forked from play-with-docker/play-with-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
833dc55
commit 1bee95e
Showing
5 changed files
with
305 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| param ( | ||
| [Parameter(Mandatory = $true)] | ||
| [string] $Node, | ||
| [Parameter(Mandatory = $true)] | ||
| [string] $SessionId, | ||
| [Parameter(Mandatory = $true)] | ||
| [string] $FQDN | ||
| ) | ||
|
|
||
|
|
||
| function GetDirectUrlFromIp ($ip) { | ||
| $ip_dash=$ip -replace "\.","-" | ||
| $url="https://ip${ip_dash}-${SessionId}.direct.${FQDN}" | ||
| return $url | ||
| } | ||
|
|
||
| function WaitForUrl ($url) { | ||
| write-host $url | ||
| do { | ||
| try{ | ||
| invoke-webrequest -UseBasicParsing -uri $url | Out-Null | ||
| } catch {} | ||
| $status = $? | ||
| sleep 1 | ||
| } until($status) | ||
| } | ||
|
|
||
| function GetNodeRoutableIp ($nodeName) { | ||
| $JQFilter='.instances[] | select (.hostname == \"{0}\") | .routable_ip' -f $nodeName | ||
| $rip = (invoke-webrequest -UseBasicParsing -uri "https://$FQDN/sessions/$SessionId").Content | jq -r $JQFilter | ||
|
|
||
| IF([string]::IsNullOrEmpty($rip)) { | ||
| Write-Host "Could not fetch IP for node $nodeName" | ||
| exit 1 | ||
| } | ||
| return $rip | ||
| } | ||
|
|
||
| function Set-UseUnsafeHeaderParsing | ||
| { | ||
| param( | ||
| [Parameter(Mandatory,ParameterSetName='Enable')] | ||
| [switch]$Enable, | ||
|
|
||
| [Parameter(Mandatory,ParameterSetName='Disable')] | ||
| [switch]$Disable | ||
| ) | ||
|
|
||
| $ShouldEnable = $PSCmdlet.ParameterSetName -eq 'Enable' | ||
|
|
||
| $netAssembly = [Reflection.Assembly]::GetAssembly([System.Net.Configuration.SettingsSection]) | ||
|
|
||
| if($netAssembly) | ||
| { | ||
| $bindingFlags = [Reflection.BindingFlags] 'Static,GetProperty,NonPublic' | ||
| $settingsType = $netAssembly.GetType('System.Net.Configuration.SettingsSectionInternal') | ||
|
|
||
| $instance = $settingsType.InvokeMember('Section', $bindingFlags, $null, $null, @()) | ||
|
|
||
| if($instance) | ||
| { | ||
| $bindingFlags = 'NonPublic','Instance' | ||
| $useUnsafeHeaderParsingField = $settingsType.GetField('useUnsafeHeaderParsing', $bindingFlags) | ||
|
|
||
| if($useUnsafeHeaderParsingField) | ||
| { | ||
| $useUnsafeHeaderParsingField.SetValue($instance, $ShouldEnable) | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
|
|
||
| $ProgressPreference = 'SilentlyContinue' | ||
| $ErrorActionPreference = 'Stop' | ||
|
|
||
| Set-UseUnsafeHeaderParsing -Enable | ||
|
|
||
| Start-Transcript -path ("C:\{0}.log" -f $MyInvocation.MyCommand.Name) -append | ||
|
|
||
| add-type @" | ||
| using System.Net; | ||
| using System.Security.Cryptography.X509Certificates; | ||
| public class IDontCarePolicy : ICertificatePolicy { | ||
| public IDontCarePolicy() {} | ||
| public bool CheckValidationResult( | ||
| ServicePoint sPoint, X509Certificate cert, | ||
| WebRequest wRequest, int certProb) { | ||
| return true; | ||
| } | ||
| } | ||
| "@ | ||
|
|
||
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | ||
|
|
||
