Add act-runner target for building local ACT env

act-runner/act-runner.bu

@@ -0,0 +1,131 @@
+---
+variant: fcos
+version: 1.6.0
+
+passwd:
+  users:
+  - name: root
+    ssh_authorized_keys: []
+
+  - name: core
+    groups:
+    - docker
+    ssh_authorized_keys_local:
+    - core_ssh_keys.pub
+
+systemd:
+  units:
+  - name: docker-image-prune.service
+    enabled: false
+    contents: |
+      [Unit]
+      Description=Remove unused images from Docker
+      Wants=docker.socket
+      After=docker.socket
+      After=docker.service
+
+      [Service]
+      Type=oneshot
+      ExecStart=docker image prune --force --all --filter 'reference!="catthehacker/ubuntu"'
+      ExecStart=docker builder prune --force
+      RemainAfterExit=no
+
+      [Install]
+      WantedBy=multi-user.target
+
+  - name: docker-image-prune.timer
+    enabled: true
+    contents: |
+      [Unit]
+      Description=Start docker-image-prune every day
+
+      [Timer]
+      OnBootSec=30min
+      OnUnitActiveSec=1d
+
+      [Install]
+      WantedBy=timers.target
+
+storage:
+  files:
+  - path: /etc/hostname
+    mode: 0644
+    overwrite: true
+    contents:
+      local: hostname
+
+  - path: /etc/ssh/sshd_config.d/99-custom.conf
+    mode: 0644
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      inline: |
+        UseDNS no
+        PermitRootLogin no
+        AllowUsers core@*
+        AuthenticationMethods publickey
+        HostKey /etc/ssh/ssh_host_rsa_key
+        HostKey /etc/ssh/ssh_host_ed25519_key
+        HostKey /etc/ssh/ssh_host_ecdsa_key
+
+  - path: /etc/ssh/ssh_host_rsa_key
+    mode: 0600
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_rsa
+
+  - path: /etc/ssh/ssh_host_rsa_key.pub
+    mode: 0644
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_rsa.pub
+
+  - path: /etc/ssh/ssh_host_ed25519_key
+    mode: 0600
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ed25519
+
+  - path: /etc/ssh/ssh_host_ed25519_key.pub
+    mode: 0644
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ed25519.pub
+
+  - path: /etc/ssh/ssh_host_ecdsa_key
+    mode: 0600
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ecdsa
+
+  - path: /etc/ssh/ssh_host_ecdsa_key.pub
+    mode: 0644
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ecdsa.pub

act-runner/rebuild.bash

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ $# -lt 1 ]; then
+  echo "ERROR: Specify config path"
+  exit 1
+fi
+
+CONFIG_PATH="${1}"
+
+if [ ! -f "${CONFIG_PATH}/act-runner.bu" ]; then
+  echo "ERROR: Config path ${CONFIG_PATH} must include the act-runner.bu file"
+  exit 1
+fi
+
+NAME="${HOSTNAME}-act-runner"
+STREAM="stable"
+BUTANE_CONFIG="${CONFIG_PATH}/act-runner.bu"
+VCPUS="8"
+RAM_MB="16132"
+DISK_GB="100"
+
+IGNITION_PATH="${CONFIG_PATH}/${NAME}.ign"
+IMAGE_PATH="${CONFIG_PATH}/${NAME}.qcow2"
+KVM="qemu:///session"
+
+if ! systemctl is-active libvirtd --quiet; then
+    systemctl start libvirtd
+fi
+
+all_vms=$(virsh --connect="${KVM}" list --all)
+
+if [[ $all_vms == *"${NAME}"* ]]; then
+    running_vms=$(virsh --connect="$KVM" list)
+    if [[ $running_vms == *"${NAME}"* ]]; then
+        echo "Shutting down VM ${NAME}..."
+        virsh --connect="${KVM}" destroy "${NAME}"
+    fi
+    echo "Destroying VM ${NAME}..."
+    virsh --connect="${KVM}" undefine --domain="${NAME}" --remove-all-storage --managed-save
+    echo "Deleting image ${IMAGE_PATH}..."
+    rm -rf "${IMAGE_PATH}"
+    echo "Deleting ignition file ${IGNITION_PATH}..."
+    rm "${IGNITION_PATH}"
+fi
+
+download_dir=$(mktemp -d)
+
+podman run \
+  --rm \
+  -v "${download_dir}:/data:z" \
+  -w /data \
+  quay.io/coreos/coreos-installer:release \
+  download -s "${STREAM}" -p qemu -f qcow2.xz --decompress
+
+download_image=$(command ls "${download_dir}"/*.qcow2)
+
+mv "${download_image}" "${IMAGE_PATH}"
+
+echo "${HOSTNAME}-act-runner" >"${CONFIG_PATH}/hostname"
+cat ~/.ssh/*.pub >"${CONFIG_PATH}/core_ssh_keys.pub"
+
+mkdir --parents "${CONFIG_PATH}/host_keys"
+
+key_formats=(
+  "rsa"
+  "ed25519"
+  "ecdsa"
+)
+
+for key in "${key_formats[@]}"; do
+  if [ ! -f "${CONFIG_PATH}/host_keys/ssh_${key}" ]; then
+    ssh-keygen -q \
+      -f "${CONFIG_PATH}/host_keys/ssh_${key}" \
+      -t "${key}" \
+      -C "${HOSTNAME}-act-runner" \
+      -N ''
+  fi
+done
+
+podman run \
+  --interactive \
+  --rm \
+  -v "${CONFIG_PATH}:/data:z" \
+  quay.io/coreos/butane:release \
+  --pretty --strict --files-dir=/data < "${BUTANE_CONFIG}" > "${IGNITION_PATH}"
+
+chcon --verbose --type svirt_home_t "${IGNITION_PATH}"
+
+virt-install \
+  --connect="${KVM}" \
+  --name="${NAME}" \
+  --vcpus="${VCPUS}" \
+  --memory="${RAM_MB}" \
+  --os-variant="fedora-coreos-${STREAM}" \
+  --import \
+  --noautoconsole \
+  --graphics=none \
+  --disk="size=${DISK_GB},backing_store=${IMAGE_PATH}" \
+  --network bridge=virbr0 \
+  --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=${IGNITION_PATH}"