Browse Source

Allow pulling from a private airshipctl repo

* Added the logic to support pulling airshipctl from a
  private github repo with basic http authentication.

* Added Username, Password in secrets

Relates-To: #632
Relates-To: #636
Change-Id: If1a1bbfaf9ce543cf35377d367b70676f9e3e9ef
changes/90/809290/14
Siraj Yasin 8 months ago
parent
commit
907070454f
  1. 15
      tools/airship-in-a-pod/artifact-setup/assets/entrypoint.sh
  2. 5
      tools/airship-in-a-pod/examples/airshipctl/kustomization.yaml
  3. 17
      tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
  4. 42
      tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml
  5. 30
      tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
  6. 13
      tools/airship-in-a-pod/runner/assets/entrypoint.sh

15
tools/airship-in-a-pod/artifact-setup/assets/entrypoint.sh

@ -27,7 +27,7 @@ function reportStatus() {
}
trap reportStatus EXIT
function cloneRepo() {
function cloneAirshipctlRepo() {
repo_dir=$1
repo_url=$2
repo_ref=$3
@ -35,8 +35,19 @@ function cloneRepo() {
mkdir -p "$repo_dir"
cd "$repo_dir"
set +x
if [[ "$AIRSHIPCTL_REPO_AUTH_TYPE" = "http-basic" ]]
then
AIRSHIPCTL_REPO_AUTH_USERNAME=$( cat /opt/aiap-secret-volume/AIRSHIPCTL_REPO_AUTH_USERNAME )
AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD=$( cat /opt/aiap-secret-volume/AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD )
proto="$(cut -f1 -d":" <<< $repo_url)://"
url="${repo_url/$proto/}"
repo_url="${proto}${AIRSHIPCTL_REPO_AUTH_USERNAME}:${AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD}@${url}"
fi
git init
git fetch "$repo_url" "$repo_ref"
set -x
git checkout FETCH_HEAD
}
@ -70,7 +81,7 @@ else
check_docker_readiness
repo_dir="$ARTIFACTS_DIR/airshipctl"
cloneRepo "$repo_dir" "$AIRSHIPCTL_REPO_URL" "$AIRSHIPCTL_REPO_REF"
cloneAirshipctlRepo "$repo_dir" "$AIRSHIPCTL_REPO_URL" "$AIRSHIPCTL_REPO_REF"
cd "$repo_dir"
./tools/deployment/21_systemwide_executable.sh

5
tools/airship-in-a-pod/examples/airshipctl/kustomization.yaml

@ -21,3 +21,8 @@ patchesJson6902:
kind: Pod
name: airship-in-a-pod
path: replacements.yaml
- target:
version: v1 # apiVersion
kind: Secret
name: aiap-secret
path: secret_replacements.yaml

17
tools/airship-in-a-pod/examples/airshipctl/replacements.yaml

@ -42,18 +42,13 @@
- op: replace
path: "/spec/containers/6/env/10/value"
value: none
# The username to use when using the https protocol (basic-auth)
- op: replace
path: "/spec/containers/6/env/11/value"
value:
# The password to use when using the https protocol (basic-auth)
- op: replace
path: "/spec/containers/6/env/12/value"
value:
# The password to use when using the git protocol (ssh-key)
# The following relate to authorization for pulling the airshipctl repository
# This is the type of authorization to use. Currently supported types are
# [none http-basic ssh-key]
- op: replace
path: "/spec/containers/6/env/13/value"
value:
path: "/spec/containers/4/env/5/value"
value: none
# This is the location on the host machine of the artifacts directory. Note
# that it should be the same across containers

42
tools/airship-in-a-pod/examples/airshipctl/secret_replacements.yaml

@ -0,0 +1,42 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The following relate to authorization for pulling the manifest repository
# The username to use when using the https protocol (basic-auth)
- op: replace
path: "/data/AIRSHIPCTL_REPO_AUTH_USERNAME"
value: ""
# The password to use when using the https protocol (basic-auth)
- op: replace
path: "/data/AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD"
value: ""
# The ssh-key to use when using the git protocol (ssh-key)
- op: replace
path: "/data/AIRSHIPCTL_REPO_AUTH_SSH_KEY"
value: ""
# The following relate to authorization for pulling the manifest repository
# This is the type of authorization to use. Currently supported types are
# [none http-basic ssh-pass]
# The username to use when using the https protocol (basic-auth)
- op: replace
path: "/data/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME"
value: ""
# The password to use when using the https protocol (basic-auth)
- op: replace
path: "/data/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD"
value: ""
# The ssh-key to use when using the git protocol (ssh-key)
- op: replace
path: "/data/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD"
value: ""

30
tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml

@ -10,6 +10,22 @@
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: aiap-secret
labels:
aiap: aiap
data:
AIRSHIPCTL_REPO_AUTH_USERNAME: ""
AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD: ""
AIRSHIPCTL_REPO_AUTH_SSH_KEY: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD: ""
---
apiVersion: v1
kind: Pod
metadata:
@ -215,6 +231,8 @@ spec:
value: https://opendev.org/airship/airshipctl
- name: AIRSHIPCTL_REPO_REF
value: master
- name: AIRSHIPCTL_REPO_AUTH_TYPE
value: "none"
- name: USE_PROXY
value:
- name: no_proxy
@ -236,6 +254,8 @@ spec:
mountPath: /var/run
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: aiap-secret-volume
mountPath: /opt/aiap-secret-volume
- name: infra-builder
image: quay.io/airshipit/aiap-infra-builder:latest
@ -311,12 +331,7 @@ spec:
value:
- name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE
value: "none"
- name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME
value: ""
- name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD
value: ""
- name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD
value: ""
volumeMounts:
- name: cache
mountPath: /opt/aiap-cache
@ -389,3 +404,6 @@ spec:
medium: "Memory"
- name: dind-storage
emptyDir: {}
- name: aiap-secret-volume
secret:
secretName: aiap-secret

13
tools/airship-in-a-pod/runner/assets/entrypoint.sh

@ -52,7 +52,20 @@ echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.bashrc
install "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin
cd "$ARTIFACTS_DIR/airshipctl"
set +x
export AIRSHIP_CONFIG_MANIFEST_DIRECTORY="$ARTIFACTS_DIR/manifests"
if [[ "$AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE" = "http-basic" ]]
then
export AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME=$( cat /opt/aiap-secret-volume/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME )
export AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD=$( cat /opt/aiap-secret-volume/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD )
fi
if [[ "$AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE" = "ssh-pass" ]]
then
export AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD=$( cat /opt/aiap-secret-volume/AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD )
fi
set -x
./tools/deployment/22_test_configs.sh
if [[ -n "$AIRSHIP_CONFIG_PHASE_REPO_REF" ]]; then
export NO_CHECKOUT="false"

Loading…
Cancel
Save