Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update provision.sh to start the server with auth #557

Merged
merged 10 commits into from
Oct 24, 2022
Merged

Update provision.sh to start the server with auth #557

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
47c6d7c
Update provision.sh to start the server with auth
Skarlso Oct 13, 2022
5ea12a0
Merging a user provided config file with the existing one
Skarlso Oct 14, 2022
422f7c5
Apply suggestions from code review
Skarlso Oct 14, 2022
bcaa4e4
Added an associative array approach to merging user config with exist…
Skarlso Oct 14, 2022
f751ffc
Merge branch 'main' into add_auth_server_option
Skarlso Oct 17, 2022
2ad35ec
Merge branch 'main' into add_auth_server_option
Skarlso Oct 19, 2022
00dadb3
Apply suggestions from code review
Skarlso Oct 21, 2022
8146221
Merge branch 'main' into add_auth_server_option
Skarlso Oct 21, 2022
daf8ee5
Added check for lines to contain ":".
Skarlso Oct 24, 2022
8cef6f3
Update hack/scripts/provision.sh
Skarlso Oct 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 67 additions & 33 deletions hack/scripts/provision.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,14 +198,15 @@ set_arch() {
local arch=$(uname -m)

case $arch in
x86_64|amd64)
ARCH=amd64
;;
aarch64|arm64)
ARCH=arm64
;;
*)
die "Unknown arch or arch not supported: $arch."
x86_64 | amd64)
ARCH=amd64
;;
aarch64 | arm64)
ARCH=arm64
;;
*)
die "Unknown arch or arch not supported: $arch."
;;
esac
}

Expand Down Expand Up @@ -303,6 +304,7 @@ do_all_flintlock() {
local parent_iface="$3"
local bridge_name="$4"
local insecure="$5"
local config_file="$6"

install_flintlockd "$version"

Expand All @@ -312,7 +314,7 @@ do_all_flintlock() {
if [[ -z "$address" ]]; then
address=$(lookup_address "$parent_iface")
fi
write_flintlockd_config "$address" "$parent_iface" "$bridge_name" "$insecure"
write_flintlockd_config "$address" "$parent_iface" "$bridge_name" "$insecure" "$config_file"

start_flintlockd_service
say "Flintlockd running at $address:9090 via interface $parent_iface"
Expand Down Expand Up @@ -343,29 +345,49 @@ write_flintlockd_config() {
local parent_iface="$2"
local bridge_name="$3"
local insecure="$4"
local config_file="$5"

mkdir -p "$(dirname "$FLINTLOCKD_CONFIG_PATH")"

say "Writing flintlockd config to $FLINTLOCKD_CONFIG_PATH."

cat <<EOF >"$FLINTLOCKD_CONFIG_PATH"
---
containerd-socket: "$CONTAINERD_STATE_DIR/containerd.sock"
grpc-endpoint: "$address:9090"
verbosity: 9
insecure: $insecure
EOF
declare -A settings
settings["containerd-socket"]="$CONTAINERD_STATE_DIR/containerd.sock"
settings["grpc-endpoint"]="$address:9090"
settings["verbosity"]="9"
settings["insecure"]="$insecure"

if [[ -n "$bridge_name" ]]; then
cat <<EOF >>"$FLINTLOCKD_CONFIG_PATH"
bridge-name: "$bridge_name"
EOF
settings["bridge-name"]="$bridge_name"
else
cat <<EOF >>"$FLINTLOCKD_CONFIG_PATH"
parent-iface: "$parent_iface"
EOF
settings["parent-iface"]="$parent_iface"
fi

if [[ -n "$config_file" ]]; then
say "Merging provided flintlockd config file with auto-generated options"
while IFS= read -r line; do
if [[ $line != *":"* ]]; then
continue
fi
key=$(echo "$line" | awk 'BEGIN { FS = ":" } ; { print $1 }')
value=$(echo "$line" | awk 'BEGIN { FS = ":" } ; { print $2 }' | tr -d ' ')
settings[$key]="$value"
done <"$config_file"
fi

local content=''
for key in ${!settings[@]}; do
# note that there is a line-break in this string
# that is important to keep the settings file valid.
content+="${key}: ${settings[${key}]}
"
done

