Skip to content

Commit

Permalink
infra: add custom ssh public key for debugging
Browse files Browse the repository at this point in the history 
Signed-off-by: Yang Chiu <yang.chiu@suse.com>
  • Loading branch information
@yangchiu
yangchiu authored and David Ko committed Dec 19, 2023
1 parent d9e0a6a commit abe85c0
Show file tree
Hide file tree
Showing 37 changed files with 162 additions and 4 deletions.
1 change: 1 addition & 0 deletions test_framework/Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ node {
--env TF_VAR_azure_tenant_id=${AZURE_TENANT_ID} \
--env TF_VAR_azure_subscription_id=${AZURE_SUBSCRIPTION_ID} \
--env TF_VAR_cis_hardening=${CIS_HARDENING} \
--env TF_VAR_custom_ssh_public_key="${CUSTOM_SSH_PUBLIC_KEY}" \
${imageName}
"""

Expand Down
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/oracle/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ data "template_file" "provision_k3s_server" {
k3s_cluster_secret = random_password.cluster_secret.result
k3s_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
k3s_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -37,6 +38,7 @@ data "template_file" "provision_k3s_agent" {
k3s_server_url = "https://${aws_eip.lh_aws_eip_controlplane[0].public_ip}:6443"
k3s_cluster_secret = random_password.cluster_secret.result
k3s_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -47,6 +49,7 @@ data "template_file" "provision_rke2_server" {
rke2_cluster_secret = random_password.cluster_secret.result
rke2_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
rke2_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -57,5 +60,6 @@ data "template_file" "provision_rke2_agent" {
rke2_server_url = "https://${aws_eip.lh_aws_eip_controlplane[0].public_ip}:9345"
rke2_cluster_secret = random_password.cluster_secret.result
rke2_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/oracle/user-data-scripts/provision_k3s_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,7 @@ until (curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --token ${k3s_clus
echo 'k3s agent did not install correctly'
sleep 2
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
3 changes: 3 additions & 0 deletions test_framework/terraform/aws/oracle/user-data-scripts/provision_k3s_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,6 @@ until (kubectl get pods -A | grep 'Running'); do
sleep 5
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
5 changes: 5 additions & 0 deletions test_framework/terraform/aws/oracle/user-data-scripts/provision_rke2_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,9 @@ EOF

systemctl enable rke2-agent.service
systemctl start rke2-agent.service

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi

exit $?
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/oracle/user-data-scripts/provision_rke2_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,7 @@ until (KUBECONFIG=/etc/rancher/rke2/rke2.yaml /var/lib/rancher/rke2/bin/kubectl
echo 'Waiting for rke2 startup'
sleep 5
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
6 changes: 6 additions & 0 deletions test_framework/terraform/aws/oracle/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,3 +114,9 @@ variable "create_load_balancer" {
type = bool
default = false
}

variable "custom_ssh_public_key" {
type = string
default = ""
sensitive = true
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rhel/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ data "template_file" "provision_k3s_server" {
k3s_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
enable_selinux = var.selinux_mode == "permissive" ? "false" : "true"
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -43,6 +44,7 @@ data "template_file" "provision_k3s_agent" {
k3s_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
enable_selinux = var.selinux_mode == "permissive" ? "false" : "true"
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -54,6 +56,7 @@ data "template_file" "provision_rke2_server" {
rke2_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
rke2_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -65,5 +68,6 @@ data "template_file" "provision_rke2_agent" {
rke2_cluster_secret = random_password.cluster_secret.result
rke2_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
custom_ssh_public_key = var.custom_ssh_public_key
}
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rhel/user-data-scripts/provision_k3s_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,7 @@ until (curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --token ${k3s_clus
echo 'k3s agent did not install correctly'
sleep 2
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rhel/user-data-scripts/provision_k3s_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,7 @@ until (sudo /usr/local/bin/kubectl get pods -A | grep 'Running'); do
echo 'Waiting for k3s startup'
sleep 5
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
7 changes: 6 additions & 1 deletion test_framework/terraform/aws/rhel/user-data-scripts/provision_rke2_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,9 @@ EOF

sudo systemctl enable rke2-agent.service
sudo systemctl start rke2-agent.service
exit $?

