From: Ismaƫl Bouya Date: Wed, 28 Nov 2018 09:11:57 +0000 (+0100) Subject: Move environment file to template X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=b7b8fe64fb3ed13ef535c7d4789da3a5001e355d;p=perso%2FImmae%2FConfig%2FAnsible.git Move environment file to template --- diff --git a/roles/contexts/fretlink/tasks/main.yml b/roles/contexts/fretlink/tasks/main.yml index 99d39b3..0908eca 100644 --- a/roles/contexts/fretlink/tasks/main.yml +++ b/roles/contexts/fretlink/tasks/main.yml @@ -72,15 +72,10 @@ - start - name: environment variables file block: - - name: extract environment - shell: "pass show Travail/Fretlink/Environment" - register: fretlink_environment - changed_when: false - check_mode: no - - name: store environment - copy: + - name: environment file + template: + src: environment.j2 dest: $HOME/workdir/environment - content: "{{ fretlink_environment.stdout }}" rescue: - debug: msg: "Could not read password store, continuing" diff --git a/roles/contexts/fretlink/templates/environment.j2 b/roles/contexts/fretlink/templates/environment.j2 new file mode 100644 index 0000000..bb9328a --- /dev/null +++ b/roles/contexts/fretlink/templates/environment.j2 @@ -0,0 +1,202 @@ +# vim: filetype=sh +# Macaron +# openssl rand -hex 32 +# URI: postgres:///db_name + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" +if ! $(echo "$PATH" | grep -q "$DIR/toolbox/scripts"); then + PATH="$DIR/toolbox/scripts:$PATH" +fi + +build_macaroon() { + if [ "$1" = "--old" ]; then + shift + action="old-realms" + ttl="" + else + action="new" + ttl="--no-ttl" + fi + + if [ -z "$1" -o -z "$2" -o -z "$3" -o -z "$4" ]; then + echo "build_macaroon [--old] secret src-key-id target realm" >&2 + return + fi + + secret="$1" + src="$2" + target="uri://fretlink/$3" + realm="$4" + + cd "$HOME/workdir/haskell-commons" + MACAROON_PRIVATE_KEY="$secret" MACAROON_SECRET="$secret" stack exec macaroon-bakery -- $action --location "$target" --key-id "$src" $ttl "$realm" +} + +APP=$(basename $(pwd)) + +FL_APPS_HOST="localhost" +FL_APPS_SCHEME="http" + +FL_ADMIN_ROOT_PORT=8079 +FL_ADMIN_ROOT_PRIVATE_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/AdminRoot subkey=PrivateKey') }}" +FL_ADMIN_ROOT_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_ADMIN_ROOT_PORT/api/" + +FL_APP_PORT=8080 +FL_APP_MONGO_URI="mongodb://localhost:27017/fretlink" +FL_APP_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/App subkey=Secret') }}" +FL_APP_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_APP_PORT" + +FL_CARRIER_DIRECTORY_PORT=8082 +FL_CARRIER_DIRECTORY_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/CarrierDirectory subkey=Secret') }}" +FL_CARRIER_DIRECTORY_PRIVATE_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/CarrierDirectory subkey=PrivateKey') }}" +FL_CARRIER_DIRECTORY_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_CARRIER_DIRECTORY_PORT/api/" + +FL_NOTIFIER_PORT=8081 +FL_NOTIFIER_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/Notifier subkey=Secret') }}" +FL_NOTIFIER_PRIVATE_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/Notifier subkey=PrivateKey') }}" +FL_NOTIFIER_URL="$FL_APPS_SCHEME://$FL_APPS_HOST:$FL_NOTIFIER_PORT/api" + +FL_PRICER_PORT=8083 +FL_PRICER_PRIVATE_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/Pricer