openstack/ansible-role-tripleo-modify-image
Code Issues Proposed changes

Retire Tripleo: remove repo content

Browse Source 
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: Ib5a8155d76652044701ae05e5dbcc7078f41d863
This commit is contained in:
Ghanshyam Mann 2024-02-24 11:31:45 -08:00
parent b6eedb6fb1
commit cbf9d36df6
37 changed files with 8 additions and 1454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ansible-lint
View File

@ -1,2 +0,0 @@
---
parseable: true

2
.gitignore vendored
View File

@ -1,2 +0,0 @@
.eggs
.tox

40
.pre-commit-config.yaml
View File

@ -1,40 +0,0 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.4.0
hooks:
- id: end-of-file-fixer
- id: trailing-whitespace
- id: mixed-line-ending
- id: check-byte-order-marker
- id: check-executables-have-shebangs
- id: check-merge-conflict
- id: debug-statements
- id: flake8
- id: check-yaml
files: .*\.(yaml|yml)$
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.18.0
hooks:
- id: yamllint
files: \.(yaml|yml)$
types: [file, yaml]
entry: yamllint --strict -f parsable
- repo: https://github.com/ansible/ansible-lint.git
rev: v4.1.1a2
hooks:
- id: ansible-lint
files: \.(yaml|yml)$
entry: ansible-lint --force-color -v
- repo: https://github.com/openstack-dev/bashate.git
rev: 0.6.0
hooks:
- id: bashate
entry: bashate --error . --verbose --ignore=E006,E040
# Run bashate check for all bash scripts
# Ignores the following rules:
# E006: Line longer than 79 columns (as many scripts use jinja
# templating, this is very difficult)
# E040: Syntax error determined using `bash -n` (as many scripts
# use jinja templating, this will often fail and the syntax
# error will be discovered in execution anyway)

7
.yamllint
View File

@ -1,7 +0,0 @@
---
extends: default
rules:
line-length:
# matches hardcoded 160 value from ansible-lint
max: 160

175
LICENSE
View File

@ -1,175 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

334
README.rst
View File

@ -1,328 +1,10 @@
TripleO Modify Image This project is no longer maintained.
====================
A role to allow modification to container images built for the TripleO project. The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
Role Variables For any further questions, please email
-------------- openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.
.. list-table:: Variables used for modify image
:widths: auto
:header-rows: 1
* - Name
- Default Value
- Description
* - `source_image`
- `[undefined]`
- Mandatory fully qualified reference to the source image to be modified. The supplied Dockerfile will be copied and modified to make the FROM directive match this variable.
* - `modify_dir_path`
- `[undefined]`
- Mandatory path to the directory containing the Dockerfile to modify the image
* - `modified_append_tag`
- `date +-modified-%Y%m%d%H%M%S`
- String to be appended after the tag to indicate this is a modified version of the source image.
* - `target_image`
- `[undefined]`
- If set, the modified image will be tagged with `target_image + modified_append_tag`. If `target_image` is not set, the modified image will be tagged with `source_image + modified_append_tag`. If the purpose of the image is not changing, it may be enough to rely on the `source_image + modified_append_tag` tag to identify that this is a modified version of the source image.
.. list-table:: Variables used for yum update
:widths: auto
:header-rows: 1
* - Name
- Default Value
- Description
* - `source_image`
- `[undefined]`
- See modify image variables
* - `modified_append_tag`
- `date +-modified-%Y%m%d%H%M%S`
- See modify image variables
* - `target_image`
- `''`
- See modify image variables
* - `rpms_path`
- `''`
- If set, packages present in rpms_path will be updated but dependencies must also be included if required as yum
is called with localupdate.
* - `update_repo`
- `''`
- If set, packages from this repo will be updated. Other repos will only be used for dependencies of these updates.
* - `yum_repos_dir_path`
- `None`
- Optional path of directory to be used as `/etc/yum.repos.d` during the update
* - `yum_cache`
- `None`
- Optional path to the host directory for yum cache during the update.
Requires an overlay-enabled FS that also supports SE context relabling.
* - `force_purge_yum_cache`
- `False`
- Optional argument that tells buildah to forcefully re-populate the yum
cache with new contents.
