Skip to content

Commit

Permalink
check access to ilab
Browse files Browse the repository at this point in the history
Signed-off-by: greg pereira <[email protected]>
  • Loading branch information
Gregory-Pereira committed May 3, 2024
1 parent c48a5df commit f2402f8
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 40 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/training-e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -84,13 +84,12 @@ jobs:

- name: Provision
run: |
ssh_public_key=$(printf '%s\n' "${{ steps.terraform-output.outputs.ssh_public_key }}" | sed -e 's/[\/&]/\\&/g')
ansible-playbook ./main/training/provision/playbook.yml \
-vvv \
-i terraform-test-environment-module/hosts.ini \
--private-key=terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \
--extra-vars "image_name=${{ matrix.image_name }}" \
--extra-vars "ssh_public_key=$ssh_public_key" \
--extra-vars "ssh_public_key='${{ steps.terraform-output.outputs.ssh_public_key }}'" \
--extra-vars "registry_user=${{ secrets.REGISTRY_USER }}" \
--extra-vars "registry_password=${{ secrets.REGISTRY_PASSWORD }}"
env:
Expand Down
78 changes: 40 additions & 38 deletions training/provision/playbook.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,55 +15,57 @@
- name: Gather facts for first time
ansible.builtin.setup:

- name: Check Podman Present
ansible.builtin.package:
name: podman
- name: Required packages
ansible.builtin.dnf:
name:
- podman
- https://s3.eu-west-2.amazonaws.com/amazon-ssm-eu-west-2/latest/linux_amd64/amazon-ssm-agent.rpm
state: present
disable_gpg_check: true

- name: Get size of root filesystem
ansible.builtin.shell:
cmd: |
df -h /var/tmp/
podman system info
- name: Temp Image Containerfile
ansible.builtin.template:
src: ./templates/Containerfile.j2
dest: /tmp/Containerfile

- name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json
- name: Login to default registry
containers.podman.podman_login:
username: "{{ registry_user }}"
password: "{{ registry_password }}"
registry: quay.io
authfile: /etc/containers/auth.json

# - name: Building an image with ssh key
# ignore_unreachable: true
# containers.podman.podman_container:
# name: localhost/temp_image
# image: "quay.io/ai-lab/{{ image_name }}:latest"
# command:
# - mkdir /usr/etc-system
# - test -n "{{ ssh_public_key }}"
# - echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf
# - echo "{{ ssh_public_key }}"" > /usr/etc-system/ec2-user.keys && chmod 0600 /usr/etc-system/ec2-user.keys
# state: present
# recreate: true
- name: Pull the parent image
ignore_unreachable: true
register: pull_result
containers.podman.podman_image:
name: "quay.io/ai-lab/{{ image_name }}:latest"
pull: true
auth_file: /etc/containers/auth.json
arch: amd64
state: present

- name: Download the dockerfile for SSH wrapper container
ansible.builtin.get_url:
url: "https://gist.githubusercontent.com/Gregory-Pereira/235943787f8fd1586852debe11725fc4/raw/c0aa0a09e55def3b3f42e8130e328b0170a22141/Containerfile"
dest: "/tmp/Containerfile"
- name: Pause for 3 minutes
ansible.builtin.pause:
minutes: 3

- name: Sed SSH key into Containerfile
ansible.builtin.command:
cmd: |
sed -i 's|REPLACE_ME|{{ ssh_public_key }}|g' /tmp/Containerfile && \
sed -i 's|BASE_IMAGE|{{ image_name }}|g' /tmp/Containerfile && \
cat /tmp/Containerfile && \
whoami
environment:
ssh_public_key: "{{ ssh_public_key }}"
- name: Build Temp image
containers.podman.podman_image:
name: "quay.io/ai-lab/{{ image_name }}:latest"
build:
target: temp_image
file: /tmp/Containerfile
state: build
auth_file: /etc/containers/auth.json

- name: Building an image with ssh key
ansible.builtin.command:
cmd: |
podman build -t localhost/temp_image:latest -f /tmp/Containerfile
- name: Pause for 5 minutes
ansible.builtin.pause:
minutes: 5

# - name: Building an image with ssh key
# ansible.builtin.command:
# cmd: |
# podman build -t localhost/temp_image:latest -f /tmp/Containerfile

# - name: check podman images for sanity
# ansible.builtin.command:
Expand Down
9 changes: 9 additions & 0 deletions training/provision/templates/Containerfile.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM quay.io/ai-lab/{{ image_name }}:latest

USER root

RUN mkdir /usr/etc-system && \
chown -R root:root /usr/etc-system && \
echo 'AuthorizedKeysFile /usr/etc-system/root.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \
echo {{ ssh_public_key }} > /usr/etc-system/root.keys && \
chmod 0600 /usr/etc-system/root.keys

0 comments on commit f2402f8

Please sign in to comment.