djpbessems
/
Tinkerbell.Sandbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix empty docker-compose in basebox (#81) 

## Description

Ensures docker-compose is correctly downloaded.
Also adds some better debuggability to setup.sh and the vagrant provision script.
A bunch of misc clean ups following the boy scout rule (leave things better than you found them)

## Why is this needed

Fixes: #59 

## How Has This Been Tested?

`vagrant up provisioner` now works

## How are existing users impacted? What migration steps/scripts do we need?

Fixes a bug where the vagrant sandbox wasn't working.

## Checklist:

I have:

- [ ] updated the documentation and/or roadmap (if required)
- [ ] added unit or e2e tests
- [ ] provided instructions on how to upgrade
This commit is contained in:
mergify[bot] 2021-04-29 17:19:59 +00:00 committed by GitHub
parent 28a236376f 7e2296df94
commit 4add7eef56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 88 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
deploy/vagrant/basebox/ubuntu1804/provision.sh
View File

@ -9,7 +9,8 @@ setup_docker() (
ca-certificates \ ca-certificates \
curl \ curl \
gnupg-agent \ gnupg-agent \
software-properties-common software-properties-common \
;
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
sudo apt-key add - sudo apt-key add -
@ -22,16 +23,24 @@ setup_docker() (
sudo add-apt-repository "$repo" sudo add-apt-repository "$repo"
sudo apt-get update sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io sudo apt-get install -y \
containerd.io \
docker-ce \
docker-ce-cli \
;
) )
# from https://docs.docker.com/compose/install/
setup_docker_compose() ( setup_docker_compose() (
# from https://docs.docker.com/compose/install/ local name url
sudo curl -L \ name=docker-compose-$(uname -s)-$(uname -m)
"https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" \ url=https://github.com/docker/compose/releases/download/1.26.0/$name
-o /usr/local/bin/docker-compose curl -fsSLO "$url"
curl -fsSLO "$url.sha256"
sudo chmod +x /usr/local/bin/docker-compose sha256sum -c <"$name.sha256"
rm -f "$name.sha256"
chmod +x "$name"
sudo mv "$name" /usr/local/bin/docker-compose
) )
main() ( main() (
@ -45,3 +54,4 @@ main() (
) )
main main
sync # do not remove!

7
deploy/vagrant/scripts/tinkerbell.sh
View File

@ -34,12 +34,12 @@ setup_nat() (
main() ( main() (
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
if [ ! -f ./.env ]; then if ! [[ -f ./.env ]]; then
./generate-env.sh eth1 >.env ./generate-env.sh eth1 >.env
fi fi
# shellcheck disable=SC1091 # shellcheck disable=SC1091
. ./.env source ./.env
make_certs_writable make_certs_writable
@ -51,6 +51,9 @@ main() (
secure_certs secure_certs
configure_vagrant_user configure_vagrant_user
set +x # don't want the stderr output from xtrace messing with the post-setup-message
[[ -f /tmp/post-setup-message ]] && cat /tmp/post-setup-message
) )
main main

