vagrant/terraform environment: trust the tinkerbell ca

rgl · rgl · commit 78c7f9477319 · 2021-11-18T07:36:50.000Z
Signed-off-by: Rui Lopes &lt;rgl@ruilopes.com&gt;
diff --git a/deploy/compose/tls/trust.sh b/deploy/compose/tls/trust.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -euxo pipefail
+
+TINKERBELL_HOST_IP="$1"
+
+if [ -d /vagrant/compose ]; then
+	cd /vagrant/compose
+fi
+
+# trust the tinkerbell CA.
+docker-compose exec -T registry cat /certs/onprem/ca-crt.pem >/usr/local/share/ca-certificates/tinkerbell.crt
+update-ca-certificates
+systemctl restart docker
+
+# login into the docker registry.
+docker login "$TINKERBELL_HOST_IP" --username admin --password-stdin <<<'Admin1234'
+if id -u vagrant >/dev/null 2>&1; then
+	su vagrant -c "docker login \"$TINKERBELL_HOST_IP\" --username admin --password-stdin" <<<'Admin1234'
+fi
+
+# ensure everything is up after docker restart.
+docker-compose up --detach
diff --git a/deploy/terraform/main.tf b/deploy/terraform/main.tf
@@ -102,7 +102,8 @@ resource "null_resource" "setup" {
   provisioner "remote-exec" {
     inline = [
       "cd /root && tar zxvf /root/compose.tar.gz -C /root/sandbox",
-      "cd /root/sandbox/compose && TINKERBELL_CLIENT_MAC=${metal_device.tink_worker.ports[1].mac} TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu-equinix-metal.yaml TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware-equinix-metal.json docker-compose up -d"
+      "cd /root/sandbox/compose && TINKERBELL_CLIENT_MAC=${metal_device.tink_worker.ports[1].mac} TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu-equinix-metal.yaml TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware-equinix-metal.json docker-compose up -d",
+      "cd /root/sandbox/compose && bash tls/trust.sh ${metal_device.tink_provisioner.network[0].address}",
     ]
   }
 }
diff --git a/deploy/vagrant/Vagrantfile b/deploy/vagrant/Vagrantfile
@@ -15,6 +15,26 @@ unless Vagrant.has_plugin?("vagrant-docker-compose")
   exit
 end
 
+def provision_provisioner(config, provider_name)
+  if provider_name == 'virtualbox'
+    manifest_suffix = ''
+  else
+    manifest_suffix = "-#{provider_name}"
+  end
+  config.vm.provision :docker_compose,
+    compose_version: "1.29.2",
+    yml: "/vagrant/compose/docker-compose.yml",
+    run: "always",
+    env: {
+      "TINKERBELL_HOST_IP": PROVISIONER_IP,
+      "TINKERBELL_CLIENT_IP": MACHINE1_IP,
+      "REPO_TOP_LEVEL": "/vagrant/compose",
+      "TINKERBELL_HARDWARE_MANIFEST": "/manifests/hardware/hardware#{manifest_suffix}.json",
+      "TINKERBELL_TEMPLATE_MANIFEST": "/manifests/template/ubuntu#{manifest_suffix}.yaml"
+    }
+  config.vm.provision "shell", name: "Trust the Tinkerbell CA", path: "../compose/tls/trust.sh", args: [PROVISIONER_IP]
+end
+
 Vagrant.configure("2") do |config|
   config.vm.provider :libvirt do |libvirt|
     libvirt.qemu_use_session = false
@@ -36,34 +56,14 @@ Vagrant.configure("2") do |config|
       v.memory = 2048
       v.cpus = 2
       override.vm.synced_folder '../', '/vagrant'
-      # vagrant plugin install vagrant-docker-compose
-      override.vm.provision :docker_compose,
-        compose_version: "1.29.1",
-        yml: "/vagrant/compose/docker-compose.yml",
-        run:"always",
-        env: {
-          "TINKERBELL_HOST_IP": PROVISIONER_IP,
-          "TINKERBELL_CLIENT_IP": MACHINE1_IP,
-          "REPO_TOP_LEVEL": "/vagrant/compose",
-          "TINKERBELL_HARDWARE_MANIFEST": "/manifests/hardware/hardware.json",
-          "TINKERBELL_TEMPLATE_MANIFEST": "/manifests/template/ubuntu.yaml"
-        }
+      provision_provisioner(override, 'virtualbox')
     end
 
     provisioner.vm.provider "libvirt" do |l, override|
-      override.vm.synced_folder '../', '/vagrant', type: "rsync"
-      # vagrant plugin install vagrant-docker-compose
-      override.vm.provision :docker_compose,
-        compose_version: "1.29.1",
-        yml: "/vagrant/compose/docker-compose.yml",
-        run:"always",
-        env: {
-          "TINKERBELL_HOST_IP": PROVISIONER_IP,
-          "TINKERBELL_CLIENT_IP": MACHINE1_IP,
-          "REPO_TOP_LEVEL": "/vagrant/compose",
-          "TINKERBELL_HARDWARE_MANIFEST": "/manifests/hardware/hardware-libvirt.json",
-          "TINKERBELL_TEMPLATE_MANIFEST": "/manifests/template/ubuntu-libvirt.yaml"
-        }
+      l.memory = 2048
+      l.cpus = 2
+      override.vm.synced_folder '../', '/vagrant', type: 'rsync'
+      provision_provisioner(override, 'libvirt')
     end
   end
 

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,8 @@ resource "null_resource" "setup" {`
`102`	`102`	`provisioner "remote-exec" {`
`103`	`103`	`inline = [`
`104`	`104`	`"cd /root && tar zxvf /root/compose.tar.gz -C /root/sandbox",`
`105`		`- "cd /root/sandbox/compose && TINKERBELL_CLIENT_MAC=${metal_device.tink_worker.ports[1].mac} TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu-equinix-metal.yaml TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware-equinix-metal.json docker-compose up -d"`
	`105`	`+ "cd /root/sandbox/compose && TINKERBELL_CLIENT_MAC=${metal_device.tink_worker.ports[1].mac} TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu-equinix-metal.yaml TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware-equinix-metal.json docker-compose up -d",`
	`106`	`+ "cd /root/sandbox/compose && bash tls/trust.sh ${metal_device.tink_provisioner.network[0].address}",`
`106`	`107`	`]`
`107`	`108`	`}`
`108`	`109`	`}`