terraforming for image build

Signed-off-by: Ryan Cook <[email protected]>

.github/workflows/remote-rhel-build.yaml

@@ -0,0 +1,48 @@
+name: Remote RHEL Build
+
+on:
+ workflow_dispatch:
+
+env:
+ AWS_REGION: us-east-1
+ AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ TF_VAR_vpc_id: ${{ secrets.VPC_ID }}
+ TF_VAR_rh_access: ${{ secrets.RH_ACCESS }}
+ TF_VAR_rh_org: ${{ secrets.RH_ORG }}
+
+jobs:
+ podman-remote:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: hashicorp/setup-terraform@v3
+
+ - name: Checkout code
+ uses: actions/checkout@v2
+
+ - name: sshkeygen for ansible
+ run: ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
+
+ - name: Terraform Init
+ run: terraform init
+
+ - name: Terraform Apply
+ run: terraform apply -auto-approve
+
+ - name: Install podman remote
+ run: |
+ sudo apt-get install -y podman
+ sudo apt-get install -y jq
+
+ - name: jq parse the terraform state for the public ip
+ run: |
+ PUBLIC_IP=$(terraform output -json | jq -r '.public_ip.value')
+ podman system connection add terraform --identity ~/.ssh/id_rsa ssh://$PUBLIC_IP/run/user/1000/podman/podman.sock
+
+ - name: Build image
+ run: |
+ podman-remote build -f build/docker/builder/cpu/rhel9/Containerfile .
+
+ - name: Terraform Destroy
+ if: always()
+ run: terraform destroy -auto-approve

.gitignore

@@ -106,3 +106,4 @@ internal/proto/**/*.pb.go
 internal/core/src/pb/*.pb.h
 internal/core/src/pb/*.pb.cc
 **/legacypb/*.pb.go
+terraform.tfvars

main.tf

@@ -0,0 +1,87 @@
+variable "vpc_id" {
+ type = string
+}
+
+variable "ssh_public_key_path" {
+ type = string
+ default = "~/.ssh/id_rsa.pub"
+}
+
+variable "ssh_private_key_path" {
+ type = string
+ default = "~/.ssh/id_rsa"
+}
+
+
+variable "ami_id" {
+ type = string
+ default = "ami-0d77c9d87c7e619f9"
+}
+
+variable "rh_access" {
+ sensitive = true
+ type = string
+}
+
+variable "rh_org" {
+ sensitive = true
+ type = string
+}
+
+
+// generate a new security group to allow ssh and https traffic
+resource "aws_security_group" "builder-access" {
+ name = "builder-access"
+ description = "Allow ssh and https traffic"
+ vpc_id = var.vpc_id
+
+ ingress {
+ description = "SSH from VPC"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
+resource "aws_key_pair" "sigkey" {
+ key_name = uuid()
+ public_key = file(var.ssh_public_key_path)
+}
+
+resource "aws_instance" "builder" {
+ ami = var.ami_id
+ instance_type = "m5.large"
+ associate_public_ip_address = true
+ vpc_security_group_ids = [aws_security_group.builder-access.id]
+ key_name = aws_key_pair.sigkey.key_name
+
+ provisioner "remote-exec" {
+ inline = [
+ "sudo cloud-init status --wait",
+ "echo 'Connection Established'",
+ "sudo subscription-manager register --activationkey=${var.rh_access} --org=${var.rh_org} --force",
+ "sudo dnf -y install container-tools podman",
+ "sudo subscription-manager config --rhsm.manage_repos=1",
+ "systemctl enable --now podman.socket --user",
+ ]
+ }
+ connection {
+ type = "ssh"
+ user = "ec2-user"
+ host = self.public_ip
+ private_key = file(var.ssh_private_key_path)
+ }
+}
+
+// Output public ip address
+output "public_ip" {
+ value = aws_instance.builder.public_ip
+}