From 5c22c604c3f6b62b71053b4c359409978f75fd72 Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Sun, 5 Sep 2021 09:00:39 +0800
Subject: [PATCH 1/8] Changed to deploy Rancher 2.6

---
 setup/rancher/02-install-rancher-server.sh   |  2 +-
 setup/rancher/99-one-step-install-rancher.sh |  2 +-
 startlab.sh                                  | 16 ++++++++--------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/setup/rancher/02-install-rancher-server.sh b/setup/rancher/02-install-rancher-server.sh
index 4df73ac..3d6cc8e 100755
--- a/setup/rancher/02-install-rancher-server.sh
+++ b/setup/rancher/02-install-rancher-server.sh
@@ -9,7 +9,7 @@ sudo docker run -d --restart=unless-stopped \
   -p 80:80 -p 443:443 \
   --privileged \
   -v /opt/rancher:/var/lib/rancher \
-  rancher/rancher:v2.5.9 \
+  rancher/rancher:v2.6.0 \
 
 export RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
 
diff --git a/setup/rancher/99-one-step-install-rancher.sh b/setup/rancher/99-one-step-install-rancher.sh
index 3eea291..ce9994a 100755
--- a/setup/rancher/99-one-step-install-rancher.sh
+++ b/setup/rancher/99-one-step-install-rancher.sh
@@ -25,7 +25,7 @@ sudo docker run -d --restart=unless-stopped \
   -p 80:80 -p 443:443 \
   --privileged \
   -v /opt/rancher:/var/lib/rancher \
-  rancher/rancher:v2.5.9 \
+  rancher/rancher:v2.6.0 \
 
 export RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
 
diff --git a/startlab.sh b/startlab.sh
index 97007d2..bcd6e87 100755
--- a/startlab.sh
+++ b/startlab.sh
@@ -64,15 +64,15 @@ export AWS_SIZE_MEDIUM="medium${AWSLS_VM_SIZE_SUFFIX}"
 export AWS_SIZE_LARGE="large${AWSLS_VM_SIZE_SUFFIX}"
 
 echo "Provisioning VM in your AWS Lightsail region $AWS_REGION as lab environment ..."
-create-vm $VM_PREFIX-rancher $AWS_SIZE_MEDIUM "docker pull rancher/rancher:v2.5.9;"
+create-vm $VM_PREFIX-rancher $AWS_SIZE_MEDIUM "docker pull rancher/rancher:v2.6.0;"
 create-vm $VM_PREFIX-harbor  $AWS_SIZE_MEDIUM "zypper in -y git-core; docker pull susesamples/myjenkins:v1.0;"
-create-vm $VM_PREFIX-devsecops-m1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.5.9;"
-create-vm $VM_PREFIX-devsecops-w1 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.5.9; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-devsecops-w2 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.5.9; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-devsecops-w3 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.5.9; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-devsecops-w4 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.5.9; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-cluster1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.5.9;"
-create-vm $VM_PREFIX-cluster2 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.5.9;"
+create-vm $VM_PREFIX-devsecops-m1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.6.0;"
+create-vm $VM_PREFIX-devsecops-w1 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-devsecops-w2 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-devsecops-w3 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-devsecops-w4 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-cluster1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.6.0;"
+create-vm $VM_PREFIX-cluster2 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.6.0;"
 
 
 # wait until all VMs are running

From 893c190b2b2d2117e7f41ba969d5174be0cbdd40 Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Mon, 27 Sep 2021 23:34:45 +0800
Subject: [PATCH 2/8] fix #6 - extend support for global AWS Lightsail regions

---
 setup/_awsls_functions.sh  | 12 ++--------
 setup/_awsls_locations.txt | 19 ++++++++++++++++
 startlab.sh                | 45 ++++++++++++++++++++++++++++----------
 3 files changed, 55 insertions(+), 21 deletions(-)
 create mode 100644 setup/_awsls_locations.txt

diff --git a/setup/_awsls_functions.sh b/setup/_awsls_functions.sh
index 17ffb22..e6d593d 100644
--- a/setup/_awsls_functions.sh
+++ b/setup/_awsls_functions.sh
@@ -5,16 +5,8 @@
 function create-vm() {
 
   # Randomly choose availability zone in the selected AWS region ...
-  if [ "ap-south-1" == $AWS_REGION ]; then
-    export AWS_AVAIL_AZ=("a" "b")
-  elif [ "ap-northeast-1" == $AWS_REGION ]; then
-    export AWS_AVAIL_AZ=("a" "c" "d") 
-  elif [ "ap-northeast-2" == $AWS_REGION ]; then
-    export AWS_AVAIL_AZ=("a" "c")
-  else
-    export AWS_AVAIL_AZ=("a" "b" "c") 
-  fi
-  AWS_SELECTED_AZ=${AWS_AVAIL_AZ[$RANDOM % ${#AWS_AVAIL_AZ[@]} ]}
+  IFS=', ' read -r -a AVAIL_AZ <<< "$AWS_AVAIL_AZ"
+  AWS_SELECTED_AZ=${AVAIL_AZ[$RANDOM % ${#AVAIL_AZ[@]} ]}
   AWS_AZ=${AWS_REGION}${AWS_SELECTED_AZ}
 
   aws lightsail create-instances \
diff --git a/setup/_awsls_locations.txt b/setup/_awsls_locations.txt
new file mode 100644
index 0000000..338929d
--- /dev/null
+++ b/setup/_awsls_locations.txt
@@ -0,0 +1,19 @@
+# https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail
+Continent | Region                | Region Code    | AZ          | Bunddle_Suffix
+----------+-----------------------+----------------+-------------+---------------
+US        | US East - N. Virginia | us-east-1      | a,b,c,d,e,f | 2_0
+US        | US East - Ohio        | us-east-2      | a,b,c       | 2_0
+US        | US West - Oregon      | us-west-2      | a,b,c       | 2_0
+US        | Canada (Central)      | ca-central-1   | a,b         | 2_0
+EU        | Frankfurt             | eu-central-1   | a,b,c       | 2_0
+EU        | Ireland               | eu-west-1      | a,b,c       | 2_0
+EU        | London                | eu-west-2      | a,b,c       | 2_0
+EU        | Paris                 | eu-west-3      | a,b,c       | 2_0
+EU        | Stockholm             | eu-north-1     | a,b,c       | 2_0
+AP        | Mumbai                | ap-south-1     | a,b         | 2_1
+AP        | Seoul                 | ap-northeast-2 | a,c         | 2_0
+AP        | Singapore             | ap-southeast-1 | a,b,c       | 2_0
+AP        | Sydney                | ap-southeast-2 | a,b,c       | 2_2
+AP        | Tokyo                 | ap-northeast-1 | a,c,d       | 2_0
+
+
diff --git a/startlab.sh b/startlab.sh
index 97007d2..aea8643 100755
--- a/startlab.sh
+++ b/startlab.sh
@@ -37,31 +37,54 @@ done
 export VM_PREFIX=suse0908
 echo "export VM_PREFIX=$VM_PREFIX" > mylab_vm_prefix.sh
 
-# Supported AWS Lighsail Regions: 
-# https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-regions-and-availability-zones-in-amazon-lightsail
 title="Select Your Preferred AWS Environment to run your lab:"
-options=("Tokyo" "Seoul" "Singapore" "Sydney" "Mumbai")
+options=(US/Canada Europe Asia)
 echo "$title"
 PS3="$prompt "
-select opt in "${options[@]}" "Quit"; do 
+select opt in "${options[@]}" "Quit"; do
   case "$REPLY" in
-  1) echo "You picked $opt "; export AWS_REGION=ap-northeast-1; export AWSLS_VM_SIZE_SUFFIX=_2_0; break;;
-  2) echo "You picked $opt "; export AWS_REGION=ap-northeast-2; export AWSLS_VM_SIZE_SUFFIX=_2_0; break;;
-  3) echo "You picked $opt "; export AWS_REGION=ap-southeast-1; export AWSLS_VM_SIZE_SUFFIX=_2_0; break;;
-  4) echo "You picked $opt "; export AWS_REGION=ap-southeast-2; export AWSLS_VM_SIZE_SUFFIX=_2_2; break;;
-  5) echo "You picked $opt "; export AWS_REGION=ap-south-1;     export AWSLS_VM_SIZE_SUFFIX=_2_1; break;;
+  1) echo "$opt "; export AWS_CONTINENT=US; break;;
+  2) echo "$opt "; export AWS_CONTINENT=EU; break;;
+  3) echo "$opt "; export AWS_CONTINENT=AP; break;;
   $((${#options[@]}+1))) echo "Aborted. Bye!!"; exit;;
   *) echo "Invalid choice. Please try another one.";continue;;
   esac
 done
 
+# Retrieve AWS regions metadata based on chosen continent
+unset options
+IFS='
+'
+options=($(cat setup/_awsls_locations.txt | grep $AWS_CONTINENT | cut -d '|' -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'))
+unset IFS
+
+echo "Select regions"
+PS3="$prompt "
+select opt in "${options[@]}" "Quit"; do 
+  if (( 1 <= $REPLY && $REPLY <= ${#options[@]} ))
+  then
+    export AWSLS_CHOSEN_REGION="${options[$REPLY - 1]}"
+    echo "You picked:" $AWSLS_CHOSEN_REGION
+    export AWS_REGION=`cat setup/_awsls_locations.txt | grep "$AWSLS_CHOSEN_REGION" | cut -d '|' -f 3 | xargs`
+    export AWS_AVAIL_AZ=`cat setup/_awsls_locations.txt | grep "$AWSLS_CHOSEN_REGION" | cut -d '|' -f 4 | xargs`
+    export AWSLS_VM_SIZE_SUFFIX=`cat setup/_awsls_locations.txt | grep "$AWSLS_CHOSEN_REGION" | cut -d '|' -f 5 | xargs`
+    break
+  elif (( $REPLY == $((${#options[@]} + 1)) ))
+  then
+    echo "Aborted. Bye!!"
+    exit
+  else
+    echo "Invalid choice. Please try again."; continue;
+  fi
+done
+
 echo "export AWS_REGION=${AWS_REGION}" > mylab_aws_region.sh
 
 # Instance Sizes
 # medium = 4GB RAM; large = 8GB RAM
 # aws lightsail get-bundles
-export AWS_SIZE_MEDIUM="medium${AWSLS_VM_SIZE_SUFFIX}"
-export AWS_SIZE_LARGE="large${AWSLS_VM_SIZE_SUFFIX}"
+export AWS_SIZE_MEDIUM="medium_${AWSLS_VM_SIZE_SUFFIX}"
+export AWS_SIZE_LARGE="large_${AWSLS_VM_SIZE_SUFFIX}"
 
 echo "Provisioning VM in your AWS Lightsail region $AWS_REGION as lab environment ..."
 create-vm $VM_PREFIX-rancher $AWS_SIZE_MEDIUM "docker pull rancher/rancher:v2.5.9;"

From d0ad8b1731f2f5dc56c18fdf0fe221dab7ac84cb Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Mon, 27 Sep 2021 23:54:43 +0800
Subject: [PATCH 3/8] fixes #5 - add checking of aws and git prior to running
 the script

---
 startlab.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/startlab.sh b/startlab.sh
index 5a50cb3..9bb0323 100755
--- a/startlab.sh
+++ b/startlab.sh
@@ -7,6 +7,26 @@ echo "Welcome to SUSE Rancher DevSecOps Hands-on Lab on AWS Lightsail ..."
 echo "This script will help you to provision VMs on AWS Lightsail to get started to run your lab exercise. By default, this script will install Rancher for you after VM is up."
 echo
 
+echo Checking pre-requisites...
+if ! [ -x "$(command -v git)" ]; then
+  echo 'Error: git is not installed. Please install git before running this script.' >&2
+  exit 1
+else
+  echo 'git installed'
+fi
+if ! [ -x "$(command -v aws)" ]; then
+  echo 'Error: aws is not installed. Please install awscli before running this script.' >&2
+  exit 1
+elif echo "$(aws --version)" | grep -q "aws-cli/2"; then
+  echo "awscli v2 installed"
+else
+  echo 'Error: aws cli has to be at least version 2. Please reinstall with the latest awscli before running this script.' >&2
+  exit 1
+fi
+echo
+
+# -----------------------
+
 function usage() {
   echo "usage: ./startlab.sh [options]"
   echo "-s    | --skip-rancher              Skip deploying Rancher after VM is up."

From e56e995f43e03ab1d3c87554b36a3565b920bd5b Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Tue, 28 Sep 2021 00:38:34 +0800
Subject: [PATCH 4/8] fixes #3 - externalize RANCHER_VERSION

---
 setup/rancher/02-install-rancher-server.sh   |  4 +++-
 setup/rancher/99-one-step-install-rancher.sh |  4 +++-
 startlab.sh                                  | 21 +++++++++++---------
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/setup/rancher/02-install-rancher-server.sh b/setup/rancher/02-install-rancher-server.sh
index 3d6cc8e..89eb5e8 100755
--- a/setup/rancher/02-install-rancher-server.sh
+++ b/setup/rancher/02-install-rancher-server.sh
@@ -3,13 +3,15 @@
 # install rancher server
 echo "Install Rancher Server ..."
 
+source $HOME/mylab_rancher_version.sh
+
 sudo mkdir -p /opt/rancher
 
 sudo docker run -d --restart=unless-stopped \
   -p 80:80 -p 443:443 \
   --privileged \
   -v /opt/rancher:/var/lib/rancher \
-  rancher/rancher:v2.6.0 \
+  rancher/rancher:${RANCHER_VERSION} \
 
 export RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
 
diff --git a/setup/rancher/99-one-step-install-rancher.sh b/setup/rancher/99-one-step-install-rancher.sh
index ce9994a..d02502d 100755
--- a/setup/rancher/99-one-step-install-rancher.sh
+++ b/setup/rancher/99-one-step-install-rancher.sh
@@ -19,13 +19,15 @@ sudo mv /home/ec2-user/.arkade/bin/kubectl /usr/local/bin/
 # install rancher server
 echo "Install Rancher Server ..."
 
+source $HOME/mylab_rancher_version.sh
+
 sudo mkdir -p /opt/rancher
 
 sudo docker run -d --restart=unless-stopped \
   -p 80:80 -p 443:443 \
   --privileged \
   -v /opt/rancher:/var/lib/rancher \
-  rancher/rancher:v2.6.0 \
+  rancher/rancher:${RANCHER_VERSION} \
 
 export RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
 
diff --git a/startlab.sh b/startlab.sh
index 9bb0323..c0cd5a0 100755
--- a/startlab.sh
+++ b/startlab.sh
@@ -57,6 +57,9 @@ done
 export VM_PREFIX=suse0908
 echo "export VM_PREFIX=$VM_PREFIX" > mylab_vm_prefix.sh
 
