diff --git a/.gitignore b/.gitignore index c61d096d..112b0a83 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,7 @@ # hidden files/dirs .* -!deploy/stack/compose/postgres/state/webroot/misc/osie/current/.keep -!deploy/stack/compose/postgres/state/webroot/workflow/.keep !deploy/infrastructure/vagrant/.env !deploy/stack/compose/.env -!deploy/stack/compose/postgres/.env !.gitignore !.github/ @@ -18,9 +15,6 @@ compose.tar.gz compose.zip -deploy/stack/compose/postgres/state/webroot/*.gz -deploy/stack/compose/postgres/state/webroot/misc/osie/current/* -deploy/stack/compose/postgres/state/webroot/workflow/* deploy/stack/compose/manifests/manifests.yaml deploy/stack/compose/state/* !deploy/stack/compose/state/.keep diff --git a/deploy/infrastructure/vagrant/.env b/deploy/infrastructure/vagrant/.env index 04011de9..fb12b0fc 100644 --- a/deploy/infrastructure/vagrant/.env +++ b/deploy/infrastructure/vagrant/.env @@ -4,9 +4,6 @@ LOADBALANCER_IP=192.168.56.5 MACHINE1_IP=192.168.56.43 MACHINE1_MAC=08:00:27:9e:f5:3a -#USE_POSTGRES=true -USE_POSTGRES= - # USE_HELM=true USE_HELM=true diff --git a/deploy/infrastructure/vagrant/Vagrantfile b/deploy/infrastructure/vagrant/Vagrantfile index 15008c9c..ed61b332 100644 --- a/deploy/infrastructure/vagrant/Vagrantfile +++ b/deploy/infrastructure/vagrant/Vagrantfile @@ -14,7 +14,6 @@ PROVISIONER_IP = ENV["PROVISIONER_IP"] || "192.168.56.4" LOADBALANCER_IP = ENV["LOADBALANCER_IP"] || "192.168.56.4" MACHINE1_IP = ENV["MACHINE1_IP"] || "192.168.56.43" MACHINE1_MAC = (ENV["MACHINE1_MAC"] || "08:00:27:9E:F5:3A").downcase -USE_POSTGRES = ENV["USE_POSTGRES"] || "" USE_HELM = ENV["USE_HELM"] || "" HELM_CHART_VERSION = ENV["HELM_CHART_VERSION"] || "0.1.2" HELM_LOADBALANCER_INTERFACE = ENV["HELM_LOADBALANCER_INTERFACE"] || "eth1" @@ -30,10 +29,6 @@ Vagrant.configure("2") do |config| end config.vm.define "provisioner" do |provisioner| - if USE_POSTGRES == "true" && USE_HELM == "true" - puts "USE_POSTGRES and USE_HELM cannot both be true" - abort - end if USE_HELM == "true" STACK_DIR = STACK_BASE_DIR + "helm/" DEST_DIR = DEST_DIR_BASE + "helm/" @@ -58,9 +53,6 @@ Vagrant.configure("2") do |config| override.vm.synced_folder STACK_BASE_DIR, DEST_DIR_BASE, type: "rsync" end - if USE_POSTGRES == "true" - DEST_DIR = DEST_DIR_BASE + STACK_OPT + "postgres" - end provisioner.vm.provision :shell, path: STACK_DIR + "/setup.sh", args: [PROVISIONER_IP, MACHINE1_IP, MACHINE1_MAC, DEST_DIR, LOADBALANCER_IP, HELM_CHART_VERSION, HELM_LOADBALANCER_INTERFACE] end diff --git a/deploy/stack/compose/postgres/.env b/deploy/stack/compose/postgres/.env deleted file mode 100644 index d9cb2280..00000000 --- a/deploy/stack/compose/postgres/.env +++ /dev/null @@ -1,27 +0,0 @@ -# These must be defined above/before first use. -# Use of these variables *must* be in ${} form, otherwise docker-compose won't substitute when processing this file -vOSIE=v0.7.0 -vTINK=sha-16186501 - -# Probably don't want to mess with these, unless you know you do -FACILITY=onprem -TINKERBELL_REGISTRY_PASSWORD=Admin1234 -TINKERBELL_REGISTRY_USERNAME=admin -TINKERBELL_TLS= false - -# Can be set to your own hook builds -OSIE_DOWNLOAD_URLS=https://github.com/tinkerbell/hook/releases/download/${vOSIE}/hook_x86_64.tar.gz,https://github.com/tinkerbell/hook/releases/download/${vOSIE}/hook_aarch64.tar.gz - -TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware.json -TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu.yaml - -TINKERBELL_CLIENT_IP=192.168.56.43 -TINKERBELL_CLIENT_MAC=08:00:27:9e:f5:3a -TINKERBELL_HOST_IP=192.168.56.4 - -# Images used by docker-compose natively or in terraform/vagrant, update if necessary -BOOTS_IMAGE=quay.io/tinkerbell/boots:sha-505785d7 -HEGEL_IMAGE=quay.io/tinkerbell/hegel:sha-592588cf -TINK_CLI_IMAGE=quay.io/tinkerbell/tink-cli:${vTINK} -TINK_SERVER_IMAGE=quay.io/tinkerbell/tink:${vTINK} -TINK_WORKER_IMAGE=quay.io/tinkerbell/tink-worker:${vTINK} diff --git a/deploy/stack/compose/postgres/create-tink-records/create.sh b/deploy/stack/compose/postgres/create-tink-records/create.sh deleted file mode 100755 index 90ec1f48..00000000 --- a/deploy/stack/compose/postgres/create-tink-records/create.