openstack/loci
Code Issues Proposed changes

Use zuul-jobs roles for building images

Browse Source 
Later will add jobs to test images with Openstack-Helm
before publishing them.

Change-Id: I1c173350ddd92d31b5a691a6e3820d655a8c1aee
This commit is contained in:
Vladimir Kozhukalov 2024-09-21 05:56:19 -05:00
parent 047353213d
commit 54fc5a3838
57 changed files with 764 additions and 754 deletions

41
.zuul.d/2023.1-ubuntu_focal.yaml Normal file

@ -0,0 +1,41 @@
- job:
name: loci-build-2023-1-ubuntu_focal
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
vars: &vars
vars_files:
- vars_2023.1.yaml
- job:
name: loci-upload-2023-1-ubuntu_focal
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
post-run:
- playbooks/upload.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
- job:
name: loci-promote-2023-1-ubuntu_focal
run:
- playbooks/promote.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
nodeset:
nodes: []

41
.zuul.d/2024.1-ubuntu_jammy.yaml Normal file

@ -0,0 +1,41 @@
- job:
name: loci-build-2024-1-ubuntu_jammy
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
vars: &vars
vars_files:
- vars_2024.1.yaml
- job:
name: loci-upload-2024-1-ubuntu_jammy
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
post-run:
- playbooks/upload.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
- job:
name: loci-promote-2024-1-ubuntu_jammy
run:
- playbooks/promote.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
nodeset:
nodes: []

41
.zuul.d/2024.2-ubuntu_jammy.yaml Normal file

@ -0,0 +1,41 @@
- job:
name: loci-build-2024-2-ubuntu_jammy
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
vars: &vars
vars_files:
- vars_2024.2.yaml
- job:
name: loci-upload-2024-2-ubuntu_jammy
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
post-run:
- playbooks/upload.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
- job:
name: loci-promote-2024-2-ubuntu_jammy
run:
- playbooks/promote.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
nodeset:
nodes: []

10
.zuul.d/base.yaml

@ -1,7 +1,5 @@
- job:
nodeset: loci-1node-ubuntu_jammy
name: loci-base
pre-run: playbooks/setup-gate.yaml
run: playbooks/loci-builder.yaml
post-run: playbooks/post.yaml
timeout: 5400
name: loci-buildset-registry
parent: opendev-buildset-registry
timeout: 10800
voting: false

27
.zuul.d/cinder.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-cinder
gate:
jobs:
- loci-cinder
post:
jobs:
- publish-loci-cinder
- job:
name: loci-cinder
parent: loci-base
vars:
project: cinder
required-projects:
- openstack/loci
- openstack/requirements
- openstack/cinder
- job:
name: publish-loci-cinder
parent: loci-cinder
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/glance.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-glance
gate:
jobs:
- loci-glance
post:
jobs:
- publish-loci-glance
- job:
name: loci-glance
parent: loci-base
vars:
project: glance
required-projects:
- openstack/loci
- openstack/requirements
- openstack/glance
- job:
name: publish-loci-glance
parent: loci-glance
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/heat.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-heat
gate:
jobs:
- loci-heat
post:
jobs:
- publish-loci-heat
- job:
name: loci-heat
parent: loci-base
vars:
project: heat
required-projects:
- openstack/loci
- openstack/requirements
- openstack/heat
- job:
name: publish-loci-heat
parent: loci-heat
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/horizon.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-horizon
gate:
jobs:
- loci-horizon
post:
jobs:
- publish-loci-horizon
- job:
name: loci-horizon
parent: loci-base
vars:
project: horizon
required-projects:
- openstack/loci
- openstack/requirements
- openstack/horizon
- job:
name: publish-loci-horizon
parent: loci-horizon
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/ironic.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-ironic
gate:
jobs:
- loci-ironic
post:
jobs:
- publish-loci-ironic
- job:
name: loci-ironic
parent: loci-base
vars:
project: ironic
required-projects:
- openstack/loci
- openstack/requirements
- openstack/ironic
- job:
name: publish-loci-ironic
parent: loci-ironic
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/keystone.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-keystone
gate:
jobs:
- loci-keystone
post:
jobs:
- publish-loci-keystone
- job:
name: loci-keystone
parent: loci-base
vars:
project: keystone
required-projects:
- openstack/loci
- openstack/requirements
- openstack/keystone
- job:
name: publish-loci-keystone
parent: loci-keystone
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

29
.zuul.d/manila.yaml

@ -1,29 +0,0 @@
- project:
check:
jobs:
- loci-manila
gate:
jobs:
- loci-manila
post:
jobs:
- publish-loci-manila
- job:
name: loci-manila
parent: loci-base
vars:
project: manila
eol:
- ocata
required-projects:
- openstack/loci
- openstack/requirements
- openstack/manila
- job:
name: publish-loci-manila
parent: loci-manila
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

41
.zuul.d/master-ubuntu_jammy.yaml Normal file

@ -0,0 +1,41 @@
- job:
name: loci-build-master-ubuntu_jammy
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
vars: &vars
vars_files:
- vars_master.yaml
- job:
name: loci-upload-master-ubuntu_jammy
timeout: 10800
dependencies:
- name: loci-buildset-registry
pre-run:
- playbooks/inject-keys.yaml
- playbooks/pre-build.yaml
run:
- playbooks/build.yaml
post-run:
- playbooks/upload.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
- job:
name: loci-promote-master-ubuntu_jammy
run:
- playbooks/promote.yaml
vars: *vars
secrets:
name: docker_credentials
secret: loci_docker_login
nodeset:
nodes: []

