-
Notifications
You must be signed in to change notification settings - Fork 1
/
setup
executable file
·67 lines (54 loc) · 2.74 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/env bash
set -e
PACKAGES="basesystem whois mkpasswd ncurses bash systemd openssh-server passwd sudo python3 yum dnf findutils iproute NetworkManager iputils bind-utils procps-ng openssh-clients nc at hostname acl xz zip info wget bzip2 file ed nano quota less which strace symlinks tcpdump time tree jq pinfo vim-enhanced words util-linux-user rhel-system-roles"
ENVFILE="$(dirname $(realpath $0))/setenv"
if [[ -f $ENVFILE ]]; then
. $ENVFILE
fi
if ! [ -x "$(command -v buildah)" ]; then
echo "buildah is not installed" >&2
exit 1
fi
if ! [ -x "$(command -v ssh-keygen)" ]; then
echo "ssh-keygen is not installed" >&2
exit 1
fi
if [[ ! -d $(realpath $SSH_PATH) ]]; then
mkdir -p $(realpath $SSH_PATH)
fi
KEY_PATH="$(realpath $SSH_PATH)/$SSH_KEY_NAME"
if [[ ! -f $KEY_PATH ]]; then
ssh-keygen -t $SSH_KEY_TYPE -f $KEY_PATH -C "ansible-lab key" -N ""
FORCE_REGENERATE=1 # If key has been created, we need to regenerate the container image
fi
if [[ -z $(podman network ls -f "name=$NETWORK" --format {{.ID}}) ]]; then
NET=`podman network create --label "$LABEL.version=$VERSION" $NETWORK`
fi
unset BUILDER
if [[ -n $(buildah ps --filter=name=$NAME-working-container --format {{.ContainerID}}) ]]; then
# Recover a building image
if [[ $(buildah inspect --format "{{index .OCIv1.Config.Labels \"$LABEL.version\"}}" $NAME-working-container) != $VERSION ]]; then
echo Builder version mismatch, please run \'buildah rm $NAME-working-container\'. >&2
exit 2
fi
BUILDER="$NAME-working-container"
elif [[ -z $(podman image list --filter label=$LABEL.version=$VERSION --filter "label=$LABEL.packages=$PACKAGES" --format {{.ID}}) ]]; then
BUILDER=$(buildah from --name "$NAME-working-container" "$BASE_IMAGE")
fi
if [[ -n $BUILDER ]]; then
buildah config --label "$LABEL.version=$VERSION" \
--label "$LABEL.packages=$PACKAGES" \
--label "$LABEL.base=$BASE_IMAGE" \
--label "org.label-schema.name=$DISTRONAME" \
--label "org.label-schema.vendor=$NAME" \
$BUILDER
buildah run $BUILDER -- dnf -y install $PACKAGES
buildah run $BUILDER -- sh -c "id -u ansible &>/dev/null || useradd ansible -rmG wheel"
buildah add --chown ansible:ansible --chmod 600 $BUILDER $KEY_PATH.pub /home/ansible/.ssh/authorized_keys
buildah run $BUILDER -- sh -c 'mkdir -p /etc/sudoers.d/ && echo -e "ansible ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible'
buildah run $BUILDER -- sh -c "useradd $STUDENT_USERNAME --groups wheel --password \`mkpasswd $STUDENT_PASSWORD\`"
buildah run $BUILDER -- sh -c "echo -e PermitRootLogin yes >> /etc/ssh/sshd_config"
buildah run $BUILDER -- sh -c "rm -rf /var/cache/dnf/"
buildah commit $BUILDER $IMAGE_NAME:$VERSION
buildah rm $BUILDER
fi