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/env bash - -# This script is used to push (hardware) and create (template, workflow) Tink Server data/objects -# This script assumes that the `tink` binary is in the PATH and -# TINKERBELL_GRPC_AUTHORITY and TINKERBELL_TLS environment variables are set as necessary -# See https://docs.tinkerbell.org/services/tink-cli/ for more details - -set -euxo pipefail - -# update_hw_ip_addr the hardware json with a specified IP address -update_hw_ip_addr() { - local ip_address=$1 - local hardware_file=$2 - local tmp - tmp=$(mktemp "${hardware_file}.XXXXXXXX") - jq -S '.network.interfaces[0].dhcp.ip.address = "'"${ip_address}"'"' "${hardware_file}" | tee "${tmp}" - mv "${tmp}" "${hardware_file}" -} - -# update_hw_mac_addr the hardware json with a specified MAC address -update_hw_mac_addr() { - local mac_address=$1 - local hardware_file=$2 - local tmp - tmp=$(mktemp "${hardware_file}.XXXXXXXX") - jq -S '.network.interfaces[0].dhcp.mac = "'"${mac_address}"'"' "${hardware_file}" | tee "${tmp}" - mv "${tmp}" "${hardware_file}" -} - -# hardware creates a hardware record in tink from the file_loc provided -hardware() { - tink hardware push --file "$1" 2>/dev/null -} - -# update_template_img_ip the template yaml with a specified IP address -update_template_img_ip() { - local ip_address=$1 - local template_file=$2 - local tmp - tmp=$(mktemp "${template_file}.XXXXXXXX") - sed -E '/IMG_URL:/ s|/[^/]+:|/'"${ip_address}"':|' "${template_file}" | tee "${tmp}" - mv "${tmp}" "${template_file}" -} - -# template checks if a template exists in tink and creates one from the file_loc provided if one does not exist -template() { - if (($(tink template get --no-headers 2>/dev/null | grep -c '^|') > 0)); then - return - fi - - tink template create --file "$1" 2>/dev/null -} - -# workflow checks if a workflow record exists in tink before creating a new one -workflow() { - local mac_address=$1 - - local template_id - template_id=$(tink template get --no-headers 2>/dev/null | grep '^|' | awk '{print $2}' | head -n1) - - local workflow_id - workflow_id=$(tink workflow get --no-headers 2>/dev/null | grep "${template_id}" | awk '{print $2}' | head -n1 || :) - if [[ -n ${workflow_id:-} ]]; then - echo "Workflow [${workflow_id}] already exists" - return - fi - - tink workflow create --template "${template_id}" --hardware '{"device_1":"'"${mac_address}"'"}' 2>/dev/null -} - -# main runs the creation functions in order -hardware_file=$1 -template_file=$2 -ip_address=$3 -client_ip_address=$4 -client_mac_address=$5 - -[[ -z ${hardware_file} ]] && echo "hardware_file arg is empty" >&2 && exit 1 -[[ -z ${template_file} ]] && echo "template_file arg is empty" >&2 && exit 1 -[[ -z ${ip_address} ]] && echo "ip_address arg is empty" >&2 && exit 1 -[[ -z ${client_ip_address} ]] && echo "client_ip_address arg is empty" >&2 && exit 1 -[[ -z ${client_mac_address} ]] && echo "client_mac_address arg is empty" >&2 && exit 1 - -t=$(mktemp hardware-XXXXXXXX) -cat "$hardware_file" >"$t" -hardware_file=$t - -t=$(mktemp template-XXXXXXXX) -cat "$template_file" >"$t" -template_file=$t - -trap 'rm -f "$hardware_file" "$template_file"' EXIT - -client_mac_address=$(echo "$client_mac_address" | tr 'A-F' 'a-f') - -if ! which jq &>/dev/null; then - apk add jq -fi - -update_hw_ip_addr "${client_ip_address}" "${hardware_file}" -update_hw_mac_addr "${client_mac_address}" "${hardware_file}" -hardware "${hardware_file}" -update_template_img_ip "${ip_address}" "${template_file}" -template "${template_file}" -workflow "${client_mac_address}" diff --git a/deploy/stack/compose/postgres/create-tink-records/manifests/hardware/hardware-equinix-metal.json b/deploy/stack/compose/postgres/create-tink-records/manifests/hardware/hardware-equinix-metal.json deleted file mode 100644 index b9dcd634..00000000 --- a/deploy/stack/compose/postgres/create-tink-records/manifests/hardware/hardware-equinix-metal.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "id": "0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94", - "metadata": { - "facility": { - "facility_code": "onprem", - "plan_slug": "c2.medium.x86", - "plan_version_slug": "" - }, - "instance": {}, - "state": "provisioning" - }, - "network": { - "interfaces": [ - { - "dhcp": { - "arch": "x86_64", - "ip": { - "address": "192.168.56.43", - "gateway": "192.168.56.4", - "netmask": "255.255.255.0" - }, - "mac": "08:00:27:9e:f5:3a", - "uefi": false - }, - "netboot": { - "allow_pxe": true, - "allow_workflow": true - } - } - ] - } -} diff --git a/deploy/stack/compose/postgres/create-tink-records/manifests/hardware/hardware.json b/deploy/stack/compose/postgres/create-tink-records/manifests/hardware/hardware.json deleted file mode 100644 index 0fc4496b..00000000 --- a/deploy/stack/compose/postgres/create-tink-records/manifests/hardware/hardware.