first draft

.github/workflows/docker-publish.yml

@@ -0,0 +1,73 @@
+name: Docker
+
+on:
+  push:
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+  # Run tests for any PRs.
+  pull_request:
+
+env:
+  # TODO: Change variable to your image's name.
+  IMAGE_NAME: control-center-util
+
+jobs:
+  # Run tests.
+  # See also https://docs.docker.com/docker-hub/builds/automated-testing/
+  # test:
+  #   runs-on: ubuntu-latest
+
+  #   steps:
+  #     - uses: actions/checkout@v2
+
+  #     - name: Run tests
+  #       run: |
+  #         if [ -f docker-compose.test.yml ]; then
+  #           docker-compose --file docker-compose.test.yml build
+  #           docker-compose --file docker-compose.test.yml run sut
+  #         else
+  #           docker build . --file Dockerfile
+  #         fi
+
+  # Push image to GitHub Packages.
+  # See also https://docs.docker.com/docker-hub/builds/
+  push:
+    # Ensure test job passes before pushing image.
+    #needs: test
+
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build image
+        run: docker build . --file Dockerfile --tag $IMAGE_NAME
+
+      - name: Log into GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Push image to GitHub Container Registry
+        run: |
+          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
+
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+          # Strip "v" prefix from tag name
+          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "master" ] && VERSION=latest
+
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
+
+          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+          docker push $IMAGE_ID:$VERSION

Dockerfile

@@ -0,0 +1,37 @@
+FROM ubuntu:20.04
+ARG TERRAFORM_VERSION=1.1.8
+ARG TERRAGRUNT_VERSION=0.42.8
+
+# Update apt and Install dependencies
+RUN apt-get update && apt install software-properties-common -y && add-apt-repository ppa:rmescandon/yq -y && apt update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y \
+    tzdata \
+    curl \
+    dnsutils \
+    git \
+    jq \
+    yq \
+    libssl-dev \
+    openvpn \
+    python3 \
+    python3-pip \
+    screen \
+    vim \
+    wget \
+    zip \
+    mysql-client \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install tools and configure the environment
+RUN wget -q https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -O /tmp/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    && unzip /tmp/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /bin/ \
+    && rm /tmp/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
+RUN wget -q https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64 -O /bin/terragrunt \
+    && chmod +x /bin/terragrunt
+
+RUN pip3 install --upgrade pip \
+    && mkdir /workdir && cd /workdir \
+    && mkdir keys \
+    && python3 -m pip install ansible==5.7.1 netaddr awscli openshift>=0.6 setuptools>=40.3.0 \
+    && ansible-galaxy collection install community.kubernetes
+
+COPY . iac-run-dir

README.md

@@ -0,0 +1,28 @@
+to get started, run the follwing from commandline
+cd /iac-run-dir
+modify environment variables in setenv as appropriate
+source setenv
+./init.sh
+cd /iac-run-dir/iac-modules/terraform/control-center/init
+modify environment.yaml file as appropriate
+./runall.sh
+./movestatetogitlab.sh
+Then, go to gitlab instance, use root password found by running: yq eval '.gitlab.vars.server_password'  $ANSIBLE_BASE_OUTPUT_DIR/control-center-deploy/inventory
+You then need to setup 2FA, then you can navigate to the bootstrap proyect and view pipelines in cicd section.
+First pipeline will be waiting at Deploy job.  Executing this should result in no changes but is a test to make sure that the configuration files have been correctly imported.
+
+From now on, make changes to the files inside gitlab and execute the jobs as necessary to make changes to the control center components
+
+Netmaker gui is available at dashboard.NM_SUBDOMAIN where NM_SUBDOMAIN is: yq eval '.netmaker.vars.netmaker_base_domain'  /iac-run-dir/output/control-center-post-config/inventory
+
+Admin user defaults to nmaker-admin, password is: yq eval '.netmaker.vars.netmaker_admin_password'  /iac-run-dir/output/control-center-post-config/inventory
+
+OIDC integration is preconfigured for netmaker using gitlab as a provider.  A gitlab user can use the OIDC option to login, however, before they can see anything, an admin needs to change their account to be an admin and select the networks that they can see (or all)
+
+After connecting to netmaker as an admin, you can select the only node that is in the ctrl-center network and enable both the ingress gateway and egress gateway options on the node.  The network for the egress gateway should be the control center network (where gitlab, runner, nexus, and seaweed run): default is 10.25.0.0/22
+
+Now you can create a external client (wireguard profile) using the node as a gateway.  Download the profile (don't rename, there is a bug with renaming the ext client profile) and add it to your wireguard client.
+
+Enable the wireguard profile and now you can access the 10.25.0.0/22 network
+
+Next steps is to configure the kubernetes cluster configurations in the different env repos.

init.sh

@@ -0,0 +1,6 @@
+#echo "https://${PRIVATE_REPO_USER}:${PRIVATE_REPO_TOKEN}@github.com" > ~/.gitcredentials.store
+#git config --global credential.helper 'store --file ~/.gitcredentials.store'
+#git config --global advice.detachedHead false
+git clone https://github.com/infitx-org/iac-modules.git
+cd iac-modules
+git checkout $IAC_MODULES_TAG

setenv

@@ -0,0 +1,5 @@
+export AWS_PROFILE=oss
+#export PRIVATE_REPO_TOKEN=asdfablkjsdf
+#export PRIVATE_REPO_USER=privategituser
+export ANSIBLE_BASE_OUTPUT_DIR=$PWD/output
+export IAC_MODULES_TAG=v0.5.0