fic
/
server
2
0
Fork 0
Code Issues Pull Requests 10 Releases Wiki Activity

Start playing with metadata

This commit is contained in:
nemunaire 2023-07-24 16:14:52 +02:00
parent 6caf8c53b9
commit 8717fc24fd
6 changed files with 101 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.gitlab-ci.yml
View File

@ -107,24 +107,16 @@ fickit:
- sed -i "s@nemunaire/fic-@${CI_REGISTRY_IMAGE}/master/@;s@nemunaire/@${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}/@" fickit-backend.yml fickit-boot.yml fickit-frontend.yml fickit-prepare.yml fickit-update.yml
- mv "${SYNCHRO_SSH_KEY_FILE}" configs/id_ed25519
- mv "${SYNCHRO_SSH_PUBKEY_FILE}" configs/id_ed25519.pub
- base64 -d "${DM_CRYPT_ENCKEY}" > configs/dm-crypt.key
- mv "${DHPARAMS_FILE}" configs/dhparams-4096.pem
- mkdir configs/fic.srs.epita.fr
- mv "${SSL_CERT_FILE}" configs/fic.srs.epita.fr/fullchain.pem || touch configs/fic.srs.epita.fr/fullchain.pem
- mv "${SSL_PRIVKEY_FILE}" configs/fic.srs.epita.fr/privkey.pem || touch configs/fic.srs.epita.fr/privkey.pem
- linuxkit build -format kernel+squashfs fickit-backend.yml
- linuxkit build -format kernel+squashfs fickit-boot.yml
- linuxkit build -format kernel+squashfs fickit-frontend.yml
- linuxkit build -format kernel+squashfs fickit-prepare.yml
- linuxkit build -format kernel+squashfs fickit-update.yml
- linuxkit build -format kernel+initrd fickit-boot.yml
- linuxkit build -format kernel+initrd fickit-prepare.yml
- linuxkit build -format kernel+initrd fickit-update.yml
artifacts:
paths:
- fickit-backend-squashfs.img
- fickit-boot-kernel
- fickit-boot-squashfs.img
- fickit-frontend-squashfs.img
- fickit-prepare-squashfs.img
- fickit-update-squashfs.img
- fickit-boot-kernel
- fickit-boot-initrd.img
- fickit-prepare-initrd.img
- fickit-update-initrd.img

58
configs/gen_metadata.sh Executable file
View File

File diff suppressed because one or more lines are too long

2
configs/update_imgs.sh
View File

@ -2,7 +2,7 @@
mkdir -p /boot/imgs
for img in fickit-kernel fickit-boot-initrd.img fickit-frontend-squashfs.img fickit-backend-squashfs.img fickit-update-initrd.img
for img in fickit-kernel fickit-metadata fickit-boot-initrd.img fickit-frontend-squashfs.img fickit-backend-squashfs.img fickit-update-initrd.img
do
wget -O "/boot/imgs/${img}" "$1/${img}"
done

26
fickit-backend.yml
View File

@ -22,6 +22,16 @@ onboot:
binds:
- /etc/sysctl.d/01-fic.conf:/etc/sysctl.d/01-fic.conf:ro
# Metadata
- name: metadata-mount
image: linuxkit/mount:f671cb94a8999a65e33b3fe79f3def58e3d58b07
command: ["/usr/bin/mountie", "-device", "/dev/sda1", "/boot" ]
- name: metadata
image: linuxkit/metadata:501144d47215671e77b9cac44748a04f21236195
command: ["/usr/bin/metadata", "-v", "file=/fickit-metadata"]
binds:
- /boot/fickit-metadata:/fickit-metadata:ro
# Filesystem
- name: swap
image: linuxkit/swap:d17a7f1c26ff768c26b3c206ccf3aa72349568df
@ -29,6 +39,8 @@ onboot:
- name: dm-crypt
image: linuxkit/dm-crypt:526d32351c8246431be8e1a168cb514ff3c365af
command: ["/usr/bin/crypto", "-l", "crypt_fic", "/dev/sda3"]
binds:
- /run/config/dm-crypt:/etc/dm-crypt
- name: mount
image: linuxkit/mount:f671cb94a8999a65e33b3fe79f3def58e3d58b07
command: ["/usr/bin/mountie", "-device", "/dev/mapper/crypt_fic", "/var/lib/fic" ]
@ -282,7 +294,7 @@ services:
binds:
- /etc/hosts:/etc/hosts:ro
- /var/lib/fic/ssh:/etc/ssh:ro
- /root/.ssh/id_ed25519:/root/.ssh/id_ed25519:ro
- /run/config/synchro/id_ed25519:/root/.ssh/id_ed25519:ro
- /root/synchro.sh:/root/synchro.sh:ro
- /var/lib/fic/files:/srv/FILES:ro
#- /var/lib/fic/pki/ca.key:/srv/PKI/ca.key:ro
@ -305,7 +317,7 @@ services:
image: nemunaire/rsync:a3d76b2dd0a9ad73be44dc77ad765b20d96a3285
binds:
- /etc/hosts:/etc/hosts:ro
- /root/.ssh/:/root/.ssh/:ro
- /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys:ro
- /usr/bin/iptables:/usr/bin/iptables:ro
- /usr/bin/mysql:/usr/bin/mysql:ro
- /usr/bin/pnsenter:/usr/bin/pnsenter:ro
@ -361,12 +373,6 @@ files:
- path: etc/hosts
source: configs/hosts
mode: "0644"
- path: root/.ssh/authorized_keys
source: configs/authorized_keys
mode: "0400"
- path: root/.ssh/id_ed25519
source: configs/id_ed25519
mode: "0400"
- path: usr/bin/iptables
source: configs/nsenter_iptables.sh
@ -447,10 +453,6 @@ files:
COMMIT
mode: "0440"
- path: etc/dm-crypt/key
source: configs/dm-crypt.key
mode: "0440"
trust:
org:
- linuxkit

36
fickit-frontend.yml
View File

@ -21,6 +21,16 @@ onboot:
- name: sysctl
image: linuxkit/sysctl:a88a50c104d538b58da5e1441f6f0b4b738f76a6
# Metadata
- name: metadata-mount
image: linuxkit/mount:f671cb94a8999a65e33b3fe79f3def58e3d58b07
command: ["/usr/bin/mountie", "-device", "/dev/sda1", "/boot" ]
- name: metadata
image: linuxkit/metadata:501144d47215671e77b9cac44748a04f21236195
command: ["/usr/bin/metadata", "-v", "file=/fickit-metadata"]
binds:
- /boot/fickit-metadata:/fickit-metadata:ro
# Filesystem
- name: swap
image: linuxkit/swap:d17a7f1c26ff768c26b3c206ccf3aa72349568df
@ -28,6 +38,8 @@ onboot:
- name: dm-crypt
image: linuxkit/dm-crypt:526d32351c8246431be8e1a168cb514ff3c365af
command: ["/usr/bin/crypto", "-l", "crypt_fic", "/dev/sda3"]
binds:
- /run/config/dm-crypt:/etc/dm-crypt
- name: mount
image: linuxkit/mount:f671cb94a8999a65e33b3fe79f3def58e3d58b07
command: ["/usr/bin/mountie", "-device", "/dev/mapper/crypt_fic", "/var/lib/fic" ]
@ -152,7 +164,7 @@ services:
- /etc/hosts:/etc/hosts:ro
- /etc/resolv.conf:/etc/resolv.conf:ro
- /etc/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf:ro
- /etc/nginx/ssl/:/etc/nginx/ssl/:ro
- /run/config/tls_config/:/etc/nginx/ssl/:ro
- /etc/nginx/fic-auth.conf:/etc/nginx/fic-auth.conf:ro
- /etc/nginx/fic-get-team.conf:/etc/nginx/fic-get-team.conf:ro
- /www/htdocs-frontend:/srv/htdocs-frontend:ro
@ -213,7 +225,7 @@ services:
binds:
- /etc/hosts:/etc/hosts:ro
- /var/lib/fic/ssh:/etc/ssh:ro
- /root/.ssh/id_synchro.pub:/root/.ssh/authorized_keys:ro
- /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys:ro
- /var/lib/fic/files:/srv/FILES
- /var/lib/fic/pki:/srv/PKI
- /var/lib/fic/settingsdist:/srv/SETTINGSDIST
@ -310,25 +322,9 @@ files:
source: configs/sysctl-frontend.conf
mode: "0444"
- path: etc/nginx/ssl/dhparams-4096.pem
source: configs/dhparams-4096.pem
mode: "0444"
- path: etc/nginx/ssl/fullchain.pem
source: configs/fic.srs.epita.fr/fullchain.pem
mode: "0444"
- path: etc/nginx/ssl/privkey.pem
source: configs/fic.srs.epita.fr/privkey.pem
mode: "0440"
- path: etc/hosts
source: configs/hosts
mode: "0644"
- path: root/.ssh/authorized_keys
source: configs/authorized_keys
mode: "0400"
- path: root/.ssh/id_synchro.pub
source: configs/id_ed25519.pub
mode: "0400"
- path: etc/dhcp/dhcpd.conf
source: configs/dhcpd.conf
@ -473,10 +469,6 @@ files:
COMMIT
mode: "0440"
- path: etc/dm-crypt/key
source: configs/dm-crypt.key
mode: "0440"
trust:
org:
- linuxkit

12
fickit-prepare.yml
View File

@ -9,6 +9,7 @@ init:
- nemunaire/syslinux:086f221f281d577d300949aa1094fb20c5cd90dc
- linuxkit/format:9c40b556691c1bf47394603aeb2dbdba21e7e32e
- linuxkit/dm-crypt:526d32351c8246431be8e1a168cb514ff3c365af
- linuxkit/metadata:501144d47215671e77b9cac44748a04f21236195
- alpine:latest
files:
@ -50,6 +51,10 @@ files:
ip link set eth0 up
udhcpc -i eth0
# Retrieve metadata
wget -O /tmp/metadata.json "$(ip r | grep default | awk '{ print $3 }')/fickit-metadata"
/usr/bin/metadata -v file=/tmp/metadata.json
# Try to detect backend/frontend setup
if ip l | grep eth3 > /dev/null
then
@ -92,8 +97,8 @@ files:
# Format partitions
mkswap "${SWAP_PART}"
#mkfs.ext4 -F "${ROOT_PART}"
cryptsetup -q -s 512 luksFormat "${ROOT_PART}" /etc/dm-crypt/key
cryptsetup luksOpen -d /etc/dm-crypt/key "${ROOT_PART}" crypt_fic
cryptsetup -q -s 512 luksFormat "${ROOT_PART}" /run/config/dm-crypt/key
cryptsetup luksOpen -d /run/config/dm-crypt/key "${ROOT_PART}" crypt_fic
mkfs.ext4 -F /dev/mapper/crypt_fic
sync
@ -220,6 +225,3 @@ files:
o
w
mode: "0440"
- path: etc/dm-crypt/key
source: configs/dm-crypt.key
mode: "0440"