27
.zuul.d/monasca.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-monasca-api
gate:
jobs:
- loci-monasca-api
post:
jobs:
- publish-loci-monasca-api
- job:
name: loci-monasca-api
parent: loci-base
vars:
project: monasca-api
required-projects:
- openstack/loci
- openstack/requirements
- openstack/monasca-api
- job:
name: publish-loci-monasca-api
parent: loci-monasca-api
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/neutron.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-neutron
gate:
jobs:
- loci-neutron
post:
jobs:
- publish-loci-neutron
- job:
name: loci-neutron
parent: loci-base
vars:
project: neutron
required-projects:
- openstack/loci
- openstack/requirements
- openstack/neutron
- job:
name: publish-loci-neutron
parent: loci-neutron
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

9
.zuul.d/nodesets.yaml

@ -1,9 +0,0 @@
- nodeset:
name: loci-1node-ubuntu_jammy
nodes:
- name: primary
label: ubuntu-jammy
groups:
- name: primary
nodes:
- primary

27
.zuul.d/nova.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-nova
gate:
jobs:
- loci-nova
post:
jobs:
- publish-loci-nova
- job:
name: loci-nova
parent: loci-base
vars:
project: nova
required-projects:
- openstack/loci
- openstack/requirements
- openstack/nova
- job:
name: publish-loci-nova
parent: loci-nova
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

29
.zuul.d/octavia.yaml

@ -1,29 +0,0 @@
- project:
check:
jobs:
- loci-octavia
gate:
jobs:
- loci-octavia
post:
jobs:
- publish-loci-octavia
- job:
name: loci-octavia
parent: loci-base
vars:
project: octavia
eol:
- ocata
required-projects:
- openstack/loci
- openstack/requirements
- openstack/octavia
- job:
name: publish-loci-octavia
parent: loci-octavia
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

27
.zuul.d/placement.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-placement
gate:
jobs:
- loci-placement
post:
jobs:
- publish-loci-placement
- job:
name: loci-placement
parent: loci-base
vars:
project: placement
required-projects:
- openstack/loci
- openstack/requirements
- openstack/placement
- job:
name: publish-loci-placement
parent: loci-placement
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

21
.zuul.d/project.yaml Normal file

@ -0,0 +1,21 @@
- project:
check:
jobs:
- loci-buildset-registry
- loci-build-2023-1-ubuntu_focal
- loci-build-2024-1-ubuntu_jammy
- loci-build-2024-2-ubuntu_jammy
- loci-build-master-ubuntu_jammy
gate:
jobs:
- loci-buildset-registry
- loci-upload-2023-1-ubuntu_focal
- loci-upload-2024-1-ubuntu_jammy
- loci-upload-2024-2-ubuntu_jammy
- loci-upload-master-ubuntu_jammy
promote:
jobs:
- loci-promote-2023-1-ubuntu_focal
- loci-promote-2024-1-ubuntu_jammy
- loci-promote-2024-2-ubuntu_jammy
- loci-promote-master-ubuntu_jammy

27
.zuul.d/requirements.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-requirements
gate:
jobs:
- loci-requirements
post:
jobs:
- publish-loci-requirements
- job:
name: loci-requirements
parent: loci-base
timeout: 3600
vars:
project: requirements
required-projects:
- openstack/loci
- openstack/requirements
- job:
name: publish-loci-requirements
parent: loci-requirements
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

2
.zuul.d/secrets.yaml

@ -1,7 +1,7 @@
- secret:
name: loci_docker_login
data:
user: !encrypted/pkcs1-oaep
username: !encrypted/pkcs1-oaep
- r8Nbpq5olmfLF035BZ/CUoFLIdhvBi/49KuochOAHbvns+xMiho3C7MEFzYDqJX3IhHde
BICYOgK7qnyINOIZL2e7pl75rEdHQwJjSFUMkpdY6wEP7f9hpolj9xVp0ifHUVQqPHMRn
zoPFd8MEAHxH5GLmc2SWJ98E/QUqGltxBi1YRSZoCcNtq3tHFK5Y+xQlLhIseJ2HkpDs6

27
.zuul.d/watcher.yaml

@ -1,27 +0,0 @@
- project:
check:
jobs:
- loci-watcher
gate:
jobs:
- loci-watcher
post:
jobs:
- publish-loci-watcher
- job:
name: loci-watcher
parent: loci-base
vars:
project: watcher
required-projects:
- openstack/loci
- openstack/requirements
- openstack/watcher
- job:
name: publish-loci-watcher
parent: loci-watcher
post-run: playbooks/push.yaml
secrets:
- loci_docker_login

4
Dockerfile

@ -1,9 +1,9 @@
ARG FROM=ubuntu:focal
ARG FROM=ubuntu:jammy
FROM ${FROM}
ENV PATH=/var/lib/openstack/bin:$PATH
ARG PROJECT
ARG WHEELS=loci/requirements:master-ubuntu
ARG WHEELS=loci/requirements:master-ubuntu_jammy
ARG PROJECT_REPO=https://opendev.org/openstack/${PROJECT}
ARG PROJECT_REF=master
ARG PROJECT_RELEASE=master

65
README.md

@ -3,19 +3,6 @@
OpenStack LOCI is a project designed to quickly build Lightweight OCI
compatible images of OpenStack services.
Currently we build and gate images for the following OpenStack projects:
* [Cinder](https://github.com/openstack/cinder)
* [Glance](https://github.com/openstack/glance)
* [Heat](https://github.com/openstack/heat)
* [Horizon](https://github.com/openstack/horizon)
* [Ironic](https://github.com/openstack/ironic)
* [Keystone](https://github.com/openstack/keystone)
* [Neutron](https://github.com/openstack/neutron)
* [Nova](https://github.com/openstack/nova)
* [Octavia](https://github.com/openstack/octavia)
* [Manila](https://github.com/openstack/manila)
Additionally, we produce a "wheels" image for
[requirements](https://github.com/openstack/requirements) containing all of the
packages listed in upper-constraints.txt.
@ -23,14 +10,6 @@ packages listed in upper-constraints.txt.
The instructions below can be used for any OpenStack service currently targeted
by LOCI. For simplicity, we will continue to use Keystone as an example.
### Keystone Image Layer Info
CentOS: [![](https://images.microbadger.com/badges/version/loci/keystone:master-centos.svg)](https://microbadger.com/images/loci/keystone:master-centos "loci/keystone:master-centos") [![](https://images.microbadger.com/badges/image/loci/keystone:master-centos.svg)](https://microbadger.com/images/loci/keystone:master-centos "loci/keystone:master-centos")
Ubuntu: [![](https://images.microbadger.com/badges/version/loci/keystone:master-ubuntu.svg)](https://microbadger.com/images/loci/keystone:master-ubuntu "loci/keystone:master-ubuntu") [![](https://images.microbadger.com/badges/image/loci/keystone:master-ubuntu.svg)](https://microbadger.com/images/loci/keystone:master-ubuntu "loci/keystone:master-ubuntu")
### Building locally
Note: To build locally, you will need a version of docker >= 17.05.0.
@ -42,29 +21,30 @@ are located in the dockerfiles directory.
It's easy to build a base image:
``` bash
$ docker build https://opendev.org/openstack/loci.git#master:dockerfiles/ubuntu_bionic \
--tag loci-base:ubuntu
$ docker build dockerfiles/ubuntu \
--build-arg FROM=ubuntu:jammy \
--build-arg CEPH_REPO='deb https://download.ceph.com/debian-reef/ jammy main' \
--tag loci-base:ubuntu_jammy
```
Then you can build the rest of the service images locally:
``` bash
$ docker build https://opendev.org/openstack/loci.git \
--build-arg FROM=loci-base:ubuntu \
$ docker build . \
--build-arg FROM=loci-base:ubuntu_jammy \
--build-arg PROJECT=keystone \
--tag loci-keystone:ubuntu
--tag loci-keystone:master-ubuntu_jammy
```
The default base distro is Ubuntu, however, you can use the following form to build from a distro of
your choice, in this case, CentOS:
The default base distro is Ubuntu Jammy, however, you can use the following form to build from a distro of your choice, in this case, CentOS:
``` bash
$ docker build https://opendev.org/openstack/loci.git#master:dockerfiles/centos \
$ docker build dockerfiles/centos \
--tag loci-base:centos
$ docker build https://opendev.org/openstack/loci.git \
$ docker build . \
--build-arg PROJECT=keystone \
--build-arg WHEELS="loci/requirements:master-centos" \
--build-arg FROM=loci-base:centos \
--tag loci-keystone:centos
--tag loci-keystone:master-centos
```
Loci will detect which base OS you're using, so if you need to add additional
@ -73,12 +53,12 @@ features to your base image the Loci build will still run.
If building behind a proxy, remember to use build arguments to pass these
through to the build:
``` bash
$ docker build https://opendev.org/openstack/loci.git \
$ docker build . \
--build-arg http_proxy=$http_proxy \
--build-arg https_proxy=$https_proxy \
--build-arg no_proxy=$no_proxy \
--build-arg PROJECT=keystone \
--tag keystone:ubuntu
--tag loci-keystone:master-ubuntu_jammy
```
For more advanced building you can use docker build arguments to define:
@ -128,29 +108,30 @@ For more advanced building you can use docker build arguments to define:
This makes it really easy to integrate LOCI images into your development or
CI/CD workflow, for example, if you wanted to build an image from [this
PS](https://review.opendev.org/#/c/418167/) you could run:
PS](https://review.opendev.org/c/openstack/keystone/+/923324/) you could run:
``` bash
$ docker build https://opendev.org/openstack/loci.git \
$ docker build . \
--build-arg PROJECT=keystone \
--tag mydockernamespace/keystone-testing:418167-1 \
--build-arg PROJECT_REF=refs/changes/67/418167/1
--build-arg PROJECT_REPO=https://review.opendev.org/openstack/keystone \
--build-arg PROJECT_REF=refs/changes/24/923324/10 \
--tag loci-keystone:923324-10
```
To build with the wheels from a private Docker registry rather than Docker Hub run:
``` bash
$ docker build https://opendev.org/openstack/loci.git \
$ docker build . \
--build-arg PROJECT=keystone \
--build-arg WHEELS=172.17.0.1:5000/mydockernamespace/keystone:ubuntu
--build-arg WHEELS=172.17.0.1:5000/mydockernamespace/requirements:master-ubuntu_jammy \
--tag loci-keystone:master-ubuntu_jammy
```
To build cinder with lvm and ceph support you would run:
``` bash
$ docker build https://opendev.org/openstack/loci.git \
$ docker build . \
--build-arg PROJECT=cinder \
--build-arg PROFILES="lvm ceph"
```
### Customizing
The images should contain all the required assets for running the service. But
if you wish or need to customize the `loci/keystone` image that's great! We
@ -159,7 +140,7 @@ do this we recommend that you perform any required customization in a child
image using a pattern similar to:
``` Dockerfile
FROM loci/keystone:master-ubuntu
FROM loci/keystone:master-ubuntu_jammy
MAINTAINER you@example.com
RUN set -x \

24
dockerfiles/ubuntu/Dockerfile Normal file

@ -0,0 +1,24 @@
ARG FROM=ubuntu:jammy
FROM ${FROM}
ARG CEPH_REPO="deb https://download.ceph.com/debian-reef/ jammy main"
ARG CEPH_KEY="https://download.ceph.com/keys/release.asc"
ARG ALLOW_UNAUTHENTICATED=false
RUN echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowDowngradeToInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";" \
>> /etc/apt/apt.conf.d/allow-unathenticated
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
gnupg2 \
wget && \
wget -q -O- ${CEPH_KEY} | apt-key add - && \
echo "${CEPH_REPO}" | tee /etc/apt/sources.list.d/ceph.list && \
apt-get remove -y wget gnupg2 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

23
dockerfiles/ubuntu_bionic/Dockerfile

@ -1,23 +0,0 @@
ARG FROM=ubuntu:bionic
FROM ${FROM}
ARG UBUNTU_URL=http://archive.ubuntu.com/ubuntu/
ARG CLOUD_ARCHIVE_URL=http://ubuntu-cloud.archive.canonical.com/ubuntu/
ARG CEPH_URL=http://download.ceph.com/debian-nautilus/
ARG ALLOW_UNAUTHENTICATED=false
ARG PIP_INDEX_URL=https://pypi.python.org/simple/
ARG PIP_TRUSTED_HOST=pypi.python.org
ENV PIP_INDEX_URL=${PIP_INDEX_URL}
ENV PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST}
COPY sources.list /etc/apt/
COPY cloud-archive.gpg ceph.gpg /etc/apt/trusted.gpg.d/
RUN sed -i \
-e "s|%%UBUNTU_URL%%|${UBUNTU_URL}|g" \
-e "s|%%CLOUD_ARCHIVE_URL%%|${CLOUD_ARCHIVE_URL}|g" \
-e "s|%%CEPH_URL%%|${CEPH_URL}|g" \
/etc/apt/sources.list
RUN echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowDowngradeToInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";" \
>> /etc/apt/apt.conf.d/allow-unathenticated

BIN
dockerfiles/ubuntu_bionic/ceph.gpg

Binary file not shown.

BIN
dockerfiles/ubuntu_bionic/cloud-archive.gpg

Binary file not shown.

6
dockerfiles/ubuntu_bionic/sources.list

@ -1,6 +0,0 @@
deb %%UBUNTU_URL%% bionic main universe
deb %%UBUNTU_URL%% bionic-updates main universe
deb %%UBUNTU_URL%% bionic-backports main universe
deb %%UBUNTU_URL%% bionic-security main universe
deb %%CEPH_URL%% bionic main
deb %%CLOUD_ARCHIVE_URL%% bionic-updates/ussuri main

23
dockerfiles/ubuntu_focal/Dockerfile

@ -1,23 +0,0 @@
ARG FROM=ubuntu:focal
FROM ${FROM}
ARG UBUNTU_URL=http://archive.ubuntu.com/ubuntu/
ARG CLOUD_ARCHIVE_URL=http://ubuntu-cloud.archive.canonical.com/ubuntu/
ARG CEPH_URL=http://download.ceph.com/debian-octopus/
ARG ALLOW_UNAUTHENTICATED=false
ARG PIP_INDEX_URL=https://pypi.python.org/simple/
ARG PIP_TRUSTED_HOST=pypi.python.org
ENV PIP_INDEX_URL=${PIP_INDEX_URL}
ENV PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST}
COPY sources.list /etc/apt/
COPY cloud-archive.gpg ceph.gpg /etc/apt/trusted.gpg.d/
RUN sed -i \
-e "s|%%UBUNTU_URL%%|${UBUNTU_URL}|g" \
-e "s|%%CLOUD_ARCHIVE_URL%%|${CLOUD_ARCHIVE_URL}|g" \
-e "s|%%CEPH_URL%%|${CEPH_URL}|g" \
/etc/apt/sources.list
RUN echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowDowngradeToInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";" \
>> /etc/apt/apt.conf.d/allow-unathenticated

BIN
dockerfiles/ubuntu_focal/ceph.gpg

Binary file not shown.

BIN
dockerfiles/ubuntu_focal/cloud-archive.gpg

Binary file not shown.

6
dockerfiles/ubuntu_focal/sources.list

@ -1,6 +0,0 @@
deb %%UBUNTU_URL%% focal main universe
deb %%UBUNTU_URL%% focal-updates main universe
deb %%UBUNTU_URL%% focal-backports main universe
deb %%UBUNTU_URL%% focal-security main universe
deb %%CEPH_URL%% focal main
deb %%CLOUD_ARCHIVE_URL%% focal-updates/yoga main

23
dockerfiles/ubuntu_jammy/Dockerfile

@ -1,23 +0,0 @@
ARG FROM=ubuntu:jammy
FROM ${FROM}
ARG UBUNTU_URL=http://archive.ubuntu.com/ubuntu/
ARG CLOUD_ARCHIVE_URL=http://ubuntu-cloud.archive.canonical.com/ubuntu/
ARG CEPH_URL=http://download.ceph.com/debian-reef/
ARG ALLOW_UNAUTHENTICATED=false
ARG PIP_INDEX_URL=https://pypi.python.org/simple/
ARG PIP_TRUSTED_HOST=pypi.python.org
ENV PIP_INDEX_URL=${PIP_INDEX_URL}
ENV PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST}
COPY sources.list /etc/apt/
COPY cloud-archive.gpg ceph.gpg /etc/apt/trusted.gpg.d/
RUN sed -i \
-e "s|%%UBUNTU_URL%%|${UBUNTU_URL}|g" \
-e "s|%%CLOUD_ARCHIVE_URL%%|${CLOUD_ARCHIVE_URL}|g" \
-e "s|%%CEPH_URL%%|${CEPH_URL}|g" \
/etc/apt/sources.list
RUN echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowDowngradeToInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";" \
>> /etc/apt/apt.conf.d/allow-unathenticated

BIN
dockerfiles/ubuntu_jammy/ceph.gpg

Binary file not shown.

BIN
dockerfiles/ubuntu_jammy/cloud-archive.gpg

Binary file not shown.

6
dockerfiles/ubuntu_jammy/sources.list

@ -1,6 +0,0 @@
deb %%UBUNTU_URL%% jammy main universe
deb %%UBUNTU_URL%% jammy-updates main universe
deb %%UBUNTU_URL%% jammy-backports main universe
deb %%UBUNTU_URL%% jammy-security main universe
deb %%CEPH_URL%% jammy main
deb %%CLOUD_ARCHIVE_URL%% jammy-updates/antelope main

14
playbooks/_return-image.yml Normal file

@ -0,0 +1,14 @@
- name: Return artifact to Zuul
zuul_return:
data:
zuul:
artifacts:
- name: "{{ zj_image.repository }}:{{ zj_image_tag }}"
url: "docker://zuul-jobs.buildset-registry:{{ buildset_registry.port }}/{{ zj_image.repository }}:{{ zj_image_tag }}"
metadata:
type: container_image
repository: "{{ zj_image.repository }}"
tag: "{{ zj_image_tag }}"
loop: "{{ zj_image.tags | default(['latest']) }}"
loop_control:
loop_var: zj_image_tag

70
playbooks/build.yaml Normal file

@ -0,0 +1,70 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all[0]
gather_facts: true
roles:
- use-buildset-registry
tasks:
- name: Vars
include_vars:
file: "vars.yaml"
- name: Job vars
include_vars:
file: "{{ item }}"
loop: "{{ vars_files }}"
- name: Ensure dep files are sorted
shell: "grep -v '^#' ./{{ item }} | sort --check"
loop:
- "bindep.txt"
- "pydep.txt"
environment:
LC_ALL: C
- name: Build base image
include_role:
name: build-docker-image
vars:
docker_images:
- "{{ base_image }}"
- name: Build requirements image
include_role:
name: build-docker-image
vars:
docker_images:
- "{{ requirements_image }}"
- name: Tag requirements image for local registry
command: "docker tag {{ requirements_image.repository }}:{{ item }} {{ local_registry }}/{{ requirements_image.repository }}:{{ item }}"
loop: "{{ requirements_image.tags }}"
- name: Push requirements image to local registry
command: "docker push {{ local_registry }}/{{ requirements_image.repository }}:{{ item }}"
loop: "{{ requirements_image.tags }}"
- name: Build project images
include_role:
name: build-docker-image
vars:
docker_images: "{{ openstack_images }}"
- name: Return images to zuul
include_tasks: _return-image.yml
loop:
- "{{ keystone_image }}"
loop_control:
loop_var: zj_image

21
playbooks/files/apache.conf

@ -1,21 +0,0 @@
User zuul
Group zuul
ErrorLog /logs/apache/error.log
TransferLog /logs/apache/access.log
LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
# 172.17.0.1 is the address we use for Docker so it will be in
# the same subnet as the internal addesses in the build containers
Listen 172.17.0.1:80
<VirtualHost 172.17.0.1:80>
SetEnv GIT_PROJECT_ROOT /home/zuul/src/opendev.org/
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
DocumentRoot /webroot
</VirtualHost>

3
playbooks/files/apache2-systemd.conf

@ -1,3 +0,0 @@
[Service]
ExecStart=
ExecStart=/usr/sbin/apache2 -f /webroot/apache.conf

3
playbooks/files/daemon.json.j2 Normal file

@ -0,0 +1,3 @@
{
"insecure-registries": [ "{{ local_registry }}" ]
}

9
playbooks/inject-keys.yaml Normal file

@ -0,0 +1,9 @@
- hosts: all
tasks:
- name: Put keys to .ssh/authorized_keys
lineinfile:
path: /home/zuul/.ssh/authorized_keys
state: present
line: "{{ item }}"
loop:
- "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMyM6sgu/Xgg+VaLJX5c6gy6ynYX7pO7XNobnKotYRulcEkmiLprvLSg+WP25VDAcSoif3rek3qiVnEYh6R2/Go= vlad@russell"

72
playbooks/loci-builder.yaml

@ -1,72 +0,0 @@
- hosts: all
tasks:
- include_vars: vars.yaml
- name: Ensure dep files are sorted
shell: "grep -v '^#' {{ loci_src_dir }}/{{ item }} | sort --check"
loop:
- "bindep.txt"
- "pydep.txt"
environment:
LC_ALL: C
- name: Gather wheels to local registry
block:
- docker_image:
name: loci/requirements
tag: "{{ item.release }}-{{ item.name }}"
repository: 172.17.0.1:5000/loci/requirements
push: yes
with_items: "{{ distros }}"
when: &condition >
supported_releases is undefined or
item.release in supported_releases
when:
- reuse_requirements | bool
- project != 'requirements'
- name: Build base images
block:
- name: "Build base image for {{ item.name }}"
docker_image:
name: base
tag: "{{ item.name }}"
source: build
build:
args: "{{ item.buildargs.base }}"
path: "{{ loci_src_dir }}/dockerfiles/{{ item.name }}"
with_items: "{{ distros }}"
when: *condition
- name: Build requirements image
block:
- name: "Build requirements image for {{ item.name }}"
docker_image:
name: loci/requirements
tag: "{{ item.release }}-{{ item.name }}"
repository: 172.17.0.1:5000/loci/requirements
push: yes
source: build
build:
args: "{{ item.buildargs.requirements }}"
path: "{{ loci_src_dir }}"
pull: no
with_items: "{{ distros }}"
when: *condition
when:
- (not reuse_requirements) | bool
- project != 'requirements'
- name: Build project images
block:
- name: "Build {{ project }} image for {{ item.name }}"
docker_image:
name: loci/{{ project }}
tag: "{{ item.release }}-{{ item.name }}"
source: build
build:
args: "{{ item.buildargs.project }}"
path: "{{ loci_src_dir }}"
pull: no
with_items: "{{ distros }}"
when: *condition

7
playbooks/post.yaml

@ -1,7 +0,0 @@
- hosts: all
tasks:
- name: Copy logs
synchronize:
src: /logs
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull

36
playbooks/pre-build.yaml Normal file

@ -0,0 +1,36 @@
- hosts: all[0]
gather_facts: true
roles:
- ensure-python
- ensure-pip
- clear-firewall
- ensure-docker
tasks:
- name: Vars
include_vars:
file: "vars.yaml"
- name: Create docker directory
become: yes
file:
state: directory
path: /etc/docker
mode: 0755
- name: Configure docker daemon
become: yes
template:
dest: /etc/docker/daemon.json
group: root
mode: 0644
owner: root
src: files/daemon.json.j2
- name: Print docker config
command: "cat /etc/docker/daemon.json"
# This is necessary to serve requirements image to fetch wheels
# during building project images
- name: Start local registry
command: "docker run -d -p {{ local_registry }}:5000 --restart always --name registry registry:2"

16
playbooks/promote.yaml Normal file

@ -0,0 +1,16 @@
- hosts: localhost
tasks:
- name: Vars
include_vars:
file: "vars.yaml"
- name: Job vars
include_vars:
file: "{{ item }}"
loop: "{{ vars_files }}"
- name: Promote images
include_role:
name: promote-docker-image
vars:
docker_images: "{{ openstack_images }}"

24
playbooks/push.yaml

@ -1,24 +0,0 @@
- hosts: all
tasks:
- include_vars: vars.yaml
- name: Push project to Docker Hub
block:
- command: docker login -u {{ loci_docker_login.user }} -p {{ loci_docker_login.password }}
no_log: True
- command: docker push loci/{{ project }}:{{ item.release }}-{{ item.name }}
with_items: "{{ distros }}"
when: &condition >
supported_releases is undefined or
item.release in supported_releases
- name: Push project to quay.io
block:
- command: docker login -u {{ loci_docker_login.user }} -p {{ loci_docker_login.password }} quay.io
no_log: True
- command: docker tag loci/{{ project }}:{{ item.release }}-{{ item.name }} quay.io/loci/{{ project }}:{{ item.release }}-{{ item.name }}
with_items: "{{ distros }}"
when: *condition
- command: docker push quay.io/loci/{{ project }}:{{ item.release }}-{{ item.name }}
with_items: "{{ distros }}"
when: *condition

45
playbooks/setup-gate.yaml

@ -1,45 +0,0 @@
- hosts: all
become: yes
roles:
- ensure-python
- ensure-pip
- clear-firewall
tasks:
- include_vars: vars.yaml
- name: Install Docker
block:
- include_role:
name: ensure-docker
- shell: |
docker run -d --name registry --restart always -p 172.17.0.1:5000:5000 docker.io/registry:2
become: True
- name: Setup http server for git repos
block:
- file:
path: "{{ item.path }}"
owner: "{{ item.owner }}"
state: directory
recurse: "{{ item.recurse | default(omit) }}"
with_items:
- path: /logs/apache/
owner: zuul
recurse: True
- path: /webroot/
owner: zuul
- path: /etc/systemd/system/apache2.service.d/
owner: root
- copy: "{{ item }}"
with_items:
- src: files/apache2-systemd.conf
dest: /etc/systemd/system/apache2.service.d/
- src: files/apache.conf
dest: /webroot/
- apt:
name:
- apache2
- gitweb
- python3-requests
become: True

17
playbooks/upload.yaml Normal file

@ -0,0 +1,17 @@
- hosts: all[0]
gather_facts: true
tasks:
- name: Vars
include_vars:
file: "vars.yaml"
- name: Job vars
include_vars:
file: "{{ item }}"
loop: "{{ vars_files }}"
- name: Upload images
include_role:
name: upload-docker-image
vars:
docker_images: "{{ openstack_images }}"

302
playbooks/vars.yaml

@ -1,58 +1,254 @@
docker_insecure_registries:
- 172.17.0.1:5000
currentdate: "{{ now(utc=True,fmt='%Y%m%d') }}"
local_registry: "172.17.0.1:5000"
base_image:
context: "."
dockerfile: "dockerfiles/ubuntu/Dockerfile"
repository: "loci/base"
tags: &tags
- "{{ image_tag }}"
- "{{ image_tag }}-{{ currentdate }}"
build_args:
- "FROM='{{ distro_image }}'"
- "CEPH_REPO='{{ ceph_repo }}'"
- "CEPH_KEY='http://download.ceph.com/keys/release.asc'"
# Setting reuse_requirements to True will use the most recent
# requirements build from the gate registry. This can save bandwidth
# and time. However, it introduces a gate race condition if a change
# is posted that updates requirements. We set to false to prefer
# correctness to speed.
reuse_requirements: False
requirements_image:
context: "."
dockerfile: "Dockerfile"
repository: "loci/requirements"
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='requirements'"
- "PROJECT_REF={{ openstack_release }}"
- "KEEP_ALL_WHEELS=yes"
# Override Zuul inference of source directory from project name to always
# use "loci".
loci_src_dir: "src/opendev.org/openstack/loci"
barbican_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/barbican
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='barbican'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
- "DIST_PACKAGES='python3-dev gcc'"
- "PIP_ARGS='--only-binary :none:'"
distros:
- name: ubuntu_focal
image: ubuntu:focal
release: "2023.1"
buildargs:
base:
UBUNTU_URL: http://{{ zuul_site_mirror_fqdn }}/ubuntu/
CLOUD_ARCHIVE_URL: http://{{ zuul_site_mirror_fqdn }}/ubuntu-cloud-archive/
CEPH_URL: http://{{ zuul_site_mirror_fqdn }}/ceph-deb-quincy/
ALLOW_UNAUTHENTICATED: "true"
PIP_INDEX_URL: http://{{ zuul_site_mirror_fqdn }}/pypi/simple
PIP_TRUSTED_HOST: "{{ zuul_site_mirror_fqdn }}"
project:
PROJECT: "{{ project }}"
PROJECT_REPO: http://172.17.0.1/git/openstack/{{ project }}
PROJECT_REF: "stable/2023.1"
WHEELS: 172.17.0.1:5000/loci/requirements:2023.1-ubuntu_focal
FROM: base:ubuntu_focal
requirements:
PROJECT: requirements
PROJECT_REPO: http://172.17.0.1/git/openstack/requirements
PROJECT_REF: "stable/2023.1"
FROM: base:ubuntu_focal
- name: ubuntu_jammy
image: ubuntu:jammy
release: master
buildargs:
base:
UBUNTU_URL: http://{{ zuul_site_mirror_fqdn }}/ubuntu/
CLOUD_ARCHIVE_URL: http://{{ zuul_site_mirror_fqdn }}/ubuntu-cloud-archive/
ALLOW_UNAUTHENTICATED: "true"
PIP_INDEX_URL: http://{{ zuul_site_mirror_fqdn }}/pypi/simple
PIP_TRUSTED_HOST: "{{ zuul_site_mirror_fqdn }}"
project:
PROJECT: "{{ project }}"
PROJECT_REPO: http://172.17.0.1/git/openstack/{{ project }}
WHEELS: 172.17.0.1:5000/loci/requirements:master-ubuntu_jammy
FROM: base:ubuntu_jammy
requirements:
PROJECT: requirements
PROJECT_REPO: http://172.17.0.1/git/openstack/requirements
FROM: base:ubuntu_jammy
cinder_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/cinder
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='cinder'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent lvm ceph qemu apache'"
- "PIP_PACKAGES='python-swiftclient'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
cyborg_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/cyborg
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='cyborg'"
- "PROJECT_REF={{ openstack_release }}"
- "DIST_PACKAGES='pciutils'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
designate_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/designate
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='designate'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
glance_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/glance
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='glance'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent ceph'"
- "PIP_PACKAGES='python-swiftclient os-brick'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
heat_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/heat
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='heat'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent apache'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
- "DIST_PACKAGES='curl'"
horizon_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/horizon
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='horizon'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent apache'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
- "PIP_PACKAGES='pymemcache'"
ironic_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/ironic
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='ironic'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent ipxe ipmi qemu tftp'"
- "DIST_PACKAGES='ethtool lshw iproute2'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
keystone_image:
context: "."
dockerfile: "Dockerfile"
repository: "loci/keystone"
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='keystone'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent apache ldap {{ openstack_release }}'"
- "PIP_PACKAGES='python-openstackclient'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
manila_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/manila
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='manila'"
- "PROJECT_REF={{ openstack_release }}"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
monasca_api_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/monasca-api
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='monasca-api'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='monasca api'"
- "PIP_PACKAGES='influxdb cassandra-driver sqlalchemy'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
neutron_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/neutron
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='neutron'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent linuxbridge openvswitch apache vpn baremetal'"
- "PIP_PACKAGES='tap-as-a-service'"
- "DIST_PACKAGES='jq ethtool lshw'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
nova_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/nova
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='nova'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='fluent ceph linuxbridge openvswitch configdrive qemu apache migration'"
- "DIST_PACKAGES='net-tools openssh-server'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
octavia_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/octavia
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='octavia'"
- "PROJECT_REF={{ openstack_release }}"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
placement_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/placement
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='placement'"
- "PROJECT_REF={{ openstack_release }}"
- "PROFILES='apache'"
- "PIP_PACKAGES='httplib2'"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
tacker_image:
context: "."
dockerfile: "Dockerfile"
repository: loci/tacker
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='tacker'"
- "PROJECT_REF={{ openstack_release }}"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"
watcher_image:
context: "."
repository: loci/watcher
tags: *tags
build_args:
- "FROM='loci/base:{{ image_tag }}'"
- "PROJECT='watcher'"
- "PROJECT_REF={{ openstack_release }}"
- "WHEELS='{{ local_registry }}/loci/requirements:{{ image_tag }}'"
- "KEEP_ALL_WHEELS=yes"

22
playbooks/vars_2023.1.yaml Normal file

@ -0,0 +1,22 @@
image_tag: "2023.1-ubunu_focal"
distro_image: "ubuntu:focal"
openstack_release: "stable/2023.1"
ceph_repo: "deb https://download.ceph.com/debian-reef/ focal main"
openstack_images:
- "{{ barbican_image }}"
- "{{ cinder_image }}"
- "{{ cyborg_image }}"
- "{{ designate_image }}"
- "{{ glance_image }}"
- "{{ heat_image }}"
- "{{ horizon_image }}"
- "{{ ironic_image }}"
- "{{ keystone_image }}"
- "{{ manila_image }}"
- "{{ monasca_api_image }}"
- "{{ neutron_image }}"
- "{{ nova_image }}"
- "{{ octavia_image }}"
- "{{ placement_image }}"
- "{{ tacker_image}}"
- "{{ watcher_image }}"

21
playbooks/vars_2024.1.yaml Normal file

@ -0,0 +1,21 @@
image_tag: "2024.1-ubunu_jammy"
distro_image: "ubuntu:jammy"
openstack_release: "stable/2024.1"
ceph_repo: "deb https://download.ceph.com/debian-reef/ jammy main"
openstack_images:
- "{{ barbican_image }}"
- "{{ cinder_image }}"
- "{{ cyborg_image }}"
- "{{ designate_image }}"
- "{{ glance_image }}"
- "{{ heat_image }}"
- "{{ horizon_image }}"
- "{{ ironic_image }}"
- "{{ keystone_image }}"
- "{{ manila_image }}"
- "{{ neutron_image }}"
- "{{ nova_image }}"
- "{{ octavia_image }}"
- "{{ placement_image }}"
- "{{ tacker_image}}"
- "{{ watcher_image }}"

21
playbooks/vars_2024.2.yaml Normal file

@ -0,0 +1,21 @@
image_tag: "2024.2-ubunu_jammy"
distro_image: "ubuntu:jammy"
openstack_release: "stable/2024.2"
ceph_repo: "deb https://download.ceph.com/debian-reef/ jammy main"
openstack_images:
- "{{ barbican_image }}"
- "{{ cinder_image }}"
- "{{ cyborg_image }}"
- "{{ designate_image }}"
- "{{ glance_image }}"
- "{{ heat_image }}"
- "{{ horizon_image }}"
- "{{ ironic_image }}"
- "{{ keystone_image }}"
- "{{ manila_image }}"
- "{{ neutron_image }}"
- "{{ nova_image }}"
- "{{ octavia_image }}"
- "{{ placement_image }}"
- "{{ tacker_image}}"
- "{{ watcher_image }}"

21
playbooks/vars_master.yaml Normal file

@ -0,0 +1,21 @@
image_tag: "master-ubunu_jammy"
distro_image: "ubuntu:jammy"
openstack_release: "master"
ceph_repo: "deb https://download.ceph.com/debian-reef/ jammy main"
openstack_images:
- "{{ barbican_image }}"
- "{{ cinder_image }}"
- "{{ cyborg_image }}"
- "{{ designate_image }}"
- "{{ glance_image }}"
- "{{ heat_image }}"
- "{{ horizon_image }}"
- "{{ ironic_image }}"
- "{{ keystone_image }}"
- "{{ manila_image }}"
- "{{ neutron_image }}"
- "{{ nova_image }}"
- "{{ octavia_image }}"
- "{{ placement_image }}"
- "{{ tacker_image}}"
- "{{ watcher_image }}"

13
scripts/fetch_wheels.py

@ -5,6 +5,8 @@ import platform
import re
import ssl
from urllib import request as urllib2
import logging
import sys
DOCKER_REGISTRY = 'registry.hub.docker.com'
@ -18,6 +20,10 @@ ARCH_MAP = {
}
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
log = logging.getLogger(__name__)
def strtobool(v):
# Clone from the now-deprecated distutils
return str(v).lower() in ("yes", "true", "t", "1")
@ -100,6 +106,7 @@ def get_sha(repo, tag, registry, protocol):
def get_blob(repo, tag, protocol, registry=DOCKER_REGISTRY):
log.info("Fetching blob from %s://%s/%s:%s", protocol, registry, repo, tag)
sha = get_sha(repo, tag, registry, protocol)
url = "{}://{}/v2/{}/blobs/{} ".format(protocol, registry, repo, sha)
print(url)
@ -113,16 +120,20 @@ def protocol_detection(registry, protocol='http'):
index = PROTOCOLS.index(protocol)
try:
url = "{}://{}".format(protocol, registry)
log.info("Trying to connect to: %s", url)
r = urllib2.Request(url)
urllib2.urlopen(r)
except (urllib2.URLError, urllib2.HTTPError) as err:
log.info("Failed to connect to %s://%s", protocol, registry)
if err.reason == 'Forbidden':
log.info("Forbidden. Protocol detected: %s", protocol)
return protocol
elif index < len(PROTOCOLS) - 1:
return protocol_detection(registry, PROTOCOLS[index + 1])
else:
raise Exception("Cannot detect protocol for registry: {} due to error: {}".format(registry, err))
else:
log.info("Protocol detected: %s", protocol)
return protocol
@ -172,6 +183,8 @@ def main():
data = get_wheels(wheels)
else:
registry, image, tag = parse_image(wheels)
log.info("Image parsed: wheels=%s registry=%s image=%s tag=%s",
wheels, registry, image, tag)
if os.environ.get('REGISTRY_PROTOCOL') in ['http', 'https']:
protocol = os.environ.get('REGISTRY_PROTOCOL')
elif os.environ.get('REGISTRY_PROTOCOL') == 'detect':

13
scripts/install.sh

@ -28,6 +28,7 @@ case ${distro} in
lsb-release \
patch \
sudo \
bind9-host \
${dpkg_python_packages[@]}
apt-get install -y --no-install-recommends \
libpython3.$(python3 -c 'import sys; print(sys.version_info.minor);')
@ -40,6 +41,7 @@ case ${distro} in
patch \
redhat-lsb-core \
sudo \
bind-utils \
${rpm_python_packages[@]}
if [[ "${PYTHON3}" != "no" ]]; then
pip3 install virtualenv
@ -51,6 +53,17 @@ case ${distro} in
;;
esac
# cat /etc/hosts
# cat /etc/resolv.conf
# echo ${BUILDSET_REGISTRY_IP} ${BUILDSET_REGISTRY_ALIAS} >> /etc/hosts
# cat /etc/hosts
# if [[ ${PROJECT} == "keystone" ]]; then
# sleep 7200
# fi
if [[ "${PROJECT}" == "requirements" ]]; then
$(dirname $0)/requirements.sh
exit 0