+export RANCHER_VERSION=v2.6.1-rc3
+echo "export RANCHER_VERSION=$RANCHER_VERSION" > mylab_rancher_version.sh
+
 title="Select Your Preferred AWS Environment to run your lab:"
 options=(US/Canada Europe Asia)
 echo "$title"
@@ -107,16 +110,15 @@ export AWS_SIZE_MEDIUM="medium_${AWSLS_VM_SIZE_SUFFIX}"
 export AWS_SIZE_LARGE="large_${AWSLS_VM_SIZE_SUFFIX}"
 
 echo "Provisioning VM in your AWS Lightsail region $AWS_REGION as lab environment ..."
-create-vm $VM_PREFIX-rancher $AWS_SIZE_MEDIUM "docker pull rancher/rancher:v2.6.0;"
+create-vm $VM_PREFIX-rancher $AWS_SIZE_MEDIUM "docker pull rancher/rancher:${RANCHER_VERSION};"
 create-vm $VM_PREFIX-harbor  $AWS_SIZE_MEDIUM "zypper in -y git-core; docker pull susesamples/myjenkins:v1.0;"
-create-vm $VM_PREFIX-devsecops-m1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.6.0;"
-create-vm $VM_PREFIX-devsecops-w1 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-devsecops-w2 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-devsecops-w3 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-devsecops-w4 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:v2.6.0; zypper in -y nfs-client;"
-create-vm $VM_PREFIX-cluster1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.6.0;"
-create-vm $VM_PREFIX-cluster2 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:v2.6.0;"
-
+create-vm $VM_PREFIX-devsecops-m1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:${RANCHER_VERSION};"
+create-vm $VM_PREFIX-devsecops-w1 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:${RANCHER_VERSION}; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-devsecops-w2 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:${RANCHER_VERSION}; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-devsecops-w3 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:${RANCHER_VERSION}; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-devsecops-w4 $AWS_SIZE_LARGE "docker pull rancher/rancher-agent:${RANCHER_VERSION}; zypper in -y nfs-client;"
+create-vm $VM_PREFIX-cluster1 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:${RANCHER_VERSION};"
+create-vm $VM_PREFIX-cluster2 $AWS_SIZE_MEDIUM "docker pull rancher/rancher-agent:${RANCHER_VERSION};"
 
 # wait until all VMs are running
 while list-vm | grep -q 'pending'
@@ -206,6 +208,7 @@ scp $SSH_OPTS -i mylab.key setup/longhorn/*.* ec2-user@$HARBOR_IP:~/devsecops/lo
 # install rancher now?
 function install_rancher() {
   RANCHER_IP=`cat mylab_vm_list.txt | grep $VM_PREFIX-rancher | cut -d '|' -f 4 | xargs`
+  scp -o StrictHostKeyChecking=no -i mylab.key mylab_rancher_version.sh ec2-user@$RANCHER_IP:~
   ssh -o StrictHostKeyChecking=no -i mylab.key ec2-user@$RANCHER_IP sh 99-one-step-install-rancher.sh
 }
 if [[ 'true' == $cmdopt_auto_deploy_rancher ]]

From 490fdff9b9297afb1060e675b10bab102b85c7a2 Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Tue, 28 Sep 2021 11:13:13 +0800
Subject: [PATCH 5/8] fixes #3 - update to install rancher 2.6

---
 setup/rancher/02-install-rancher-server.sh | 70 +++++++++++++++++++---
 startlab.sh                                | 41 +++++++------
 2 files changed, 83 insertions(+), 28 deletions(-)

diff --git a/setup/rancher/02-install-rancher-server.sh b/setup/rancher/02-install-rancher-server.sh
index 89eb5e8..e999413 100755
--- a/setup/rancher/02-install-rancher-server.sh
+++ b/setup/rancher/02-install-rancher-server.sh
@@ -1,25 +1,77 @@
 #! /bin/bash -e
 
 # install rancher server
-echo "Install Rancher Server ..."
+echo "Install Rancher Server using helm chart on RKE2 ..."
 
 source $HOME/mylab_rancher_version.sh
 
-sudo mkdir -p /opt/rancher
+echo "Install RKE2 v1.21 ..."
+sudo bash -c 'curl -sfL https://get.rke2.io | INSTALL_RKE2_CHANNEL="v1.21" sh -'
+sudo mkdir -p /etc/rancher/rke2
+sudo bash -c 'echo "write-kubeconfig-mode: \"0644\"" > /etc/rancher/rke2/config.yaml'
+sudo systemctl enable rke2-server.service
+sudo systemctl start rke2-server.service
 
-sudo docker run -d --restart=unless-stopped \
-  -p 80:80 -p 443:443 \
-  --privileged \
-  -v /opt/rancher:/var/lib/rancher \
-  rancher/rancher:${RANCHER_VERSION} \
+mkdir -p $HOME/.kube
+ln -s /etc/rancher/rke2/rke2.yaml $HOME/.kube/config
+export KUBECONFIG=$HOME/.kube/config
+
+# Wait until the RKE2 is ready
+echo "Initializing RKE2 cluster ..."
+while [ `kubectl get deploy -n kube-system | grep 1/1 | wc -l` -ne 3 ]
+do
+  sleep 5
+  kubectl get po -n kube-system
+done
+echo "Your RKE2 cluster is ready!"
+kubectl get node
+
+echo "Install Cert Manager v1.5.1 ..."
+kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
+helm repo add jetstack https://charts.jetstack.io
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --version v1.5.1 \
+  --create-namespace
+kubectl -n cert-manager rollout status deploy/cert-manager
+
+# Wait until cert-manager deployment complete
+echo "Wait until cert-manager deployment finish ..."
+while [ `kubectl get deploy -n cert-manager | grep 1/1 | wc -l` -ne 3 ]
+do
+  sleep 5
+  kubectl get po -n cert-manager
+done
+
+# Install Rancher with helm chart
+echo "Install Rancher ${RANCHER_VERSION} ..."
+RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
+RANCHER_FQDN=rancher.$RANCHER_IP.sslip.io
+helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
+helm install rancher rancher-latest/rancher \
+  --namespace cattle-system \
+  --set hostname=$RANCHER_FQDN \
+  --set replicas=1 \
+  --version 2.6.0 \
+  --create-namespace
+
+echo "Wait until cattle-system deployment finish ..."
+while [ `kubectl get deploy -n cattle-system | grep 1/1 | wc -l` -ne 1 ]
+do
+  sleep 5
+  kubectl get po -n cattle-system
+done
+
+RANCHER_BOOTSTRAP_PWD=`kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'`
 
-export RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
 
 echo
 echo "---------------------------------------------------------"
 echo "Please wait for 5-10 mins to initializing Rancher server."
 echo
-echo "Your Rancher Server URL: https://${RANCHER_IP}" > rancher-url.txt
+echo "Your Rancher Server URL: https://${RANCHER_FQDN}" > rancher-url.txt
+echo "Bootstrap Password: ${RANCHER_BOOTSTRAP_PWD}" >> rancher-url.txt
 cat rancher-url.txt
 echo
 
diff --git a/startlab.sh b/startlab.sh
index c0cd5a0..8ad1b1c 100755
--- a/startlab.sh
+++ b/startlab.sh
@@ -7,25 +7,25 @@ echo "Welcome to SUSE Rancher DevSecOps Hands-on Lab on AWS Lightsail ..."
 echo "This script will help you to provision VMs on AWS Lightsail to get started to run your lab exercise. By default, this script will install Rancher for you after VM is up."
 echo
 
-echo Checking pre-requisites...
-if ! [ -x "$(command -v git)" ]; then
-  echo 'Error: git is not installed. Please install git before running this script.' >&2
-  exit 1
-else
-  echo 'git installed'
-fi
-if ! [ -x "$(command -v aws)" ]; then
-  echo 'Error: aws is not installed. Please install awscli before running this script.' >&2
-  exit 1
-elif echo "$(aws --version)" | grep -q "aws-cli/2"; then
-  echo "awscli v2 installed"
-else
-  echo 'Error: aws cli has to be at least version 2. Please reinstall with the latest awscli before running this script.' >&2
-  exit 1
-fi
-echo
-
-# -----------------------
+function check_sysreq() {
+  echo Checking pre-requisites...
+  if ! [ -x "$(command -v git)" ]; then
+    echo 'Error: git is not installed. Please install git before running this script.' >&2
+    exit 1
+  else
+    echo 'git installed'
+  fi
+  if ! [ -x "$(command -v aws)" ]; then
+    echo 'Error: aws is not installed. Please install awscli before running this script.' >&2
+    exit 1
+  elif echo "$(aws --version)" | grep -q "aws-cli/2"; then
+    echo "awscli v2 installed"
+  else
+    echo 'Error: aws cli has to be at least version 2. Please reinstall with the latest awscli before running this script.' >&2
+    exit 1
+  fi
+  echo
+}
 
 function usage() {
   echo "usage: ./startlab.sh [options]"
@@ -54,6 +54,9 @@ while [ "$1" != "" ]; do
     shift
 done
 
+# check pre-requisites
+check_sysreq;
+
 export VM_PREFIX=suse0908
 echo "export VM_PREFIX=$VM_PREFIX" > mylab_vm_prefix.sh
 

From 7c2a6f5278f61290cd708f3537bbab3b1551da85 Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Tue, 28 Sep 2021 11:17:17 +0800
Subject: [PATCH 6/8] fixes #3 - update one-step-install script to install
 rancher 2.6

---
 setup/rancher/99-one-step-install-rancher.sh | 70 +++++++++++++++++---
 1 file changed, 61 insertions(+), 9 deletions(-)

diff --git a/setup/rancher/99-one-step-install-rancher.sh b/setup/rancher/99-one-step-install-rancher.sh
index d02502d..199bb79 100755
--- a/setup/rancher/99-one-step-install-rancher.sh
+++ b/setup/rancher/99-one-step-install-rancher.sh
@@ -17,25 +17,77 @@ sudo mv /home/ec2-user/.arkade/bin/kubectl /usr/local/bin/
 #! /bin/bash -e
 
 # install rancher server
-echo "Install Rancher Server ..."
+echo "Install Rancher Server using helm chart on RKE2 ..."
 
 source $HOME/mylab_rancher_version.sh
 
-sudo mkdir -p /opt/rancher
+echo "Install RKE2 v1.21 ..."
+sudo bash -c 'curl -sfL https://get.rke2.io | INSTALL_RKE2_CHANNEL="v1.21" sh -'
+sudo mkdir -p /etc/rancher/rke2
+sudo bash -c 'echo "write-kubeconfig-mode: \"0644\"" > /etc/rancher/rke2/config.yaml'
+sudo systemctl enable rke2-server.service
+sudo systemctl start rke2-server.service
 
-sudo docker run -d --restart=unless-stopped \
-  -p 80:80 -p 443:443 \
-  --privileged \
-  -v /opt/rancher:/var/lib/rancher \
-  rancher/rancher:${RANCHER_VERSION} \
+mkdir -p $HOME/.kube
+ln -s /etc/rancher/rke2/rke2.yaml $HOME/.kube/config
+export KUBECONFIG=$HOME/.kube/config
+
+# Wait until the RKE2 is ready
+echo "Initializing RKE2 cluster ..."
+while [ `kubectl get deploy -n kube-system | grep 1/1 | wc -l` -ne 3 ]
+do
+  sleep 5
+  kubectl get po -n kube-system
+done
+echo "Your RKE2 cluster is ready!"
+kubectl get node
+
+echo "Install Cert Manager v1.5.1 ..."
+kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
+helm repo add jetstack https://charts.jetstack.io
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --version v1.5.1 \
+  --create-namespace
+kubectl -n cert-manager rollout status deploy/cert-manager
+
+# Wait until cert-manager deployment complete
+echo "Wait until cert-manager deployment finish ..."
+while [ `kubectl get deploy -n cert-manager | grep 1/1 | wc -l` -ne 3 ]
+do
+  sleep 5
+  kubectl get po -n cert-manager
+done
+
+# Install Rancher with helm chart
+echo "Install Rancher ${RANCHER_VERSION} ..."
+RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
+RANCHER_FQDN=rancher.$RANCHER_IP.sslip.io
+helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
+helm install rancher rancher-latest/rancher \
+  --namespace cattle-system \
+  --set hostname=$RANCHER_FQDN \
+  --set replicas=1 \
+  --version 2.6.0 \
+  --create-namespace
+
+echo "Wait until cattle-system deployment finish ..."
+while [ `kubectl get deploy -n cattle-system | grep 1/1 | wc -l` -ne 1 ]
+do
+  sleep 5
+  kubectl get po -n cattle-system
+done
+
+RANCHER_BOOTSTRAP_PWD=`kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'`
 
-export RANCHER_IP=`curl -qs http://checkip.amazonaws.com`
 
 echo
 echo "---------------------------------------------------------"
 echo "Please wait for 5-10 mins to initializing Rancher server."
 echo
-echo "Your Rancher Server URL: https://${RANCHER_IP}" > rancher-url.txt
+echo "Your Rancher Server URL: https://${RANCHER_FQDN}" > rancher-url.txt
+echo "Bootstrap Password: ${RANCHER_BOOTSTRAP_PWD}" >> rancher-url.txt
 cat rancher-url.txt
 echo
 

From 580e21712950f171d22f5bd60ae01b9644d0a406 Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Tue, 28 Sep 2021 11:56:58 +0800
Subject: [PATCH 7/8] fixes #3 - update rancher 2.6 install script

---
 setup/rancher/02-install-rancher-server.sh |  5 ++---
 startlab.sh                                | 15 ---------------
 2 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/setup/rancher/02-install-rancher-server.sh b/setup/rancher/02-install-rancher-server.sh
index e999413..b29ed8c 100755
--- a/setup/rancher/02-install-rancher-server.sh
+++ b/setup/rancher/02-install-rancher-server.sh
@@ -68,10 +68,9 @@ RANCHER_BOOTSTRAP_PWD=`kubectl get secret --namespace cattle-system bootstrap-se
 
 echo
 echo "---------------------------------------------------------"
-echo "Please wait for 5-10 mins to initializing Rancher server."
+echo "Your Rancher Server is ready."
 echo
 echo "Your Rancher Server URL: https://${RANCHER_FQDN}" > rancher-url.txt
 echo "Bootstrap Password: ${RANCHER_BOOTSTRAP_PWD}" >> rancher-url.txt
 cat rancher-url.txt
-echo
-
+echo "---------------------------------------------------------"
diff --git a/startlab.sh b/startlab.sh
index 8ad1b1c..40a7372 100755
--- a/startlab.sh
+++ b/startlab.sh
@@ -220,26 +220,11 @@ then
 fi
 
 
-echo 
-echo
 echo "Your lab environment on AWS Lightsail $AWS_REGION is ready. "
 echo
 echo "Here's the list of VMs running in your lab environment (See file: mylab_vm_list.txt):"
 list-vm
-echo
 echo "To SSH into the VM on the lab, you can run this command:"
 echo
 echo "./ssh-mylab-<vm>.sh"
 echo
-
-# Display the Rancher URL
-if [[ 'true' == $cmdopt_auto_deploy_rancher ]]
-then
-  RANCHER_IP=`cat mylab_vm_list.txt | grep $VM_PREFIX-rancher | cut -d '|' -f 4 | xargs`
-  echo "Your Rancher Instance should be ready in a few minutes ..."
-  echo
-  echo "Your Rancher URL: https://$RANCHER_IP"
-  echo
-fi
-
-

From 63e599fed42343255dbc52320b392233fd10a2e0 Mon Sep 17 00:00:00 2001
From: Derek So <derek.so@suse.com>
Date: Tue, 28 Sep 2021 19:24:42 +0800
Subject: [PATCH 8/8] fixes #3 - updated scripts to use Rancher 2.6 and all
 clusters will be RKE2 based

---
 setup-rke-cluster1.sh                         |  2 +-
 setup-rke-cluster2.sh                         |  2 +-
 setup-rke-devsecops.sh                        |  5 ++--
 .../04-configure-containerd-registry.sh       | 30 +++++++++++++++++++
 .../01-distribute-harbor-ca-to-other-vms.sh   |  4 +--
 setup/jenkins/99-one-step-install-jenkins.sh  |  4 +--
 setup/jenkins/jenkins-values-template.yaml    |  2 +-
 setup/rancher/02-install-rancher-server.sh    |  2 +-
 setup/rancher/99-one-step-install-rancher.sh  |  5 ++--
 9 files changed, 43 insertions(+), 13 deletions(-)
 create mode 100755 setup/harbor/04-configure-containerd-registry.sh

diff --git a/setup-rke-cluster1.sh b/setup-rke-cluster1.sh
index f40e0b4..6fb44ae 100755
--- a/setup-rke-cluster1.sh
+++ b/setup-rke-cluster1.sh
@@ -27,5 +27,5 @@ echo "Registering cluster1 as All-in-one RKE..."
 SSH_VM=$(<ssh-mylab-cluster1.sh)
 CMD="$RANCHER_REGCMD --node-name cluster1 --address $PUB_IP --internal-address $PRIV_IP --etcd --controlplane --worker"
 echo $CMD
-eval "$SSH_VM $CMD"
+eval "$SSH_VM \"$CMD\""
 
diff --git a/setup-rke-cluster2.sh b/setup-rke-cluster2.sh
index d19786e..3504a92 100755
--- a/setup-rke-cluster2.sh
+++ b/setup-rke-cluster2.sh
@@ -27,5 +27,5 @@ echo "Registering cluster2 as All-in-one RKE..."
 SSH_VM=$(<ssh-mylab-cluster2.sh)
 CMD="$RANCHER_REGCMD --node-name cluster2 --address $PUB_IP --internal-address $PRIV_IP --etcd --controlplane --worker"
 echo $CMD
-eval "$SSH_VM $CMD"
+eval "$SSH_VM \"$CMD\""
 
diff --git a/setup-rke-devsecops.sh b/setup-rke-devsecops.sh
index 4fe1782..541c2d6 100755
--- a/setup-rke-devsecops.sh
+++ b/setup-rke-devsecops.sh
@@ -27,7 +27,7 @@ if [ -f ssh-mylab-devsecops-m1.sh ]; then
   SSH_VM=$(<ssh-mylab-devsecops-m1.sh)
   CMD="$RANCHER_REGCMD --node-name devsecops-m1 --address $PUB_IP --internal-address $PRIV_IP --etcd --controlplane"
   echo $CMD
-  eval "$SSH_VM $CMD"
+  eval "$SSH_VM \"$CMD\""
   sleep 10
 fi
 
@@ -45,10 +45,11 @@ do
     SSH_VM=$(<ssh-mylab-devsecops-w$n.sh)
     CMD="$RANCHER_REGCMD --node-name devsecops-w$n --address $PUB_IP --internal-address $PRIV_IP --worker"
     echo $CMD
-    eval "$SSH_VM $CMD"
+    eval "$SSH_VM \"$CMD\""
   fi
 done 
 
