containers · Gregory-Pereira · May 3, 2024 · May 2, 2024 · May 2, 2024 · May 2, 2024
@@ -15,9 +15,9 @@ on:
 
 env:
   TF_VAR_aws_region: "eu-west-2"
-  TF_VAR_aws_ami_owners: '["125523088429"]'
-  TF_VAR_aws_ami_name: '["Fedora-Cloud-Base-*"]'
-  TF_VAR_aws_volume_size: 128
+  TF_VAR_aws_ami_owners: '["309956199498"]'
+  TF_VAR_aws_ami_name: '["*RHEL-9.4*"]'
+  TF_VAR_aws_volume_size: 500
   TF_VAR_aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
   TF_VAR_aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
@@ -74,6 +74,7 @@ jobs:
         run: |
           echo "id=$(terraform output id | xargs)" >> $GITHUB_OUTPUT
           echo "url=$(terraform output host | xargs)" >> $GITHUB_OUTPUT
+          echo "ssh_public_key=$(terraform output ssh_public_key | xargs)" >> $GITHUB_OUTPUT
           echo "pem_filename=$(terraform output pem_filename | xargs)" >> $GITHUB_OUTPUT
         working-directory: terraform-test-environment-module
 
@@ -86,10 +87,19 @@ jobs:
           ansible-playbook ./main/training/provision/playbook.yml \
             -i terraform-test-environment-module/hosts.ini \
             --private-key=terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \
-            --extra-vars "image_name=${{ matrix.image_name }}" 
+            --extra-vars "image_name=${{ matrix.image_name }}" \
+            --extra-vars "ssh_public_key='${{ steps.terraform-output.outputs.ssh_public_key }}'" \
+            --extra-vars "registry_user=${{ secrets.REGISTRY_USER }}" \
+            --extra-vars "registry_password=${{ secrets.REGISTRY_PASSWORD }}"
         env:
           ANSIBLE_HOST_KEY_CHECKING: false
 
+      - name: run the e2e tests
+        run: |
+          ssh -i terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \
+          root@${{ steps.terraform-output.outputs.url }} \
+          curl -sLO /tmp https://raw.githubusercontent.com/stefwalter/instructlab/container-testing/scripts/basic-workflow-tests.sh
+
       - name: Destroy Test Environment
         id: down
         if: always()
@@ -99,14 +109,14 @@ jobs:
           TF_VAR_aws_instance_type: ${{ matrix.aws_image_type }}
           TF_VAR_aws_ami_architecture: ${{ matrix.aws_ami_architecture }}
 
-      - name: Publish Job Results to Slack
-        id: slack
-        if: always()
-        uses: slackapi/[email protected]
-        with:
-          payload: |
-            {
-              "text": "${{ github.workflow }} workflow status: ${{ job.status }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      # - name: Publish Job Results to Slack
+      #   id: slack
+      #   if: always()
+      #   uses: slackapi/[email protected]
+      #   with:
+      #     payload: |
+      #       {
+      #         "text": "${{ github.workflow }} workflow status: ${{ job.status }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+      #       }
+      #   env:
+      #     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -108,5 +108,6 @@ disk-intel:
 disk-nvidia:
 	make -C nvidia-bootc/ bootc-image-builder
 
+.PHONY: clean
 clean:
 	rm -rf build
@@ -1,7 +1,7 @@
 ---
 - name: Test Environment Provisioning
   hosts: test_environments
-  remote_user: fedora
+  remote_user: ec2-user
   become: true
   gather_facts: false
 
@@ -15,29 +15,42 @@
   - name: Gather facts for first time
     ansible.builtin.setup:
 
-  - name: Check Podman Present
-    ansible.builtin.package:
-      name: podman
+  - name: Required packages
+    ansible.builtin.dnf:
+      name:
+      - https://s3.eu-west-2.amazonaws.com/amazon-ssm-eu-west-2/latest/linux_amd64/amazon-ssm-agent.rpm
+      - podman
       state: present
+      disable_gpg_check: true
 
-  - name: Bootc install
-    ignore_unreachable: true
-    containers.podman.podman_container:
-      name: "{{ image_name }}"
-      image: "quay.io/ai-lab/{{ image_name }}:latest"
-      state: started
-      auto_remove: yes
-      cap_add:
-        - sys_admin
-      security_opt:
-        - "label=type:unconfined_t"
-      volumes:
-        - "/:/target"
-        - "/var/lib/containers:/var/lib/containers"
-      privileged: yes
-      pid_mode: host
-      command: "bootc install to-filesystem --karg=console=ttyS0,115200n8 --replace=alongside /target"
+  - name: Derived Image Containerfile
+    ansible.builtin.template:
+      src: ./templates/Containerfile.j2
+      dest: /tmp/Containerfile
+
+  - name: Login to default registry
+    containers.podman.podman_login:
+      username: "{{ registry_user }}"
+      password: "{{ registry_password }}"
+      registry: quay.io
+      authfile: /etc/containers/auth.json
+
+  - name: Build and Install the Bootc Image
+    async: 1000
+    poll: 0
+    register: build_result
+    ansible.builtin.shell: |
+      podman build -t derived_image:latest -f /tmp/Containerfile --authfile=/etc/containers/auth.json .
+      podman run --rm --privileged --pid=host --security-opt label=type:unconfined_t -v /:/target -v /var/lib/containers:/var/lib/containers derived_image:latest bootc install to-filesystem --karg=console=ttyS0,115200n8 --replace=alongside /target
+
+  - name: Check on Build and Install Bootc Image
+    async_status:
+      jid: "{{ build_result.ansible_job_id }}"
+    register: job_result
+    until: job_result.finished
+    retries: 100
+    delay: 10
 
   - name: Restart instance
     ansible.builtin.reboot:
-      test_command: pwd
+      test_command: which ilab
@@ -0,0 +1,9 @@
+FROM quay.io/ai-lab/{{ image_name }}:latest
+
+USER root
+
+RUN mkdir /usr/etc-system && \
+    chown -R root:root /usr/etc-system && \
+    echo 'AuthorizedKeysFile /usr/etc-system/root.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \
+    echo {{ ssh_public_key }} > /usr/etc-system/root.keys && \
+    chmod 0600 /usr/etc-system/root.keys