.. list-table:: Variables used for yum install
:widths: auto
:header-rows: 1
* - Name
- Default Value
- Description
* - `source_image`
- `[undefined]`
- See modify image variables
* - `modified_append_tag`
- `date +-modified-%Y%m%d%H%M%S`
- See modify image variables
* - `target_image`
- `''`
- See modify image variables
* - `yum_packages`
- `[]`
- Provide a list of packages to install via yum
* - `yum_repos_dir_path`
- `None`
- Optional path of directory to be used as `/etc/yum.repos.d` during the update
.. list-table:: Variables used for dev install
:widths: auto
:header-rows: 1
* - Name
- Default Value
- Description
* - `source_image`
- `[undefined]`
- See modify image variables
* - `modified_append_tag`
- `date +-modified-%Y%m%d%H%M%S`
- See modify image variables
* - `target_image`
- `''`
- See modify image variables
* - `refspecs`
- `[]`
- An array of project/refspec pairs that will be installed into the generated container. Currently only supports python source projects.
* - `python_dir`
- `[]`
- Directory which contains a Python project ready to be installed with pip.
Requirements
------------
- ansible >= 2.4
- python >= 2.6
Dependencies
------------
None
Warnings
--------
On-disk repositories
....................
Please ensure the SELinux label for the on-disk repositories are correct.
Depending on your container-selinux (and podman) version, you may face issues.
Some examples of a correct type:
- ```system_u:object_r:rpm_var_cache_t```
- ```system_u:object_r:container_file_t```
First one matches the one of /var/cache/dnf, and is accessible from within a
container, while the second one may allow a container to actually write in
there.
Directories located in the user's home
......................................
You may want to avoid pointing to directories in your $HOME when running this
role, especially when it's running from within TripleO client (for instance
with the ```openstack tripleo container image prepare``` command). Doing so
may break due to the SELinux labels and permissions associated to your home
directory.
Please use another location, such as /opt, or even /tmp - and double-check the
SELinux labels therein.
Example Playbooks
-----------------
Modify Image
~~~~~~~~~~~~
The following playbook will produce a modified image with the tag
`:latest-modified-<timestamp>` based on the Dockerfile in the custom directory
`/path/to/example_modify_dir`.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
tasks_from: modify_image.yml
vars:
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
modify_dir_path: /path/to/example_modify_dir
The directory `example_modify_dir` contains the `Dockerfile` which will perform
the modification, for example:
.. code-block::
# This will be replaced in the file Dockerfile.modified
FROM centos-binary-nova-api
# switch to root to install packages
USER root
# install packages
RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "/tmp/get-pip.py"
RUN python /tmp/get-pip.py
# switch the container back to the default user
USER nova
Yum update
~~~~~~~~~~
The following playbook will produce a modified image with the tag
`:latest-updated` which will do a yum update using the host's /etc/yum.repos.d.
Only file repositories will be used (with baseurl=file://...).
In this playbook the tasks\_from is set as a variable instead of an
`import_role` parameter.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: yum_update.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
yum_repos_dir_path: /etc/yum.repos.d
modified_append_tag: updated
yum_cache: /tmp/containers-updater/yum_cache
rpms_path: /opt/rpms
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: yum_update.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
modified_append_tag: updated
rpms_path: /opt/rpms/
Note, if you have a locally installed gating repo, you can add
``update_repo: gating-repo``. This may be the case for the consequent in-place
deployments, like those performed with the CI reproducer script.
Yum install
~~~~~~~~~~~
The following playbook will produce a modified image with the tag
`:latest-updated` which will do a yum install of the requested packages
using the host's /etc/yum.repos.d. In this playbook the tasks\_from is set as
a variable instead of an `import_role` parameter.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: yum_install.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
yum_repos_dir_path: /etc/yum.repos.d
yum_packages: ['foobar-nova-plugin', 'fizzbuzz-nova-plugin']
RPM install
~~~~~~~~~~~
The following playbook will produce a modified image with RPMs from the
specified rpms\_path on the local filesystem installed as a new layer
for the container. The new container tag is appened with the '-hotfix'
suffix. Useful for creating adhoc hotfix containers with local RPMs with no
network connectivity.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: rpm_install.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
rpms_path: /opt/rpms
modified_append_tag: -hotfix
Dev install
~~~~~~~~~~~
The following playbook will produce a modified image with Python source
code installed via pip. To minimize dependencies within the container
we generate the sdist locally and then copy it into the resulting
container image as an sdist tarball to run pip install locally.
It can be used to pull a review from OpenDev Gerrit:
.. code-block::
- hosts: localhost
connection: local
tasks:
- name: dev install heat-api
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: dev_install.yml
source_image: docker.io/tripleomaster/centos-binary-heat-api:current-tripleo
refspecs:
-
project: heat
refspec: refs/changes/12/1234/3
modified_append_tag: -devel
or it can be used to build an image from a local Python directory:
.. code-block::
- hosts: localhost
connection: local
tasks:
- name: dev install heat-api
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: dev_install.yml
source_image: docker.io/tripleomaster/centos-binary-heat-api:current-tripleo
modified_append_tag: -devel
python_dir:
- /home/joe/git/openstack/heat
Note: here, we can use a directory located in the user's home because it's
probably launched by the user.
License
-------
Apache 2.0

6
ansible-requirements.txt
View File

@ -1,6 +0,0 @@
# These are required here because ansible can't be in global-requirements due
# to licensing conflicts. But we sill need to be able to pull them in for
# lint checks and want to document these as ansible specific things that may
# be required for this repository.
ansible
ansible-lint

11
ansible.cfg
View File

@ -1,11 +0,0 @@
[defaults]
gathering = smart
command_warnings = False
retry_files_enabled = False
callback_whitelist = profile_tasks
# Attempt to load custom modules whether it's installed system-wide or from a virtual environment
roles_path = roles:$VIRTUAL_ENV/usr/share/ansible/roles/tripleo-modify-image:$VIRTUAL_ENV/share/ansible/roles/
[ssh_connection]
control_path = %(directory)s/%C

21
ci-scripts/ansible-lint.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
# ANSIBLE0006: Using command rather than module
# we have a few use cases where we need to use curl and rsync
# ANSIBLE0007: Using command rather than an argument to e.g file
# we have a lot of 'rm' command and we should use file module instead
# ANSIBLE0010: Package installs should not use latest.
# Sometimes we need to update some packages.
# ANSIBLE0012: Commands should not change things if nothing needs doing
# ANSIBLE0013: Use Shell only when shell functionality is required
# ANSIBLE0016: Tasks that run when changed should likely be handlers
# this requires refactoring roles, skipping for now
SKIPLIST="ANSIBLE0006,ANSIBLE0007,ANSIBLE0010,ANSIBLE0012,ANSIBLE0013,ANSIBLE0016"
# Lin the role.
ansible-lint -vvv -x $SKIPLIST ./ || lint_error=1
# exit with 1 if we had a least an error or warning.
if [[ -n "$lint_error" ]]; then
exit 1;
fi

6
defaults/main.yml
View File

@ -1,6 +0,0 @@
---
update_repo: ''
python_dir: []
refspecs: []
yum_packages: []
force_purge_yum_cache: false

50
files/dev_install.sh
View File

@ -1,50 +0,0 @@
set -eou pipefail
PYTHON_CMD=$(command -v python3 || command -v python2 || command -v python)
# Cherry-pick a refspec
# $1 : project name e.g. keystone
# $2 : Gerrit refspec(s) to cherry pick
function cherrypick {
local PROJ_NAME=$1
local REFSPECS="$2"
# check that git is installed
if ! rpm -qi git &> /dev/null && ! rpm -qi git-core &> /dev/null; then
echo "Please install git before using this module."
exit 1
fi
if [ ! -d "$PROJ_NAME" ]; then
git clone "https://opendev.org/openstack/$PROJ_NAME"
fi
cd "$PROJ_NAME"
for REFSPEC in $REFSPECS; do
git fetch "https://review.opendev.org/openstack/$PROJ_NAME" "$REFSPEC"
git cherry-pick FETCH_HEAD || git cherry-pick --abort
done
SKIP_GENERATE_AUTHORS=1 SKIP_WRITE_GIT_CHANGELOG=1 $PYTHON_CMD setup.py sdist
cp dist/*.tar.gz ../
}
# Copy a Python directory
# $1 : Python directory to copy and install to generate a tarball.
function copy {
local PYTHON_DIR=$1
rm -rf dev
cp -r $PYTHON_DIR dev
cd dev
SKIP_GENERATE_AUTHORS=1 SKIP_WRITE_GIT_CHANGELOG=1 $PYTHON_CMD setup.py sdist
cp dist/*.tar.gz ../
}
mkdir -p refspec_projects
cd refspec_projects
if [[ "$GERRIT_MODE" == 1 ]]; then
cherrypick $1 $2
else
copy $1
fi

7
files/rpm_install.sh
View File

@ -1,7 +0,0 @@
#!/bin/sh
set -eox pipefail
rpm --replacepkgs --replacefiles --oldpackage -Uvh /tmp/*.rpm
rm -f /tmp/*.rpm
rm -f /tmp/rpm_install.sh

16
files/yum_install.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
set -eou pipefail
PKG="$(command -v dnf || command -v yum)"
PKG_MGR="$(echo ${PKG:(-3)})"
if [ -z "$1" ]; then
echo "No packages were specified to install..."
