-
Notifications
You must be signed in to change notification settings - Fork 1
275 lines (261 loc) · 8.46 KB
/
azure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
name: Azure
on:
workflow_dispatch:
workflow_call:
push:
branches:
- main
permissions:
id-token: write
contents: read
packages: read
jobs:
azure:
name: Azure
runs-on: ubuntu-latest
steps:
- name: Inspect Azure
run: |
set -eux
type jq || true
type curl || true
curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2021-02-01" | jq . || true
- name: 🐋 Docker Login
if: ${{ false }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker pull agent
if: ${{ false }}
run: |
docker pull ghcr.io/berney/aether-tunnel/agent || echo "Failed to pull image"
- name: Extract Agent
if: ${{ false }}
env:
LIGOLO_PROXY: ${{ secrets.LIGOLO_PROXY }}
run: |
docker create --name agent ghcr.io/berney/aether-tunnel/agent
pwd
mkdir etc
docker cp agent:/etc/s6_finish_default etc/
docker cp agent:/etc/service/ etc/
docker cp agent:/service/ .
docker cp agent:/usr/bin/ .
docker cp agent:/usr/local/bin/ .
docker rm agent
touch service/web-shell/down
touch service/nginx/down
export PATH="$(pwd)/bin:$PATH"
mkdir ~/log
s6-svscan service &
- name: Inspect
if: ${{ false }}
run: |
set -eux
sleep 10
ps -ef
pstree
docker ps
docker ps -a
ss -nlt
ss -nlu
ip link
ip addr
ip -6 addr
ls -l ~/log/mosh-server/current || true
cat ~/log/mosh-server/current || true
- name: Azure login
id: azure-login
#continue-on-error: true
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Sleep if azure-login error
#if: ${{ steps.azure-login.outcome == 'failure' }}
if: ${{ false }}
run: |
set -eux
LOOPS=12
for x in $(seq $LOOPS); do
echo "== $x/$LOOPS"
ps -ef
pstree
docker ps
docker ps -a
ss -nlt
ss -nlu
ip link
ip addr
ip -6 addr
ls -l ~/log/mosh-server/current || true
cat ~/log/mosh-server/current || true
ls -l ~/log/ligolo-ng/current || true
cat ~/log/ligolo-ng/current || true
sleep 5m
done
- name: Azure CLI script
id: azure-cli
#continue-on-error: true
uses: azure/cli@v2
with:
azcliversion: latest
inlineScript: |
set -eux
id || true
hostname || true
date || true
az account show
az ad signed-in-user show || true
az group list
az storage account list
az storage container list --account-name berneygithub || true
az storage container-rm list --storage-account berneygithub || true
az storage blob list --account-name berneygithub --container-name packages --auth-mode login --output table
- name: Sleep if azure-cli error
#if: ${{ steps.azure-cli.outcome == 'failure' }}
if: ${{ false }}
run: |
set -eux
LOOPS=12
for x in $(seq $LOOPS); do
echo "== $x/$LOOPS"
ps -ef
pstree
docker ps
docker ps -a
ss -nlt
ss -nlu
ip link
ip addr
ip -6 addr
ls -l ~/log/mosh-server/current || true
cat ~/log/mosh-server/current || true
ls -l ~/log/ligolo-ng/current || true
cat ~/log/ligolo-ng/current || true
sleep 5m
done
- name: az direct
id: az-direct
#continue-on-error: true
run: |
set -eux
id
hostname
date
az account show
az ad signed-in-user show || true
az group list
az storage account list
az storage container list --account-name berneygithub || true
az storage container-rm list --storage-account berneygithub || true
az storage blob list --account-name berneygithub --container-name packages --auth-mode login --output table
- name: Sleep if azure-direct error
#if: ${{ steps.azure-direct.outcome == 'failure' }}
if: ${{ false }}
run: |
set -eux
LOOPS=12
for x in $(seq $LOOPS); do
echo "== $x/$LOOPS"
ps -ef
pstree
docker ps
docker ps -a
ss -nlt
ss -nlu
ip link
ip addr
ip -6 addr
ls -l ~/log/mosh-server/current || true
cat ~/log/mosh-server/current || true
ls -l ~/log/ligolo-ng/current || true
cat ~/log/ligolo-ng/current || true
sleep 5m
done
- name: Blob FUSE
#continue-on-error: true
run: |
set -eux
sudo apt update
sudo apt-get install -y blobfuse2
ls -la /mnt
cat /mnt/DATALOSS_WARNING_README.txt
free -h || true
free -m
lsblk
nproc
mount
cat /proc/mounts
type blobfuse2 || true
df -h /tmp
curl -H "Metadata: true" "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -s | jq .
az account show
az storage account list
az --version
az version
az storage container list --account-name berneygithub || true
az storage container-rm list --storage-account berneygithub || true
# Gets an OAUTH2 Access Token to the whole Storage Account
# Alternatively could get a SAS to the storage container
ACCESS_TOKEN=$(az account get-access-token --resource https://storage.azure.com/ --query accessToken --output tsv)
# account-key: ${ACCESS_TOKEN}
# Get GitHub OAuth Token for OIDC
curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=api://AzureADTokenExchange" | jq -r .value | sudo tee /root/token.txt
cat <<-EOF > config.yaml
# This allows all users access to the mount
allow-other: true
logging:
level: log_debug
file-path: "blobfuse2-logs.txt"
type: base
azstorage:
account-name: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
container: ${{ secrets.AZURE_STORAGE_CONTAINER }}
# Doesn't work https://github.com/Azure/azure-storage-fuse/discussions/1449
#mode: azcli
mode: spn
clientid: ${{ secrets.AZURE_CLIENT_ID }}
tenantid: ${{ secrets.AZURE_TENANT_ID }}
oauth-token-path: /root/token.txt
EOF
cat config.yaml
sudo mkdir -p /mnt/blobfuse2
sudo mkdir -p /mnt/blobfuse2tmp
if sudo blobfuse2 mount /mnt/blobfuse2 --config-file=config.yaml --tmp-path=/mnt/blobfuse2tmp; then
echo "DBG Blobfuse2 mount worked $?"
ls -lad /mnt/blobfuse2
ls -la /mnt/blobfuse2
echo "Hello World" > /mnt/blobfuse2/hello.txt
cat /mnt/blobfuse2/hello.txt
else
echo "ERR Blobfuse2 mount failed $?"
ls -l blobfuse2-logs.txt
cat blobfuse2-logs.txt
exit 1
fi
- name: Sleep
if: ${{ false }}
run: |
set -eux
LOOPS=12
for x in $(seq $LOOPS); do
echo "== $x/$LOOPS"
ps -ef
pstree
docker ps
docker ps -a
ss -nlt
ss -nlu
ip link
ip addr
ip -6 addr
ls -l ~/log/mosh-server/current || true
cat ~/log/mosh-server/current || true
ls -l ~/log/ligolo-ng/current || true
cat ~/log/ligolo-ng/current || true
sleep 5m
done