OPACK_SYS_SSH_PRIVATE_KEY?= instead of hardcoded values
This commit is contained in:
Samuel Aubertin
12
src/opack.mk
12
src/opack.mk
@@ -68,10 +68,10 @@ $(OPACK_PACKER_HTTP_DIR)/autodisklabel: | $(OPACK_PACKER_HTTP_DIR)
|
|||||||
$(OPACK_PROVISION_FILE):
|
$(OPACK_PROVISION_FILE):
|
||||||
echo you need to write $@ && exit 1
|
echo you need to write $@ && exit 1
|
||||||
|
|
||||||
id_ed25519:
|
$(OPACK_SYS_SSH_PRIVATE_KEY):
|
||||||
echo "█ $(shell date +'%H:%M:%S') Generating $@"
|
echo "█ $(shell date +'%H:%M:%S') Generating $@"
|
||||||
ssh-keygen -q -t ed25519 -f $@ -P ""
|
ssh-keygen -q -t ed25519 -f $@ -P ""
|
||||||
export OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat id_ed25519.pub 2> /dev/null)
|
export OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat $@.pub 2> /dev/null)
|
||||||
|
|
||||||
$(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
|
$(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
|
||||||
ifndef OPACK_DEBUG
|
ifndef OPACK_DEBUG
|
||||||
@@ -88,7 +88,7 @@ else
|
|||||||
vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE)
|
vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
$(OPACK_PACKER_DIR)/disk.raw.tar.gz: | $(OPACK_PACKER_DIR)/opack-cloud.json id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install-cloud.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
|
$(OPACK_PACKER_DIR)/disk.raw.tar.gz: | $(OPACK_PACKER_DIR)/opack-cloud.json $(OPACK_SYS_SSH_PRIVATE_KEY) $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install-cloud.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
|
||||||
ifndef OPACK_DEBUG
|
ifndef OPACK_DEBUG
|
||||||
$(call spinner,cd $(OPACK_PACKER_DIR) && (CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=$(OPACK_CACHE_DIR) packer build -timestamp-ui opack-cloud.json > opack.log),█ $(shell date +'%H:%M:%S') Autoinstalling $(OPACK_TARGET) and uploading GCE image with Packer)
|
$(call spinner,cd $(OPACK_PACKER_DIR) && (CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=$(OPACK_CACHE_DIR) packer build -timestamp-ui opack-cloud.json > opack.log),█ $(shell date +'%H:%M:%S') Autoinstalling $(OPACK_TARGET) and uploading GCE image with Packer)
|
||||||
else
|
else
|
||||||
@@ -125,14 +125,14 @@ opack-cloud-ssh: opack-cloud
|
|||||||
opack-cloud: | $(OPACK_TERRAFORM_DIR)/terraform.tfstate
|
opack-cloud: | $(OPACK_TERRAFORM_DIR)/terraform.tfstate
|
||||||
cd $(OPACK_TERRAFORM_DIR) 2>/dev/null && terraform output -json ip 2>/dev/null | tr -d '"' | tr -d '[' | tr -d ']' > ../$@
|
cd $(OPACK_TERRAFORM_DIR) 2>/dev/null && terraform output -json ip 2>/dev/null | tr -d '"' | tr -d '[' | tr -d ']' > ../$@
|
||||||
while ! nc -z -w 10 $$(cat $@ 2> /dev/null) 22 2>/dev/null; do sleep 10; done
|
while ! nc -z -w 10 $$(cat $@ 2> /dev/null) 22 2>/dev/null; do sleep 10; done
|
||||||
echo "█ $(shell date +'%H:%M:%S') skz-opack complete"; echo "▒ You can SSH into $(OPACK_TARGET) 'make opack-cloud-ssh' or using:"
|
echo "█ $(shell date +'%H:%M:%S') skz-opack complete"; echo "▒ You can SSH into $(OPACK_TARGET) with 'make opack-cloud-ssh' or using:"
|
||||||
echo "░ ssh -i $(OPACK_SYS_SSH_PRIVATE_KEY) $(OPACK_SYS_USER)@$$(cat $@ 2> /dev/null) ";
|
echo "░ ssh -i $(OPACK_SYS_SSH_PRIVATE_KEY) $(OPACK_SYS_USER)@$$(cat $@ 2> /dev/null) ";
|
||||||
|
|
||||||
opack-clean:
|
opack-clean:
|
||||||
ifndef OPACK_DEBUG
|
ifndef OPACK_DEBUG
|
||||||
-$(call spinner,vagrant destroy -f >/dev/null; cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve >> opack.log && cd .. && rm -rf opack_deploy_$(OPACK_SHORT_REV); rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant opack-cloud $(OPACK_TARGET).json,█ $(shell date +'%H:%M:%S') Cleaning up)