exit 1
fi
YUM_PACKAGES=$1
$PKG -y install $YUM_PACKAGES
rm -rf /var/cache/$PKG_MGR

22
meta/main.yml
View File

@ -1,22 +0,0 @@
---
galaxy_info:
author: Steve Baker
description: Modify container images built for TripleO
company: Red Hat
license: Apache 2.0
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 7
galaxy_tags:
- buildah
- container
- openstack
- tripleo
- packaging
- system
dependencies: []

2
requirements.txt
View File

@ -1,2 +0,0 @@
pbr>=1.6
ansible

41
setup.cfg
View File

@ -1,41 +0,0 @@
[metadata]
name = ansible-role-tripleo-modify-image
summary = ansible-tripleo-modify-image - Ansible role to allow modification to container images built for the TripleO project.
description_file =
README.rst
author = TripleO Team
author_email = sbaker@redhat.com
home_page = https://git.openstack.org/cgit/openstack/ansible-role-tripleo-modify-image
classifier =
License :: OSI Approved :: Apache Software License
Development Status :: 4 - Beta
Intended Audience :: Developers
Intended Audience :: System Administrators
Intended Audience :: Information Technology
Topic :: Utilities
[global]
setup_hooks =
pbr.hooks.setup_hook
[files]
data_files =
share/ansible/roles/tripleo-modify-image/defaults = defaults/*
share/ansible/roles/tripleo-modify-image/meta = meta/*
share/ansible/roles/tripleo-modify-image/tasks = tasks/*
share/ansible/roles/tripleo-modify-image/templates = templates/*
share/ansible/roles/tripleo-modify-image/files = files/*
share/ansible/roles/tripleo-modify-image/vars = vars/*
[wheel]
universal = 1
[pbr]
skip_authors = True
skip_changelog = True
[flake8]
# E123, E125 skipped as they are invalid PEP-8.
show-source = True
ignore = E123,E125
builtins = _

21
setup.py
View File

@ -1,21 +0,0 @@
# Copyright Red Hat, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import setuptools
setuptools.setup(
long_description_content_type='text/markdown',
setup_requires=['pbr'],
py_modules=[],
pbr=True)

20
tasks/copy_rpms.yml
View File

@ -1,20 +0,0 @@
---
- name: List RPMs
find:
paths: "{{ rpms_path }}"
patterns: "^.*?\\.rpm$"
use_regex: true
when: rpms_path is defined
register: context_rpms
- name: Set rpms_list
set_fact:
rpms_list: "{{ context_rpms.files|json_query('[*].path') }}"
when: rpms_path is defined
- name: Copy RPMs to context dir
copy:
src: "{{ item }}"
dest: "{{ modify_dir_path }}"
with_list: "{{ rpms_list }}"
when: rpms_path is defined

47
tasks/dev_install.yml
View File

@ -1,47 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- import_tasks: get_original_user.yml
- name: Create image build context directory
tempfile:
state: directory
prefix: tripleo-modify-image
register: context_dir
- name: Set modify_dir_path
set_fact:
modify_dir_path: "{{ context_dir.path }}"
- name: Write Dockerfile to {{ modify_dir_path }}
template:
src: Dockerfile-dev.j2
dest: "{{ modify_dir_path }}/Dockerfile"
- name: Write dev_install.sh
copy:
src: dev_install.sh
dest: "{{ modify_dir_path }}/dev_install.sh"
mode: '0555'
- name: Git checkout the refspecs into local temp dir
command: "/bin/bash dev_install.sh {{ item.project }} {{ item.refspec }}"
environment:
GERRIT_MODE: 1
args:
chdir: "{{ modify_dir_path }}"
loop: "{{ refspecs }}"
when: item | length > 0
- name: Copy the Python directories into local temp dir
command: "/bin/bash dev_install.sh {{ item }}"
environment:
GERRIT_MODE: 0
args:
chdir: "{{ modify_dir_path }}"
loop: "{{ python_dir }}"
when: item | length > 0
- include_tasks: modify_image.yml

14
tasks/get_original_user.yml
View File

@ -1,14 +0,0 @@
---
- name: Ensure image exists
shell: podman image exists {{ source_image }} || podman pull {{ source_image }}
become: true
- name: Inspect image with Buildah
command: buildah inspect {{ source_image }}
register: source_image_facts
become: true
- name: Set config with Buildah
set_fact:
buildah_config: "{{ source_image_facts.stdout_lines | join('') | from_json }}"
- name: Set original_user with Buildah
set_fact:
original_user: "{{ buildah_config['Docker']['config']['User'] }}"

6
tasks/main.yml
View File

@ -1,6 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- import_tasks: "{{ tasks_from | default('modify_image.yml') }}"

45
tasks/modify_image.yml
View File

@ -1,45 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- name: Ensure that modify_dir_path is defined
assert:
that:
- modify_dir_path is defined
- modify_dir_path | length > 0
- name: Create Dockerfile tempfile name
tempfile:
path: "{{ modify_dir_path }}"
prefix: Dockerfile.
