fail if interface script not exist and add prepend DNS to dhclient.co…

.gitignore

@@ -1,2 +1,5 @@
 .DS_Store
 scrap
+
+# for sed inplace edit backup
+*.bak

common.sh

@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+guard_bash_error () {
+    set -Eeuo pipefail
+}
+
+# Log levels
+INFO=0
+WARN=1
+ERROR=2
+FATAL=3
+DEBUG=4
+DEFAULT_LOG_LEVEL=${ERROR}
+
+my_exit () {
+    echo "EXIT: - [HOST:$(hostname)]: - $(date +"%Y-%m-%d %H:%M:%S") - $1"
+    exit "$2"
+}
+
+msg () {
+    if [ "$1" -le ${DEFAULT_LOG_LEVEL} ]; then
+        echo "[HOST:$(hostname)]: - $(date +"%Y-%m-%d %H:%M:%S") - $2"
+    fi
+}
+
+info () {
+    msg ${INFO} "INFO: - $1"
+}
+
+warn () {
+    msg ${WARN} "WARNING: - $1"
+}
+
+error () {
+    msg ${ERROR} "ERROR: - $1"
+}
+
+fatal () {
+    msg ${FATAL} "FATAL: - $1"
+}
+
+debug () {
+    msg ${DEBUG} "DEBUG: - $1"
+}
+
+begin_banner () {
+    info "$1 - $2 phase - begin"
+}
+
+done_banner () {
+    info "$1 - $2 phase - done"
+}
+
+### turn path within script into absolute path
+### must pass the calling string of the script as the first parameter
+### e.g., ./path_to_script/script.sh
+### or, /root/path_to_script/script.sh
+### return the absolute path to the script with "echo" command
+turn_to_absolute_path () {
+    local SCRIPT_ABS_PATH_RAW
+    SCRIPT_ABS_PATH_RAW="$(dirname "$1")"
+    # turn SCRIPT_ABS_PATH into absolute path
+    case ${SCRIPT_ABS_PATH_RAW} in
+        /*) echo "${SCRIPT_ABS_PATH_RAW}" ;;
+        \.\.*) echo "$PWD/${SCRIPT_ABS_PATH_RAW}" ;;
+        \.*) echo "$PWD/${SCRIPT_ABS_PATH_RAW}" ;;
+        *) echo "$PWD" ;;
+    esac
+}
+
+### change CD to up to the project root directory
+### must pass the absolute path to the script as the first parameter
+change_CD_to_project_root () {
+    cd "$1"
+    local up_level=..
+    local my_loop=10 # guard not to loop forever
+    until [ -f "${up_level}/cook.sh" ] && [ ${my_loop} -gt 0 ]
+    do
+        up_level=${up_level}/..
+        my_loop=$((my_loop - 1))
+    done
+    if [ ${my_loop} -eq 0 ]; then
+        my_exit "Too many level up within the searching for DevOps directory,abort." 1
+    fi
+    cd "$1/${up_level}"
+}
+
+### check OS and distribution
+### return the OS distribution and ID with "echo" command
+check_dist_or_OS () {
+    local MY_THE_DISTRIBUTION_ID=""
+    local MY_THE_DISTRIBUTION_VERSION=""
+    if [ -e /etc/os-release ]; then
+        MY_THE_DISTRIBUTION_ID=$(grep -w "ID" /etc/os-release |awk -F"=" '{print $NF}'|sed 's/"//g')
+        if [ "${MY_THE_DISTRIBUTION_ID}" == "ubuntu" ]; then
+            MY_THE_DISTRIBUTION_VERSION=$(grep -w "VERSION_ID" /etc/os-release |awk -F"=" '{print $NF}'|sed 's/"//g')
+        else
+            MY_THE_DISTRIBUTION_VERSION=$(grep -w "VERSION_ID" /etc/os-release |awk -F"=" '{print $NF}'|awk -F"." '{print $1}'|sed 's/"//g')
+        fi
+        echo "${MY_THE_DISTRIBUTION_ID} ${MY_THE_DISTRIBUTION_VERSION}"
+    else
+        if type uname > /dev/null 2>&1; then
+             MY_THE_DISTRIBUTION_ID=$(uname -s)
+             MY_THE_DISTRIBUTION_VERSION=$(uname -r)
+             echo "${MY_THE_DISTRIBUTION_ID} ${MY_THE_DISTRIBUTION_VERSION}"
+        else
+             echo ""
+        fi
+    fi
+}
+
+### guard that the caller of the script must be root or has sudo right
+guard_root_or_sudo () {
+    if [[ $EUID -gt 0 ]] && ! sudo echo  >/dev/null 2>&1; then
+        return 1
+    else
+        return 0
+    fi
+}
+
+### init script with check if root or sudo
+init_with_root_or_sudo () {
+    guard_bash_error
+
+    if ! guard_root_or_sudo; then
+        my_exit "You must be root or you must be sudoer to prepare the env for CI/CD." 1
+    fi
+
+    SCRIPT_ABS_PATH=$(turn_to_absolute_path "$0")
+
+    # change_CD_to_project_root ${SCRIPT_ABS_PATH}
+
+    THE_DISTRIBUTION_ID_VERSION=$(check_dist_or_OS)
+    THE_DISTRIBUTION_ID=$(echo "${THE_DISTRIBUTION_ID_VERSION}"|awk '{print $1}')
+    THE_DISTRIBUTION_VERSION=$(echo "${THE_DISTRIBUTION_ID_VERSION}"|awk '{print $2}')
+}
+
+### init script without check if root or sudo
+init_without_root_or_sudo () {
+    guard_bash_error
+
+    SCRIPT_ABS_PATH=$(turn_to_absolute_path "$0")
+
+    # change_CD_to_project_root ${SCRIPT_ABS_PATH}
+
+    THE_DISTRIBUTION_ID_VERSION=$(check_dist_or_OS)
+    THE_DISTRIBUTION_ID=$(echo "${THE_DISTRIBUTION_ID_VERSION}"|awk '{print $1}')
+    THE_DISTRIBUTION_VERSION=$(echo "${THE_DISTRIBUTION_ID_VERSION}"|awk '{print $2}')
+}
+
+get_last_stable_nix_channel () {
+    local MY_CHANNEL_NAME_REGEX=""
+    case ${THE_DISTRIBUTION_ID} in
+      debian|ubuntu|rhel|centos) MY_CHANNEL_NAME_REGEX='s/.*\(nixos-[0-9][0-9].[0-9][0-9]\).*/\1/p' ;;
+      Darwin) MY_CHANNEL_NAME_REGEX='s/.*\(nixpkgs-[0-9][0-9].[0-9][0-9]-darwin\).*/\1/p' ;;
+      *) ;;
+    esac
+    local MY_LAST_NIX_STABLE_CHANNEL
+    MY_LAST_NIX_STABLE_CHANNEL=$(git ls-remote --heads https://github.com/NixOS/nixpkgs | awk '{print $NF}' | awk -F"/" '{print $NF}' | grep -v "\-unstable" | grep -v "\-small" | sed -n "${MY_CHANNEL_NAME_REGEX}" | sort | tail -1)
+    echo "${MY_LAST_NIX_STABLE_CHANNEL}"
+}
+
+switch_to_last_stable_nix_channel () {
+    nix-channel --remove nixpkgs
+    nix-channel --add "https://nixos.org/channels/$(get_last_stable_nix_channel)" nixpkgs
+    nix-channel --update
+}

init_bastion.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+if ! type dirname > /dev/null 2>&1; then
+    echo "Not even a linux or macOS, Windoze? We don't support it. Abort."
+    exit 1
+fi
+
+. "$(dirname "$0")"/common.sh
+
+init_with_root_or_sudo "$0"
+
+begin_banner "Top level" "Init bastion machine"
+
+    case ${THE_DISTRIBUTION_ID} in
+      debian)
+        my_exit "debian not supported yet." 222
+	     ;;
+      ubuntu)
+        my_exit "ubuntu not supported yet." 222
+	     ;;
+      Darwin)
+        my_exit "macOS not supported yet." 222
+	     ;;
+      rhel|centos)
+        if [ "X$THE_DISTRIBUTION_VERSION" != "X8" ]; then
+          my_exit "only support centos/RHEL 8.x" 126
+        fi
+
+        systemctl status firewalld > /dev/null 2>&1 && systemctl stop firewalld && systemctl disable firewalld
+        yum -y update
+        yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+        yum install -y ansible bind-utils buildah chrony dnsmasq git \
+                       haproxy httpd-tools jq libvirt net-tools nfs-utils nginx podman \
+                       python3 python3-netaddr python3-passlib python3-pip python3-policycoreutils python3-pyvmomi python3-requests \
+                       screen sos syslinux-tftpboot wget yum-utils
+
+        LATEST_PIP=$(find /usr/bin -name 'pip*'|sort|tail -1)
+        "$LATEST_PIP" install passlib
+
+	     ;;
+      *) ;;
+    esac
+
+done_banner "Top level" "Init bastion machine"

inventory/vmware-airgapped-example.inv

@@ -7,6 +7,7 @@ ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 domain_name="uk.ibm.com"
 cluster_name="ocp45"
 default_gateway="10.99.92.1"
+interface_name="ens192"
 
 #
 # Indicate the method by which Red Hat CoreOS will be installed. This can be one of the following values:

inventory/vmware-example-410.inv

@@ -7,6 +7,7 @@ ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 domain_name="coc.ibm.com"
 cluster_name="ocp410"
 default_gateway="10.99.92.1"
+interface_name="ens192"
 
 #
 # Indicate the method by which Red Hat CoreOS will be installed. This can be one of the following values:

inventory/vmware-example-48-ipi.inv

@@ -7,6 +7,7 @@ ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 domain_name="coc.ibm.com"
 cluster_name="ocp48"
 default_gateway="10.99.92.1"
+interface_name="ens192"
 
 #
 # Indicate the method by which Red Hat CoreOS will be installed. This can be one of the following values:
@@ -210,4 +211,4 @@ vm_worker_disk=200
 # Ignored for IPI installations
 
 [workers]
-# Ignored for IPI installations
+# Ignored for IPI installations