subkey=PrivateKey') }}" + +FL_FREIGHT_PORT=8084 +FL_FREIGHT_SECRET="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/Freight subkey=Secret') }}" + +FL_BOOKKEEPING_SECRET="dummy" + +FL_PSQL_HOST="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local subkey=Host') }}" +FL_PSQL_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local subkey=Port') }}" +FL_PSQL_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local subkey=User') }}" +FL_PSQL_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Local') }}" + +FL_GEODATA_DEV_PSQL_HOST="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=Host') }}" +FL_GEODATA_DEV_PSQL_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=Port') }}" +FL_GEODATA_DEV_PSQL_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=User') }}" +FL_GEODATA_DEV_PSQL_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata') }}" +FL_GEODATA_DEV_PSQL_DB="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Geodata subkey=Database') }}" + +FL_NOTIFIER_DEV_PSQL_HOST="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=Host') }}" +FL_NOTIFIER_DEV_PSQL_PORT="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=Port') }}" +FL_NOTIFIER_DEV_PSQL_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=User') }}" +FL_NOTIFIER_DEV_PSQL_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier') }}" +FL_NOTIFIER_DEV_PSQL_DB="{{ lookup('passwordstore', 'Travail/Fretlink/Psql/Dev/Notifier subkey=Database') }}" + +FL_TOOLBOX_AGENT_MACAROON="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/ToolboxAgent') }}" + +if [ -f "local.env.example" ]; then + source local.env.example +fi + +if [ "$APP" != "app" ]; then + name="${APP//-/_}" + port_var="FL_${name^^}_PORT" + secret_var="FL_${name^^}_SECRET" + private_key_var="FL_${name^^}_PRIVATE_KEY" + + if [ -n "${!secret_var}" ]; then + export MACAROON_SECRET="${!secret_var}" + fi + if [ -n "${!private_key_var}" ]; then + export MACAROON_PRIVATE_KEY="${!private_key_var}" + fi + export PORT="${!port_var}" + export PG_URI="postgres:///$name" + + if [ -z "$FL_ENV" ]; then + export POSTGRESQL_ADDON_HOST="$FL_PSQL_HOST" + export POSTGRESQL_ADDON_PORT="$FL_PSQL_PORT" + export POSTGRESQL_ADDON_USER="$FL_PSQL_USER" + export POSTGRESQL_ADDON_PASSWORD="$FL_PSQL_PASSWORD" + export POSTGRESQL_ADDON_DB="$name" + else + postgresql_host="FL_${name^^}_${FL_ENV^^}_PSQL_HOST" + postgresql_port="FL_${name^^}_${FL_ENV^^}_PSQL_PORT" + postgresql_user="FL_${name^^}_${FL_ENV^^}_PSQL_USER" + postgresql_password="FL_${name^^}_${FL_ENV^^}_PSQL_PASSWORD" + postgresql_db="FL_${name^^}_${FL_ENV^^}_PSQL_DB" + export FRETLINK_ENV="$FL_ENV" + export POSTGRESQL_ADDON_HOST="${!postgresql_host}" + export POSTGRESQL_ADDON_PORT="${!postgresql_port}" + export POSTGRESQL_ADDON_USER="${!postgresql_user}" + export POSTGRESQL_ADDON_PASSWORD="${!postgresql_password}" + export POSTGRESQL_ADDON_DB="${!postgresql_db}" + fi +fi + +if [ "$APP" = "app" ]; then + export FRETLINK_MONGO_URI="$FL_APP_MONGO_URI" + export FRETLINK_PORT="$FL_APP_PORT" + export FRETLINK_BASE_URL="$FL_APP_URL" + + # Dummies mandatory but not defined by default + export FRETLINK_SMTP_PASSWORD="password" + export FRETLINK_AMAZON_PUBLIC_KEY="password" + export FRETLINK_AMAZON_PRIVATE_KEY="password" + export FRETLINK_GMAPS_API_KEY="password" + + # secret + export FRETLINK_MACAROON_SECRET=$FL_APP_SECRET + + # carrier directory + export CARRIER_DIRECTORY_URI="$FL_CARRIER_DIRECTORY_URL" + export FRETLINK_CARDIR_URL="$FL_CARRIER_DIRECTORY_URL" + export FRETLINK_CARDIR_ENABLED="true" + + # notifier + export FRETLINK_NOTIFIER_API=$FL_NOTIFIER_URL + export FRETLINK_NOTIFIER_ACCESS_KEY="$(build_macaroon --old $FL_NOTIFIER_PRIVATE_KEY notifier notifier messaging)" + export FRETLINK_NOTIFIER_TRANSPOREON_ACCESS_KEY="$(build_macaroon --old $FL_NOTIFIER_PRIVATE_KEY notifier notifier external)" + export FRETLINK_NOTIFIER_TRANSPOREON_ENABLED="true" + + # admin-root + export FRETLINK_ADMINROOT_URL=$FL_ADMIN_ROOT_URL + export FRETLINK_ADMINROOT_ACCESS_KEY="$(build_macaroon $FL_ADMIN_ROOT_PRIVATE_KEY admin-root admin-root admin-root::token-delivery)" + + # geodata + export FRETLINK_GEODATA_API="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/GeodataDev subkey=Url') }}" + export FRETLINK_GEODATA_ACCESS_KEY="{{ lookup('passwordstore', 'Travail/Fretlink/Macaroons/GeodataDev') }}" +fi + +if [ "$APP" = "admin-root" ]; then + export BASE_URL=$FL_APPS_HOST + export API_ROOT="http://$BASE_URL:$PORT/api" + export UI_ROOT="http://$BASE_URL:$PORT/admin" + export TOK="$(build_macaroon $FL_ADMIN_ROOT_PRIVATE_KEY admin-root admin-root admin-root::provisioning)" + + export CARDIR_MACAROON_SECRET=$FL_CARRIER_DIRECTORY_SECRET + export NOTIFIER_MACAROON_SECRET=$FL_NOTIFIER_SECRET + export BOOKKEEPING_MACAROON_SECRET=$FL_BOOKKEEPING_SECRET +fi + +if [ "$APP" = "carrier-directory" ]; then + export ADMIN_BASE_URL=$FL_APP_URL +fi + +if [ "$APP" = "notifier" ]; then + export MAILGUN_API_KEY="dummy" + export MAILGUN_DOMAIN="dummy" + export TEMPLATES_ASSETS_BASE_URL="http://dummy/" + export TRANSPOREON_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/ApiTest subkey=Login') }}" + export TRANSPOREON_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/ApiTest') }}" + export TRANSPOREON_CALLBACK_USER="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/NotifierCallbackTest subkey=Login') }}" + export TRANSPOREON_CALLBACK_PASSWORD="{{ lookup('passwordstore', 'Travail/Fretlink/Transporeon/NotifierCallbackTest') }}" + + # Used by curl + # v2 + #export MACAROON="$(build_macaroon $FL_NOTIFIER_SECRET notifier notifier external)" + # v1 + export MACAROON="$(build_macaroon --old $FL_NOTIFIER_PRIVATE_KEY notifier notifier external)" + + # To push transporeon cargos to app + APP_TRANSPOREON_PUSH_MACAROON="$(build_macaroon $FL_APP_SECRET notifier app app::transporeon-cargos-write)" +fi + +if [ "$APP" = "pricer" ]; then + export GOOGLE_AUTH_CLIENT_ID="dummy" +fi + +if [ "$APP" = "toolbox" ]; then + export AGENT_HOST=$FL_APP_URL + export AGENT_PATH="/" + export AGENT_MACAROON=$FL_TOOLBOX_AGENT_MACAROON +fi diff --git a/roles/shell/bash/templates/bashrc.j2 b/roles/shell/bash/templates/bashrc.j2 index 1357475..c7f8522 100644 --- a/roles/shell/bash/templates/bashrc.j2 +++ b/roles/shell/bash/templates/bashrc.j2 @@ -53,6 +53,15 @@ if [ -n "$TMUX" ]; then TMUX_SESSION_NAME=$(tmux display-message -p "#S") export HISTFILE="$XDG_STATE_HOME/bash/tmux_${TMUX_SESSION_NAME}_history" fi + +function load_dev_env() { + if [ -z "$1" ]; then + source ../environment + else + FL_ENV="$1" source ../environment + fi +} + ##### /Fretlink {% endif %}