forked from brianshumate/vaultron
-
Notifications
You must be signed in to change notification settings - Fork 0
/
form
executable file
·383 lines (332 loc) · 11.3 KB
/
form
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
#!/usr/bin/env bash
# =======================================================================
# This script is used to form Vaultron with Terraform
#
# Some of these would work only for pure POSIX
# shellcheck disable=SC1091,SC2059,SC2154
# =======================================================================
. ./skydome
begin="$(date +%s)"
if [ ! -d "$VAULTRON_TMP" ]
then
if ! mkdir -p "$VAULTRON_TMP" 2>/dev/null
then
msg alert "Vaultron cannot form- cannot create temporary directory: $VAULTRON_TMP!"
exit 1
fi
fi
form_message_consul() {
cat << 'EOF'
The Vault UI is available at https://localhost:8200
The Consul UI is available at https://localhost:8500
You can also interact with vault and consul CLI commands after
exporting the following environment variables in your shell:
export CONSUL_HTTP_ADDR="127.0.0.1:8500"
export CONSUL_HTTP_SSL=true
export VAULT_ADDR="https://127.0.0.1:8200"
export CONSUL_HTTP_TOKEN="b4c0ffee-3b77-04af-36d6-738b697872e6"
or use this command to do it for you:
. ./ion_darts
EOF
}
form_message_raft() {
cat << 'EOF'
The Vault UI is available at https://localhost:8200
You can also interact with vault CLI command after
exporting the following environment variable in your shell:
export VAULT_ADDR="https://127.0.0.1:8200"
or use this command to do it for you:
. ./ion_darts
EOF
}
check_instance_count() {
# The rules:
#
# | Flavor | Valid Vault count | Valid Consul count |
# |--------|-------------------|--------------------|
# | Consul | 3 | 3 |
# |--------|-------------------|--------------------|
# | Raft | 5 | 0 |
# |--------|-------------------|--------------------|
#
case "$TF_VAR_vault_flavor" in
consul)
export TF_VAR_consul_oss_instance_count=3
if [ -n "$TF_VAR_vault_custom_instance_count" ]
then
if [ "$TF_VAR_vault_custom_instance_count" != "0" ]
then
export TF_VAR_vault_custom_instance_count=3 \
TF_VAR_vault_oss_instance_count=0 \
TF_VAR_vault_is_custom=1
else
export TF_VAR_vault_custom_instance_count=0 \
TF_VAR_vault_oss_instance_count=3 \
TF_VAR_vault_is_custom=0
fi
fi
;;
raft)
export TF_VAR_consul_oss_instance_count=0
if [ -n "$TF_VAR_vault_custom_instance_count" ]
then
if [ "$TF_VAR_vault_custom_instance_count" = "0" ]
then
export TF_VAR_vault_custom_instance_count=0 \
TF_VAR_vault_oss_instance_count=5 \
TF_VAR_vault_is_custom=1
else
export TF_VAR_vault_custom_instance_count=5 \
TF_VAR_vault_oss_instance_count=0 \
TF_VAR_vault_is_custom=0
fi
fi
;;
*)
msg alert "Bad flavor: $1"
exit 1
esac
}
# Check for vault file in project directory
check_existing_vault() {
if [ -f "$PWD"/vault ]
then
msg alert "Vaultron cannot form- there is a 'vault' file in the present working directory, but this is not allowed!"
msg info "Please remove the existing 'vault' before forming Vaultron."
exit 1
fi
}
# Check for existing Vaultron private network and create if missing
check_and_create_vaultron_private_network() {
if ! docker network ls | grep vaultron-network >> "$VAULTRON_LIFECYCLE_LOG" 2>&1
then
msg notice "vaultron-network not present- creating ..."
if ! docker network create --attachable --subnet "10.10.42.0/24" vaultron-network >> "$VAULTRON_LIFECYCLE_LOG" 2>&1
then
msg alert "Cannot create vaultron-network- Vaultron cannot form without private network!"
