Add missing files

2019-04-04 13:07:48 -03:00
parent 833dc559fd
commit 1bee95e862
5 changed files with 305 additions and 0 deletions
--- a/dockerfiles/dind/copy_certs.ps1
+++ b/dockerfiles/dind/copy_certs.ps1
@@ -0,0 +1,114 @@
+param (
+        [Parameter(Mandatory = $true)]
+        [string] $Node,
+        [Parameter(Mandatory = $true)]
+        [string] $SessionId,
+        [Parameter(Mandatory = $true)]
+        [string] $FQDN
+)
+
+
+function GetDirectUrlFromIp ($ip) {
+        $ip_dash=$ip -replace "\.","-"
+        $url="https://ip${ip_dash}-${SessionId}.direct.${FQDN}"
+        return $url
+}
+
+function WaitForUrl ($url) {
+    write-host $url
+        do {
+                try{
+            invoke-webrequest -UseBasicParsing -uri $url | Out-Null
+        } catch {}
+        $status = $?
+        sleep 1
+        } until($status)
+}
+
+function GetNodeRoutableIp ($nodeName) {
+  $JQFilter='.instances[] | select (.hostname == \"{0}\") | .routable_ip' -f $nodeName
+  $rip = (invoke-webrequest -UseBasicParsing -uri "https://$FQDN/sessions/$SessionId").Content |  jq -r $JQFilter
+
+  IF([string]::IsNullOrEmpty($rip)) {
+    Write-Host "Could not fetch IP for node $nodeName"
+    exit 1
+  }
+  return $rip
+}
+
+function Set-UseUnsafeHeaderParsing
+{
+    param(
+        [Parameter(Mandatory,ParameterSetName='Enable')]
+        [switch]$Enable,
+
+        [Parameter(Mandatory,ParameterSetName='Disable')]
+        [switch]$Disable
+    )
+
+    $ShouldEnable = $PSCmdlet.ParameterSetName -eq 'Enable'
+
+    $netAssembly = [Reflection.Assembly]::GetAssembly([System.Net.Configuration.SettingsSection])
+
+    if($netAssembly)
+    {
+        $bindingFlags = [Reflection.BindingFlags] 'Static,GetProperty,NonPublic'
+        $settingsType = $netAssembly.GetType('System.Net.Configuration.SettingsSectionInternal')
+
+        $instance = $settingsType.InvokeMember('Section', $bindingFlags, $null, $null, @())
+
+        if($instance)
+        {
+            $bindingFlags = 'NonPublic','Instance'
+            $useUnsafeHeaderParsingField = $settingsType.GetField('useUnsafeHeaderParsing', $bindingFlags)
+
+            if($useUnsafeHeaderParsingField)
+            {
+              $useUnsafeHeaderParsingField.SetValue($instance, $ShouldEnable)
+            }
+        }
+    }
+}
+
+
+$ProgressPreference = 'SilentlyContinue'
+$ErrorActionPreference = 'Stop'
+
+Set-UseUnsafeHeaderParsing -Enable
+
+Start-Transcript -path ("C:\{0}.log" -f $MyInvocation.MyCommand.Name) -append
+
+add-type @"
+    using System.Net;
+    using System.Security.Cryptography.X509Certificates;
+
+    public class IDontCarePolicy : ICertificatePolicy {
+        public IDontCarePolicy() {}
+        public bool CheckValidationResult(
+            ServicePoint sPoint, X509Certificate cert,
+            WebRequest wRequest, int certProb) {
+            return true;
+        }
+    }
+"@
+
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+[System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy
+
+
+$dtr_ip = GetNodeRoutableIp $Node
+$dtr_url = GetDirectUrlFromIp $dtr_ip
+$dtr_hostname = $dtr_url -replace "https://",""
+
+WaitForUrl "${dtr_url}/ca"
+
+invoke-webrequest -UseBasicParsing -uri "$dtr_url/ca" -o c:\ca.crt
+
+$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 c:\ca.crt
+$store = new-object System.Security.Cryptography.X509Certificates.X509Store('Root','localmachine')
+$store.Open('ReadWrite')
+$store.Add($cert)
+$store.Close()
+
+Stop-Transcript
--- a/dockerfiles/dind/ee/ucp-cert.pem
+++ b/dockerfiles/dind/ee/ucp-cert.pem
@@ -0,0 +1,63 @@
+-----BEGIN CERTIFICATE-----
+MIIGPDCCBSSgAwIBAgISA4MIK4JV9npV+QdQS7wVa48rMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAzMzEyMTQ3MjZaFw0x
+ODA2MjkyMTQ3MjZaMDQxMjAwBgNVBAMMKSouZGlyZWN0LmJldGEtaHlicmlkLnBs
+YXktd2l0aC1kb2NrZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA6PQCi9Rqr7Ka1KXSGCfBQVzgPyx/hh+uST1dz7PDw2epghYyaqNByaQEVKNR
+3ubPvOoASzhdJ1dZdyUzKUoU/jm8hgVK7HHdQDpFEX60az+r4Xo32R6WirG5+GXd
+hU3M0yRzbu0zZx7eVZognP/HcXJDhuf16hiHKmCr6MYXV4JY9xLMxExZOTB4fpGA
+Loiyvn2OEZAhREhiSX+6n4x7KJga8gYn/0f89o7up1DYQSwev+gQgRjTGlo1xrgu
+Oztekc3ydvbhGv7aL7Uj/zqPcVvXnDfnioQV7kEDcz8gupFyV7gZKolR1G8IQJdm
+TaYHguzFXF5Q3lKVWx19/CSZ8wIDAQABo4IDMDCCAywwDgYDVR0PAQH/BAQDAgWg
+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
+A1UdDgQWBBTVloZoUI5vKAN+D1PTgtYBgU184zAfBgNVHSMEGDAWgBSoSmpjBH3d
+uubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6
+Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6
+Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMDQGA1UdEQQtMCuCKSouZGly
+ZWN0LmJldGEtaHlicmlkLnBsYXktd2l0aC1kb2NrZXIuY29tMIH+BgNVHSAEgfYw
+gfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0
+cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBD
+ZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBh
+cnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0
+ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3Np
+dG9yeS8wggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQDbdK/uyynssf7KPnFtLOW5
+qrs294Rxg8ddnU83th+/ZAAAAWJ+PniYAAAEAwBGMEQCIDngZdWcYWY0fPfUGTqX
+/Vt2qx+PRN5DN+m13TnA37e2AiBHIi5kMSxlvKNc3xzuJrvt/RKaj9xsBLmc8+uW
+ckaEdAB2ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABYn4+eLUA
+AAQDAEcwRQIhAMkf8SYdt1egjzBE6nzOrY+f4WMS/N6XWN+gFl0mQIkhAiBn9+GG
+0XbLw33+WNJLUkau2ZdTo5kTw2qdUXdYpWJwrDANBgkqhkiG9w0BAQsFAAOCAQEA
+TAl62gFi+2l/yLItjNIrXeWh2ICH/epjeWlmF+rAb7Sb4iz9U8fsNBdDBQh25xJo
+6nLOlS2NG0hdUScylCYyGJZe6PeQvGO+qSLDamXf1DvXWvzbmQOCUkejgD7Uwbol
+5huuCAKoW4SsiaMku0J3545MEQx4Q5cPetsPawaByY5sgr2GZJzgM7lvtzr4hKWg
+x5QAns/bmcqe9LCJ2NLcgArliYu6dOHtS62kB7/Dz2DQRtCvpV553RaBe4k9Ruwl
+0ndHvjEC5OWa5sW1hwow5W3PC7Db7s0zqpt63EITkhrUOqtqtkwOMYBAkFIIe1eR
+T5fSFAdirKUOt5GnRJ40qw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
--- a/dockerfiles/dind/ee/ucp-key.pem
+++ b/dockerfiles/dind/ee/ucp-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDo9AKL1GqvsprU
+pdIYJ8FBXOA/LH+GH65JPV3Ps8PDZ6mCFjJqo0HJpARUo1He5s+86gBLOF0nV1l3
+JTMpShT+ObyGBUrscd1AOkURfrRrP6vhejfZHpaKsbn4Zd2FTczTJHNu7TNnHt5V
+miCc/8dxckOG5/XqGIcqYKvoxhdXglj3EszETFk5MHh+kYAuiLK+fY4RkCFESGJJ
+f7qfjHsomBryBif/R/z2ju6nUNhBLB6/6BCBGNMaWjXGuC47O16RzfJ29uEa/tov
+tSP/Oo9xW9ecN+eKhBXuQQNzPyC6kXJXuBkqiVHUbwhAl2ZNpgeC7MVcXlDeUpVb
+HX38JJnzAgMBAAECggEAVqm4bMa4bea3HRcXYu8fQS7JKhdm1cHhd9PBm6yXzpE5
+CXEyjmNv7RD8n3Qm2BLsA67WLyWn2iPv35hSQTETQETAcudzKSVvFx7WZRzLB/8m
+9XofXsG3ZZ+avONAlwALjB1KaGEMN3fPZO8y5NVvIDBPGNggr1cyqbxPGAjh1Cav
+Laqki0rdPfr3FhxTyPBdmBFDcaMLc77Yl/7rmQJRYWb1qe+g4SEG4xXmEYpcpSUz
+zDJZAkY5XAO5cHU5EoKgKJedVBNxqAaRtaisO9yv+CKMqD83hAWhXqeK1bSphghs
+2qIkzNe134ZNUBbmK2FDsAbiPMHNcMKuI4ljfb78iQKBgQD5oZ/uzaYTt6ZQQzKq
+rQFA2DxSlBt4Ewae5n6JYzw0hIjRf7LvitZF9zKXcMkHP2QcL+5RiibyJ6ohGypa
+jpDP+m5e0B5tS6gEgFzBnrXWbjnrDxUR5Qj0lKg3uuOXw8OdwNxn+MulKkIfGyTW
+pCu7G1nh/kltwvN87s4cJycwnwKBgQDu5XUyIcok8nxcBwtxu3zFdtdNn+P4Yq1a
+W2sUEUEJUDwcUZqksPIxQhG/SMEEtBqii+EJj3nAlaWItBgTE37mzKGyKv16ZiM1
