-
|
I need help with setting up our coder instance on an AKS. The Image I'm using is a simple azure cli image with coder installed: FROM mcr.microsoft.com/azure-cli:latest
ARG VARIANT="2.19.1"
RUN tdnf install awk tar -y && curl -sL https://coder.com/install.sh | sh -s -- --method standalone --version ${VARIANT}I set the following environment variables for the init container: Then I tried to use the following bash script: #!/bin/sh
echo "CODER_PG_CONNECTION_URL: $(echo $CODER_PG_CONNECTION_URL | sed 's/^.*@//')"
echo "CODER_FIRST_USER_USERNAME: $CODER_FIRST_USER_USERNAME"
echo "CODER_FIRST_USER_PASSWORD: $(if [ -n "$CODER_FIRST_USER_PASSWORD" ]; then echo "**********"; else echo ""; fi)"
echo "CODER_FIRST_USER_EMAIL: $CODER_FIRST_USER_EMAIL"
echo "MSI_CLIENT_ID: $MSI_CLIENT_ID"
echo "KODER_ADMIN_KV_NAME: $KODER_ADMIN_KV_NAME"
# start the coder server to be able to log in
coder server &
sleep 10
#try to login as admin user, if it fails, create it
echo "Trying to login as the admin user"
coder login || echo "Login failed - creating admin user" && coder server create-admin-user --postgres-url $CODER_PG_CONNECTION_URL --username $CODER_FIRST_USER_USERNAME --password $CODER_FIRST_USER_PASSWORD --email $CODER_FIRST_USER_EMAIL
#login as admin user
echo "Logging in as the admin user"
coder login
#check if there is already a token for the automation user and if it is still valid
if [ -z "$(coder token list --o=json| jq '.[] | select(.name=="automation")')" ]; then
echo "Creating a new token for the automation user"
coder token create --username $CODER_FIRST_USER_USERNAME --name automation --lifetime 1w
token_changed=true
fi
# store the token in the keyvault
if [ -n "$token_changed" ]; then
echo "Logging in as the MSI client"
az login --identity --client-id $MSI_CLIENT_ID -o none
echo "Storing the new token in the keyvault"
az keyvault secret set --vault-name $KODER_ADMIN_KV_NAME --name koder-super-admin-token --value $(coder token list --o=json| jq '.[] | select(.name=="automation") | .token') -o none
echo "Logging out from the MSI client"
az logout -o none
fi
The container keeps failing, so I tried to set this up within a local docker container with the same environment variables (obviously the az login wont work there but the rest should be reproducable). What am I doing wrong? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Update: I managed to understand this better and solve the issue. For anyone having the same issue: if the CODER_FIRST_USER environment variables are set, the admin user will get created when starting the coder server. What I then did was using this user to login via the login API (api/v2/users/login) to get a session token and use this session token to create my personal access token which I then store in the key vault: coder server &
sleep 10
# get session token via login API
session_token=$(curl -s -X POST http://127.0.0.1:3000/api/v2/users/login \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"email": "'"$CODER_FIRST_USER_EMAIL"'","password": "'"$CODER_FIRST_USER_PASSWORD"'"}' | sed -n 's/.*"session_token":"\([^"]*\)".*/\1/p')
# log in to the cli
coder login --use-token-as-session --token $session_token
token=$(coder token create --user $CODER_FIRST_USER_USERNAME --name automation --lifetime 336h) # 2 weeks
...This is okay to do in my opinion as my coder server is inside a container that is not accessible from outside, so disabling password auth is not neccessary there as the coder instance will die with the container. |
Beta Was this translation helpful? Give feedback.
Update: I managed to understand this better and solve the issue.
For anyone having the same issue: if the CODER_FIRST_USER environment variables are set, the admin user will get created when starting the coder server.
What I then did was using this user to login via the login API (api/v2/users/login) to get a session token and use this session token to create my personal access token which I then store in the key vault: