This tool cleans up sandboxes.
It watches the pool of sandboxes, and look for those marked as to_cleanup.
Then it runs aws-nuke to wipe them, and put them back in the pool of available sandboxes.
-
aws-nukebinary -
IPA client
-
sandbox-listbinary -
rushbinary (parallel tool)
-
login as
opentlc-mgruser -
Clone the Red Hat Demo Platform sandbox repo
cd mkdir pool_management cd pool_management git clone https://github.com/rhpds/sandbox.git
-
Install the aws credentials
~/.aws/credentials[pool-manager] aws_access_key_id=... aws_secret_access_key=...
-
Make sure the keytab
~/secrets/hostadmin.keytabexists. It is the key used in theinfra-aws-sandboxrole to authenticate to IPA. -
Install the systemd Unit conan.service
-
Start and enable the service
systemctl start conan systemctl enable conan
Using
podman# Create the AWS secret
$ cat | podman secret create aws_credentials -
[pool-manager]
aws_access_key_id=...
aws_secret_access_key=...
[pool-manager-dev]
aws_access_key_id=...
aws_secret_access_key=...
[CTRL+D]
# Create the Vault secret
$ cat | podman secret create vault_file -
<PASTE CONTENT OF VAULT SECRET>
[CTRL+D]
$ podman run \
--init \
--secret vault_file \
--secret aws_credentials \
-e dynamodb_profile=pool-manager-dev \
-e dynamodb_table=accounts-dev \
-e dynamodb_region=us-east-1 \
-e aws_profile=pool-manager \
-e conan_instance=container$$ \
-e AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_credentials \
-e vault_file=/run/secrets/vault_file \
-e ddns_server="..." \
-e ddns_key_name="..." \
-e ddns_key_secret="...." \
-e workdir=/home/opentlc-mgr/pool_management \
-e AWSCLI=aws \
-e threads=1 \
-e NOVENV=true \
-v $PWD:/home/opentlc-mgr/pool_management/sandbox \
quay.io/rhpds/sandbox-conan:latest
# For fast iterations on a specific sandbox, you can pass a pattern
podman run -e sandbox_filter="^sandbox2345 " ...
# Delete the secrets when done
$ podman secret rm vault_file aws_credentials