From fe6e5d59f3c2e5e94f75f33ad0b3c3e5371769ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Thu, 4 May 2023 15:01:39 +0000 Subject: [PATCH 01/11] chore(devcontainer): update spell-check dictionary --- .vscode/cspell_custom.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.vscode/cspell_custom.txt b/.vscode/cspell_custom.txt index 267ea34..c72b051 100644 --- a/.vscode/cspell_custom.txt +++ b/.vscode/cspell_custom.txt @@ -2,7 +2,9 @@ devcontainer devcontainers ENDCOLOR ensurepath +getent gitmessage +keygen minica pipx rvproxy From 717998b801729ee6170c92514b5052ca6fcf1c2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Thu, 4 May 2023 15:02:05 +0000 Subject: [PATCH 02/11] feat: create ssh key for automation tasks includes refactoring for build process --- forge-pod.yml | 19 ++++++++++++++----- minica/Containerfile | 11 +++++++---- minica/certificates.sh | 21 +++++++++++++++++++++ rvproxy/Caddyfile | 2 +- setup/Containerfile | 14 +++++++------- 5 files changed, 50 insertions(+), 17 deletions(-) create mode 100644 minica/certificates.sh diff --git a/forge-pod.yml b/forge-pod.yml index 2f8a1c8..b97f31f 100644 --- a/forge-pod.yml +++ b/forge-pod.yml @@ -7,9 +7,9 @@ metadata: spec: restartPolicy: Always volumes: - - name: ublue-os_forge-minica-pvc + - name: ublue-os_forge-certs-pvc persistentVolumeClaim: - claimName: ublue-os_forge-minica + claimName: ublue-os_forge-certs - name: ublue-os_forge-registry-pvc persistentVolumeClaim: @@ -28,7 +28,7 @@ spec: cpu: 200m volumeMounts: - mountPath: /certs - name: ublue-os_forge-minica-pvc + name: ublue-os_forge-certs-pvc ports: - containerPort: 443 hostPort: 443 @@ -42,7 +42,7 @@ spec: cpu: 200m volumeMounts: - mountPath: /certs - name: ublue-os_forge-minica-pvc + name: ublue-os_forge-certs-pvc subPath: _.ublue.local - mountPath: /var/lib/registry name: ublue-os_forge-registry-pvc @@ -59,12 +59,21 @@ spec: volumeMounts: - mountPath: /var/lib/semaphore name: ublue-os_forge-semaphore-pvc + - mountPath: /certs + subPath: ssh + name: ublue-os_forge-certs-pvc + readOnly: true ports: - containerPort: 3000 protocol: TCP - name: setup.ublue.local image: setup + volumeMounts: + - mountPath: /certs + subPath: ssh + name: ublue-os_forge-certs-pvc + readOnly: true resources: limits: memory: 512Mi @@ -75,4 +84,4 @@ spec: image: minica volumeMounts: - mountPath: /certs - name: ublue-os_forge-minica-pvc + name: ublue-os_forge-certs-pvc diff --git a/minica/Containerfile b/minica/Containerfile index ef38695..228cc03 100644 --- a/minica/Containerfile +++ b/minica/Containerfile @@ -1,10 +1,13 @@ # Source Image FROM docker.io/library/golang:1.20 +# Copy script +WORKDIR /certs +COPY certificates.sh . +RUN chmod +x ./certificates.sh + # Install minica RUN go install github.com/jsha/minica@latest -# Generate wildcard certificate -WORKDIR /certs -RUN minica --domains "*.ublue.local,ublue.local,localhost" \ - --ip-addresses 127.0.0.1 +# Container start command +CMD ["/certs/certificates.sh"] \ No newline at end of file diff --git a/minica/certificates.sh b/minica/certificates.sh new file mode 100644 index 0000000..a287b2e --- /dev/null +++ b/minica/certificates.sh @@ -0,0 +1,21 @@ +#!