Cleanup, default discard container, move ssh config to .ssh, added he…

…lp to shutdown

Signed-off-by: Kowalski Dragon (kowalski7cc) <[email protected]>

.gitignore

@@ -224,6 +224,7 @@ cython_debug/
 # Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option)
 
 keys
-ssh
+.ssh/*
+!.ssh/config
 playbooks/**
 !playbooks/example.yml

ansible.cfg

@@ -1,7 +1,8 @@
 [defaults]
-private_key_file = ./ssh/ansible_ed25519
+private_key_file = ./.ssh/ansible_ed25519
 remote_user = ansible
 inventory = ./inventory
 host_key_checking = false
+
 [ssh_connection]
 ssh_executable = ./podssh

boot

@@ -4,25 +4,39 @@ set -e
 ENVFILE="$(dirname $(realpath $0))/setenv"
 if [[ -f $ENVFILE ]]; then
     . $ENVFILE
+else
+    echo "Environment file not found: $ENVFILE"
+    exit 1
 fi
 
-usage() { echo "$0 usage: $0 [-a] [-h] [GROUP]"; }
+usage() { echo "$0 usage: $0 [-a] [-p] [-h] [GROUP NAME]"; }
+usage_long() {
+    echo "  -a  attach to container"
+    echo "  -p  persist container"
+    echo "  -h  show this help"
+}
 
 #[ $# -eq 0 ] && usage && exit 0
 DETACH='-d'
+REMOVE='--rm'
 
-while getopts ':hav' OPTION; do
+while getopts ':hapv' OPTION; do
     case "$OPTION" in
         a)
             DETACH=''
         ;;
 
+        p)
+            REMOVE=''
+        ;;
+
         v)
             VERBOSE=1
         ;;
 
         h)
             usage
+            usage_long
             exit 0
         ;;
 
@@ -55,4 +69,4 @@ fi
 # TODO check if image is present before run
 
 LAST=$(podman ps -a --filter=label=$LABEL.group=$GROUP --format {{.Names}} | rev | cut --delimiter=- -f 1 | rev | sort -nr | head -n1)
-podman run --privileged $DETACH -ti --label "$LABEL.version=$VERSION" --label "$LABEL.group=$GROUP" --rm --name $NAME-$GROUP-$((LAST + 1)) --hostname $NAME-$GROUP-$((LAST + 1)) --network $NETWORK --tmpfs /tmp --tmpfs /run $IMAGE_NAME:$VERSION /sbin/init
+podman run --privileged $DETACH $REMOVE -ti --label "$LABEL.version=$VERSION" --label "$LABEL.group=$GROUP" --rm --name $NAME-$GROUP-$((LAST + 1)) --hostname $NAME-$GROUP-$((LAST + 1)) --network $NETWORK --tmpfs /tmp --tmpfs /run $IMAGE_NAME:$VERSION /sbin/init

inventory

@@ -12,6 +12,7 @@ DNS_SUFFIX = "dns.podman"
 
 USE_POD_IP = False
 
+
 def get_pods():
     pr = subprocess.run(
         [
@@ -70,13 +71,19 @@ def get_host(pod):
     i = inspect_pod(pod)[0]
     return json.dumps(
         {
-            **({"ansible_host": i["NetworkSettings"]["Networks"]
-            .get(NETWORK, {})
-            .get("IPAddress", None)} if USE_POD_IP else {}),
+            **(
+                {
+                    "ansible_host": i["NetworkSettings"]["Networks"]
+                    .get(NETWORK, {})
+                    .get("IPAddress", None)
+                }
+                if USE_POD_IP
+                else {}
+            ),
             # f'{i["Config"]["Hostname"]}.{DNS_SUFFIX}',
             **(lambda v: {"podlab_version": v} if v else {})(
                 i["Config"]["Labels"].get("org.podlab.version", None)
-            )
+            ),
         }
     )
 

podssh

@@ -1,16 +1,5 @@
 #!/usr/bin/env bash
-
-#podman unshare --rootless-cni ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $@ # -i keys/ansible_ed25519 -o User=ansible  $@
-#podman run --rm -it --network podlab podlab:1.0.1 ssh $@
-
+set -e
 . setenv
-
-# Start bastion pod
-# if [[ -z $(podman container list -a -f "name=$NAME-infra-bastion" --format {{.ID}}) ]]; then
-#     POD=`podman run -d --rm --label "$LABEL.infra=bastion" --network $NETWORK --name $NAME-infra-bastion -p 127.0.0.1:2222:22 $IMAGE_NAME:$VERSION sh -c "ssh-keygen -A; /usr/sbin/sshd -D"`
-# fi
-
-
-#ssh -F ssh_config $@
 [ $# -eq 0 ] && (ssh; exit $)
-podman unshare --rootless-cni ssh -F ssh_config $@
+podman unshare --rootless-cni ssh -F .ssh/config $@

setenv

@@ -1,18 +1,19 @@
 #!/usr/bin/env bash
 
+set -e
 
 NAME="podlab"
-VERSION="1.1.0"
+VERSION="1.2.0"
 LABEL="org.$NAME"
 IMAGE_NAME="$NAME"
 NETWORK="$NAME"
 DISTRONAME="podLAB pod image"
+# Other tested images: "fedora:38"
 BASE_IMAGE="quay.io/centos/centos:stream9"
-#BASE_IMAGE="fedora"
 
 SSH_KEY_NAME="ansible_ed25519"
 SSH_KEY_TYPE="ed25519"
-SSH_PATH="ssh"
+SSH_PATH=".ssh"
 
-STUDENT_USERNAME='redhat'
-STUDENT_PASSWORD='$6$CoPu5pQehb0vQnWN$39y.7JoLr5A1no/jvjAsRGrBrYUufd43JVZiCPe8cHkz3M.ebOarMl/kc2QV3.sA8z7.4UvMzyJwCXcx7NYfz0'
+STUDENT_USERNAME='student'
+STUDENT_PASSWORD='student'

setup

@@ -2,7 +2,7 @@
 
 set -e
 
-PACKAGES="basesystem bash systemd openssh-server passwd sudo python3 yum dnf findutils iproute NetworkManager iputils bind-utils procps-ng openssh-clients nc at hostname acl xz zip info wget bzip2 file ed nano quota less which strace symlinks tcpdump time tree jq  pinfo vim-enhanced words util-linux-user"
+PACKAGES="basesystem whois mkpasswd ncurses bash systemd openssh-server passwd sudo python3 yum dnf findutils iproute NetworkManager iputils bind-utils procps-ng openssh-clients nc at hostname acl xz zip info wget bzip2 file ed nano quota less which strace symlinks tcpdump time tree jq  pinfo vim-enhanced words util-linux-user rhel-system-roles"
 
 ENVFILE="$(dirname $(realpath $0))/setenv"
 if [[ -f $ENVFILE ]]; then
@@ -43,24 +43,25 @@ if [[ -n $(buildah ps --filter=name=$NAME-working-container --format {{.Containe
         exit 2
     fi
     BUILDER="$NAME-working-container"
-elif [[ -z $(podman image list --filter label=$LABEL.version=$VERSION --filter "label=$LABEL.packages=$PACKAGES" --format {{.ID}}) ]]; then
+    elif [[ -z $(podman image list --filter label=$LABEL.version=$VERSION --filter "label=$LABEL.packages=$PACKAGES" --format {{.ID}}) ]]; then
     BUILDER=$(buildah from --name "$NAME-working-container" "$BASE_IMAGE")
 fi
 
+
 if [[ -n $BUILDER ]]; then
     buildah config --label "$LABEL.version=$VERSION" \
-        --label "$LABEL.packages=$PACKAGES" \
-        --label "$LABEL.base=$BASE_IMAGE" \
-        --label "org.label-schema.name=$DISTRONAME" \
-        --label "org.label-schema.vendor=$NAME" \
-        $BUILDER
+    --label "$LABEL.packages=$PACKAGES" \
+    --label "$LABEL.base=$BASE_IMAGE" \
+    --label "org.label-schema.name=$DISTRONAME" \
+    --label "org.label-schema.vendor=$NAME" \
+    $BUILDER
     buildah run $BUILDER -- dnf -y install $PACKAGES
     buildah run $BUILDER -- sh -c "id -u ansible &>/dev/null || useradd ansible -rmG wheel"
     buildah add --chown ansible:ansible --chmod 600 $BUILDER $KEY_PATH.pub /home/ansible/.ssh/authorized_keys
     buildah run $BUILDER -- sh -c 'mkdir -p /etc/sudoers.d/ && echo -e "ansible ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible'
-    buildah run $BUILDER -- useradd $STUDENT_USERNAME --groups wheel --password $STUDENT_PASSWORD
-    #buildah run $BUILDER -- useradd console --groups wheel --password ""
+    buildah run $BUILDER -- sh -c "useradd $STUDENT_USERNAME --groups wheel --password \`mkpasswd $STUDENT_PASSWORD\`"
     buildah run $BUILDER -- sh -c "echo -e PermitRootLogin yes >> /etc/ssh/sshd_config"
+    buildah run $BUILDER -- sh -c "rm -rf /var/cache/dnf/"
     buildah commit $BUILDER $IMAGE_NAME:$VERSION
     buildah rm $BUILDER
 fi

shutdown

@@ -9,6 +9,14 @@ fi
 
 VERBOSE=false
 
+usage() { echo "$0 usage: $0 [-c] [-v] [-h] [GROUP NAME]"; }
+usage_long() {
+    echo "  -c  clean up everything, including images and networks"
+    echo "  -v  enable verbose output"
+    echo "  -h  show this help"
+}
+
+
 while getopts ':hcv' OPTION; do
     case "$OPTION" in
         c)
@@ -21,11 +29,13 @@ while getopts ':hcv' OPTION; do
 
         h)
             usage
+            usage_long
             exit 0
         ;;
 
         ?)
             usage
+            usage_long
             exit 1
         ;;
     esac
@@ -50,7 +60,7 @@ if [[ -n $CLEAN ]]; then
         podman network rm $NETWORK > /dev/null
         [[ $? -eq 0 ]] && $VERBOSE && echo OK
     fi
-
+    
     $VERBOSE && echo -n "Removing image... "
     podman image rm $(podman image list --filter label=$LABEL.version=$VERSION --format {{.ID}}) > /dev/null
     [[ $? -eq 0 ]] && $VERBOSE && echo OK