Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion snc.sh
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,14 @@ FROM scratch
RUN ln -sf var/Users /Users && mkdir /var/Users
EOF
podman build --from ${RHCOS_IMAGE} --authfile ${OPENSHIFT_PULL_SECRET_PATH} -t default-route-openshift-image-registry.apps-crc.testing/openshift-machine-config-operator/rhcos:latest --file ${INSTALL_DIR}/Containerfile .
retry ${OC} login -u kubeadmin -p $(cat ${INSTALL_DIR}/auth/kubeadmin-password) --insecure-skip-tls-verify=true api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}:6443
(
set +x # disable the logging in the subshell to prevent the password leakage
kubeadmin_pass=$(cat ${INSTALL_DIR}/auth/kubeadmin-password)
retry ${OC} login -u kubeadmin -p "$kubeadmin_pass" --insecure-skip-tls-verify=true api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}:6443
rm -f ${INSTALL_DIR}/auth/kubeadmin-password
esc_pw="$(printf '%s' "$kubeadmin_pass" | sed -e 's/[\/&|\\]/\\&/g')"
sed -i "s|$esc_pw|REDACTED|g" "${INSTALL_DIR}/.openshift_install.log"
)
retry ${OC} registry login -a ${INSTALL_DIR}/reg.json
retry podman push --authfile ${INSTALL_DIR}/reg.json --tls-verify=false default-route-openshift-image-registry.apps-crc.testing/openshift-machine-config-operator/rhcos:latest
cat << EOF > ${INSTALL_DIR}/custom-os-mc.yaml
Expand Down
13 changes: 8 additions & 5 deletions systemd/crc-cluster-status.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
#!/bin/bash

set -o pipefail
set -o errexit
set -o nounset
set -o errtrace
set -x

export KUBECONFIG=/opt/kubeconfig
Expand All @@ -9,19 +13,19 @@ if [ ! -f /opt/crc/pass_kubeadmin ]; then
exit 1
fi

PASS_KUBEADMIN="$(cat /opt/crc/pass_kubeadmin)"

rm -rf /tmp/.crc-cluster-ready

if ! oc adm wait-for-stable-cluster --minimum-stable-period=1m --timeout=10m; then
exit 1
fi

set +x

echo "Logging into OpenShift with kubeadmin user to update $KUBECONFIG"
COUNTER=1
MAXIMUM_LOGIN_RETRY=10
until oc login --insecure-skip-tls-verify=true -u kubeadmin -p "$PASS_KUBEADMIN" https://api.crc.testing:6443 > /dev/null 2>&1; do

# use a `(set +x)` subshell to avoid leaking the password
until (set +x ; oc login --insecure-skip-tls-verify=true -u kubeadmin -p "$(cat /opt/crc/pass_kubeadmin)" https://api.crc.testing:6443 > /dev/null 2>&1); do
if [ "$COUNTER" -ge "$MAXIMUM_LOGIN_RETRY" ]; then
echo "Unable to login to the cluster..., authentication failed."
exit 1
Expand All @@ -33,4 +37,3 @@ done

# need to set a marker to let `crc` know the cluster is ready
touch /tmp/.crc-cluster-ready

22 changes: 17 additions & 5 deletions systemd/crc-pullsecret.sh
Original file line number Diff line number Diff line change
@@ -1,20 +1,32 @@
#!/bin/bash

set -o pipefail
set -o errexit
set -o nounset
set -o errtrace
set -x

source /usr/local/bin/crc-systemd-common.sh
export KUBECONFIG="/opt/kubeconfig"

wait_for_resource secret

set +x # disable the logging to avoid leaking the pull secrets

# check if existing pull-secret is valid if not add the one from /opt/crc/pull-secret
existingPsB64=$(oc get secret pull-secret -n openshift-config -o jsonpath="{['data']['\.dockerconfigjson']}")
existingPs=$(echo "${existingPsB64}" | base64 -d)

echo "${existingPs}" | jq -e '.auths'

