djpbessems/Tinkerbell.Sandbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: djpbessems:master
Branches Tags
djpbessems:master
djpbessems:one-touch-sandbox
djpbessems:feat/proxy-quay-tinkerbell-actions
djpbessems:revert-osie
djpbessems:bump/v0.5.0
djpbessems:feat/new-bump-command-utility
djpbessems:getbinaries-fix-transport
djpbessems:chore/bump-tink-stack
djpbessems:feature/single-version-place
djpbessems:vagrantfile-env-fixes-0
djpbessems:fix/terraform-version
djpbessems:chore/terraform
djpbessems:v0.5.0
djpbessems:v0.4.0
djpbessems:v0.3.0
djpbessems:v0.2.1
djpbessems:v0.2.0
djpbessems:v0.1.0
..
compare: djpbessems:feat/proxy-quay-tinkerbell-actions
Branches Tags
djpbessems:one-touch-sandbox
djpbessems:master
djpbessems:feat/proxy-quay-tinkerbell-actions
djpbessems:revert-osie
djpbessems:bump/v0.5.0
djpbessems:feat/new-bump-command-utility
djpbessems:getbinaries-fix-transport
djpbessems:chore/bump-tink-stack
djpbessems:feature/single-version-place
djpbessems:vagrantfile-env-fixes-0
djpbessems:fix/terraform-version
djpbessems:chore/terraform
djpbessems:v0.5.0
djpbessems:v0.4.0
djpbessems:v0.3.0
djpbessems:v0.2.1
djpbessems:v0.2.0
djpbessems:v0.1.0

1 Commits
master ... feat/proxy

Author SHA1 Message Date
Gianluca Arbezzano
beddcd2a80 Reconfigure the registry to proxy quay.io/tinkerbell-actions 
We need a way to simplify pull from `quay.io/tinkerbell-actions`, the
location for the reusable actions we release.

https://artifacthub.io/packages/search?kind=4

All the images are proxies via an internal registry. This commit
configures it to look at the images hosted in
`quay.io/tinkerbell-actions` when there is not one in the internal
registry and it proxies.

For example:

    $ docker pull 192.168.1.1/tinkerbell-actions/rootio:v1.0.0

    v1.0.0: Pulling from tinkerbell-actions/rootio
    b5b0f03f0cb8: Pull complete
    48742f086697: Pull complete
    06d27b65800a: Pull complete
    3281556401c6: Pull complete
    b94e835dc9fd: Pull complete
    Digest: sha256:ec9855556388a690cad2535cf813f69cffa6df24476aedb16b3cdfc0d809492c
    Status: Downloaded newer image for 192.168.1.1/tinkerbell-actions/rootio:v1.0.0
    192.168.1.1/tinkerbell-actions/rootio:v1.0.0

Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
 2021-03-29 12:53:13 +02:00
16 changed files with 187 additions and 297 deletions
Show Stats Expand all files Collapse all files

6
CODEOWNERS Normal file
View File

@ -0,0 +1,6 @@
# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence,
# @global-owner1 and @global-owner2 will be requested for
# review when someone opens a pull request.
* @gauravgahlot @gianarb

45
CONTRIBUTING.md
View File

@ -1,45 +0,0 @@
## Hello Contributors!
Thanks for your interest!
We're so glad you're here.
### Important Resources
#### bugs: [https://github.com/tinkerbell/sandbox/issues](https://github.com/tinkerbell/sandbox/issues)
### Code of Conduct
Please read and understand the code of conduct found [here](https://github.com/tinkerbell/.github/blob/master/CODE_OF_CONDUCT.md).
### DCO Sign Off
Please read and understand the DCO found [here](docs/DCO.md).
### Environment Details
Building is handled by `make`, please see the [Makefile](Makefile) for available targets.
#### Nix
This repo's build environment can be reproduced using `nix`.
##### Install Nix
Follow the [Nix installation](https://nixos.org/download.html) guide to setup Nix on your box.
##### Load Dependencies
Loading build dependencies is as simple as running `nix-shell` or using [lorri](https://github.com/nix-community/lorri).
If you have `direnv` installed the included `.envrc` will make that step automatic.
### How to Submit Change Requests
Please submit change requests and / or features via [Issues](https://github.com/tinkerbell/sandbox/issues).
There's no guarantee it'll be changed, but you never know until you try.
We'll try to add comments as soon as possible, though.
### How to Report a Bug
Bugs are problems in code, in the functionality of an application or in its UI design; you can submit them through [Issues](https://github.com/tinkerbell/sandbox/issues).
## Code Style Guides

