check access to ilab

Signed-off-by: greg pereira <[email protected]>

.github/workflows/training-e2e.yaml

@@ -15,9 +15,9 @@ on:
 
 env:
   TF_VAR_aws_region: "eu-west-2"
-  TF_VAR_aws_ami_owners: '["125523088429"]'
-  TF_VAR_aws_ami_name: '["Fedora-Cloud-Base-*"]'
-  TF_VAR_aws_volume_size: 128
+  TF_VAR_aws_ami_owners: '["309956199498"]'
+  TF_VAR_aws_ami_name: '["*RHEL-9.4*"]'
+  TF_VAR_aws_volume_size: 500
   TF_VAR_aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
   TF_VAR_aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
@@ -74,6 +74,7 @@ jobs:
         run: |
           echo "id=$(terraform output id | xargs)" >> $GITHUB_OUTPUT
           echo "url=$(terraform output host | xargs)" >> $GITHUB_OUTPUT
+          echo "ssh_public_key=$(terraform output ssh_public_key | xargs)" >> $GITHUB_OUTPUT
           echo "pem_filename=$(terraform output pem_filename | xargs)" >> $GITHUB_OUTPUT
         working-directory: terraform-test-environment-module
 
@@ -83,16 +84,23 @@ jobs:
 
       - name: Provision
         run: |
+          ssh_public_key=$(printf '%s\n' "${{ steps.terraform-output.outputs.ssh_public_key }}" | sed -e 's/[\/&]/\\&/g')
           ansible-playbook ./main/training/provision/playbook.yml \
+            -vvv \
             -i terraform-test-environment-module/hosts.ini \
             --private-key=terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \
-            --extra-vars "image_name=${{ matrix.image_name }}" 
+            --extra-vars "image_name=${{ matrix.image_name }}" \
+            --extra-vars "ssh_public_key=$ssh_public_key" \
+            --extra-vars "registry_user=${{ secrets.REGISTRY_USER }}" \
+            --extra-vars "registry_password=${{ secrets.REGISTRY_PASSWORD }}"
         env:
           ANSIBLE_HOST_KEY_CHECKING: false
 
-      - name: log some networking information
+      - name: run the e2e tests
         run: |
-          ifconfig
+          ssh -i terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \
+          ${{ steps.terraform-output.outputs.url }} \
+          curl -sLO /tmp https://raw.githubusercontent.com/stefwalter/instructlab/container-testing/scripts/basic-workflow-tests.sh
 
       - name: Destroy Test Environment
         id: down

training/Makefile

@@ -90,5 +90,6 @@ prune:
 	buildah rm --all
 	podman image prune -f
 
+.PHONY: clean
 clean:
 	rm -rf build

training/provision/playbook.yml

@@ -1,7 +1,7 @@
 ---
 - name: Test Environment Provisioning
   hosts: test_environments
-  remote_user: fedora
+  remote_user: ec2-user
   become: true
   gather_facts: false
 
@@ -20,24 +20,74 @@
       name: podman
       state: present
 
-  - name: Bootc install
-    ignore_unreachable: true
-    containers.podman.podman_container:
-      name: "{{ image_name }}"
-      image: "quay.io/ai-lab/{{ image_name }}:latest"
-      state: started
-      auto_remove: yes
-      cap_add:
-        - sys_admin
-      security_opt:
-        - "label=type:unconfined_t"
-      volumes:
-        - "/:/target"
-        - "/var/lib/containers:/var/lib/containers"
-      privileged: yes
-      pid_mode: host
-      command: "bootc install to-filesystem --karg=console=ttyS0,115200n8 --replace=alongside /target"
-
-  - name: Restart instance
-    ansible.builtin.reboot:
-      test_command: pwd
+  - name: Get size of root filesystem
+    ansible.builtin.shell:
+      cmd: |
+        df -h /var/tmp/
+        podman system info
+
+  - name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json
+    containers.podman.podman_login:
+      username: "{{ registry_user }}"
+      password: "{{ registry_password }}"
+      registry: quay.io
+
+  # - name: Building an image with ssh key
+  #   ignore_unreachable: true
+  #   containers.podman.podman_container:
+  #     name: localhost/temp_image
+  #     image: "quay.io/ai-lab/{{ image_name }}:latest"
+  #     command:
+  #     - mkdir /usr/etc-system
+  #     - test -n "{{ ssh_public_key }}"
+  #     - echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf
+  #     - echo "{{ ssh_public_key }}"" > /usr/etc-system/ec2-user.keys && chmod 0600 /usr/etc-system/ec2-user.keys
+  #     state: present
+  #     recreate: true
+
+  - name: Download the dockerfile for SSH wrapper container
+    ansible.builtin.get_url:
+      url: "https://gist.githubusercontent.com/Gregory-Pereira/235943787f8fd1586852debe11725fc4/raw/c0aa0a09e55def3b3f42e8130e328b0170a22141/Containerfile"
+      dest: "/tmp/Containerfile" 
+
+  - name: Sed SSH key into Containerfile
+    ansible.builtin.command:
+      cmd: | 
+        sed -i 's|REPLACE_ME|{{ ssh_public_key }}|g' /tmp/Containerfile && \
+        sed -i 's|BASE_IMAGE|{{ image_name }}|g' /tmp/Containerfile && \
+        cat /tmp/Containerfile && \
+        whoami
+    environment:
+      ssh_public_key: "{{ ssh_public_key }}"
+
+  - name: Building an image with ssh key
+    ansible.builtin.command:
+      cmd: |
+        podman build -t localhost/temp_image:latest -f /tmp/Containerfile
+
+  # - name: check podman images for sanity
+  #   ansible.builtin.command:
+  #     cmd: |
+  #       podman images 
+
+  # - name: Bootc install
+  #   ignore_unreachable: true
+  #   containers.podman.podman_container:
+  #     name: "{{ image_name }}"
+  #     image: localhost/temp_image:latest
+  #     state: started
+  #     auto_remove: yes
+  #     cap_add:
+  #       - sys_admin
+  #     security_opt:
+  #       - "label=type:unconfined_t"
+  #     volumes:
+  #       - "/:/target"
+  #       - "/var/lib/containers:/var/lib/containers"
+  #     privileged: yes
+  #     pid_mode: host
+  #     command: "bootc install to-filesystem --karg=console=ttyS0,115200n8 --replace=alongside /target"
+
+  # - name: Restart instance
+  #   ansible.builtin.reboot:
+  #     test_command: which ilab