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "id": "0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94", - "metadata": { - "facility": { - "facility_code": "onprem", - "plan_slug": "c2.medium.x86", - "plan_version_slug": "" - }, - "instance": {}, - "state": "provisioning" - }, - "network": { - "interfaces": [ - { - "dhcp": { - "arch": "x86_64", - "ip": { - "address": "192.168.56.43", - "netmask": "255.255.255.0" - }, - "mac": "08:00:27:9e:f5:3a", - "uefi": false - }, - "netboot": { - "allow_pxe": true, - "allow_workflow": true - } - } - ] - } -} diff --git a/deploy/stack/compose/postgres/create-tink-records/manifests/template/ubuntu-equinix-metal.yaml b/deploy/stack/compose/postgres/create-tink-records/manifests/template/ubuntu-equinix-metal.yaml deleted file mode 100644 index 99acd81b..00000000 --- a/deploy/stack/compose/postgres/create-tink-records/manifests/template/ubuntu-equinix-metal.yaml +++ /dev/null @@ -1,93 +0,0 @@ -version: "0.1" -name: debian_Focal -global_timeout: 1800 -tasks: - - name: "os-installation" - worker: "{{.device_1}}" - volumes: - - /dev:/dev - - /dev/console:/dev/console - - /lib/firmware:/lib/firmware:ro - actions: - - name: "stream-ubuntu-image" - image: image2disk:v1.0.0 - timeout: 600 - environment: - DEST_DISK: /dev/sda - IMG_URL: "http://192.168.56.4:8080/focal-server-cloudimg-amd64.raw.gz" - COMPRESSED: true - - name: "grow-partition" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "growpart /dev/sda 1 && resize2fs /dev/sda1" - - name: "fix-serial" - image: cexec:v1.0.0 - timeout: 90 - pid: host - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "sed -e 's|ttyS0|ttyS1,115200|g' -i /etc/default/grub.d/50-cloudimg-settings.cfg ; update-grub" - - name: "install-openssl" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "apt -y update && apt -y install openssl" - - name: "create-user" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "useradd -p $(openssl passwd -1 tink) -s /bin/bash -d /home/tink/ -m -G sudo tink" - - name: "enable-ssh" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "ssh-keygen -A; systemctl enable ssh.service; sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config" - - name: "disable-apparmor" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "systemctl disable apparmor; systemctl disable snapd" - - name: "write-netplan" - image: writefile:v1.0.0 - timeout: 90 - environment: - DEST_DISK: /dev/sda1 - FS_TYPE: ext4 - DEST_PATH: /etc/netplan/config.yaml - CONTENTS: | - network: - version: 2 - renderer: networkd - ethernets: - id0: - match: - name: en* - dhcp4: true - UID: 0 - GID: 0 - MODE: 0644 - DIRMODE: 0755 diff --git a/deploy/stack/compose/postgres/create-tink-records/manifests/template/ubuntu.yaml b/deploy/stack/compose/postgres/create-tink-records/manifests/template/ubuntu.yaml deleted file mode 100644 index 0b50bc9a..00000000 --- a/deploy/stack/compose/postgres/create-tink-records/manifests/template/ubuntu.yaml +++ /dev/null @@ -1,83 +0,0 @@ -version: "0.1" -name: debian_Focal -global_timeout: 1800 -tasks: - - name: "os-installation" - worker: "{{.device_1}}" - volumes: - - /dev:/dev - - /dev/console:/dev/console - - /lib/firmware:/lib/firmware:ro - actions: - - name: "stream-ubuntu-image" - image: image2disk:v1.0.0 - timeout: 600 - environment: - DEST_DISK: /dev/sda - IMG_URL: "http://192.168.56.4:8080/focal-server-cloudimg-amd64.raw.gz" - COMPRESSED: true - - name: "grow-partition" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "growpart /dev/sda 1 && resize2fs /dev/sda1" - - name: "install-openssl" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "apt -y update && apt -y install openssl" - - name: "create-user" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "useradd -p $(openssl passwd -1 tink) -s /bin/bash -d /home/tink/ -m -G sudo tink" - - name: "enable-ssh" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "ssh-keygen -A; systemctl enable ssh.service; sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config" - - name: "disable-apparmor" - image: cexec:v1.0.0 - timeout: 90 - environment: - BLOCK_DEVICE: /dev/sda1 - FS_TYPE: ext4 - CHROOT: y - DEFAULT_INTERPRETER: "/bin/sh -c" - CMD_LINE: "systemctl disable apparmor; systemctl disable snapd" - - name: "write-netplan" - image: writefile:v1.0.0 - timeout: 90 - environment: - DEST_DISK: /dev/sda1 - FS_TYPE: ext4 - DEST_PATH: /etc/netplan/config.yaml - CONTENTS: | - network: - version: 2 - renderer: networkd - ethernets: - id0: - match: - name: en* - dhcp4: true - UID: 0 - GID: 0 - MODE: 0644 - DIRMODE: 0755 diff --git a/deploy/stack/compose/postgres/docker-compose.yml b/deploy/stack/compose/postgres/docker-compose.yml deleted file mode 100644 index bb6f3ca5..00000000 --- a/deploy/stack/compose/postgres/docker-compose.yml +++ /dev/null @@ -1,277 +0,0 @@ -services: - ##### Actual services first ##### - boots: - image: $BOOTS_IMAGE - command: -log-level DEBUG - network_mode: host - environment: - BOOTP_BIND: 0.0.0.0:67 - DATA_MODEL_VERSION: 1 - DNS_SERVERS: 8.8.8.8 - DOCKER_REGISTRY: $TINKERBELL_HOST_IP - FACILITY_CODE: $FACILITY - HTTP_BIND: $TINKERBELL_HOST_IP:80 - MIRROR_BASE_URL: http://$TINKERBELL_HOST_IP:8080 - PUBLIC_IP: $TINKERBELL_HOST_IP - REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASSWORD - REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USERNAME - SYSLOG_BIND: $TINKERBELL_HOST_IP:514 - TFTP_BIND: $TINKERBELL_HOST_IP:69 - TINKERBELL_GRPC_AUTHORITY: $TINKERBELL_HOST_IP:42113 - TINKERBELL_TLS: $TINKERBELL_TLS - extra_hosts: - - tink-server:$TINKERBELL_HOST_IP - depends_on: - tink-server: - condition: service_healthy - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - restart: unless-stopped - - db: - image: postgres:14-alpine - environment: - POSTGRES_DB: tinkerbell - POSTGRES_PASSWORD: tinkerbell - POSTGRES_USER: tinkerbell - volumes: - - postgres_data:/var/lib/postgresql/data - ports: - - 5432:5432 - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - healthcheck: - test: - - CMD-SHELL - - pg_isready -U tinkerbell - interval: 1s - timeout: 1s - retries: 30 - restart: unless-stopped - - hegel: - image: $HEGEL_IMAGE - environment: - CUSTOM_ENDPOINTS: '{"/metadata":""}' - DATA_MODEL_VERSION: 1 - GRPC_PORT: 42115 - HEGEL_FACILITY: $FACILITY - HEGEL_USE_TLS: 0 - TINKERBELL_GRPC_AUTHORITY: tink-server:42113 - TINKERBELL_TLS: $TINKERBELL_TLS - ports: - - 50060:50060/tcp - - 50061:50061/tcp - depends_on: - tink-server: - condition: service_healthy - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - restart: unless-stopped - - registry: - image: registry:2.7.1 - environment: - REGISTRY_AUTH: htpasswd - REGISTRY_AUTH_HTPASSWD_PATH: /auth/.htpasswd - REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm - REGISTRY_HTTP_ADDR: $TINKERBELL_HOST_IP:443 - REGISTRY_HTTP_TLS_CERTIFICATE: /certs/$FACILITY/server-crt.pem - REGISTRY_HTTP_TLS_KEY: /certs/$FACILITY/server-key.pem - init: true - network_mode: host - volumes: - - auth:/auth:ro - - certs:/certs/$FACILITY:ro - - registry_data:/var/lib/registry - depends_on: - generate-tls-certs: - condition: service_completed_successfully - generate-registry-auth: - condition: service_completed_successfully - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - healthcheck: - test: - - CMD-SHELL - - wget --no-check-certificate "https://$TINKERBELL_HOST_IP" -O - >/dev/null - interval: 5s - timeout: 1s - retries: 5 - restart: unless-stopped - - tink-server: - image: $TINK_SERVER_IMAGE - environment: - FACILITY: $FACILITY - PGDATABASE: tinkerbell - PGHOST: db - PGPASSWORD: tinkerbell - PGPORT: 5432 - PGSSLMODE: disable - PGUSER: tinkerbell - TINKERBELL_GRPC_AUTHORITY: :42113 - TINKERBELL_HTTP_AUTHORITY: :42114 - TINKERBELL_TLS: $TINKERBELL_TLS - volumes: - - certs:/certs/$FACILITY:ro - ports: - - 42113:42113/tcp - - 42114:42114/tcp - depends_on: - db: - condition: service_healthy - generate-tls-certs: - condition: service_completed_successfully - db-migrations: - condition: service_completed_successfully - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - healthcheck: - # port needs to match TINKERBELL_HTTP_AUTHORITY - test: - - CMD-SHELL - - wget -qO- 127.0.0.1:42114/healthz - interval: 5s - timeout: 2s - retries: 30 - restart: unless-stopped - - web-assets-server: - image: nginx:alpine - tty: true - user: root - ports: - - 8080:80/tcp - volumes: - - ./state/webroot/:/usr/share/nginx/html/:ro - depends_on: - fetch-and-convert-ubuntu-img: - condition: service_completed_successfully - fetch-osie: - condition: service_completed_successfully - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - restart: unless-stopped - - ##### One-off setup processes ##### - create-tink-records: - image: $TINK_CLI_IMAGE - command: /app/create.sh "$TINKERBELL_HARDWARE_MANIFEST" "$TINKERBELL_TEMPLATE_MANIFEST" "$TINKERBELL_HOST_IP" "$TINKERBELL_CLIENT_IP" "$TINKERBELL_CLIENT_MAC" - environment: - TINKERBELL_GRPC_AUTHORITY: tink-server:42113 - TINKERBELL_TLS: $TINKERBELL_TLS - volumes: - - ./create-tink-records/create.sh:/app/create.sh:ro - - ./create-tink-records/manifests:/manifests:ro - depends_on: - db: - condition: service_healthy - tink-server: - condition: service_healthy - - db-migrations: - image: $TINK_SERVER_IMAGE - environment: - FACILITY: $FACILITY - ONLY_MIGRATION: "true" - PGDATABASE: tinkerbell - PGHOST: db - PGPASSWORD: tinkerbell - PGPORT: 5432 - PGSSLMODE: disable - PGUSER: tinkerbell - TINKERBELL_TLS: $TINKERBELL_TLS - volumes: - - certs:/certs/$FACILITY:ro - depends_on: - db: - condition: service_healthy - restart: on-failure - - fetch-osie: - image: bash:4.4 - command: /app/fetch.sh "$OSIE_DOWNLOAD_URLS" /workdir - volumes: - - ./fetch-osie/fetch.sh:/app/fetch.sh:ro - - ./state/webroot/misc/osie/current:/workdir - - fetch-and-convert-ubuntu-img: - image: bash:4.4 - entrypoint: /app/fetch.sh - command: https://cloud-images.ubuntu.com/daily/server/focal/current/focal-server-cloudimg-amd64.img /destination - volumes: - - ./fetch-and-convert-ubuntu-img/fetch.sh:/app/fetch.sh:ro - - ./state/webroot:/destination - - generate-registry-auth: - image: httpd:2 - entrypoint: htpasswd - command: -Bbc .htpasswd "$TINKERBELL_REGISTRY_USERNAME" "$TINKERBELL_REGISTRY_PASSWORD" - working_dir: /auth - volumes: - - auth:/auth - - generate-tls-certs: - image: cfssl/cfssl - entrypoint: /app/generate.sh - command: "$TINKERBELL_HOST_IP" - environment: - FACILITY: $FACILITY - TINKERBELL_HOST_IP: $TINKERBELL_HOST_IP - volumes: - - certs:/certs/$FACILITY - - ./generate-tls-certs/:/app:ro - - ./state/webroot/workflow/:/workflow/ - - sync-images-to-local-registry: - image: quay.io/containers/skopeo:v1.4.1 - entrypoint: /bin/bash - command: /app/upload.sh "$TINKERBELL_REGISTRY_USERNAME" "$TINKERBELL_REGISTRY_PASSWORD" "$TINKERBELL_HOST_IP" "$TINK_WORKER_IMAGE" /app/registry_images.txt - volumes: - - ./sync-images-to-local-registry:/app:ro - depends_on: - registry: - condition: service_healthy - - ##### Debugging/interactive commands ##### - tink-cli: - image: $TINK_CLI_IMAGE - environment: - TINKERBELL_GRPC_AUTHORITY: tink-server:42113 - TINKERBELL_TLS: $TINKERBELL_TLS - depends_on: - db: - condition: service_healthy - tink-server: - condition: service_healthy - deploy: - resources: - limits: - cpus: "0.50" - memory: 512M - restart: unless-stopped - -volumes: - auth: - certs: - postgres_data: - registry_data: diff --git a/deploy/stack/compose/postgres/fetch-and-convert-ubuntu-img/fetch.sh b/deploy/stack/compose/postgres/fetch-and-convert-ubuntu-img/fetch.sh deleted file mode 100755 index 920e96cd..00000000 --- a/deploy/stack/compose/postgres/fetch-and-convert-ubuntu-img/fetch.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -# This script is designed to download a cloud image file (.img) and then convert it to a .raw.gz file. -# This is purpose built so non-raw cloud image files can be used with the "image2disk" action. -# See https://artifacthub.io/packages/tbaction/tinkerbell-community/image2disk. - -set -euxo pipefail - -image_url=$1 -file=$2/${image_url##*/} -file=${file%.*}.raw.gz - -if ! which pigz qemu-img &>/dev/null; then - apk add --update pigz qemu-img -fi - -if ! [[ -f $file ]]; then - wget "$image_url" -O image.img - qemu-img convert -O raw image.img image.raw - pigz "$file" - rm -f image.img image.raw -fi diff --git a/deploy/stack/compose/postgres/fetch-osie/fetch.sh b/deploy/stack/compose/postgres/fetch-osie/fetch.sh deleted file mode 100755 index 371b81b9..00000000 --- a/deploy/stack/compose/postgres/fetch-osie/fetch.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -# This script handles downloading, extracting, and copying/moving files in place -# for OSIE and Hook. For more info on OSIE and Hook, see: https://docs.tinkerbell.org/services/osie/ - -set -euxo pipefail - -# create an array using the urls variable, delimited by commas (IFS=,) -# store the array in the variable "urls" -IFS=, read -ra urls <<<"$1" -destdir=$2 - -for url in "${urls[@]}"; do - filename="$destdir/${url##*/}" - if [[ -f ${filename} ]]; then - echo "$filename already downloaded" - continue - fi - - echo "downloading $url" - wget "$url" -O "$filename.tmp" - echo "extracting files..." - tar -zxvf "$filename.tmp" -C "$destdir" - mv "$filename.tmp" "$filename" -done diff --git a/deploy/stack/compose/postgres/generate-tls-certs/ca-config.json b/deploy/stack/compose/postgres/generate-tls-certs/ca-config.json deleted file mode 100644 index 79a97ed9..00000000 --- a/deploy/stack/compose/postgres/generate-tls-certs/ca-config.