2
cmd/bump-version/main.go
View File

@ -59,7 +59,7 @@ const headerFile = `#!/bin/bash
# This file is generated by an utility called bump-version in # This file is generated by an utility called bump-version in
# tinkerbell/sandbox. # tinkerbell/sandbox.
# This file gets used from generate-env.sh but it is also used standalone by # This file gets used from generate-envrc.sh but it is also used standalone by
# automation that wants to get the version of the programs currently supported # automation that wants to get the version of the programs currently supported
# in sandbox # in sandbox

2
current_versions.sh
View File

@ -2,7 +2,7 @@
# This file is generated by an utility called bump-version in # This file is generated by an utility called bump-version in
# tinkerbell/sandbox. # tinkerbell/sandbox.
# This file gets used from generate-env.sh but it is also used standalone by # This file gets used from generate-envrc.sh but it is also used standalone by
# automation that wants to get the version of the programs currently supported # automation that wants to get the version of the programs currently supported
# in sandbox # in sandbox

1
deploy/registry/Dockerfile
View File

@ -4,4 +4,5 @@ ARG REGISTRY_USERNAME
ARG REGISTRY_PASSWORD ARG REGISTRY_PASSWORD
RUN mkdir -p /certs /auth RUN mkdir -p /certs /auth
RUN htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > /auth/htpasswd RUN htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > /auth/htpasswd
ADD config.yml /etc/docker/registry/config.yml
EXPOSE 443 EXPOSE 443

22
deploy/registry/config.yml Normal file
View File

@ -0,0 +1,22 @@
version: 0.1
proxy:
remoteurl: https://quay.io/tinkerbell-actions
log:
accesslog:
disabled: true
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

13
deploy/terraform/main.tf
View File

@ -57,8 +57,8 @@ resource "null_resource" "tink_directory" {
} }
provisioner "file" { provisioner "file" {
source = "../../generate-env.sh" source = "../../generate-envrc.sh"
destination = "/root/tink/generate-env.sh" destination = "/root/tink/generate-envrc.sh"
} }
provisioner "file" { provisioner "file" {
@ -71,9 +71,12 @@ resource "null_resource" "tink_directory" {
destination = "/root/tink" destination = "/root/tink"
} }
provisioner "file" { provisioner "remote-exec" {
source = "nat_interface" inline = [
destination = "/root/tink/.nat_interface" "iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
]
} }
provisioner "remote-exec" { provisioner "remote-exec" {

1
deploy/terraform/nat_interface
View File

@ -1 +0,0 @@
bond0

2
deploy/vagrant/Vagrantfile vendored
View File

@ -26,7 +26,7 @@ Vagrant.configure('2') do |config|
config.vm.define :provisioner do |provisioner| config.vm.define :provisioner do |provisioner|
provisioner.vm.box = "tinkerbelloss/sandbox-ubuntu1804" provisioner.vm.box = "tinkerbelloss/sandbox-ubuntu1804"
provisioner.vm.box_version = "0.2.0" provisioner.vm.box_version = "0.1.0"
provisioner.vm.hostname = 'provisioner' provisioner.vm.hostname = 'provisioner'
provisioner.vm.synced_folder './../../', '/vagrant' provisioner.vm.synced_folder './../../', '/vagrant'
provisioner.vm.provision :shell, provisioner.vm.provision :shell,