/bin/sh +## Create SSH keys and certificates for uBlue-OS Forge + +CERTIFICATE_DIRECTORY="/certs" +SSH_KEY_NAME="ublue-os_forge-id_ed25519" +TLS_ROOT_CERTIFICATE_NAME="ublue-os_forge-root" + +if [ ! -f ${CERTIFICATE_DIRECTORY}/ssh/${SSH_KEY_NAME} ]; +then + echo "uBlue Forge SSH key not present. Creating new key..." + mkdir ${CERTIFICATE_DIRECTORY}/ssh -p + mkdir ${CERTIFICATE_DIRECTORY}/tls -p + # Generate SSH key + ssh-keygen -o -a 100 -t ed25519 -f ${CERTIFICATE_DIRECTORY}/ssh/${SSH_KEY_NAME} -C "forge@ublue.local" +else + echo "Existing uBlue Forge SSH key found. Nothing to do..." +fi + +# Creating TLS certificates +echo "Creating / Updating TLS certificate..." +minica --domains "*.ublue.local,ublue.local,localhost" --ip-addresses 127.0.0.1 -ca-cert "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}.pem" -ca-key "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}-key.pem" diff --git a/rvproxy/Caddyfile b/rvproxy/Caddyfile index 83853e1..c217b97 100644 --- a/rvproxy/Caddyfile +++ b/rvproxy/Caddyfile @@ -16,7 +16,7 @@ reverse_proxy ublue-os_forge-registry.ublue.local:5000 { transport http { tls - tls_trusted_ca_certs /certs/minica.pem + tls_trusted_ca_certs /certs/tls/ublue-os_forge-root.pem } } } diff --git a/setup/Containerfile b/setup/Containerfile index 545679f..a8f759e 100644 --- a/setup/Containerfile +++ b/setup/Containerfile @@ -1,11 +1,11 @@ # Source Image FROM docker.io/library/python:alpine3.17 -# Install forge setup project -COPY ./ansible /ansible -RUN pip3 install -r /ansible/requirements.txt -RUN chmod +x /ansible/startup.sh - -# Run starup script +# Install ansible setup project WORKDIR /ansible -CMD ["./startup.sh"] +COPY ./ansible . +RUN pip3 install -r ./requirements.txt +RUN chmod +x ./startup.sh + +# Container start command +CMD ["/ansible/startup.sh"] From 258a1ce7f729744fbb2bcff42787e784d2627a68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Thu, 4 May 2023 17:04:24 +0000 Subject: [PATCH 03/11] fix: ini container fails on normal startup --- minica/certificates.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/minica/certificates.sh b/minica/certificates.sh index a287b2e..d1e5a02 100644 --- a/minica/certificates.sh +++ b/minica/certificates.sh @@ -9,7 +9,6 @@ if [ ! -f ${CERTIFICATE_DIRECTORY}/ssh/${SSH_KEY_NAME} ]; then echo "uBlue Forge SSH key not present. Creating new key..." mkdir ${CERTIFICATE_DIRECTORY}/ssh -p - mkdir ${CERTIFICATE_DIRECTORY}/tls -p # Generate SSH key ssh-keygen -o -a 100 -t ed25519 -f ${CERTIFICATE_DIRECTORY}/ssh/${SSH_KEY_NAME} -C "forge@ublue.local" else @@ -17,5 +16,12 @@ else fi # Creating TLS certificates -echo "Creating / Updating TLS certificate..." -minica --domains "*.ublue.local,ublue.local,localhost" --ip-addresses 127.0.0.1 -ca-cert "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}.pem" -ca-key "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}-key.pem" +if [ ! -f ${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}.pem ]; +then + echo "uBlue Forge TLS root not certificate present. Creating new certificates..." + mkdir ${CERTIFICATE_DIRECTORY}/tls -p + # Generate TLS certificates + minica --domains "*.ublue.local,ublue.local,localhost" --ip-addresses 127.0.0.1 -ca-cert "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}.pem" -ca-key "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}-key.pem" +else + echo "Existing uBlue Forge TLS root certificate found. Nothing to do..." +fi From 83379a0d7272341523ca50b5b006637bb33a8d1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Thu, 4 May 2023 17:05:33 +0000 Subject: [PATCH 04/11] feat: manage forge with one command (#14) --- README.md | 10 ++++++++-- forge.