Skip to content

Commit e5cb8da

Browse files
arampricearamprice
committed
CI: remove noble ops file usage
- noble behavior is alreayd the bosh-deployment default - docker-cpi image has `docker-env` for debug use - docker-cpi cleanup `start-bosh` script
1 parent 1a8861a commit e5cb8da

File tree

5 files changed

+54
-38
lines changed

5 files changed

+54
-38
lines changed

ci/dockerfiles/docker-cpi/Dockerfile

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,5 @@ RUN curl -o /usr/local/bosh.tgz "$(bosh int /usr/local/bosh-deployment/bosh.yml
3333
&& curl -o /usr/local/bpm.tgz "$(bosh int /usr/local/bosh-deployment/bosh.yml --path /releases/name=bpm/url)"
3434

3535
COPY local-releases.yml /usr/local/local-releases.yml
36-
COPY noble-updates.yml /usr/local/noble-updates.yml
3736
COPY start-bosh.sh /usr/local/bin/start-bosh
38-
3937
RUN chmod +x /usr/local/bin/start-bosh

ci/dockerfiles/docker-cpi/noble-updates.yml

Lines changed: 0 additions & 3 deletions
This file was deleted.

ci/dockerfiles/docker-cpi/start-bosh.sh

Lines changed: 39 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,9 @@ EOF
3939
bosh int ./certs.yml --path=/client_docker_tls/private_key > ./key.pem
4040
# generate certs in json format
4141
#
42-
ruby -e 'puts File.read("./ca.pem").split("\n").join("\\n")' > $certs_dir/ca_json_safe.pem
43-
ruby -e 'puts File.read("./cert.pem").split("\n").join("\\n")' > $certs_dir/client_certificate_json_safe.pem
44-
ruby -e 'puts File.read("./key.pem").split("\n").join("\\n")' > $certs_dir/client_private_key_json_safe.pem
42+
ruby -e 'puts File.read("./ca.pem").split("\n").join("\\n")' > "${certs_dir}/ca_json_safe.pem"
43+
ruby -e 'puts File.read("./cert.pem").split("\n").join("\\n")' > "${certs_dir}/client_certificate_json_safe.pem"
44+
ruby -e 'puts File.read("./key.pem").split("\n").join("\\n")' > "${certs_dir}/client_private_key_json_safe.pem"
4545
popd > /dev/null
4646
}
4747

@@ -52,13 +52,14 @@ function sanitize_cgroups() {
5252

5353
mount -o remount,rw /sys/fs/cgroup
5454

55+
# shellcheck disable=SC2034
5556
sed -e 1d /proc/cgroups | while read sys hierarchy num enabled; do
5657
if [ "$enabled" != "1" ]; then
5758
# subsystem disabled; skip
5859
continue
5960
fi
6061

61-
grouping="$(cat /proc/self/cgroup | cut -d: -f2 | grep "\\<$sys\\>")"
62+
grouping="$(cut -d: -f2 < /proc/self/cgroup | grep "\\<$sys\\>")"
6263
if [ -z "$grouping" ]; then
6364
# subsystem not mounted anywhere; mount it on its own
6465
grouping="$sys"
@@ -133,9 +134,6 @@ EOF
133134

134135
service docker start
135136

136-
export DOCKER_TLS_VERIFY=1
137-
export DOCKER_CERT_PATH="${certs_dir}"
138-
139137
rc=1
140138
for i in $(seq 1 100); do
141139
echo "waiting for docker to come up... (${i})"
@@ -171,10 +169,20 @@ function main() {
171169
exit 1
172170
fi
173171

174-
export DOCKER_HOST="tcp://${OUTER_CONTAINER_IP}:4243"
175-
176172
local certs_dir
177173
certs_dir=$(mktemp -d)
174+
175+
export DOCKER_HOST="tcp://${OUTER_CONTAINER_IP}:4243"
176+
export DOCKER_TLS_VERIFY=1
177+
export DOCKER_CERT_PATH="${certs_dir}"
178+
cat <<EOF > "${local_bosh_dir}/docker-env"
179+
export DOCKER_HOST="tcp://${OUTER_CONTAINER_IP}:4243"
180+
export DOCKER_TLS_VERIFY=1
181+
export DOCKER_CERT_PATH="${certs_dir}"
182+
183+
EOF
184+
echo "Source '${local_bosh_dir}/docker-env' to run docker" >&2
185+
178186
start_docker "${certs_dir}"
179187

180188
local local_bosh_dir
@@ -193,46 +201,51 @@ function main() {
193201

194202
mkdir -p ${local_bosh_dir}
195203

196-
additional_ops_files=""
197-
if [ "$(lsb_release -cs)" != "jammy" ]; then
198-
additional_ops_files="-o /usr/local/noble-updates.yml"
199-
fi
204+
cat <<EOF > "${local_bosh_dir}/docker_tls.json"
205+
{
206+
"ca": "$(cat "${certs_dir}/ca_json_safe.pem")",
207+
"certificate": "$(cat "${certs_dir}/client_certificate_json_safe.pem")",
208+
"private_key": "$(cat "${certs_dir}/client_private_key_json_safe.pem")"
209+
}
210+
211+
EOF
200212

201-
command bosh int bosh.yml \
213+
bosh int bosh.yml \
202214
-o docker/cpi.yml \
203215
-o jumpbox-user.yml \
204216
-o /usr/local/local-releases.yml \
205-
${additional_ops_files} \
206217
-v director_name=docker \
207218
-v internal_cidr=10.245.0.0/16 \
208219
-v internal_gw=10.245.0.1 \
209220
-v internal_ip="${BOSH_DIRECTOR_IP}" \
210221
-v docker_host="${DOCKER_HOST}" \
211-
-v network=director_network \
212-
-v docker_tls="{\"ca\": \"$(cat "${certs_dir}/ca_json_safe.pem")\",\"certificate\": \"$(cat "${certs_dir}/client_certificate_json_safe.pem")\",\"private_key\": \"$(cat "${certs_dir}/client_private_key_json_safe.pem")\"}" \
213-
${@} > "${local_bosh_dir}/bosh-director.yml"
214-
215-
command bosh create-env "${local_bosh_dir}/bosh-director.yml" \
216-
--vars-store="${local_bosh_dir}/creds.yml" \
217-
--state="${local_bosh_dir}/state.json"
222+
-v network="${docker_network_name}" \
223+
-v docker_tls="$(cat "${local_bosh_dir}/docker_tls.json")" \
224+
"${@}" > "${local_bosh_dir}/bosh-director.yml"
218225

219-
bosh int "${local_bosh_dir}/creds.yml" --path /director_ssl/ca > "${local_bosh_dir}/ca.crt"
220-
bosh -e "${BOSH_DIRECTOR_IP}" --ca-cert "${local_bosh_dir}/ca.crt" alias-env "${BOSH_ENVIRONMENT}"
226+
bosh create-env "${local_bosh_dir}/bosh-director.yml" \
227+
--vars-store="${local_bosh_dir}/creds.yml" \
228+
--state="${local_bosh_dir}/state.json"
221229

230+
bosh int "${local_bosh_dir}/creds.yml" --path /director_ssl/ca \
231+
> "${local_bosh_dir}/ca.crt"
222232
bosh_client_secret="$(bosh int "${local_bosh_dir}/creds.yml" --path /admin_password)"
223233

234+
bosh -e "${BOSH_DIRECTOR_IP}" --ca-cert "${local_bosh_dir}/ca.crt" alias-env "${BOSH_ENVIRONMENT}"
235+
224236
cat <<EOF > "${local_bosh_dir}/env"
225237
export BOSH_ENVIRONMENT="${BOSH_ENVIRONMENT}"
226238
export BOSH_CLIENT=admin
227239
export BOSH_CLIENT_SECRET=${bosh_client_secret}
228240
export BOSH_CA_CERT="${local_bosh_dir}/ca.crt"
229241
230242
EOF
243+
echo "Source '${local_bosh_dir}/env' to run bosh" >&2
231244
source "${local_bosh_dir}/env"
232245

233-
bosh -n update-cloud-config docker/cloud-config.yml -v network=director_network
246+
bosh -n update-cloud-config docker/cloud-config.yml -v network="${docker_network_name}"
234247

235248
popd > /dev/null
236249
}
237250

238-
main ${@}
251+
main "${@}"

ci/dockerfiles/warden-cpi/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,10 +37,10 @@ RUN \
3737
wget -q -O /usr/local/releases/uaa.tgz "${UAA_RELEASE_URL}" && \
3838
wget -q -O /usr/local/releases/credhub.tgz "${CREDHUB_RELEASE_URL}"
3939

40-
COPY local-releases.yml /usr/local/releases/local-releases.yml
41-
40+
COPY local-releases.yml /usr/local/local-releases.yml
4241
COPY start-bosh.sh /usr/local/bin/start-bosh
4342
RUN chmod +x /usr/local/bin/start-bosh
43+
4444
COPY template-renderer.rb /tmp/template-renderer.rb
4545
COPY install-garden.rb /tmp/install-garden.rb
4646
RUN ruby /tmp/install-garden.rb /usr/local/releases/garden-runc.tgz

ci/dockerfiles/warden-cpi/start-bosh.sh

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,14 +10,15 @@ local_bosh_dir="/tmp/local-bosh/director"
1010

1111
additional_ops_files=""
1212
if [ "${USE_LOCAL_RELEASES:="true"}" != "false" ]; then
13-
additional_ops_files="-o /usr/local/releases/local-releases.yml"
13+
additional_ops_files="-o /usr/local/local-releases.yml"
1414
fi
1515

16-
pushd ${BOSH_DEPLOYMENT_PATH:-/usr/local/bosh-deployment} > /dev/null
16+
pushd "${BOSH_DEPLOYMENT_PATH:-/usr/local/bosh-deployment}" > /dev/null
1717
export BOSH_DIRECTOR_IP="192.168.56.6"
1818

1919
mkdir -p ${local_bosh_dir}
2020

21+
# shellcheck disable=SC2086
2122
bosh int bosh.yml \
2223
-o bosh-lite.yml \
2324
-o warden/cpi.yml \
@@ -31,22 +32,29 @@ pushd ${BOSH_DEPLOYMENT_PATH:-/usr/local/bosh-deployment} > /dev/null
3132
-v internal_cidr=192.168.56.0/24 \
3233
-v outbound_network_name=NatNetwork \
3334
-v garden_host=127.0.0.1 \
34-
${@} > "${local_bosh_dir}/bosh-director.yml"
35+
"${@}" > "${local_bosh_dir}/bosh-director.yml"
3536

3637
bosh create-env "${local_bosh_dir}/bosh-director.yml" \
3738
--vars-store="${local_bosh_dir}/creds.yml" \
3839
--state="${local_bosh_dir}/state.json"
3940

40-
bosh int "${local_bosh_dir}/creds.yml" --path /director_ssl/ca > "${local_bosh_dir}/ca.crt"
41+
bosh int "${local_bosh_dir}/creds.yml" --path /director_ssl/ca \
42+
> "${local_bosh_dir}/ca.crt"
43+
bosh_client_secret="$(bosh int "${local_bosh_dir}/creds.yml" --path /admin_password)"
4144

4245
cat <<EOF > "${local_bosh_dir}/env"
4346
export BOSH_ENVIRONMENT="${BOSH_DIRECTOR_IP}"
4447
export BOSH_CLIENT=admin
45-
export BOSH_CLIENT_SECRET=`bosh int "${local_bosh_dir}/creds.yml" --path /admin_password`
48+
export BOSH_CLIENT_SECRET=${bosh_client_secret}
4649
export BOSH_CA_CERT="${local_bosh_dir}/ca.crt"
50+
4751
EOF
52+
53+
echo "Source '${local_bosh_dir}/env' to run bosh" >&2
4854
source "${local_bosh_dir}/env"
4955

5056
bosh -n update-cloud-config warden/cloud-config.yml
57+
5158
ip route add 10.244.0.0/15 via ${BOSH_DIRECTOR_IP}
59+
5260
popd > /dev/null

0 commit comments

Comments
 (0)