From d87cb4a04e318a06f6df13c807e28a313bcf668f Mon Sep 17 00:00:00 2001
From: James Blair <mail@jamesblair.net>
Date: Thu, 26 Sep 2024 16:31:52 +1200
Subject: [PATCH] Begin scaffolding security hackathon.

---
 data/compliance/README.org                  | 168 ++++++++++++++++++++
 data/{workshop => compliance}/exercise1.mdx |   0
 data/{workshop => compliance}/exercise2.mdx |   0
 data/{workshop => compliance}/exercise3.mdx |   0
 data/{workshop => compliance}/exercise4.mdx |   0
 data/{workshop => compliance}/exercise5.mdx |   0
 data/{workshop => compliance}/exercise6.mdx |   0
 data/{workshop => compliance}/exercise7.mdx |   0
 data/{workshop => compliance}/exercise8.mdx |   0
 data/siteMetadata.js                        |   4 +-
 data/workshop/README.org                    | 165 +------------------
 11 files changed, 172 insertions(+), 165 deletions(-)
 create mode 100644 data/compliance/README.org
 rename data/{workshop => compliance}/exercise1.mdx (100%)
 rename data/{workshop => compliance}/exercise2.mdx (100%)
 rename data/{workshop => compliance}/exercise3.mdx (100%)
 rename data/{workshop => compliance}/exercise4.mdx (100%)
 rename data/{workshop => compliance}/exercise5.mdx (100%)
 rename data/{workshop => compliance}/exercise6.mdx (100%)
 rename data/{workshop => compliance}/exercise7.mdx (100%)
 rename data/{workshop => compliance}/exercise8.mdx (100%)

diff --git a/data/compliance/README.org b/data/compliance/README.org
new file mode 100644
index 0000000..bff72f2
--- /dev/null
+++ b/data/compliance/README.org
@@ -0,0 +1,168 @@
+#+TITLE: Openshift disconnected security & compliance workshop
+#+DATE: <2024-08-26 Mon>
+#+AUTHOR: James Blair
+
+
+This document captures the steps required to set up an instance of the workshop.
+
+* Connect to the low side instance
+
+#+begin_src tmux
+ssh lab-user@3.143.149.146
+#+end_src
+
+
+* Install required tools low side
+
+#+begin_src tmux
+cd /mnt/low-side-data/
+curl -L -o oc-mirror.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.35/oc-mirror.tar.gz
+tar -xzf oc-mirror.tar.gz
+rm -f oc-mirror.tar.gz
+chmod +x oc-mirror
+sudo cp -v oc-mirror /bin
+curl -L -o mirror-registry.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/mirror-registry/latest/mirror-registry.tar.gz
+curl -L -o openshift-install.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.35/openshift-install-linux.tar.gz
+tar -xzf openshift-install.tar.gz openshift-install
+rm -f openshift-install.tar.gz
+curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.19/openshift-client-linux.tar.gz
+tar -xzf oc.tar.gz oc
+rm -f oc.tar.gz
+sudo cp -v oc /bin
+ls -1 /mnt/low-side-data/
+#+end_src
+
+
+* Mirror installation content low side
+
+#+begin_src tmux
+mkdir -v $HOME/.docker
+cp -v $HOME/pull-secret-example.json $HOME/.docker/config.json
+cat << EOF > /mnt/low-side-data/imageset-config.yaml
+---
+kind: ImageSetConfiguration
+apiVersion: mirror.openshift.io/v1alpha2
+storageConfig:
+  local:
+    path: ./
+mirror:
+  platform:
+    channels:
+    - name: stable-4.14
+      type: ocp
+      minVersion: 4.14.35
+      maxVersion: 4.14.35
+  additionalImages:
+  - name: registry.redhat.io/rhel8/support-tools
+EOF
+cd /mnt/low-side-data
+oc-mirror --config imageset-config.yaml file:///mnt/low-side-data
+#+end_src
+
+
+* Install mirror registry high side
+
+#+begin_src tmux
+rsync -avP /mnt/low-side-data/mirror-registry.tar.gz highside:/mnt/high-side-data/
+ssh highside
+cd /mnt/high-side-data
