diff --git a/bin/s b/bin/s new file mode 120000 index 0000000..ecd5179 --- /dev/null +++ b/bin/s @@ -0,0 +1 @@ +shep_select \ No newline at end of file diff --git a/bin/shep_env b/bin/shep_env new file mode 100755 index 0000000..dc8fa61 --- /dev/null +++ b/bin/shep_env @@ -0,0 +1,143 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2155 +export PS4=$'+ \e[0;40;36m${BASH_SOURCE}:${FUNCNAME[0]:+${FUNCNAME[0]}}:${LINENO} :: \e[0m' +# env SHELLOPTS="${SHELLOPTS}:xtrace" shep_env +${DEBUG:+set -x} +set -e + +# +# There is a shortcut to target specific environment via `export SH_ID=` +# +# ``` +# SH_ID=205d4fca-66da-48c6-90ae-10a6f79610e1 SH_NS=aberezovsky shep_env +# ``` +# +# After this `bosh`, `credhub`, and `cf` commands will be targeted to selected shepherd environment. +# +# By default scripts use tas-devex namespace, but you can easially point to your personal namespace by `export SH_NS=` +# + +export SH_NS=${SH_NS:-tas-devex} \ + SH_ID=${SH_ID:---last-lease} + +export SHEP_LEASE_OUTPUT_JSON=$(shepherd get lease --namespace "${SH_NS:?}" "${SH_ID:?}" --json | jq -r '.output' \ +| jq --sort-keys "del(.ops_file_content, .ops_manager.private_key)" | jq --compact-output +) + +#echo ${SHEP_LEASE_OUTPUT_JSON:?} | jless + +echo "Loading BOSH for ${SH_ID:?}" +#time eval "$(smith bosh -l <(echo "${SHEP_LEASE_OUTPUT_JSON:?}"))" + +ssh_key_path=$(mktemp) + +printf "%s" "${SHEP_LEASE_OUTPUT_JSON:?}" | jq -r '.ops_manager_private_key' > "${ssh_key_path}" +chmod 0600 "${ssh_key_path}" + +bosh_ca_path=$(mktemp) + +ops_manager_public_ip=$(printf "%s" "${SHEP_LEASE_OUTPUT_JSON:?}" | jq -r '.ops_manager_public_ip') + +ssh -o IdentitiesOnly=yes \ + -o StrictHostKeyChecking=no \ + -i "${ssh_key_path}" \ + ubuntu@"${ops_manager_public_ip:?}" cat /var/tempest/workspaces/default/root_ca_certificate \ + 1>"${bosh_ca_path}" \ + 2>/dev/null + +chmod 0600 "${bosh_ca_path}" + +ops_manager_url=$(printf "%s" "${SHEP_LEASE_OUTPUT_JSON:?}" | jq -r '.ops_manager.url') +ops_manager_username=$(printf "%s" "${SHEP_LEASE_OUTPUT_JSON:?}" | jq -r '.ops_manager.username') +ops_manager_password=$(printf "%s" "${SHEP_LEASE_OUTPUT_JSON:?}" | jq -r '.ops_manager.password') + +creds=$(om -t "${ops_manager_url:?}" -k -u "${ops_manager_username:?}" -p "${ops_manager_password:?}" \ + curl -s -p "/api/v0/deployed/director/credentials/bosh_commandline_credentials") + +bosh_all=$(echo "${creds}" | jq -r .credential | tr ' ' '\n' | grep '=') + +bosh_client=$(echo "${bosh_all}" | tr ' ' '\n' | grep 'BOSH_CLIENT=') +bosh_env=$(echo "${bosh_all}" | tr ' ' '\n' | grep 'BOSH_ENVIRONMENT=') +bosh_secret=$(echo "${bosh_all}" | tr ' ' '\n' | grep 'BOSH_CLIENT_SECRET=') +bosh_ca_cert="BOSH_CA_CERT=${bosh_ca_path:?}" +bosh_proxy="BOSH_ALL_PROXY=ssh+socks5://ubuntu@${ops_manager_public_ip:?}:22?private-key=${ssh_key_path}" #, data.OpsManager.IP.String()), +bosh_deployment="BOSH_DEPLOYMENT=$(/usr/bin/env \ + "${bosh_client:?}" \ + "${bosh_env:?}" \ + "${bosh_secret:?}" \ + "${bosh_ca_cert:?}" \ + "${bosh_proxy:?}" \ + bosh deployments --json \ + | jq -r '.Tables[0].Rows[0].name')" + + +#/usr/bin/env $bosh_client $bosh_env $bosh_secret $bosh_ca_cert $bosh_proxy $bosh_deployment bosh vms + +export BOSH_CREDS="export BOSH_ENV_NAME=${bosh_deployment:?}" \ + "${bosh_client:?}" \ + "${bosh_env:?}" \ + "${bosh_secret:?}" \ + "${bosh_ca_cert:?}" \ + "${bosh_proxy:?}" \ + "${bosh_deployment:?}" + +export CREDHUB_CREDS="export CREDHUB_SERVER=\"\${BOSH_ENVIRONMENT}:8844\" \ + CREDHUB_PROXY=\"\${BOSH_ALL_PROXY}\" \ + CREDHUB_CLIENT=\"\${BOSH_CLIENT}\" \ + CREDHUB_SECRET=\"\${BOSH_CLIENT_SECRET}\" \ + CREDHUB_CA_CERT=\"\${BOSH_CA_CERT}\"" + +eval "$BOSH_CREDS" +eval "$CREDHUB_CREDS" + + +export OM_SKIP_SSL_VALIDATION=true \ + SYS_DOMAIN=$( jq -r '.sys_domain' <(printf '%s' "${SHEP_LEASE_OUTPUT_JSON:?