File start_workload of Package demo-container
#!/bin/sh
# aginies@suse.com
#
# Quick script to easily start workload on ALP OS
# https://build.opensuse.org/project/show/SUSE:ALP:Workloads
PODMAN=/usr/bin/podman
# Official repo
WORKLOADPATH=registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads
NEEDTOREBOOT=0
TOINSTALL=""
TOREMOVE=""
### Some useful functions
# Improve console layout with some color
txtund=$(tput sgr 0 1) # Underline
txtbld=$(tput bold) # Bold
bldred=${txtbld}$(tput setaf 1) # red
bldgreen=${txtbld}$(tput setaf 2) # green
txtrst=$(tput sgr0) # Reset
info_warn() {
WARN=${bldred}$1${txtrst}
echo -e ${WARN}
}
info_cmd() {
CMDTXT=${txtund}${bldgreen}$1${txtrst}
echo -e ${CMDTXT}
}
launch_command() {
"$@"
local exit_status=$?
if [ $exit_status -ne 0 ]; then
info_warn "Command failed with exit status $exit_status."
exit 1
fi
return $exit_status
}
# useful to wait for input
press_enter() {
cat <<EOF
--------------------------------------------
Press ENTER to continue or Crtl+c to Abort
--------------------------------------------
EOF
read
}
show_info() {
# To display encapsuled text with #
nbchar="${1//[*]}"
count=-1
echo
while [ $count -le ${#nbchar} ]; do ((count++)); echo -n "#"; done
echo; echo " $1"
count=-1
while [ $count -le ${#nbchar} ]; do ((count++)); echo -n "#"; done
echo
}
# xauth is required for GUI app
xauth_needed() {
check_package install xauth
if [ ! -z "$TOINSTALL" ]; then
echo "- You need to install ${TOINSTALL}"
press_enter
pkg_install
fi
}
# display info about xauth
warning_xauth() {
echo -e "
Its mandatory to connect with ssh to the ALP OS using the -X (forwarding option):"
info_cmd "ssh -X root@ALPOSIP"
echo "If not you will have a message similar to:"
info_warn "${DISPLAY} is not defined for graphical frontend"
}
# Check if we need to reboot the system to be ready
check_reboot_system() {
if [ ${NEEDTOREBOOT} -eq "1" ]; then
info_warn "Reboot the system?"
press_enter
reboot
fi
}
# grab exact IP address
get_ip() {
# grab all interfaces
FRND=`openssl rand -hex 5`
nmcli -g all | grep "^[a-z]" | grep connected | cut -d ":" -f 1 > /tmp/get_ip${FRND}
# grab IP
cat /tmp/get_ip${FRND} | while read line;
do
#echo $line
ip -4 addr show "$line" | grep -oP "(?<=inet ).*(?=/)"
echo -n $IP
done
rm -f /tmp/get_ip${FRND}
}
# how to connect to access the service
help_connect_info() {
# first param: connector, http, https
# second param is the port number
connector=$1
PORT=$2
DATA=$(get_ip)
echo
for list in ${DATA}; do
echo " Go to ${connector}://${list}:${PORT}"
done
}
# check if a container is already running
check_running() {
# first ARG is the container name to check
CONTAINER=$1
TEST=`podman ps --format "{{.Names}}" | grep ${CONTAINER}`
if [ -z "$TEST" ]; then
echo -e "
${CONTAINER} Must be started"
info_cmd "podman start ${CONTAINER}"
echo "
OR
"
info_cmd "$0 ${CONTAINER}"
exit 1
fi
}
# Check if a container is already started
check_container() {
if [ -z "$1" ]; then info_warn "Need a container name to check!"; exit 1; fi
# first ARG is the container name to check
CONTAINER=$1
# Check container has been created
TEST=`podman ps --all --format "{{.Names}}" | grep ${CONTAINER}`
if [ -z "$TEST" ]; then
echo ""
else
# check container is already started
TEST2=`podman ps --format "{{.Names}}" | grep ${CONTAINER}`
if [ ! -z "$TEST2" ]; then IFSTARTED=" and started"; else IFSTARTED=""; fi
show_info "${CONTAINER} already created$IFSTARTED!"
