diff --git a/Containerfile b/Containerfile
deleted file mode 100644
index a443b7d597ce4ec7cf2f150a06d7ae0fa5e566f4..0000000000000000000000000000000000000000
--- a/Containerfile
+++ /dev/null
@@ -1,55 +0,0 @@
-ARG GITLAB_RUNNER_VERSION=v13.12.0
-
-FROM registry.access.redhat.com/ubi8:8.5 AS builder
-
-ARG GITLAB_RUNNER_VERSION
-
-ENV GITLAB_REPO=https://gitlab.com/gitlab-org/gitlab-runner.git \
- PATH=$PATH:/root/go/bin/
-
-RUN dnf install -y git-core make go ncurses && \
- git clone --depth=1 --branch=${GITLAB_RUNNER_VERSION} ${GITLAB_REPO} && \
- cd gitlab-runner && \
- make runner-bin-host && \
- chmod a+x out/binaries/gitlab-runner && \
- out/binaries/gitlab-runner --version
-
-FROM registry.access.redhat.com/ubi8:8.5
-
-ARG GITLAB_RUNNER_VERSION
-
-COPY --from=builder /gitlab-runner/out/binaries/gitlab-runner /usr/bin
-
-ENV HOME=/home/gitlab-runner \
- VENV=/openstack_driver_venv
-
-ENV PATH="$VENV/bin:$PATH"
-
-LABEL maintainer="Dmitry Misharov <misharov@redhat.com>" \
- io.openshift.tags="gitlab,ci,runner" \
- name="openstack-gitlab-runner" \
- io.k8s.display-name="GitLab runner" \
- summary="GitLab runner" \
- description="A GitLab runner image with openstack custom executor." \
- io.k8s.description="A GitLab runner image with openstack custom executor."
-
-WORKDIR $HOME
-
-COPY cleanup.py env.py config.sh prepare.py run.py requirements.txt start.sh ./
-
-RUN dnf install -y --nodocs python38-pip git-core && \
- pip3 install dumb-init && \
- python3.8 -m venv $VENV && \
- pip install wheel && \
- pip install -r requirements.txt && \
- dnf remove -y git-core && \
- dnf clean all -y
-
-RUN chgrp -R 0 $HOME && \
- chmod +x cleanup.py config.sh prepare.py run.py start.sh && \
- chmod -R g=u $HOME
-
-USER 1001
-
-ENTRYPOINT ["dumb-init", "--"]
-CMD ["./start.sh"]
diff --git a/cleanup.py b/cleanup.py
index 5c6887115843082717dcab964d18286bec62f95c..39617a3858b09aca94a254251f455a1b55615e95 100644
--- a/cleanup.py
+++ b/cleanup.py
@@ -8,7 +8,7 @@ def main() -> None:
conn = openstack.connect()
for server in conn.compute.servers(name=env.VM_NAME):
conn.compute.delete_server(server)
-
+ conn.delete_keypair(env.KEY_PAIR_NAME)
if __name__ == "__main__":
main()
diff --git a/entrypoint.sh b/entrypoint.sh
index bff9d067c992747a790f610a20faae7857ed3b62..d7d79326557d4d14373b1755aea3dafa787b3df5 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -12,8 +12,6 @@ if [[ "$TLS_CA_CERT" ]]; then
echo "$TLS_CA_CERT" > "$HOME"/.gitlab-runner/certs/$(echo "$CI_SERVER_URL" | cut -d'/' -f3 | cut -d':' -f1).crt
fi
-echo "$PRIVATE_KEY" > "$HOME"/priv_key
-
gitlab-runner register --non-interactive \
--executor=custom \
--custom-config-exec=/data/config.sh \
diff --git a/env.py b/env.py
index bc34c6bf834e92e39aca9cb4b1edbfaa9d2ed18c..b8a7baa5ac743bcb1d9832e0143a1289cc90ae53 100644
--- a/env.py
+++ b/env.py
@@ -5,7 +5,7 @@ VM_NAME = f"gitlab-builder-{os.getenv('CUSTOM_ENV_CI_RUNNER_ID')}-project-{os.ge
FLAVOR = os.getenv("CUSTOM_ENV_FLAVOR") or os.getenv("FLAVOR")
BUILDER_IMAGE = os.getenv("CUSTOM_ENV_BUILDER_IMAGE") or os.getenv("BUILDER_IMAGE")
NETWORK = os.getenv("CUSTOM_ENV_NETWORK") or os.getenv("NETWORK")
-KEY_PAIR_NAME = os.getenv("CUSTOM_ENV_KEY_PAIR_NAME") or os.getenv("KEY_PAIR_NAME")
+KEY_PAIR_NAME = f'key-{VM_NAME}'
SECURITY_GROUPS = os.getenv("CUSTOM_ENV_SECURITY_GROUPS") or os.getenv("SECURITY_GROUPS")
USERNAME = os.getenv("CUSTOM_ENV_USERNAME") or os.getenv("USERNAME")
PRIVATE_KEY_PATH = f"{os.getenv('HOME')}/priv_key"
diff --git a/prepare.py b/prepare.py
index ec2e3bd7d8db2d99dd7fe871e255619e38e79d43..84ce6e167bdf9b2d62bcfb8fda7225756a3099cc 100644
--- a/prepare.py
+++ b/prepare.py
@@ -1,20 +1,24 @@
#!/usr/bin/env python
import sys
import traceback
-
+import os
import openstack
import paramiko
from tenacity import retry
from tenacity import RetryCallState
from tenacity import stop_after_attempt
from tenacity import wait_fixed
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.backends import default_backend
import env
-
def provision_server(
conn: openstack.connection.Connection,
+ public_key: str
) -> openstack.compute.v2.server.Server:
+ conn.create_keypair(env.KEY_PAIR_NAME, public_key=public_key)
image = conn.compute.find_image(env.BUILDER_IMAGE)
flavor = conn.compute.find_flavor(env.FLAVOR)
network = conn.network.find_network(env.NETWORK)
@@ -75,6 +79,27 @@ def check_ssh(ip: str) -> None:
ssh_client.close()
+def generate_rsa_keypair():
+ # generate private/public key pair
+ key = rsa.generate_private_key(backend=default_backend(), public_exponent=65537, \
+ key_size=2048)
+
+ # get public key in OpenSSH format
+ public_key = key.public_key().public_bytes(serialization.Encoding.OpenSSH, \
+ serialization.PublicFormat.OpenSSH)
+
+ # get private key in PEM container format
+ pem = key.private_bytes(encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.TraditionalOpenSSL,
+ encryption_algorithm=serialization.NoEncryption())
+
+ with open(env.PRIVATE_KEY_PATH, 'wb') as content_file:
+ content_file.write(pem.decode('utf-8'))
+ public_key_str = public_key.decode('utf-8')
+ print(f'Public Key: {public_key_str}')
+ return public_key_str
+
+
def main() -> None:
print(
"Source code of this driver https://github.com/RedHatQE/openstack-gitlab-executor",
@@ -84,7 +109,8 @@ def main() -> None:
try:
conn = openstack.connect()
print(f"Provisioning an instance {env.VM_NAME}", flush=True)
- server = provision_server(conn)
+ public_key = generate_rsa_keypair()
+ server = provision_server(conn, public_key)
ip = get_server_ip(conn, server)
print(f"Instance {env.VM_NAME} is running on address {ip}", flush=True)
conn.close()