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "168h" - }, - "profiles": { - "server": { - "backdate": "48h", - "expiry": "8760h", - "usages": [ - "signing", - "key encipherment", - "server auth" - ] - }, - "signing": { - "expiry": "8760h", - "usages": [ - "signing", - "key encipherment" - ] - } - } - } -} diff --git a/deploy/stack/compose/postgres/generate-tls-certs/ca-csr.json b/deploy/stack/compose/postgres/generate-tls-certs/ca-csr.json deleted file mode 100644 index 94ae8d91..00000000 --- a/deploy/stack/compose/postgres/generate-tls-certs/ca-csr.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "CN": "Tinkerbell CA", - "ca": { - "backdate": "48h", - "expiry": "8760h" - }, - "key": { - "algo": "ecdsa", - "size": 256 - }, - "names": [ - { - "L": "@FACILITY@" - } - ] -} diff --git a/deploy/stack/compose/postgres/generate-tls-certs/csr.json b/deploy/stack/compose/postgres/generate-tls-certs/csr.json deleted file mode 100644 index a445fb15..00000000 --- a/deploy/stack/compose/postgres/generate-tls-certs/csr.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "CN": "Tinkerbell", - "hosts": [ - "tinkerbell.registry", - "tinkerbell.tinkerbell", - "tinkerbell", - "tink-server", - "192.168.56.4", - "127.0.0.1", - "localhost" - ], - "key": { - "algo": "ecdsa", - "size": 256 - }, - "names": [ - { - "L": "@FACILITY@" - } - ] -} diff --git a/deploy/stack/compose/postgres/generate-tls-certs/generate.sh b/deploy/stack/compose/postgres/generate-tls-certs/generate.sh deleted file mode 100755 index 0563f0dd..00000000 --- a/deploy/stack/compose/postgres/generate-tls-certs/generate.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env bash -# This script handles the generation of the TLS certificates. -# This generates the files: -# 1. /certs/${FACILITY:-onprem}/ca-crt.pem (CA TLS public certificate) -# 2. /certs/${FACILITY:-onprem}/server-crt.pem (server TLS certificate) -# 3. /certs/${FACILITY:-onprem}/server-key.pem (server TLS private key) -# 4. /certs/${FACILITY:-onprem}/bundle.pem (server TLS certificate; backward compat) -# 5. /workflow/ca.pem (CA TLS public certificate) - -set -euxo pipefail - -# update_csr will add the sans_ip, as a valid host domain in the csr -update_csr() { - local sans_ip="$1" - local csr_file="$2" - sed "/\"hosts\".*/a \ \"${sans_ip}\"," /app/csr.json >"${csr_file}" -} - -# cleanup will remove unneeded files -cleanup() { - rm -rf ca-key.pem ca.csr ca.pem server.csr server.pem -} - -# gen will generate the key and certificate -gen() { - local ca_crt_destination="$1" - local server_crt_destination="$2" - local server_key_destination="$3" - local csr_file="$4" - cfssl gencert -initca /app/ca-csr.json | cfssljson -bare ca - - cfssl gencert -config /app/ca-config.json -ca ca.pem -ca-key ca-key.pem -profile server "${csr_file}" | cfssljson -bare server - mv ca.pem "${ca_crt_destination}" - mv server.pem "${server_crt_destination}" - mv server-key.pem "${server_key_destination}" -} - -# main orchestrates the process -main() { - local sans_ip="$1" - local csr_file="/certs/${FACILITY:-onprem}/csr.json" - local ca_crt_workflow_file="/workflow/ca.pem" - local ca_crt_file="/certs/${FACILITY:-onprem}/ca-crt.pem" - local server_crt_file="/certs/${FACILITY:-onprem}/server-crt.pem" - local server_key_file="/certs/${FACILITY:-onprem}/server-key.pem" - # NB this is required for backward compat. - # TODO once the other think-* services use server-crt.pem this should - # be removed. - local bundle_crt_file="/certs/${FACILITY:-onprem}/bundle.pem" - - if ! grep -q "${sans_ip}" "${csr_file}"; then - update_csr "${sans_ip}" "${csr_file}" - else - echo "IP ${sans_ip} already in ${csr_file}" - fi - if [ ! -f "${ca_crt_file}" ] && [ ! -f "${server_crt_file}" ] && [ ! -f "${server_key_file}" ]; then - gen "${ca_crt_file}" "${server_crt_file}" "${server_key_file}" "${csr_file}" - cp "${server_crt_file}" "${bundle_crt_file}" - else - echo "Files [${ca_crt_file}, ${server_crt_file}, ${server_key_file}] already exist" - fi - if [ ! -f "${ca_crt_workflow_file}" ]; then - cp "${ca_crt_file}" "${ca_crt_workflow_file}" - else - echo "File ${ca_crt_workflow_file} already exist" - fi - cleanup -} - -main "$1" diff --git a/deploy/stack/compose/postgres/sync-images-to-local-registry/registry_images.txt b/deploy/stack/compose/postgres/sync-images-to-local-registry/registry_images.txt