| [System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy | ||
|
|
||
|
|
||
| $dtr_ip = GetNodeRoutableIp $Node | ||
| $dtr_url = GetDirectUrlFromIp $dtr_ip | ||
| $dtr_hostname = $dtr_url -replace "https://","" | ||
|
|
||
| WaitForUrl "${dtr_url}/ca" | ||
|
|
||
| invoke-webrequest -UseBasicParsing -uri "$dtr_url/ca" -o c:\ca.crt | ||
|
|
||
| $cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 c:\ca.crt | ||
| $store = new-object System.Security.Cryptography.X509Certificates.X509Store('Root','localmachine') | ||
| $store.Open('ReadWrite') | ||
| $store.Add($cert) | ||
| $store.Close() | ||
|
|
||
| Stop-Transcript |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIGPDCCBSSgAwIBAgISA4MIK4JV9npV+QdQS7wVa48rMA0GCSqGSIb3DQEBCwUA | ||
| MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | ||
| ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAzMzEyMTQ3MjZaFw0x | ||
| ODA2MjkyMTQ3MjZaMDQxMjAwBgNVBAMMKSouZGlyZWN0LmJldGEtaHlicmlkLnBs | ||
| YXktd2l0aC1kb2NrZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | ||
| AQEA6PQCi9Rqr7Ka1KXSGCfBQVzgPyx/hh+uST1dz7PDw2epghYyaqNByaQEVKNR | ||
| 3ubPvOoASzhdJ1dZdyUzKUoU/jm8hgVK7HHdQDpFEX60az+r4Xo32R6WirG5+GXd | ||
| hU3M0yRzbu0zZx7eVZognP/HcXJDhuf16hiHKmCr6MYXV4JY9xLMxExZOTB4fpGA | ||
| Loiyvn2OEZAhREhiSX+6n4x7KJga8gYn/0f89o7up1DYQSwev+gQgRjTGlo1xrgu | ||
| Oztekc3ydvbhGv7aL7Uj/zqPcVvXnDfnioQV7kEDcz8gupFyV7gZKolR1G8IQJdm | ||
| TaYHguzFXF5Q3lKVWx19/CSZ8wIDAQABo4IDMDCCAywwDgYDVR0PAQH/BAQDAgWg | ||
| MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G | ||
| A1UdDgQWBBTVloZoUI5vKAN+D1PTgtYBgU184zAfBgNVHSMEGDAWgBSoSmpjBH3d | ||
| uubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6 | ||
| Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6 | ||
| Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMDQGA1UdEQQtMCuCKSouZGly | ||
| ZWN0LmJldGEtaHlicmlkLnBsYXktd2l0aC1kb2NrZXIuY29tMIH+BgNVHSAEgfYw | ||
| gfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0 | ||
| cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBD | ||
| ZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBh | ||
| cnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0 | ||
| ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3Np | ||
| dG9yeS8wggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQDbdK/uyynssf7KPnFtLOW5 | ||
| qrs294Rxg8ddnU83th+/ZAAAAWJ+PniYAAAEAwBGMEQCIDngZdWcYWY0fPfUGTqX | ||
| /Vt2qx+PRN5DN+m13TnA37e2AiBHIi5kMSxlvKNc3xzuJrvt/RKaj9xsBLmc8+uW | ||
| ckaEdAB2ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABYn4+eLUA | ||
| AAQDAEcwRQIhAMkf8SYdt1egjzBE6nzOrY+f4WMS/N6XWN+gFl0mQIkhAiBn9+GG | ||
| 0XbLw33+WNJLUkau2ZdTo5kTw2qdUXdYpWJwrDANBgkqhkiG9w0BAQsFAAOCAQEA | ||
| TAl62gFi+2l/yLItjNIrXeWh2ICH/epjeWlmF+rAb7Sb4iz9U8fsNBdDBQh25xJo | ||
| 6nLOlS2NG0hdUScylCYyGJZe6PeQvGO+qSLDamXf1DvXWvzbmQOCUkejgD7Uwbol | ||
| 5huuCAKoW4SsiaMku0J3545MEQx4Q5cPetsPawaByY5sgr2GZJzgM7lvtzr4hKWg | ||
| x5QAns/bmcqe9LCJ2NLcgArliYu6dOHtS62kB7/Dz2DQRtCvpV553RaBe4k9Ruwl | ||
| 0ndHvjEC5OWa5sW1hwow5W3PC7Db7s0zqpt63EITkhrUOqtqtkwOMYBAkFIIe1eR | ||
| T5fSFAdirKUOt5GnRJ40qw== | ||
| -----END CERTIFICATE----- | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ | ||
| MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
| DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow | ||
| SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT | ||
| GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC | ||
| AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF | ||
| q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 | ||
| SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 | ||
| Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA | ||
| a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj | ||
| /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T | ||
| AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG | ||
| CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv | ||
| bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k | ||
| c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw | ||
| VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC | ||
| ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz | ||
| MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu | ||
| Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF | ||
| AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo | ||
| uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ | ||
| wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu | ||
| X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG | ||
| PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 | ||
| KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDo9AKL1GqvsprU | ||
| pdIYJ8FBXOA/LH+GH65JPV3Ps8PDZ6mCFjJqo0HJpARUo1He5s+86gBLOF0nV1l3 | ||
| JTMpShT+ObyGBUrscd1AOkURfrRrP6vhejfZHpaKsbn4Zd2FTczTJHNu7TNnHt5V | ||
| miCc/8dxckOG5/XqGIcqYKvoxhdXglj3EszETFk5MHh+kYAuiLK+fY4RkCFESGJJ | ||
| f7qfjHsomBryBif/R/z2ju6nUNhBLB6/6BCBGNMaWjXGuC47O16RzfJ29uEa/tov | ||
| tSP/Oo9xW9ecN+eKhBXuQQNzPyC6kXJXuBkqiVHUbwhAl2ZNpgeC7MVcXlDeUpVb | ||
| HX38JJnzAgMBAAECggEAVqm4bMa4bea3HRcXYu8fQS7JKhdm1cHhd9PBm6yXzpE5 | ||
| CXEyjmNv7RD8n3Qm2BLsA67WLyWn2iPv35hSQTETQETAcudzKSVvFx7WZRzLB/8m | ||
| 9XofXsG3ZZ+avONAlwALjB1KaGEMN3fPZO8y5NVvIDBPGNggr1cyqbxPGAjh1Cav | ||
| Laqki0rdPfr3FhxTyPBdmBFDcaMLc77Yl/7rmQJRYWb1qe+g4SEG4xXmEYpcpSUz | ||
| zDJZAkY5XAO5cHU5EoKgKJedVBNxqAaRtaisO9yv+CKMqD83hAWhXqeK1bSphghs | ||
| 2qIkzNe134ZNUBbmK2FDsAbiPMHNcMKuI4ljfb78iQKBgQD5oZ/uzaYTt6ZQQzKq | ||
| rQFA2DxSlBt4Ewae5n6JYzw0hIjRf7LvitZF9zKXcMkHP2QcL+5RiibyJ6ohGypa | ||
| jpDP+m5e0B5tS6gEgFzBnrXWbjnrDxUR5Qj0lKg3uuOXw8OdwNxn+MulKkIfGyTW | ||
| pCu7G1nh/kltwvN87s4cJycwnwKBgQDu5XUyIcok8nxcBwtxu3zFdtdNn+P4Yq1a | ||
| W2sUEUEJUDwcUZqksPIxQhG/SMEEtBqii+EJj3nAlaWItBgTE37mzKGyKv16ZiM1 | ||
| hr+Rlv5AURxER+Eo4JLFqULZKwMaDlXDrFdV2ulF+6SXWOqKrp4/6sPYxtxHmKfs | ||
| oBnXq/4yLQKBgCQFl5+NG2cC/EPevoP0fRbPXT0JVEFqdW0ek6ndoQVvDpM0myyH | ||
| 202zUyCZTNj348lRfVFU3zPYV2t5kQ4KPolUePLDk3BwF2m24CusbE7qDv+FaKPx | ||
| ae5pOTD5jfgLbsHn36Y9N5240FvOve0fOZRBaSH8YLovBJXFnAZh+/y/AoGALZzQ | ||
| CJddAjruNZ/+tmNmykkLiL2riERG9waXZkh5E28nWvzVuvYx9+e2fcBFYkGFCF4O | ||
| xIWJaJTp+zTvl8zUIPsXMG524UTZGiI1N3YN63fRHtRekDB4tZbAtbg5qmLsSyT/ | ||
| s9vNSFhor6EBfyMiAfAwHpaxflYOUearqHslWK0CgYEAzi/B0azCOaDqzpp6RhAL | ||
| rhTRFfu2HR8wN8EJLOSbBbUnlSSJHdnHJBwyyXe3shD/rETLV8dHx+6/k47e1l2d | ||
| MUlsad/dOKQyL2pY7UodBzPJkIkmwknDnKzioGety8Tb98oUSTQ8oHfHMuRBOie9 | ||
| mq1MSTuZyZtsdSXnFhH3qNc= | ||
| -----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -e | ||
|
|
||
| function wait_for_url { | ||
| # Wait for docker daemon to be ready | ||
| while ! curl -k -sS $1 > /dev/null; do | ||
| sleep 1; | ||
| done | ||
| } | ||
|
|
||
| function deploy_ucp { | ||
| wait_for_url "https://localhost:2376" | ||
|
|
||
| docker config create com.docker.ucp.config $HOME/ucp-config.toml | ||
|
|
||
| docker run --rm -i --name ucp \ | ||
| -v /var/run/docker.sock:/var/run/docker.sock \ | ||
| docker/ucp:3.1.3 install --debug --force-insecure-tcp --skip-cloud-provider-check \ | ||
| --san *.direct.${PWD_HOST_FQDN} \ | ||
| --license $(cat $HOME/workshop_beta.lic) \ | ||
| --swarm-port 2375 \ | ||
| --existing-config \ | ||
| --admin-username admin \ | ||
| --admin-password admin1234 | ||
|
|
||
| rm $HOME/workshop_beta.lic $HOME/ucp-config.toml | ||
| echo "Finished deploying UCP" | ||
| } | ||
|
|
||
| function get_instance_ip { | ||
| ip -o -4 a s eth1 | awk '{print $4}' | cut -d '/' -f1 | ||
| } | ||
|
|
||
| function get_node_routable_ip { | ||
| curl -sS https://${PWD_HOST_FQDN}/sessions/${SESSION_ID} | jq -r '.instances[] | select(.hostname == "'$1'") | .routable_ip' | ||
| } | ||
|
|
||
| function get_direct_url_from_ip { | ||
| local ip_dash="${1//./-}" | ||
| local url="https://ip${ip_dash}-${SESSION_ID}.direct.${PWD_HOST_FQDN}" | ||
| echo $url | ||
| } | ||
|
|
||
| function deploy_dtr { | ||
| if [ $# -lt 1 ]; then | ||
| echo "DTR node hostname" | ||
| return | ||
| fi | ||
|
|
||
|
|
||
| local dtr_ip=$(get_node_routable_ip $1) | ||
| local ucp_ip=$(get_instance_ip) | ||
|
|
||
| local dtr_url=$(get_direct_url_from_ip $dtr_ip) | ||
| local ucp_url=$(get_direct_url_from_ip $ucp_ip) | ||
|
|
||
| docker run -i --rm docker/dtr:2.6.2 install \ | ||
| --dtr-external-url $dtr_url \ | ||
| --ucp-node $1 \ | ||
| --ucp-username admin \ | ||
| --ucp-password admin1234 \ | ||
| --ucp-insecure-tls \ | ||
| --ucp-url $ucp_url | ||
| } | ||
|
|
||
| function setup_dtr_certs { | ||
| if [ $# -lt 1 ]; then | ||
| echo "DTR node hostname is missing" | ||
| return | ||
| fi | ||
|
|
||
|
|
||
| local dtr_ip=$(get_node_routable_ip $1) | ||
| local dtr_url=$(get_direct_url_from_ip $dtr_ip) | ||
| local dtr_hostname="${dtr_url/https:\/\/}" | ||
|
|
||
| wait_for_url "$dtr_url/ca" | ||
|
|
||
| curl -kfsSL $dtr_url/ca -o /usr/local/share/ca-certificates/$dtr_hostname.crt | ||
| update-ca-certificates | ||
| } | ||
|
|
||
|
|
||
| case "$1" in | ||
| deploy) | ||
| deploy_ucp | ||
| deploy_dtr $2 | ||
| setup_dtr_certs $2 | ||
| ;; | ||
| setup-certs) | ||
| setup_dtr_certs $2 | ||
| ;; | ||
| *) | ||
| echo "Illegal option $1" | ||
| ;; | ||
| esac | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| [cluster_config] | ||
| custom_kubelet_flags = ["--http-check-frequency=20s", "--containerized=false"] |