diff --git a/run_admin_container.sh b/run_admin_container.sh index 5a4c131..cf6d0c8 100644 --- a/run_admin_container.sh +++ b/run_admin_container.sh @@ -1,23 +1,39 @@ #!/bin/bash -set -e # Exit immediately if a command exits with a non-zero status. -set -o pipefail # Causes a pipeline to return the exit status of the last command in the pipe that failed. -# set -x # Uncomment for verbose debugging +set -e +set -o pipefail +# set -x -# vars via Semaphore UI +# vars via Semaphore UI / Variable Group MAIN_BR="${MAIN_BR:-main}" ENV="${ENV:-staging}" ENV_BR="${ENV_BR:-test_feature}" PLAYBOOK_FILE="${PLAYBOOK_FILE:-base.yaml}" +# The 'ssh_vm' environment variable is expected from the Variable Group -REPO_CORE="https://git.felcloud.io/felcloud/ansible_core_init_ansible.git" -REPO_ENV="https://git.felcloud.io/felcloud/ansible_env_staging.git" +# --- USE SSH URLs --- +REPO_CORE="git@git.felcloud.io:felcloud/ansible_core_init_ansible.git" +REPO_ENV="git@git.felcloud.io:felcloud/ansible_env_staging.git" echo "[INFO] Setting up SSH environment..." mkdir -p ~/.ssh chmod 700 ~/.ssh -# Add git.felcloud.io to known_hosts (good practice, but we'll override for clone if needed) +# --- INJECT SSH PRIVATE KEY FROM $ssh_vm --- +if [ -n "$ssh_vm" ]; then + echo "[INFO] Injecting SSH private key from \$ssh_vm into ~/.ssh/id_felcloud_key" + printf "%s\n" "$ssh_vm" > ~/.ssh/id_felcloud_key # Using a descriptive name + chmod 600 ~/.ssh/id_felcloud_key + echo "[DEBUG] SSH private key id_felcloud_key injected. Listing ~/.ssh:" + ls -la ~/.ssh +else + echo "[ERROR] \$ssh_vm environment variable is not set or is empty! This variable should contain the SSH private key." + echo "[ERROR] Please ensure the Variable Group 'ssh_vm' (or whichever is used by this task) has an environment variable named 'ssh_vm' with the private key content." + exit 1 +fi +# --- END INJECT SSH PRIVATE KEY --- + +# Add git.felcloud.io to known_hosts echo "[INFO] Adding git.felcloud.io to known_hosts..." ssh-keyscan git.felcloud.io >> ~/.ssh/known_hosts || echo "[WARN] ssh-keyscan failed but continuing." chmod 644 ~/.ssh/known_hosts @@ -25,38 +41,33 @@ chmod 644 ~/.ssh/known_hosts echo "[DEBUG] Content of ~/.ssh/known_hosts after keyscan:" cat ~/.ssh/known_hosts || echo "[WARN] Could not cat known_hosts" -# Debug SSH keys available from Semaphore Secrets -echo "[DEBUG] Available SSH keys in ~/.ssh:" -ls -la ~/.ssh +# Define the SSH command for Git to use, explicitly pointing to our injected key +export GIT_SSH_COMMAND="ssh -vvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/.ssh/id_felcloud_key" +echo "[DEBUG] GIT_SSH_COMMAND is set to: $GIT_SSH_COMMAND" -# Define the SSH command for Git to use -# This will bypass strict host key checking and not use the system known_hosts file for these specific git commands. -# It will still use any identity files (private keys) found in ~/.ssh/ -export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" +# Enable verbose Git tracing +export GIT_TRACE=1 +export GIT_TRACE_PACKET=1 +export GIT_TRACE_SETUP=1 -# 1/Cloner les dépôts nécessaires: echo "[INFO] Cloning repositories using GIT_SSH_COMMAND..." echo "[INFO] Cloning $REPO_CORE on branch $ENV_BR..." -git clone --branch "$ENV_BR" "$REPO_CORE" ansible_core_init_ansible +git clone --branch "$ENV_BR" "$REPO_CORE" ansible_core_init_ansible || { echo "[FATAL] Failed to clone $REPO_CORE. See verbose SSH/Git output above."; exit 1; } +echo "[INFO] Successfully cloned $REPO_CORE." echo "[INFO] Cloning $REPO_ENV..." -# If ansible_env_staging also needs a specific branch: -# git clone --branch "" "$REPO_ENV" ansible_env_staging -git clone "$REPO_ENV" ansible_env_staging +git clone "$REPO_ENV" ansible_env_staging || { echo "[FATAL] Failed to clone $REPO_ENV. See verbose SSH/Git output above."; exit 1; } +echo "[INFO] Successfully cloned $REPO_ENV." -# Unset GIT_SSH_COMMAND if you want subsequent ssh operations to use default behavior -# unset GIT_SSH_COMMAND +# Unset GIT_SSH_COMMAND and trace variables if not needed later +# unset GIT_SSH_COMMAND GIT_TRACE GIT_TRACE_PACKET GIT_TRACE_SETUP cd ansible_core_init_ansible -# git checkout "$ENV_BR" # Already done by --branch in clone -# 2/Build local de l’image Docker admin: echo "[INFO] Building Docker image locally..." -# Build context is the current directory: ./ansible_core_init_ansible docker build --no-cache --build-arg branch=fix_packages_dependencies -t ansible-pulumi:local . -cd .. # Go back to the parent directory (where ansible_env_staging also is) +cd .. -# 3/Lancer le conteneur admin avec le playbook choisi: echo "[INFO] Running the admin container with playbook: $PLAYBOOK_FILE" docker run --rm -it \ -v "$(pwd)/ansible_env_staging:/home/cloud/ansible_env_staging" \ @@ -66,13 +77,8 @@ docker run --rm -it \ ansible-pulumi:local bash -c " set -e; \ echo '[CONTAINER] Current directory: \$(pwd)'; \ - echo '[CONTAINER] Listing /home/cloud:'; ls -la /home/cloud; \ - echo '[CONTAINER] Listing /home/cloud/ansible_env_staging:'; ls -la /home/cloud/ansible_env_staging; \ - echo '[CONTAINER] Activating venv...'; \ - source /home/cloud/venv/bin/activate; \ - echo '[CONTAINER] Changing to playbook directory /home/cloud/ansible-pulumi...'; \ - cd /home/cloud/ansible-pulumi; \ - echo '[CONTAINER] Running ansible-playbook...'; \ + cd /home/cloud/ansible-pulumi && \ + source /home/cloud/venv/bin/activate && \ ansible-playbook playbooks/${PLAYBOOK_FILE} -i /home/cloud/ansible_env_staging/hosts" echo "[INFO] Task completed."