Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Add a proof-of-concept Orka task for running scripts on Mac hardware. #162

Closed
wants to merge 1 commit into from
Closed

WIP: Add a proof-of-concept Orka task for running scripts on Mac hardware. #162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions orka/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
FROM ubuntu
RUN apt-get update && apt-get install curl sshpass -yq
RUN curl -LO https://www.dropbox.com/sh/lzq0qi2g7ep32eu/AAACAJIoJucg-n8Nl2B02Zxfa/orka-cli-linux && chmod +x orka-cli-linux && mv orka-cli-linux /usr/bin/orka
64 changes: 64 additions & 0 deletions orka/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# Orka

This `Task` runs a script on a Mac VM using MacStadium's Orka service.

Orka provides an API for managing Mac VMs across physical Mac hardware, hosted
by MacStadium.
This `Task` requires you to already have Orka setup and a user account with a token
configured.
This `Task` also requires that you configure the VPN from your cloud environment to
Orka, as specified [here](https://orkadocs.macstadium.com/docs/prerequisites#section-set-up-vpn).

The `Dockerfile` used to build the container in the `Task` is also contained in this directory.
An image is currently available at `gcr.io/dlorenc-vmtest2/orka`.

It works by:
* creating a VM
* copying the Tekton workspace over to it
* running the specified script
* copying the Tekton workspace back

This is mainly a proof-of-concept today.

## Install the Task

```
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/orka/orka.yaml
```

## Inputs

### Parameters

* **API_URL**: The URL to access the Orka API. Usually http://10.221.188.100.

* **SCRIPT**: The contents of the script to run on the created VM.

### Resources

This task does not use any resources today.

## Outputs

This task does not produce any outputs today.

## Usage

This TaskRun runs the Task with a script to check the OS and XCode versions.

```
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: example-run
spec:
taskRef:
name: orka-script
inputs:
params:
- name: script
value: |
#!/bin/bash
uname -a
xcode-select -v
```
101 changes: 101 additions & 0 deletions orka/task.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: orka-script
spec:
inputs:
# This also requires a secret called "macstadium" to exist with the following keys:
# token: the orka API auth token. Can be obtained from the $HOME/./.config/configstore/orka-cli.json file
# after an `orka login`
# license: the orka API license. Can be obtained from your IP plan.
params:
- name: script
type: string
- name: api_url
default: http://10.221.188.100
type: string
steps:
- image: gcr.io/dlorenc-vmtest2/orka
env:
- name: TOKEN
valueFrom:
secretKeyRef:
name: macstadium
key: token
- name: LICENSE
valueFrom:
secretKeyRef:
name: macstadium
key: license
script: |
#!/bin/bash
set -ex

# Decide our vm name.
rand=$(openssl rand -hex 5)
vm="tekton-vm-$rand"

function finish {
orka vm delete -v $vm -y
orka vm purge -v $vm -y
}
trap finish EXIT

# setup orka
mkdir -p $HOME/.config/configstore/
cat << EOF > $HOME/.config/configstore/orka-cli.json
{
"api-url": "$(inputs.params.api_url)",
"licenseKey": "$LICENSE",
"outputStyle": "TABLE",
"api-version": "1.0.8",
"minimum-password-length": 6,
"default-base-image": "Mojave.img",
"token": "$TOKEN"
}
EOF

# Create the VM
# The orka vm create command errors if it isn't run inside a terminal, so we simulate it
# using the script command.
# https://stackoverflow.com/questions/32910661/pretend-to-be-a-tty-in-bash-for-any-command
script -qfec "orka vm create --vm=$vm --c 3 --C 3 -b 90GCatalinaisoSSH.img -y"

# Get the IP and port for SSH
t=$(mktemp)
orka vm status -v $vm -y > $t
ip=$(cat $t | grep 'IP' | head -n 1 | awk -F ' ' '{ print $2 }')
port=$(cat $t | grep 'SSH ' | head -n 1 | awk -F ' ' '{ print $2 }' | cut -c2-)

# Wait for ssh
# We use sshpass for all of these operations to pass in the password over the commandline.
# Normally this is insecure, but these machines are all behind a vpn and the user/password is
# admin/admin, so this is OK.
set +e
n=0
until [ $n -ge 10 ]; do
sshpass -p admin ssh -o StrictHostKeyChecking=no -p $port admin@$ip 'echo true' && break
n=$[$n+1]
sleep 5
done
set -e

# Setup the Mac VM for work.
sshpass -p admin ssh -o StrictHostKeyChecking=no -p $port admin@$ip 'echo admin | sudo -S mount -uw /'
sshpass -p admin ssh -o StrictHostKeyChecking=no -p $port admin@$ip 'echo admin | sudo -S mkdir -p /workspace'
sshpass -p admin ssh -o StrictHostKeyChecking=no -p $port admin@$ip 'echo admin | sudo -S chown -R admin /workspace'

# Copy the workspace over
sshpass -p admin scp -o StrictHostKeyChecking=no -P $port -r /workspace/ admin@$ip:/

# Write our script to disk and copy it over.
script=$(mktemp)
echo "$(inputs.params.script)" > $script
chmod +x $script
sshpass -p admin scp -o StrictHostKeyChecking=no -P $port $script admin@$ip:/tmp

# Execute it!
sshpass -p admin ssh -o StrictHostKeyChecking=no -p $port admin@$ip $script

# Copy the workspace back.
sshpass -p admin scp -o StrictHostKeyChecking=no -P $port -r admin@$ip:/workspace /