+tar -xzvf mirror-registry.tar.gz
+./mirror-registry install --initPassword discopass
+#+end_src
+
+
+* Trust mirror registry high side
+
+#+begin_src tmux
+sudo cp -v $HOME/quay-install/quay-rootCA/rootCA.pem /etc/pki/ca-trust/source/anchors/
+sudo update-ca-trust
+podman login -u init -p discopass $(hostname):8443
+#+end_src
+
+
+* Transfer mirror content from low to high
+
+#+begin_src tmux
+exit
+rsync -avP /mnt/low-side-data/ highside:/mnt/high-side-data/
+ssh highside
+sudo mv -v /mnt/high-side-data/oc /bin/
+sudo mv -v /mnt/high-side-data/oc-mirror /bin/
+sudo mv -v /mnt/high-side-data/openshift-install /bin/
+cd /mnt/high-side-data
+oc-mirror --from=/mnt/high-side-data/mirror_seq1_000000.tar docker://$(hostname):8443
+#+end_src
+
+
+* Install openshift high side
+
+#+begin_src tmux
+cat << EOF > /mnt/high-side-data/install-config.yaml
+---
+apiVersion: v1
+metadata:
+  name: disco
+baseDomain: lab
+compute:
+- architecture: amd64
+  hyperthreading: Enabled
+  name: worker
+  replicas: 0
+controlPlane:
+  architecture: amd64
+  hyperthreading: Enabled
+  name: master
+  replicas: 1
+  platform:
+    aws:
+      type: m5.8xlarge
+networking:
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 10.0.0.0/16
+  networkType: OVNKubernetes
+  serviceNetwork:
+  - 172.30.0.0/16
+platform:
+  aws:
+    region: us-east-2
+    subnets:
+    - $(aws ec2 describe-subnets --output json | jq '.Subnets[0].SubnetId' -r)
+publish: Internal
+additionalTrustBundlePolicy: Always
+EOF
+if ! test -f "/mnt/high-side-data/id_rsa"; then
+    ssh-keygen -C "OpenShift Debug" -N "" -f /mnt/high-side-data/id_rsa
+fi
+echo "sshKey: $(cat /mnt/high-side-data/id_rsa.pub)" | tee -a /mnt/high-side-data/install-config.yaml
+echo "pullSecret: '$(jq -c . $XDG_RUNTIME_DIR/containers/auth.json)'" | tee -a /mnt/high-side-data/install-config.yaml
+if (test -e /mnt/high-side-data/oc-mirror-workspace/results-*/imageContentSourcePolicy.yaml)
+  then
+     echo -e "\n\n Looks good, go ahead! \n\n"
+   else
+     echo -e "\n\n Uh oh, something is wrong... \n\n"
+fi
+cat << EOF >> /mnt/high-side-data/install-config.yaml
+imageContentSources:
+$(grep "mirrors:" -A 2 --no-group-separator /mnt/high-side-data/oc-mirror-workspace/results-*/imageContentSourcePolicy.yaml)
+EOF
+tail -22 /mnt/high-side-data/install-config.yaml
+cat << EOF >> /mnt/high-side-data/install-config.yaml
+additionalTrustBundle: |
+$(sed 's/^/  /' /home/lab-user/quay-install/quay-rootCA/rootCA.pem)
+EOF
+cat /mnt/high-side-data/install-config.yaml
+cp -v /mnt/high-side-data/install-config.yaml /mnt/high-side-data/install-config.yaml.backup
+openshift-install create cluster --dir /mnt/high-side-data
+#+end_src
+
+
+* Disable default catalog sources high side
+
+#+begin_src tmux
+oc login https://api.disco.lab:6443 --username kubeadmin -p "$(more /mnt/high-side-data/auth/kubeadmin-password)" --insecure-skip-tls-verify=true
+oc patch OperatorHub cluster --type merge -p '{"spec": {"disableAllDefaultSources": true}}'
+oc create -f /mnt/high-side-data/oc-mirror-workspace/results-*/catalogSource-cs-redhat-operator-index.yaml
+#+end_src
diff --git a/data/workshop/exercise1.mdx b/data/compliance/exercise1.mdx
similarity index 100%
rename from data/workshop/exercise1.mdx
rename to data/compliance/exercise1.mdx
diff --git a/data/workshop/exercise2.mdx b/data/compliance/exercise2.mdx
similarity index 100%
rename from data/workshop/exercise2.mdx
rename to data/compliance/exercise2.mdx
diff --git a/data/workshop/exercise3.mdx b/data/compliance/exercise3.mdx
similarity index 100%
rename from data/workshop/exercise3.mdx
rename to data/compliance/exercise3.mdx
diff --git a/data/workshop/exercise4.mdx b/data/compliance/exercise4.mdx
similarity index 100%
rename from data/workshop/exercise4.mdx
rename to data/compliance/exercise4.mdx
diff --git a/data/workshop/exercise5.mdx b/data/compliance/exercise5.mdx
similarity index 100%
rename from data/workshop/exercise5.mdx
rename to data/compliance/exercise5.mdx
diff --git a/data/workshop/exercise6.mdx b/data/compliance/exercise6.mdx
similarity index 100%
rename from data/workshop/exercise6.mdx
rename to data/compliance/exercise6.mdx
diff --git a/data/workshop/exercise7.mdx b/data/compliance/exercise7.mdx
similarity index 100%
rename from data/workshop/exercise7.mdx
rename to data/compliance/exercise7.mdx
diff --git a/data/workshop/exercise8.mdx b/data/compliance/exercise8.mdx
similarity index 100%
rename from data/workshop/exercise8.mdx
rename to data/compliance/exercise8.mdx
diff --git a/data/siteMetadata.js b/data/siteMetadata.js
index d00c376..daa9138 100644
--- a/data/siteMetadata.js
+++ b/data/siteMetadata.js
@@ -1,8 +1,8 @@
 const siteMetadata = {
-  title: 'Red Hat OpenShift Security & Compliance Workshop',
+  title: 'Red Hat OpenShift Security Hackathon',
   author: 'Red Hat',
   headerTitle: 'Red Hat',
-  description: 'Red Hat OpenShift Security & Compliance Workshop',
+  description: 'Red Hat OpenShift Security Hackathon',
   language: 'en-us',
   siteUrl: 'https://rhdemo.win',
   siteRepo: 'https://github.com/jmhbnz/workshops',
diff --git a/data/workshop/README.org b/data/workshop/README.org
index bff72f2..496dcd3 100644
--- a/data/workshop/README.org
+++ b/data/workshop/README.org
@@ -1,168 +1,7 @@
-#+TITLE: Openshift disconnected security & compliance workshop
-#+DATE: <2024-08-26 Mon>
+#+TITLE: Openshift security hackathon
+#+DATE: <2024-09-26 Thu>
 #+AUTHOR: James Blair
 
 
 This document captures the steps required to set up an instance of the workshop.
 
-* Connect to the low side instance
-
-#+begin_src tmux
-ssh lab-user@3.143.149.146
-#+end_src
-
-
-* Install required tools low side
-
-#+begin_src tmux
-cd /mnt/low-side-data/
-curl -L -o oc-mirror.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.35/oc-mirror.tar.gz
-tar -xzf oc-mirror.tar.gz
-rm -f oc-mirror.tar.gz
-chmod +x oc-mirror
-sudo cp -v oc-mirror /bin
-curl -L -o mirror-registry.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/mirror-registry/latest/mirror-registry.tar.gz
-curl -L -o openshift-install.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.35/openshift-install-linux.tar.gz
-tar -xzf openshift-install.tar.gz openshift-install
-rm -f openshift-install.tar.gz
-curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.19/openshift-client-linux.tar.gz
-tar -xzf oc.tar.gz oc
-rm -f oc.tar.gz
-sudo cp -v oc /bin
-ls -1 /mnt/low-side-data/
-#+end_src
-
-
-* Mirror installation content low side
-
-#+begin_src tmux
-mkdir -v $HOME/.docker
-cp -v $HOME/pull-secret-example.json $HOME/.docker/config.json
-cat << EOF > /mnt/low-side-data/imageset-config.yaml
----
-kind: ImageSetConfiguration
-apiVersion: mirror.openshift.io/v1alpha2
-storageConfig:
-  local:
-    path: ./
-mirror:
-  platform:
-    channels:
-    - name: stable-4.14
-      type: ocp
-      minVersion: 4.14.35
-      maxVersion: 4.14.35
-  additionalImages:
-  - name: registry.redhat.io/rhel8/support-tools
-EOF
-cd /mnt/low-side-data
-oc-mirror --config imageset-config.yaml file:///mnt/low-side-data
-#+end_src
-
-
-* Install mirror registry high side
-
-#+begin_src tmux
-rsync -avP /mnt/low-side-data/mirror-registry.tar.gz highside:/mnt/high-side-data/
-ssh highside
-cd /mnt/high-side-data
-tar -xzvf mirror-registry.tar.gz
-./mirror-registry install --initPassword discopass
-#+end_src
-
-
-* Trust mirror registry high side
-
-#+begin_src tmux
-sudo cp -v $HOME/quay-install/quay-rootCA/rootCA.pem /etc/pki/ca-trust/source/anchors/
-sudo update-ca-trust
-podman login -u init -p discopass $(hostname):8443
-#+end_src
-
-
-* Transfer mirror content from low to high
-
-#+begin_src tmux
-exit
-rsync -avP /mnt/low-side-data/ highside:/mnt/high-side-data/
-ssh highside
-sudo mv -v /mnt/high-side-data/oc /bin/
-sudo mv -v /mnt/high-side-data/oc-mirror /bin/
-sudo mv -v /mnt/high-side-data/openshift-install /bin/
-cd /mnt/high-side-data
-oc-mirror --from=/mnt/high-side-data/mirror_seq1_000000.tar docker://$(hostname):8443
-#+end_src
-
-
-* Install openshift high side
-
-#+begin_src tmux
-cat << EOF > /mnt/high-side-data/install-config.yaml
----
-apiVersion: v1
-metadata:
-  name: disco
-baseDomain: lab
-compute:
-- architecture: amd64
-  hyperthreading: Enabled
-  name: worker
-  replicas: 0
-controlPlane:
-  architecture: amd64
-  hyperthreading: Enabled
-  name: master
-  replicas: 1
-  platform:
-    aws:
-      type: m5.8xlarge
-networking:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  machineNetwork:
-  - cidr: 10.0.0.0/16
-  networkType: OVNKubernetes
-  serviceNetwork:
-  - 172.30.0.0/16
-platform:
-  aws:
-    region: us-east-2
-    subnets:
-    - $(aws ec2 describe-subnets --output json | jq '.Subnets[0].SubnetId' -r)
-publish: Internal
-additionalTrustBundlePolicy: Always
-EOF
-if ! test -f "/mnt/high-side-data/id_rsa"; then
-    ssh-keygen -C "OpenShift Debug" -N "" -f /mnt/high-side-data/id_rsa
-fi
-echo "sshKey: $(cat /mnt/high-side-data/id_rsa.pub)" | tee -a /mnt/high-side-data/install-config.yaml
-echo "pullSecret: '$(jq -c . $XDG_RUNTIME_DIR/containers/auth.json)'" | tee -a /mnt/high-side-data/install-config.yaml
-if (test -e /mnt/high-side-data/oc-mirror-workspace/results-*/imageContentSourcePolicy.yaml)
-  then
-     echo -e "\n\n Looks good, go ahead! \n\n"
-   else
-     echo -e "\n\n Uh oh, something is wrong... \n\n"
-fi
-cat << EOF >> /mnt/high-side-data/install-config.yaml
-imageContentSources:
-$(grep "mirrors:" -A 2 --no-group-separator /mnt/high-side-data/oc-mirror-workspace/results-*/imageContentSourcePolicy.yaml)
-EOF
-tail -22 /mnt/high-side-data/install-config.yaml
-cat << EOF >> /mnt/high-side-data/install-config.yaml
-additionalTrustBundle: |
-$(sed 's/^/  /' /home/lab-user/quay-install/quay-rootCA/rootCA.pem)
-EOF
-cat /mnt/high-side-data/install-config.yaml
-cp -v /mnt/high-side-data/install-config.yaml /mnt/high-side-data/install-config.yaml.backup
-openshift-install create cluster --dir /mnt/high-side-data
-#+end_src
-
-
-* Disable default catalog sources high side
-
-#+begin_src tmux
-oc login https://api.disco.lab:6443 --username kubeadmin -p "$(more /mnt/high-side-data/auth/kubeadmin-password)" --insecure-skip-tls-verify=true
-oc patch OperatorHub cluster --type merge -p '{"spec": {"disableAllDefaultSources": true}}'
-oc create -f /mnt/high-side-data/oc-mirror-workspace/results-*/catalogSource-cs-redhat-operator-index.yaml
-#+end_src