From 1019ec0ac5c3902372273465e1ad00705ebec1d8 Mon Sep 17 00:00:00 2001 From: Gregor Date: Tue, 15 Jun 2021 21:00:53 +0200 Subject: [PATCH 1/3] [ansible] Fix minio playbook execution when secret or key contain '$' Ansible shell task behaves as expected and would interpret '$'. Single-quiting it fixes that. --- ansible/kube-minio-static-files.yml | 2 +- ansible/minio.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/kube-minio-static-files.yml b/ansible/kube-minio-static-files.yml index c7051dcca..c7604c774 100644 --- a/ansible/kube-minio-static-files.yml +++ b/ansible/kube-minio-static-files.yml @@ -15,7 +15,7 @@ tasks_from: install-client - name: "add 'local' mc config alias with correct credentials" - shell: "mc config host add local http://{{ service_cluster_ip }}:9000 {{ minio_access_key }} {{ minio_secret_key }}" + shell: "mc config host add local http://{{ service_cluster_ip }}:9000 '{{ minio_access_key }}' '{{ minio_secret_key }}'" - name: "create 'public' bucket" shell: "mc mb --ignore-existing local/public" diff --git a/ansible/minio.yml b/ansible/minio.yml index f8fe89c17..b48f72aef 100644 --- a/ansible/minio.yml +++ b/ansible/minio.yml @@ -51,7 +51,7 @@ tags: bucket-create - name: "add 'local' mc config alias with correct credentials" - shell: "mc config host add local http://localhost{{ minio_layouts.server1.server_addr }} {{ minio_access_key }} {{ minio_secret_key }}" + shell: "mc config host add local http://localhost{{ minio_layouts.server1.server_addr }} '{{ minio_access_key }}' '{{ minio_secret_key }}'" tags: mc-config - name: "make the 'public' bucket world-accessible" From a08f42235033265c1896d434d374c764477a07c3 Mon Sep 17 00:00:00 2001 From: Gregor Date: Tue, 15 Jun 2021 12:45:39 +0200 Subject: [PATCH 2/3] Fix building wrong wire-server into air-gap bundle * fail fast (first error) during automated offline deployment * iterate over directory content and forward paths instead of chart names --- bin/offline-deploy.sh | 3 +++ offline/ci.sh | 11 +++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/bin/offline-deploy.sh b/bin/offline-deploy.sh index a7701d73c..d3a31ab21 100755 --- a/bin/offline-deploy.sh +++ b/bin/offline-deploy.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +set -euo pipefail + + SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # HACK: hack to stop ssh from idling the connection. Which it will do if there is no output. And ansible is not verbose enough diff --git a/offline/ci.sh b/offline/ci.sh index fd1a25a52..9b76009e4 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -101,19 +101,18 @@ wire_version="2.106.0" # Download zauth; as it's needed to generate certificates echo "quay.io/wire/zauth:$wire_version" | create-container-dump containers-adminhost -mkdir -p charts -for chart in "${charts[@]}"; do - (cd charts; helm pull --version "$wire_version" --untar "$chart") +mkdir -p ./charts +for chartName in "${charts[@]}"; do + (cd ./charts; helm pull --version "$wire_version" --untar "$chartName") done -for chart in "${charts[@]}"; do - echo "$chart" +for chartPath in "$(pwd)"/charts/*; do + echo "$chartPath" done | list-helm-containers | create-container-dump containers-helm tar cf containers-helm.tar containers-helm [[ "$INCREMENTAL" -eq 0 ]] && rm -r containers-helm -# echo "docker_ubuntu_repo_repokey: '${fingerprint}'" > ansible/inventory/offline/group_vars/all/key.yml From 659fd61b514730100fe367d8357d402afcb1bd3e Mon Sep 17 00:00:00 2001 From: Gregor Date: Wed, 16 Jun 2021 12:33:31 +0200 Subject: [PATCH 3/3] Release: 2021-06-16 Fixes * [Ansible] Prevent Minio installation from breaking when access or secret key contains `$` * [CI] Ensure that the right version of wire-server is built into the air-gap bundle --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88649cad1..3fe4f6a23 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,13 +4,22 @@ ## Features -## versions +## Fixes + +## Versions ## Breaking changes --> +# 2021-06-16 + +## Fixes + +* [Ansible] Prevent Minio installation from breaking when access or secret key contains `$` +* [CI] Ensure that the right version of wire-server is built into the air-gap bundle + # 2021-06-10