particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not harcode user's password hash in scripts

Browse source 
Generate user's password hash based on `EDGE_USER_PASSWORD`
variable instead of hardcoding it

Signed-off-by: Miguel Martín <mmartinv@redhat.com>
This commit is contained in:
Miguel Martín 2023-11-20 11:45:24 +01:00 committed by Miguel Martin
parent a0d357c66b
commit 20c8892ec9
5 changed files with 56 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

24
test/cases/ostree-ami-image.sh
View file

@ -78,10 +78,16 @@ SSH_DATA_DIR=$(/usr/libexec/osbuild-composer-test/gen-ssh.sh)
SSH_KEY=${SSH_DATA_DIR}/id_rsa SSH_KEY=${SSH_DATA_DIR}/id_rsa
SSH_KEY_PUB=$(cat "${SSH_KEY}".pub) SSH_KEY_PUB=$(cat "${SSH_KEY}".pub)
IGNITION_USER=core IGNITION_USER=core
IGNITION_USER_PASSWORD="${IGNITION_USER_PASSWORD:-foobar}"
IGNITION_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${IGNITION_USER_PASSWORD}")
# Set FIPS variable default # Set FIPS variable default
FIPS="${FIPS:-false}" FIPS="${FIPS:-false}"
# Generate the user's password hash
EDGE_USER_PASSWORD="${EDGE_USER_PASSWORD:-foobar}"
EDGE_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${EDGE_USER_PASSWORD}")
case "${ID}-${VERSION_ID}" in case "${ID}-${VERSION_ID}" in
"rhel-9."*) "rhel-9."*)
OSTREE_REF="rhel/9/${ARCH}/edge" OSTREE_REF="rhel/9/${ARCH}/edge"
@ -481,7 +487,7 @@ sudo tee "$IGNITION_CONFIG_PATH" > /dev/null << EOF
"wheel" "wheel"
], ],
"name": "$IGNITION_USER", "name": "$IGNITION_USER",
"passwordHash": "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl.", "passwordHash": "${IGNITION_USER_PASSWORD_SHA512}",
"sshAuthorizedKeys": [ "sshAuthorizedKeys": [
"$SSH_KEY_PUB" "$SSH_KEY_PUB"
] ]
@ -591,7 +597,7 @@ tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
@ -858,7 +864,7 @@ ansible_private_key_file=${SSH_KEY}
ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
ansible_become=yes ansible_become=yes
ansible_become_method=sudo ansible_become_method=sudo
ansible_become_pass=${EDGE_USER_PASSWORD} ansible_become_pass=${IGNITION_USER_PASSWORD}
EOF EOF
# Test IoT/Edge OS # Test IoT/Edge OS
@ -902,7 +908,7 @@ version = "*"
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
EOF EOF
@ -987,12 +993,12 @@ sudo ssh \
"${SSH_OPTIONS[@]}" \ "${SSH_OPTIONS[@]}" \
-i "${SSH_KEY}" \ -i "${SSH_KEY}" \
admin@"${PUBLIC_GUEST_ADDRESS}" \ admin@"${PUBLIC_GUEST_ADDRESS}" \
"echo ${EDGE_USER_PASSWORD} |sudo -S ostree remote delete rhel-edge" "echo '${EDGE_USER_PASSWORD}' |sudo -S ostree remote delete rhel-edge"
sudo ssh \ sudo ssh \
"${SSH_OPTIONS[@]}" \ "${SSH_OPTIONS[@]}" \
-i "${SSH_KEY}" \ -i "${SSH_KEY}" \
admin@"${PUBLIC_GUEST_ADDRESS}" \ admin@"${PUBLIC_GUEST_ADDRESS}" \
"echo ${EDGE_USER_PASSWORD} |sudo -S ostree remote add --no-gpg-verify rhel-edge ${OBJECT_URL}/repo" "echo '${EDGE_USER_PASSWORD}' |sudo -S ostree remote add --no-gpg-verify rhel-edge ${OBJECT_URL}/repo"
# Upgrade image/commit. # Upgrade image/commit.
greenprint "🗳 Upgrade ostree image/commit" greenprint "🗳 Upgrade ostree image/commit"
@ -1000,12 +1006,12 @@ sudo ssh \
"${SSH_OPTIONS[@]}" \ "${SSH_OPTIONS[@]}" \
-i "${SSH_KEY}" \ -i "${SSH_KEY}" \
admin@"${PUBLIC_GUEST_ADDRESS}" \ admin@"${PUBLIC_GUEST_ADDRESS}" \
"echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" "echo '${EDGE_USER_PASSWORD}' |sudo -S rpm-ostree upgrade"
sudo ssh \ sudo ssh \
"${SSH_OPTIONS[@]}" \ "${SSH_OPTIONS[@]}" \
-i "${SSH_KEY}" \ -i "${SSH_KEY}" \
admin@"${PUBLIC_GUEST_ADDRESS}" \ admin@"${PUBLIC_GUEST_ADDRESS}" \
"echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" "echo '${EDGE_USER_PASSWORD}' |nohup sudo -S systemctl reboot &>/dev/null & exit"
# Sleep 10 seconds here to make sure EC2 instance restarted already # Sleep 10 seconds here to make sure EC2 instance restarted already
sleep 10 sleep 10
@ -1036,7 +1042,7 @@ ansible_private_key_file=${SSH_KEY}
ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
ansible_become=yes ansible_become=yes
ansible_become_method=sudo ansible_become_method=sudo
ansible_become_pass=${EDGE_USER_PASSWORD} ansible_become_pass=${IGNITION_USER_PASSWORD}
EOF EOF
# Test IoT/Edge OS # Test IoT/Edge OS

8
test/cases/ostree-ng.sh
View file

@ -114,6 +114,10 @@ SYSROOT_RO="false"
# Set FIPS variable default # Set FIPS variable default
FIPS="${FIPS:-false}" FIPS="${FIPS:-false}"
# Generate the user's password hash
EDGE_USER_PASSWORD="${EDGE_USER_PASSWORD:-foobar}"
EDGE_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${EDGE_USER_PASSWORD}")
case "${ID}-${VERSION_ID}" in case "${ID}-${VERSION_ID}" in
fedora-*) fedora-*)
CONTAINER_TYPE=iot-container CONTAINER_TYPE=iot-container
@ -402,7 +406,7 @@ version = "*"
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
@ -515,7 +519,7 @@ tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
[[customizations.user]] [[customizations.user]]
name = "installeruser" name = "installeruser"
description = "Added by installer blueprint" description = "Added by installer blueprint"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/installeruser/" home = "/home/installeruser/"
groups = ["wheel"] groups = ["wheel"]

23
test/cases/ostree-raw-image.sh
View file

@ -107,6 +107,9 @@ CUSTOM_DIRS_FILES="false"
# Set FIPS variable default # Set FIPS variable default
FIPS="${FIPS:-false}" FIPS="${FIPS:-false}"
# Generate the user's password hash
EDGE_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${EDGE_USER_PASSWORD:-foobar}")
case "${ID}-${VERSION_ID}" in case "${ID}-${VERSION_ID}" in
"rhel-8"* ) "rhel-8"* )
OSTREE_REF="rhel/8/${ARCH}/edge" OSTREE_REF="rhel/8/${ARCH}/edge"
@ -350,7 +353,7 @@ if [[ "$USER_IN_RAW" == "false" ]]; then
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
@ -435,7 +438,7 @@ if [[ "$USER_IN_RAW" == "true" ]]; then
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
@ -617,7 +620,7 @@ name = "${KERNEL_RT_PKG}"
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
EOF EOF
@ -708,8 +711,8 @@ EOF
# Rebase image/commit. # Rebase image/commit.
greenprint "🗳 Rebase ostree image/commit" greenprint "🗳 Rebase ostree image/commit"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${BIOS_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree rebase ${REF_PREFIX}:${OSTREE_REF}" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${BIOS_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |sudo -S rpm-ostree rebase ${REF_PREFIX}:${OSTREE_REF}"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${BIOS_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${BIOS_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |nohup sudo -S systemctl reboot &>/dev/null & exit"
# Sleep 10 seconds here to make sure vm restarted already # Sleep 10 seconds here to make sure vm restarted already
sleep 10 sleep 10
@ -904,7 +907,7 @@ if [[ "$USER_IN_RAW" == "false" ]]; then
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
EOF EOF
@ -999,14 +1002,14 @@ if [[ "$ID" == "fedora" ]]; then
# The Fedora IoT Raw image sets the fedora-iot remote URL to https://ostree.fedoraproject.org/iot # The Fedora IoT Raw image sets the fedora-iot remote URL to https://ostree.fedoraproject.org/iot
# Replacing with our own local repo # Replacing with our own local repo
greenprint "Replacing default remote" greenprint "Replacing default remote"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S ostree remote delete ${OSTREE_OSNAME}" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |sudo -S ostree remote delete ${OSTREE_OSNAME}"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S ostree remote add --no-gpg-verify ${OSTREE_OSNAME} ${PROD_REPO_URL}" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |sudo -S ostree remote add --no-gpg-verify ${OSTREE_OSNAME} ${PROD_REPO_URL}"
fi fi
