From f3916488a7f538823f72125ba09c78171c87fd52 Mon Sep 17 00:00:00 2001
From: Tracey Jaquith <tracey@archive.org>
Date: Wed, 13 Mar 2024 18:27:24 -0700
Subject: [PATCH] working! tweaks/prettyment; dox++

---
 bin/bootstrap.sh  |  3 +++
 bin/entrypoint.sh |  8 +++++---
 install.sh        | 11 ++++++++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/bin/bootstrap.sh b/bin/bootstrap.sh
index 64f8b09..31fca9f 100755
--- a/bin/bootstrap.sh
+++ b/bin/bootstrap.sh
@@ -50,3 +50,6 @@ else
   rm -f /tmp/*
 
 fi
+
+# signal to `install.sh` that we are done -- so it can `podman commit` our running container now
+date | podman secret create BOOTSTRAPPED
diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh
index bf019c9..a28c15b 100755
--- a/bin/entrypoint.sh
+++ b/bin/entrypoint.sh
@@ -1,11 +1,13 @@
 #!/bin/zsh -eu
 setopt HIST_NO_STORE
 
-if [ ! -e /booted ]; then # xxx
+if [ ! -e /booted ]; then
   # create a new docker image with the bootstrapped version of your cluster
   ./bin/spinner "Bootstrapping your hind cluster..." /app/bin/bootstrap.sh
-  #./bin/spinner 'committing bootstrapped image' podman commit -q hind-init hind # xxx
-  ./bin/spinner 'committing bootstrapped image' zsh -c 'while $(! sudo podman images |grep -qE "localhost/hind "); do sleep 3; done'
+
+  # After having some problems w/ `podman commit` _on the inside_, we now do `podman commit` on the
+  # outside (@see install.sh).  Wait for the podman image to show up to know we are done setup.
+  ./bin/spinner 'committing bootstrapped image' zsh -c 'while $(! sudo podman images |grep -qE "^localhost/hind "); do sleep 3; done'
 
   exit 0
 fi
diff --git a/install.sh b/install.sh
index 59f08aa..8d034ce 100755
--- a/install.sh
+++ b/install.sh
@@ -9,16 +9,21 @@ podman -v > /dev/null || echo 'please install the podman package first'
 podman -v > /dev/null || exit 1
 
 (
-  while $(! podman secret ls |grep -q ' NOMAD_TOKEN '); do sleep 1; done
-  podman commit -q hind-init hind # xxx
+  # in background, wait for the `bootstrap.sh`, running in the first `podman run` below, to finish
+  while $(! podman secret ls |grep -q ' BOOTSTRAPPED '); do sleep 1; done
+  podman commit -q hind-init localhost/hind
+  podman secret rm BOOTSTRAPPED > /dev/null
 ) &
 
 
 (
   set -x
-  # xxx document & why the 2 mkdirs on the outside/VM:
+  # We need to shared these 2 directories "inside" the running `hind` container, and "outside" on
+  # the VM itself.  We want to persist HTTPS cert files, and any `data/alloc` directories setup
+  # on the "inside" (eg: `nomad run`) need to be available to nomad jobs running on the outside/VM.
   mkdir -p -m777 /pv/CERTS
   mkdir -p -m777 /opt/nomad/data/alloc
+
   podman run --net=host --privileged --cgroupns=host \
     -v /var/lib/containers:/var/lib/containers \
     -e FQDN  -e HOST_UNAME \