exekutir.xn

---
# vim-syntax: yaml

- variable:
    name: "ANSIBLE_PRIVATE_KEY_FILE"
    from_env: "ANSIBLE_PRIVATE_KEY_FILE"
    default: ""  # One is generated (below) if none set

# Initial workspace configuration
- command:
    contexts:
        - setup
    filepath: "/bin/bash"
    # N/B: Don't use single or double-quotes w/in comments of quoted
    # shell commands (below).  It will cause a very bad day when things
    # break in very strange / unexpected ways.  You've been warned!
    arguments: |
        -c 'set -e;
            [ -d "$WORKSPACE" ] || exit 1;
            cd "$WORKSPACE";
            # Dont modify source files, transfer to workspace
            echo "Copying ${ADEPT_PATH}/exekutir/ -> $WORKSPACE";
            cp --target-directory="." \
               --recursive \
               --no-clobber \
               "${ADEPT_PATH}/exekutir/"*;
            echo "-----";
            EXEKUTIR_VARS="${WORKSPACE}/exekutir_vars.yml"
            if [ ! -r "$EXEKUTIR_VARS" ];
            then
                echo "Creating a default exekutir_vars.yml file in workspace";
                cat << EOF > "$EXEKUTIR_VARS";
        ---
        # Default exekutir_vars.yml created by exekutir.xn
        kommandir_groups:
            - nocloud
        uuid: "x$RANDOM"
        git_cache_args:
        EOF
            fi;
            echo "Contents of $EXEKUTIR_VARS";
            cat "$EXEKUTIR_VARS";
            # Ansible requires ssh keys be setup ahead of time.  Create them if they
            # dont already exist, otherwise copy them to a standard place
            # from the $ANSIBLE_PRIVATE_KEY_FILE variable if it was exported.
            echo "-----";
            echo "Creating $WORKSPACE/ssh";
            mkdir -p "ssh";
            rm -rf ".ssh";
            ln -sf "ssh" ".ssh";
            echo "-----";
            EXEKUTIR_KEY="ssh/exekutir_key"
            if [ -r "${ANSIBLE_PRIVATE_KEY_FILE}" ];
            then
                echo "Copying ssh keys from $(dirname $ANSIBLE_PRIVATE_KEY_FILE)";
                cp -a "${ANSIBLE_PRIVATE_KEY_FILE}" "$EXEKUTIR_KEY";
                cp -a "${ANSIBLE_PRIVATE_KEY_FILE}.pub" "${EXEKUTIR_KEY}.pub";
            # A key already exists, use it, do not overwrite.
            elif [ ! -e "$EXEKUTIR_KEY" ];
            then
                echo "WARNING: Generating new ssh keys for kommandir in $WORKSPACE/ssh";
                echo "Do not loose them if you need to access a remote kommandir.";
                echo "If this is not what you want, set the ANSIBLE_PRIVATE_KEY_FILE";
                echo "env. var";
                echo;
                ssh-keygen -q -f "$EXEKUTIR_KEY" -N "";
            fi;
            echo "-----";
            echo "Fixing $WORKSPACE/ssh permissions";
            chmod 600 "$WORKSPACE/ssh/"*;
            chmod 700 "$WORKSPACE/ssh";
            '

# Set global variables from file contents or default values.
# These are available to both commands (as env. vars) and in
# ansible playbooks (as --extra-vars). N/B: In ansible these
# will silently override same-name variables at all scopes!
# (i.e. set_facts on these names will silently not work)
- variable:
    name: "ANSIBLE_PRIVATE_KEY_FILE"
    value: "$WORKSPACE/ssh/exekutir_key"
# Older ansible only picks this up if its defined in an env. var.
# Newer ansible will pick it up if its in the playbook directory.
- variable:
    name: "ANSIBLE_CONFIG"
    value: "$WORKSPACE/ansible.cfg"

# Pass along terminal type
- variable:
    name: "TERM"
    from_env: "TERM"
    default: "dumb"

# Display what we got (excluding sensitive values, below)
- command:
    filepath: "/bin/bash"
    arguments: -c 'env | egrep -iv "(OS_.*)|(.*PASSWORD.*)|(.*USERNAME.*)";'

# Support pass-through of openstack env. vars if they're set.
# These will be preferred over clouds.yml, so only use one method.
# TODO: kommandir/inventory/group_vars/openstack cloud_environment needs tweaking
- variable: {"name":"OS_TENANT_ID","from_env":"OS_TENANT_ID","default":""}
- variable: {"name":"OS_TENANT_NAME","from_env":"OS_TENANT_NAME","default":""}
- variable: {"name":"OS_PROJECT_NAME","from_env":"OS_PROJECT_NAME","default":""}
- variable: {"name":"OS_USERNAME","from_env":"OS_USERNAME","default":""}
- variable: {"name":"OS_REGION_NAME","from_env":"OS_REGION_NAME","default":""}
- variable: {"name":"OS_CLOUD_NAME","from_env":"OS_CLOUD_NAME","default":""}
- variable: {"name":"OS_CLOUD","from_env":"OS_CLOUD","default":""}
- variable: {"name":"OS_AUTH_URL","from_env":"OS_AUTH_URL","default":""}
- variable: {"name":"OS_PASSWORD","from_env":"OS_PASSWORD","default":""}

# Support pass-through of Ansible related env. vars
- variable:
    name: "ANSIBLE_VAULT_PASSWORD_FILE"
    from_env: "ANSIBLE_VAULT_PASSWORD_FILE"
    default: ""

# For all contexts, exit non-zero immediatly on failure.
# Transition summary:
#   setup & run:
#      - Setup exekutir's workspace, find or create kommandir.
#      - Setup & sync. exekutir workspace to kommandir workspace.
- playbook:
    contexts:
        - setup
        - run
    filepath: "${WORKSPACE}/${ADEPT_CONTEXT}_before_job.yml"
    inventory: "${WORKSPACE}/inventory"