26
deploy/vagrant/basebox/ubuntu1804/provision.sh
View File

@ -9,8 +9,7 @@ setup_docker() (
ca-certificates \ ca-certificates \
curl \ curl \
gnupg-agent \ gnupg-agent \
software-properties-common \ software-properties-common
;
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
sudo apt-key add - sudo apt-key add -
@ -23,24 +22,16 @@ setup_docker() (
sudo add-apt-repository "$repo" sudo add-apt-repository "$repo"
sudo apt-get update sudo apt-get update
sudo apt-get install -y \ sudo apt-get install -y docker-ce docker-ce-cli containerd.io
containerd.io \
docker-ce \
docker-ce-cli \
;
) )
# from https://docs.docker.com/compose/install/
setup_docker_compose() ( setup_docker_compose() (
local name url # from https://docs.docker.com/compose/install/
name=docker-compose-$(uname -s)-$(uname -m) sudo curl -L \
url=https://github.com/docker/compose/releases/download/1.26.0/$name "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" \
curl -fsSLO "$url" -o /usr/local/bin/docker-compose
curl -fsSLO "$url.sha256"
sha256sum -c <"$name.sha256" sudo chmod +x /usr/local/bin/docker-compose
rm -f "$name.sha256"
chmod +x "$name"
sudo mv "$name" /usr/local/bin/docker-compose
) )
main() ( main() (
@ -54,4 +45,3 @@ main() (
) )
main main
sync # do not remove!

9
deploy/vagrant/scripts/tinkerbell.sh
View File

@ -34,12 +34,12 @@ setup_nat() (
main() ( main() (
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
if ! [[ -f ./.env ]]; then if [ ! -f ./.env ]; then
./generate-env.sh eth1 >.env ./generate-envrc.sh eth1 >.env
fi fi
# shellcheck disable=SC1091 # shellcheck disable=SC1091
source ./.env . ./.env
make_certs_writable make_certs_writable
@ -51,9 +51,6 @@ main() (
secure_certs secure_certs
configure_vagrant_user configure_vagrant_user
set +x # don't want the stderr output from xtrace messing with the post-setup-message
[[ -f /tmp/post-setup-message ]] && cat /tmp/post-setup-message
) )
main main

62
docs/DCO.md
View File

@ -1,62 +0,0 @@
# DCO Sign Off
All authors to the project retain copyright to their work. However, to ensure
that they are only submitting work that they have rights to, we are requiring
everyone to acknowledge this by signing their work.
Since this signature indicates your rights to the contribution and
certifies the statements below, it must contain your real name and
email address. Various forms of noreply email address must not be used.
Any copyright notices in this repository should specify the authors as "The
project authors".
To sign your work, just add a line like this at the end of your commit message:
```text
Signed-off-by: Jess Owens <jowens@tinkerbell.org>
```
This can easily be done with the `--signoff` option to `git commit`.
By doing this you state that you can certify the following (from [https://developercertificate.org/][1]):
```text
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
```

