summaryrefslogtreecommitdiffstats
path: root/krebs/5pkgs/krebs-ci/notes
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/5pkgs/krebs-ci/notes')
-rwxr-xr-xkrebs/5pkgs/krebs-ci/notes111
1 files changed, 111 insertions, 0 deletions
diff --git a/krebs/5pkgs/krebs-ci/notes b/krebs/5pkgs/krebs-ci/notes
new file mode 100755
index 000000000..7e34d6a28
--- /dev/null
+++ b/krebs/5pkgs/krebs-ci/notes
@@ -0,0 +1,111 @@
+#! /bin/sh
+
+# nix-shell -p gnumake jq openssh cac cacpanel
+set -euf
+
+# 2 secrets are required:
+krebs_cred=${krebs_cred-./cac.json}
+retiolum_key=${retiolum_key-./retiolum.rsa_key.priv}
+
+# Sanity
+if test ! -r "$krebs_cred";then
+ echo "\$krebs_cred=$krebs_cred must be readable"; exit 1
+fi
+if test ! -r "$retiolum_key";then
+ echo "\$retiolum_key=$retiolum_key must be readable"; exit 1
+fi
+
+krebs_secrets=$(mktemp -d)
+sec_file=$krebs_secrets/cac_config
+krebs_ssh=$krebs_secrets/tempssh
+# we need to receive this key from buildmaster to speed up tinc bootstrap
+TRAP="rm $sec_file;rm -r $krebs_secrets"
+trap "$TRAP" INT TERM EXIT
+
+cat > $sec_file <<EOF
+cac_login="$(jq -r .email $krebs_cred)"
+cac_key="$(cac-cli panel --config $krebs_cred settings | jq -r .apicode)"
+EOF
+
+export cac_secrets=$sec_file
+cac-cli panel --config $krebs_cred update-api-ip
+
+# test login:
+cac update
+cac servers
+
+# Template 26: CentOS7
+# TODO: use cac templates to determine the real Centos7 template in case it changes
+name=$( cac build cpu=1 ram=512 storage=10 os=26 2>&1\
+ | jq -r .servername)
+
+id=servername:$name
+trap "cac delete $id;$TRAP" INT TERM EXIT
+# TODO: timeout?
+always_update=true cac waitstatus $id "Powered On"
+
+wait_login_cac(){
+ # timeout
+ for t in `seq 60`;do
+ # now we have a working cac server
+ if cac ssh $1 cat /etc/redhat-release | \
+ grep CentOS ;then
+ return 0
+ fi
+ sleep 10
+ done
+ return 1
+}
+# die on timeout
+wait_login_cac $id
+
+mkdir -p shared/2configs/temp
+cac generatenetworking $id > \
+ shared/2configs/temp/networking.nix
+# new temporary ssh key we will use to log in after infest
+ssh-keygen -f $krebs_ssh -N ""
+cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv
+# we override the directories for secrets and stockholm
+# additionally we set the ssh key we generated
+ip=$(cac getserver $id | jq -r .ip)
+
+cat > shared/2configs/temp/dirs.nix <<EOF
+_: {
+ krebs.build.source.dir = {
+ secrets.path = "$krebs_secrets";
+ stockholm.path = "$(pwd)";
+ };
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ "$(cat ${krebs_ssh}.pub)"
+ ];
+ krebs.build.target = "$ip";
+}
+EOF
+
+LOGNAME=shared make eval get=krebs.infest \
+ target=derp system=test-centos7 filter=json \
+ | sed -e "s#^ssh.*<<#cac ssh $id<<#" \
+ -e "/^rsync/a -e 'cac ssh $id' \\\\" \
+ -e "s#root.derp:#:#" > $krebs_secrets/infest
+sh -x $krebs_secrets/infest
+
+# TODO: generate secrets directory $krebs_secrets for nix import
+cac powerop $id reset
+
+wait_login(){
+ # timeout
+ for t in `seq 20`;do
+ # now we have a working cac server
+ if ssh -o StrictHostKeyChecking=no \
+ -o UserKnownHostsFile=/dev/null \
+ -i $krebs_ssh \
+ -o ConnectTimeout=10 \
+ -o BatchMode=yes \
+ root@$1 nixos-version ;then
+ return 0
+ fi
+ sleep 10
+ done
+ return 1
+}
+wait_login $ip