# Pre-job.xn cleanup must be allowed to fail so post-job.xn cleanup may run
# Transition summary:  Same as above, but ignores non-zero exit.
- playbook:
    contexts:
        - cleanup
    filepath: "${WORKSPACE}/cleanup_before_job.yml"
    inventory: "${WORKSPACE}/inventory"
    # Special case, do not exit on non-zero, dump to a file for inspection
    exitfile: "${WORKSPACE}/exekutir_cleanup_before_job.exit"

- variable:
    contexts:
        - cleanup
    name: "CLEANUP_BEFORE_JOB_EXIT"
    from_file: "$WORKSPACE/exekutir_cleanup_before_job.exit"
    default: "0"

# Nested call to adept.py on kommandir, exit code is ignored
# but it is written to a file.
# Transition summary:
#   setup:
#      - Create all peons and volumes
#      - Configure all peons
#   run:
#      - Execute tests on successfully created peons
#   cleanup:
#       - Unconditionaly remove all peons and volumes
- command:
    filepath: "/bin/bash"
    # exekutir/roles/common/tasks/main.yml depends on this filename
    exitfile: "$WORKSPACE/kommandir_${ADEPT_CONTEXT}.exit"
    arguments: >
        -c '[ -d "$WORKSPACE" ] || exit 1
            cd "$WORKSPACE";
            # Do not run job.xn cleanup if kommandir discover/create failed
            if [ -n "$CLEANUP_BEFORE_JOB_EXIT" ] && [ "$CLEANUP_BEFORE_JOB_EXIT" != "0" ];
            then
                echo "WARNING: Discover/create kommandir for cleanup failed.";
                echo "Non-zero exit code $CLEANUP_BEFORE_JOB_EXIT";
                echo "NOT running kommandir job.xn";
                exit 0;  # non-zero exit will be returned later
            fi;
            echo "-----";
            KOMMANDIR_HOST=$(grep -s -x -m 1 -e "^ansible_host: .*$" inventory/host_vars/kommandir.yml | cut -d: -f2 | tr --delete --complement "[:digit:].");
            echo "ansible_host: $KOMMANDIR_HOST"
            ADEPT_CMD="./adept.py $ADEPT_CONTEXT . job.xn $ADEPT_OPTIONAL"
            if [ -z "$KOMMANDIR_HOST" ] || [ "$KOMMANDIR_HOST" == "localhost" ] || [ "$KOMMANDIR_HOST" == "127.0.0.1" ];
            then
                echo "Local Kommandir calling adept.py for job.xn";
                # Absolute path is needed here
                cd "$WORKSPACE/kommandir_workspace"
                export WORKSPACE="$PWD";
                export ANSIBLE_CONFIG="$WORSPACE/ansible.cfg";
                ./venv-cmd.sh $ADEPT_CMD;
                RET=$?;
            else
                UUID=$(grep -s -x -m 1 -e "^uuid: .*$" exekutir_vars.yml | cut -d: -f2 | tr -d [:blank:]);
                echo "Remote Kommandir ($KOMMANDIR_HOST) calling adept.py for job.xn as user $UUID";
                /usr/bin/ssh \
                    -o "KbdInteractiveAuthentication=no" \
                    -o "PreferredAuthentications=publickey" \
                    -o "PasswordAuthentication=no" \
                    -o "StrictHostKeyChecking=no" \
                    -o "UserKnownHostsFile=/dev/null" \
                    -o "SendEnv=OS_AUTH_URL OS_TENANT_ID OS_TENANT_NAME OS_PROJECT_NAME OS_USERNAME OS_PASSWORD OS_REGION_NAME OS_CLOUD_NAME OS_CLOUD TERM" \
                    -o "User=$UUID" \
                    -i "$WORKSPACE/ssh/exekutir_key" \
                    "$KOMMANDIR_HOST" \
                    "./venv-cmd.sh $ADEPT_CMD";
                RET=$?
            fi;

            echo "-----";
            echo "Returning from nested adept.py job.xn, exit code $RET returned at end of context transition.";
            exit $RET;'

# For all contexts, ignore exit code, always attempt to sync. to exekutir
# Context Transition summary:
#   setup:
#       - sync. kommandir workspace to exekutir
#   run:
#       - sync. kommandir workspace to exekutir
#   cleanup:
#       - sync. kommandir workspace to exekutir
#       - if no other jobs are running &&
#             kommandir != exekutir &&
#             kommandir uptime > 1 day:  destroy kommandir
#       - cleanup unnecessary files from workspace
- playbook:
    filepath: "${WORKSPACE}/${ADEPT_CONTEXT}_after_job.yml"
    inventory: "${WORKSPACE}/inventory"
    exitfile: "${WORKSPACE}/exekutir_${ADEPT_CONTEXT}_after_job.exit"

# Pass up any non-zero exit from exekutir (sync or locking problem)
# N/B: Zero exit continues to process tasks, non-zero exit stops immediatly with that code
- command:
    filepath: /bin/bash
    arguments: -c 'exit $(cat "$WORKSPACE/exekutir_${ADEPT_CONTEXT}_after_job.exit")'

# Pass up any non-zero exit from kommandir's job.xn
- command:
    filepath: /bin/bash
    arguments: -c 'exit $(cat "$WORKSPACE/kommandir_${ADEPT_CONTEXT}.exit")'

# Pass up any non-zero kommandir-creation problems
- command:
    contexts:
        - cleanup
    filepath: /bin/bash
    arguments: -c 'exit $CLEANUP_BEFORE_JOB_EXIT'