exit 1
fi
msg success "Created attachable vaultron-network with subnet 10.10.42.0/24"
fi
}
# Check for existing Vaultron containers
check_existing_vaultron_containers() {
if docker ps -a | grep 'vaultron-{vault,consul}' >> "$VAULTRON_LIFECYCLE_LOG" 2>&1
then
msg alert "Vaultron cannot form- there are Vaultron specific Vault or Consul containers currently running or stopped"
msg info "Please unform existing Vaultron or use docker stop and docker rm to manually"
msg info "clean up the containers shown here:"
echo
docker ps -a -f name=vaultron --format "table {{.Names}}\t{{.Status}}"
exit 1
fi
}
check_consul_version() {
if [ -n "$TF_VAR_consul_version" ]
then
USER_CONSUL_CONFIG="../../red_lion/templates/oss/consul_oss_server_config_${TF_VAR_consul_version}.hcl"
if [ ! -f "$USER_CONSUL_CONFIG" ]
then
msg alert "Vaultron cannot form- sorry, Vaultron does not support Consul version ${TF_VAR_consul_version}!"
unset TF_VAR_consul_version
kill -INT $$
fi
fi
}
check_telemetry() {
if [ -z "$TF_VAR_vaultron_telemetry_count" ]
then
TF_VAR_vaultron_telemetry_count=0
fi
if [ "$TF_VAR_vaultron_telemetry_count" -gt 1 ]
then
msg alert "Vaultron cannot form- TF_VAR_vaultron_telemetry_count value cannot be greater than one!"
exit 1
fi
}
check_vault_version() {
if [ -n "$TF_VAR_vault_version" ]
then
USER_VAULT_CONFIG="../../black_lion/templates/oss/vault_config_${TF_VAR_vault_version}.hcl"
if [ ! -f "$USER_VAULT_CONFIG" ]
then
msg alert "Vaultron cannot form- sorry, Vaultron does not support Vault version ${TF_VAR_vault_version}!"
unset TF_VAR_vault_version
kill -INT $$
fi
fi
}
check_custom_binary() {
if [ -n "$TF_VAR_vault_custom_instance_count" ]
then
if [ "$TF_VAR_vault_custom_instance_count" -gt 0 ]
then
if [ ! -f ./custom/"$1" ]
then
msg alert "Vaultron cannot form- custom binary specified, but ./custom/$1 was not found!"
exit 1
fi
if [ -z "$TF_VAR_vault_license" ]
then
msg notice "Custom binary specified but no Vault license set"
msg info "Set license string as value of TF_VAR_vault_license environment variable if you are using an Enterprise binary."
fi
fi
fi
}
check_required_binaries() {
if [ -z "$(command -v vault)" ]
then
msg alert "Vaultron cannot form- could not locate vault command in PATH!"
msg info "Get Vault from: https://www.vaultproject.io/downloads.html"
exit 1
fi
if [ "$TF_VAR_vault_flavor" != "raft" ]
then
if [ -z "$(command -v consul)" ]
then
msg alert "Vaultron cannot form- could not locate consul command in PATH!"
msg info "Get Consul from: https://www.consul.io/downloads.html"
exit 1
fi
fi
if [ -z "$(command -v terraform)" ]
then
msg alert "Vaultron cannot form- could not locate terraform command in PATH!"
msg info "Get Terraform from: https://www.terraform.io/downloads.html"
exit 1
fi
}
check_raft_version() {
# Need > 1.4.0 for Raft storage ... presume latest version if empty value
if [ -n "$TF_VAR_vault_version" ]
then
MINIMUM_RAFT_VERSION="1.4.0"
LOWEST_VAULT_VERSION=$(printf "$TF_VAR_vault_version\n$MINIMUM_RAFT_VERSION" \
| sort -t "." -n -k1,1 -k2,2 -k3,3 -k4,4 \
| head -n 1)
if [ "$LOWEST_VAULT_VERSION" != "$MINIMUM_RAFT_VERSION" ]
then
msg alert "Vault version $TF_VAR_vault_version does not support the Integrated Storage backend. (need version $MINIMUM_RAFT_VERSION+)"
msg info "Please export 'TF_VAR_vault_version' with a value of 1.4.0 or higher."
