only allow system to use raw_exec drivers now; no longer allow custom consul path

Author: traceypooh

README.md

@@ -59,7 +59,6 @@ There are various options that can be used in conjunction with the `project.noma
 NOMAD_VAR_CHECK_PATH
 NOMAD_VAR_CHECK_PROTOCOL
 NOMAD_VAR_CHECK_TIMEOUT
-NOMAD_VAR_CONSUL_PATH
 NOMAD_VAR_COUNT
 NOMAD_VAR_COUNT_CANARIES
 NOMAD_VAR_CPU

deploy.sh

@@ -139,11 +139,6 @@ function main() {
   fi
 
 
-  if [[ "$NOMAD_ADDR" == *crawl*.archive.org:* ]]; then # nixxx
-    export NOMAD_VAR_CONSUL_PATH='/usr/local/bin/consul'
-  fi
-
-
   if [ "$CI_REGISTRY_READ_TOKEN" = "0" ]; then unset CI_REGISTRY_READ_TOKEN; fi
 
   ############################### NOMAD VARS SETUP ##############################
@@ -274,6 +269,24 @@ EOF
   fi
 
 
+  # check the container related `driver` value(s).
+  # scan entire complex project JSON for any key named `Driver` and write to a file
+  nomad run -output -var-file=env.env project.hcl |jq '.. | .Driver? | select(. != null)' >| drivers.txt
+  # there should be exactly one of these drivers in the HCL
+  NUM=$(grep -icE '^"DRIVER_SET_AT_RUNTIME"$' drivers.txt |cat)
+  if [ "$NUM" != 1 ]; then; echo 'bad drivers setup'; exit 1; fi
+  # there should be 1+ of either of these drivers in the HCL
+  NUM=$(grep -icE '^"(docker|podman)"$' drivers.txt |cat)
+  if [ "$NUM" -lt 1 ]; then; echo 'drivers not located?'; exit 1; fi
+  # there should be 0 of either of these drivers in the HCL
+  NUM=$(grep -icE '^"(exec|raw_exec)"$' drivers.txt |cat)
+  if [ "$NUM" != 0 ]; then; echo 'bad drivers in project'; exit 1; fi
+  rm drivers.txt
+
+  # Now swap in the 'raw_exec' driver for the 'kv' task
+  sed -ix 's/driver = "DRIVER_SET_AT_RUNTIME"/driver = "raw_exec"/'  project.hcl
+
+
   if [ "$NOMAD_TOKEN" = test ]; then
     nomad run -output -var-file=env.env project.hcl >| project.json
     exit 0

project.nomad

@@ -60,8 +60,6 @@ variables {
   # only used for github repos
   CI_GITHUB_IMAGE = ""
 
-  CONSUL_PATH = "/usr/bin/consul"
-
   FORCE_PULL = false
 
   # For jobs with 2+ containers (and tasks) (so we can setup ports properly)
@@ -394,9 +392,9 @@ CI_COMMIT_SHA=${var.CI_COMMIT_SHA}
         for_each = slice(keys(var.NOMAD_SECRETS), 0, min(1, length(keys(var.NOMAD_SECRETS))))
         labels = ["kv"]
         content {
-          driver = "raw_exec"
+          driver = "DRIVER_SET_AT_RUNTIME"
           config {
-            command = var.CONSUL_PATH
+            command = "/usr/bin/consul"
             args = [ "kv", "put", var.SLUG, local.kv ]
           }
           lifecycle {