Rework amphora agent installation element
Merge source and RHEL elements, allowing both source and package based installations. Allow amphora agent install from distribution packages (not limited to RHEL) Add a new option to diskimage-create.sh script to do so (default is kept to source installation from Octavia git tree) For now, amphorae built with distribution packages will have SELinux (when available) running in permissive mode. Made the rebind-sshd element generic to streamline the script Use POSIX syntax for logrotate kill command Change-Id: I391b2a95d54c7b9fd8f31d3e2c136ff9cc3451f1
This commit is contained in:
parent
3acd40e413
commit
d43d3fce86
@ -85,6 +85,7 @@ Command syntax:
|
||||
'-i' is the base OS (default: ubuntu)
|
||||
'-n' disable sshd (default: enabled)
|
||||
'-o' is the output image file name
|
||||
'-p' install amphora-agent from distribution packages (default: disabled)"
|
||||
'-r' enable the root account in the generated image (default: disabled)
|
||||
'-s' is the image size to produce in gigabytes (default: 2)
|
||||
'-t' is the image type (default: qcow2)
|
||||
@ -130,6 +131,36 @@ OCTAVIA_REPO_PATH
|
||||
- Default: <directory above the script location>
|
||||
- Reference: https://github.com/openstack/octavia
|
||||
|
||||
Using distribution packages for amphora agent
|
||||
---------------------------------------------
|
||||
By default, amphora agent is installed from Octavia Git repository.
|
||||
To use distribution packages, use the "-p" option.
|
||||
|
||||
Note this needs a base system image with the required repositories enabled (for
|
||||
example RDO repositories for CentOS/Fedora). One of these variables must be
|
||||
set:
|
||||
|
||||
DIB_LOCAL_IMAGE
|
||||
- Path to the locally downloaded image
|
||||
- Default: None
|
||||
|
||||
DIB_CLOUD_IMAGES
|
||||
- Directory base URL to download the image from
|
||||
- Default: depends on the distribution
|
||||
|
||||
For example to build a CentOS 7 amphora with Pike RPM packages:
|
||||
.. code:: bash
|
||||
|
||||
# Get image
|
||||
$ wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
|
||||
|
||||
# Add repository
|
||||
$ virt-customize -a CentOS-7-x86_64-GenericCloud.qcow2 --selinux-relabel --run-command 'yum install -y centos-release-openstack-pike'
|
||||
|
||||
# Point to modified image and run script
|
||||
$ export DIB_LOCAL_IMAGE=/home/stack/CentOS-7-x86_64-GenericCloud.qcow2
|
||||
$ ./diskimage-create.sh -p -i centos
|
||||
|
||||
RHEL specific variables
|
||||
------------------------
|
||||
Building a RHEL-based image requires:
|
||||
|
@ -23,11 +23,12 @@ usage() {
|
||||
echo " [-a i386 | **amd64** | armhf ]"
|
||||
echo " [-b **haproxy** ]"
|
||||
echo " [-c **~/.cache/image-create** | <cache directory> ]"
|
||||
echo " [-d **xenial** | trusty | <other release id> ]"
|
||||
echo " [-d **xenial**/**7** | trusty | <other release id> ]"
|
||||
echo " [-h]"
|
||||
echo " [-i **ubuntu** | fedora | centos | rhel ]"
|
||||
echo " [-n]"
|
||||
echo " [-o **amphora-x64-haproxy** | <filename> ]"
|
||||
echo " [-p]"
|
||||
echo " [-r <root password> ]"
|
||||
echo " [-s **2** | <size in GB> ]"
|
||||
echo " [-t **qcow2** | tar | vhd ]"
|
||||
@ -42,6 +43,7 @@ usage() {
|
||||
echo " '-i' is the base OS (default: ubuntu)"
|
||||
echo " '-n' disable sshd (default: enabled)"
|
||||
echo " '-o' is the output image file name"
|
||||
echo " '-p' install amphora-agent from distribution packages (default: disabled)"
|
||||
echo " '-r' enable the root account in the generated image (default: disabled)"
|
||||
echo " '-s' is the image size to produce in gigabytes (default: 2)"
|
||||
echo " '-t' is the image type (default: qcow2)"
|
||||
@ -76,7 +78,7 @@ if [ -z $OCTAVIA_REPO_PATH ]; then
|
||||
fi
|
||||
dib_enable_tracing=
|
||||
|
||||
while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do
|
||||
while getopts "a:b:c:d:hi:no:pt:r:s:vw:x" opt; do
|
||||
case $opt in
|
||||
a)
|
||||
AMP_ARCH=$OPTARG
|
||||
@ -120,6 +122,9 @@ while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do
|
||||
o)
|
||||
AMP_OUTPUTFILENAME=$(readlink -f $OPTARG)
|
||||
;;
|
||||
p)
|
||||
export DIB_INSTALLTYPE_amphora_agent=package
|
||||
;;
|
||||
t)
|
||||
AMP_IMAGETYPE=$OPTARG
|
||||
if [ $AMP_IMAGETYPE != "qcow2" ] && \
|
||||
@ -169,8 +174,8 @@ AMP_BASEOS=${AMP_BASEOS:-"ubuntu"}
|
||||
|
||||
if [ "$AMP_BASEOS" = "ubuntu" ]; then
|
||||
export DIB_RELEASE=${AMP_DIB_RELEASE:-"xenial"}
|
||||
else
|
||||
export DIB_RELEASE=${AMP_DIB_RELEASE}
|
||||
elif [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
|
||||
export DIB_RELEASE=${AMP_DIB_RELEASE:-"7"}
|
||||
fi
|
||||
|
||||
AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy"}
|
||||
@ -299,14 +304,11 @@ pushd $TEMP > /dev/null
|
||||
|
||||
# Setup the elements list
|
||||
|
||||
if [ "$AMP_BASEOS" = "ubuntu" ]; then
|
||||
AMP_element_sequence=${AMP_element_sequence:-"base vm ubuntu"}
|
||||
elif [ "$AMP_BASEOS" = "fedora" ]; then
|
||||
AMP_element_sequence=${AMP_element_sequence:-"base vm fedora selinux-permissive"}
|
||||
elif [ "$AMP_BASEOS" = "centos" ]; then
|
||||
AMP_element_sequence=${AMP_element_sequence:-"base vm centos7 selinux-permissive"}
|
||||
elif [ "$AMP_BASEOS" = "rhel" ]; then
|
||||
AMP_element_sequence=${AMP_element_sequence:-"base vm rhel7 selinux-permissive"}
|
||||
AMP_element_sequence=${AMP_element_sequence:-"base vm"}
|
||||
if [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
|
||||
AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}${DIB_RELEASE}"
|
||||
else
|
||||
AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}"
|
||||
fi
|
||||
|
||||
# Add our backend element (haproxy, etc.)
|
||||
@ -318,17 +320,11 @@ if [ "$AMP_ROOTPW" ]; then
|
||||
fi
|
||||
|
||||
# Add the Amphora Agent and Pyroute elements
|
||||
if [ "$AMP_BASEOS" = "ubuntu" ]; then
|
||||
AMP_element_sequence="$AMP_element_sequence rebind-sshd"
|
||||
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
|
||||
AMP_element_sequence="$AMP_element_sequence amphora-agent"
|
||||
elif [ "$AMP_BASEOS" = "rhel" ]; then
|
||||
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
|
||||
AMP_element_sequence="$AMP_element_sequence amphora-agent-rhel"
|
||||
else
|
||||
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
|
||||
AMP_element_sequence="$AMP_element_sequence amphora-agent"
|
||||
fi
|
||||
AMP_element_sequence="$AMP_element_sequence rebind-sshd"
|
||||
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
|
||||
AMP_element_sequence="$AMP_element_sequence amphora-agent"
|
||||
#TODO(bcafarel): make this conditional
|
||||
AMP_element_sequence="$AMP_element_sequence selinux-permissive"
|
||||
|
||||
# Add keepalived-octavia element
|
||||
AMP_element_sequence="$AMP_element_sequence keepalived-octavia"
|
||||
|
@ -1 +0,0 @@
|
||||
Element to install an Octavia Amphora agent on RHEL systems.
|
@ -1 +0,0 @@
|
||||
package-installs
|
@ -1 +0,0 @@
|
||||
openstack-octavia-amphora-agent:
|
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
systemctl enable octavia-amphora-agent
|
@ -1,3 +1,8 @@
|
||||
Element to install an Octavia Amphora agent.