67
generate-env.sh
View File

@ -14,7 +14,7 @@ ERR="${RED:-}ERROR:${RESET:-}"
source ./current_versions.sh source ./current_versions.sh
err() ( err() (
if [ -z "${1:-}" ]; then if [[ -z ${1:-} ]]; then
cat >&2 cat >&2
else else
echo "$ERR " "$@" >&2 echo "$ERR " "$@" >&2
@ -53,48 +53,49 @@ generate_env() (
tink_password=$(generate_password) tink_password=$(generate_password)
local registry_password local registry_password
registry_password=$(generate_password) registry_password=$(generate_password)
cat <<EOF
# Tinkerbell Stack version
export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK} cat <<-EOF
export TINKERBELL_TINK_SERVER_IMAGE=${TINKERBELL_TINK_SERVER_IMAGE} # Tinkerbell Stack version
export TINKERBELL_TINK_CLI_IMAGE=${TINKERBELL_TINK_CLI_IMAGE}
export TINKERBELL_TINK_BOOTS_IMAGE=${TINKERBELL_TINK_BOOTS_IMAGE}
export TINKERBELL_TINK_HEGEL_IMAGE=${TINKERBELL_TINK_HEGEL_IMAGE}
export TINKERBELL_TINK_WORKER_IMAGE=${TINKERBELL_TINK_WORKER_IMAGE}
# Network interface for Tinkerbell's network export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK}
export TINKERBELL_NETWORK_INTERFACE="$tink_interface" export TINKERBELL_TINK_SERVER_IMAGE=${TINKERBELL_TINK_SERVER_IMAGE}
export TINKERBELL_TINK_CLI_IMAGE=${TINKERBELL_TINK_CLI_IMAGE}
export TINKERBELL_TINK_BOOTS_IMAGE=${TINKERBELL_TINK_BOOTS_IMAGE}
export TINKERBELL_TINK_HEGEL_IMAGE=${TINKERBELL_TINK_HEGEL_IMAGE}
export TINKERBELL_TINK_WORKER_IMAGE=${TINKERBELL_TINK_WORKER_IMAGE}
# Decide on a subnet for provisioning. Tinkerbell should "own" this # Network interface for Tinkerbell's network
# network space. Its subnet should be just large enough to be able export TINKERBELL_NETWORK_INTERFACE="$tink_interface"
# to provision your hardware.
export TINKERBELL_CIDR=29
# Host IP is used by provisioner to expose different services such as # Decide on a subnet for provisioning. Tinkerbell should "own" this
# tink, boots, etc. # network space. Its subnet should be just large enough to be able
# # to provision your hardware.
# The host IP should the first IP in the range, and the Nginx IP export TINKERBELL_CIDR=29
# should be the second address.
export TINKERBELL_HOST_IP=192.168.1.1
# Tink server username and password # Host IP is used by provisioner to expose different services such as
export TINKERBELL_TINK_USERNAME=admin # tink, boots, etc.
export TINKERBELL_TINK_PASSWORD="$tink_password" #
# The host IP should the first IP in the range, and the Nginx IP
# should be the second address.
export TINKERBELL_HOST_IP=192.168.1.1
# Docker Registry's username and password # Tink server username and password
export TINKERBELL_REGISTRY_USERNAME=admin export TINKERBELL_TINK_USERNAME=admin
export TINKERBELL_REGISTRY_PASSWORD="$registry_password" export TINKERBELL_TINK_PASSWORD="$tink_password"
# Legacy options, to be deleted: # Docker Registry's username and password
export FACILITY=onprem export TINKERBELL_REGISTRY_USERNAME=admin
export ROLLBAR_TOKEN=ignored export TINKERBELL_REGISTRY_PASSWORD="$registry_password"
export ROLLBAR_DISABLE=1
EOF # Legacy options, to be deleted:
export FACILITY=onprem
export ROLLBAR_TOKEN=ignored
export ROLLBAR_DISABLE=1
EOF
) )
main() ( main() (
if [ -z "${1:-}" ]; then if [[ -z ${1:-} ]]; then
err "Usage: $0 network-interface-name > .env" err "Usage: $0 network-interface-name > .env"
exit 1 exit 1
fi fi

