Move all glue scripts to bash:

By using `/usr/bin/env sh` I needed to ignore some
shell checks. By moving to bash, those shell checks can
be re-enabled.

Signed-off-by: Jacob Weinstock <[email protected]>

Author: jacobweinstock

README.md

@@ -44,4 +44,4 @@ The following docs will help you get started.
    docker exec -i compose_tink-cli_1 tink workflow create -t <TEMPLATE ID> -r '{"device_1":"08:00:27:00:00:01"}')
    ```
 
-4. Restart the machine to provision (if using the vagrant sandbox test machine this is done by running vagrant destroy -f machine1 && vagrant up machine1
+4. Restart the machine to provision (if using the vagrant sandbox test machine this is done by running `vagrant destroy -f machine1 && vagrant up machine1`)

deploy/compose/docker-compose.yml

@@ -27,7 +27,7 @@ services:
 
   # OSIE work
   osie-work:
-    image: alpine
+    image: bash:4.4
     entrypoint: /scripts/lastmile.sh
     command:
       [
@@ -76,7 +76,7 @@ services:
   # Create hardware, template, and workflow records in tink-server
   create-tink-records:
     image: ${TINK_CLI_IMAGE}
-    entrypoint: /manifests/apply_manifests.sh
+    entrypoint: /manifests/exec_in_bash.sh
     command:
       [
         "$TINKERBELL_HARDWARE_MANIFEST",
@@ -87,6 +87,7 @@ services:
         "$TINKERBELL_CLIENT_MAC",
       ]
     environment:
+      GLUE_SCRIPT_NAME: "/manifests/apply_manifests.sh"
       TINKERBELL_GRPC_AUTHORITY: tink-server:42113
       TINKERBELL_CERT_URL: http://tink-server:42114/cert
     volumes:

deploy/compose/manifests/apply_manifests.sh

@@ -1,5 +1,8 @@
-#!/usr/bin/env sh
-# shellcheck disable=SC2039,SC2155,SC2086
+#!/usr/bin/env bash
+# This script is used to push (hardware) and create (template, workflow) Tink Server data/objects
+# This script assumes that the `tink` binary is in the PATH and
+# TINKERBELL_CERT_URL and TINKERBELL_GRPC_AUTHORITY environment variables are set
+# See https://docs.tinkerbell.org/services/tink-cli/ for more details
 
 set -xo pipefail
 
@@ -40,11 +43,13 @@ template() {
 workflow() {
 	local workflow_dir="$1"
 	local mac_address="$2"
-	local mac=$(echo "${mac_address}" | tr '[:upper:]' '[:lower:]')
-	local template_id=$(tink template get --no-headers 2>/dev/null | grep -v "+" | cut -d" " -f2 | xargs)
-	tink workflow create --template "${template_id}" --hardware "{\"device_1\":\"${mac}\"}" | tee "${workflow_dir}"/workflow_id.txt
+	local mac
+	mac=$(echo "${mac_address}" | tr '[:upper:]' '[:lower:]')
+	local template_id
+	template_id=$(tink template get --no-headers 2>/dev/null | grep -v "+" | cut -d" " -f2 | xargs)
+	tink workflow create --template "${template_id}" --hardware "{\"device_1\":\"${mac}\"}" | tee "${workflow_dir}/workflow_id.txt"
 	# write just the workflow id to a file. `|| true` is a failsafe in case the workflow creation fails
-	sed -i 's/Created Workflow:  //g' ${workflow_dir}/workflow_id.txt || true
+	sed -i 's/Created Workflow:  //g' "${workflow_dir}/workflow_id.txt" || true
 }
 
 # workflow_exists checks if a workflow record exists in tink before creating a new one
@@ -55,7 +60,8 @@ workflow_exists() {
 		workflow "${workflow_dir}" "${mac_address}"
 		return 0
 	fi
-	local workflow_id=$(cat "${workflow_dir}"/workflow_id.txt)
+	local workflow_id
+	workflow_id=$(cat "${workflow_dir}"/workflow_id.txt)
 	if [ -z "${workflow_id}" ]; then
 		workflow "${workflow_dir}" "${mac_address}"
 		return 0

deploy/compose/manifests/exec_in_bash.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+# This script is needed because we prefer bash scripts but
+# the pre-built tink-worker container image is alpine and does not
+# have bash naively installed.
+
+set -x
+
+# install_bash install bash, needed when running this script in an Alpine container, like tink-worker image
+install_bash() {
+	apk update
+	apk add bash
+}
+
+# main runs the functions
+main() {
+	install_bash
+	bash "${GLUE_SCRIPT_NAME}" "$@"
+}
+
+main "$@"

deploy/compose/osie/lastmile.sh

@@ -1,5 +1,6 @@
-#!/usr/bin/env sh
-# shellcheck disable=SC2039
+#!/usr/bin/env bash
+# This script handles downloading, extracting, and copying/moving files in place
+# for OSIE and Hook. For more info on OSIE and Hook, see: https://docs.tinkerbell.org/services/osie/
 
 set -xo pipefail
 

deploy/compose/registry/upload.sh

@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
-# shellcheck disable=SC2001,SC2155,SC2046
+# This script handles uploading containers from one container registry to another.
+# It assumes the target registry requires username and password authentication.
 
 set -xo pipefail
 
@@ -11,8 +12,10 @@ main() {
 	# this confusing IFS= and the || is to capture the last line of the file if there is no newline at the end
 	while IFS= read -r img || [ -n "${img}" ]; do
 		# file is expected to have src and dst images delimited by a space
-		local src_img="$(echo "${img}" | cut -d' ' -f1)"
-		local dst_img="$(echo "${img}" | cut -d' ' -f2)"
+		local src_img
+		src_img="$(echo "${img}" | cut -d' ' -f1)"
+		local dst_img
+		dst_img="$(echo "${img}" | cut -d' ' -f2)"
 		skopeo copy --all --dest-tls-verify=false --dest-creds="${reg_user}":"${reg_pw}" docker://"${src_img}" docker://"${reg_url}"/"${dst_img}"
 	done <"${images_file}"
 }

deploy/compose/tls/generate.sh

@@ -1,8 +1,12 @@
 #!/usr/bin/env bash
+# This script handles the generation of the TLS certificates.
+# The output is 2 files:
+# 1. /certs/${FACILITY:-onprem}/server-key.pem (TLS private key)
+# 2. /certs/${FACILITY:-onprem}/bundle.pem (TLS public certificate)
 
 set -xo pipefail
 
-# update_csr will add the sans_ip to the csr
+# update_csr will add the sans_ip, as a valid host domain in the csr
 update_csr() {
 	local sans_ip="$1"
 	local csr_file="$2"

deploy/compose/ubuntu/setup_ubuntu.sh

@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# This script is designed to download a cloud image file (.img) and then convert it to a .raw file.
+# This is purpose built for the Ubuntu Cloud image https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
+# so that the .raw file can be used in the Tinkerbell action "image2disk": https://artifacthub.io/packages/tbaction/tinkerbell-community/image2disk
 
 set -xo pipefail