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ setup.sh | 4 ---- 3 files changed, 50 insertions(+), 6 deletions(-) create mode 100755 forge.sh delete mode 100755 setup.sh diff --git a/README.md b/README.md index 9917880..927a69c 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,12 @@ You can use the the user `ublue` and password `ublue` to login. > At the moment there's only a dummy project included. Tasks for real life usage > will be included soon. -## Firing Up the Forge +## Handling the forge -To heat up the forge run `./setup.sh`. +You can use the `forge.sh` to **setup**, **heat-up** and **cool-down** the forge. + +| Command | Description | +| ---------------------- | -------------------------------------------- | +| `./forge.sh setup` | Setup the forge for the first time or update | +| `./forge.sh heat-up` | Start the forge | +| `./forge.sh cool-down` | Stop the forge | diff --git a/forge.sh b/forge.sh new file mode 100755 index 0000000..102b7e2 --- /dev/null +++ b/forge.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Functions +function setup { + echo -e "${YELLOW}Heating up the forge for the first time..${ENDCOLOR}" + podman play kube forge-pod.yml --build --replace && podman logs --color -f ublue-os_forge-setup.ublue.local + echo -e "${GREEN}Done. Happy forging!${ENDCOLOR}" +} + +function up { + echo -e "${YELLOW}Heating up the forge..${ENDCOLOR}" + podman pod start ublue-os_forge + echo -e "${GREEN}Done. Happy forging!${ENDCOLOR}" +} + +function down { + echo -e "${YELLOW}Cooling down the forge..${ENDCOLOR}" + podman pod stop ublue-os_forge --ignore + echo -e "${GREEN}Done. Have a nice day${ENDCOLOR}" +} + +# Bash colors +RED="\e[31m" +YELLOW="\e[33m" +GREEN="\e[32m" +ENDCOLOR="\e[0m" + +# Main +case "$1" in + setup) + setup + ;; + heat-up) + up + ;; + cool-down) + down + ;; + *) + echo "Invalid argument: please provide 'heat-up', 'cool-down', or 'setup'" + ;; +esac diff --git a/setup.sh b/setup.sh deleted file mode 100755 index 1308f9b..0000000 --- a/setup.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -# Setup Universal Blue Forge -podman play kube forge-pod.yml --build --replace && podman logs --color -f ublue-os_forge-setup.ublue.local From 882340fa5c5d4c7b6623e10b963ce2476ae28679 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Thu, 4 May 2023 18:53:08 +0000 Subject: [PATCH 05/11] fix: make sure container get's stopped once job is done --- forge-pod.yml | 7 ++++++- setup/Containerfile | 6 +----- setup/ansible/startup.sh | 7 ------- 3 files changed, 7 insertions(+), 13 deletions(-) delete mode 100644 setup/ansible/startup.sh diff --git a/forge-pod.yml b/forge-pod.yml index b97f31f..628c1be 100644 --- a/forge-pod.yml +++ b/forge-pod.yml @@ -5,7 +5,7 @@ kind: Pod metadata: name: ublue-os_forge spec: - restartPolicy: Always + restartPolicy: OnFailure volumes: - name: ublue-os_forge-certs-pvc persistentVolumeClaim: @@ -74,6 +74,11 @@ spec: subPath: ssh name: ublue-os_forge-certs-pvc readOnly: true + workingDir: /ansible + command: + - ansible-playbook + args: + - main.yml resources: limits: memory: 512Mi diff --git a/setup/Containerfile b/setup/Containerfile index a8f759e..f3844d0 100644 --- a/setup/Containerfile +++ b/setup/Containerfile @@ -1,11 +1,7 @@ # Source Image FROM docker.io/library/python:alpine3.17 -# Install ansible setup project +# Install ansible and dependencies WORKDIR /ansible COPY ./ansible . RUN pip3 install -r ./requirements.txt -RUN chmod +x ./startup.sh - -# Container start command -CMD ["/ansible/startup.sh"] diff --git a/setup/ansible/startup.sh b/setup/ansible/startup.sh deleted file mode 100644 index c64be9f..0000000 --- a/setup/ansible/startup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Run setup only once -if [ ! -f /ansible/.startup-done ]; then - ansible-playbook main.yml - touch /ansible/.startup-done -fi From 0822715a25084ad1ae01682c65ea95e487f61307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Thu, 4 May 2023 18:56:06 +0000 Subject: [PATCH 06/11] style: new line at end of file --- minica/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/minica/Containerfile b/minica/Containerfile index 228cc03..9f03863 100644 --- a/minica/Containerfile +++ b/minica/Containerfile @@ -10,4 +10,4 @@ RUN chmod +x ./certificates.sh RUN go install github.com/jsha/minica@latest # Container start command -CMD ["/certs/certificates.sh"] \ No newline at end of file +CMD ["/certs/certificates.sh"] From abffb756d6423ee2fce0015abd825d116360f882 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Fri, 5 May 2023 21:23:16 +0000 Subject: [PATCH 07/11] feat: configure host system (#12) --- forge-pod.yml | 13 ++++++++++++- setup/Containerfile | 3 +++ setup/ansible/ansible.cfg | 2 ++ setup/ansible/main.yml | 28 +++++++++++++++++++++++++++- 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/forge-pod.yml b/forge-pod.yml index 628c1be..c3d5755 100644 --- a/forge-pod.yml +++ b/forge-pod.yml @@ -71,9 +71,20 @@ spec: image: setup volumeMounts: - mountPath: /certs - subPath: ssh name: ublue-os_forge-certs-pvc readOnly: true + env: + - name: ANSIBLE_FORGE_HOST_USER + valueFrom: + secretKeyRef: + name: ublue-os_forge-secure + key: ANSIBLE_FORGE_HOST_USER + + - name: ANSIBLE_FORGE_HOST_BECOME_PASSWORD + valueFrom: + secretKeyRef: + name: ublue-os_forge-secure + key: ANSIBLE_FORGE_HOST_BECOME_PASSWORD workingDir: /ansible command: - ansible-playbook diff --git a/setup/Containerfile b/setup/Containerfile index f3844d0..8c8af2d 100644 --- a/setup/Containerfile +++ b/setup/Containerfile @@ -1,6 +1,9 @@ # Source Image FROM docker.io/library/python:alpine3.17 +# Install SSH +RUN apk add openssh + # Install ansible and dependencies WORKDIR /ansible COPY ./ansible . diff --git a/setup/ansible/ansible.cfg b/setup/ansible/ansible.cfg index af089fc..dc4d238 100644 --- a/setup/ansible/ansible.cfg +++ b/setup/ansible/ansible.cfg @@ -7,6 +7,8 @@ roles_path = ./roles collections_paths = ./collections # Localtion for plugins & modules library = ./library +# SSH +private_key_file = /certs/ssh/ublue-os_forge-id_ed25519 # Console log settings display_skipped_hosts = false # Use the stdout_callback when running ad-hoc commands. diff --git a/setup/ansible/main.yml b/setup/ansible/main.yml index cdcfa6a..3888b1e 100644 --- a/setup/ansible/main.yml +++ b/setup/ansible/main.yml @@ -20,6 +20,8 @@ groups: - forge ansible_host: "{{ container_host_ip }}" + ansible_user: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_USER') }}" + ansible_become_password: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_BECOME_PASSWORD') }}" - name: Add Ansible Semaphore to inventory ansible.builtin.add_host: @@ -30,7 +32,31 @@ ansible_connection: local ansible_python_interpreter: "{{ ansible_playbook_python }}" -## TODO: Add play to configure host system +- name: Configure host system + hosts: forge + gather_facts: true + tasks: + - name: Add ublue.local entries to /etc/hosts + ansible.builtin.lineinfile: + path: /etc/hosts + search_string: 127.0.0.1 registry.ublue.local forge.ublue.local + line: 127.0.0.1 registry.ublue.local forge.ublue.local + state: present + become: true + + - name: Add ublue.local TSL root certificate to trust anchors + ansible.builtin.copy: + src: /certs/tls/ublue-os_forge-root.pem + dest: /etc/pki/ca-trust/source/anchors/ublue-os_forge-root.pem + force: true + mode: "0644" + become: true + + - name: Update ca-trust store + ansible.builtin.command: + cmd: update-ca-trust + changed_when: false + become: true - name: Configure Ansible Semaphore hosts: semaphore From ec03273f8f8422e867d35b8221da30881c1108d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Fri, 5 May 2023 21:23:58 +0000 Subject: [PATCH 08/11] feat: enhance setup and management (#14) --- forge.sh | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 4 deletions(-) diff --git a/forge.sh b/forge.sh index 102b7e2..1559590 100755 --- a/forge.sh +++ b/forge.sh @@ -2,23 +2,74 @@ # Functions function setup { - echo -e "${YELLOW}Heating up the forge for the first time..${ENDCOLOR}" - podman play kube forge-pod.yml --build --replace && podman logs --color -f ublue-os_forge-setup.ublue.local + echo -e "${YELLOW}Creating secret configuration...${ENDCOLOR}" + create_secrets + echo "" + echo -e "${YELLOW}Heating up forge for the first time...${ENDCOLOR}" + podman play kube forge-pod.yml --configmap forge-pod-ConfigMap.yml --build --replace & PID_BUILD=$! + wait ${PID_BUILD} + echo -e "${YELLOW}Configuring Host system...${ENDCOLOR}" + configure_host & PID_CONFIG=$! + wait ${PID_CONFIG} + echo "" + echo -e "${YELLOW}Configuring forge...${ENDCOLOR}" + podman logs --color -f ublue-os_forge-setup.ublue.local + echo "" + echo -e "${YELLOW}Cleaning up secrets...${ENDCOLOR}" + delete_secrets + show_info echo -e "${GREEN}Done. Happy forging!${ENDCOLOR}" } function up { - echo -e "${YELLOW}Heating up the forge..${ENDCOLOR}" + echo -e "${YELLOW}Heating up forge...${ENDCOLOR}" podman pod start ublue-os_forge echo -e "${GREEN}Done. Happy forging!${ENDCOLOR}" } function down { - echo -e "${YELLOW}Cooling down the forge..${ENDCOLOR}" + echo -e "${YELLOW}Cooling down forge...${ENDCOLOR}" podman pod stop ublue-os_forge --ignore echo -e "${GREEN}Done. Have a nice day${ENDCOLOR}" } +function configure_host { + if [ ! -f ~/.config/.ublue-os_forge-host-setup-done ]; + then + echo "adding ssh public key to ~/.ssh/authorized_keys" + VOLUME_DIR="$(podman volume inspect ublue-os_forge-certs | jq -r '.