register: dockerfile
- name: Copy Dockerfile to {{ dockerfile.path }}
copy:
src: "{{ modify_dir_path }}/Dockerfile"
dest: "{{ dockerfile.path }}"
remote_src: true
- name: Replace FROM directive
lineinfile:
path: "{{ dockerfile.path }}"
regexp: "^FROM "
line: "FROM {{ source_image }}"
- name: Add LABEL modified_append_tag={{ modified_append_tag }}
lineinfile:
path: "{{ dockerfile.path }}"
insertafter: "^FROM "
line: "LABEL modified_append_tag={{ modified_append_tag }}"
- name: Modify image from {{ modify_dir_path }}
command: >-
buildah bud
--format docker
--tag {{ target_image | default(source_image) }}{{ modified_append_tag }}
--file {{ dockerfile.path }} --network host ./
# FIXME: buildah should not required root commands to build an image
become: true
args:
chdir: "{{ modify_dir_path }}"

11
tasks/precheck.yml
View File

@ -1,11 +0,0 @@
---
- name: Ensure that source_image is defined
assert:
that:
- source_image is defined
- source_image | length > 0
- name: Set default modified_append_tag
set_fact:
modified_append_tag: "{{ lookup('pipe','date +-modified-%Y%m%d%H%M%S') }}"
when: modified_append_tag is undefined

36
tasks/rpm_install.yml
View File

@ -1,36 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- import_tasks: get_original_user.yml
- name: Create image build context directory
tempfile:
state: directory
prefix: tripleo-modify-image
register: context_dir
- name: Set modify_dir_path
set_fact:
modify_dir_path: "{{ context_dir.path }}"
- import_tasks: copy_rpms.yml
- name: Write Dockerfile to {{ modify_dir_path }}
template:
src: Dockerfile-rpm.j2
dest: "{{ modify_dir_path }}/Dockerfile"
- name: Write rpm_install.sh
copy:
src: rpm_install.sh
dest: "{{ modify_dir_path }}/rpm_install.sh"
mode: '0555'
- include_tasks: modify_image.yml
- name: Clean modify directory
file:
state: absent
path: "{{ modify_dir_path }}"

12
tasks/yum_common.yml
View File

@ -1,12 +0,0 @@
---
- name: Identify the primary package manager (dnf or yum)
shell: command -v dnf || command -v yum
register: pkg_mgr_output
- name: Set fact for the used package manager binary
set_fact:
pkg_mgr: "{{ pkg_mgr_output.stdout }}"
- name: Set fact for pkg_mgr_suffix
set_fact:
pkg_mgr_suffix: "{{ pkg_mgr.split('/')[-1] }}"

6
tasks/yum_install.yml
View File

@ -1,6 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- import_tasks: yum_install_buildah.yml

108
tasks/yum_install_buildah.yml
View File

@ -1,108 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- name: From image {{ source_image }}
command: buildah from {{ source_image }}
register: from_image_cmd
- name: Set from_image
set_fact:
from_image: "{{ from_image_cmd.stdout }}"
- name: Run buildah config
command: >
buildah config
--label modified_append_tag={{ modified_append_tag }}
--workingdir / {{ from_image }}
- name: Create tempfile name for yum_install.sh
tempfile:
state: file
register: yum_install
- import_tasks: yum_common.yml
tags:
- always
- name: Prepare yum_install.sh script
copy:
src: files/yum_install.sh
dest: "{{ yum_install.path }}"
mode: 0755
- name: List file repos
shell: sed -n 's|baseurl=file://||p' *.repo
args:
chdir: "{{ yum_repos_dir_path }}"
register: file_repos
- name: Find if /etc/{{ pkg_mgr_suffix }}/vars exists
stat:
path: /etc/{{ pkg_mgr_suffix }}/vars
register: pkg_mgr_vars_stat
- block:
- name: Run yum_install.sh
command: >
buildah run
--volume {{ yum_install.path }}:/tmp/yum_install.sh
--volume {{ yum_repos_dir_path }}:/etc/yum.repos.d
{% if pkg_mgr_vars_stat.stat.exists %}
--volume /etc/{{ pkg_mgr_suffix }}/vars:/etc/{{ pkg_mgr_suffix }}/vars
{% endif %}
{% for repo in file_repos.stdout_lines %}
{% if repo is exists %}
--volume {{ repo }}:{{ repo }}
{% endif %}
{% endfor %}
--user root
--net host
{{ from_image }}
/tmp/yum_install.sh "{{ yum_packages | join(' ') }}"