110
generate-env.sh
View File

@ -1,110 +0,0 @@
#!/usr/bin/env bash
# stops the execution if a command or pipeline has an error
set -eu
if command -v tput >/dev/null && tput setaf 1 >/dev/null 2>&1; then
# color codes
RED="$(tput setaf 1)"
RESET="$(tput sgr0)"
fi
ERR="${RED:-}ERROR:${RESET:-}"
source ./current_versions.sh
err() (
if [[ -z ${1:-} ]]; then
cat >&2
else
echo "$ERR " "$@" >&2
fi
)
candidate_interfaces() (
ip -o link show |
awk -F': ' '{print $2}' |
sed 's/[ \t].*//;/^\(lo\|bond0\|\|\)$/d' |
sort
)
validate_tinkerbell_network_interface() (
local tink_interface=$1
if ! candidate_interfaces | grep -q "^$tink_interface$"; then
err "Invalid interface ($tink_interface) selected, must be one of:"
candidate_interfaces | err
return 1
else
return 0
fi
)
generate_password() (
head -c 12 /dev/urandom | sha256sum | cut -d' ' -f1
)
generate_env() (
local tink_interface=$1
validate_tinkerbell_network_interface "$tink_interface"
local tink_password
tink_password=$(generate_password)
local registry_password
registry_password=$(generate_password)
cat <<-EOF
# Tinkerbell Stack version
export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK}
export TINKERBELL_TINK_SERVER_IMAGE=${TINKERBELL_TINK_SERVER_IMAGE}
export TINKERBELL_TINK_CLI_IMAGE=${TINKERBELL_TINK_CLI_IMAGE}
export TINKERBELL_TINK_BOOTS_IMAGE=${TINKERBELL_TINK_BOOTS_IMAGE}
export TINKERBELL_TINK_HEGEL_IMAGE=${TINKERBELL_TINK_HEGEL_IMAGE}
export TINKERBELL_TINK_WORKER_IMAGE=${TINKERBELL_TINK_WORKER_IMAGE}
# Network interface for Tinkerbell's network
export TINKERBELL_NETWORK_INTERFACE="$tink_interface"
# Decide on a subnet for provisioning. Tinkerbell should "own" this
# network space. Its subnet should be just large enough to be able
# to provision your hardware.
export TINKERBELL_CIDR=${TINKERBELL_CIDR:-"29"}
# Host IP is used by provisioner to expose different services such as
# tink, boots, etc.
#
# The host IP should the first IP in the range, and the Nginx IP
# should be the second address.
export TINKERBELL_HOST_IP=${TINKERBELL_HOST_IP:-"192.168.1.1"}
# Tink server username and password
export TINKERBELL_TINK_USERNAME=admin
export TINKERBELL_TINK_PASSWORD="$tink_password"
# Docker Registry's username and password
export TINKERBELL_REGISTRY_USERNAME=admin
export TINKERBELL_REGISTRY_PASSWORD="$registry_password"
# Tink cli options
export TINKERBELL_GRPC_AUTHORITY=${TINKERBELL_HOST_IP:-"192.168.1.1"}:42113
export TINKERBELL_CERT_URL=http://${TINKERBELL_HOST_IP:-"192.168.1.1"}:42114/cert
# Legacy options, to be deleted:
export FACILITY=onprem
export ROLLBAR_TOKEN=ignored
export ROLLBAR_DISABLE=1
EOF
)
main() (
if [[ -z ${1:-} ]]; then
err "Usage: $0 network-interface-name > .env"
exit 1
fi
generate_env "$1"
)
main "$@"

105
generate-envrc.sh Executable file
View File

@ -0,0 +1,105 @@
#!/usr/bin/env bash
# stops the execution if a command or pipeline has an error
set -eu
if command -v tput >/dev/null && tput setaf 1 >/dev/null 2>&1; then
# color codes
RED="$(tput setaf 1)"
RESET="$(tput sgr0)"
fi
ERR="${RED:-}ERROR:${RESET:-}"
source ./current_versions.sh
err() (
if [ -z "${1:-}" ]; then
cat >&2
else
echo "$ERR " "$@" >&2
fi
)
candidate_interfaces() (
ip -o link show |
awk -F': ' '{print $2}' |
sed 's/[ \t].*//;/^\(lo\|bond0\|\|\)$/d' |
sort
)
validate_tinkerbell_network_interface() (
local tink_interface=$1
if ! candidate_interfaces | grep -q "^$tink_interface$"; then
err "Invalid interface ($tink_interface) selected, must be one of:"
candidate_interfaces | err
return 1
else
return 0
fi
)
generate_password() (
head -c 12 /dev/urandom | sha256sum | cut -d' ' -f1
)
generate_envrc() (
local tink_interface=$1
validate_tinkerbell_network_interface "$tink_interface"
local tink_password
tink_password=$(generate_password)
local registry_password
registry_password=$(generate_password)
cat <<EOF
# Tinkerbell Stack version
export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK}
export TINKERBELL_TINK_SERVER_IMAGE=${TINKERBELL_TINK_SERVER_IMAGE}
export TINKERBELL_TINK_CLI_IMAGE=${TINKERBELL_TINK_CLI_IMAGE}
export TINKERBELL_TINK_BOOTS_IMAGE=${TINKERBELL_TINK_BOOTS_IMAGE}
export TINKERBELL_TINK_HEGEL_IMAGE=${TINKERBELL_TINK_HEGEL_IMAGE}
export TINKERBELL_TINK_WORKER_IMAGE=${TINKERBELL_TINK_WORKER_IMAGE}
# Network interface for Tinkerbell's network
export TINKERBELL_NETWORK_INTERFACE="$tink_interface"
# Decide on a subnet for provisioning. Tinkerbell should "own" this
# network space. Its subnet should be just large enough to be able
# to provision your hardware.
export TINKERBELL_CIDR=29
# Host IP is used by provisioner to expose different services such as
# tink, boots, etc.
#
# The host IP should the first IP in the range, and the Nginx IP
# should be the second address.
export TINKERBELL_HOST_IP=192.168.1.1
# Tink server username and password
export TINKERBELL_TINK_USERNAME=admin
export TINKERBELL_TINK_PASSWORD="$tink_password"
# Docker Registry's username and password
export TINKERBELL_REGISTRY_USERNAME=admin
export TINKERBELL_REGISTRY_PASSWORD="$registry_password"
# Legacy options, to be deleted:
export FACILITY=onprem
export ROLLBAR_TOKEN=ignored
export ROLLBAR_DISABLE=1
EOF
)
main() (
if [ -z "${1:-}" ]; then
err "Usage: $0 network-interface-name > .env"
exit 1
fi
generate_envrc "$1"
)
main "$@"

76
setup.sh
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# stops the execution if a command or pipeline has an error # stops the execution if a command or pipeline has an error
set -euxo pipefail set -eu
# Tinkerbell stack Linux setup script # Tinkerbell stack Linux setup script
# #
@ -38,7 +38,7 @@ NEXT="${GREEN:-}NEXT:${RESET:-}"
get_distribution() ( get_distribution() (
local lsb_dist="" local lsb_dist=""
# Every system that we officially support has /etc/os-release # Every system that we officially support has /etc/os-release
if [[ -r /etc/os-release ]]; then if [ -r /etc/os-release ]; then
# shellcheck disable=SC1091 # shellcheck disable=SC1091
lsb_dist="$(. /etc/os-release && echo "$ID")" lsb_dist="$(. /etc/os-release && echo "$ID")"
fi fi
@ -50,7 +50,7 @@ get_distribution() (
get_distro_version() ( get_distro_version() (
local lsb_version="0" local lsb_version="0"
# Every system that we officially support has /etc/os-release # Every system that we officially support has /etc/os-release
if [[ -r /etc/os-release ]]; then if [ -r /etc/os-release ]; then
# shellcheck disable=SC1091 # shellcheck disable=SC1091
lsb_version="$(. /etc/os-release && echo "$VERSION_ID")" lsb_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi fi
@ -110,18 +110,6 @@ setup_networking() (
else else
echo "$ERR tinkerbell network interface configuration failed" echo "$ERR tinkerbell network interface configuration failed"
fi fi
NAT_INTERFACE=""
if [[ -r .nat_interface ]]; then
NAT_INTERFACE=$(cat .nat_interface)
fi
if [[ -n $NAT_INTERFACE ]] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
# TODO(nshalman) the terraform code would just run these commands as-is once
# but it would be nice to make these more persistent based on OS
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
iptables -A FORWARD -i "$NAT_INTERFACE" -o "$TINKERBELL_NETWORK_INTERFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
fi
) )
setup_networking_manually() ( setup_networking_manually() (
@ -135,10 +123,10 @@ setup_networking_manually() (
setup_network_forwarding() ( setup_network_forwarding() (
# enable IP forwarding for docker # enable IP forwarding for docker
if (($(sysctl -n net.ipv4.ip_forward) != 1)); then if [ "$(sysctl -n net.ipv4.ip_forward)" != "1" ]; then
if [[ -d /etc/sysctl.d ]]; then if [ -d /etc/sysctl.d ]; then
echo "net.ipv4.ip_forward=1" >/etc/sysctl.d/99-tinkerbell.conf echo "net.ipv4.ip_forward=1" >/etc/sysctl.d/99-tinkerbell.conf
elif [[ -f /etc/sysctl.conf ]]; then elif [ -f /etc/sysctl.conf ]; then
echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
fi fi
@ -171,7 +159,7 @@ setup_networking_netplan() (
) )
setup_networking_ubuntu_legacy() ( setup_networking_ubuntu_legacy() (
if ! [[ -f /etc/network/interfaces ]]; then if [ ! -f /etc/network/interfaces ]; then
echo "$ERR file /etc/network/interfaces not found" echo "$ERR file /etc/network/interfaces not found"
exit 1 exit 1
fi fi
@ -224,7 +212,7 @@ EOF
local cfgfile="/etc/sysconfig/network-scripts/ifcfg-$TINKERBELL_NETWORK_INTERFACE" local cfgfile="/etc/sysconfig/network-scripts/ifcfg-$TINKERBELL_NETWORK_INTERFACE"
if [[ -f $cfgfile ]]; then if [ -f "$cfgfile" ]; then
echo "$ERR network config already exists: $cfgfile" echo "$ERR network config already exists: $cfgfile"