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi

exit $?
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rhel/user-data-scripts/provision_rke2_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,7 @@ until (KUBECONFIG=/etc/rancher/rke2/rke2.yaml sudo /var/lib/rancher/rke2/bin/kub
echo 'Waiting for rke2 startup'
sleep 5
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
6 changes: 6 additions & 0 deletions test_framework/terraform/aws/rhel/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,3 +120,9 @@ variable "create_load_balancer" {
type = bool
default = false
}

variable "custom_ssh_public_key" {
type = string
default = ""
sensitive = true
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rockylinux/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ data "template_file" "provision_k3s_server" {
k3s_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
enable_selinux = var.selinux_mode == "permissive" ? "false" : "true"
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -48,6 +49,7 @@ data "template_file" "provision_k3s_agent" {
k3s_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
enable_selinux = var.selinux_mode == "permissive" ? "false" : "true"
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -59,6 +61,7 @@ data "template_file" "provision_rke2_server" {
rke2_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
rke2_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -70,5 +73,6 @@ data "template_file" "provision_rke2_agent" {
rke2_cluster_secret = random_password.cluster_secret.result
rke2_version = var.k8s_distro_version
selinux_mode = var.selinux_mode
custom_ssh_public_key = var.custom_ssh_public_key
}
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rockylinux/user-data-scripts/provision_k3s_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,7 @@ until (curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --token ${k3s_clus
echo 'k3s agent did not install correctly'
sleep 2
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/rocky/.ssh/authorized_keys
fi
3 changes: 3 additions & 0 deletions test_framework/terraform/aws/rockylinux/user-data-scripts/provision_k3s_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,6 @@ until (kubectl get pods -A | grep 'Running'); do
sleep 5
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/rocky/.ssh/authorized_keys
fi
5 changes: 5 additions & 0 deletions test_framework/terraform/aws/rockylinux/user-data-scripts/provision_rke2_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,9 @@ EOF

sudo systemctl enable rke2-agent.service
sudo systemctl start rke2-agent.service

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/rocky/.ssh/authorized_keys
fi

exit $?
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/rockylinux/user-data-scripts/provision_rke2_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,7 @@ until (KUBECONFIG=/etc/rancher/rke2/rke2.yaml /var/lib/rancher/rke2/bin/kubectl
echo 'Waiting for rke2 startup'
sleep 5
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/rocky/.ssh/authorized_keys
fi
6 changes: 6 additions & 0 deletions test_framework/terraform/aws/rockylinux/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,4 +119,10 @@ variable "use_hdd" {
variable "create_load_balancer" {
type = bool
default = false
}

variable "custom_ssh_public_key" {
type = string
default = ""
sensitive = true
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/sle-micro/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ data "template_file" "provision_k3s_server" {
k3s_cluster_secret = random_password.cluster_secret.result
k3s_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
k3s_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -30,6 +31,7 @@ data "template_file" "provision_k3s_agent" {
k3s_server_url = "https://${aws_eip.lh_aws_eip_controlplane[0].public_ip}:6443"
k3s_cluster_secret = random_password.cluster_secret.result
k3s_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -40,6 +42,7 @@ data "template_file" "provision_rke2_server" {
rke2_cluster_secret = random_password.cluster_secret.result
rke2_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
rke2_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -50,5 +53,6 @@ data "template_file" "provision_rke2_agent" {
rke2_server_url = "https://${aws_eip.lh_aws_eip_controlplane[0].public_ip}:9345"
rke2_cluster_secret = random_password.cluster_secret.result
rke2_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/sle-micro/user-data-scripts/provision_k3s_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ fi

curl -sfL https://get.k3s.io | sudo INSTALL_K3S_EXEC="agent --token ${k3s_cluster_secret}" K3S_URL="${k3s_server_url}" INSTALL_K3S_VERSION="${k3s_version}" sh -
sudo systemctl start k3s-agent