register: result
rescue:
- name: Run yum_install.sh (retry)
command: >
buildah --debug run
--volume {{ yum_install.path }}:/tmp/yum_install.sh
--volume {{ yum_repos_dir_path }}:/etc/yum.repos.d
{% if pkg_mgr_vars_stat.stat.exists %}
--volume /etc/{{ pkg_mgr_suffix }}/vars:/etc/{{ pkg_mgr_suffix }}/vars
{% endif %}
{% for repo in file_repos.stdout_lines %}
{% if repo is exists %}
--volume {{ repo }}:{{ repo }}
{% endif %}
{% endfor %}
--user root
--net host
{{ from_image }}
bash -x /tmp/yum_install.sh "{{ yum_packages | join(' ') }}"
retries: 2
delay: 3
register: result
until: result.rc == 0
- name: Remove temporary yum_install.sh script
file:
path: "{{ yum_install.path }}"
state: absent
# NOTE(aschultz): remove --format docker when oci images are properly supported
- name: Commit changes to image
({{ target_image | default(source_image) }}{{ modified_append_tag }})
command: >
buildah commit
--format docker
{{ from_image }}
{{ target_image | default(source_image) }}{{ modified_append_tag }}
- name: Cleanup working container
command: >
buildah rm {{ from_image }}
retries: 5
delay: 5
ignore_errors: true

6
tasks/yum_update.yml
View File

@ -1,6 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- import_tasks: yum_update_buildah.yml

191
tasks/yum_update_buildah.yml
View File

@ -1,191 +0,0 @@
---
- import_tasks: precheck.yml
tags:
- always
- name: From image {{ source_image }}
command: buildah from {{ source_image }}
register: from_image_cmd
retries: 3
delay: 5
until: from_image_cmd is succeeded
- name: Set from_image
set_fact:
from_image: "{{ from_image_cmd.stdout }}"
- name: Run buildah config
command: >
buildah config
--label modified_append_tag={{ modified_append_tag }}
--workingdir / {{ from_image }}
- name: Create tempfile name for yum_update.sh
tempfile:
state: file
register: yum_update
- import_tasks: yum_common.yml
tags:
- always
- name: Set fact for the used cache path
set_fact:
cache_path: /var/cache/{{ pkg_mgr_suffix }}
- import_tasks: copy_rpms.yml
- name: Prepare yum_update.sh script
template:
src: yum_update.sh.j2
dest: "{{ yum_update.path }}"
mode: 0755
- name: List file repos
shell: sed -n 's|baseurl=file://||p' *.repo
args:
chdir: "{{ yum_repos_dir_path }}"
register: file_repos
when: rpms_path is undefined
- name: Find if /etc/{{ pkg_mgr_suffix }}/vars exists
stat:
path: /etc/{{ pkg_mgr_suffix }}/vars
register: pkg_mgr_vars_stat
- name: Define bind-mount modes for yum cache to be populated or used
when: yum_cache is defined and yum_cache
block:
- name: Check for the cache existence
stat:
path: "{{ yum_cache }}"
get_checksum: false
register: yum_cache_stat
- name: Check for the cache contents
shell: ls -A {{ yum_cache }}
register: yum_cache_contents
when: yum_cache_stat.stat.exists|default()
- name: Purge the cache on host
file:
path: "{{ yum_cache }}"
state: absent
when:
- force_purge_yum_cache|bool
- yum_cache_contents is defined
- yum_cache_contents.stdout
- name: Ensure the cache path exists
file:
path: "{{ yum_cache }}"
state: directory
mode: 0755
setype: svirt_sandbox_file_t
when: not yum_cache_stat.stat.exists|default()
- name: Check if the cache path has been already mounted
command: findmnt {{ yum_cache }}
register: findmnt_result
failed_when: false
- name: Use the pre-populated non-empty cache as an overlay fs
set_fact:
cache_volume: "{{ yum_cache }}:{{ cache_path }}:O"
when:
- yum_cache_stat.stat.exists|default()
- yum_cache_contents.stdout
- findmnt_result.rc != 0
- name: Define the cache populating mode otherwise
set_fact:
cache_volume: "{{ yum_cache }}:{{ cache_path }}:rw,z"
when: cache_volume is not defined
- block:
- name: Run yum_update.sh
command: >
buildah run
--volume {{ yum_update.path }}:/tmp/yum_update.sh:z
--volume {{ yum_repos_dir_path }}:/etc/yum.repos.d
