diff --git a/.DS_Store b/.DS_Store index 50270e9..7c42a50 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/argocd/repo.yaml b/argocd/repo.yaml index 25b53ce..5428bd8 100644 --- a/argocd/repo.yaml +++ b/argocd/repo.yaml @@ -1,17 +1,31 @@ -apiVersion: v1 -kind: Secret -metadata: - name: build-node-undercloud-infrastructure - namespace: argocd - labels: - argocd.argoproj.io/secret-type: repository -type: Opaque -stringData: - # URL de ton dépôt Git - url: https://git.undercloud.local/Undercloud/undercloud-infrastructure.git - # Mets "true" si HTTP clair ou certificat non fiable - insecure: "true" ---- +#apiVersion: v1 +#kind: Secret +#metadata: +# name: build-node-undercloud-infrastructure +# namespace: argocd +# labels: +# argocd.argoproj.io/secret-type: repository +#type: Opaque +#stringData: +# # URL de ton dépôt Git +# url: https://git.undercloud.local/Undercloud/undercloud-infrastructure.git +# # Mets "true" si HTTP clair ou certificat non fiable +# insecure: "true" +#--- +#apiVersion: v1 +#kind: Secret +#metadata: +# name: build-node-k8s-apps +# namespace: argocd +# labels: +# argocd.argoproj.io/secret-type: repository +#type: Opaque +#stringData: +# # URL de ton dépôt Git +# url: https://git.undercloud.local/Undercloud/k8s-apps.git +# # Mets "true" si HTTP clair ou certificat non fiable +# insecure: "true" +#--- apiVersion: v1 kind: Secret metadata: @@ -21,7 +35,8 @@ metadata: argocd.argoproj.io/secret-type: repository type: Opaque stringData: - # URL de ton dépôt Git - url: https://git.undercloud.local/Undercloud/k8s-apps.git - # Mets "true" si HTTP clair ou certificat non fiable - insecure: "true" \ No newline at end of file + url: http://gitea.gitea.svc.k8s.undercloud.local:3000 + username: shodan + password: NElzVGhlTWluZEtpbGxlcg== + insecure: "true" # skip TLS verification / allow HTTP + enableLfs: "true" # Git LFS support diff --git a/gitea/gitea.yaml b/gitea/gitea.yaml index db3221e..02d7137 100644 --- a/gitea/gitea.yaml +++ b/gitea/gitea.yaml @@ -115,86 +115,97 @@ metadata: data: startup.sh: | #!/bin/sh - set -eu - echo "startup..." - if [ ! -f /data/startup.ran ]; then - echo "waiting for gitea API..." - for i in $(seq 1 60); do - if curl -sSf http://localhost:3000/api/v1/version >/dev/null 2>&1; then - break - fi - sleep 2 - done - + if test ! -f "/data/startup.ran"; then + echo "waiting 60s for startup..." + sleep 60s echo "writing pw to files" - printf '%s' "${SHODAN_PW:-}" > /data/shodan.pw - printf '%s' "${ARGOCD_PW:-}" > /data/argocd.pw - printf '%s' "${GITEA_PW:-}" > /data/gitea.pw - + echo $SHODAN_PW > /data/shodan.pw + echo $ARGOCD_PW > /data/argocd.pw + echo $GITEA_PW > /data/gitea.pw echo "creating users..." - su git -c 'SHODAN_PW=$(cat /data/shodan.pw); gitea admin user create --username shodan --admin --password "$SHODAN_PW" --email thrawn235@gmail.com || true' - su git -c 'ARGOCD_PW=$(cat /data/argocd.pw); gitea admin user create --username argocd --password "$ARGOCD_PW" --email argocd@undercloud.local --must-change-password=false || true' - su git -c 'GITEA_PW=$(cat /data/gitea.pw); gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password "$GITEA_PW" --attributes-in-bind --firstname-attribute cn --surname-attribute sn || true' + echo $ARGOCD_PW + su git -c 'echo $ARGOCD_PW' + su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com' + su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.local --must-change-password=false' + su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn' + sleep 30s + echo "wget tea..." + wget http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/tea + #echo "wget ctea..." + #wget https://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/ctea + chmod +x tea + #chmod +x ctea + + #echo "using tea to create login..." + #./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW + #./tea login default localhost:3000 + + echo "creating Undercloud organisation" + sleep 30s + #./tea organization create Undercloud + #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg Undercloud + curl -s -u "shodan:$SHODAN_PW" \ + -H 'Content-Type: application/json' \ + -X POST http://localhost:3000/api/v1/orgs \ + -d '{"username":"Undercloud","full_name":"Undercloud"}' sleep 5s + + echo "creating undercloud team" + #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud + #sleep 5s + #echo "add argocd to undercloud team" + #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd + + sleep 5s + # create team "Undercloud" in org "undercloud" + curl -s -u "shodan:$SHODAN_PW" -H 'Content-Type: application/json' \ + -X POST http://localhost:3000/api/v1/orgs/undercloud/teams \ + -d '{"name":"Undercloud","permission":"write","includes_all_repositories":false, + "units":["repo.code","repo.issues","repo.pulls","repo.releases","repo.wiki","repo.projects"]}' - API="http://localhost:3000/api/v1" - AUTH_USER="shodan" - AUTH_PASS="$(cat /data/shodan.pw)" - AUTH="-u ${AUTH_USER}:${AUTH_PASS}" + # get team id without jq + TEAM_ID=$( + curl -s -u "shodan:$SHODAN_PW" \ + "http://localhost:3000/api/v1/orgs/undercloud/teams/search?q=Undercloud&limit=1" | + sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p' + ) - echo "create organization undercloud" - curl -sS $AUTH -H 'Content-Type: application/json' \ - -X POST "$API/orgs" \ - -d '{"username":"undercloud","full_name":"undercloud"}' || true + # add user argocd to that team + curl -s -u "shodan:$SHODAN_PW" -X PUT \ + "http://localhost:3000/api/v1/teams/${TEAM_ID}/members/argocd" - echo "create team undercloud" - curl -sS $AUTH -H 'Content-Type: application/json' \ - -X POST "$API/orgs/undercloud/teams" \ - -d '{"name":"undercloud","permission":"write","includes_all_repositories":false}' || true - echo "fetch team id" - TEAM_ID="$(curl -sS $AUTH "$API/orgs/undercloud/teams" \ - | sed 's/},{/}\n{/g' | grep '"name":"undercloud"' \ - | sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p' | head -n1)" - if [ -z "${TEAM_ID:-}" ]; then - echo "failed to determine TEAM_ID"; exit 1 - fi - echo "TEAM_ID=$TEAM_ID" - echo "add argocd to undercloud team" - curl -sS $AUTH -X PUT "$API/teams/$TEAM_ID/members/argocd" >/dev/null || true - echo "ensure repo undercloud/k8aux-apps exists" - curl -sS $AUTH -H 'Content-Type: application/json' \ - -X POST "$API/orgs/undercloud/repos" \ - -d '{"name":"k8aux-apps","private":false,"auto_init":false}' || true + echo "cloning k8s-apps" + #execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8s-apps.git + execline-cd /data git clone "http://shodan:${SHODAN_PW}@git.undercloud.local:3000/Undercloud/k8s-apps.git" - echo "grant team access to repo" - curl -sS $AUTH -X PUT "$API/teams/$TEAM_ID/repos/undercloud/k8aux-apps" >/dev/null || true + execline-cd /data/k8s-apps rm -Rf .git + execline-cd /data/k8s-apps git init + execline-cd /data/k8s-apps git config --global user.email "thrawn235@gmail.com" + execline-cd /data/k8s-apps git config --global user.name "shodan" + execline-cd /data/k8s-apps git add . + execline-cd /data/k8s-apps git commit -m "upload" + echo "push k8s-apps to localhost" + execline-cd /data/k8s-apps git push http://shodan:$SHODAN_PW@localhost:3000/Undercloud/k8s-apps.git --all + echo "delete local copy..." + #execline-cd /data rm -Rf k8s-apps + + echo "create PushMirror.." + #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8s-apps "http://git.undercloud.local:3000/Undercloud/k8s-apps.git" shodan $SHODAN_PW 1h0m0s + + # Add push mirror to Undercloud/k8s-apps + curl -sS -u "shodan:${SHODAN_PW}" \ + -H 'Content-Type: application/json' \ + -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors \ + -d '{"remote_address":"http://git.undercloud.local:3000/Undercloud/k8s-apps.git","remote_username":"shodan","remote_password":"'"$SHODAN_PW"'","interval":"1h0m0s","sync_on_commit":false}' - echo "cloning k8aux-apps" - execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8aux-apps.git - execline-cd /data/k8aux-apps rm -Rf .git - execline-cd /data/k8aux-apps git init - execline-cd /data/k8aux-apps git config --global user.email "thrawn235@gmail.com" - execline-cd /data/k8aux-apps git config --global user.name "shodan" - execline-cd /data/k8aux-apps git add . - execline-cd /data/k8aux-apps git commit -m "upload" + # optional: trigger immediate sync of all push mirrors for this repo + curl -sS -u "shodan:${SHODAN_PW}" -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors-sync - echo "push k8aux-apps to localhost" - execline-cd /data/k8aux-apps git push "http://shodan:${AUTH_PASS}@localhost:3000/undercloud/k8aux-apps.git" --all - - echo "create push mirrors" - for DST in \ - "http://git.undercloud.local:3000/undercloud/k8aux-apps.git" - do - curl -sS $AUTH -H 'Content-Type: application/json' \ - -X POST "$API/repos/undercloud/k8aux-apps/push_mirrors" \ - -d "{\"remote_address\":\"${DST}\",\"remote_username\":\"shodan\",\"remote_password\":\"${AUTH_PASS}\",\"interval\":\"1h0m0s\",\"sync_on_commit\":false}" \ - || true - done echo "create startup.ran file..." touch /data/startup.ran @@ -202,7 +213,7 @@ data: echo "startup ran already!" fi echo "startup done." - + #exit 123 --- apiVersion: v1 kind: PersistentVolumeClaim @@ -250,11 +261,11 @@ spec: ports: - containerPort: 3000 - containerPort: 22 - #lifecycle: - # postStart: - # exec: - # command: - # - "/bin/startup.sh" + lifecycle: + postStart: + exec: + command: + - "/bin/startup.sh" env: - name: USER_UID value: "1000"