workshop: Update docs and support default cloud image

Update instructions on how to build images starting with Fedora 34 using kickstart files used by Fedora to build its cloud images. Change vagrant provisioning steps to support both prebuilt and default cloud images, removing the burden of maintaining boxes up-to-date, but also providing a way to build fresh images without external packer templates. Signed-off-by: Armando Neto <[email protected]> Reviewed-By: Florence Blanc-Renaud <[email protected]> Reviewed-By: Rob Crittenden <[email protected]>
progier389 · Jun 7, 2021 · 584952b · 584952b
1 parent 33327b2
commit 584952b
Show file tree

Hide file tree

Showing 12 changed files with 181 additions and 103 deletions.
diff --git a/.gitignore b/.gitignore
@@ -57,6 +57,12 @@ py-compile
 freeipa2-dev-doc
 ~/doc/guide/Makefile
 
+# Workshop
+doc/workshop/.vagrant/
+doc/workshop/packer_cache/
+doc/workshop/output-*/
+doc/workshop/anaconda-ks.cfg
+
 # Root directory
 /freeipa.spec
 /dist/

diff --git a/doc/Makefile b/doc/Makefile
@@ -23,12 +23,6 @@ help:
 %: Makefile
 	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
-.PHONY: workshop-remote workshop-pull
-workshop-remote:
-	git remote add -f freeipa-workshop https://github.com/freeipa/freeipa-workshop.git
-workshop-pull:
-	git pull -s subtree freeipa-workshop master
-
 .PHONY: lint
 lint:
 	$(MAKE) html SPHINXOPTS="$(SPHINXOPTS) -E -a"

diff --git a/doc/workshop.rst b/doc/workshop.rst
@@ -6,7 +6,6 @@ FreeIPA workshop
    :caption: Workshop:
 
    workshop/workshop.rst
-   workshop/building.rst
    workshop/1-server-install.rst
    workshop/2-client-install.rst
    workshop/3-user-management.rst
@@ -18,4 +17,10 @@ FreeIPA workshop
    workshop/9-selinux-user-map.rst
    workshop/10-ssh-key-management.rst
    workshop/11-kerberos-ticket-policy.rst
+
+.. toctree::
+   :includehidden:
+
    workshop/troubleshooting.rst
+   workshop/building.rst
+   workshop/facilitators.rst
diff --git a/doc/workshop/Vagrantfile b/doc/workshop/Vagrantfile
@@ -3,7 +3,11 @@
 
 Vagrant.configure(2) do |config|
 
-  config.vm.box = "netoarmando/freeipa-workshop"
+  # Replace this with "fedora/34-cloud-base" (or latest) for a fresh box without
+  # pre-installed freeipa packages, you must also uncomment shell provisioning step
+  # at the bottom of this file.
+  # config.vm.box = "fedora/34-cloud-base"
+  config.vm.box = "freeipa/freeipa-workshop"
 
   config.vm.synced_folder ".", "/vagrant", disabled: true
 
@@ -12,22 +16,21 @@ Vagrant.configure(2) do |config|
     libvirt.memory = 1024
   end
 
-  # Vagrant's "change host name" sets the short host name.  Before
-  # we repair /etc/hosts (see below) let's reset /etc/hostname to
-  # the *full* host name
-  #
-  config.vm.provision "shell",
-    inline: "hostname --fqdn > /etc/hostname && hostname -F /etc/hostname"
-
-  # Vagrant's "change host name" capability for Fedora maps hostname
-  # to loopback.  We must repair /etc/hosts
-  #
-  config.vm.provision "shell",
-    inline: "sed -ri 's/127\.0\.0\.1\s.*/127.0.0.1 localhost localhost.localdomain/' /etc/hosts"
+  config.vm.provider :virtualbox do |virtualbox|
+    virtualbox.memory = 1536
+  end
 
   config.vm.define "server" do |server|
     server.vm.network "private_network", ip: "192.168.33.10"
     server.vm.hostname = "server.ipademo.local"
+
+    config.vm.provider "virtualbox" do |v|
+      v.memory = 1536
+    end
+    config.vm.provider "libvirt" do |v|
+      v.memory = 1536
+    end
+
   end
 