deleted file mode 100644 index 19d49167..00000000 --- a/deploy/stack/compose/postgres/sync-images-to-local-registry/registry_images.txt +++ /dev/null @@ -1,4 +0,0 @@ -@TINK_WORKER_IMAGE@ tink-worker:latest -quay.io/tinkerbell-actions/image2disk:v1.0.0 image2disk:v1.0.0 -quay.io/tinkerbell-actions/cexec:v1.0.0 cexec:v1.0.0 -quay.io/tinkerbell-actions/writefile:v1.0.0 writefile:v1.0.0 diff --git a/deploy/stack/compose/postgres/sync-images-to-local-registry/upload.sh b/deploy/stack/compose/postgres/sync-images-to-local-registry/upload.sh deleted file mode 100755 index 1812a516..00000000 --- a/deploy/stack/compose/postgres/sync-images-to-local-registry/upload.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -# This script handles uploading containers from one container registry to another. -# It assumes the target registry requires username and password authentication. - -set -euo pipefail - -user=$1 -pass=$2 -url=$3 -tink_image=$4 -images=$5 - -mapfile -t lines < <(sed 's|@TINK_WORKER_IMAGE@|'"$tink_image"'|' "$images") -printf "syncing:\n" >&2 -printf "%s\n" "${lines[@]}" | sed 's| | → |' >&2 -for l in "${lines[@]}"; do - read -r src dest <<<"$l" - echo "::::: syncying $src → $url/$dest :::::" >&2 - skopeo copy --all --dest-tls-verify=false --dest-creds="$user:$pass" "docker://$src" "docker://$url/$dest" -done diff --git a/deploy/stack/compose/setup.sh b/deploy/stack/compose/setup.sh index 10da7c1e..81617dd3 100755 --- a/deploy/stack/compose/setup.sh +++ b/deploy/stack/compose/setup.sh @@ -47,9 +47,6 @@ setup_compose_env_overrides() { disk_device="/dev/sda" if lsblk | grep -q vda; then disk_device="/dev/vda" - if [[ $compose_dir == *"postgres"* ]]; then - sed -i 's|sda|vda|g' "$compose_dir"/create-tink-records/manifests/template/ubuntu.yaml - fi fi readarray -t lines <<-EOF diff --git a/docs/quickstarts/COMPOSE.md b/docs/quickstarts/COMPOSE.md index a23f94eb..219a8970 100644 --- a/docs/quickstarts/COMPOSE.md +++ b/docs/quickstarts/COMPOSE.md @@ -103,44 +103,6 @@ You will need to bring your own machines to provision. -
- Postgres backend - - ```bash - # watch the workflow events and status for workflow completion - # once the workflow is complete (see the expected output below for completion), move on to the next step - wid=$(tink workflow get --no-headers | awk '/^\|/ {print $2}'); watch -n1 "tink workflow events ${wid}; tink workflow state ${wid}" - - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - | WORKER ID | TASK NAME | ACTION NAME | EXECUTION TIME | MESSAGE | ACTION STATUS | - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | stream-ubuntu-image | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | stream-ubuntu-image | 15 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | install-openssl | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | install-openssl | 1 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | create-user | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | create-user | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | enable-ssh | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | enable-ssh | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | disable-apparmor | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | disable-apparmor | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | write-netplan | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | write-netplan | 0 | finished execution successfully | STATE_SUCCESS | - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - +----------------------+--------------------------------------+ - | FIELD NAME | VALUES | - +----------------------+--------------------------------------+ - | Workflow ID | 3107919b-e59d-11eb-bf99-0242ac120005 | - | Workflow Progress | 100% | - | Current Task | os-installation | - | Current Action | write-netplan | - | Current Worker | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | - | Current Action State | STATE_SUCCESS | - +----------------------+--------------------------------------+ - ``` - -
- 7. Reboot the machine 8. Login to the machine diff --git a/docs/quickstarts/VAGRANTLVIRT.md b/docs/quickstarts/VAGRANTLVIRT.md index 79251117..e3398852 100644 --- a/docs/quickstarts/VAGRANTLVIRT.md +++ b/docs/quickstarts/VAGRANTLVIRT.md @@ -426,46 +426,6 @@ This option will also show you how to create a machine to provision. -
