From 3590be555a3dd2672022f9bd58842e2ba062483a Mon Sep 17 00:00:00 2001 From: YZ775 Date: Wed, 11 Oct 2023 00:30:32 +0000 Subject: [PATCH] fix ignition Signed-off-by: YZ775 --- mtest/host-ign.yml | 61 +++++++++++++++++++ mtest/ignitions/files/etc/sabakan/neco.crt | 21 +++++++ .../systemd/sabakan-cryptsetup.service | 2 +- mtest/ignitions/worker.yml | 1 + 4 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 mtest/ignitions/files/etc/sabakan/neco.crt diff --git a/mtest/host-ign.yml b/mtest/host-ign.yml index 7549c98e..6dc84fce 100644 --- a/mtest/host-ign.yml +++ b/mtest/host-ign.yml @@ -25,6 +25,67 @@ storage: etcd: endpoints: [http://__HOST1__:2379] mode: 0644 + - path: "/etc/sabakan/sabakan-tls.crt" + filesystem: root + mode: 0644 + contents: + inline: | + -----BEGIN CERTIFICATE----- + MIID2jCCAsKgAwIBAgIURDoNhBD/wjaJVE83uuvaQnaPWYowDQYJKoZIhvcNAQEL + BQAwUzEOMAwGA1UEBhMFSmFwYW4xDjAMBgNVBAgTBVRva3lvMRUwEwYDVQQKEwxD + eWJvenUsIEluYy4xDTALBgNVBAsTBE5lY28xCzAJBgNVBAMTAmNhMB4XDTE4MDgw + MjA0NTAwMFoXDTI4MDczMDA0NTAwMFowXDEOMAwGA1UEBhMFSmFwYW4xDjAMBgNV + BAgTBVRva3lvMRUwEwYDVQQKEwxDeWJvenUsIEluYy4xDTALBgNVBAsTBE5lY28x + FDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEAsPpcApp6mY7zN0ZRdRoHqpOagj94jlpWGfFJtjfhUFjEHUBV/YWkylcj + vqTCuf9Y9hRc+e3sIqcaEcDx6pW249k3SBio5O1Q+nNiHkPswLj1uXwMOuFgz28T + IGUFVgykVw5sWtCFZ0CNJhRdoT5sqxVRewJ67slGJ9+gnvOT8tPYhcKdvq87tCzb + Onxa1iE7DEmVoAAv32Ad+n5J1QcEv1Gx/CdCQZrBdxY/5xCINQ4frjTkhEgCrP3F + ZdIr57ykJKsxSUyEQetZVRHIB+51FVQrbkLKZi/coaEhduYpGQHEnrKmLrTT+P2n + Fyi6VW/cNlSZHhRiq4ED13OSQ+dVtwIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQUoLHrxN4T+K76l1cjF0kWzMFJHW8wHwYDVR0jBBgwFoAU12dcKEHA + Mz2JJZXbE2QnLkThBUgwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqG + SIb3DQEBCwUAA4IBAQCpvgz+jcwIDyBOB1ibQ5kGtQ4mg9X1SzcZuQv9oOy/piKI + 4l1msspNhOBOGt/dhWQkvi2zXMEcbJEMdN0LdXYx7pwBHjnrwkRKH73fIuZlliG6 + 7so/BKAD4bUIefVOv+Z6/jr+w5t73Egd7evN2ZGMDngIO6gho8WfVz4Bk6qifirD + 6+MG+t88+Z7tB0za7a4amUav0/fivS3q4Buqby8qmwMUOBUh+PiWrrP9vhagOIMb + 5oHLdff9SE3wAQFoQsKgo685jGMJ8qRfn6CNXbSY5lpd7BRatQVhFammxVUsLnHo + WQkLSHHsZaNiU8UmxQFYiFGpFqRJ9euAJhi1ocPF + -----END