60
setup.sh
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# stops the execution if a command or pipeline has an error # stops the execution if a command or pipeline has an error
set -eu set -euxo pipefail
# Tinkerbell stack Linux setup script # Tinkerbell stack Linux setup script
# #
@ -38,7 +38,7 @@ NEXT="${GREEN:-}NEXT:${RESET:-}"
get_distribution() ( get_distribution() (
local lsb_dist="" local lsb_dist=""
# Every system that we officially support has /etc/os-release # Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then if [[ -r /etc/os-release ]]; then
# shellcheck disable=SC1091 # shellcheck disable=SC1091
lsb_dist="$(. /etc/os-release && echo "$ID")" lsb_dist="$(. /etc/os-release && echo "$ID")"
fi fi
@ -50,7 +50,7 @@ get_distribution() (
get_distro_version() ( get_distro_version() (
local lsb_version="0" local lsb_version="0"
# Every system that we officially support has /etc/os-release # Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then if [[ -r /etc/os-release ]]; then
# shellcheck disable=SC1091 # shellcheck disable=SC1091
lsb_version="$(. /etc/os-release && echo "$VERSION_ID")" lsb_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi fi
@ -112,10 +112,10 @@ setup_networking() (
fi fi
NAT_INTERFACE="" NAT_INTERFACE=""
if [ -r .nat_interface ]; then if [[ -r .nat_interface ]]; then
NAT_INTERFACE=$(cat .nat_interface) NAT_INTERFACE=$(cat .nat_interface)
fi fi
if [ -n "$NAT_INTERFACE" ] && ip addr show "$NAT_INTERFACE" &>/dev/null; then if [[ -n $NAT_INTERFACE ]] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
# TODO(nshalman) the terraform code would just run these commands as-is once # TODO(nshalman) the terraform code would just run these commands as-is once
# but it would be nice to make these more persistent based on OS # but it would be nice to make these more persistent based on OS
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
@ -135,10 +135,10 @@ setup_networking_manually() (
setup_network_forwarding() ( setup_network_forwarding() (
# enable IP forwarding for docker # enable IP forwarding for docker
if [ "$(sysctl -n net.ipv4.ip_forward)" != "1" ]; then if (($(sysctl -n net.ipv4.ip_forward) != 1)); then
if [ -d /etc/sysctl.d ]; then if [[ -d /etc/sysctl.d ]]; then
echo "net.ipv4.ip_forward=1" >/etc/sysctl.d/99-tinkerbell.conf echo "net.ipv4.ip_forward=1" >/etc/sysctl.d/99-tinkerbell.conf
elif [ -f /etc/sysctl.conf ]; then elif [[ -f /etc/sysctl.conf ]]; then
echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
fi fi
@ -171,7 +171,7 @@ setup_networking_netplan() (
) )
setup_networking_ubuntu_legacy() ( setup_networking_ubuntu_legacy() (
if [ ! -f /etc/network/interfaces ]; then if ! [[ -f /etc/network/interfaces ]]; then
echo "$ERR file /etc/network/interfaces not found" echo "$ERR file /etc/network/interfaces not found"
exit 1 exit 1
fi fi
@ -224,7 +224,7 @@ EOF
local cfgfile="/etc/sysconfig/network-scripts/ifcfg-$TINKERBELL_NETWORK_INTERFACE" local cfgfile="/etc/sysconfig/network-scripts/ifcfg-$TINKERBELL_NETWORK_INTERFACE"
if [ -f "$cfgfile" ]; then if [[ -f $cfgfile ]]; then
echo "$ERR network config already exists: $cfgfile" echo "$ERR network config already exists: $cfgfile"
echo "$BLANK Please update it to match this configuration:" echo "$BLANK Please update it to match this configuration:"
echo "$content" echo "$content"
@ -245,12 +245,12 @@ setup_osie() (
local osie_current=$STATEDIR/webroot/misc/osie/current local osie_current=$STATEDIR/webroot/misc/osie/current
local tink_workflow=$STATEDIR/webroot/workflow/ local tink_workflow=$STATEDIR/webroot/workflow/
if [ ! -d "$osie_current" ] || [ ! -d "$tink_workflow" ]; then if [[ ! -d $osie_current ]] || [[ ! -d $tink_workflow ]]; then
mkdir -p "$osie_current" mkdir -p "$osie_current"
mkdir -p "$tink_workflow" mkdir -p "$tink_workflow"
pushd "$SCRATCH" pushd "$SCRATCH"
if [ -z "${TB_OSIE_TAR:-}" ]; then if [[ -z ${TB_OSIE_TAR:-} ]]; then
curl "${OSIE_DOWNLOAD_LINK}" -o ./osie.tar.gz curl "${OSIE_DOWNLOAD_LINK}" -o ./osie.tar.gz
tar -zxf osie.tar.gz tar -zxf osie.tar.gz
else else
@ -305,7 +305,7 @@ check_container_status() (
--filter "event=health_status" \ --filter "event=health_status" \
--format '{{.Status}}') --format '{{.Status}}')
if [ "$status" != "health_status: healthy" ]; then if [[ $status != "health_status: healthy" ]]; then
echo "$ERR $container_name is not healthy. status: $status" echo "$ERR $container_name is not healthy. status: $status"
exit 1 exit 1
fi fi
@ -314,7 +314,7 @@ check_container_status() (
generate_certificates() ( generate_certificates() (
mkdir -p "$STATEDIR/certs" mkdir -p "$STATEDIR/certs"
