check access to ilab

Signed-off-by: greg pereira <[email protected]>

.github/workflows/training-e2e.yaml

@@ -17,7 +17,7 @@ env:
   TF_VAR_aws_region: "eu-west-2"
   TF_VAR_aws_ami_owners: '["309956199498"]'
   TF_VAR_aws_ami_name: '["*RHEL-9.4*"]'
-  TF_VAR_aws_volume_size: 500
+  TF_VAR_aws_volume_size: 200
   TF_VAR_aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
   TF_VAR_aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
@@ -86,7 +86,6 @@ jobs:
         run: |
           ssh_public_key=$(printf '%s\n' "${{ steps.terraform-output.outputs.ssh_public_key }}" | sed -e 's/[\/&]/\\&/g')
           ansible-playbook ./main/training/provision/playbook.yml \
-            -vvv \
             -i terraform-test-environment-module/hosts.ini \
             --private-key=terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \
             --extra-vars "image_name=${{ matrix.image_name }}" \

training/provision/playbook.yml

@@ -6,6 +6,10 @@
   gather_facts: false
 
   tasks:
+
+  - name:  ssh_public_key
+    debug:
+      var: ssh_public_key
 
   - name: Wait until the instance is ready
     ansible.builtin.wait_for_connection:
@@ -15,55 +19,37 @@
   - name: Gather facts for first time
     ansible.builtin.setup:
 
-  - name: Check Podman Present
+  - name: Podman Present
     ansible.builtin.package:
       name: podman
       state: present
 
-  - name: Get size of root filesystem
-    ansible.builtin.shell:
-      cmd: |
-        df -h /var/tmp/
-        podman system info
-
-  - name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json
+  - name: Login to default registry
     containers.podman.podman_login:
       username: "{{ registry_user }}"
       password: "{{ registry_password }}"
       registry: quay.io
 
-  # - name: Building an image with ssh key
-  #   ignore_unreachable: true
-  #   containers.podman.podman_container:
-  #     name: localhost/temp_image
-  #     image: "quay.io/ai-lab/{{ image_name }}:latest"
-  #     command:
-  #     - mkdir /usr/etc-system
-  #     - test -n "{{ ssh_public_key }}"
-  #     - echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf
-  #     - echo "{{ ssh_public_key }}"" > /usr/etc-system/ec2-user.keys && chmod 0600 /usr/etc-system/ec2-user.keys
-  #     state: present
-  #     recreate: true
+  - name: Temp Image Containerfile
+    ansible.builtin.template:
+      src: ./templates/Containerfile.j2
+      dest: /tmp/Containerfile
+    environment:
+      image_name: "{{ image_name }}"
+      ssh_public_key: "{{ ssh_public_key | split('\n') | join }}"
 
-  - name: Download the dockerfile for SSH wrapper container
-    ansible.builtin.get_url:
-      url: "https://gist.githubusercontent.com/Gregory-Pereira/235943787f8fd1586852debe11725fc4/raw/c0aa0a09e55def3b3f42e8130e328b0170a22141/Containerfile"
-      dest: "/tmp/Containerfile" 
+  - name:  Containerfile
+    debug:
+      msg: "{{ lookup('ansible.builtin.template', './templates/Containerfile.j2') }}"
 
-  - name: Sed SSH key into Containerfile
-    ansible.builtin.command:
-      cmd: | 
-        sed -i 's|REPLACE_ME|{{ ssh_public_key }}|g' /tmp/Containerfile && \
-        sed -i 's|BASE_IMAGE|{{ image_name }}|g' /tmp/Containerfile && \
-        cat /tmp/Containerfile && \
-        whoami
-    environment:
-      ssh_public_key: "{{ ssh_public_key }}"
+  - name:  ssh_public_key
+    debug:
+      var: ssh_public_key
 
-  - name: Building an image with ssh key
-    ansible.builtin.command:
-      cmd: |
-        podman build -t localhost/temp_image:latest -f /tmp/Containerfile
+  # - name: Building an image with ssh key
+  #   ansible.builtin.command:
+  #     cmd: |
+  #       podman build -t localhost/temp_image:latest -f /tmp/Containerfile
 
   # - name: check podman images for sanity
   #   ansible.builtin.command:

training/provision/templates/Containerfile.j2

@@ -0,0 +1,9 @@
+FROM quay.io/ai-lab/{{ image_name }}:latest
+
+USER root
+
+RUN mkdir /usr/etc-system && \
+    chown -R root:root /usr/etc-system && \
+    echo 'AuthorizedKeysFile /usr/etc-system/root.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \
+    echo {{ ssh_public_key }} > /usr/etc-system/root.keys && \
+    chmod 0600 /usr/etc-system/root.keys