Fix symlink/env issues, enable ssh-agent & destroy

I was on the wrong path when I was working on this last night. I found a better way of ensuring that the symlink target is correctly assigned: using the os.path.join function instead of the abspath/relpath functions. This fixes the symlink logic for terraform_files. After that, I was researching the docker run `--env` flag, I discovered this line in the official docker docs: > [I]f no `=` is provided, then that variable's current value is passed > through I just have to pass in the names of the secret vars, and docker should pull them in. Until I found this particular solution, I spent many commits trying to debug this problem. Because ssh-agent and other ssh-related code has to be run often in the docker containers, I moved the needed invocations to a separate script, docker_ssh.sh. This will make docker run invocations shorter. Because I prepended this to the build-cluster command, I removed ssh keygen logic from build-cluster. We need ssh keys to be symlinked for launch and testing, but we don't want to run the whole setup script each time. Assuming that the keys have already been generated from a run of docker_setup.py, all that function does is symlink them. The destroy steps need to be executed in the docker container as well, even though I have not been able to get to this point in my testing.
mantl · Mar 21, 2016 · ac0a3d7 · ac0a3d7
1 parent e5f9bb0
commit ac0a3d7
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 15 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,29 +1,29 @@
 language: python
 env:
   global:
-    - DOCKER_ARGS='-i -a stdout -a stderr -e TF_VAR_build_number=${TRAVIS_JOB_NUMBER/./-}'
+    - TF_VAR_build_number=${TRAVIS_JOB_NUMBER/./-}
+    - DOCKER_ARGS='-i -a stdout -a stderr -e TF_VAR_build_number'
     - DOCKER_IMAGE=sehqlr/mantl:testing
   matrix:
-    - TERRAFORM_FILE=testing/aws MANTL_PROVIDER=aws DOCKER_SECRETS='-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID'
-    - TERRAFORM_FILE=testing/do MANTL_PROVIDER=do DOCKER_SECRETS='-e DIGITALOCEAN_TOKEN=$DIGITALOCEAN_TOKEN'
-    - TERRAFORM_FILE=testing/gce MANTL_PROVIDER=gce DOCKER_SECRETS='-e GOOGLE_CREDENTIALS=$GOOGLE_CREDENTIALS'
+    - TERRAFORM_FILE=testing/aws DOCKER_SECRETS='-e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID'
+    - TERRAFORM_FILE=testing/do DOCKER_SECRETS='-e DIGITALOCEAN_TOKEN'
+    - TERRAFORM_FILE=testing/gce DOCKER_SECRETS='-e GOOGLE_CREDENTIALS'
 
 install: "pip install -r requirements.txt"
 
 before_script: 
   - mv $TERRAFORM_FILE $TERRAFORM_FILE.tf
-  - docker pull sehqlr/mantl:testing
-  - docker run $DOCKER_ARGS -v $(pwd)/testing:/local -v $(pwd):/mantl $DOCKER_IMAGE "ls /local"
+  - docker pull $DOCKER_IMAGE
   - docker run $DOCKER_ARGS -v $(pwd)/testing:/local -v $(pwd):/mantl $DOCKER_IMAGE "python2 docker_setup.py"
 
 script: 
   - python2 testing/test-health-checks.py
-  - docker run $DOCKER_ARGS -v $(pwd)/testing:/local -v $(pwd):/mantl $DOCKER_SECRETS $DOCKER_IMAGE "python2 testing/build-cluster.py"
+    # ssh-agent is getting evaluated in travis, not in the container
+  - docker run $DOCKER_ARGS -v $(pwd)/testing:/local -v $(pwd):/mantl $DOCKER_SECRETS $DOCKER_IMAGE "./docker_ssh.sh; python2 testing/build-cluster.py"
 
 after_script:
   # Just once doesn't always work
-  - terraform destroy --force || true
-  - terraform destroy --force
+  - docker run $DOCKER_ARGS -v $(pwd)/testing:/local -v $(pwd):/mantl $DOCKER_SECRETS $DOCKER_IMAGE "./docker_ssh.sh; terraform destroy --force || true; terraform destroy --force"
 
 after_success: echo "slack notification here"
 

diff --git a/docker_launch.sh b/docker_launch.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 
+python2 -c "import docker_setup; docker_setup.link_or_generate_ssh_keys()"
 eval $(ssh-agent) && ssh-add
 terraform get
 terraform apply -state=$TERRAFORM_STATE

diff --git a/docker_setup.py b/docker_setup.py
@@ -10,7 +10,7 @@
 from sys import exit
 from subprocess import call
 
-def link_or_generate_ssh_key():
+def link_or_generate_ssh_keys():
     if 'SSH_KEY' not in os.environ:
         os.environ['SSH_KEY'] = 'id_rsa'
 
@@ -21,14 +21,19 @@ def link_or_generate_ssh_key():
     print("Symlinking {} to /root/.ssh/id_rsa".format(ssh_key))
     symlink(ssh_key, '/root/.ssh/id_rsa')
 
+    ssh_key += '.pub'
+    print("Symlinking {} to /root/.ssh/id_rsa.pub".format(ssh_key))
+    symlink(ssh_key, '/root/.ssh/id_rsa.pub')
+
 
 def link_terraform_files():
-    tfs = [os.path.abspath(f) for f in os.listdir(os.environ['MANTL_CONFIG_DIR'])
-            if f.endswith('.tf')]
+    cfg_d = os.environ['MANTL_CONFIG_DIR']
+    tfs = [join(cfg_d, f) for f in os.listdir(cfg_d) if f.endswith('.tf')]
     if len(tfs):
         for tf in tfs:
-            print("Symlinking {} to {}".format(tf, os.path.basename(tf)))
-            symlink(tf, os.path.basename(tf))
+            base = os.path.basename(tf)
+            print("Symlinking {} to {}".format(tf, base))
+            symlink(tf, base)
     else:
         if 'MANTL_PROVIDER' not in os.environ:
             print("mantl.readthedocs.org for provider")
@@ -64,7 +69,7 @@ def link_or_generate_security_file():
         print('mantl.readthedocs.org for mantl config dir')
         exit(1)
 
-    link_or_generate_ssh_key()
+    link_or_generate_ssh_keys()
     link_ansible_playbook()
     link_terraform_files()
     link_or_generate_security_file()

diff --git a/docker_ssh.sh b/docker_ssh.sh
@@ -0,0 +1,5 @@
+set -e
+
+python2 -c "import docker_setup; docker_setup.link_or_generate_ssh_keys()"
+eval $(ssh-agent)
+ssh-add