}") ) \ + OM_TARGET=$( jq -r '.ops_manager.url' <(printf '%s' "${SHEP_LEASE_OUTPUT_JSON:?}") ) \ + OM_USERNAME=$( jq -r '.ops_manager.username' <(printf '%s' "${SHEP_LEASE_OUTPUT_JSON:?}") ) \ + OM_PASSWORD=$( jq -r '.ops_manager.password' <(printf '%s' "${SHEP_LEASE_OUTPUT_JSON:?}") ) \ +TAS_URL_APPS_DOMAIN=$( jq -r '.apps_domain' <(printf '%s' "${SHEP_LEASE_OUTPUT_JSON:?}") ) \ + SHEP_NAME=$( jq -r '.name' <(printf '%s' "${SHEP_LEASE_OUTPUT_JSON:?}") ) + TAS_ADMIN_PASSWORD=$( credhub get --output-json \ + --name "/opsmgr/$(bosh deployments --json | jq -r '.Tables[].Rows[].name')/uaa/admin_credentials" \ + | jq -r '.value.password') + + +export CF_INT_API="api.${SYS_DOMAIN:?}" \ + CF_INT_PASSWORD="${TAS_ADMIN_PASSWORD:?}" \ + CF_HOME=$(mktemp -d) + +cleanup_temps() { + rm -f "${ssh_key_path}" + rm -f "${bosh_ca_path}" + rm -rf "${CF_HOME}" +} + +trap cleanup_temps EXIT + +echo "Connecting CF CLI... CF_HOME=${CF_HOME:?}" +time cf login -a "${CF_INT_API:?}"\ + -u "admin" \ + -p "${TAS_ADMIN_PASSWORD:?}" \ + --skip-ssl-validation + +export SHEP_ENV_CREDENTIALS=$( +echo cf login -a "api.${SYS_DOMAIN:?}" \ + -u "admin" \ + -p "${TAS_ADMIN_PASSWORD:?}" \ + --skip-ssl-validation + +echo "http://apps.${SYS_DOMAIN:?}" +echo "http://tas-portal.${SYS_DOMAIN:?}" +echo "http://tas-portal.${TAS_URL_APPS_DOMAIN:?}" +echo -e "login: admin\npassword: ${TAS_ADMIN_PASSWORD:?}" +) + +echo "$SHEP_ENV_CREDENTIALS" +# shellcheck disable=SC2016 +echo 'To recall env credentials run: echo $SHEP_ENV_CREDENTIALS' + +zsh +# [[ $_ != "$0" ]] || +# eval "$SHELL" +# diff --git a/bin/shep_select b/bin/shep_select new file mode 100755 index 0000000..e823a07 --- /dev/null +++ b/bin/shep_select @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +query=$* + +export PS4=$'+ \e[0;40;36m${BASH_SOURCE}:${FUNCNAME[0]:+${FUNCNAME[0]}}:${LINENO} :: \e[0m' +# env SHELLOPTS="${SHELLOPTS}:xtrace" shep_env +set -e + +# +# Script allow developer to list, select, and target TAS shepherd environments from the workstation +# By default scripts use tas-devex namespace, but you can easially point to your personal namespace by `export SH_NS=` +# +# ``` +# SH_NS=aberezovsky shep_env +# ``` +# +# You can pass environment filter options after `s` or `shep_select` command +# +# ``` +# shep_select APPSMAN-148 +# ``` +# + +${DEBUG:+set -x} + +export SH_NS="${SH_NS:-tas-devex}" + +# https://gitlab.eng.vmware.com/shepherd/shepherd2/-/blob/main/documentation/public-docs/how-tos/quickstart.md +# shellcheck disable=SC2016 +shepherd list --namespace "${SH_NS:?}" lease --json \ + | jq -c '.[]' \ + | fzf --no-mouse \ + ${query:+--query "$query"} \ + --preview 'shepherd get lease --namespace ${SH_NS:?} $(jq -r .identifier <(echo {})) --json | jq --sort-keys "[.output.ops_manager, del(.output, .environment.nodes), .output|del(.ops_manager,.azs,.env_dns_zone_name_servers)|del(.ops_manager_private_key,.ops_manager_public_key)]" ' \ + --bind 'ctrl-/:change-preview-window(down|hidden|)' \ + --bind 'return:execute(SH_ID="$(jq -r .identifier <(echo {}))" shep_env)' \ + --bind 'ctrl-t:execute(export SH_ID="$(jq -r .identifier <(echo {}))"; export sh_date=$(shepherd set-duration lease --json --expire-in 48h ${SH_ID:?} | yq .expires_at); echo Bumped for another 48 hours now expires at: $(date -jf "%Y-%m-%dT%H:%M:%S" +"%Y-%m-%d %H:%M" "${sh_date%.*}"); read)' \ + --bind 'space:execute(shepherd get lease --namespace ${SH_NS:?} $(jq -r .identifier <(echo {})) --json | jq --sort-keys "[.output.ops_manager]" )' \ + --header 'RETURN - shell with loaded env; SPACE - print opsman' \ + || shepherd login user +