able to run HinD (using podman) on macos now

Dockerfile

@@ -11,6 +11,10 @@ ENV REVERSE_PROXY       ""
 ENV ON_DEMAND_TLS_ASK   ""
 ENV HOST_UNAME Linux
 
+# replaced at runtime:
+ENV HIND_N "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk="
+ENV HIND_C "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk="
+
 ENV DEBIAN_FRONTEND noninteractive
 ENV TZ Etc/UTC
 ENV TERM xterm

README.md

@@ -215,6 +215,10 @@ net.core.wmem_max=134217728' |sudo tee /etc/sysctl.d/90-tcp-memory.conf
 
 # Miscellaneous
 - client IP addresses will be in request header 'X-Forwarded-For' (per `caddy`)
+- pop inside the HinD container:
+```
+sudo podman exec -it hind zsh
+```
 - get list of `consul` services:
 ```
 wget -qO- 'localhost:8500/v1/catalog/services?tags=1' | jq .

bin/bootstrap.sh

@@ -43,9 +43,19 @@ else
   pkill -SIGQUIT nomad
   sleep 5
 
-  consul keygen                                  |tr -d '^\n' | podman secret create HIND_C -
-  nomad operator gossip keyring generate         |tr -d '^\n' | podman secret create HIND_N -
-  grep -F 'Secret ID' /tmp/bootstrap |cut -f2- -d= |tr -d ' ' | podman secret create NOMAD_TOKEN -
+
+  if [ "$HOST_UNAME" = Darwin ]; then
+    apt-get install -yqq fuse-overlayfs
+    echo; echo
+    echo -n 'echo -n '
+    grep -F 'Secret ID' /tmp/bootstrap |cut -f2- -d= |tr -d ' \n'
+    echo  ' | podman secret create NOMAD_TOKEN -'
+    echo; echo
+  else
+    consul keygen                                  |tr -d '^\n' | podman secret create HIND_C -
+    nomad operator gossip keyring generate         |tr -d '^\n' | podman secret create HIND_N -
+    grep -F 'Secret ID' /tmp/bootstrap |cut -f2- -d= |tr -d ' ' | podman secret create NOMAD_TOKEN -
+  fi
 
   rm -f /tmp/*
 

install.sh

@@ -21,6 +21,24 @@ export FQDN=$(hostname -f)
 podman -v > /dev/null || echo 'please install the podman package first'
 podman -v > /dev/null || exit 1
 
+if [ "$HOST_UNAME" = Darwin ]; then
+  export FQDN=http://$FQDN
+  PV=$HOME/pv
+
+  ARGS_INIT=''
+  ARGS_RUN='-p 8000:80 -p 4000:443 --secret NOMAD_TOKEN,type=env'
+  # previously had also added above: '-v /sys/fs/cgroup:/sys/fs/cgroup:rw'
+else
+  # In rare case this is a symlink, ensure we mount the proper source.
+  # NOTE: we map in /var/lib/containers here so `podman secret create` inside the `podman run`
+  # container will effect us, the outside/VM.
+  VLC=$(realpath /var/lib/containers 2>/dev/null  ||  echo /var/lib/containers)
+  SOCK=$(podman info |grep -F podman.sock |rev |cut -f1 -d ' ' |rev)
+  PV=/pv
+
+  ARGS_INIT="--net=host --cgroupns=host -v ${VLC}:/var/lib/containers"
+  ARGS_RUN="--net=host --cgroupns=host -v /opt/nomad/data/alloc:/opt/nomad/data/alloc -v $SOCK:$SOCK --secret HIND_C,type=env --secret HIND_N,type=env"
+fi
 
 (
   # clear any prior run (likely fail?)
@@ -40,47 +58,38 @@ podman -v > /dev/null || exit 1
   # bootstrap the general image to a customized image for your cluster, leveraging podman secrets
   IMG=ghcr.io/internetarchive/hind:main
 
-  # In rare case this is a symlink, ensure we mount the proper source.
-  # NOTE: we map in /var/lib/containers here so `podman secret create` inside the `podman run`
-  # container will effect us, the outside/VM.
-  VLC=$(realpath /var/lib/containers 2>/dev/null  ||  echo /var/lib/containers)
-
   set -x
   # We need to shared these 2 directories "inside" the running `hind` container, and "outside" on
   # the VM itself.  We want to persist HTTPS cert files, and any `data/alloc` directories setup
   # on the "inside" (eg: `nomad run`) need to be available to nomad jobs running on the outside/VM.
-  mkdir -p -m777 /pv/CERTS
+  mkdir -p -m777 $PV/CERTS
   mkdir -p -m777 /opt/nomad/data/alloc
 
   podman pull $QUIET $IMG > $OUT
-  podman run --net=host --privileged --cgroupns=host \
-    -v ${VLC}:/var/lib/containers \
-    -e FQDN  -e HOST_UNAME \
-    --name hind-init $QUIET "$@" $IMG
+  podman run --privileged $ARGS_INIT -e FQDN -e HOST_UNAME --name hind-init $QUIET "$@" $IMG
   podman commit $QUIET hind-init localhost/hind > $OUT 2>&1
   podman rm  -v        hind-init > $OUT 2>&1
 )
 
 
+if [ "$HOST_UNAME" = Darwin ]; then
+  set +x
+  echo '
+
+COPY/PASTE THE NOMAD_TOKEN secret create ABOVE NOW
+
+'
+  read cont
+fi
+
+
 # Now run the new docker image in the background.
 # NOTE: we switch `-v /var/lib/containers` to volume mounting the `podman.sock`, since we want HinD
 # container to `podman run` nomad jobs on the outside/VM, not inside itself
 (
-  SOCK=$(podman info |grep -F podman.sock |rev |cut -f1 -d ' ' |rev)
-  if [ "$HOST_UNAME" = Darwin ]; then
-    ARGS='-p 6000:4646 -p 8000:80 -p 4000:443 -v /sys/fs/cgroup:/sys/fs/cgroup:rw'
-  else
-    ARGS='--net=host'
-  fi
-
   set -x
-  podman run --privileged --cgroupns=host \
-    $ARGS \
-    -v $SOCK:$SOCK \
-    -v /opt/nomad/data/alloc:/opt/nomad/data/alloc \
-    -v /pv:/pv \
-    --secret HIND_C,type=env --secret HIND_N,type=env \
-    --restart=always --name hind -d $QUIET "$@" localhost/hind > $OUT 2>&1
+  podman run --privileged $ARGS_RUN -v $PV:/pv --restart=always --name hind -d $QUIET "$@" localhost/hind \
+    > $OUT 2>&1
 )
 
 
@@ -93,6 +102,7 @@ SUCCESS!
   exit 0
 fi
 
+set +x
 
 echo '
 Congratulations!
@@ -106,7 +116,7 @@ anywhere you have downloaded a `nomad` binary):
   '
 
 if [ $HOST_UNAME = Darwin ]; then
-  echo "export NOMAD_ADDR=http://$FQDN:6000"
+  echo "export NOMAD_ADDR=$FQDN:8000"
 else
   echo "export NOMAD_ADDR=https://$FQDN"
 fi