6 changed files with 353 additions and 0 deletions
@ -0,0 +1,30 @@ |
|||
# Podman Lab on AWS EC2 |
|||
|
|||
## Development on local machine |
|||
|
|||
Pre-requisites: Libvirt on Fedora |
|||
|
|||
```sh |
|||
cd cloud-init |
|||
./install-libvirt.sh |
|||
``` |
|||
|
|||
## Installation on AWS EC2 |
|||
|
|||
Pre-requisites: |
|||
|
|||
- Terraform |
|||
- OpenSSL |
|||
- Bash |
|||
- mkpasswd |
|||
- gzip |
|||
|
|||
```sh |
|||
cd cloud-init |
|||
./generate-users.sh |
|||
cd .. |
|||
terraform init |
|||
terraform apply |
|||
``` |
|||
|
|||
User accounts are in **cloud-init/users.csv**. |
|||
@ -0,0 +1,3 @@ |
|||
users.csv |
|||
users.yaml |
|||
user-data.yaml.gz |
|||
@ -0,0 +1,25 @@ |
|||
#!/bin/bash |
|||
|
|||
set -Eeuo pipefail |
|||
|
|||
echo -n > users.yaml |
|||
echo "username,password" > users.csv |
|||
|
|||
read -p 'MASTER KEY: ' -s MASTER_KEY |
|||
|
|||
for i in $(seq 1 80); do |
|||
user="$(printf 'user%02d' $i)" |
|||
password="$(echo -n "$MASTER_KEY:$user" | openssl dgst -sha256 -binary | openssl base64 | cut -c 1-8)" |
|||
echo "$user,$password" >> users.csv |
|||
hash="$(echo -n "$password" | mkpasswd -m sha512crypt -s)" |
|||
cat >> users.yaml <<EOF |
|||
- name: $user |
|||
gecos: Utilisateur $i |
|||
shell: /bin/bash |
|||
primary_group: lab |
|||
lock_passwd: false |
|||
passwd: $hash |
|||
EOF |
|||
done |
|||
|
|||
cat user-data.yaml users.yaml | gzip -c > user-data.yaml.gz |
|||
@ -0,0 +1,26 @@ |
|||
#!/bin/bash |
|||
|
|||
set -Eeuo pipefail |
|||
|
|||
virsh destroy lab-podman || true |
|||
virsh undefine lab-podman || true |
|||
rm -rf /var/lib/libvirt/images/lab-podman |
|||
|
|||
mkdir -p /var/lib/libvirt/images/base-images /var/lib/libvirt/images/lab-podman |
|||
|
|||
if [ ! -f /var/lib/libvirt/images/base-images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2 ]; then |
|||
curl -Lo /var/lib/libvirt/images/base-images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2 https://download.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2 |
|||
fi |
|||
|
|||
# dnf install -y cloud-utils genisoimage |
|||
cloud-localds /var/lib/libvirt/images/lab-podman/cloud-init.iso user-data.yaml |
|||
|
|||
virt-install --name lab-podman --autostart --noautoconsole --cpu host-passthrough \ |
|||
--vcpus 2 --ram 4096 --os-variant fedora36 \ |
|||
--disk path=/var/lib/libvirt/images/lab-podman/lab-podman.qcow2,backing_store=/var/lib/libvirt/images/base-images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2,size=20 \ |
|||
--network network=default \ |
|||
--console pty,target.type=virtio --serial pty --import \ |
|||
--disk path=/var/lib/libvirt/images/lab-podman/cloud-init.iso,readonly=on \ |
|||
--sysinfo system.serial=ds=nocloud |
|||
|
|||
virsh console lab-podman |
|||
@ -0,0 +1,124 @@ |
|||
#cloud-config |
|||
packages: |
|||
- zsh |
|||
- neofetch |
|||
- podman |
|||
- buildah |
|||
- skopeo |
|||
- jq |
|||
- curl |
|||
- vim-enhanced |
|||
- java-17-openjdk-headless |
|||
- maven-openjdk17 |
|||
- git |
|||
runcmd: |
|||
# Disable SSH password authentication |
|||
- [ "sed", "-i.post-install", "-e", "s/PasswordAuthentication no/PasswordAuthentication yes/", "/etc/ssh/sshd_config" ] |
|||
- [ "systemctl", "restart", "sshd" ] |
|||
# Enable sudo without password |
|||
- [ "sed", "-i.post-install", "-e", "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/", "/etc/sudoers" ] |
|||
write_files: |
|||
- path: /etc/neofetch/config.conf |
|||
content: | |
|||
print_info() { |
|||
info title |
|||
info underline |
|||
info "OS" distro |
|||
info "Host" model |
|||
info "Kernel" kernel |
|||
info "Uptime" uptime |
|||
info "Shell" shell |
|||
info "CPU" cpu |
|||
info "Memory" memory |
|||
info "CPU Usage" cpu_usage |
|||
info "Disk" disk |
|||
info "Local IP" local_ip |
|||
info "Public IP" public_ip |
|||
info cols |
|||
} |
|||
title_fqdn="off" |
|||
kernel_shorthand="on" |
|||
distro_shorthand="off" |
|||
os_arch="on" |
|||
uptime_shorthand="on" |
|||
memory_percent="on" |
|||
memory_unit="gib" |
|||
package_managers="on" |
|||
shell_path="off" |
|||
shell_version="on" |
|||
speed_type="bios_limit" |
|||
speed_shorthand="off" |
|||
cpu_brand="on" |
|||
cpu_speed="on" |
|||
cpu_cores="logical" |
|||
cpu_temp="off" |
|||
gpu_brand="on" |
|||
gpu_type="all" |
|||
refresh_rate="off" |
|||
gtk_shorthand="off" |
|||
gtk2="on" |
|||
gtk3="on" |
|||
public_ip_host="http://ident.me" |
|||
public_ip_timeout=2 |
|||
de_version="on" |
|||
disk_show=('/') |
|||
disk_subtitle="mount" |
|||
disk_percent="on" |
|||
music_player="auto" |
|||
song_format="%artist% - %album% - %title%" |
|||
song_shorthand="off" |
|||
mpc_args=() |
|||
colors=(distro) |
|||
bold="on" |
|||
underline_enabled="on" |
|||
underline_char="-" |
|||
separator=":" |
|||
block_range=(0 15) |
|||
color_blocks="off" |
|||
block_width=3 |
|||
block_height=1 |
|||
col_offset="auto" |
|||
bar_char_elapsed="-" |
|||
bar_char_total="=" |
|||
bar_border="on" |
|||
bar_length=15 |
|||
bar_color_elapsed="distro" |
|||
bar_color_total="distro" |
|||
cpu_display="off" |
|||
memory_display="off" |
|||
battery_display="off" |
|||
disk_display="off" |
|||
image_backend="ascii" |
|||
image_source="auto" |
|||
ascii_distro="auto" |
|||
ascii_colors=(distro) |
|||
ascii_bold="on" |
|||
image_loop="off" |
|||
thumbnail_dir="${XDG_CACHE_HOME:-${HOME}/.cache}/thumbnails/neofetch" |
|||
crop_mode="normal" |
|||
crop_offset="center" |
|||
image_size="auto" |
|||
gap=3 |
|||
yoffset=0 |
|||
xoffset=0 |
|||
background_color= |
|||
stdout="off" |
|||
- path: /etc/profile.d/neofetch.sh |
|||
content: | |
|||
#!/bin/bash |
|||
if [ -n "$PS1" ]; then |
|||
neofetch --config /etc/neofetch/config.conf |
|||
fi |
|||
permissions: '0755' |
|||
groups: |
|||
- lab |
|||
users: |
|||
- name: nicolas |
|||
gecos: Nicolas MASSE |
|||
shell: /bin/bash |
|||
primary_group: wheel |
|||
lock_passwd: false |
|||
# mkpasswd -m sha512crypt |
|||
passwd: CHANGEME |
|||
ssh_authorized_keys: |
|||
- ssh-ed25519 UPDATEME nmasse@redhat.com |
|||
@ -0,0 +1,145 @@ |
|||
terraform { |
|||
required_providers { |
|||
aws = { |
|||
source = "hashicorp/aws" |
|||
version = "4.34.0" |
|||
} |
|||
} |
|||
} |
|||
|
|||
provider "aws" { |
|||
region = "eu-west-3" |
|||
} |
|||
|
|||
provider "aws" { |
|||
region = "us-east-1" |
|||
alias = "aws-us" |
|||
} |
|||
|
|||
data "aws_ami" "fedora" { |
|||
provider = aws.aws-us |
|||
most_recent = true |
|||
|
|||
filter { |
|||
name = "name" |
|||
values = ["Fedora-Cloud-Base-36*x86_64-hvm-*-gp2-*"] |
|||
} |
|||
|
|||
filter { |
|||
name = "virtualization-type" |
|||
values = ["hvm"] |
|||
} |
|||
|
|||
owners = ["125523088429"] # Fedora |
|||
} |
|||
|
|||
resource "aws_ami_copy" "lab_ami" { |
|||
name = "Fedora-Cloud-Base-36.x86_64-hvm-eu-west-3-gp2-0" |
|||
description = "A copy of Fedora-Cloud-Base-36-20221013.0.x86_64-hvm-us-east-1-gp2-0" |
|||
source_ami_id = data.aws_ami.fedora.id |
|||
source_ami_region = "us-east-1" |
|||
|
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_vpc" "lab_vpc" { |
|||
cidr_block = "172.16.0.0/16" |
|||
enable_dns_support = true |
|||
enable_dns_hostnames = true |
|||
|
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_subnet" "lab_subnet" { |
|||
vpc_id = aws_vpc.lab_vpc.id |
|||
cidr_block = "172.16.10.0/24" |
|||
map_public_ip_on_launch = true |
|||
|
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_route_table" "lab_route" { |
|||
vpc_id = aws_vpc.lab_vpc.id |
|||
|
|||
route { |
|||
cidr_block = "0.0.0.0/0" |
|||
gateway_id = aws_internet_gateway.lab_gw.id |
|||
} |
|||
|
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_route_table_association" "lab_rta" { |
|||
subnet_id = aws_subnet.lab_subnet.id |
|||
route_table_id = aws_route_table.lab_route.id |
|||
} |
|||
|
|||
resource "aws_security_group" "lab_podman" { |
|||
vpc_id = aws_vpc.lab_vpc.id |
|||
|
|||
ingress { |
|||
description = "Incoming SSH connection" |
|||
from_port = 22 |
|||
to_port = 22 |
|||
protocol = "tcp" |
|||
cidr_blocks = ["0.0.0.0/0"] |
|||
} |
|||
|
|||
egress { |
|||
description = "Outgoing connections" |
|||
from_port = 0 |
|||
to_port = 0 |
|||
protocol = -1 |
|||
cidr_blocks = ["0.0.0.0/0"] |
|||
} |
|||
|
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_internet_gateway" "lab_gw" { |
|||
vpc_id = aws_vpc.lab_vpc.id |
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_key_pair" "admin" { |
|||
key_name = "lab-podman-nmasse@redhat.com" |
|||
public_key = file("~/.ssh/id_ed25519.pub") |
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
resource "aws_instance" "lab_podman" { |
|||
ami = aws_ami_copy.lab_ami.id |
|||
instance_type = "m5a.xlarge" |
|||
key_name = aws_key_pair.admin.key_name |
|||
subnet_id = aws_subnet.lab_subnet.id |
|||
depends_on = [aws_internet_gateway.lab_gw] |
|||
vpc_security_group_ids = [aws_security_group.lab_podman.id] |
|||
user_data = filebase64("cloud-init/user-data.yaml.gz") |
|||
associate_public_ip_address = true |
|||
|
|||
credit_specification { |
|||
cpu_credits = "unlimited" |
|||
} |
|||
|
|||
tags = { |
|||
Name = "lab-podman" |
|||
} |
|||
} |
|||
|
|||
output "public_ip" { |
|||
value = aws_instance.lab_podman.public_ip |
|||
} |
|||
Loading…
Reference in new issue