|
-$(call spinner,vagrant destroy -f >> opack.log 2>&1; cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve >> opack.log && cd .. && rm -rf opack_deploy_$(OPACK_SHORT_REV); rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant opack-cloud $(OPACK_TARGET).json,█ $(shell date +'%H:%M:%S') Cleaning up)
|
||||||
else
|
else
|
||||||
-vagrant destroy -f
|
-vagrant destroy -f >> opack.log 2>&1
|
||||||
-cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve >> opack.log
|
-cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve >> opack.log
|
||||||
-rm -rf opack_deploy_$(OPACK_SHORT_REV)
|
-rm -rf opack_deploy_$(OPACK_SHORT_REV)
|
||||||
-rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant opack-cloud $(OPACK_TARGET).json
|
-rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant opack-cloud $(OPACK_TARGET).json
|
||||||
|
|||||||
@@ -139,7 +139,8 @@ OPACK_GCE_ZONE?=europe-west4-b
|
|||||||
OPACK_GCE_MACHINE?=e2-micro
|
OPACK_GCE_MACHINE?=e2-micro
|
||||||
|
|
||||||
# The SSH key to use to connect to the cloud VM
|
# The SSH key to use to connect to the cloud VM
|
||||||
OPACK_SYS_SSH_PRIVATE_KEY=id_ed25519
|
OPACK_SYS_SSH_PRIVATE_KEY?=id_ed25519
|
||||||
|
OPACK_SYS_SSH_PRIVATE_KEY_PATH=$(abspath $(OPACK_SYS_SSH_PRIVATE_KEY))
|
||||||
OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat $(OPACK_SYS_SSH_PRIVATE_KEY).pub)
|
OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat $(OPACK_SYS_SSH_PRIVATE_KEY).pub)
|
||||||
|
|
||||||
# Define the directory for Terraform deployment
|
# Define the directory for Terraform deployment
|
||||||
|
|||||||
@@ -8,11 +8,11 @@ set +x
|
|||||||
printf 'permit nopass :wheel\n' > /etc/doas.conf
|
printf 'permit nopass :wheel\n' > /etc/doas.conf
|
||||||
pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null
|
pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null
|
||||||
while(pgrep -f reorder_kernel > /dev/null) do echo Waiting for reorder_kernel to finish...; sleep 10; done
|
while(pgrep -f reorder_kernel > /dev/null) do echo Waiting for reorder_kernel to finish...; sleep 10; done
|
||||||
syspatch || (echo "Continuing"; true)
|
syspatch 2> /dev/null || (echo "Continuing"; true)
|
||||||
rm -f /etc/ssh/ssh_host*
|
rm -f /etc/ssh/ssh_host*
|
||||||
find /var/log -type f | while read f; do echo -ne '' > $f; done
|
find /var/log -type f | while read f; do echo -ne '' > $f; done
|
||||||
find /tmp -type f | while read f; do echo -ne '' > $f; done
|
find /tmp -type f | while read f; do echo -ne '' > $f; done
|
||||||
for part in $(df | tail -n+2 | awk '{print $6}'); do dd if=/dev/zero of=$part/EMPTY bs=1M || true; rm -f $part/EMPTY || true; done
|
for part in $(df | tail -n+2 | awk '{print $6}'); do dd if=/dev/zero of=$part/EMPTY bs=1M 2> /dev/null || true; rm -f $part/EMPTY || true; done
|
||||||
sync
|
sync
|
||||||
sync
|
sync
|
||||||
echo OPACK: provisionning done.
|
echo OPACK: provisionning done.
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ define OPACK_PACKER_CLOUD_CONTENT =
|
|||||||
"net_device": "virtio-net",
|
"net_device": "virtio-net",
|
||||||
"communicator": "ssh",
|
"communicator": "ssh",
|
||||||
"ssh_username": "root",
|
"ssh_username": "root",
|
||||||
"ssh_private_key_file": "../$(OPACK_SYS_SSH_PRIVATE_KEY)",
|
"ssh_private_key_file": "$(OPACK_SYS_SSH_PRIVATE_KEY_PATH)",
|
||||||
"ssh_wait_timeout": "60m",
|
"ssh_wait_timeout": "60m",
|
||||||
"shutdown_command": "shutdown -p now",
|
"shutdown_command": "shutdown -p now",
|
||||||
"boot_wait": "30s",
|
"boot_wait": "30s",
|
||||||
|
|||||||
Reference in New Issue
Block a user