Kat Morgan usrbinkat

Rootless nested catalog image build objective

Working towards rootless nested podman in support of Koffer operator catalob automation

REF:

https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics/

BUG:

https://bugzilla.redhat.com/show_bug.cgi?id=1732957

Prereqs

Follow CloudCtl startup Readme
Run the following as root from the directory cd /root/

Write koffer.yml

cat <<EOF | tee ~/koffer.yml
koffer:
  silent: false
  mirror: localhost:5000

Goal Validate design of ShipperD Operator

Create Airgap'd cluster (TPDK + Sparta IaC Deploy in AWS Airgap VPC)
Create project shipperd-operator
Create pod with skopeo enabled container (Konductor container during POC phase)
Create serviceaccount shipperd
Exec into container oc rsh -n shipperd-operator po/pod-name-xyz-qwer
Skopeo login --authfile iva shipperd uname:token to image-registry.openshift-image-registry.svc:5000
Validate OCP Internal Registry ready to recieve images YAML Config
copy image from external registry using authfile

Clone repo & update with latest from upstream master

git clone https://github.com/CodeSparta/content.git    
git checkout master    
git remote add upstream https://github.com/ComplianceAsCode/content.git    
git fetch upstream master

Merge codesparta/content ref(sparta)

git checkout -b feature_kubeapi_cis_1-2-25

#!/bin/bash -x
#
# Setup:
# .
# ├── bundle
# ├── koffer.sh
# └── pull-secret.json
#
# Place pull secret in $(pwd)/pull-secret.json

Container image file and transportation

Conclusion:

Images can be saved to file or base64 encoded for building directly into golang binaries, python/bash scripts, and carrying independently across disconnected systems.

Unfortunately, the only way to preserve image metadata is to save as a docker-archive transport type, and to podman load the resulting archive via following step:

cat pause-3.2.tar | podman load
cat registry-latest.tar | podman load

	#!/bin/bash
	#(optional) in the format user.name:password@ (you need the @ after)
	#password="$(< ~/.hidden_password)"
	url="hastebin.com"
	key="$(curl --silent --insecure --data-binary @/dev/fd/0 https://$url/documents \| cut -d "\"" -f 4)"

	echo "https://$url/$key"

	$url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/v8.1.0.0p1-Beta/OpenSSH-Win32.zip"
	$output = "C:\OpenSSH-Win32.zip"
	$start_time = Get-Date
	$wc = New-Object System.Net.WebClient
	$wc.DownloadFile($url, $output)
	Expand-Archive c:\OpenSSH-Win32.zip c:\Program Files\OpenSSH
	powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
	New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
	net start sshd
	Set-Service sshd -StartupType Automatic

	#!/usr/bin/env python3

	import json
	import os
	import sys
	import base64

	ign_file = open(sys.argv[1])
	ign_json = json.load(ign_file)
	ign_file.close()

	ssh-keygen -t rsa -b 4096 -N '' -C "[email protected]" -f ~/.ssh/id_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "[email protected]" -f ~/.ssh/github_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "[email protected]" -f ~/.ssh/mozilla_rsa