if [ -z "$TEST2" ]; then
echo -e "
- To start the container:"
info_cmd "podman start ${CONTAINER}"
fi
echo -e "
- To remove the container:"
if [ ! -z "$TEST2" ]; then
info_cmd "podman stop ${CONTAINER}"
fi
info_cmd "podman rm ${CONTAINER}"
exit 1
fi
}
# Check package on the ALP OS system
check_package() {
# TODO : install / remove
# NAME : name of the package to deal with
TODO=$1
NAME=$2
for pkg in $NAME;
do
TEST=`rpm -qa $pkg`
echo $TEST
if [ ${TODO} == "install" ]; then
if [ -z "$TEST" ]; then
TOINSTALL="$TOINSTALL $pkg"
else
echo "$pkg already installed"
fi
else
# this is remove :)
if [ ! -z "$TEST" ]; then
TOREMOVE="$TOREMOVE $pkg"
else
echo "$pkg is not installed on the system"
fi
fi
done
}
# Install a package with transactional-update
pkg_install() {
show_info "DEVEL mode: in devel mode you probably need to enable the ALP Build Repository:"
info_cmd "zypper mr -e 2"
transactional-update pkg in ${TOINSTALL}
NEEDTOREBOOT=1
}
# selinux mode: permissive or enforcing
set_selinux() {
EXPECTEDMODE=$1
TESTSE=`getenforce | tr '[:upper:]' '[:lower:]'`
echo "Selinux setting: ${TESTSE}"
CONFFILE="/etc/selinux/config"
if [ "$TESTSE" != "${EXPECTEDMODE}" ]; then
echo "- Switching system to ${EXPECTEDMODE} mode and reboot"
echo "${CONFFILE}:"
echo "SELINUX=${EXPECTEDMODE}"
echo "(A backup file will be created)"
#press_enter
cp -vf ${CONFFILE} ${CONFFILE}.bck
cat ${CONFFILE}.bck | sed -e "s/SELINUX=.*/SELINUX=${EXPECTEDMODE}/" > ${CONFFILE}
setenforce ${EXPECTEDMODE}
#NEEDTOREBOOT=1
else
echo "- SELINUX already set to ${EXPECTEDMODE} mode"
fi
}
# Remove a package with transactional-update
pkg_remove() {
transactional-update pkg rm ${TOREMOVE}
NEEDTOREBOOT=1
}
##############
### WORKLOADS
kvm_workload() {
NAME=$1
show_info "KVM container workload"
echo "FIY: KVM container provides a kvm-container-manage.sh script"
# be sure that it fails in case of error (ie: detection of the kernel-default)
set -eu
IMAGE=${WORKLOADPATH}/${NAME}
press_enter
launch_command ${PODMAN} container runlabel install ${IMAGE}
kvm-container-manage.sh info
kvm-container-manage.sh create
kvm-container-manage.sh start
echo
echo "- Starting a demo installation of a VM"
press_enter
virt-install-demo.sh
}
yast_ncurses_workload() {
NAME=$1
show_info "Yast ncurses"
press_enter
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel run ${IMAGE}
}
yast_qt_workload() {
show_info "Yast QT"
xauth_needed
check_reboot_system
warning_xauth
press_enter
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel run ${IMAGE}
}
gdm_workload() {
show_info "GDM"
press_enter
check_package install accountsservice
check_package install systemd-experimental
if [ ! -z "$TOINSTALL" ]; then
echo "- You need to install ${TOINSTALL}"
press_enter
pkg_install
fi
set_selinux permissive
check_reboot_system
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
systemctl daemon-reload
systemctl reload dbus
systemctl restart accounts-daemon
launch_command ${PODMAN} container runlabel run ${IMAGE}
}
ansible_workload() {
show_info "Ansible toolstack workload"
press_enter
check_package install python3-lxml python3-rpm
if [ ! -z "$TOINSTALL" ]; then
echo "- You need to install ${TOINSTALL}"
press_enter
pkg_install
fi
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
}
cockpit_workload() {
show_info "Cockpit Web Management workload"
press_enter
check_package install cockpit-bridge
if [ ! -z "$TOINSTALL" ]; then
echo "- You need to install ${TOINSTALL}"
press_enter
pkg_install
fi
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
#IMAGE=localhost/co:latest
launch_command ${PODMAN} container runlabel install ${IMAGE}
launch_command ${PODMAN} container runlabel --name cockpit-ws run ${IMAGE}
help_connect_info https 9090
}
firewalld_workload() {
show_info "Firewalld workload"
echo "FYI: use the /usr/local/bin/firewall-cmd wrapper to manage the firewalld instance afterward"
press_enter
check_package remove firewalld
if [ ! -z "$TOREMOVE" ]; then
echo "- You need to remove ${TOREMOVE}"