CERTIFICATE----- + + - path: "/etc/sabakan/sabakan-tls.key" + filesystem: root + mode: 0644 + contents: + inline: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAsPpcApp6mY7zN0ZRdRoHqpOagj94jlpWGfFJtjfhUFjEHUBV + /YWkylcjvqTCuf9Y9hRc+e3sIqcaEcDx6pW249k3SBio5O1Q+nNiHkPswLj1uXwM + OuFgz28TIGUFVgykVw5sWtCFZ0CNJhRdoT5sqxVRewJ67slGJ9+gnvOT8tPYhcKd + vq87tCzbOnxa1iE7DEmVoAAv32Ad+n5J1QcEv1Gx/CdCQZrBdxY/5xCINQ4frjTk + hEgCrP3FZdIr57ykJKsxSUyEQetZVRHIB+51FVQrbkLKZi/coaEhduYpGQHEnrKm + LrTT+P2nFyi6VW/cNlSZHhRiq4ED13OSQ+dVtwIDAQABAoIBAGOj8V2937zJEQJT + 4tTNXPeatukSFyv+jG96vAeNmpuD/paBfGiKb+dD/Gn/lWrm6w1RFa/ZVpOEBVdt + jEaJGDlcOJWs3JpXSrpXcCyeDZPMDvzpbHFSJxFi9h/NAJ4b7ALfqf3PXOxvGYkQ + +k4oOUJxdDiPgusiAw+8BlC3ztptn88h4iubh40kHmZXRmwO3rZNvsVAWouHRKYf + kEOQYP2L9Qxgk89HcboaYM7d3dxb1gZKhCwfXNHEgiKI37lza7N2sOkdusgZM6Tq + TDZwCIygzREi6UA3/u5x/XOTTSOwYIrxARnZ+1qyWRLilSXvgUBdtcnQl6BYTFKS + Vn138+ECgYEA0rx0MG/V4MXLBao/UY3oc8nM1YEoR2tqpoggT2RevVRsUv3RJOje + uZ0RRtbP9a02kFQUWVd5e0usYEBUx1GxUg5aSj6O3ta3OJOvLthQIYOxjg9U8sQN + x1yn+2pVQn2CnZOvbHk251lElHylBG0CK0yX5bCddUDKMsxZcaBw14kCgYEA1v2t + RmAOtvBa2Ae6SloLKYy/vJ3mIeaauscbXs/XxeKAVcqUxxuS6KlMu9VimvrHoKeX + 9URmOsa6pVuV8BuioaWDumBL3OkS4fOPvkyoz1bKjV9DIs5gFlzR4Ug96rU2Ynqi + kHTSYTTEog9W9b+LhDSFxztpLhnGgXxXGwUiMz8CgYBJ36JjcHDrcKrw+3Ni5Xo9 + TNqvZa13C+LBKisZabgEatnmZe+xHqklLDhoOtl/6A6enbrcbtu5KxfsTeDqVmrw + tvNT34Y5+88S2EKrC01b0kyl3h4LVEr4PjTs36OvwUvObX0ra3qhsxtlaiR23rfJ + 8fm1nSo1dlbrY9NfD70+8QKBgD3x27IyTSsSt+oU1+1CYoL3ReuPx1YvPpfgdJdt + 5Wrj5zxQ4Ws5G6wj07MvOXkUFt7ISzVlHtuClRa9+8ax/7r5mKnjwxgEo+csqVcY + eW88P6JaN1rZAcCPv/1cNlLhIalgUmSy9EcD0EAtkU2/gfB2vbD5AkZBMPvwGpzz + brY7AoGBAIZ+XVewRA64uDVl/tn8bHdz5Zl+spAnOhaFgvS8RdzkJ5A+4+dQf7VJ + j3g69L7A6Eey8J2PZdG2YJ7ou9MXNv/1fsfRDMNfXUV8jcOr7z/1OMysqOCS1B/c + VtLtJG+DMKg1cNzH81xqNY8rBYfbfkrY3TcEa5DZkc8aTrzR4Tjc + -----END RSA PRIVATE KEY----- directories: - filesystem: root diff --git a/mtest/ignitions/files/etc/sabakan/neco.crt b/mtest/ignitions/files/etc/sabakan/neco.crt new file mode 100644 index 00000000..e63aae53 --- /dev/null +++ b/mtest/ignitions/files/etc/sabakan/neco.