Fix empty docker-compose in basebox (#81)

## Description

Ensures docker-compose is correctly downloaded.
Also adds some better debuggability to setup.sh and the vagrant provision script.
A bunch of misc clean ups following the boy scout rule (leave things better than you found them)

## Why is this needed

Fixes: #59 

## How Has This Been Tested?

`vagrant up provisioner` now works

## How are existing users impacted? What migration steps/scripts do we need?

Fixes a bug where the vagrant sandbox wasn't working.

## Checklist:

I have:

- [ ] updated the documentation and/or roadmap (if required)
- [ ] added unit or e2e tests
- [ ] provided instructions on how to upgrade
This commit is contained in:
mergify[bot] 2021-04-29 17:19:59 +00:00 committed by GitHub
commit 4add7eef56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 88 additions and 72 deletions

View File

@ -9,7 +9,8 @@ setup_docker() (
ca-certificates \
curl \
gnupg-agent \
software-properties-common
software-properties-common \
;
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
sudo apt-key add -
@ -22,16 +23,24 @@ setup_docker() (
sudo add-apt-repository "$repo"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo apt-get install -y \
containerd.io \
docker-ce \
docker-ce-cli \
;
)
setup_docker_compose() (
# from https://docs.docker.com/compose/install/
sudo curl -L \
"https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
setup_docker_compose() (
local name url
name=docker-compose-$(uname -s)-$(uname -m)
url=https://github.com/docker/compose/releases/download/1.26.0/$name
curl -fsSLO "$url"
curl -fsSLO "$url.sha256"
sha256sum -c <"$name.sha256"
rm -f "$name.sha256"
chmod +x "$name"
sudo mv "$name" /usr/local/bin/docker-compose
)
main() (
@ -45,3 +54,4 @@ main() (
)
main
sync # do not remove!

View File

@ -34,12 +34,12 @@ setup_nat() (
main() (
export DEBIAN_FRONTEND=noninteractive
if [ ! -f ./.env ]; then
if ! [[ -f ./.env ]]; then
./generate-env.sh eth1 >.env
fi
# shellcheck disable=SC1091
. ./.env
source ./.env
make_certs_writable
@ -51,6 +51,9 @@ main() (
secure_certs
configure_vagrant_user
set +x # don't want the stderr output from xtrace messing with the post-setup-message
[[ -f /tmp/post-setup-message ]] && cat /tmp/post-setup-message
)
main

View File

@ -14,7 +14,7 @@ ERR="${RED:-}ERROR:${RESET:-}"
source ./current_versions.sh
err() (
if [ -z "${1:-}" ]; then
if [[ -z ${1:-} ]]; then
cat >&2
else
echo "$ERR " "$@" >&2
@ -53,7 +53,8 @@ generate_env() (
tink_password=$(generate_password)
local registry_password
registry_password=$(generate_password)
cat <<EOF
cat <<-EOF
# Tinkerbell Stack version
export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK}
@ -94,7 +95,7 @@ EOF
)
main() (
if [ -z "${1:-}" ]; then
if [[ -z ${1:-} ]]; then
err "Usage: $0 network-interface-name > .env"
exit 1
fi

View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash
# stops the execution if a command or pipeline has an error
set -eu
set -euxo pipefail
# Tinkerbell stack Linux setup script
#
@ -38,7 +38,7 @@ NEXT="${GREEN:-}NEXT:${RESET:-}"
get_distribution() (
local lsb_dist=""
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
if [[ -r /etc/os-release ]]; then
# shellcheck disable=SC1091
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
@ -50,7 +50,7 @@ get_distribution() (
get_distro_version() (
local lsb_version="0"
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
if [[ -r /etc/os-release ]]; then
# shellcheck disable=SC1091
lsb_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
@ -112,10 +112,10 @@ setup_networking() (
fi
NAT_INTERFACE=""
if [ -r .nat_interface ]; then
if [[ -r .nat_interface ]]; then
NAT_INTERFACE=$(cat .nat_interface)
fi
if [ -n "$NAT_INTERFACE" ] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
if [[ -n $NAT_INTERFACE ]] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
# TODO(nshalman) the terraform code would just run these commands as-is once
# but it would be nice to make these more persistent based on OS
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
@ -135,10 +135,10 @@ setup_networking_manually() (
setup_network_forwarding() (
# enable IP forwarding for docker
if [ "$(sysctl -n net.ipv4.ip_forward)" != "1" ]; then
if [ -d /etc/sysctl.d ]; then
if (($(sysctl -n net.ipv4.ip_forward) != 1)); then
if [[ -d /etc/sysctl.d ]]; then
echo "net.ipv4.ip_forward=1" >/etc/sysctl.d/99-tinkerbell.conf
elif [ -f /etc/sysctl.conf ]; then
elif [[ -f /etc/sysctl.conf ]]; then
echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
fi
@ -171,7 +171,7 @@ setup_networking_netplan() (
)
setup_networking_ubuntu_legacy() (
if [ ! -f /etc/network/interfaces ]; then
if ! [[ -f /etc/network/interfaces ]]; then
echo "$ERR file /etc/network/interfaces not found"
exit 1
fi
@ -224,7 +224,7 @@ EOF
local cfgfile="/etc/sysconfig/network-scripts/ifcfg-$TINKERBELL_NETWORK_INTERFACE"
if [ -f "$cfgfile" ]; then
if [[ -f $cfgfile ]]; then
echo "$ERR network config already exists: $cfgfile"
echo "$BLANK Please update it to match this configuration:"
echo "$content"
@ -245,12 +245,12 @@ setup_osie() (
local osie_current=$STATEDIR/webroot/misc/osie/current
local tink_workflow=$STATEDIR/webroot/workflow/
if [ ! -d "$osie_current" ] || [ ! -d "$tink_workflow" ]; then
if [[ ! -d $osie_current ]] || [[ ! -d $tink_workflow ]]; then
mkdir -p "$osie_current"
mkdir -p "$tink_workflow"
pushd "$SCRATCH"
if [ -z "${TB_OSIE_TAR:-}" ]; then
if [[ -z ${TB_OSIE_TAR:-} ]]; then
curl "${OSIE_DOWNLOAD_LINK}" -o ./osie.tar.gz
tar -zxf osie.tar.gz
else
@ -305,7 +305,7 @@ check_container_status() (
--filter "event=health_status" \
--format '{{.Status}}')
if [ "$status" != "health_status: healthy" ]; then
if [[ $status != "health_status: healthy" ]]; then
echo "$ERR $container_name is not healthy. status: $status"
exit 1
fi
@ -314,7 +314,7 @@ check_container_status() (
generate_certificates() (
mkdir -p "$STATEDIR/certs"
if [ ! -f "$STATEDIR/certs/ca.json" ]; then
if ! [[ -f "$STATEDIR/certs/ca.json" ]]; then
jq \
'.
| .names[0].L = $facility
@ -325,7 +325,7 @@ generate_certificates() (
>"$STATEDIR/certs/ca.json"
fi
if [ ! -f "$STATEDIR/certs/server-csr.json" ]; then
if ! [[ -f "$STATEDIR/certs/server-csr.json" ]]; then
jq \
'.
| .hosts += [ $ip, "tinkerbell.\($facility).packet.net" ]
@ -347,13 +347,13 @@ generate_certificates() (
local certs_dir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
# copy public key to NGINX for workers
if ! cmp --quiet "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"; then
cp "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"
if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"; then
cp "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"
fi
# update host to trust registry certificate
if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$certs_dir/tinkerbell.crt"; then
if [ ! -d "$certs_dir/tinkerbell.crt" ]; then
if ! [[ -d "$certs_dir/" ]]; then
# The user will be told to create the directory
# in the next block, if copying the certs there
# fails.
@ -363,7 +363,7 @@ generate_certificates() (
echo "$ERR please copy $STATEDIR/certs/ca.pem to $certs_dir/tinkerbell.crt"
echo "$BLANK and run $0 again:"
if [ ! -d "$certs_dir" ]; then
if ! [[ -d $certs_dir ]]; then
echo "sudo mkdir -p '$certs_dir'"
fi
echo "sudo cp '$STATEDIR/certs/ca.pem' '$certs_dir/tinkerbell.crt'"
@ -406,7 +406,7 @@ bootstrap_docker_registry() (
setup_docker_registry() (
local registry_images="$STATEDIR/registry"
if [ ! -d "$registry_images" ]; then
if ! [[ -d $registry_images ]]; then
mkdir -p "$registry_images"
fi
start_registry
@ -427,13 +427,15 @@ command_exists() (
)
check_command() (
if command_exists "$1"; then
echo "$BLANK Found prerequisite: $1"
return 0
else
echo "$ERR Prerequisite command not installed: $1"
if ! command_exists "$1"; then
echo "$ERR Prerequisite executable command not found: $1"
return 1
fi
if ! [[ -s "$(which "$1")" ]]; then
echo "$ERR Prerequisite command is an empty file: $1"
fi
echo "$BLANK Found prerequisite: $1"
return 0
)
check_prerequisites() (
@ -469,7 +471,7 @@ check_prerequisites() (
;;
esac
if [ $failed -eq 1 ]; then
if ((failed == 1)); then
echo "$ERR Prerequisites not met. Please install the missing commands and re-run $0."
exit 1
fi
@ -477,7 +479,7 @@ check_prerequisites() (
whats_next() (
echo "$NEXT 1. Enter /vagrant/deploy and run: source ../.env; docker-compose up -d"
echo "$BLANK 2. Try executing your fist workflow."
echo "$BLANK 2. Try executing your first workflow."
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
)
@ -489,7 +491,7 @@ do_setup() (
echo "$INFO starting tinkerbell stack setup"
check_prerequisites "$lsb_dist" "$lsb_version"
if [ ! -f "$ENV_FILE" ]; then
if ! [[ -f $ENV_FILE ]]; then
echo "$ERR Run './generate-env.sh network-interface > \"$ENV_FILE\"' before continuing."
exit 1
fi
@ -503,7 +505,7 @@ do_setup() (
setup_docker_registry
echo "$INFO tinkerbell stack setup completed successfully on $lsb_dist server"
whats_next
whats_next | tee /tmp/post-setup-message
)
# wrapped up in a function so that we have some protection against only getting