|
||||
|
||||
By default, it installs the agent from source. To enable installation from
|
||||
distribution repositories, define the following:
|
||||
export DIB_INSTALLTYPE_amphora_agent=package
|
||||
|
||||
Note: this requires a system base image modified to include OpenStack
|
||||
repositories
|
||||
|
@ -1,5 +1,6 @@
|
||||
dib-init-system
|
||||
install-static
|
||||
package-installs
|
||||
pkg-map
|
||||
pip-and-virtualenv
|
||||
source-repositories
|
||||
svc-map
|
||||
|
@ -1,18 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent
|
||||
|
||||
# Accommodate centos default install location
|
||||
ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true
|
||||
|
||||
mkdir /etc/octavia
|
||||
# we assume certs, etc will come in through the config drive
|
||||
mkdir /etc/octavia/certs
|
||||
mkdir -p /var/lib/octavia
|
||||
|
@ -0,0 +1,37 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
SCRIPTDIR=$(dirname $0)
|
||||
|
||||
pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent
|
||||
|
||||
# Accommodate centos default install location
|
||||
ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true
|
||||
|
||||
mkdir /etc/octavia
|
||||
# we assume certs, etc will come in through the config drive
|
||||
mkdir /etc/octavia/certs
|
||||
mkdir -p /var/lib/octavia
|
||||
|
||||
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.logrotate /etc/logrotate.d/amphora-agent
|
||||
|
||||
case "$DIB_INIT_SYSTEM" in
|
||||
upstart)
|
||||
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.conf /etc/init/amphora-agent.conf
|
||||
;;
|
||||
systemd)
|
||||
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.service /usr/lib/systemd/system/amphora-agent.service
|
||||
;;
|
||||
sysv)
|
||||
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.init /etc/init.d/amphora-agent.init
|
||||
;;
|
||||
*)
|
||||
echo "Unsupported init system"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
@ -0,0 +1,14 @@
|
||||
/var/log/amphora-agent.log {
|
||||
daily
|
||||
rotate 10
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
delaycompress
|
||||
sharedscripts
|
||||
postrotate
|
||||
# Signal name shall not have the SIG prefix in kill command
|
||||
# http://pubs.opengroup.org/onlinepubs/9699919799/utilities/kill.html
|
||||
kill -s USR1 $(cat /var/run/amphora-agent.pid)
|
||||
endscript
|
||||
}
|
@ -1,4 +1,10 @@
|
||||
amphora-agent:
|
||||
installtype: package
|
||||
build-essential:
|
||||
installtype: source
|
||||
libffi-dev:
|
||||
installtype: source
|
||||
libssl-dev:
|
||||
installtype: source
|
||||
python-dev:
|
||||
installtype: source
|
||||
|
10
elements/amphora-agent/pkg-map
Normal file
10
elements/amphora-agent/pkg-map
Normal file
@ -0,0 +1,10 @@
|
||||
{
|
||||
"family": {
|
||||
"redhat": {
|
||||
"amphora-agent": "openstack-octavia-amphora-agent"
|
||||
}
|
||||
},
|
||||
"default": {
|
||||
"amphora-agent": "amphora-agent"
|
||||
}
|
||||
}
|
@ -3,9 +3,10 @@
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
if [[ -f /bin/systemctl ]]; then
|
||||
/bin/systemctl enable amphora-agent
|
||||
if [ "$DIB_INIT_SYSTEM" == "systemd" ]; then
|
||||
systemctl enable $(svc-map amphora-agent)
|
||||
fi
|
||||
|
@ -1,3 +1,3 @@
|
||||
# This is temporary until we have a pip package
|
||||
# This is used for source-based builds
|
||||
amphora-agent git /opt/amphora-agent https://git.openstack.org/openstack/octavia
|
||||
upper-constraints file /opt/upper-constraints.txt https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt
|
||||
|
@ -1,12 +0,0 @@
|
||||
/var/log/amphora-agent.log {
|
||||
daily
|
||||
rotate 10
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
delaycompress
|
||||
sharedscripts
|
||||
postrotate
|
||||
kill -s SIGUSR1 $(cat /var/run/amphora-agent.pid)
|
||||
endscript
|
||||
}
|
@ -1,2 +1,3 @@
|
||||
amphora-agent:
|
||||
default: amphora-agent
|
||||
redhat: octavia-amphora-agent
|
||||
|
@ -1,5 +1,9 @@
|
||||
#!/bin/bash
|
||||
echo '#!/bin/sh
|
||||
|
||||
# isc dhcpd specific section
|
||||
if [[ $DISTRO_NAME = "ubuntu" || $DISTRO_NAME = "debian" ]]; then
|
||||
|
||||
echo '#!/bin/sh
|
||||
if [ "$reason" = "BOUND" ]; then
|
||||
if `grep -q "#ListenAddress 0.0.0.0" /etc/ssh/sshd_config`; then
|
||||
/bin/sed -i "s/^#ListenAddress 0.0.0.0.*$/ListenAddress $new_ip_address/g" /etc/ssh/sshd_config
|
||||
@ -8,4 +12,5 @@ if [ "$reason" = "BOUND" ]; then
|
||||
fi
|
||||
fi
|
||||
fi' > /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
|
||||
chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
|
||||
chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user