if [ ! -f "$STATEDIR/certs/ca.json" ]; then if ! [[ -f "$STATEDIR/certs/ca.json" ]]; then
jq \ jq \
'. '.
| .names[0].L = $facility | .names[0].L = $facility
@ -325,7 +325,7 @@ generate_certificates() (
>"$STATEDIR/certs/ca.json" >"$STATEDIR/certs/ca.json"
fi fi
if [ ! -f "$STATEDIR/certs/server-csr.json" ]; then if ! [[ -f "$STATEDIR/certs/server-csr.json" ]]; then
jq \ jq \
'. '.
| .hosts += [ $ip, "tinkerbell.\($facility).packet.net" ] | .hosts += [ $ip, "tinkerbell.\($facility).packet.net" ]
@ -347,13 +347,13 @@ generate_certificates() (
local certs_dir="/etc/docker/certs.d/$TINKERBELL_HOST_IP" local certs_dir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
# copy public key to NGINX for workers # copy public key to NGINX for workers
if ! cmp --quiet "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"; then if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"; then
cp "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem" cp "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"
fi fi
# update host to trust registry certificate # update host to trust registry certificate
if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$certs_dir/tinkerbell.crt"; then if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$certs_dir/tinkerbell.crt"; then
if [ ! -d "$certs_dir/tinkerbell.crt" ]; then if ! [[ -d "$certs_dir/" ]]; then
# The user will be told to create the directory # The user will be told to create the directory
# in the next block, if copying the certs there # in the next block, if copying the certs there
# fails. # fails.
@ -363,7 +363,7 @@ generate_certificates() (
echo "$ERR please copy $STATEDIR/certs/ca.pem to $certs_dir/tinkerbell.crt" echo "$ERR please copy $STATEDIR/certs/ca.pem to $certs_dir/tinkerbell.crt"
echo "$BLANK and run $0 again:" echo "$BLANK and run $0 again:"
if [ ! -d "$certs_dir" ]; then if ! [[ -d $certs_dir ]]; then
echo "sudo mkdir -p '$certs_dir'" echo "sudo mkdir -p '$certs_dir'"
fi fi
echo "sudo cp '$STATEDIR/certs/ca.pem' '$certs_dir/tinkerbell.crt'" echo "sudo cp '$STATEDIR/certs/ca.pem' '$certs_dir/tinkerbell.crt'"
@ -406,7 +406,7 @@ bootstrap_docker_registry() (
setup_docker_registry() ( setup_docker_registry() (
local registry_images="$STATEDIR/registry" local registry_images="$STATEDIR/registry"
if [ ! -d "$registry_images" ]; then if ! [[ -d $registry_images ]]; then
mkdir -p "$registry_images" mkdir -p "$registry_images"
fi fi
start_registry start_registry
@ -427,13 +427,15 @@ command_exists() (
) )
check_command() ( check_command() (
if command_exists "$1"; then if ! command_exists "$1"; then
echo "$BLANK Found prerequisite: $1" echo "$ERR Prerequisite executable command not found: $1"
return 0
else
echo "$ERR Prerequisite command not installed: $1"
return 1 return 1
fi fi
if ! [[ -s "$(which "$1")" ]]; then
echo "$ERR Prerequisite command is an empty file: $1"
fi
echo "$BLANK Found prerequisite: $1"
return 0
) )
check_prerequisites() ( check_prerequisites() (
@ -469,7 +471,7 @@ check_prerequisites() (
;; ;;
esac esac
if [ $failed -eq 1 ]; then if ((failed == 1)); then
echo "$ERR Prerequisites not met. Please install the missing commands and re-run $0." echo "$ERR Prerequisites not met. Please install the missing commands and re-run $0."
exit 1 exit 1
fi fi
@ -477,7 +479,7 @@ check_prerequisites() (
whats_next() ( whats_next() (
echo "$NEXT 1. Enter /vagrant/deploy and run: source ../.env; docker-compose up -d" echo "$NEXT 1. Enter /vagrant/deploy and run: source ../.env; docker-compose up -d"
echo "$BLANK 2. Try executing your fist workflow." echo "$BLANK 2. Try executing your first workflow."
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow." echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
) )
@ -489,7 +491,7 @@ do_setup() (
echo "$INFO starting tinkerbell stack setup" echo "$INFO starting tinkerbell stack setup"
check_prerequisites "$lsb_dist" "$lsb_version" check_prerequisites "$lsb_dist" "$lsb_version"
if [ ! -f "$ENV_FILE" ]; then if ! [[ -f $ENV_FILE ]]; then
echo "$ERR Run './generate-env.sh network-interface > \"$ENV_FILE\"' before continuing." echo "$ERR Run './generate-env.sh network-interface > \"$ENV_FILE\"' before continuing."
exit 1 exit 1
fi fi
@ -503,7 +505,7 @@ do_setup() (
setup_docker_registry setup_docker_registry
echo "$INFO tinkerbell stack setup completed successfully on $lsb_dist server" echo "$INFO tinkerbell stack setup completed successfully on $lsb_dist server"
whats_next whats_next | tee /tmp/post-setup-message
) )
# wrapped up in a function so that we have some protection against only getting # wrapped up in a function so that we have some protection against only getting