[0].Mountpoint')" + SSH_PUBLIC_KEY_FILE="${VOLUME_DIR}/ssh/ublue-os_forge-id_ed25519.pub" + SSH_PUBLIC_KEY="$(cat ${SSH_PUBLIC_KEY_FILE})" + echo "#uBlue forge ssh key" >> ~/.ssh/authorized_keys + echo "$SSH_PUBLIC_KEY" >> ~/.ssh/authorized_keys + touch ~/.config/.ublue-os_forge-host-setup-done + else + echo "Host system already configured. Nothing to do..." + fi +} + +function create_secrets { + # Get user input + echo -e "${YELLOW}Gathering user input${ENDCOLOR}" + read -s -p "Enter sudo password for user $USER: " ANSIBLE_FORGE_HOST_BECOME_PASSWORD + cat </dev/null + { + "ANSIBLE_FORGE_HOST_USER": "$USER", + "ANSIBLE_FORGE_HOST_BECOME_PASSWORD": "${ANSIBLE_FORGE_HOST_BECOME_PASSWORD}" + } +EOF +} + +function delete_secrets { + podman secret rm ublue-os_forge-secure +} + +function show_info { + VOLUME_DIR="$(podman volume inspect ublue-os_forge-certs | jq -r '.[0].Mountpoint')" + echo -e "${GREEN}Forge is available at: https://forge.ublue.local${ENDCOLOR}" + echo -e "${GREEN}Make sure to install the root certificate from ${VOLUME_DIR}/tls/ublue-os_forge-root.pem${ENDCOLOR}" +} + # Bash colors RED="\e[31m" YELLOW="\e[33m" From b075bbe18e66a31568dd7ec6a9ceea4c4856aa9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Fri, 5 May 2023 21:24:28 +0000 Subject: [PATCH 09/11] chore(devcontainer): update spell-check dictionary --- .vscode/cspell_custom.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.vscode/cspell_custom.txt b/.vscode/cspell_custom.txt index c72b051..813a40c 100644 --- a/.vscode/cspell_custom.txt +++ b/.vscode/cspell_custom.txt @@ -1,11 +1,15 @@ +configmap devcontainer devcontainers ENDCOLOR ensurepath getent gitmessage +hostvars keygen +lineinfile minica +Mountpoint pipx rvproxy ublue From 7501e1d7aa2bae3c80b47c5ecf93dc147bc4db0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Sat, 6 May 2023 16:36:24 +0000 Subject: [PATCH 10/11] fix: ConfigMap is obsolete sneaking in some additional info and spell-checking --- forge.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/forge.sh b/forge.sh index 1559590..644de50 100755 --- a/forge.sh +++ b/forge.sh @@ -6,9 +6,9 @@ function setup { create_secrets echo "" echo -e "${YELLOW}Heating up forge for the first time...${ENDCOLOR}" - podman play kube forge-pod.yml --configmap forge-pod-ConfigMap.yml --build --replace & PID_BUILD=$! + podman play kube forge-pod.yml --build --replace & PID_BUILD=$! wait ${PID_BUILD} - echo -e "${YELLOW}Configuring Host system...${ENDCOLOR}" + echo -e "${YELLOW}Configuring host system...${ENDCOLOR}" configure_host & PID_CONFIG=$! wait ${PID_CONFIG} echo "" @@ -42,6 +42,7 @@ function configure_host { SSH_PUBLIC_KEY="$(cat ${SSH_PUBLIC_KEY_FILE})" echo "#uBlue forge ssh key" >> ~/.ssh/authorized_keys echo "$SSH_PUBLIC_KEY" >> ~/.ssh/authorized_keys + cp -f ${VOLUME_DIR}/tls/ublue-os_forge-root.pem ~/Downloads touch ~/.config/.ublue-os_forge-host-setup-done else echo "Host system already configured. Nothing to do..." @@ -67,7 +68,8 @@ function delete_secrets { function show_info { VOLUME_DIR="$(podman volume inspect ublue-os_forge-certs | jq -r '.[0].Mountpoint')" echo -e "${GREEN}Forge is available at: https://forge.ublue.local${ENDCOLOR}" - echo -e "${GREEN}Make sure to install the root certificate from ${VOLUME_DIR}/tls/ublue-os_forge-root.pem${ENDCOLOR}" + echo -e "${GREEN}To trust the certificate in your Browser of choice, make sure to import the root certificate from:${ENDCOLOR}" + echo -e "${GREEN}$HOME/Downloads/tls/ublue-os_forge-root.pem${ENDCOLOR}" } # Bash colors From 402fefe0e42b2a6c189017a3bf27ba94529c9873 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20L=C3=BCscher?