forked from karmab/kcli-ztp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path06_disconnected.sh
executable file
·99 lines (94 loc) · 4.84 KB
/
06_disconnected.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
set -euo pipefail
export PATH=/root/bin:$PATH
export PULL_SECRET="/root/openshift_pull.json"
dnf -y install podman httpd httpd-tools jq bind-utils
export IP=$(ip -o addr show {{ installer_nic }}|head -1 | awk '{print $4}' | cut -d'/' -f1)
REVERSE_NAME=$(dig -x $IP +short | sed 's/\.[^\.]*$//')
echo $IP | grep -q ':' && SERVER6=$(grep : /etc/resolv.conf | grep -v fe80 | cut -d" " -f2) && REVERSE_NAME=$(dig -6x $IP +short @$SERVER6 | sed 's/\.[^\.]*$//')
REGISTRY_NAME=${REVERSE_NAME:-$(hostname -f)}
echo $IP $REGISTRY_NAME >> /etc/hosts
KEY=$( echo -n {{ disconnected_user }}:{{ disconnected_password }} | base64)
jq ".auths += {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\",\"email\": \"[email protected]\"}}" < $PULL_SECRET > /root/temp.json
mkdir -p /opt/registry/{auth,certs,data,conf}
cat <<EOF > /opt/registry/conf/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
compatibility:
schema1:
enabled: true
EOF
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -x509 -days 365 -out /opt/registry/certs/domain.crt -subj "/C=US/ST=Madrid/L=San Bernardo/O=Karmalabs/OU=Guitar/CN=$REGISTRY_NAME" -addext "subjectAltName=DNS:$REGISTRY_NAME"
cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
htpasswd -bBc /opt/registry/auth/htpasswd {{ disconnected_user }} {{ disconnected_password }}
podman create --name registry --net host --security-opt label=disable -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -v /opt/registry/conf/config.yml:/etc/docker/registry/config.yml -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" -e "REGISTRY_HTTP_SECRET=ALongRandomSecretForRegistry" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key {{ registry_image }}
podman start registry
{% if version == 'ci' %}
export OPENSHIFT_RELEASE_IMAGE={{ openshift_image }}
{% elif version in ['nightly', 'stable'] %}
{% set tag = tag|string %}
{% if tag.split('.')|length > 2 %}
TAG={{ tag }}
{% elif version == 'nightly' %}
TAG={{"latest-" + tag }}
{% else %}
TAG={{"stable-" + tag }}
{% endif %}
OCP_REPO={{ 'ocp-dev-preview' if version == 'nightly' else 'ocp' }}
export OPENSHIFT_RELEASE_IMAGE=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/$OCP_REPO/$TAG/release.txt | grep 'Pull From: quay.io' | awk -F ' ' '{print $3}')
{% else %}
export OPENSHIFT_RELEASE_IMAGE=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ version }}-{{ tag }}/release.txt | grep 'Pull From: quay.io' | awk -F ' ' '{print $3}')
{% endif %}
export LOCAL_REG="$REGISTRY_NAME:5000"
mv /root/temp.json $PULL_SECRET
export OCP_RELEASE=$(/root/bin/openshift-baremetal-install version | head -1 | cut -d' ' -f2)-x86_64
time oc adm release mirror -a $PULL_SECRET --from=$OPENSHIFT_RELEASE_IMAGE --to-release-image=${LOCAL_REG}/ocp4:${OCP_RELEASE} --to=${LOCAL_REG}/ocp4
echo "{\"auths\": {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\", \"email\": \"[email protected]\"}}}" > /root/temp.json
if [ "$(grep imageContentSources /root/install-config.yaml)" == "" ] ; then
cat << EOF >> /root/install-config.yaml
imageContentSources:
- mirrors:
- $REGISTRY_NAME:5000/ocp4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
- mirrors:
- $REGISTRY_NAME:5000/ocp4
{% if version == 'ci' %}
source: registry.ci.openshift.org/ocp/release
{% elif version == 'nightly' %}
source: quay.io/openshift-release-dev/ocp-release-nightly
{% else %}
source: quay.io/openshift-release-dev/ocp-release
{% endif %}
EOF
else
IMAGECONTENTSOURCES="- mirrors:\n - $REGISTRY_NAME:5000/ocp4\n source: quay.io/openshift-release-dev/ocp-v4.0-art-dev\n- mirrors:\n - $REGISTRY_NAME:5000/ocp4\n source: registry.ci.openshift.org/ocp/release"
sed -i "/imageContentSources/a${IMAGECONTENTSOURCES}" /root/install-config.yaml
fi
if [ "$(grep additionalTrustBundle /root/install-config.yaml)" == "" ] ; then
echo "additionalTrustBundle: |" >> /root/install-config.yaml
sed -e 's/^/ /' /opt/registry/certs/domain.crt >> /root/install-config.yaml
else
LOCALCERT="-----BEGIN CERTIFICATE-----\n $(grep -v CERTIFICATE /opt/registry/certs/domain.crt | tr -d '[:space:]')\n -----END CERTIFICATE-----"
sed -i "/additionalTrustBundle/a${LOCALCERT}" /root/install-config.yaml
sed -i 's/^-----BEGIN/ -----BEGIN/' /root/install-config.yaml
fi
echo $REGISTRY_NAME:5000/ocp4:$OCP_RELEASE > /root/version.txt
PULLSECRET=$(cat /root/openshift_pull.json | tr -d [:space:])
echo -e "pullSecret: |\n $PULLSECRET" >> /root/install-config.yaml
cp /root/99-operatorhub.yaml /root/manifests