exit 1
fi
if [ "$TF_VAR_vault_flavor" = "raft" ]
then
if [ "$TF_VAR_vault_custom_instance_count" = 0 ]
then
if [ "$TF_VAR_vault_oss_instance_count" != 5 ]
then
export TF_VAR_vault_oss_instance_count=5
fi
fi
if [ "$TF_VAR_vault_oss_instance_count" = 0 ]
then
if [ "$TF_VAR_vault_custom_instance_count" != 5 ]
then
export TF_VAR_vault_custom_instance_count=5
fi
fi
fi
fi
}
# -----------------------------------------------------------------------
# Preflight checks
# -----------------------------------------------------------------------
check_flavor
check_instance_count "$TF_VAR_vault_flavor"
# msg debug "Instance count retrieved is: OSS: $TF_VAR_vault_oss_instance_count / Custom: $TF_VAR_vault_custom_instance_count"
check_raft_version
check_telemetry
if [ "$(check_katacoda)" = "0" ]
then
check_docker
fi
check_and_create_vaultron_private_network
check_custom_binary vault
check_required_binaries
check_existing_vaultron_containers
check_existing_vault
# -----------------------------------------------------------------------
# DO IT.
# -----------------------------------------------------------------------
# SAVOR THE FLAVOR!
cd "flavors/$TF_VAR_vault_flavor" || msg alert "This should not be!"
# TerraFORM Vaultron!
msg greeting "Form Vaultron!"
tflogdir
if ! init
then
msg alert "Vaultron cannot form- here is the terraform init output from $init_out:"
cat "$init_out"
exit 1
fi
if [ "$TF_VAR_vault_flavor" = "consul" ]
then
CURRENT_CONSUL_VERSION="$(echo "var.consul_version" | terraform console | sed 's/"//g')"
export TF_VAR_consul_version=${TF_VAR_consul_version:-$CURRENT_CONSUL_VERSION}
fi
CURRENT_VAULT_VERSION="$(echo "var.vault_version" | terraform console | sed 's/"//g')"
export TF_VAR_vault_version=${TF_VAR_vault_version:-$CURRENT_VAULT_VERSION}
check_vault_version
if [ -n "$TF_VAR_vault_custom_instance_count" ]
then
if [ "$TF_VAR_vault_flavor" = "consul" ]
then
check_consul_version
fi
fi
if [ -n "$TF_VAR_vault_custom_instance_count" ] && [ "$TF_VAR_vault_custom_instance_count" -gt 0 ]
then
# we won't be needing this...
unset TF_VAR_vault_version
msg notice "Vault version: custom binary"
else
msg info "Vault OSS version: ${TF_VAR_vault_version}"
fi
if [ "$TF_VAR_vault_flavor" = "raft" ]
then
msg info "Vault flavor: Integrated storage backed"
else
msg info "Vault flavor: Consul storage backed"
fi
if [ "$TF_VAR_vault_flavor" = "consul" ]
then
if [ -n "$TF_VAR_consul_custom" ]
then
if [ "$TF_VAR_consul_custom" -gt 0 ]
then
msg info "Consul version: custom binary"
else
msg info "Consul OSS version: ${TF_VAR_consul_version}"
fi
else
msg info "Consul OSS version: ${TF_VAR_consul_version}"
fi
fi
plan_file=./tfstate/vaultron-$(date -u "+%Y-%m-%dT%H:%M:%SZ").plan
if ! plan "${plan_file}"
then
msg alert "Vaultron cannot form- here is the terraform plan output from $plan_out:"
cat "$plan_out"
exit 1
fi
if ! apply "${plan_file}"
then
msg alert "Vaultron cannot form- here is the terraform apply output from $apply_out:"
cat "$apply_out"
exit 1
fi
rm -f "${plan_file}"
end="$(date +%s)"
runtime=$((end-begin))
msg success "Vaultron formed in ${runtime}s."
tput setaf 7
if [ "$TF_VAR_vault_flavor" = "raft" ]
then
form_message_raft
else
form_message_consul
fi
tput sgr0
cd ../..