From 9b2277302d13a94b383a66d2064a19c4f96482d7 Mon Sep 17 00:00:00 2001 From: satoshi-sh Date: Tue, 4 Mar 2025 19:29:23 +0000 Subject: [PATCH] Create Podman DIB Element for container-based cleaning Create ironic-python-agent-podman. It installs podman and create conf files for podman, ipa, and cleaning steps Add explanation how to configure on README.rst Partial-Bug: #2100556 Change-Id: Id78f0488b4aee34a2682f51d5e647ad81f9e505f --- .../ironic-python-agent-podman/README.rst | 92 +++++++++++++++++++ .../ironic-python-agent-podman/element-deps | 2 + .../environment.d/10-setup.bash | 21 +++++ .../package-installs.yaml | 2 + .../pre-finalise.d/10-ipa-podman-config | 10 ++ .../pre-finalise.d/20-ipa-config | 17 ++++ .../pre-finalise.d/30-ipa-steps | 10 ++ 7 files changed, 154 insertions(+) create mode 100644 dib/element/ironic-python-agent-podman/README.rst create mode 100644 dib/element/ironic-python-agent-podman/element-deps create mode 100644 dib/element/ironic-python-agent-podman/environment.d/10-setup.bash create mode 100644 dib/element/ironic-python-agent-podman/package-installs.yaml create mode 100755 dib/element/ironic-python-agent-podman/pre-finalise.d/10-ipa-podman-config create mode 100755 dib/element/ironic-python-agent-podman/pre-finalise.d/20-ipa-config create mode 100755 dib/element/ironic-python-agent-podman/pre-finalise.d/30-ipa-steps diff --git a/dib/element/ironic-python-agent-podman/README.rst b/dib/element/ironic-python-agent-podman/README.rst new file mode 100644 index 0000000..6cf3774 --- /dev/null +++ b/dib/element/ironic-python-agent-podman/README.rst @@ -0,0 +1,92 @@ +# ironic-python-agent-podman +Adds Podman support and configuration files to ironic-python-agent-ramdisk. + +## Compatibility +This DIB element currently supports Debian-based images only. Additional +distribution support may be added in the future. + +## ironic-python-agent-config +allow_arbitrary_containers: +- Description: Defines whether arbitrary containers are allowed. +Set to true or false. +- Environment Variable: `DIB_ALLOW_ARBITRARY_CONTAINERS` +- Default: `false` + +allowed_containers: +- Description: Specifies a list of allowed container image URLs +(ex "image1-url,image2-url"). +- Environment Variable: `DIB_ALLOWED_CONTAINERS` +- Default: Empty string (`""`) + +container_steps_file: + +- Description: Specifies the path in the ram to the YAML file containing + container steps to be executed. +- Environment Variable: `DIB_CONTAINER_STEPS_FILE` +- Default: `/etc/ironic-python-agent.d/mysteps.yaml` + +runner: + +- Description: Defines the container runtime to use, such as podman or docker. +- Environment Variable: `DIB_RUNNER` +- Default: `podman` + +pull_options: + +- Description: Container pull options (e.g., --tls-verify=false). +- Environment Variable: `DIB_PULL_OPTIONS` +- Default: `--tls-verify=false` + +run_options: + +- Description: Options passed when running the container +(e.g., --rm --network=host). +- Environment Variable: `DIB_RUN_OPTIONS` +- Default: `--rm --network=host --tls-verify=false` + +## ironic-python-agent-podman +podman_conf_file: +- Description: The path to the configuration file created in the RAM +- Environment Variable: `DIB_PODMAN_CONF_FILE` +- Default `/etc/containers/containers.conf` + +## ironic-python-agent-steps +steps_file_path: +- Description: Path to the local stepfile to be copied to the RAM +- Environment Variable: `DIB_STEPS_FILE_PATH` +- Default `/etc/mysteps.yaml` + +### Example mysteps.yaml +``` +steps: + - name: manage_container_cleanup + image: docker://172.24.4.1:5000/cleaning-image:latest + interface: deploy + reboot_requested: true + pull_options: + - --tls-verify=false + run_options: + - --rm + - --network=host + - --tls-verify=false + abortable: true + priority: 20 + - name: manage_container_cleanup2 + image: docker://172.24.4.1:5000/cleaning-image2:latest + interface: deploy + reboot_requested: true + pull_options: + - --tls-verify=false + run_options: + - --rm + - --network=host + - --tls-verify=false + abortable: true + priority: 10 + +``` + +### Customization +You can override any of the default values by setting the corresponding +environment variables during the build process. This allows the configuration +to be dynamically adapted without modifying the script. diff --git a/dib/element/ironic-python-agent-podman/element-deps b/dib/element/ironic-python-agent-podman/element-deps new file mode 100644 index 0000000..4d40321 --- /dev/null +++ b/dib/element/ironic-python-agent-podman/element-deps @@ -0,0 +1,2 @@ +ironic-python-agent-ramdisk +package-installs diff --git a/dib/element/ironic-python-agent-podman/environment.d/10-setup.bash b/dib/element/ironic-python-agent-podman/environment.d/10-setup.bash new file mode 100644 index 0000000..45de054 --- /dev/null +++ b/dib/element/ironic-python-agent-podman/environment.d/10-setup.bash @@ -0,0 +1,21 @@ +# Podman Config +PODMAN_CONF_INSIDEDIR=/etc/containers + +export PODMAN_CONF_FILE=${DIB_IPA_PODMAN_CONF_FILE:-$TMP_BUILD_DIR/mnt/$PODMAN_CONF_INSIDEDIR/containers.conf} + +# Ipa Config +IPA_CONF_INSIDEDIR=/etc/ironic-python-agent.d +export IPA_CONFFILE=$TMP_BUILD_DIR/mnt/$IPA_CONF_INSIDEDIR/ironic_python_agent.conf + +export ALLOW_ARBITRARY_CONTAINERS="${DIB_ALLOW_ARBITRARY_CONTAINERS:-false}" +export ALLOWED_CONTAINERS="${DIB_ALLOWED_CONTAINERS:-""}" +export CONTAINER_STEPS_FILE="${DIB_CONTAINER_STEPS_FILE:-/etc/ironic-python-agent.d/mysteps.yaml}" +export RUNNER="${DIB_RUNNER:-podman}" +export PULL_OPTIONS="${DIB_PULL_OPTIONS:---tls-verify=false}" +export RUN_OPTIONS="${DIB_RUN_OPTIONS:---rm --network=host --tls-verify=false}" + +# Steps Config +STEPS_INSIDEDIR=/etc/ironic-python-agent.d +export STEPS_FILE=$TMP_BUILD_DIR/mnt/$STEPS_INSIDEDIR/mysteps.yaml + +export STEPS_FILE_PATH="${DIB_STEPS_FILE_PATH:-/etc/mysteps.yaml}" diff --git a/dib/element/ironic-python-agent-podman/package-installs.yaml b/dib/element/ironic-python-agent-podman/package-installs.yaml new file mode 100644 index 0000000..fd2bc64 --- /dev/null +++ b/dib/element/ironic-python-agent-podman/package-installs.yaml @@ -0,0 +1,2 @@ +podman: + phase: install.d diff --git a/dib/element/ironic-python-agent-podman/pre-finalise.d/10-ipa-podman-config b/dib/element/ironic-python-agent-podman/pre-finalise.d/10-ipa-podman-config new file mode 100755 index 0000000..f4ce6d8 --- /dev/null +++ b/dib/element/ironic-python-agent-podman/pre-finalise.d/10-ipa-podman-config @@ -0,0 +1,10 @@ +#!/bin/bash + +# Ensure the directory exists +sudo mkdir -p $(dirname $PODMAN_CONF_FILE) + +# Create Podman configuration file inside the ramdisk with sudo tee +echo "[engine] +no_pivot_root = true" | sudo tee $PODMAN_CONF_FILE > /dev/null + +echo "Podman configuration written to $PODMAN_CONF_FILE" diff --git a/dib/element/ironic-python-agent-podman/pre-finalise.d/20-ipa-config b/dib/element/ironic-python-agent-podman/pre-finalise.d/20-ipa-config new file mode 100755 index 0000000..8eb5e2a --- /dev/null +++ b/dib/element/ironic-python-agent-podman/pre-finalise.d/20-ipa-config @@ -0,0 +1,17 @@ +#!/bin/bash + +# Ensure the directory exists +sudo mkdir -p $(dirname $IPA_CONFFILE) + +# Write the configuration inside the ramdisk +cat <