From e77a6e80a4d70a0e45a742daebe457d8a03be429 Mon Sep 17 00:00:00 2001 From: greg pereira Date: Wed, 1 May 2024 20:48:16 -0700 Subject: [PATCH] check access to ilab Signed-off-by: greg pereira --- .github/workflows/training-e2e.yaml | 20 +++++-- training/Makefile | 1 + training/provision/playbook.yml | 93 ++++++++++++++++++++++------- 3 files changed, 86 insertions(+), 28 deletions(-) diff --git a/.github/workflows/training-e2e.yaml b/.github/workflows/training-e2e.yaml index 313072485..e69b5cc5a 100644 --- a/.github/workflows/training-e2e.yaml +++ b/.github/workflows/training-e2e.yaml @@ -15,9 +15,9 @@ on: env: TF_VAR_aws_region: "eu-west-2" - TF_VAR_aws_ami_owners: '["125523088429"]' - TF_VAR_aws_ami_name: '["Fedora-Cloud-Base-*"]' - TF_VAR_aws_volume_size: 128 + TF_VAR_aws_ami_owners: '["309956199498"]' + TF_VAR_aws_ami_name: '["*RHEL-9.4*"]' + TF_VAR_aws_volume_size: 500 TF_VAR_aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} TF_VAR_aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -74,6 +74,7 @@ jobs: run: | echo "id=$(terraform output id | xargs)" >> $GITHUB_OUTPUT echo "url=$(terraform output host | xargs)" >> $GITHUB_OUTPUT + echo "ssh_public_key=$(terraform output ssh_public_key | xargs)" >> $GITHUB_OUTPUT echo "pem_filename=$(terraform output pem_filename | xargs)" >> $GITHUB_OUTPUT working-directory: terraform-test-environment-module @@ -83,16 +84,23 @@ jobs: - name: Provision run: | + ssh_public_key=$(printf '%s\n' "${{ steps.terraform-output.outputs.ssh_public_key }}" | sed -e 's/[\/&]/\\&/g') ansible-playbook ./main/training/provision/playbook.yml \ + -vvv \ -i terraform-test-environment-module/hosts.ini \ --private-key=terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \ - --extra-vars "image_name=${{ matrix.image_name }}" + --extra-vars "image_name=${{ matrix.image_name }}" \ + --extra-vars "ssh_public_key=$ssh_public_key" \ + --extra-vars "registry_user=${{ secrets.REGISTRY_USER }}" \ + --extra-vars "registry_password=${{ secrets.REGISTRY_PASSWORD }}" env: ANSIBLE_HOST_KEY_CHECKING: false - - name: log some networking information + - name: run the e2e tests run: | - ifconfig + ssh -i terraform-test-environment-module/${{ steps.terraform-output.outputs.pem_filename }} \ + ${{ steps.terraform-output.outputs.url }} \ + curl -sLO /tmp https://raw.githubusercontent.com/stefwalter/instructlab/container-testing/scripts/basic-workflow-tests.sh - name: Destroy Test Environment id: down diff --git a/training/Makefile b/training/Makefile index ae4a7715f..12e1d4258 100644 --- a/training/Makefile +++ b/training/Makefile @@ -90,5 +90,6 @@ prune: buildah rm --all podman image prune -f +.PHONY: clean clean: rm -rf build diff --git a/training/provision/playbook.yml b/training/provision/playbook.yml index 566afc6df..112e8aaa3 100644 --- a/training/provision/playbook.yml +++ b/training/provision/playbook.yml @@ -1,7 +1,7 @@ --- - name: Test Environment Provisioning hosts: test_environments - remote_user: fedora + remote_user: ec2-user become: true gather_facts: false @@ -20,24 +20,73 @@ name: podman state: present - - name: Bootc install - ignore_unreachable: true - containers.podman.podman_container: - name: "{{ image_name }}" - image: "quay.io/ai-lab/{{ image_name }}:latest" - state: started - auto_remove: yes - cap_add: - - sys_admin - security_opt: - - "label=type:unconfined_t" - volumes: - - "/:/target" - - "/var/lib/containers:/var/lib/containers" - privileged: yes - pid_mode: host - command: "bootc install to-filesystem --karg=console=ttyS0,115200n8 --replace=alongside /target" - - - name: Restart instance - ansible.builtin.reboot: - test_command: pwd + - name: Get size of root filesystem + ansible.builtin.shell: + cmd: | + df -h /var/tmp/ + podman system info + + - name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json + containers.podman.podman_login: + username: "{{ registry_user }}" + password: "{{ registry_password }}" + registry: quay.io + + # - name: Building an image with ssh key + # ignore_unreachable: true + # containers.podman.podman_container: + # name: localhost/temp_image + # image: "quay.io/ai-lab/{{ image_name }}:latest" + # command: + # - mkdir /usr/etc-system + # - test -n "{{ ssh_public_key }}" + # - echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf + # - echo "{{ ssh_public_key }}"" > /usr/etc-system/ec2-user.keys && chmod 0600 /usr/etc-system/ec2-user.keys + # state: present + # recreate: true + + - name: Download the dockerfile for SSH wrapper container + ansible.builtin.get_url: + url: "https://gist.githubusercontent.com/Gregory-Pereira/235943787f8fd1586852debe11725fc4/raw/c0aa0a09e55def3b3f42e8130e328b0170a22141/Containerfile" + dest: "/tmp/Containerfile" + + - name: Sed SSH key into Containerfile + ansible.builtin.shell: | + sed -i 's|REPLACE_ME|"{{ ssh_public_key }}"|g' /tmp/Containerfile && \ + sed -i 's|BASE_IMAGE|{{ image_name }}|g' /tmp/Containerfile && \ + cat /tmp/Containerfile && \ + whoami + environment: + ssh_public_key: "{{ ssh_public_key }}" + + - name: Building an image with ssh key + ansible.builtin.command: + cmd: | + podman build -t localhost/temp_image:latest -f /tmp/Containerfile + + # - name: check podman images for sanity + # ansible.builtin.command: + # cmd: | + # podman images + + # - name: Bootc install + # ignore_unreachable: true + # containers.podman.podman_container: + # name: "{{ image_name }}" + # image: localhost/temp_image:latest + # state: started + # auto_remove: yes + # cap_add: + # - sys_admin + # security_opt: + # - "label=type:unconfined_t" + # volumes: + # - "/:/target" + # - "/var/lib/containers:/var/lib/containers" + # privileged: yes + # pid_mode: host + # command: "bootc install to-filesystem --karg=console=ttyS0,115200n8 --replace=alongside /target" + + # - name: Restart instance + # ansible.builtin.reboot: + # test_command: which ilab