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdjCCAl6gAwIBAgIUYE7jJIo5oRrmye5+eRZ11pMkwuowDQYJKoZIhvcNAQEL +BQAwUzEOMAwGA1UEBhMFSmFwYW4xDjAMBgNVBAgTBVRva3lvMRUwEwYDVQQKEwxD +eWJvenUsIEluYy4xDTALBgNVBAsTBE5lY28xCzAJBgNVBAMTAmNhMB4XDTE4MDgw +MjA0NTAwMFoXDTI4MDczMDA0NTAwMFowUzEOMAwGA1UEBhMFSmFwYW4xDjAMBgNV +BAgTBVRva3lvMRUwEwYDVQQKEwxDeWJvenUsIEluYy4xDTALBgNVBAsTBE5lY28x +CzAJBgNVBAMTAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqYd +vRd5PJ0CcZRG9qECaaI7IlAi6JxBMAI/IajdDG+d5UAWBMrnT6h6g9drmn3rP1fd ++ZRF9SSrYItuEU4mSTxFP3XNjwpdT/nDIYoLjUGQsG0/7EsRhKnkEZXP3xVMVaIt +umNu4TnOxX3T5exetTlNTKYHqROZUEiLh62HvAoXZJEnykm4QVAvN1A6I4yO2y2+ +bFKaWwMMcRPUmIvHt/v0fOMXJTOGHwOtfrF8MTOJ2QgiIo/vDlp/oPcUABDfyP2F +7QnyUp1GmOQX3K3+s4qNIbeyZNx2gf5xsE1nhzREmarbhglwvkEa9rXhmv1q5tuX +u4lVOKyWcG4QHAls/wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU12dcKEHAMz2JJZXbE2QnLkThBUgwDQYJKoZIhvcN +AQELBQADggEBAAZVooYrKCiPldHnSzvhTk2Y4FRUjcBH+j4ONPtdXzDlyH8Oo31R +zZeiEk65SKKme81pGPLfOQfo6g1sbqEpy8oOBFro/KgT8omOTVofeY1wisme92mm +eblYhRYuVCgwKBvOgJhSJXPASb0HzTlkqknjktDkDvNeDEt9Kc5bAPyqGQurMfcr +0wqixNYxcl8uf0LYOGPj1yt0qEqZBijDEnPBvMF/rJMF/HXjOOYFR0mmkLZQEjkF +9e5y/UW1ruysFKCdy5eJkrgcaSgKWmxgOBf/M0g5qZt/2NwZxIE00rgp7GGXzfor +IhxcFaKJBbdCDITsC6VRdP2NrYb2nE3eyOk= +-----END CERTIFICATE----- diff --git a/mtest/ignitions/systemd/sabakan-cryptsetup.service b/mtest/ignitions/systemd/sabakan-cryptsetup.service index 71f9beb1..4d57cb72 100644 --- a/mtest/ignitions/systemd/sabakan-cryptsetup.service +++ b/mtest/ignitions/systemd/sabakan-cryptsetup.service @@ -5,7 +5,7 @@ Wants=network-online.target [Service] Type=oneshot -Environment="SABAKAN_URL={{ MyURL }}" +Environment="SABAKAN_URL={{ MyURLHTTPS }}" ExecStart=/bin/mkdir -p /opt/sbin ExecStart=/usr/bin/curl -f -s -o /opt/sbin/sabakan-cryptsetup {{ MyURL }}/api/v1/cryptsetup ExecStart=/bin/chmod a+x /opt/sbin/sabakan-cryptsetup diff --git a/mtest/ignitions/worker.yml b/mtest/ignitions/worker.yml index 1264c093..0637dd87 100644 --- a/mtest/ignitions/worker.yml +++ b/mtest/ignitions/worker.yml @@ -1,6 +1,7 @@ passwd: passwd.yml files: - /etc/hostname + - /etc/sabakan/neco.crt networkd: - 10-eth0.network systemd: