-
Notifications
You must be signed in to change notification settings - Fork 2
/
06-install-fdo-aio.sh
executable file
·102 lines (69 loc) · 2.47 KB
/
06-install-fdo-aio.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env bash
. $(dirname $0)/demo.conf
[[ $EUID -ne 0 ]] && exit_on_error "Must run as root"
##
## Install the packages
##
dnf -y install fdo-admin-cli
##
## Open firewall ports for FDO
##
firewall-cmd --permanent --add-port=8000/tcp --add-port=8080-8083/tcp
firewall-cmd --reload
##
## Start FDO all-in-one services
##
systemctl enable --now fdo-aio
##
## Set edge device configuration
##
SERVICE_API_SERVER="/etc/fdo/aio/configs/serviceinfo_api_server.yml"
while [[ ! -f $SERVICE_API_SERVER ]]; do sleep 1; done
export SERVICE_AUTH_TOKEN="$(grep service_info_auth_token $SERVICE_API_SERVER | awk '{print $2}')"
export ADMIN_AUTH_TOKEN="$(grep admin_auth_token $SERVICE_API_SERVER | awk '{print $2}')"
envsubst < serviceinfo_api_server.yml.template > serviceinfo_api_server.yml
mv -f serviceinfo_api_server.yml $SERVICE_API_SERVER
cp -r device0 /etc
# configure edge device to use insecure registry
mkdir -p /etc/device0/cfg/etc/containers/registries.conf.d
cat <<EOF > /etc/device0/cfg/etc/containers/registries.conf.d/999-insecure-registry.conf
[[registry]]
insecure = true
location = "$FDO_SERVER:5000"
EOF
# make sure the local registry is ready
systemctl restart container-registry.service
# generate systemd file for edge device container application
podman create --rm --name httpd -p 8080:80 \
--label io.containers.autoupdate=registry $FDO_SERVER:5000/httpd:prod
podman generate systemd --files --new --name httpd
cp container-httpd.service /etc/device0/cfg/etc/systemd/system/
podman rm -f httpd
##
## Disable TPM on edge device
##
AIO_CONFIG=/etc/fdo/aio/aio_configuration
sed -i.bak 's/\(manufacturing_disable_key_storage_tpm:\) false/\1 true/g' $AIO_CONFIG
##
## Remove unnecessary IP addresses in FDO AIO configuration files
##
for ipaddr in $(grep IpAddr $AIO_CONFIG | awk '{print $3}' | sed 's/"//g' | \
grep -v $FDO_SERVER | sort -u)
do
sed -i '/'$ipaddr'/d' $AIO_CONFIG
sed -i '/'$ipaddr'/d' /etc/fdo/aio/configs/owner_onboarding_server.yml
# This awk expression removes the line before the pattern, the
# pattern, and two lines after the pattern
# See https://red.ht/3amgyAt.
awk '/'$ipaddr'/{for(x=NR-1;x<=NR+2;x++)d[x];}{a[NR]=$0}END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
/etc/fdo/aio/configs/manufacturing_server.yml > tmp.out
mv tmp.out /etc/fdo/aio/configs/manufacturing_server.yml
done
##
## Fix SELinux contexts
##
restorecon -vFr /etc
##
## Restart the FDO all-in-one service
##
systemctl restart fdo-aio