fix(vagrant, ci): forward more ports used in docker katas, ci go builder

Vagrantfile

@@ -20,14 +20,13 @@ Vagrant.configure("2") do |config|
   # config.vm.box_check_update = false
 
   # Create a forwarded port mapping which allows access to a specific port
-  # within the machine from a port on the host machine. In the example below,
-  # accessing "localhost:8080" will access port 80 on the guest machine.
   # NOTE: This will enable public access to the opened port
-  config.vm.network "forwarded_port", guest: 9000, host: 9000
-  config.vm.network "forwarded_port", guest: 8080, host: 8080
-  config.vm.network "forwarded_port", guest: 3001, host: 3001
+  # Forward all ports that are used in training material
+  for i in 8000..9000
+    config.vm.network "forwarded_port", guest: i, host: i
+  end
   config.vm.network "forwarded_port", guest: 3000, host: 3000
-  config.vm.network "forwarded_port", guest: 8086, host: 8086
+  config.vm.network "forwarded_port", guest: 3001, host: 3001
 
   # Create a forwarded port mapping which allows access to a specific port
   # within the machine from a port on the host machine and only allow access
@@ -53,13 +52,24 @@ Vagrant.configure("2") do |config|
   # backing providers for Vagrant. These expose provider-specific options.
   # Example for VirtualBox:
   #
-  # config.vm.provider "virtualbox" do |vb|
-  #   # Display the VirtualBox GUI when booting the machine
-  #   vb.gui = true
-  #
-  #   # Customize the amount of memory on the VM:
-  #   vb.memory = "1024"
-  # end
+  config.vm.provider "virtualbox" do |vb|
+    host = RbConfig::CONFIG['host_os']
+
+    # src: https://gist.github.com/ozbillwang/7834632bb41c5642912e
+    if host =~ /linux/
+      cpus = `nproc`.to_i
+      # meminfo shows KB and we need to convert to MB
+      mem = `grep 'MemTotal' /proc/meminfo | sed -e 's/MemTotal://' -e 's/ kB//'`.to_i / 1024 / 4
+    else
+      cpus = 2
+      mem = 1024
+    end
+
+    vb.cpus = cpus
+    vb.memory = mem
+    vb.customize ["modifyvm", :id, "--memory", mem]
+    vb.customize ["modifyvm", :id, "--cpus", cpus]
+  end
   #
   # View the documentation for the provider you are using for more
   # information on available options.

ci/.gitignore

@@ -0,0 +1,3 @@
+jenkins/
+grafana/
+influxdb/

ci/README.md

@@ -0,0 +1,33 @@
+# Simple fortune cookie CI/CD with Jenkins
+
+## Running
+
+First set the permissions on the SSH private key as they are not supported by git.
+
+```shell
+./set_permissions.sh
+```
+
+```shell
+docker compose up --build
+```
+
+## Reset
+
+```shell
+docker compose down -v
+rm -rf jenkins grafana influxdb
+```
+
+## Connect to the builder with ssh
+
+After `docker compose up --build`
+
+```shell
+ssh-keygen -R '[localhost]:9000'
+ssh root@localhost -p 9000 -i secrets/id_ed25519
+```
+
+## Secrets
+
+A sample SSH key is provided to allow access to

ci/casc/jenkins.yaml

@@ -2,12 +2,14 @@ credentials:
   system:
     domainCredentials:
     - credentials:
-      - usernamePassword:
-          description: "vagrant"
-          id: "vagrant"
-          password: "vagrant"
+      - basicSSHUserPrivateKey:
+          id: "ssh_id"
+          privateKeySource:
+            directEntry:
+              privateKey: "${readFile:/var/lib/secrets/id_ed25519}"
           scope: GLOBAL
-          username: "vagrant"
+          username: "root"
+
 jenkins:
   labelAtoms:
   - name: "build"
@@ -17,8 +19,8 @@ jenkins:
       labelString: "build"
       launcher:
         ssh:
-          credentialsId: "vagrant"
-          host: "172.17.0.1"
+          credentialsId: "ssh_id"
+          host: "builder"
           port: 22
           sshHostKeyVerificationStrategy: "nonVerifyingKeyVerificationStrategy"
       name: "build"

ci/docker-compose.yml

@@ -9,10 +9,9 @@ services:
         - 8080:8080
       container_name: jenkins
       volumes:
-        - ~/jenkins:/var/jenkins_home
-        - /var/run/docker.sock:/var/run/docker.sock
-        - /usr/local/bin/docker:/usr/local/bin/docker
-        - /home/vagrant/project/ci/casc:/var/casc/
+        - ./jenkins:/var/jenkins_home
+        - ./casc:/var/casc/
+        - ./secrets:/var/lib/secrets
       environment:
         JAVA_OPTS: -Djenkins.install.runSetupWizard=false
         JENKINS_OPTS: --argumentsRealm.roles.user=admin --argumentsRealm.passwd.admin=admin --argumentsRealm.roles.admin=admin # bad idea, this is to ease up the setup
@@ -23,12 +22,20 @@ services:
     ports:
       - "3000:3000"
     volumes:
-      - ~/grafana:/var/lib/grafana/
+      - ./grafana:/var/lib/grafana/
     restart: unless-stopped
   influxdb:
     image: influxdb:1.8.10
     ports:
       - "8086:8086"
     volumes:
-      - ~/influxdb:/var/lib/influxdb/
-    restart: always
+      - ./influxdb:/var/lib/influxdb/
+    restart: always
+
+  builder:
+    build:
+      context: .
+      dockerfile: ./go-docker
+    restart: unless-stopped
+    ports:
+      - "9000:22"

ci/go-docker

@@ -0,0 +1,16 @@
+FROM golang:1.20
+
+USER root
+
+RUN apt-get update
+RUN apt-get install -y openssh-server default-jre
+RUN apt-get clean
+RUN service ssh start
+RUN cp -r /usr/local/go/bin/. /usr/bin
+
+COPY ./secrets/id_ed25519.pub /root/.ssh/
+RUN cp /root/.ssh/id_ed25519.pub /root/.ssh/authorized_keys
+
+EXPOSE 22
+
+ENTRYPOINT ["/usr/sbin/sshd", "-D"]

ci/secrets/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAjFPPtqRP/wrxiEBQCIlWICWqmV9JeBirun6ufjX0WxQAAAJhlV1SZZVdU
+mQAAAAtzc2gtZWQyNTUxOQAAACAjFPPtqRP/wrxiEBQCIlWICWqmV9JeBirun6ufjX0WxQ
+AAAEDMajuuf3mGTbhwZ+tGmVea4r1f6YAZOF2XL08OBG5RaSMU8+2pE//CvGIQFAIiVYgJ
+aqZX0l4GKu6fq5+NfRbFAAAADm5pa2xhc2hAZmVkb3JhAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----

ci/secrets/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMU8+2pE//CvGIQFAIiVYgJaqZX0l4GKu6fq5+NfRbF

ci/set_permissions.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+set -eux
+chmod 0600 ./secrets/id_ed25519