
}
+ echo "$FLAVOR" >"$FLAVOR_FILE" || {
+ die "$PROGRAM_NAME: $FLAVOR_FILE: Unable to save flavor"
+ }
+
+ test "$FLAVOR" = ci && {
+ # The vault password is only needed for the ci flavor, so only
+ # validate it in that case
+ test -f "$VAULT_PASS_FILE" && test "$(cat
"$VAULT_PASS_FILE")" || {
+ die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password"
+ }
+ } || {
+ # For other flavors, undefine the variable so that Ansible
+ # will not try to read the file at all
+ VAULT_PASS_FILE=
+ }
+
+ # Make sure the root password has been configured properly
test -f "$ROOT_PASS_FILE" && test "$(cat
"$ROOT_PASS_FILE")" || {
die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password"
}
@@ -164,8 +190,11 @@ do_prepare() {
load_config
+ EXTRA_VARS="flavor=$FLAVOR"
+
ansible-playbook \
--vault-password-file "$VAULT_PASS_FILE" \
+ --extra-vars "$EXTRA_VARS" \
-l "$GUEST" \
site.yml
}
diff --git a/guests/site.yml b/guests/site.yml
index 9c75dcb..35e3220 100644
--- a/guests/site.yml
+++ b/guests/site.yml
@@ -30,6 +30,7 @@
# Configure the Jenkins agent
- include: tasks/jenkins.yml
when:
+ - flavor == 'ci'
- projects is defined
# jenkins is a pseudo-project
- ( 'jenkins' in projects )
--
2.13.6