implement "shim" to auth for smd, then launch Ansible

While we're already capable of grabbing a JWT and pushing it to the nodes, the process of enumerating nodes in the first place (via smd) requires an auth token as well. The shim script implemented here handles this.
OpenCHAMI · Jun 17, 2024 · 63ca28f · 63ca28f
1 parent 380ec1e
commit 63ca28f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,7 @@ LABEL org.opencontainers.image.authors="Lucas Ritzdorf <[email protected]>"
 # NOTE: If these don't happen in the same command, they become separate layers
 # and don't use any less space.
 RUN dnf install -y epel-release \
- && dnf install -y ansible python3.12-requests \
+ && dnf install -y jq ansible python3.12-requests \
  && dnf clean all && rm -r /var/cache/dnf/
 
 # Copy the smd inventory plugin into Ansible's system-level plugins directory
@@ -17,6 +17,8 @@ COPY ansible-smd-inventory/smd_inventory.py /usr/share/ansible/plugins/inventory
 COPY ansible/ ansible/
 WORKDIR ansible
 
-# TODO: Access token?
+# Copy our helper script, which gets a token for smd and exec's Ansible
+COPY ansible_shim.sh .
 
-# TODO: ENTRYPOINT should be some sort of daemon process?
+# TODO: This should eventually be some sort of daemon process
+CMD ./ansible_shim.sh
diff --git a/ansible_shim.sh b/ansible_shim.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+set -e
+
+ACCESS_TOKEN="`curl http://opaal:3333/token | jq -r '.access_token'`"
+export ACCESS_TOKEN
+exec ansible-playbook main.yaml