press_enter
pkg_remove
fi
check_reboot_system
# firewalld was build with kiwi files, so path are different...
WORKLOADPATH=registry.opensuse.org/suse/alp/workloads/tumbleweed_images/suse/alp/workloads
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
launch_command ${PODMAN} run -d --rm --network host --privileged -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket -v /etc/firewalld:/etc/firewalld --name firewalld ${IMAGE}
}
bind_workload() {
show_info "ISC Bind9 DNS Server"
echo "Default configs into /etc/ and /var/lib/named"
echo "A rndc wrapper into /usr/local/sbin/"
press_enter
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
systemctl daemon-reload
systemctl start named.service
}
kea_workload() {
NAME=$1
show_info "Kea DHCP4/DHCP6 server"
echo "Default configs into /etc/kea/"
echo "A keactrl wrapper into /usr/local/bin/"
echo "Systemd service files for the dhcp4 and dhcp6 containers into /etc/systemd/system/"
press_enter
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
systemctl start kea-dhcp4.service
systemctl start kea-dhcp6.service
}
grafana_workload() {
NAME=$1
show_info "Grafana Web interface workload"
echo "FIY: grafana container provides a grafana-container-manage.sh script"
press_enter
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
grafana-container-manage.sh create
grafana-container-manage.sh start
help_connect_info http 3000
cat <<EOF
login with admin / admin
EOF
}
neuvector_workload() {
show_info "NeuVector workload"
press_enter
# neuvector was build with kiwi files, so path are different...
set_selinux permissive
#check_reboot_system
WORKLOADPATH=registry.opensuse.org/suse/alp/workloads/bci_containerfiles/suse/alp/workloads
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} pull ${IMAGE}
launch_command ${PODMAN} container runlabel install ${IMAGE}
systemctl start neuvector
help_connect_info https 8443
cat <<EOF
Default credentials: admin / admin
EOF
}
warewulf_workload() {
show_info "Warewulf4 workload"
echo "configuration is in /etc/warewulf directory"
echo "data are in /var/lib/warewulf directory"
echo "wwctl command is available on the host"
press_enter
set_selinux permissive
NAME=$1
IMAGE=${WORKLOADPATH}/${NAME}
launch_command ${PODMAN} container runlabel install ${IMAGE}
systemctl start warewulf
}
usage() {
cat <<EOF
Script to test some ALP OS workloads
https://documentation.suse.com/alp/all/
First arg should be the workload to start
$0 [kvm|yast|cockpit|grafana|firewalld|gdm|ansible|kea|bind|ww|help]
ansible Provides the ansible toolstack
kea
Kea DHCP4/DHCP6 server
kvm
Prepare system to deploy Virtual Machine
(Kvm container workload libvirtd)
gdm
GDM workload
yast
Manage you host OS (console)
bind
ISC Bind9 DNS Server
yastqt
Manage your host OS (GUI)
cockpit
Manage you host OS (Cockpit Web Management cockpit-ws)
https://HOSTNAME_OR_IP_OF_ALP_HOST:9090
grafana
Monitoring System (Grafana Web Interface grafana)
Go to http://HOSTNAME_OR_IP_OF_ALP_HOST:3000
firewalld
Firewall Management
(may set restrictibe rules...)
neuvector
Container Security
Go to https://HOSTNAME_OR_IP_OF_ALP_HOST:8443
ww
warewulf container including tftp and dhcpd services
BUG: Please report any bug to https://github.com/aginies/alp-os/issues
EOF
exit 0
}
if [ $# -eq 1 ]; then
case $1 in
ansible)
check_container ansible
ansible_workload ansible:latest
;;
kea)
check_container kea
kea_workload kea:latest
;;
kvm)
check_container libvirtd
kvm_workload kvm:latest
;;
gdm)
check_container gdm
gdm_workload gdm:latest
;;
bind)
check_container bind
bind_workload bind:latest
;;
yast)
yast_ncurses_workload yast-mgmt-ncurses:latest
;;
yastqt)
yast_qt_workload yast-mgmt-qt:latest
;;
cockpit)
check_container cockpit-ws
cockpit_workload cockpit-ws:latest
;;
grafana)
check_container grafana
grafana_workload grafana:latest
;;
firewalld)
check_container firewalld
firewalld_workload firewalld:latest
;;
neuvector)
check_container neuvector-demo
neuvector_workload neuvector-demo:latest
;;
ww)
check_container warewulf
warewulf_workload warewulf:latest
;;
help)
usage
;;
ip)
get_ip
;;
*)
usage
;;
esac
else
usage
fi
