openstack/manila-image-elements
Code Issues Proposed changes

Init manila-service-image repo

Browse Source
This commit is contained in:
Igor Malinovskiy 2015-06-02 17:58:51 +03:00
commit c9ce644f16
23 changed files with 340 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
/*.d
*.qcow2
debug.sh
.idea

75
build.sh Executable file
View File

@ -0,0 +1,75 @@
# Defaults:
# Development options:
USE_OFFLINE_MODE=${USE_OFFLINE_MODE:-"yes"}
ENABLE_DEBUG_MODE=${ENABLE_DEBUG_MODE:-"no"}
DISABLE_IMG_COMPRESSION=${DISABLE_IMG_COMPRESSION:-"no"}
# Manila user settings
MANILA_USER=${MANILA_USER:-"manila"}
MANILA_PASSWORD=${MANILA_PASSWORD:-"manila"}
MANILA_USER_AUTHORIZED_KEYS=
# Manila image settings
MANILA_IMG_ARCH=${MANILA_IMG_ARCH:-"i386"}
MANILA_IMG_OS=${MANILA_IMG_OS:-"manila-ubuntu-core"}
MANILA_IMG_OS_VER=${MANILA_IMG_OS_VER:-"trusty"}
MANILA_IMG_NAME=${MANILA_IMG_NAME:-"ubuntu-manila-service-image.qcow2"}
# Manila features
MANILA_ENABLE_NFS_SUPPORT=${MANILA_ENABLE_NFS_SUPPORT:-"yes"}
MANILA_ENABLE_CIFS_SUPPORT=${MANILA_ENABLE_CIFS_SUPPORT:-"yes"}
# Verify configuration
# --------------------
REQUIRED_ELEMENTS="manila-ssh vm $MANILA_IMG_OS dhcp-all-interfaces devuser cleanup-kernel-initrd"
OPTIONAL_ELEMENTS=
OPTIONAL_DIB_ARGS=
if [ "$MANILA_ENABLE_CIFS_SUPPORT" != "yes" && "$MANILA_ENABLE_CIFS_SUPPORT" = "yes" ]; then
echo "You should enable NFS or CIFS support for manila image."
fi
if [ "$MANILA_ENABLE_NFS_SUPPORT" = "yes" ]; then
OPTIONAL_ELEMENTS="$OPTIONAL_ELEMENTS manila-nfs"
fi
if [ "$MANILA_ENABLE_CIFS_SUPPORT" = "yes" ]; then
OPTIONAL_ELEMENTS="$OPTIONAL_ELEMENTS manila-cifs"
fi
if [ "$USE_OFFLINE_MODE" = "yes" ]; then
OPTIONAL_DIB_ARGS="$OPTIONAL_DIB_ARGS -offline"
fi
if [ "$ENABLE_DEBUG_MODE" = "yes" ]; then
OPTIONAL_DIB_ARGS="$OPTIONAL_DIB_ARGS -x"
MANILA_USER_AUTHORIZED_KEYS=${MANILA_USER_AUTHORIZED_KEYS:-"$HOME/.ssh/id_rsa.pub"}
fi
if [ "$DISABLE_IMG_COMPRESSION" = "yes" ]; then
OPTIONAL_DIB_ARGS="$OPTIONAL_DIB_ARGS -u"
fi
if [ "$MANILA_IMG_OS" = "manila-ubuntu-core" && "$MANILA_IMG_OS_VER" != "trusty" ]; then
echo "manila-ubuntu-core doesn't support '$MANILA_IMG_OS_VER' release."
echo "Change MANILA_IMG_OS to 'ubuntu' if you need another release."
fi
# Export diskimage-builder settings
# ---------------------------------
export ELEMENTS_PATH=`pwd`/elements
export DIB_DEFAULT_INSTALLTYPE=package
export DIB_RELEASE=$MANILA_IMG_OS_VER
# User settings
export DIB_DEV_USER_USERNAME=$MANILA_USER
export DIB_DEV_USER_PWDLESS_SUDO=yes
export DIB_DEV_USER_PASSWORD=$MANILA_PASSWORD
export DIB_DEV_USER_AUTHORIZED_KEYS=$MANILA_USER_AUTHORIZED_KEYS
# Build image
# -----------
disk-image-create -a $MANILA_IMG_ARCH $OPTIONAL_DIB_ARGS -o $MANILA_IMG_NAME\
$OPTIONAL_ELEMENTS $REQUIRED_ELEMENTS

5
elements/manila-cifs/install.d/50-manila-cifs Executable file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -eu
install-packages samba samba-common samba-common-bin

10
elements/manila-cifs/post-install.d/50-manila-samba-patch-config Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# Enable registry in samba config
sed -i "s/\[global\]/\[global\]\\n\\n include = registry\\n/g" /etc/samba/smb.conf

10
elements/manila-nfs/install.d/50-manila-nfs Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# Install required packages
install-packages nfs-common nfs-kernel-server portmap

10
elements/manila-nfs/post-install.d/50-manila-nfs-patch-config Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# Patch NFS init script to allow running nfs-kernel-server without exports:
sed -i 's/\s&&\sgrep\s-q\s.*\s\$export_files$//g' /etc/init.d/nfs-kernel-server

5
elements/manila-ssh/README.rst Normal file
View File

@ -0,0 +1,5 @@
==========
manila-ssh
==========
Light-weight replacement for cloud-init.

18
elements/manila-ssh/install.d/50-fetch-public-ssh-keys Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
SCRIPTDIR=$(dirname $0)
install -D -g root -o root -m 0755 ${SCRIPTDIR}/fetch-public-ssh-keys.sh /usr/local/sbin/fetch-public-ssh-keys.sh
DIB_INIT_SYSTEM=$(dib-init-system)
if [ "$DIB_INIT_SYSTEM" == "upstart" ]; then
install -D -g root -o root -m 0755 ${SCRIPTDIR}/fetch-public-ssh-keys.conf /etc/init/fetch-public-ssh-keys.conf
else
echo "Not supported"
fi

7
elements/manila-ssh/install.d/fetch-public-ssh-keys.conf Executable file
View File

@ -0,0 +1,7 @@
description "Fetch public ssh key from Nova metadata service"
start on (started networking)
task
exec /usr/local/sbin/fetch-public-ssh-keys.sh

42
elements/manila-ssh/install.d/fetch-public-ssh-keys.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
set -x
set -eu
set -o pipefail
MANILA_USER="manila"
MANILA_USER_HOME="/home/$MANILA_USER"
MANILA_USER_SSH_DIR="$MANILA_USER_HOME/.ssh"
if [ ! -d $MANILA_USER_SSH_DIR ]; then
mkdir -p $MANILA_USER_SSH_DIR
chmod 700 $MANILA_USER_SSH_DIR
fi
# Fetch public key using HTTP
ATTEMPTS=10
FAILED=0
while [ ! -f $MANILA_USER_SSH_DIR/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/metadata-key >> $MANILA_USER_SSH_DIR/authorized_keys
chmod 0600 $MANILA_USER_SSH_DIR/authorized_keys
rm -f /tmp/metadata-key
echo "Successfully retrieved public key from instance metadata"
echo "*****************"
echo "AUTHORIZED KEYS"
echo "*****************"
cat $MANILA_USER_SSH_DIR/authorized_keys
echo "*****************"
else
FAILED=`expr $FAILED + 1`
if [ $FAILED -ge $ATTEMPTS ]; then
echo "Failed to retrieve public key from instance metadata after $FAILED attempts, quitting"
break
fi
echo "Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
sleep 5
fi
done
chown -R $MANILA_USER $MANILA_USER_SSH_DIR

10
elements/manila-ssh/post-install.d/80-update-sshd-conf Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# NOTE(u_glide): Security Warning! Use following option only for debugging purpouses
# sed -i 's/^#*PasswordAuthentication\sno/PasswordAuthentication yes/g' /etc/ssh/sshd_config

9
elements/manila-ubuntu-core/README.rst Executable file
View File

@ -0,0 +1,9 @@
==================
manila-ubuntu-core
==================
Provides minimalistic Ubuntu 14.04 LTS based on Ubuntu Core image.
Overrides:
* To use different mirrors rather than the default of archive.ubuntu.com and
security.ubuntu.com, use the environment variable DIB\_DISTRIBUTION\_MIRROR

3
elements/manila-ubuntu-core/element-deps Executable file
View File

@ -0,0 +1,3 @@
cache-url
dib-run-parts
dpkg

1
elements/manila-ubuntu-core/element-provides Executable file
View File

@ -0,0 +1 @@
operating-system

2
elements/manila-ubuntu-core/environment.d/10-ubuntu-distro-name.bash Executable file
View File

@ -0,0 +1,2 @@
export DISTRO_NAME=ubuntu
export DIB_RELEASE=${DIB_RELEASE:-trusty}

9
elements/manila-ubuntu-core/install.d/99-autoremove Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
apt-get -y autoremove

1
elements/manila-ubuntu-core/package-installs.yaml Executable file
View File

@ -0,0 +1 @@
linux-image-generic:

13
elements/manila-ubuntu-core/pre-install.d/00-install-required-packages Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
sudo sed -i -E "s/#\s(deb.+universe)$/\1/g" /etc/apt/sources.list
apt-get update
apt-get upgrade -y
apt-get install python sudo openssh-server rpcbind -y

11
elements/manila-ubuntu-core/pre-install.d/00-remove-apt-xapian-index Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# This package is broken and causes real issues on update:
# https://bugs.launchpad.net/ubuntu/+source/apt-xapian-index/+bug/1227420
apt-get --yes remove apt-xapian-index || :

18
elements/manila-ubuntu-core/pre-install.d/00-remove-grub Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# The grub post-kernel install hook will barf if the block device can't be
# found (as happens in a chroot).
# Temporarily remove grub, to avoid that confusion.
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
if dpkg-query -W grub-pc; then
apt-get -y remove grub-pc
fi
if dpkg-query -W grub2-common; then
apt-get -y remove grub2-common
fi

14
elements/manila-ubuntu-core/pre-install.d/01-set-ubuntu-mirror Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-}
[ -n "$DIB_DISTRIBUTION_MIRROR" ] || exit 0
sudo sed -ie "s&http://\(archive\|security\).ubuntu.com/ubuntu&$DIB_DISTRIBUTION_MIRROR&" \
/etc/apt/sources.list

62
elements/manila-ubuntu-core/root.d/10-cache-ubuntu-tarball Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
# These are useful, or at worst not harmful, for all images we build.
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
[ -n "$ARCH" ]
[ -n "$TARGET_ROOT" ]
shopt -s extglob
DIB_CLOUD_IMAGES=${DIB_CLOUD_IMAGES:-http://cdimage.ubuntu.com/ubuntu-core/releases/}
DIB_RELEASE="trusty" # Note(u_glide): another releases not supported/tested
DIB_RELEASE_NUM="14.04"
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-ubuntu-core-$DIB_RELEASE_NUM-core-$ARCH.tar.gz}
SHA256SUMS=${SHA256SUMS:-http://${DIB_CLOUD_IMAGES##http?(s)://}/$DIB_RELEASE/release/SHA256SUMS}
CACHED_FILE=$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE
CACHED_FILE_LOCK=$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE.lock
CACHED_SUMS=$DIB_IMAGE_CACHE/SHA256SUMS.ubuntu.$DIB_RELEASE.$ARCH
function get_ubuntu_tarball() {
if [ -n "$DIB_OFFLINE" -a -f "$CACHED_FILE" ] ; then
echo "Not checking freshness of cached $CACHED_FILE."
else
echo "Fetching Base Image"
$TMP_HOOKS_PATH/bin/cache-url $SHA256SUMS $CACHED_SUMS
$TMP_HOOKS_PATH/bin/cache-url \
$DIB_CLOUD_IMAGES/$DIB_RELEASE/release/$BASE_IMAGE_FILE $CACHED_FILE
pushd $DIB_IMAGE_CACHE
if ! grep "$BASE_IMAGE_FILE" $CACHED_SUMS | sha256sum --check - ; then
# It is likely that an upstream http(s) proxy has given us a skewed
# result - either a cached SHA file or a cached image. Use cache-busting
# to get (as long as caches are compliant...) fresh files.
# Try the sha256sum first, just in case that is the stale one (avoiding
# downloading the larger image), and then if the sums still fail retry
# the image.
$TMP_HOOKS_PATH/bin/cache-url -f $SHA256SUMS $CACHED_SUMS
if ! grep "$BASE_IMAGE_FILE" $CACHED_SUMS | sha256sum --check - ; then
$TMP_HOOKS_PATH/bin/cache-url -f \
$DIB_CLOUD_IMAGES/$DIB_RELEASE/release/$BASE_IMAGE_FILE $CACHED_FILE
grep "$BASE_IMAGE_FILE" $CACHED_SUMS | sha256sum --check -
fi
fi
popd
fi
# Extract the base image (use --numeric-owner to avoid UID/GID mismatch between
# image tarball and host OS e.g. when building Ubuntu image on an openSUSE host)
sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DIB_IMAGE_CACHE/$BASE_IMAGE_FILE
}
(
echo "Getting $CACHED_FILE_LOCK: $(date)"
# Wait up to 20 minutes for another process to download
if ! flock -w 1200 9 ; then
echo "Did not get $CACHED_FILE_LOCK: $(date)"
exit 1
fi
get_ubuntu_tarball
) 9> $CACHED_FILE_LOCK

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
diskimage-builder