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/suse/.ssh/authorized_keys
fi
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/sle-micro/user-data-scripts/provision_k3s_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,7 @@

curl -sfL https://get.k3s.io | sudo INSTALL_K3S_EXEC="server --node-taint "node-role.kubernetes.io/master=true:NoExecute" --node-taint "node-role.kubernetes.io/master=true:NoSchedule" --tls-san ${k3s_server_public_ip} --write-kubeconfig-mode 644 --token ${k3s_cluster_secret}" INSTALL_K3S_VERSION="${k3s_version}" sh -
sudo systemctl start k3s

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/suse/.ssh/authorized_keys
fi
7 changes: 6 additions & 1 deletion test_framework/terraform/aws/sle-micro/user-data-scripts/provision_rke2_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,9 @@ EOF

sudo systemctl enable rke2-agent.service
sudo systemctl start rke2-agent.service
exit $?

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/suse/.ssh/authorized_keys
fi

exit $?
6 changes: 5 additions & 1 deletion test_framework/terraform/aws/sle-micro/user-data-scripts/provision_rke2_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,8 @@ EOF

sudo systemctl enable rke2-server.service
sudo systemctl start rke2-server.service
sudo ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
sudo ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/suse/.ssh/authorized_keys
fi
6 changes: 6 additions & 0 deletions test_framework/terraform/aws/sle-micro/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,4 +121,10 @@ variable "create_load_balancer" {
variable "registration_code" {
type = string
sensitive = true
}

variable "custom_ssh_public_key" {
type = string
default = ""
sensitive = true
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/sles/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ data "template_file" "provision_k3s_server" {
k3s_cluster_secret = random_password.cluster_secret.result
k3s_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
k3s_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -27,6 +28,7 @@ data "template_file" "provision_k3s_agent" {
k3s_server_url = "https://${aws_eip.lh_aws_eip_controlplane[0].public_ip}:6443"
k3s_cluster_secret = random_password.cluster_secret.result
k3s_version = var.k8s_distro_version
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -38,6 +40,7 @@ data "template_file" "provision_rke2_server" {
rke2_server_public_ip = aws_eip.lh_aws_eip_controlplane[0].public_ip
rke2_version = var.k8s_distro_version
cis_hardening = var.cis_hardening
custom_ssh_public_key = var.custom_ssh_public_key
}
}

Expand All @@ -49,5 +52,6 @@ data "template_file" "provision_rke2_agent" {
rke2_cluster_secret = random_password.cluster_secret.result
rke2_version = var.k8s_distro_version
cis_hardening = var.cis_hardening
custom_ssh_public_key = var.custom_ssh_public_key
}
}
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/sles/user-data-scripts/provision_k3s_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,7 @@ until (curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --token ${k3s_clus
echo 'k3s agent did not install correctly'
sleep 2
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
3 changes: 3 additions & 0 deletions test_framework/terraform/aws/sles/user-data-scripts/provision_k3s_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,6 @@ until (kubectl get pods -A | grep 'Running'); do
RETRY=$((RETRY+1))
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
5 changes: 5 additions & 0 deletions test_framework/terraform/aws/sles/user-data-scripts/provision_rke2_agent.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,4 +60,9 @@ EOF
fi

systemctl start rke2-agent.service

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi

exit $?
4 changes: 4 additions & 0 deletions test_framework/terraform/aws/sles/user-data-scripts/provision_rke2_server.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,7 @@ until (KUBECONFIG=/etc/rancher/rke2/rke2.yaml /var/lib/rancher/rke2/bin/kubectl
fi
RETRY=$((RETRY+1))
done

if [[ -n "${custom_ssh_public_key}" ]]; then
echo "${custom_ssh_public_key}" >> /home/ec2-user/.ssh/authorized_keys
fi
Loading

0 comments on commit abe85c0

Please sign in to comment.