cat <<EOF >"$FLINTLOCKD_CONFIG_PATH"
---
$content
EOF

say "Flintlockd config saved"
}

Expand Down Expand Up @@ -721,6 +743,7 @@ cmd_all() {
local fc_version="$FIRECRACKER_VERSION"
local fl_version="$FLINTLOCK_VERSION"
local ctrd_version="$CONTAINERD_VERSION"
local flintlock_config_file=""

while [ $# -gt 0 ]; do
case "$1" in
Expand Down Expand Up @@ -760,6 +783,10 @@ cmd_all() {
"--dev")
DEVELOPMENT=true
;;
"-f" | "--flintlock-config-file")
shift
flintlock_config_file="$1"
;;
*)
die "Unknown argument: $1. Please use --help for help."
;;
Expand Down Expand Up @@ -794,7 +821,7 @@ cmd_all() {

install_firecracker "$fc_version"
do_all_containerd "$ctrd_version" "$set_thinpool"
do_all_flintlock "$fl_version" "$fl_address" "$fl_iface" "$bridge_name" "$insecure"
do_all_flintlock "$fl_version" "$fl_address" "$fl_iface" "$bridge_name" "$insecure" "$flintlock_config_file"

say "$(date -u +'%F %H:%M:%S %Z'): Host $(hostname) provisioned"
}
Expand Down Expand Up @@ -875,6 +902,7 @@ cmd_flintlock() {
local parent_iface=""
local bridge_name=""
local insecure=false
local config_file=""

while [ $# -gt 0 ]; do
case "$1" in
Expand All @@ -901,6 +929,10 @@ cmd_flintlock() {
"-k" | "--insecure")
insecure=true
;;
"-f" | "--config-file")
shift
config_file="$1"
;;
"--dev")
DEVELOPMENT=true
;;
Expand All @@ -913,7 +945,7 @@ cmd_flintlock() {

set_arch
prepare_dirs
do_all_flintlock "$version" "$address" "$parent_iface" "$bridge_name" "$insecure"
do_all_flintlock "$version" "$address" "$parent_iface" "$bridge_name" "$insecure" "$config_file"
}

cmd_direct_lvm() {
Expand Down Expand Up @@ -999,15 +1031,16 @@ cmd_all_help() {
can be configured by setting the FLINTLOCK, CONTAINERD and FIRECRACKER
environment variables.
OPTIONS:
-y Autoapprove all prompts (danger)
--skip-apt, -s Skip installation of apt packages
--thinpool, -t Name of thinpool to create (default: flintlock or flintlock-dev)
--disk, -d Name blank unpartioned disk to use for direct lvm thinpool (ignored if --dev set)
--grpc-address, -a Address on which to start the Flintlock GRPC server (default: local ipv4 address)
--parent-iface, -i Interface of the default route of the host
--bridge, -b Bridge to use instead of an interface (will override --parent-iface)
--insecure, -k Start flintlockd without basic auth or certs
--dev Set up development environment. Loop thinpools will be created.
-y Autoapprove all prompts (danger)
--skip-apt, -s Skip installation of apt packages
--thinpool, -t Name of thinpool to create (default: flintlock or flintlock-dev)
--disk, -d Name blank unpartioned disk to use for direct lvm thinpool (ignored if --dev set)
--grpc-address, -a Address on which to start the Flintlock GRPC server (default: local ipv4 address)
--parent-iface, -i Interface of the default route of the host
--bridge, -b Bridge to use instead of an interface (will override --parent-iface)
--insecure, -k Start flintlockd without basic auth or certs
--dev Set up development environment. Loop thinpools will be created.
--flintlock-config-file, -f Path to a valid flintlockd configuration file with overriding config

EOF
}
Expand Down Expand Up @@ -1042,6 +1075,7 @@ cmd_flintlock_help() {
--bridge, -b Bridge to use instead of an interface (will override --parent-iface)
--insecure, -k Start flintlockd without basic auth or certs
--dev Assumes containerd has been provisioned in a dev environment
--config-file, -f Path to a valid flintlockd configuration file with overriding config

EOF
}
Expand Down