+
 echo
 echo "The devsecops cluster is now being provisioned by Rancher. It may take a few minutes to complete."
 echo "Once it's ready, please install Longhorn on it and download KUBECONFIG file into your Harbor VM. Thank you!"
diff --git a/setup/harbor/04-configure-containerd-registry.sh b/setup/harbor/04-configure-containerd-registry.sh
new file mode 100755
index 0000000..e028708
--- /dev/null
+++ b/setup/harbor/04-configure-containerd-registry.sh
@@ -0,0 +1,30 @@
+#! /bin/bash
+
+source $HOME/myharbor.sh
+
+echo "Configure containerd to access harbor instance with self-signed cert ..."
+sudo mkdir -p /etc/rancher/rke2
+
+echo "Download Harbor CA cert into /etc/rancher/rke2/demo-harbor folder ..."
+sudo mkdir -p /etc/rancher/rke2/demo-harbor
+openssl s_client -showcerts -connect $HARBOR_URL < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ca.crt
+sudo mv ca.crt /etc/rancher/rke2/demo-harbor
+
+export REGISTRY_YAML=/etc/rancher/rke2/registries.yaml
+sudo echo "configs:" > $REGISTRY_YAML
+sudo echo "  \"${HARBOR_URL}\":" >> $REGISTRY_YAML
+sudo echo "    auth:" >> $REGISTRY_YAML
+sudo echo "      username: ${HARBOR_USR}" >> $REGISTRY_YAML
+sudo echo "      password: ${HARBOR_PWD}" >> $REGISTRY_YAML
+sudo echo "    tls:" >> $REGISTRY_YAML
+sudo echo "      ca_file: /etc/rancher/rke2/demo-harbor/ca.crt" >> $REGISTRY_YAML
+sudo echo "      insecure_skip_verify: true" >> $REGISTRY_YAML
+
+if sudo systemctl list-units --type=service | grep rke2-server; then
+  sudo systemctl restart rke2-server
+fi
+
+if sudo systemctl list-units --type=service | grep rke2-agent; then
+  sudo systemctl restart rke2-agent
+fi
+
diff --git a/setup/jenkins/01-distribute-harbor-ca-to-other-vms.sh b/setup/jenkins/01-distribute-harbor-ca-to-other-vms.sh
index 535233e..850acd5 100755
--- a/setup/jenkins/01-distribute-harbor-ca-to-other-vms.sh
+++ b/setup/jenkins/01-distribute-harbor-ca-to-other-vms.sh
@@ -4,7 +4,7 @@ for vm in rancher devsecops-m1 devsecops-w1 devsecops-w2 devsecops-w3 devsecops-
   echo
   echo "Distribute the self-signed harbor certs to $vm ..."
   scp $HOME/myharbor.sh $vm:~
-  scp $HOME/04-configure-docker-client.sh $vm:~/configure-docker-client.sh
-  ssh $vm ./configure-docker-client.sh
+  scp $HOME/04-configure-containerd-registry.sh $vm:~/configure-containerd-node.sh
+  ssh $vm "sudo ./configure-containerd-node.sh"
 done
 
diff --git a/setup/jenkins/99-one-step-install-jenkins.sh b/setup/jenkins/99-one-step-install-jenkins.sh
index 3d47497..7e2fa28 100755
--- a/setup/jenkins/99-one-step-install-jenkins.sh
+++ b/setup/jenkins/99-one-step-install-jenkins.sh
@@ -4,8 +4,8 @@ for vm in rancher devsecops-m1 devsecops-w1 devsecops-w2 devsecops-w3 devsecops-
   echo
   echo "Distribute the self-signed harbor certs to $vm ..."
   scp $HOME/myharbor.sh $vm:~
-  scp $HOME/04-configure-docker-client.sh $vm:~/configure-docker-client.sh
-  ssh $vm ./configure-docker-client.sh
+  scp $HOME/04-configure-containerd-registry.sh $vm:~/configure-containerd-node.sh
+  ssh $vm "sudo ./configure-containerd-node.sh"
 done
 
 #! /bin/bash -e
diff --git a/setup/jenkins/jenkins-values-template.yaml b/setup/jenkins/jenkins-values-template.yaml
index 7bff063..8f18e36 100644
--- a/setup/jenkins/jenkins-values-template.yaml
+++ b/setup/jenkins/jenkins-values-template.yaml
@@ -31,7 +31,7 @@ controller:
   #         cpu: 10m
   #         memory: 32Mi
   prometheus:
-    enabled: true
+    enabled: false
     # Additional labels to add to the ServiceMonitor object
     serviceMonitorAdditionalLabels: {}
     # Set a custom namespace where to deploy ServiceMonitor resource
diff --git a/setup/rancher/02-install-rancher-server.sh b/setup/rancher/02-install-rancher-server.sh
index b29ed8c..fe9e7a3 100755
--- a/setup/rancher/02-install-rancher-server.sh
+++ b/setup/rancher/02-install-rancher-server.sh
@@ -53,7 +53,7 @@ helm install rancher rancher-latest/rancher \
   --namespace cattle-system \
   --set hostname=$RANCHER_FQDN \
   --set replicas=1 \
-  --version 2.6.0 \
+  --version ${RANCHER_VERSION} --devel \
   --create-namespace
 
 echo "Wait until cattle-system deployment finish ..."
diff --git a/setup/rancher/99-one-step-install-rancher.sh b/setup/rancher/99-one-step-install-rancher.sh
index 199bb79..39f26c6 100755
--- a/setup/rancher/99-one-step-install-rancher.sh
+++ b/setup/rancher/99-one-step-install-rancher.sh
@@ -84,10 +84,9 @@ RANCHER_BOOTSTRAP_PWD=`kubectl get secret --namespace cattle-system bootstrap-se
 
 echo
 echo "---------------------------------------------------------"
-echo "Please wait for 5-10 mins to initializing Rancher server."
+echo "Your Rancher Server is ready."
 echo
 echo "Your Rancher Server URL: https://${RANCHER_FQDN}" > rancher-url.txt
 echo "Bootstrap Password: ${RANCHER_BOOTSTRAP_PWD}" >> rancher-url.txt
 cat rancher-url.txt
-echo
-
+echo "---------------------------------------------------------"