= Date: Sat, 6 May 2023 17:03:12 +0000 Subject: [PATCH 11/11] feat: check installation pre-requisites (#14) --- forge.sh | 46 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/forge.sh b/forge.sh index 644de50..0e4f9a0 100755 --- a/forge.sh +++ b/forge.sh @@ -2,16 +2,16 @@ # Functions function setup { + echo -e "${YELLOW}Checking pre-requisites...${ENDCOLOR}" + check_prerequisites echo -e "${YELLOW}Creating secret configuration...${ENDCOLOR}" create_secrets - echo "" echo -e "${YELLOW}Heating up forge for the first time...${ENDCOLOR}" podman play kube forge-pod.yml --build --replace & PID_BUILD=$! wait ${PID_BUILD} echo -e "${YELLOW}Configuring host system...${ENDCOLOR}" configure_host & PID_CONFIG=$! wait ${PID_CONFIG} - echo "" echo -e "${YELLOW}Configuring forge...${ENDCOLOR}" podman logs --color -f ublue-os_forge-setup.ublue.local echo "" @@ -44,8 +44,10 @@ function configure_host { echo "$SSH_PUBLIC_KEY" >> ~/.ssh/authorized_keys cp -f ${VOLUME_DIR}/tls/ublue-os_forge-root.pem ~/Downloads touch ~/.config/.ublue-os_forge-host-setup-done + echo "" else echo "Host system already configured. Nothing to do..." + echo "" fi } @@ -59,17 +61,55 @@ function create_secrets { "ANSIBLE_FORGE_HOST_BECOME_PASSWORD": "${ANSIBLE_FORGE_HOST_BECOME_PASSWORD}" } EOF + echo "" } function delete_secrets { podman secret rm ublue-os_forge-secure } +function check_prerequisites { + echo -e "${YELLOW}Checking sshd service${ENDCOLOR}" + SSH_SERVICE_STATUS="$(systemctl is-active sshd)" + if [ "${SSH_SERVICE_STATUS}" = "inactive" ]; + then + echo -e "${RED}It looks like your sshd service is not running.${ENDCOLOR}" + echo -e "${RED}Make sure to configure and start it first.${ENDCOLOR}" + exit 1 + else + echo -e "${GREEN}sshd service is ${SSH_SERVICE_STATUS}${ENDCOLOR}" + echo "" + fi + echo -e "${YELLOW}Checking podman installation${ENDCOLOR}" + PODMAN_PATH=$(which podman 2>/dev/null || echo 'FALSE') + if [ "$PODMAN_PATH" == "FALSE" ]; + then + echo -e "${RED}It looks like podman is not installed.${ENDCOLOR}" + echo -e "${RED}Make sure to install it first.${ENDCOLOR}" + exit 1 + else + echo -e "${GREEN}podman is installed${SSH_SERVICE_STATUS}${ENDCOLOR}" + echo "" + fi + echo -e "${YELLOW}Checking jq installation${ENDCOLOR}" + JQ_PATH=$(which jq 2>/dev/null || echo 'FALSE') + if [ "$JQ_PATH" == "FALSE" ]; + then + echo -e "${RED}It looks like jq is not installed.${ENDCOLOR}" + echo -e "${RED}Make sure to install it first.${ENDCOLOR}" + exit 1 + else + echo -e "${GREEN}jq is installed${SSH_SERVICE_STATUS}${ENDCOLOR}" + echo "" + fi +} + function show_info { VOLUME_DIR="$(podman volume inspect ublue-os_forge-certs | jq -r '.[0].Mountpoint')" - echo -e "${GREEN}Forge is available at: https://forge.ublue.local${ENDCOLOR}" + echo -e "${GREEN}uBlue forge is available at: https://forge.ublue.local${ENDCOLOR}" echo -e "${GREEN}To trust the certificate in your Browser of choice, make sure to import the root certificate from:${ENDCOLOR}" echo -e "${GREEN}$HOME/Downloads/tls/ublue-os_forge-root.pem${ENDCOLOR}" + echo "" } # Bash colors