echo "$BLANK Please update it to match this configuration:" echo "$BLANK Please update it to match this configuration:"
echo "$content" echo "$content"
@ -245,12 +233,12 @@ setup_osie() (
local osie_current=$STATEDIR/webroot/misc/osie/current local osie_current=$STATEDIR/webroot/misc/osie/current
local tink_workflow=$STATEDIR/webroot/workflow/ local tink_workflow=$STATEDIR/webroot/workflow/
if [[ ! -d $osie_current ]] || [[ ! -d $tink_workflow ]]; then if [ ! -d "$osie_current" ] || [ ! -d "$tink_workflow" ]; then
mkdir -p "$osie_current" mkdir -p "$osie_current"
mkdir -p "$tink_workflow" mkdir -p "$tink_workflow"
pushd "$SCRATCH" pushd "$SCRATCH"
if [[ -z ${TB_OSIE_TAR:-} ]]; then if [ -z "${TB_OSIE_TAR:-}" ]; then
curl "${OSIE_DOWNLOAD_LINK}" -o ./osie.tar.gz curl "${OSIE_DOWNLOAD_LINK}" -o ./osie.tar.gz
tar -zxf osie.tar.gz tar -zxf osie.tar.gz
else else
@ -305,7 +293,7 @@ check_container_status() (
--filter "event=health_status" \ --filter "event=health_status" \
--format '{{.Status}}') --format '{{.Status}}')
if [[ $status != "health_status: healthy" ]]; then if [ "$status" != "health_status: healthy" ]; then
echo "$ERR $container_name is not healthy. status: $status" echo "$ERR $container_name is not healthy. status: $status"
exit 1 exit 1
fi fi
@ -314,7 +302,7 @@ check_container_status() (
generate_certificates() ( generate_certificates() (
mkdir -p "$STATEDIR/certs" mkdir -p "$STATEDIR/certs"
if ! [[ -f "$STATEDIR/certs/ca.json" ]]; then if [ ! -f "$STATEDIR/certs/ca.json" ]; then
jq \ jq \
'. '.
| .names[0].L = $facility | .names[0].L = $facility
@ -325,7 +313,7 @@ generate_certificates() (
>"$STATEDIR/certs/ca.json" >"$STATEDIR/certs/ca.json"
fi fi
if ! [[ -f "$STATEDIR/certs/server-csr.json" ]]; then if [ ! -f "$STATEDIR/certs/server-csr.json" ]; then
jq \ jq \
'. '.
| .hosts += [ $ip, "tinkerbell.\($facility).packet.net" ] | .hosts += [ $ip, "tinkerbell.\($facility).packet.net" ]
@ -347,13 +335,13 @@ generate_certificates() (
local certs_dir="/etc/docker/certs.d/$TINKERBELL_HOST_IP" local certs_dir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
# copy public key to NGINX for workers # copy public key to NGINX for workers
if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"; then if ! cmp --quiet "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"; then
cp "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem" cp "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"
fi fi
# update host to trust registry certificate # update host to trust registry certificate
if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$certs_dir/tinkerbell.crt"; then if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$certs_dir/tinkerbell.crt"; then
if ! [[ -d "$certs_dir/" ]]; then if [ ! -d "$certs_dir/tinkerbell.crt" ]; then
# The user will be told to create the directory # The user will be told to create the directory
# in the next block, if copying the certs there # in the next block, if copying the certs there
# fails. # fails.
@ -363,7 +351,7 @@ generate_certificates() (
echo "$ERR please copy $STATEDIR/certs/ca.pem to $certs_dir/tinkerbell.crt" echo "$ERR please copy $STATEDIR/certs/ca.pem to $certs_dir/tinkerbell.crt"
echo "$BLANK and run $0 again:" echo "$BLANK and run $0 again:"
if ! [[ -d $certs_dir ]]; then if [ ! -d "$certs_dir" ]; then
