From be8ff79de558770cef5c510b7cc83cec71efa57d Mon Sep 17 00:00:00 2001 From: greg pereira Date: Wed, 1 May 2024 20:48:16 -0700 Subject: [PATCH] check access to ilab Signed-off-by: greg pereira --- .github/workflows/training-e2e.yaml | 3 +- training/provision/playbook.yml | 60 +++++++------------ training/provision/templates/Containerfile.j2 | 9 +++ 3 files changed, 33 insertions(+), 39 deletions(-) create mode 100644 training/provision/templates/Containerfile.j2 diff --git a/.github/workflows/training-e2e.yaml b/.github/workflows/training-e2e.yaml index e69b5cc5a..c66663d55 100644 --- a/.github/workflows/training-e2e.yaml +++ b/.github/workflows/training-e2e.yaml @@ -17,7 +17,7 @@ env: TF_VAR_aws_region: "eu-west-2" TF_VAR_aws_ami_owners: '["309956199498"]' TF_VAR_aws_ami_name: '["*RHEL-9.4*"]' - TF_VAR_aws_volume_size: 500 + TF_VAR_aws_volume_size: 200 TF_VAR_aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} TF_VAR_aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -86,7 +86,6 @@ jobs: run: | ssh_public_key=$(printf '%s\n' "${{ steps.terraform-output.outputs.ssh_public_key }}" | sed -e 's/[\/&]/\\&/g') ansible-playbook ./main/training/provision/playbook.yml \ - -vvv \ -i terraform-test-environment-module/hosts.ini \ --private-key=terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \ --extra-vars "image_name=${{ matrix.image_name }}" \ diff --git a/training/provision/playbook.yml b/training/provision/playbook.yml index bd2ab9af1..32fcc37b2 100644 --- a/training/provision/playbook.yml +++ b/training/provision/playbook.yml @@ -6,6 +6,10 @@ gather_facts: false tasks: + + - name: ssh_public_key + debug: + var: ssh_public_key - name: Wait until the instance is ready ansible.builtin.wait_for_connection: @@ -15,55 +19,37 @@ - name: Gather facts for first time ansible.builtin.setup: - - name: Check Podman Present + - name: Podman Present ansible.builtin.package: name: podman state: present - - name: Get size of root filesystem - ansible.builtin.shell: - cmd: | - df -h /var/tmp/ - podman system info - - - name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json + - name: Login to default registry containers.podman.podman_login: username: "{{ registry_user }}" password: "{{ registry_password }}" registry: quay.io - # - name: Building an image with ssh key - # ignore_unreachable: true - # containers.podman.podman_container: - # name: localhost/temp_image - # image: "quay.io/ai-lab/{{ image_name }}:latest" - # command: - # - mkdir /usr/etc-system - # - test -n "{{ ssh_public_key }}" - # - echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf - # - echo "{{ ssh_public_key }}"" > /usr/etc-system/ec2-user.keys && chmod 0600 /usr/etc-system/ec2-user.keys - # state: present - # recreate: true + - name: Temp Image Containerfile + ansible.builtin.template: + src: ./templates/Containerfile.j2 + dest: /tmp/Containerfile + environment: + image_name: "{{ image_name }}" + ssh_public_key: "{{ ssh_public_key | split('\n') | join }}" - - name: Download the dockerfile for SSH wrapper container - ansible.builtin.get_url: - url: "https://gist.githubusercontent.com/Gregory-Pereira/235943787f8fd1586852debe11725fc4/raw/c0aa0a09e55def3b3f42e8130e328b0170a22141/Containerfile" - dest: "/tmp/Containerfile" + - name: Containerfile + debug: + msg: "{{ lookup('ansible.builtin.template', './templates/Containerfile.j2') }}" - - name: Sed SSH key into Containerfile - ansible.builtin.command: - cmd: | - sed -i 's|REPLACE_ME|{{ ssh_public_key }}|g' /tmp/Containerfile && \ - sed -i 's|BASE_IMAGE|{{ image_name }}|g' /tmp/Containerfile && \ - cat /tmp/Containerfile && \ - whoami - environment: - ssh_public_key: "{{ ssh_public_key }}" + - name: ssh_public_key + debug: + var: ssh_public_key - - name: Building an image with ssh key - ansible.builtin.command: - cmd: | - podman build -t localhost/temp_image:latest -f /tmp/Containerfile + # - name: Building an image with ssh key + # ansible.builtin.command: + # cmd: | + # podman build -t localhost/temp_image:latest -f /tmp/Containerfile # - name: check podman images for sanity # ansible.builtin.command: diff --git a/training/provision/templates/Containerfile.j2 b/training/provision/templates/Containerfile.j2 new file mode 100644 index 000000000..061a0b928 --- /dev/null +++ b/training/provision/templates/Containerfile.j2 @@ -0,0 +1,9 @@ +FROM quay.io/ai-lab/{{ image_name }}:latest + +USER root + +RUN mkdir /usr/etc-system && \ + chown -R root:root /usr/etc-system && \ + echo 'AuthorizedKeysFile /usr/etc-system/root.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \ + echo {{ ssh_public_key }} > /usr/etc-system/root.keys && \ + chmod 0600 /usr/etc-system/root.keys