   config.vm.define "replica" do |replica|
@@ -39,7 +42,17 @@ Vagrant.configure(2) do |config|
     replica.vm.provision "shell",
       inline: 'echo "DNS1=192.168.33.10" >> /etc/sysconfig/network-scripts/ifcfg-eth1'
     replica.vm.provision "shell",
-      inline: 'echo "nameserver 192.168.33.10" > /etc/resolv.conf'
+      inline: 'printf "DNS=192.168.33.10\nDomains=~." >> /etc/systemd/resolved.conf'
+    replica.vm.provision "shell",
+      inline: 'systemctl restart systemd-resolved'
+
+    config.vm.provider "virtualbox" do |v|
+      v.memory = 1536
+    end
+    config.vm.provider "libvirt" do |v|
+      v.memory = 1536
+    end
+
   end
 
   config.vm.define "client" do |client|
@@ -51,7 +64,9 @@ Vagrant.configure(2) do |config|
     client.vm.provision "shell",
       inline: 'echo "DNS1=192.168.33.10" >> /etc/sysconfig/network-scripts/ifcfg-eth1'
     client.vm.provision "shell",
-      inline: 'echo "nameserver 192.168.33.10" > /etc/resolv.conf'
+      inline: 'printf "DNS=192.168.33.10\nDomains=~." >> /etc/systemd/resolved.conf'
+    client.vm.provision "shell",
+      inline: 'systemctl restart systemd-resolved'
     client.vm.provision "shell",
       inline: 'sudo sed -i "s/^/#/g" /etc/httpd/conf.d/ssl.conf'
     client.vm.provision "shell",
@@ -60,4 +75,8 @@ Vagrant.configure(2) do |config|
       inline: 'systemctl -q enable oddjobd && systemctl start oddjobd'
   end
 
+  # Uncomment line below when using Fedora's cloud base box.
+  # config.vm.provision "shell", path: "workshop-install-packages.sh"
+  config.vm.provision "shell", path: "workshop-ipa-customizations.sh"
+
 end
diff --git a/doc/workshop/app.py b/doc/workshop/app.py
diff --git a/doc/workshop/building.rst b/doc/workshop/building.rst
@@ -8,55 +8,45 @@ Requirements
 ------------
 
 - Install packer (http://packer.io/)
-- Clone the packer-templates repository
-  (https://github.com/kaorimatz/packer-templates)
+- Install Vagrant, libvirt and VirtualBox
+- Clone the Fedora kickstarts repo (https://pagure.io/fedora-kickstarts)
 
 
 Packer template
 ---------------
 
-Apply the following changes to the ``fedora-28-x86_64.json`` packer
-template:
+Packer template ``packer-template-fedora.json`` requires Fedora 34 kickstart file
+used by Fedora to build vagrant images:
 
-- Add the ``scripts/fedora/ipa.sh`` provisioner and copy (or
-  symlink) ``ipa.sh`` from *this* repository to ``scripts/fedora``.
-  This script installs the FreeIPA packages and creates other files
-  required for the workshop.
+- Clone the repo and checkout latest Fedora release branch::
 
+  $ git clone https://pagure.io/fedora-kickstarts.git
+  $ cd fedora-kickstarts
+  $ git checkout f34
 
-Building the virtualbox image
------------------------------
-
-Build the images::
+- Install ``pykickstart`` package which provides ``ksflatten`` tool::
 
-  $BIN_PACKER build -only=virtualbox-iso -var disk_size=4000 -var memory=1024 fedora-28-x86_64.json
+  $ sudo dnf install pykickstart
 
-Packer stores images and other data in ``/tmp`` during processing.
-If you have limited space in ``/tmp`` set ``TMPDIR`` to point
-somewhere else with more space.
+- Generate the ``anaconda-ks.cfg`` file needed by flattening vagrant kickstart files
+  and putting it onto the same folder as the packer template file::
 
+  $ ksflatten -c $FEDORA_KICKSTARTS_REPO/fedora-cloud-base-vagrant.ks > $FREEIPA_REPO/doc/workshop/anaconda-ks.cfg
 
-Building the QEMU/libvirt image
--------------------------------
 
-Build the image::
-
-  $BIN_PACKER build -only=qemu -var disk_size=4000 -var memory=1024 fedora-28-x86_64.json
+Building the vagrant images
+-----------------------------
 