echo "sudo mkdir -p '$certs_dir'" echo "sudo mkdir -p '$certs_dir'"
fi fi
echo "sudo cp '$STATEDIR/certs/ca.pem' '$certs_dir/tinkerbell.crt'" echo "sudo cp '$STATEDIR/certs/ca.pem' '$certs_dir/tinkerbell.crt'"
@ -406,7 +394,7 @@ bootstrap_docker_registry() (
setup_docker_registry() ( setup_docker_registry() (
local registry_images="$STATEDIR/registry" local registry_images="$STATEDIR/registry"
if ! [[ -d $registry_images ]]; then if [ ! -d "$registry_images" ]; then
mkdir -p "$registry_images" mkdir -p "$registry_images"
fi fi
start_registry start_registry
@ -427,15 +415,13 @@ command_exists() (
) )
check_command() ( check_command() (
if ! command_exists "$1"; then if command_exists "$1"; then
echo "$ERR Prerequisite executable command not found: $1" echo "$BLANK Found prerequisite: $1"
return 0
else
echo "$ERR Prerequisite command not installed: $1"
return 1 return 1
fi fi
if ! [[ -s "$(which "$1")" ]]; then
echo "$ERR Prerequisite command is an empty file: $1"
fi
echo "$BLANK Found prerequisite: $1"
return 0
) )
check_prerequisites() ( check_prerequisites() (
@ -471,15 +457,15 @@ check_prerequisites() (
;; ;;
esac esac
if ((failed == 1)); then if [ $failed -eq 1 ]; then
echo "$ERR Prerequisites not met. Please install the missing commands and re-run $0." echo "$ERR Prerequisites not met. Please install the missing commands and re-run $0."
exit 1 exit 1
fi fi
) )
whats_next() ( whats_next() (
echo "$NEXT 1. Enter /deploy and run: source ../.env; docker-compose up -d" echo "$NEXT 1. Enter /vagrant/deploy and run: source ../.env; docker-compose up -d"
echo "$BLANK 2. Try executing your first workflow." echo "$BLANK 2. Try executing your fist workflow."
echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow." echo "$BLANK Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
) )
@ -491,23 +477,21 @@ do_setup() (
echo "$INFO starting tinkerbell stack setup" echo "$INFO starting tinkerbell stack setup"
check_prerequisites "$lsb_dist" "$lsb_version" check_prerequisites "$lsb_dist" "$lsb_version"
if ! [[ -f $ENV_FILE ]]; then if [ ! -f "$ENV_FILE" ]; then
echo "$ERR Run './generate-env.sh network-interface > \"$ENV_FILE\"' before continuing." echo "$ERR Run './generate-envrc.sh network-interface > \"$ENV_FILE\"' before continuing."
exit 1 exit 1
fi fi
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "$ENV_FILE" source "$ENV_FILE"
if [[ -z $TINKERBELL_SKIP_NETWORKING ]]; then setup_networking "$lsb_dist" "$lsb_version"
setup_networking "$lsb_dist" "$lsb_version"
fi
setup_osie setup_osie
generate_certificates generate_certificates
setup_docker_registry setup_docker_registry
echo "$INFO tinkerbell stack setup completed successfully on $lsb_dist server" echo "$INFO tinkerbell stack setup completed successfully on $lsb_dist server"
whats_next | tee /tmp/post-setup-message whats_next
) )
# wrapped up in a function so that we have some protection against only getting # wrapped up in a function so that we have some protection against only getting

2
shell.nix
View File

@ -14,5 +14,5 @@ in
with pkgs; with pkgs;
mkShell { mkShell {
buildInputs = [ go nodePackages.prettier jq shellcheck shfmt terraform_0_14 gpgme packer vagrant ]; buildInputs = [ go nodePackages.prettier shellcheck shfmt terraform_0_14 gpgme packer vagrant ];
} }