Container Infrastructure Management Service for OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

104 lines
3.2 KiB

  1. #!/bin/bash
  2. set -x
  3. set +u
  4. HTTP_PROXY="$HTTP_PROXY"
  5. HTTPS_PROXY="$HTTPS_PROXY"
  6. NO_PROXY="$NO_PROXY"
  7. CONTAINER_INFRA_PREFIX="$CONTAINER_INFRA_PREFIX"
  8. HEAT_CONTAINER_AGENT_TAG="$HEAT_CONTAINER_AGENT_TAG"
  9. if [ -n "${HTTP_PROXY}" ]; then
  10. export HTTP_PROXY
  11. fi
  12. if [ -n "${HTTPS_PROXY}" ]; then
  13. export HTTPS_PROXY
  14. fi
  15. if [ -n "${NO_PROXY}" ]; then
  16. export NO_PROXY
  17. fi
  18. # Create a keypair for the heat-container-agent to
  19. # access the node over ssh. It is useful to operate
  20. # in host mount namespace and apply configuration.
  21. mkdir -p /srv/magnum/.ssh
  22. chmod 700 /srv/magnum/.ssh
  23. ssh-keygen -q -t rsa -N '' -f /srv/magnum/.ssh/heat_agent_rsa
  24. chmod 400 /srv/magnum/.ssh/heat_agent_rsa
  25. chmod 400 /srv/magnum/.ssh/heat_agent_rsa.pub
  26. # Add the public to the host authorized_keys file.
  27. cat /srv/magnum/.ssh/heat_agent_rsa.pub > /root/.ssh/authorized_keys
  28. # Add localost to know_hosts
  29. ssh-keyscan 127.0.0.1 > /srv/magnum/.ssh/known_hosts
  30. # ssh configguration file, to be specified with ssh -F
  31. cat > /srv/magnum/.ssh/config <<EOF
  32. Host localhost
  33. HostName 127.0.0.1
  34. User root
  35. IdentityFile /srv/magnum/.ssh/heat_agent_rsa
  36. UserKnownHostsFile /srv/magnum/.ssh/known_hosts
  37. EOF
  38. sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
  39. # Security enhancement: Disable password authentication
  40. sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
  41. systemctl restart sshd
  42. _prefix="${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}"
  43. if [ "$(echo $USE_PODMAN | tr '[:upper:]' '[:lower:]')" == "true" ]; then
  44. cat > /etc/systemd/system/heat-container-agent.service <<EOF
  45. [Unit]
  46. Description=Run heat-container-agent
  47. After=network-online.target
  48. Wants=network-online.target
  49. [Service]
  50. ExecStartPre=mkdir -p /var/lib/heat-container-agent
  51. ExecStartPre=mkdir -p /var/run/heat-config
  52. ExecStartPre=mkdir -p /var/run/os-collect-config
  53. ExecStartPre=mkdir -p /opt/stack/os-config-refresh
  54. ExecStartPre=mkdir -p /srv/magnum
  55. ExecStartPre=-/bin/podman kill heat-container-agent
  56. ExecStartPre=-/bin/podman rm heat-container-agent
  57. ExecStartPre=-/bin/podman pull ${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}heat-container-agent:${HEAT_CONTAINER_AGENT_TAG}
  58. ExecStart=/bin/podman run \\
  59. --name heat-container-agent \\
  60. --net=host \\
  61. --privileged \\
  62. --volume /srv/magnum:/srv/magnum \\
  63. --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\
  64. --volume /run/systemd:/run/systemd \\
  65. --volume /etc/:/etc/ \\
  66. --volume /var/lib:/var/lib \\
  67. --volume /var/run:/var/run \\
  68. --volume /var/log:/var/log \\
  69. --volume /tmp:/tmp \\
  70. --volume /dev:/dev \\
  71. --env REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt \\
  72. ${_prefix}heat-container-agent:${HEAT_CONTAINER_AGENT_TAG} \\
  73. /usr/bin/start-heat-container-agent
  74. ExecStop=/bin/podman stop heat-container-agent
  75. TimeoutStartSec=10min
  76. [Install]
  77. WantedBy=multi-user.target
  78. EOF
  79. else
  80. atomic install \
  81. --storage ostree \
  82. --system \
  83. --system-package no \
  84. --set REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt \
  85. --name heat-container-agent \
  86. "${_prefix}heat-container-agent:${HEAT_CONTAINER_AGENT_TAG}"
  87. fi
  88. systemctl enable heat-container-agent
  89. systemctl start heat-container-agent