| #!/bin/bash |
| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| cat << EOF |
| ############################################################################### |
| IMPORTANT: Please read below information |
| ############################################################################### |
| Setting up Satlab requires special privileges, you need access to |
| serviceaccount and keys to access docker images and other configuration files. |
| This script will authenticate the user to access the required artifacts. |
| |
| The following the are steps this script executes: |
| |
| 1. Authenticate user using GCloud SDK(uses gcloud-sdk docker container), |
| when prompted please use your google.com account |
| 2. Generate a service account key to pull Docker images. |
| 3. Finally reboots the chromebox. (You must restart the chromebox inorder to |
| finish the satlab setup) |
| ############################################################################### |
| EOF |
| while true; do |
| read -p "Do you want to continue with the Satlab setup(y/n)?" yn |
| case $yn in |
| [Yy]* ) break;; |
| [Nn]* ) exit;; |
| * ) echo "Please answer yes or no.";; |
| esac |
| done |
| |
| SATLAB_SERIVCE_ACCOUNT=satlab-prototype@chromeos-service-accounts-dev.iam.gserviceaccount.com |
| KEYS_FOLDER=/home/satlab/keys |
| GCLOUD="docker run --rm -ti -a stdout -v satlab_keys:${KEYS_FOLDER} -v gcloud:/root/.config/gcloud google/cloud-sdk:slim" |
| |
| echo "******* SATLAB Setup Starting..... *********" |
| echo |
| echo "Authenticating the user, please follow the instructions... ###" |
| echo |
| ${GCLOUD} gcloud auth login |
| if [ "$?" -ne 0 ]; then |
| echo "Failed to authenticate the user, you must use your @google.com account. Please try again!" |
| exit |
| fi |
| |
| # TODO (anhdle): Enable mutilple service accounts when easier user workflow is available |
| # read -p "Please specify the service account: " sa |
| # echo "Create and download service account key..." |
| # ${GCLOUD} gcloud iam service-accounts keys create "${KEYS_FOLDER}/satlab_service_account.json" --iam-account="$sa" |
| # if [ "$?" -ne 0 ]; then |
| # echo "Failed to create service account key, please try again!" |
| # exit |
| # fi |
| |
| echo "Downloading artifacts..." |
| # Download service account key since 10 keys limit per service account. |
| # TODO (anhdle): Investigate Wwrkload identity federation |
| ${GCLOUD} gsutil cp gs://satlab-keys/satlab_service_account.json ${KEYS_FOLDER} |
| if [ "$?" -ne 0 ]; then |
| echo "Failed to download service account key, please try again!" |
| exit |
| fi |
| chmod 666 /home/satlab/keys satlab_service_account.json |
| |
| echo "Configuring Satlab Privileges successful, please reboot" |
| echo |
| while true; do |
| read -p "Do you want to reboot now(y/n)?" yn |
| case $yn in |
| [Yy]* ) reboot;; |
| [Nn]* ) echo "You MUST restart to apply start Satlab" |
| exit;; |
| * ) echo "Please answer yes or no.";; |
| esac |
| done |