{% if pkg_mgr_vars_stat.stat.exists %}
--volume /etc/{{ pkg_mgr_suffix }}/vars:/etc/{{ pkg_mgr_suffix }}/vars
{% endif %}
--volume /etc/pki:/etc/pki
{% if cache_volume is defined and cache_volume %}
--volume {{ cache_volume }}
{% endif %}
{% for repo in file_repos.stdout_lines %}
{% if repo is exists %}
--volume {{ repo }}:{{ repo }}
{% endif %}
{% endfor %}
--user root
--net host
{{ from_image }}
/tmp/yum_update.sh "{{ update_repo }}"
register: result
rescue:
- name: Run yum_update.sh (retry without yum cache)
command: >
buildah --debug run
--volume {{ yum_update.path }}:/tmp/yum_update.sh:z
--volume {{ yum_repos_dir_path }}:/etc/yum.repos.d
{% if pkg_mgr_vars_stat.stat.exists %}
--volume /etc/{{ pkg_mgr_suffix }}/vars:/etc/{{ pkg_mgr_suffix }}/vars
{% endif %}
--volume /etc/pki:/etc/pki
{% for repo in file_repos.stdout_lines %}
{% if repo is exists %}
--volume {{ repo }}:{{ repo }}
{% endif %}
{% endfor %}
--user root
--net host
{{ from_image }}
bash -x /tmp/yum_update.sh "{{ update_repo }}"
retries: 2
delay: 3
register: result
until: result.rc == 0
- name: Remove temporary yum_update.sh script
file:
path: "{{ yum_update.path }}"
state: absent
- name: Create the repo list
set_fact:
repo_list: "{{ update_repo.split(',') }}"
- name: Capture the update repos and installed rpms
shell: >
buildah run {{ from_image }} yum list installed > /var/log/container_info.log
register: rpm_list
- name: Extract the updated rpms
shell: |
UPDATE_LOG=/var/log/container_image_update_output.log;
touch $UPDATE_LOG;
echo "** {{ target_image | default(source_image) }}{{ modified_append_tag }} **" >> $UPDATE_LOG;
{% for repo in repo_list %}
cat /var/log/container_info.log | grep -F "@{{ repo|replace(' ', '') }}" >> $UPDATE_LOG || true;
{% endfor %}
rm -f /var/log/container_info.log
# NOTE(aschultz): remove --format docker when oci images are properly supported
- name: Commit changes to image
({{ target_image | default(source_image) }}{{ modified_append_tag }})
command: >
buildah commit
--format docker
{{ from_image }}
{{ target_image | default(source_image) }}{{ modified_append_tag }}
- name: Cleanup working container
command: >
buildah rm {{ from_image }}
retries: 5
delay: 5
ignore_errors: true

15
templates/Dockerfile-dev.j2
View File

@ -1,15 +0,0 @@
FROM {{ source_image }}
LABEL modified_append_tag={{ modified_append_tag }}
USER root
COPY refspec_projects /root/refspec_projects
RUN /bin/bash -c 'PKG="$(command -v dnf || command -v yum)"; \
PKG_MGR="$(echo ${PKG:(-3)})"; \
if [ $PKG_MGR == "dnf" ]; then $PKG install -y python3-pip; PIP=pip3; else $PKG install -y python-pip; \
PIP=pip; fi; \
cd /; \
for X in $(ls /root/refspec_projects/*.tar.gz); do $PIP install $X; done; \
rm -Rf /root/refspec_projects'
USER "{{ original_user }}"

14
templates/Dockerfile-rpm.j2
View File

@ -1,14 +0,0 @@
FROM {{ source_image }}
LABEL modified_append_tag={{ modified_append_tag }}
WORKDIR /
USER root
{% for rpm in rpms_list %}
COPY {{ rpm | basename }} /tmp/
{% endfor %}
COPY rpm_install.sh /tmp/
RUN /tmp/rpm_install.sh
USER "{{ original_user }}"

17
templates/Dockerfile-yum-install.j2
View File

@ -1,17 +0,0 @@
FROM {{ source_image }}
LABEL modified_append_tag={{ modified_append_tag }}
WORKDIR /
USER root
COPY yum_install.sh /tmp/
{% if yum_repos_dir_path is defined %}
RUN rm -rf /etc/yum.repos.d/
COPY yum.repos.d /etc/yum.repos.d
COPY repos /
{% endif %}
RUN /tmp/yum_install.sh "{{ yum_packages | join(' ') }}"
USER "{{ original_user }}"

22
templates/Dockerfile-yum.j2
View File

@ -1,22 +0,0 @@
FROM {{ source_image }}
LABEL modified_append_tag={{ modified_append_tag }}
WORKDIR /
USER root
COPY yum_update.sh /tmp/
{% if yum_repos_dir_path is defined %}
RUN rm -rf /etc/yum.repos.d/
COPY yum.repos.d /etc/yum.repos.d
COPY repos /
{% endif %}
{% if rpms_path is defined %}
{% for rpm in rpms_list %}
COPY {{ rpm | basename }} /tmp/
{% endfor %}
{% endif %}
RUN /tmp/yum_update.sh "{{ update_repo }}"
USER "{{ original_user }}"

57
templates/yum_update.sh.j2
View File

@ -1,57 +0,0 @@
#!/bin/bash
set -eou pipefail
PKG="$(command -v dnf || command -v yum)"
PKG_MGR="$(echo ${PKG:(-3)})"
{% if rpms_path is defined %}
$PKG -y localupdate /tmp/*.rpm
rm -f /tmp/*.rpm
{% else %}
if [ $PKG_MGR == "dnf" ]; then
REPOQUERY_CMD="$PKG repoquery"
else
REPOQUERY_CMD="$(command -v repoquery)"
fi
packages_for_update=
if [ -n "$1" ] && [[ -n $REPOQUERY_CMD ]]; then
installed_versions=$(rpm -qa --qf "%{NAME} = %{VERSION}-%{RELEASE}\n" | sort)
# dnf repoquery return 1 when repo does not exists, but standalone does not
available_versions=$($REPOQUERY_CMD --quiet --provides --disablerepo='*' --enablerepo=$1 -a | sort || true)
uptodate_versions=$(comm -12 <(printf "%s\n" "$installed_versions") <(printf "%s\n" "$available_versions"))
installed=$(printf "%s\n" "$installed_versions" | cut -d= -f1 | sort)
available=$(printf "%s\n" "$available_versions" | cut -d= -f1 | sort -u)
uptodate=$(printf "%s\n" "$uptodate_versions" | cut -d= -f1 | sort)
installed_for_update=$(comm -23 <(printf "%s\n" "$installed") <(printf "%s\n" "$uptodate"))
packages_for_update=$(comm -12 <(printf "%s\n" "$installed_for_update") <(printf "%s\n" "$available"))
fi
if [ -z "$packages_for_update" ]; then
echo "No packages were found for update..."
exit
fi
if [ $PKG_MGR == "dnf" ]; then
plugin=dnf-plugins-core
else
plugin=yum-plugin-priorities
fi
if $(! echo $installed | grep -qw $plugin) && $($PKG list available $plugin >/dev/null 2>&1); then
$PKG install -y $plugin
fi
YUM_OPTS="{% if yum_cache is defined and yum_cache %}--setopt=keepcache=1{% endif %}"
$PKG -y update $YUM_OPTS $packages_for_update
{% endif %}
{% if yum_cache is defined and yum_cache %}
sync
{% else %}
rm -rf /var/cache/$PKG_MGR
{% endif %}

1
test-requirements.txt
View File

@ -1 +0,0 @@
pre-commit # MIT

47
tox.ini
View File

@ -1,47 +0,0 @@
[tox]
minversion = 2.0
envlist = docs, linters
skipdist = True
[testenv]
usedevelop = True
install_command = pip install -c{env:TOX_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
setenv = VIRTUAL_ENV={envdir}
passenv =
CURL_CA_BUNDLE
REQUESTS_CA_BUNDLE
SSH_AUTH_SOCK
SSL_CERT_FILE
TERM
deps = -r{toxinidir}/test-requirements.txt
whitelist_externals = bash
[testenv:bindep]
basepython = python3
# Do not install any requirements. We want this to be fast and work even if
# system dependencies are missing, since it's used to tell you what system
# dependencies are missing! This also means that bindep must be installed
# separately, outside of the requirements files.
deps = bindep
commands = bindep test
[testenv:linters]
basepython = python3
commands =
python -m pre_commit run {posargs} -a
[testenv:releasenotes]
basepython = python3
whitelist_externals = bash
commands = bash -c ci-scripts/releasenotes_tox.sh
[testenv:venv]
basepython = python3
commands = {posargs}
[flake8]
# E123, E125 skipped as they are invalid PEP-8.
# E265 deals with spaces inside of comments
show-source = True
ignore = E123,E125,E265
builtins = _

24
zuul.d/layout.yaml
View File

@ -1,24 +0,0 @@
---
- project:
templates:
- tripleo-multinode-container-minimal-pipeline
queue: tripleo
check:
jobs:
- openstack-tox-linters
- tripleo-ci-centos-9-content-provider
- tripleo-ci-centos-9-scenario001-standalone: &scenario001
vars:
consumer_job: true
tags:
- standalone
dependencies:
- tripleo-ci-centos-9-content-provider
gate:
jobs:
- openstack-tox-linters
- tripleo-ci-centos-9-content-provider
- tripleo-ci-centos-9-scenario001-standalone: *scenario001
post:
jobs:
- publish-openstack-python-branch-tarball