-The output box is a gzip-compressed tarball.  Unfortunately, the VM
-image it contains is not sparse and will waste a lot of space (and
-time) when Vagrant unpacks and imports the image.  Therefore we
-unpack, sparsify and repack the box::
+Build the images::
 
-  mkdir box && cd box && tar -xf ../fedora-28-x86_64-libvirt.box
-  virt-sparsify --in-place box.img
-  tar -czf ../fedora-28-x86_64-libvirt.box * && cd .. && rm -rf box
+  $ cd $FREEIPA_REPO/doc/workshop
+  $ BIN_PACKER build packer-template-fedora.json
 
 
-Uploading boxes to HashiCorp Atlas
+Uploading boxes to Vagrant Cloud
 ----------------------------------
 
-Vagrant by default looks for boxes in a directory called *Atlas*.
+Vagrant by default looks for boxes in a directory called *Vagrant Cloud*.
 Therefore is is good to make images available there, so that people
 can easily download them as part of workshop preparation.
 

diff --git a/doc/workshop/README.facilitators → doc/workshop/facilitators.rst b/doc/workshop/README.facilitators → doc/workshop/facilitators.rst
@@ -31,5 +31,5 @@ Vagrant boxes
 -------------
 
 See ``building.rst`` for instructions on building Vagrant boxes.
-At time of writing, the ``netoarmando/freeipa-workshop`` box is
-FreeIPA 4.6.90 / Fedora 28, for the VirtualBox and libvirt providers.
+At time of writing, the ``freeipa/freeipa-workshop`` box is
+FreeIPA 4.9.3 / Fedora 34, for the VirtualBox and libvirt providers.
diff --git a/doc/workshop/packer-template-fedora.json b/doc/workshop/packer-template-fedora.json
@@ -0,0 +1,77 @@
+{
+  "builders": [{
+    "type": "qemu",
+    "iso_url": "{{user `iso_url`}}",
+    "iso_checksum": "{{user `iso_checksum`}}",
+    "output_directory": "output-{{user `box_name`}}-x86_64-{{build_type}}",
+    "vm_name": "packer-{{user `box_name`}}-x86_64",
+    "disk_size": "{{user `disk_size`}}",
+    "headless": "{{user `headless`}}",
+    "http_directory": ".",
+    "boot_wait": "5s",
+    "boot_command": [
+      "<tab> ",
+      "inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/anaconda-ks.cfg ",
+      "biosdevname=0 ",
+      "net.ifnames=0 ",
+      "<enter>"
+    ],
+    "ssh_timeout": "{{user `ssh_timeout`}}",
+    "ssh_username": "vagrant",
+    "ssh_password": "vagrant",
+    "shutdown_command": "sudo systemctl poweroff",
+    "qemuargs": [
+      ["-m", "{{user `memory`}}"],
+      ["-smp", "{{user `cpus`}}"]
+    ]
+  }, {
+    "type": "virtualbox-iso",
+    "guest_os_type": "Fedora_64",
+    "iso_url": "{{user `iso_url`}}",
+    "iso_checksum": "{{user `iso_checksum`}}",
+    "output_directory": "output-{{user `box_name`}}-x86_64-{{build_type}}",
+    "vm_name": "packer-{{user `box_name`}}-x86_64",
+    "disk_size": "{{user `disk_size`}}",
+    "headless": "{{user `headless`}}",
+    "http_directory": ".",
+    "boot_wait": "5s",
+    "boot_command": [
+      "<tab> ",
+      "inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/anaconda-ks.cfg ",
+      "biosdevname=0 ",
+      "net.ifnames=0 ",
+      "<enter>"
+    ],
+    "ssh_timeout": "{{user `ssh_timeout`}}",
+    "ssh_username": "vagrant",
+    "ssh_password": "vagrant",
+    "shutdown_command": "sudo systemctl poweroff",
+    "vboxmanage": [
+      ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
+      ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"]
+    ]
+  }],
+  "provisioners": [{
+    "type": "shell",
+    "scripts": [
+      "workshop-install-packages.sh"
+    ]
+  }],
+  "post-processors": [{
+    "type": "vagrant",
+    "compression_level": "{{user `compression_level`}}",
+    "output": "{{user `box_name`}}-x86_64-{{.Provider}}.box"
+  }],
+  "variables": {
+    "box_name": "fedora-34",
+    "iso_url": "{{user `mirror`}}/releases/34/Server/x86_64/iso/Fedora-Server-netinst-x86_64-34-1.2.iso",
+    "iso_checksum": "file:{{user `mirror`}}/releases/34/Server/x86_64/iso/Fedora-Server-34-1.2-x86_64-CHECKSUM",
+    "compression_level": "9",
+    "cpus": "1",
+    "disk_size": "40000",
+    "headless": "false",
+    "memory": "1024",
+    "mirror": "http://download.fedoraproject.org/pub/fedora/linux",
+    "ssh_timeout": "60m"
+  }
+}
diff --git a/doc/workshop/troubleshooting.rst b/doc/workshop/troubleshooting.rst
@@ -1,16 +1,19 @@
-Local webserver
+Troubleshooting
 ===============
 
+Local webserver
+---------------
+
 Drop firewall::
 
   sudo firewall-cmd --add-service=http
 
 
 DNS / hosts file issues
-=======================
+-----------------------
 
 Flush cache
------------
+^^^^^^^^^^^
 
 Note: some resolvers cache NX.
 
@@ -24,7 +27,7 @@ Windows::
 
 
 Virtual network
-===============
+---------------
 
 If ``Vagrant::Errors::NetworkCollision`` occurs, try deleting host
 network device, e.g.::
@@ -39,15 +42,15 @@ up::
 
 
 Vagrant
-=======
+-------
 
 If ``vagrant up`` fails to SSH into VM, delete
 ``~/.vagrant.d/insecure_private_key``.  See
 https://stackoverflow.com/questions/28284112/.
 
 
 mod_lookup_identity
-===================
+-------------------
 
 To flush cache::
 

diff --git a/doc/workshop/workshop-install-packages.sh b/doc/workshop/workshop-install-packages.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+sudo dnf install -y freeipa-server freeipa-server-dns sssd-dbus mod_lookup_identity mod_authnz_pam haveged nmap-ncat nano pamtester bash-completion
+sudo dnf clean all
diff --git a/doc/workshop/ipa.sh → doc/workshop/workshop-ipa-customizations.sh b/doc/workshop/ipa.sh → doc/workshop/workshop-ipa-customizations.sh
@@ -1,5 +1,4 @@
 #!/bin/bash
-sudo dnf install -y freeipa-server freeipa-server-dns sssd-dbus mod_lookup_identity mod_authnz_pam haveged nmap-ncat nano pamtester bash-completion
 sudo systemctl enable haveged
 sudo sh -c "echo 'PS1=\"[\u@\h]\\\\$ \"' >> /etc/profile"
 sudo sh -c "echo 'PS1=\"[\h]\\\\$ \"' >> /etc/bashrc"
@@ -11,10 +10,10 @@ sudo rm -f /etc/httpd/conf.d/welcome.conf
 sudo sh -c "cat >/usr/share/httpd/app.py" <<EOF
 def application(environ, start_response):
     start_response('200 OK', [('Content-Type', 'text/plain')])
-    logged_in = 'REMOTE_USER' in environ
+    remote_user = environ.get('REMOTE_USER')
 
-    if logged_in:
-        yield "LOGGED IN AS: {}\n".format(environ['REMOTE_USER']).encode('utf8')
+    if remote_user is not None:
+        yield "LOGGED IN AS: {}\n".format(remote_user).encode('utf8')
     else:
         yield b"NOT LOGGED IN\n"
 
@@ -37,3 +36,12 @@ sudo sh -c "cat >/etc/httpd/conf.d/app.conf" <<EOF
     </Directory>
 </VirtualHost>
 EOF
+
+# Vagrant's "change host name" sets the short host name.  Before
+# we repair /etc/hosts (see below) let's reset /etc/hostname to
+# the *full* host name
+hostname --fqdn > /etc/hostname && hostname -F /etc/hostname
+
+# Vagrant's "change host name" capability for Fedora maps hostname
+# to loopback.  We must repair /etc/hosts
+sed -ri 's/127\.0\.0\.1\s.*/127.0.0.1 localhost localhost.localdomain/' /etc/hosts