Add MPC macos configuration to stone-stage-p01

hugares · hugares · commit 062ca7e266de · 2025-12-05T11:09:52.000-05:00
Add support for macos in helm template and add first configuration of
macos in stone-stage-p01.

Signed-off-by: Hugo Ares &lt;hares@redhat.com&gt;
diff --git a/components/multi-platform-controller/base/host-config-chart/templates/host-config.yaml b/components/multi-platform-controller/base/host-config-chart/templates/host-config.yaml
@@ -1083,6 +1083,40 @@ data:
   {{- end }}
   {{ end }}
 
+  {{- if hasKey .Values.dynamicConfigs "macos-arm64" }}
+  {{- $config := index .Values.dynamicConfigs "macos-arm64" | default (dict) }}
+  dynamic.macos-arm64.type: {{ index $config "type" | default "aws" | quote }}
+  dynamic.macos-arm64.region: {{ index $config "region" | default "us-east-1" | quote }}
+  dynamic.macos-arm64.ami: {{ default (index $amd "ami") $config.ami | quote }}
+  dynamic.macos-arm64.instance-type: {{ (index $config "instance-type") | default "mac2.metal" | quote }}
+  dynamic.macos-arm64.instance-tag: {{ (index $config "instance-tag") | default (printf "%s-arm64-macos" $environment) | quote }}
+  dynamic.macos-arm64.key-name: {{ default (index $amd "key-name") ((index $config "key-name")) | quote }}
+  dynamic.macos-arm64.aws-secret: {{ (index $config "aws-secret") | default "aws-account" | quote }}
+  dynamic.macos-arm64.ssh-secret: {{ (index $config "ssh-secret") | default "aws-ssh-key" | quote }}
+  dynamic.macos-arm64.security-group-id: {{ default (index $amd "security-group-id") ((index $config "security-group-id")) | quote }}
+  dynamic.macos-arm64.max-instances: {{ (index $config "max-instances") | default "1" | quote }}
+  dynamic.macos-arm64.subnet-id: {{ default (index $amd "subnet-id") ((index $config "subnet-id")) | quote }}
+  dynamic.macos-arm64.disk: {{ index $config "disk" | default "100" | quote }}
+  dynamic.macos-arm64.check-interval: {{ (index $config "check-interval") | default "60" | quote }}
+  dynamic.macos-arm64.allocation-timeout: "1200"
+  dynamic.macos-arm64.tenancy: "host"
+  dynamic.macos-arm64.host-resource-group-arn: {{ index $config "host-resource-group-arn" | quote }}
+  dynamic.macos-arm64.license-configuration-arn: {{ index $config "license-configuration-arn" | quote }}
+   {{- if (index $config "iops") }}
+  dynamic.macos-arm64.iops: {{ index $config "iops" | quote }}
+  {{ end }}
+  {{- if (index $config "throughput") }}
+  dynamic.macos-arm64.throughput: {{ index $config "throughput" | quote }}
+  {{ end }}
+  {{- if (index $config "user-data") }}
+  dynamic.macos-arm64.user-data: |
+  {{- $lines := splitList "\n" (index $config "user-data") }}
+  {{- range $line := $lines }}
+    {{ $line }}
+  {{- end }}
+  {{- end }}
+  {{ end }}
+
   # Static hosts configuration
   {{- range $host, $config := .Values.staticHosts }}
   {{- range $key, $value := $config }}
diff --git a/components/multi-platform-controller/staging-downstream/host-values.yaml b/components/multi-platform-controller/staging-downstream/host-values.yaml
@@ -176,6 +176,63 @@ dynamicConfigs:
     sudo-commands: "/usr/bin/podman"
     disk: "200"
 
+  macos-arm64:
+    ami: "ami-000ce2c23b96216d3"
+    key-name: "packer-key"
+    host-resource-group-arn: "arn:aws:resource-groups:us-east-1:654654171619:group/MacOS-Servers"
+    license-configuration-arn: "arn:aws:license-manager:us-east-1:654654171619:license-configuration:lic-fecd71a2010a12080e452eb28065f489"
+    user-data: |
+      #!/bin/bash
+      set -eu
+      set -x
+
+      user="konflux-builder"
+
+      # Check if user already exists
+      if ! id "$user" &>/dev/null; then
+          # Generate random password
+          random_password=$(openssl rand -base64 32)
+
+          # Create user
+          sudo sysadminctl -addUser "$user" -fullName "Konflux Builder" -password "$random_password" -home /Users/$user
+
+          # Clear password from variable
+          unset random_password
+      else
+          echo "User $user already exists, skipping user creation"
+      fi
+
+      # Create home directory if it doesn't exist
+      sudo mkdir -p /Users/$user
+
+      # Create SSH directory
+      sudo mkdir -p /Users/$user/.ssh
+
+      # Remove existing SSH keys if they exist
+      sudo rm -f /Users/$user/.ssh/id_rsa /Users/$user/.ssh/id_rsa.pub
+
+      # Generate new SSH keys
+      sudo ssh-keygen -t rsa -b 4096 -f /Users/$user/.ssh/id_rsa -N "" -C ""
+
+      # Set proper permissions on .ssh directory
+      sudo chmod 700 /Users/$user/.ssh
+
+      # Create/overwrite authorized_keys
+      sudo chmod 600 /Users/$user/.ssh/authorized_keys 2>/dev/null || true
+      sudo cat /Users/$user/.ssh/id_rsa.pub | sudo tee /Users/$user/.ssh/authorized_keys > /dev/null
+
+      # Set ownership of entire home directory to ensure user has full control
+      sudo chown -R $user:staff /Users/$user
+
+      # Copy private key to ec2-user's directory
+      sudo cp /Users/$user/.ssh/id_rsa /Users/ec2-user/$user
+
+      # Set ownership of the copied private key to ec2-user
+      sudo chown ec2-user:staff /Users/ec2-user/$user
+      sudo chmod 600 /Users/ec2-user/$user
+
+      --//--
+
 # Static hosts configuration
 staticHosts:
   ppc64le-static-1:
