commit

2025-09-02 19:32:12 +02:00
parent 65b9e46942
commit d20982affb
3 changed files with 116 additions and 90 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/argocd/repo.yaml
+++ b/argocd/repo.yaml
@@ -1,17 +1,31 @@
-apiVersion: v1
+#apiVersion: v1
-kind: Secret
+#kind: Secret
-metadata:
+#metadata:
-  name: build-node-undercloud-infrastructure
+#  name: build-node-undercloud-infrastructure
-  namespace: argocd
+#  namespace: argocd
-  labels:
+#  labels:
-    argocd.argoproj.io/secret-type: repository
+#    argocd.argoproj.io/secret-type: repository
-type: Opaque
+#type: Opaque
-stringData:
+#stringData:
-  # URL de ton dépôt Git
+#  # URL de ton dépôt Git
-  url: https://git.undercloud.local/Undercloud/undercloud-infrastructure.git
+#  url: https://git.undercloud.local/Undercloud/undercloud-infrastructure.git
-  # Mets "true" si HTTP clair ou certificat non fiable
+#  # Mets "true" si HTTP clair ou certificat non fiable
-  insecure: "true"
+#  insecure: "true"
---
+#---
 #apiVersion: v1
 #kind: Secret
 #metadata:
 #  name: build-node-k8s-apps
 #  namespace: argocd
 #  labels:
 #    argocd.argoproj.io/secret-type: repository
 #type: Opaque
 #stringData:
 #  # URL de ton dépôt Git
 #  url: https://git.undercloud.local/Undercloud/k8s-apps.git
 #  # Mets "true" si HTTP clair ou certificat non fiable
 #  insecure: "true"
 #---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -21,7 +35,8 @@ metadata:
    argocd.argoproj.io/secret-type: repository
 type: Opaque
 stringData:
-  # URL de ton dépôt Git
+  url: http://gitea.gitea.svc.k8s.undercloud.local:3000
-  url: https://git.undercloud.local/Undercloud/k8s-apps.git
+  username: shodan
-  # Mets "true" si HTTP clair ou certificat non fiable
+  password: NElzVGhlTWluZEtpbGxlcg==
-  insecure: "true"
+  insecure: "true"      # skip TLS verification / allow HTTP
  enableLfs: "true"     # Git LFS support
--- a/gitea/gitea.yaml
+++ b/gitea/gitea.yaml
@@ -115,86 +115,97 @@ metadata:
 data:
  startup.sh: |
    #!/bin/sh
    set -eu
    echo "startup..."
-    if [ ! -f /data/startup.ran ]; then
+    if test ! -f "/data/startup.ran"; then
-      echo "waiting for gitea API..."
+      echo "waiting 60s for startup..."
-      for i in $(seq 1 60); do
+      sleep 60s
        if curl -sSf http://localhost:3000/api/v1/version >/dev/null 2>&1; then
          break
        fi
        sleep 2
      done
      echo "writing pw to files"
-      printf '%s' "${SHODAN_PW:-}" > /data/shodan.pw
+      echo $SHODAN_PW > /data/shodan.pw
-      printf '%s' "${ARGOCD_PW:-}" > /data/argocd.pw
+      echo $ARGOCD_PW > /data/argocd.pw
-      printf '%s' "${GITEA_PW:-}"  > /data/gitea.pw
+      echo $GITEA_PW > /data/gitea.pw
      echo "creating users..."
-      su git -c 'SHODAN_PW=$(cat /data/shodan.pw); gitea admin user create --username shodan --admin --password "$SHODAN_PW" --email thrawn235@gmail.com || true'
+      echo $ARGOCD_PW
-      su git -c 'ARGOCD_PW=$(cat /data/argocd.pw); gitea admin user create --username argocd --password "$ARGOCD_PW" --email argocd@undercloud.local --must-change-password=false || true'
+      su git -c 'echo $ARGOCD_PW' 
-      su git -c 'GITEA_PW=$(cat /data/gitea.pw); gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password "$GITEA_PW" --attributes-in-bind --firstname-attribute cn --surname-attribute sn || true'
+      su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com'
      su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.local --must-change-password=false'
      su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn'
      sleep 30s
      echo "wget tea..."
      wget http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/tea
      #echo "wget ctea..."
      #wget https://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/ctea
      chmod +x tea
      #chmod +x ctea
      #echo "using tea to create login..."
      #./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW
      #./tea login default localhost:3000
      echo "creating Undercloud organisation"
      sleep 30s
      #./tea organization create Undercloud
      #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg Undercloud
      curl -s -u "shodan:$SHODAN_PW" \
        -H 'Content-Type: application/json' \
        -X POST http://localhost:3000/api/v1/orgs \
        -d '{"username":"Undercloud","full_name":"Undercloud"}'
      sleep 5s
      echo "creating undercloud team"
      #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud
      #sleep 5s
      #echo "add argocd to undercloud team"
      #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd
      sleep 5s
      # create team "Undercloud" in org "undercloud"
      curl -s -u "shodan:$SHODAN_PW" -H 'Content-Type: application/json' \
        -X POST http://localhost:3000/api/v1/orgs/undercloud/teams \
        -d '{"name":"Undercloud","permission":"write","includes_all_repositories":false,
             "units":["repo.code","repo.issues","repo.pulls","repo.releases","repo.wiki","repo.projects"]}'
-      API="http://localhost:3000/api/v1"
+      # get team id without jq
-      AUTH_USER="shodan"
+      TEAM_ID=$(
-      AUTH_PASS="$(cat /data/shodan.pw)"
+        curl -s -u "shodan:$SHODAN_PW" \
-      AUTH="-u ${AUTH_USER}:${AUTH_PASS}"
+          "http://localhost:3000/api/v1/orgs/undercloud/teams/search?q=Undercloud&limit=1" |
        sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p'
      )
-      echo "create organization undercloud"
+      # add user argocd to that team
-      curl -sS $AUTH -H 'Content-Type: application/json' \
+      curl -s -u "shodan:$SHODAN_PW" -X PUT \
-        -X POST "$API/orgs" \
+        "http://localhost:3000/api/v1/teams/${TEAM_ID}/members/argocd"
        -d '{"username":"undercloud","full_name":"undercloud"}' || true
      echo "create team undercloud"
      curl -sS $AUTH -H 'Content-Type: application/json' \
        -X POST "$API/orgs/undercloud/teams" \
        -d '{"name":"undercloud","permission":"write","includes_all_repositories":false}' || true
      echo "fetch team id"
      TEAM_ID="$(curl -sS $AUTH "$API/orgs/undercloud/teams" \
        | sed 's/},{/}\n{/g' | grep '"name":"undercloud"' \
        | sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p' | head -n1)"
      if [ -z "${TEAM_ID:-}" ]; then
        echo "failed to determine TEAM_ID"; exit 1
      fi
      echo "TEAM_ID=$TEAM_ID"
      echo "add argocd to undercloud team"
      curl -sS $AUTH -X PUT "$API/teams/$TEAM_ID/members/argocd" >/dev/null || true
-      echo "ensure repo undercloud/k8aux-apps exists"
+      echo "cloning k8s-apps"
-      curl -sS $AUTH -H 'Content-Type: application/json' \
+      #execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8s-apps.git
-        -X POST "$API/orgs/undercloud/repos" \
+      execline-cd /data git clone "http://shodan:${SHODAN_PW}@git.undercloud.local:3000/Undercloud/k8s-apps.git"
        -d '{"name":"k8aux-apps","private":false,"auto_init":false}' || true
-      echo "grant team access to repo"
+      execline-cd /data/k8s-apps rm -Rf .git
-      curl -sS $AUTH -X PUT "$API/teams/$TEAM_ID/repos/undercloud/k8aux-apps" >/dev/null || true
+      execline-cd /data/k8s-apps git init
      execline-cd /data/k8s-apps git config --global user.email "thrawn235@gmail.com"
      execline-cd /data/k8s-apps git config --global user.name "shodan"
      execline-cd /data/k8s-apps git add .
      execline-cd /data/k8s-apps git commit -m "upload"
      echo "push k8s-apps to localhost"
      execline-cd /data/k8s-apps git push http://shodan:$SHODAN_PW@localhost:3000/Undercloud/k8s-apps.git --all
      echo "delete local copy..."
      #execline-cd /data rm -Rf k8s-apps
      echo "create PushMirror.."
      #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8s-apps "http://git.undercloud.local:3000/Undercloud/k8s-apps.git" shodan $SHODAN_PW 1h0m0s
      # Add push mirror to Undercloud/k8s-apps
      curl -sS -u "shodan:${SHODAN_PW}" \
        -H 'Content-Type: application/json' \
        -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors \
        -d '{"remote_address":"http://git.undercloud.local:3000/Undercloud/k8s-apps.git","remote_username":"shodan","remote_password":"'"$SHODAN_PW"'","interval":"1h0m0s","sync_on_commit":false}'
-      echo "cloning k8aux-apps"
+      # optional: trigger immediate sync of all push mirrors for this repo
-      execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8aux-apps.git
+       curl -sS -u "shodan:${SHODAN_PW}" -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors-sync
      execline-cd /data/k8aux-apps rm -Rf .git
      execline-cd /data/k8aux-apps git init
      execline-cd /data/k8aux-apps git config --global user.email "thrawn235@gmail.com"
      execline-cd /data/k8aux-apps git config --global user.name "shodan"
      execline-cd /data/k8aux-apps git add .
      execline-cd /data/k8aux-apps git commit -m "upload"
      echo "push k8aux-apps to localhost"
      execline-cd /data/k8aux-apps git push "http://shodan:${AUTH_PASS}@localhost:3000/undercloud/k8aux-apps.git" --all
      echo "create push mirrors"
      for DST in \
        "http://git.undercloud.local:3000/undercloud/k8aux-apps.git"
      do
        curl -sS $AUTH -H 'Content-Type: application/json' \
          -X POST "$API/repos/undercloud/k8aux-apps/push_mirrors" \
          -d "{\"remote_address\":\"${DST}\",\"remote_username\":\"shodan\",\"remote_password\":\"${AUTH_PASS}\",\"interval\":\"1h0m0s\",\"sync_on_commit\":false}" \
          || true
      done
      echo "create startup.ran file..."
      touch /data/startup.ran
@@ -202,7 +213,7 @@ data:
      echo "startup ran already!"
    fi
    echo "startup done."
-
+    #exit 123
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -250,11 +261,11 @@ spec:
        ports:
        - containerPort: 3000
        - containerPort: 22
-        #lifecycle:
+        lifecycle:
-        #    postStart:
+            postStart:
-        #      exec:
+              exec:
-        #        command:
+                command:
-        #          - "/bin/startup.sh"
+                  - "/bin/startup.sh"
        env:
        - name: USER_UID
          value: "1000"