+hr+Rlv5AURxER+Eo4JLFqULZKwMaDlXDrFdV2ulF+6SXWOqKrp4/6sPYxtxHmKfs
+oBnXq/4yLQKBgCQFl5+NG2cC/EPevoP0fRbPXT0JVEFqdW0ek6ndoQVvDpM0myyH
+202zUyCZTNj348lRfVFU3zPYV2t5kQ4KPolUePLDk3BwF2m24CusbE7qDv+FaKPx
+ae5pOTD5jfgLbsHn36Y9N5240FvOve0fOZRBaSH8YLovBJXFnAZh+/y/AoGALZzQ
+CJddAjruNZ/+tmNmykkLiL2riERG9waXZkh5E28nWvzVuvYx9+e2fcBFYkGFCF4O
+xIWJaJTp+zTvl8zUIPsXMG524UTZGiI1N3YN63fRHtRekDB4tZbAtbg5qmLsSyT/
+s9vNSFhor6EBfyMiAfAwHpaxflYOUearqHslWK0CgYEAzi/B0azCOaDqzpp6RhAL
+rhTRFfu2HR8wN8EJLOSbBbUnlSSJHdnHJBwyyXe3shD/rETLV8dHx+6/k47e1l2d
+MUlsad/dOKQyL2pY7UodBzPJkIkmwknDnKzioGety8Tb98oUSTQ8oHfHMuRBOie9
+mq1MSTuZyZtsdSXnFhH3qNc=
+-----END PRIVATE KEY-----
--- a/dockerfiles/dind/ucp-beta.sh
+++ b/dockerfiles/dind/ucp-beta.sh
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+set -e
+
+function wait_for_url {
+    # Wait for docker daemon to be ready
+    while ! curl -k -sS $1 > /dev/null; do
+        sleep 1;
+    done
+}
+
+function deploy_ucp {
+    wait_for_url "https://localhost:2376"
+
+    docker config create com.docker.ucp.config $HOME/ucp-config.toml
+
+    docker run --rm -i  --name ucp \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        docker/ucp:3.1.3 install --debug --force-insecure-tcp --skip-cloud-provider-check \
+        --san *.direct.${PWD_HOST_FQDN} \
+        --license $(cat $HOME/workshop_beta.lic) \
+        --swarm-port 2375 \
+        --existing-config \
+        --admin-username admin \
+        --admin-password admin1234
+
+    rm $HOME/workshop_beta.lic $HOME/ucp-config.toml
+    echo "Finished deploying UCP"
+}
+
+function get_instance_ip {
+    ip -o -4 a s eth1 | awk '{print $4}' | cut -d '/' -f1
+}
+
+function get_node_routable_ip {
+    curl -sS https://${PWD_HOST_FQDN}/sessions/${SESSION_ID} | jq -r '.instances[] | select(.hostname == "'$1'") | .routable_ip'
+}
+
+function get_direct_url_from_ip {
+    local ip_dash="${1//./-}"
+    local url="https://ip${ip_dash}-${SESSION_ID}.direct.${PWD_HOST_FQDN}"
+    echo $url
+}
+
+function deploy_dtr {
+    if [ $# -lt 1 ]; then
+        echo "DTR node hostname"
+        return
+    fi
+
+
+    local dtr_ip=$(get_node_routable_ip $1)
+    local ucp_ip=$(get_instance_ip)
+
+    local dtr_url=$(get_direct_url_from_ip $dtr_ip)
+    local ucp_url=$(get_direct_url_from_ip $ucp_ip)
+
+    docker run -i --rm docker/dtr:2.6.2 install \
+      --dtr-external-url $dtr_url \
+      --ucp-node $1 \
+      --ucp-username admin \
+      --ucp-password admin1234 \
+      --ucp-insecure-tls \
+      --ucp-url $ucp_url
+}
+
+function setup_dtr_certs {
+    if [ $# -lt 1 ]; then
+        echo "DTR node hostname is missing"
+        return
+    fi
+
+
+    local dtr_ip=$(get_node_routable_ip $1)
+    local dtr_url=$(get_direct_url_from_ip $dtr_ip)
+    local dtr_hostname="${dtr_url/https:\/\/}"
+
+    wait_for_url "$dtr_url/ca"
+
+    curl -kfsSL $dtr_url/ca -o /usr/local/share/ca-certificates/$dtr_hostname.crt
+    update-ca-certificates
+}
+
+
+case "$1" in
+    deploy)
+            deploy_ucp
+            deploy_dtr $2
+            setup_dtr_certs $2
+            ;;
+    setup-certs)
+            setup_dtr_certs $2
+            ;;
+    *)
+            echo "Illegal option $1"
+            ;;
+esac
+
--- a/dockerfiles/dind/ucp-config.toml
+++ b/dockerfiles/dind/ucp-config.toml
@@ -0,0 +1,2 @@
+[cluster_config]
+  custom_kubelet_flags = ["--http-check-frequency=20s", "--containerized=false"]