- Postgres backend - - ```bash - # log in to the provisioner - vagrant ssh provisioner - # watch the workflow events and status for workflow completion - # once the workflow is complete (see the expected output below for completion), move on to the next step - wid=$(tink workflow get --no-headers | awk '/^\|/ {print $2}'); watch -n1 "tink workflow events ${wid}; tink workflow state ${wid}" - - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - | WORKER ID | TASK NAME | ACTION NAME | EXECUTION TIME | MESSAGE | ACTION STATUS | - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | stream-ubuntu-image | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | stream-ubuntu-image | 15 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | install-openssl | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | install-openssl | 1 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | create-user | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | create-user | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | enable-ssh | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | enable-ssh | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | disable-apparmor | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | disable-apparmor | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | write-netplan | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | write-netplan | 0 | finished execution successfully | STATE_SUCCESS | - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - +----------------------+--------------------------------------+ - | FIELD NAME | VALUES | - +----------------------+--------------------------------------+ - | Workflow ID | 3107919b-e59d-11eb-bf99-0242ac120005 | - | Workflow Progress | 100% | - | Current Task | os-installation | - | Current Action | write-netplan | - | Current Worker | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | - | Current Action State | STATE_SUCCESS | - +----------------------+--------------------------------------+ - ``` - -
- 5. Reboot the machine ```bash diff --git a/docs/quickstarts/VAGRANTVBOX.md b/docs/quickstarts/VAGRANTVBOX.md index 955f3db0..d2be9681 100644 --- a/docs/quickstarts/VAGRANTVBOX.md +++ b/docs/quickstarts/VAGRANTVBOX.md @@ -394,46 +394,6 @@ This option will also show you how to create a machine to provision. -
- Postgres backend - - ```bash - # log in to the provisioner - vagrant ssh provisioner - # watch the workflow events and status for workflow completion - # once the workflow is complete (see the expected output below for completion), move on to the next step - wid=$(tink workflow get --no-headers | awk '/^\|/ {print $2}'); watch -n1 "tink workflow events ${wid}; tink workflow state ${wid}" - - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - | WORKER ID | TASK NAME | ACTION NAME | EXECUTION TIME | MESSAGE | ACTION STATUS | - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | stream-ubuntu-image | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | stream-ubuntu-image | 15 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | install-openssl | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | install-openssl | 1 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | create-user | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | create-user | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | enable-ssh | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | enable-ssh | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | disable-apparmor | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | disable-apparmor | 0 | finished execution successfully | STATE_SUCCESS | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | write-netplan | 0 | Started execution | STATE_RUNNING | - | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | os-installation | write-netplan | 0 | finished execution successfully | STATE_SUCCESS | - +--------------------------------------+-----------------+---------------------+----------------+---------------------------------+---------------+ - +----------------------+--------------------------------------+ - | FIELD NAME | VALUES | - +----------------------+--------------------------------------+ - | Workflow ID | 3107919b-e59d-11eb-bf99-0242ac120005 | - | Workflow Progress | 100% | - | Current Task | os-installation | - | Current Action | write-netplan | - | Current Worker | 0eba0bf8-3772-4b4a-ab9f-6ebe93b90a94 | - | Current Action State | STATE_SUCCESS | - +----------------------+--------------------------------------+ - ``` - -
- 5. Reboot the machine ```bash