diff --git a/Dockerfile.proxy b/Dockerfile.proxy index 87643f947..006172cc3 100644 --- a/Dockerfile.proxy +++ b/Dockerfile.proxy @@ -7,11 +7,13 @@ ENV GOPATH=/root/go RUN mkdir -p /app WORKDIR /app +COPY . /app RUN make proxy FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all -COPY --from=builder /go/src/github.com/Azure/ARO-RP/proxy /usr/local/bin/ +COPY --from=builder /app/proxy /usr/local/bin/ ENTRYPOINT ["proxy"] EXPOSE 8443/tcp +EXPOSE 8080/tcp USER 1000 diff --git a/pkg/deploy/assets/env-development.json b/pkg/deploy/assets/env-development.json index 4328b7592..1c738e4fc 100644 --- a/pkg/deploy/assets/env-development.json +++ b/pkg/deploy/assets/env-development.json @@ -143,6 +143,62 @@ "[resourceId('Microsoft.Network/virtualNetworks', 'dev-vpn-vnet')]" ] }, + { + "sku": { + "name": "Basic" + }, + "properties": { + "frontendIPConfigurations": [ + { + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]" + } + }, + "name": "not-used" + } + ], + "backendAddressPools": [ + { + "name": "dev-backend" + } + ], + "loadBalancingRules": [ + { + "properties": { + "frontendIPConfiguration": { + "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'dev-lb-internal', 'not-used')]" + }, + "backendAddressPool": { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]" + }, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]" + }, + "protocol": "Tcp", + "loadDistribution": "Default", + "frontendPort": 443, + "backendPort": 443 + }, + "name": "dev-lbrule" + } + ], + "probes": [ + { + "properties": { + "protocol": "Tcp", + "port": 443, + "numberOfProbes": 3 + }, + "name": "dev-probe" + } + ] + }, + "name": "dev-lb-internal", + "type": "Microsoft.Network/loadBalancers", + "location": "[resourceGroup().location]", + "apiVersion": "2020-08-01" + }, { "name": "[concat(take(resourceGroup().name,10), '-dev-sharedKV')]", "type": "Microsoft.KeyVault/vaults", @@ -244,9 +300,9 @@ }, "storageProfile": { "imageReference": { - "publisher": "RedHat", - "offer": "RHEL", - "sku": "8-LVM", + "publisher": "MicrosoftCBLMariner", + "offer": "cbl-mariner", + "sku": "cbl-mariner-2-gen2", "version": "latest" }, "osDisk": { @@ -257,6 +313,9 @@ } }, "networkProfile": { + "healthProbe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]" + }, "networkInterfaceConfigurations": [ { "name": "dev-proxy-vmss-nic", @@ -277,7 +336,12 @@ "domainNameLabel": "[parameters('proxyDomainNameLabel')]" } } - } + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]" + } + ] } } ] @@ -296,7 +360,7 @@ "autoUpgradeMinorVersion": true, "settings": {}, "protectedSettings": { - "script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PROXYIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImage')),''')\n','PROXYIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImageAuth')),''')\n','PROXYCERT=''',parameters('proxyCert'),'''\n','PROXYCLIENTCERT=''',parameters('proxyClientCert'),'''\n','PROXYKEY=''',parameters('proxyKey'),'''\n','\n',base64ToString('I0FkZGluZyByZXRyeSBsb2dpYyB0byB5dW0gY29tbWFuZHMgaW4gb3JkZXIgdG8gYXZvaWQgc3RhbGxpbmcgb3V0IG9uIHJlc291cmNlIGxvY2tzCmVjaG8gInJ1bm5pbmcgUkhVSSBmaXgiCmZvciBhdHRlbXB0IGluIHsxLi42MH07IGRvCiAgeXVtIHVwZGF0ZSAteSAtLWRpc2FibGVyZXBvPScqJyAtLWVuYWJsZXJlcG89J3JodWktbWljcm9zb2Z0LWF6dXJlKicgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA2MCBdXTsgdGhlbiBzbGVlcCAzMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKCmVjaG8gInJ1bm5pbmcgeXVtIHVwZGF0ZSIKZm9yIGF0dGVtcHQgaW4gezEuLjYwfTsgZG8KICB5dW0gLXkgLXggV0FMaW51eEFnZW50IC14IFdBTGludXhBZ2VudC11ZGV2IHVwZGF0ZSAtLWFsbG93ZXJhc2luZyAmJiBicmVhawogIGlmIFtbICR7YXR0ZW1wdH0gLWx0IDYwIF1dOyB0aGVuIHNsZWVwIDMwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKZWNobyAiaW5zdGFsbGluZyBwb2RtYW4tZG9ja2VyIgpmb3IgYXR0ZW1wdCBpbiB7MS4uNjB9OyBkbwogIHl1bSAteSBpbnN0YWxsIHBvZG1hbi1kb2NrZXIgJiYgYnJlYWsKICBpZiBbWyAke2F0dGVtcHR9IC1sdCA2MCBdXTsgdGhlbiBzbGVlcCAzMDsgZWxzZSBleGl0IDE7IGZpCmRvbmUKCmZpcmV3YWxsLWNtZCAtLWFkZC1wb3J0PTQ0My90Y3AgLS1wZXJtYW5lbnQKCm1rZGlyIC9yb290Ly5kb2NrZXIKY2F0ID4vcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uIDw8RU9GCnsKCSJhdXRocyI6IHsKCQkiJHtQUk9YWUlNQUdFJSUvKn0iOiB7CgkJCSJhdXRoIjogIiRQUk9YWUlNQUdFQVVUSCIKCQl9Cgl9Cn0KRU9GCgpta2RpciAtcCAvZXRjL2NvbnRhaW5lcnMvCnRvdWNoIC9ldGMvY29udGFpbmVycy9ub2RvY2tlcgoKZG9ja2VyIHB1bGwgIiRQUk9YWUlNQUdFIgoKbWtkaXIgL2V0Yy9wcm94eQpiYXNlNjQgLWQgPDw8IiRQUk9YWUNFUlQiID4vZXRjL3Byb3h5L3Byb3h5LmNydApiYXNlNjQgLWQgPDw8IiRQUk9YWUtFWSIgPi9ldGMvcHJveHkvcHJveHkua2V5CmJhc2U2NCAtZCA8PDwiJFBST1hZQ0xJRU5UQ0VSVCIgPi9ldGMvcHJveHkvcHJveHktY2xpZW50LmNydApjaG93biAtUiAxMDAwOjEwMDAgL2V0Yy9wcm94eQpjaG1vZCAwNjAwIC9ldGMvcHJveHkvcHJveHkua2V5CgpjYXQgPi9ldGMvc3lzY29uZmlnL3Byb3h5IDw8RU9GClBST1hZX0lNQUdFPSckUFJPWFlJTUFHRScKRU9GCgpjYXQgPi9ldGMvc3lzdGVtZC9zeXN0ZW0vcHJveHkuc2VydmljZSA8PCdFT0YnCltVbml0XQpBZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXQKV2FudHM9bmV0d29yay1vbmxpbmUudGFyZ2V0CgpbU2VydmljZV0KRW52aXJvbm1lbnRGaWxlPS9ldGMvc3lzY29uZmlnL3Byb3h5CkV4ZWNTdGFydFByZT0tL3Vzci9iaW4vZG9ja2VyIHJtIC1mICVuCkV4ZWNTdGFydD0vdXNyL2Jpbi9kb2NrZXIgcnVuIC0tcm0gLS1uYW1lICVuIC1wIDQ0Mzo4NDQzIC12IC9ldGMvcHJveHk6L3NlY3JldHMgJFBST1hZX0lNQUdFCkV4ZWNTdG9wPS91c3IvYmluL2RvY2tlciBzdG9wICVuClJlc3RhcnQ9YWx3YXlzClJlc3RhcnRTZWM9MQpTdGFydExpbWl0SW50ZXJ2YWw9MAoKW0luc3RhbGxdCldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0CkVPRgoKc3lzdGVtY3RsIGVuYWJsZSBwcm94eS5zZXJ2aWNlCgpjYXQgPi9ldGMvY3Jvbi53ZWVrbHkvcHVsbC1pbWFnZSA8PCdFT0YnCiMhL2Jpbi9iYXNoCgpkb2NrZXIgcHVsbCAkUFJPWFlJTUFHRQpzeXN0ZW1jdGwgcmVzdGFydCBwcm94eS5zZXJ2aWNlCkVPRgpjaG1vZCAreCAvZXRjL2Nyb24ud2Vla2x5L3B1bGwtaW1hZ2UKCmNhdCA+L2V0Yy9jcm9uLndlZWtseS95dW11cGRhdGUgPDwnRU9GJwojIS9iaW4vYmFzaAoKeXVtIHVwZGF0ZSAteQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLndlZWtseS95dW11cGRhdGUKCmNhdCA+L2V0Yy9jcm9uLmRhaWx5L3Jlc3RhcnQtcHJveHkgPDwnRU9GJwojIS9iaW4vYmFzaAoKc3lzdGVtY3RsIHJlc3RhcnQgcHJveHkuc2VydmljZQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLmRhaWx5L3Jlc3RhcnQtcHJveHkKCigKCXNsZWVwIDMwCglyZWJvb3QKKSAmCg==')))]" + "script": "[base64(concat(base64ToString('c2V0IC1leAoK'),'PROXYIMAGE=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImage')),''')\n','PROXYIMAGEAUTH=$(base64 -d \u003c\u003c\u003c''',base64(parameters('proxyImageAuth')),''')\n','PROXYCERT=''',parameters('proxyCert'),'''\n','PROXYCLIENTCERT=''',parameters('proxyClientCert'),'''\n','PROXYKEY=''',parameters('proxyKey'),'''\n','\n',base64ToString('I0FkZGluZyByZXRyeSBsb2dpYyB0byB5dW0gY29tbWFuZHMgaW4gb3JkZXIgdG8gYXZvaWQgc3RhbGxpbmcgb3V0IG9uIHJlc291cmNlIGxvY2tzCmVjaG8gImluc3RhbGxpbmcgbW9ieS1lbmdpbmUgKGRvY2tlcikiCmZvciBhdHRlbXB0IGluIHsxLi42MH07IGRvCgl0ZG5mIGluc3RhbGwgLXkgbW9ieS1lbmdpbmUgbW9ieS1jbGkgJiYgYnJlYWsKCWlmIFtbICR7YXR0ZW1wdH0gLWx0IDYwIF1dOyB0aGVuIHNsZWVwIDMwOyBlbHNlIGV4aXQgMTsgZmkKZG9uZQoKc3lzdGVtY3RsIGVuYWJsZSBkb2NrZXIKc3lzdGVtY3RsIHN0YXJ0IGRvY2tlcgoKbWtkaXIgL3Jvb3QvLmRvY2tlcgpjYXQgPi9yb290Ly5kb2NrZXIvY29uZmlnLmpzb24gPDxFT0YKewoJImF1dGhzIjogewoJCSIke1BST1hZSU1BR0UlJS8qfSI6IHsKCQkJImF1dGgiOiAiJFBST1hZSU1BR0VBVVRIIgoJCX0KCX0KfQpFT0YKCmRvY2tlciBwdWxsICIkUFJPWFlJTUFHRSIKCm1rZGlyIC9ldGMvcHJveHkKYmFzZTY0IC1kIDw8PCIkUFJPWFlDRVJUIiA+L2V0Yy9wcm94eS9wcm94eS5jcnQKYmFzZTY0IC1kIDw8PCIkUFJPWFlLRVkiID4vZXRjL3Byb3h5L3Byb3h5LmtleQpiYXNlNjQgLWQgPDw8IiRQUk9YWUNMSUVOVENFUlQiID4vZXRjL3Byb3h5L3Byb3h5LWNsaWVudC5jcnQKY2hvd24gLVIgMTAwMDoxMDAwIC9ldGMvcHJveHkKY2htb2QgMDYwMCAvZXRjL3Byb3h5L3Byb3h5LmtleQoKY2F0ID4vZXRjL3N5c2NvbmZpZy9wcm94eSA8PEVPRgpQUk9YWV9JTUFHRT0nJFBST1hZSU1BR0UnCkVPRgoKY2F0ID4vZXRjL3N5c3RlbWQvc3lzdGVtL3Byb3h5LnNlcnZpY2UgPDwnRU9GJwpbVW5pdF0KQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0CldhbnRzPW5ldHdvcmstb25saW5lLnRhcmdldAoKW1NlcnZpY2VdCkVudmlyb25tZW50RmlsZT0vZXRjL3N5c2NvbmZpZy9wcm94eQpFeGVjU3RhcnRQcmU9LS91c3IvYmluL2RvY2tlciBybSAtZiAlbgpFeGVjU3RhcnQ9L3Vzci9iaW4vZG9ja2VyIHJ1biAtLXJtIC0tbmFtZSAlbiAtcCA0NDM6ODQ0MyAtdiAvZXRjL3Byb3h5Oi9zZWNyZXRzICRQUk9YWV9JTUFHRQpFeGVjU3RvcD0vdXNyL2Jpbi9kb2NrZXIgc3RvcCAlbgpSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTEKU3RhcnRMaW1pdEludGVydmFsPTAKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldApFT0YKCnN5c3RlbWN0bCBlbmFibGUgcHJveHkuc2VydmljZQoKY2F0ID4vZXRjL2Nyb24ud2Vla2x5L3B1bGwtaW1hZ2UgPDwnRU9GJwojIS9iaW4vYmFzaAoKZG9ja2VyIHB1bGwgJFBST1hZSU1BR0UKc3lzdGVtY3RsIHJlc3RhcnQgcHJveHkuc2VydmljZQpFT0YKY2htb2QgK3ggL2V0Yy9jcm9uLndlZWtseS9wdWxsLWltYWdlCgpjYXQgPi9ldGMvY3Jvbi53ZWVrbHkveXVtdXBkYXRlIDw8J0VPRicKIyEvYmluL2Jhc2gKCnl1bSB1cGRhdGUgLXkKRU9GCmNobW9kICt4IC9ldGMvY3Jvbi53ZWVrbHkveXVtdXBkYXRlCgpjYXQgPi9ldGMvY3Jvbi5kYWlseS9yZXN0YXJ0LXByb3h5IDw8J0VPRicKIyEvYmluL2Jhc2gKCnN5c3RlbWN0bCByZXN0YXJ0IHByb3h5LnNlcnZpY2UKRU9GCmNobW9kICt4IC9ldGMvY3Jvbi5kYWlseS9yZXN0YXJ0LXByb3h5CgooCglzbGVlcCAzMAoJcmVib290CikgJgo=')))]" }, "provisionAfterExtensions": [ "Microsoft.Azure.Monitor.AzureMonitorLinuxAgent", @@ -337,10 +401,22 @@ }, "overprovision": false }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[resourceId('AzSecPackAutoConfigRG', 'Microsoft.ManagedIdentity/userAssignedIdentities', concat('AzSecPackAutoConfigUA-', resourceGroup().location))]": {} + } + }, "name": "dev-proxy-vmss", "type": "Microsoft.Compute/virtualMachineScaleSets", "location": "[resourceGroup().location]", - "apiVersion": "2020-12-01" + "tags": { + "azsecpack": "nonprod" + }, + "apiVersion": "2020-12-01", + "dependsOn": [ + "[resourceId('Microsoft.Network/loadBalancers', 'dev-lb-internal')]" + ] }, { "properties": { diff --git a/pkg/deploy/generator/resources_dev.go b/pkg/deploy/generator/resources_dev.go index 668b7fee3..a1788a804 100644 --- a/pkg/deploy/generator/resources_dev.go +++ b/pkg/deploy/generator/resources_dev.go @@ -17,6 +17,69 @@ import ( "github.com/Azure/ARO-RP/pkg/util/azureclient" ) +// devLBInternal is needed for defining a healthprobe. +// VMSS with auto upgrademode requires a healthprobe from an LB. +func (g *generator) devLBInternal() *arm.Resource { + return &arm.Resource{ + Resource: &mgmtnetwork.LoadBalancer{ + Sku: &mgmtnetwork.LoadBalancerSku{ + Name: mgmtnetwork.LoadBalancerSkuNameBasic, + }, + LoadBalancerPropertiesFormat: &mgmtnetwork.LoadBalancerPropertiesFormat{ + FrontendIPConfigurations: &[]mgmtnetwork.FrontendIPConfiguration{ + { + FrontendIPConfigurationPropertiesFormat: &mgmtnetwork.FrontendIPConfigurationPropertiesFormat{ + Subnet: &mgmtnetwork.Subnet{ + ID: to.StringPtr("[resourceId('Microsoft.Network/virtualNetworks/subnets', 'rp-vnet', 'rp-subnet')]"), + }, + }, + Name: to.StringPtr("not-used"), + }, + }, + BackendAddressPools: &[]mgmtnetwork.BackendAddressPool{ + { + Name: to.StringPtr("dev-backend"), + }, + }, + LoadBalancingRules: &[]mgmtnetwork.LoadBalancingRule{ + { + LoadBalancingRulePropertiesFormat: &mgmtnetwork.LoadBalancingRulePropertiesFormat{ + FrontendIPConfiguration: &mgmtnetwork.SubResource{ + ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', 'dev-lb-internal', 'not-used')]"), + }, + BackendAddressPool: &mgmtnetwork.SubResource{ + ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"), + }, + Probe: &mgmtnetwork.SubResource{ + ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"), + }, + Protocol: mgmtnetwork.TransportProtocolTCP, + LoadDistribution: mgmtnetwork.LoadDistributionDefault, + FrontendPort: to.Int32Ptr(443), + BackendPort: to.Int32Ptr(443), + }, + Name: to.StringPtr("dev-lbrule"), + }, + }, + Probes: &[]mgmtnetwork.Probe{ + { + ProbePropertiesFormat: &mgmtnetwork.ProbePropertiesFormat{ + Protocol: mgmtnetwork.ProbeProtocolTCP, + Port: to.Int32Ptr(443), + NumberOfProbes: to.Int32Ptr(3), + }, + Name: to.StringPtr("dev-probe"), + }, + }, + }, + Name: to.StringPtr("dev-lb-internal"), + Type: to.StringPtr("Microsoft.Network/loadBalancers"), + Location: to.StringPtr("[resourceGroup().location]"), + }, + APIVersion: azureclient.APIVersion("Microsoft.Network"), + } +} + func (g *generator) devProxyVMSS() *arm.Resource { parts := []string{ fmt.Sprintf("base64ToString('%s')", base64.StdEncoding.EncodeToString([]byte("set -ex\n\n"))), @@ -51,6 +114,12 @@ func (g *generator) devProxyVMSS() *arm.Resource { Tier: to.StringPtr("Standard"), Capacity: to.Int64Ptr(1), }, + Identity: &mgmtcompute.VirtualMachineScaleSetIdentity{ + Type: mgmtcompute.ResourceIdentityTypeUserAssigned, + UserAssignedIdentities: map[string]*mgmtcompute.VirtualMachineScaleSetIdentityUserAssignedIdentitiesValue{ + "[resourceId('AzSecPackAutoConfigRG', 'Microsoft.ManagedIdentity/userAssignedIdentities', concat('AzSecPackAutoConfigUA-', resourceGroup().location))]": {}, + }, + }, VirtualMachineScaleSetProperties: &mgmtcompute.VirtualMachineScaleSetProperties{ UpgradePolicy: &mgmtcompute.UpgradePolicy{ Mode: mgmtcompute.UpgradeModeRolling, @@ -73,9 +142,9 @@ func (g *generator) devProxyVMSS() *arm.Resource { }, StorageProfile: &mgmtcompute.VirtualMachineScaleSetStorageProfile{ ImageReference: &mgmtcompute.ImageReference{ - Publisher: to.StringPtr("RedHat"), - Offer: to.StringPtr("RHEL"), - Sku: to.StringPtr("8-LVM"), + Publisher: to.StringPtr("MicrosoftCBLMariner"), + Offer: to.StringPtr("cbl-mariner"), + Sku: to.StringPtr("cbl-mariner-2-gen2"), Version: to.StringPtr("latest"), }, OsDisk: &mgmtcompute.VirtualMachineScaleSetOSDisk{ @@ -86,6 +155,9 @@ func (g *generator) devProxyVMSS() *arm.Resource { }, }, NetworkProfile: &mgmtcompute.VirtualMachineScaleSetNetworkProfile{ + HealthProbe: &mgmtcompute.APIEntityReference{ + ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/probes', 'dev-lb-internal', 'dev-probe')]"), + }, NetworkInterfaceConfigurations: &[]mgmtcompute.VirtualMachineScaleSetNetworkConfiguration{ { Name: to.StringPtr("dev-proxy-vmss-nic"), @@ -107,6 +179,11 @@ func (g *generator) devProxyVMSS() *arm.Resource { }, }, }, + LoadBalancerBackendAddressPools: &[]mgmtcompute.SubResource{ + { + ID: to.StringPtr("[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'dev-lb-internal', 'dev-backend')]"), + }, + }, }, }, }, @@ -171,6 +248,12 @@ func (g *generator) devProxyVMSS() *arm.Resource { Location: to.StringPtr("[resourceGroup().location]"), }, APIVersion: azureclient.APIVersion("Microsoft.Compute"), + Tags: map[string]any{ + "azsecpack": "nonprod", + }, + DependsOn: []string{ + "[resourceId('Microsoft.Network/loadBalancers', 'dev-lb-internal')]", + }, } } diff --git a/pkg/deploy/generator/scripts/devProxyVMSS.sh b/pkg/deploy/generator/scripts/devProxyVMSS.sh index cb8e15bf8..f09c9f57f 100644 --- a/pkg/deploy/generator/scripts/devProxyVMSS.sh +++ b/pkg/deploy/generator/scripts/devProxyVMSS.sh @@ -1,23 +1,12 @@ #Adding retry logic to yum commands in order to avoid stalling out on resource locks -echo "running RHUI fix" +echo "installing moby-engine (docker)" for attempt in {1..60}; do - yum update -y --disablerepo='*' --enablerepo='rhui-microsoft-azure*' && break - if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi + tdnf install -y moby-engine moby-cli && break + if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi done -echo "running yum update" -for attempt in {1..60}; do - yum -y -x WALinuxAgent -x WALinuxAgent-udev update --allowerasing && break - if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi -done - -echo "installing podman-docker" -for attempt in {1..60}; do - yum -y install podman-docker && break - if [[ ${attempt} -lt 60 ]]; then sleep 30; else exit 1; fi -done - -firewall-cmd --add-port=443/tcp --permanent +systemctl enable docker +systemctl start docker mkdir /root/.docker cat >/root/.docker/config.json </root/.docker/config.json <