Our CI infrastructure and developers have different requirements, but really the overlap is almost complete and it's a shame that we require developers to perform manual steps before we can use our tools. Flavors are a very simple and effective way to deal with the issue: we'll be able to configure guests differently based on whether they will be used for CI or development. The default flavor is developer, which doesn't require the vault password and as such can be used by anyone out of the box: the Jenkins setup is skipped in this case. Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- guests/lcitool | 35 ++++++++++++++++++++++++++++++++--- guests/site.yml | 1 + 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 883e0eb..bf270f1 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -59,13 +59,39 @@ load_install_config() { load_config() { CONFIG_DIR="$HOME/.config/$PROGRAM_NAME" + mkdir -p "$CONFIG_DIR" >/dev/null 2>&1 || { + die "$PROGRAM_NAME: $CONFIG_DIR: Unable to create config directory" + } + + FLAVOR_FILE="$CONFIG_DIR/flavor" VAULT_PASS_FILE="$CONFIG_DIR/vault-password" ROOT_PASS_FILE="$CONFIG_DIR/root-password" - # Make sure required passwords exist and are not invalid (empty) - test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { - die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + # Two flavors are supported: developer (default) and ci. Read the + # flavor from configuration, validate it and write it back in case + # it was not present + FLAVOR="$(cat "$FLAVOR_FILE" 2>/dev/null)" + FLAVOR=${FLAVOR:-developer} + test "$FLAVOR" = developer || test "$FLAVOR" = ci || { + die "$PROGRAM_NAME: Invalid flavor '$FLAVOR'" } + echo "$FLAVOR" >"$FLAVOR_FILE" || { + die "$PROGRAM_NAME: $FLAVOR_FILE: Unable to save flavor" + } + + test "$FLAVOR" = ci && { + # The vault password is only needed for the ci flavor, so only + # validate it in that case + test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { + die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + } + } || { + # For other flavors, undefine the variable so that Ansible + # will not try to read the file at all + VAULT_PASS_FILE= + } + + # Make sure the root password has been configured properly test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" } @@ -164,8 +190,11 @@ do_prepare() { load_config + EXTRA_VARS="flavor=$FLAVOR" + ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ + --extra-vars "$EXTRA_VARS" \ -l "$GUEST" \ site.yml } diff --git a/guests/site.yml b/guests/site.yml index 9c75dcb..35e3220 100644 --- a/guests/site.yml +++ b/guests/site.yml @@ -30,6 +30,7 @@ # Configure the Jenkins agent - include: tasks/jenkins.yml when: + - flavor == 'ci' - projects is defined # jenkins is a pseudo-project - ( 'jenkins' in projects ) -- 2.13.6 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list