if [[ $? != 0 ]]; then
pullSecretB64=$(base64 -w0 < /opt/crc/pull-secret)
oc patch secret pull-secret -n openshift-config --type merge -p "{\"data\":{\".dockerconfigjson\":\"${pullSecretB64}\"}}"
# check if the .auths field is there
if echo "${existingPs}" | jq -e 'has("auths")' >/dev/null 2>&1; then
echo "Cluster already has the pull secrets, nothing to do"
exit 0
fi

echo "Cluster doesn't have the pull secrets. Setting them from /opt/crc/pull-secret ..."
pullSecretB64=$(base64 -w0 < /opt/crc/pull-secret)
# Create the JSON patch in memory and pipe it to the oc command
printf '{"data":{".dockerconfigjson": "%s"}}' "${pullSecretB64}" | \
oc patch secret pull-secret -n openshift-config --type merge --patch-file=/dev/stdin

exit 0
37 changes: 24 additions & 13 deletions systemd/ocp-userpasswords.sh
Original file line number Diff line number Diff line change
@@ -1,14 +1,21 @@
#!/bin/bash

set -o pipefail
set -o errexit
set -o nounset
set -o errtrace
set -x

source /usr/local/bin/crc-systemd-common.sh
export KUBECONFIG="/opt/kubeconfig"

function gen_htpasswd() {
if [ ! -z "${1}" ] && [ ! -z "${2}" ]; then
podman run --rm -ti xmartlabs/htpasswd $1 $2 >> /tmp/htpasswd.txt
if [ -z "${1:-}" ] || [ -z "${2:-}" ]; then
echo "gen_htpasswd needs two arguments: username password" 1>&2
return 1
fi

podman run --rm docker.io/xmartlabs/htpasswd "$1" "$2"
}

wait_for_resource secret
Expand All @@ -19,20 +26,24 @@ if [ ! -f /opt/crc/pass_developer ]; then
fi

if [ ! -f /opt/crc/pass_kubeadmin ]; then
echo "developer password does not exist"
echo "kubeadmin password does not exist"
exit 1
fi

PASS_DEVELOPER=$(cat /opt/crc/pass_developer)
PASS_KUBEADMIN=$(cat /opt/crc/pass_kubeadmin)
echo "generating the kubeadmin and developer passwords ..."

rm -f /tmp/htpasswd.txt
gen_htpasswd developer "${PASS_DEVELOPER}"
gen_htpasswd kubeadmin "${PASS_KUBEADMIN}"
set +x # /!\ disable the logging to avoid leaking the passwords

if [ -f /tmp/htpasswd.txt ]; then
sed -i '/^\s*$/d' /tmp/htpasswd.txt
dev_pass=$(gen_htpasswd developer "$(cat /opt/crc/pass_developer)")
adm_pass=$(gen_htpasswd kubeadmin "$(cat /opt/crc/pass_kubeadmin)")

oc create secret generic htpass-secret --from-file=htpasswd=/tmp/htpasswd.txt -n openshift-config --dry-run=client -o yaml > /tmp/htpass-secret.yaml
oc replace -f /tmp/htpass-secret.yaml
fi
echo "creating the password secret ..."
# use bash <() to use a temporary fd file
# use sed to remove the empty lines
oc create secret generic htpass-secret \
--from-file=htpasswd=<(printf '%s\n%s\n' "$dev_pass" "$adm_pass") \
-n openshift-config \
--dry-run=client -oyaml \
| oc apply -f-

echo "all done"
9 changes: 6 additions & 3 deletions tools.sh
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,10 @@ function create_vm {
function generate_htpasswd_file {
local auth_file_dir=$1
local pass_file=$2
random_password=$(cat $1/auth/kubeadmin-password)
${HTPASSWD} -c -B -b ${pass_file} developer developer
${HTPASSWD} -B -b ${pass_file} kubeadmin ${random_password}
(
set +x # use a subshell to avoid leaking the password
local random_password=$(cat $1/auth/kubeadmin-password)
${HTPASSWD} -c -B -i "${pass_file}" developer <<<"developer"
${HTPASSWD} -B -i "${pass_file}" kubeadmin <<<"${random_password}"
)
}