# Upgrade image/commit. # Upgrade image/commit.
greenprint "🗳 Upgrade ostree image/commit" greenprint "🗳 Upgrade ostree image/commit"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |sudo -S rpm-ostree upgrade"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${UEFI_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |nohup sudo -S systemctl reboot &>/dev/null & exit"
# Sleep 10 seconds here to make sure vm restarted already # Sleep 10 seconds here to make sure vm restarted already
sleep 10 sleep 10

23
test/cases/ostree-simplified-installer.sh
View file

@ -129,6 +129,9 @@ FDO_USER_ONBOARDING="false"
# Set FIPS variable default # Set FIPS variable default
FIPS="${FIPS:-false}" FIPS="${FIPS:-false}"
# Generate the user's password hash
EDGE_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${EDGE_USER_PASSWORD:-foobar}")
case "${ID}-${VERSION_ID}" in case "${ID}-${VERSION_ID}" in
"rhel-8"* ) "rhel-8"* )
OSTREE_REF="rhel/8/${ARCH}/edge" OSTREE_REF="rhel/8/${ARCH}/edge"
@ -377,7 +380,7 @@ name = "${KERNEL_RT_PKG}"
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
@ -440,7 +443,7 @@ groups = []
[[customizations.user]] [[customizations.user]]
name = "simple" name = "simple"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/simple/" home = "/home/simple/"
groups = ["wheel"] groups = ["wheel"]
@ -517,7 +520,7 @@ for _ in $(seq 0 30); do
done done
# With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly # With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "simple@${EDGE_GUEST_ADDRESS}" "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "simple@${EDGE_GUEST_ADDRESS}" "echo '${EDGE_USER_PASSWORD}' |nohup sudo -S systemctl reboot &>/dev/null & exit"
# Sleep 10 seconds here to make sure vm restarted already # Sleep 10 seconds here to make sure vm restarted already
sleep 10 sleep 10
for _ in $(seq 0 30); do for _ in $(seq 0 30); do
@ -594,7 +597,7 @@ tee -a "$BLUEPRINT_FILE" >> /dev/null << EOF
[[customizations.user]] [[customizations.user]]
name = "simple" name = "simple"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/simple/" home = "/home/simple/"
groups = ["wheel"] groups = ["wheel"]
@ -950,7 +953,7 @@ name = "${KERNEL_RT_PKG}"
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
EOF EOF
@ -1010,8 +1013,8 @@ sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null
sudo composer-cli blueprints delete rebase > /dev/null sudo composer-cli blueprints delete rebase > /dev/null
greenprint "🗳 Rebase ostree image/commit" greenprint "🗳 Rebase ostree image/commit"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree rebase ${REF_PREFIX}:${OSTREE_REF}" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |sudo -S rpm-ostree rebase ${REF_PREFIX}:${OSTREE_REF}"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |nohup sudo -S systemctl reboot &>/dev/null & exit"
# Sleep 10 seconds here to make sure vm restarted already # Sleep 10 seconds here to make sure vm restarted already
sleep 10 sleep 10
@ -1259,7 +1262,7 @@ name = "${KERNEL_RT_PKG}"
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
EOF EOF
@ -1320,8 +1323,8 @@ sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null
sudo composer-cli blueprints delete upgrade > /dev/null sudo composer-cli blueprints delete upgrade > /dev/null
greenprint "🗳 Upgrade ostree image/commit" greenprint "🗳 Upgrade ostree image/commit"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |sudo -S rpm-ostree upgrade"
sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo '${EDGE_USER_PASSWORD}' |nohup sudo -S systemctl reboot &>/dev/null & exit"
# Sleep 10 seconds here to make sure vm restarted already # Sleep 10 seconds here to make sure vm restarted already
sleep 10 sleep 10

13
test/cases/ostree-vsphere.sh
View file

@ -89,7 +89,8 @@ SSH_KEY_PUB=$(cat "${SSH_KEY}".pub)
IGNITION_SERVER_FOLDER=/var/www/html/ignition IGNITION_SERVER_FOLDER=/var/www/html/ignition
IGNITION_SERVER_URL=http://${HOST_IP_ADDRESS}/ignition IGNITION_SERVER_URL=http://${HOST_IP_ADDRESS}/ignition
IGNITION_USER=core IGNITION_USER=core
IGNITION_USER_PASSWORD=foobar IGNITION_USER_PASSWORD="${IGNITION_USER_PASSWORD:-foobar}"
IGNITION_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${IGNITION_USER_PASSWORD}")
# Set up variables. # Set up variables.
SYSROOT_RO="true" SYSROOT_RO="true"
@ -97,6 +98,10 @@ SYSROOT_RO="true"
# Set FIPS variable default # Set FIPS variable default
FIPS="${FIPS:-false}" FIPS="${FIPS:-false}"
# Generate the user's password hash
EDGE_USER_PASSWORD="${EDGE_USER_PASSWORD:-foobar}"
EDGE_USER_PASSWORD_SHA512=$(openssl passwd -6 -stdin <<< "${EDGE_USER_PASSWORD}")
DATACENTER_70="Datacenter7.0" DATACENTER_70="Datacenter7.0"
DATASTORE_70="datastore-80" DATASTORE_70="datastore-80"
DATACENTER_70_POOL="/Datacenter7.0/host/Automation/Resources" DATACENTER_70_POOL="/Datacenter7.0/host/Automation/Resources"
@ -363,7 +368,7 @@ sudo tee "$IGNITION_CONFIG_PATH" > /dev/null << EOF
"wheel" "wheel"
], ],
"name": "$IGNITION_USER", "name": "$IGNITION_USER",
"passwordHash": "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl.", "passwordHash": "${IGNITION_USER_PASSWORD_SHA512}",
"sshAuthorizedKeys": [ "sshAuthorizedKeys": [
"$SSH_KEY_PUB" "$SSH_KEY_PUB"
] ]
@ -437,7 +442,7 @@ tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
[[customizations.user]] [[customizations.user]]
name = "admin" name = "admin"
description = "Administrator account" description = "Administrator account"
password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." password = "${EDGE_USER_PASSWORD_SHA512}"
key = "${SSH_KEY_PUB}" key = "${SSH_KEY_PUB}"
home = "/home/admin/" home = "/home/admin/"
groups = ["wheel"] groups = ["wheel"]
@ -522,7 +527,7 @@ ansible_private_key_file=${SSH_KEY}
ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
ansible_become=yes ansible_become=yes
ansible_become_method=sudo ansible_become_method=sudo
ansible_become_pass=${IGNITION_USER_PASSWORD} ansible_become_pass=${EDGE_USER_PASSWORD}
EOF EOF
# Test IoT/Edge OS # Test IoT/Edge OS