From 39bd652099d91a1f548cc90fb25af77f4fe43892 Mon Sep 17 00:00:00 2001 From: Tracey Jaquith Date: Fri, 23 Feb 2024 16:18:52 -0800 Subject: [PATCH] robK fix for /opt/nomad/data/alloc; one-shot remote-able intaller; GH Pages publish w/ picked theme --- README.md | 4 ++-- _config.yml | 1 + bin/install-hind.sh | 49 +++++++++++++++++++++++++++------------------ 3 files changed, 32 insertions(+), 22 deletions(-) create mode 100644 _config.yml diff --git a/README.md b/README.md index abeccd7..ff968a5 100644 --- a/README.md +++ b/README.md @@ -31,12 +31,12 @@ This will "bootstrap" your cluster with a private, unique `NOMAD_TOKEN`, and `podman run` a new container with the hind service into the background. ```bash -./install-hind.sh # xxx +curl -sS https://internetarchive.github.io/hind/bin/install-hind.sh | sudo sh ``` ## Minimal requirements: - VM you can `ssh` into -- VM with `podman` and `zsh` packages +- VM with [podman](https://podman.io/docs/installation) package - if using a firewall (like `ferm`, etc.) make sure the following ports are open from the VM to the world: - 443 - https - 80 - http (load balancer will auto-upgrade/redir to https) diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..1885487 --- /dev/null +++ b/_config.yml @@ -0,0 +1 @@ +theme: jekyll-theme-midnight \ No newline at end of file diff --git a/bin/install-hind.sh b/bin/install-hind.sh index 38b99d9..ca16453 100755 --- a/bin/install-hind.sh +++ b/bin/install-hind.sh @@ -1,38 +1,47 @@ -#!/bin/zsh -eu +#!/bin/sh -eu # sets up HinD, passing on any extra CLI optional arguments xxx -export FIRST= #xxx -export TOK_C= #xxx -export TOK_N= #xxx +export HOST_UNAME=$(uname) +export FQDN=$(hostname -f) +export FIRST=; #xxx +export TOK_C=; #xxx +export TOK_N=; #xxx ( set -x - sudo mkdir -p -m777 /pv/CERTS # xxx - sudo podman run --net=host --privileged --cgroupns=host \ + mkdir -p -m777 /pv/CERTS # xxx + mkdir -p -m777 /opt/nomad/data/alloc # xxx + podman run --net=host --privileged --cgroupns=host \ -v /var/lib/containers:/var/lib/containers \ - -e FQDN=$(hostname -f) -e HOST_UNAME=$(uname) -e FIRST -e TOK_C -e TOK_N \ + -e FQDN -e HOST_UNAME -e FIRST -e TOK_C -e TOK_N \ -v /pv/CERTS:/pv/CERTS \ --rm --name hind --pull=always "$@" ghcr.io/internetarchive/hind:podman - # xxx :main + # xxx :main -- also change GH Pages to build from main branch when merge podman => main ) # now run the new docker image in the background -typeset -a ARGS -HOST_UNAME=$(uname) +# NOTE: the *SECOND LINE* is what differs here -- the other lines need to stay the same/matched if [ "$HOST_UNAME" = Darwin ]; then - ARGS+=(-p 6000:4646 -p 8000:80 -p 4000:443 -v /sys/fs/cgroup:/sys/fs/cgroup:rw) + ( + set -x + podman run --privileged --cgroupns=host \ + -p 6000:4646 -p 8000:80 -p 4000:443 -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ + -v /var/lib/containers:/var/lib/containers \ + -v /opt/nomad/data/alloc:/opt/nomad/data/alloc \ + --restart=unless-stopped --name hindup -v /pv/CERTS:/root/.local/share/caddy -d hind >/dev/null + ) else - ARGS+=(--net=host) + ( + set -x + podman run --privileged --cgroupns=host \ + --net=host \ + -v /var/lib/containers:/var/lib/containers \ + -v /opt/nomad/data/alloc:/opt/nomad/data/alloc \ + --restart=unless-stopped --name hindup -v /pv/CERTS:/root/.local/share/caddy -d hind >/dev/null + ) fi -( - set -x - sudo podman run $ARGS --privileged --cgroupns=host \ - -v /var/lib/containers:/var/lib/containers \ - --restart=unless-stopped --name hindup -v /pv/CERTS:/root/.local/share/caddy -d hind >/dev/null -) - if [ ! $FIRST ]; then echo ' Congratulations! @@ -44,7 +53,7 @@ if [ ! $FIRST ]; then (inside or outside the running container or from a home machine -- anywhere you have downloaded a `nomad` binary): ' - sudo podman run --rm hind 'cat $CONFIG' + podman run --rm hind sh -c 'cat $CONFIG' else echo '