robK fix for /opt/nomad/data/alloc; one-shot remote-able intaller; GH…

… Pages publish w/ picked theme
internetarchive · Feb 24, 2024 · 39bd652 · 39bd652
1 parent f9b086e
commit 39bd652
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -31,12 +31,12 @@ This will "bootstrap" your cluster with a private, unique `NOMAD_TOKEN`,
 and `podman run` a new container with the hind service into the background.
 
 ```bash
-./install-hind.sh # xxx
+curl -sS https://internetarchive.github.io/hind/bin/install-hind.sh | sudo sh
 ```
 
 ## Minimal requirements:
 - VM you can `ssh` into
-- VM with `podman` and `zsh` packages
+- VM with [podman](https://podman.io/docs/installation) package
 - if using a firewall (like `ferm`, etc.) make sure the following ports are open from the VM to the world:
   - 443  - https
   - 80   - http  (load balancer will auto-upgrade/redir to https)

diff --git a/_config.yml b/_config.yml
@@ -0,0 +1 @@
+theme: jekyll-theme-midnight
diff --git a/bin/install-hind.sh b/bin/install-hind.sh
@@ -1,38 +1,47 @@
-#!/bin/zsh -eu
+#!/bin/sh -eu
 
 # sets up HinD, passing on any extra CLI optional arguments xxx
 
-export FIRST= #xxx
-export TOK_C= #xxx
-export TOK_N= #xxx
+export HOST_UNAME=$(uname)
+export FQDN=$(hostname -f)
+export FIRST=; #xxx
+export TOK_C=; #xxx
+export TOK_N=; #xxx
 
 (
   set -x
-  sudo mkdir -p -m777 /pv/CERTS # xxx
-  sudo podman run --net=host --privileged --cgroupns=host \
+  mkdir -p -m777 /pv/CERTS # xxx
+  mkdir -p -m777 /opt/nomad/data/alloc # xxx
+  podman run --net=host --privileged --cgroupns=host \
     -v /var/lib/containers:/var/lib/containers \
-    -e FQDN=$(hostname -f)  -e HOST_UNAME=$(uname)  -e FIRST  -e TOK_C  -e TOK_N \
+    -e FQDN  -e HOST_UNAME  -e FIRST  -e TOK_C  -e TOK_N \
     -v /pv/CERTS:/pv/CERTS \
     --rm --name hind --pull=always "$@" ghcr.io/internetarchive/hind:podman
-    # xxx :main
+    # xxx :main -- also change GH Pages to build from main branch when merge podman => main
 )
 
 # now run the new docker image in the background
-typeset -a ARGS
-HOST_UNAME=$(uname)
+# NOTE: the *SECOND LINE* is what differs here -- the other lines need to stay the same/matched
 if [ "$HOST_UNAME" = Darwin ]; then
-  ARGS+=(-p 6000:4646 -p 8000:80 -p 4000:443 -v /sys/fs/cgroup:/sys/fs/cgroup:rw)
+  (
+    set -x
+    podman run --privileged --cgroupns=host \
+      -p 6000:4646 -p 8000:80 -p 4000:443 -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
+      -v /var/lib/containers:/var/lib/containers \
+      -v /opt/nomad/data/alloc:/opt/nomad/data/alloc \
+      --restart=unless-stopped --name hindup -v /pv/CERTS:/root/.local/share/caddy -d hind >/dev/null
+  )
 else
-  ARGS+=(--net=host)
+  (
+    set -x
+    podman run --privileged --cgroupns=host \
+      --net=host \
+      -v /var/lib/containers:/var/lib/containers \
+      -v /opt/nomad/data/alloc:/opt/nomad/data/alloc \
+      --restart=unless-stopped --name hindup -v /pv/CERTS:/root/.local/share/caddy -d hind >/dev/null
+  )
 fi
 
-(
-  set -x
-  sudo podman run $ARGS --privileged --cgroupns=host \
-    -v /var/lib/containers:/var/lib/containers \
-    --restart=unless-stopped --name hindup -v /pv/CERTS:/root/.local/share/caddy -d hind >/dev/null
-)
-
 if [ ! $FIRST ]; then
   echo '
   Congratulations!
@@ -44,7 +53,7 @@ if [ ! $FIRST ]; then
   (inside or outside the running container or from a home machine --
   anywhere you have downloaded a `nomad` binary):
     '
-  sudo podman run --rm hind 'cat $CONFIG'
+  podman run --rm hind sh -c 'cat $CONFIG'
 else
   echo '