Rework amphora agent installation element

Merge source and RHEL elements, allowing both source and package based
installations.

Allow amphora agent install from distribution packages (not limited to
RHEL)

Add a new option to diskimage-create.sh script to do so (default is kept
to source installation from Octavia git tree)

For now, amphorae built with distribution packages will have SELinux
(when available) running in permissive mode.

Made the rebind-sshd element generic to streamline the script
Use POSIX syntax for logrotate kill command

Change-Id: I391b2a95d54c7b9fd8f31d3e2c136ff9cc3451f1
This commit is contained in:
Bernard Cafarelli 2017-11-23 18:45:34 +01:00 committed by Michael Johnson
parent 3acd40e413
commit d43d3fce86
21 changed files with 136 additions and 71 deletions

View File

@ -85,6 +85,7 @@ Command syntax:
'-i' is the base OS (default: ubuntu)
'-n' disable sshd (default: enabled)
'-o' is the output image file name
'-p' install amphora-agent from distribution packages (default: disabled)"
'-r' enable the root account in the generated image (default: disabled)
'-s' is the image size to produce in gigabytes (default: 2)
'-t' is the image type (default: qcow2)
@ -130,6 +131,36 @@ OCTAVIA_REPO_PATH
- Default: <directory above the script location>
- Reference: https://github.com/openstack/octavia
Using distribution packages for amphora agent
---------------------------------------------
By default, amphora agent is installed from Octavia Git repository.
To use distribution packages, use the "-p" option.
Note this needs a base system image with the required repositories enabled (for
example RDO repositories for CentOS/Fedora). One of these variables must be
set:
DIB_LOCAL_IMAGE
- Path to the locally downloaded image
- Default: None
DIB_CLOUD_IMAGES
- Directory base URL to download the image from
- Default: depends on the distribution
For example to build a CentOS 7 amphora with Pike RPM packages:
.. code:: bash
# Get image
$ wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
# Add repository
$ virt-customize -a CentOS-7-x86_64-GenericCloud.qcow2 --selinux-relabel --run-command 'yum install -y centos-release-openstack-pike'
# Point to modified image and run script
$ export DIB_LOCAL_IMAGE=/home/stack/CentOS-7-x86_64-GenericCloud.qcow2
$ ./diskimage-create.sh -p -i centos
RHEL specific variables
------------------------
Building a RHEL-based image requires:

View File

@ -23,11 +23,12 @@ usage() {
echo " [-a i386 | **amd64** | armhf ]"
echo " [-b **haproxy** ]"
echo " [-c **~/.cache/image-create** | <cache directory> ]"
echo " [-d **xenial** | trusty | <other release id> ]"
echo " [-d **xenial**/**7** | trusty | <other release id> ]"
echo " [-h]"
echo " [-i **ubuntu** | fedora | centos | rhel ]"
echo " [-n]"
echo " [-o **amphora-x64-haproxy** | <filename> ]"
echo " [-p]"
echo " [-r <root password> ]"
echo " [-s **2** | <size in GB> ]"
echo " [-t **qcow2** | tar | vhd ]"
@ -42,6 +43,7 @@ usage() {
echo " '-i' is the base OS (default: ubuntu)"
echo " '-n' disable sshd (default: enabled)"
echo " '-o' is the output image file name"
echo " '-p' install amphora-agent from distribution packages (default: disabled)"
echo " '-r' enable the root account in the generated image (default: disabled)"
echo " '-s' is the image size to produce in gigabytes (default: 2)"
echo " '-t' is the image type (default: qcow2)"
@ -76,7 +78,7 @@ if [ -z $OCTAVIA_REPO_PATH ]; then
fi
dib_enable_tracing=
while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do
while getopts "a:b:c:d:hi:no:pt:r:s:vw:x" opt; do
case $opt in
a)
AMP_ARCH=$OPTARG
@ -120,6 +122,9 @@ while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do
o)
AMP_OUTPUTFILENAME=$(readlink -f $OPTARG)
;;
p)
export DIB_INSTALLTYPE_amphora_agent=package
;;
t)
AMP_IMAGETYPE=$OPTARG
if [ $AMP_IMAGETYPE != "qcow2" ] && \
@ -169,8 +174,8 @@ AMP_BASEOS=${AMP_BASEOS:-"ubuntu"}
if [ "$AMP_BASEOS" = "ubuntu" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"xenial"}
else
export DIB_RELEASE=${AMP_DIB_RELEASE}
elif [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
export DIB_RELEASE=${AMP_DIB_RELEASE:-"7"}
fi
AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy"}
@ -299,14 +304,11 @@ pushd $TEMP > /dev/null
# Setup the elements list
if [ "$AMP_BASEOS" = "ubuntu" ]; then
AMP_element_sequence=${AMP_element_sequence:-"base vm ubuntu"}
elif [ "$AMP_BASEOS" = "fedora" ]; then
AMP_element_sequence=${AMP_element_sequence:-"base vm fedora selinux-permissive"}
elif [ "$AMP_BASEOS" = "centos" ]; then
AMP_element_sequence=${AMP_element_sequence:-"base vm centos7 selinux-permissive"}
elif [ "$AMP_BASEOS" = "rhel" ]; then
AMP_element_sequence=${AMP_element_sequence:-"base vm rhel7 selinux-permissive"}
AMP_element_sequence=${AMP_element_sequence:-"base vm"}
if [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}${DIB_RELEASE}"
else
AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}"
fi
# Add our backend element (haproxy, etc.)
@ -318,17 +320,11 @@ if [ "$AMP_ROOTPW" ]; then
fi
# Add the Amphora Agent and Pyroute elements
if [ "$AMP_BASEOS" = "ubuntu" ]; then
AMP_element_sequence="$AMP_element_sequence rebind-sshd"
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
AMP_element_sequence="$AMP_element_sequence amphora-agent"
elif [ "$AMP_BASEOS" = "rhel" ]; then
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
AMP_element_sequence="$AMP_element_sequence amphora-agent-rhel"
else
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
AMP_element_sequence="$AMP_element_sequence amphora-agent"
fi
AMP_element_sequence="$AMP_element_sequence rebind-sshd"
AMP_element_sequence="$AMP_element_sequence no-resolvconf"
AMP_element_sequence="$AMP_element_sequence amphora-agent"
#TODO(bcafarel): make this conditional
AMP_element_sequence="$AMP_element_sequence selinux-permissive"
# Add keepalived-octavia element
AMP_element_sequence="$AMP_element_sequence keepalived-octavia"

View File

@ -1 +0,0 @@
Element to install an Octavia Amphora agent on RHEL systems.

View File

@ -1 +0,0 @@
package-installs

View File

@ -1 +0,0 @@
openstack-octavia-amphora-agent:

View File

@ -1,9 +0,0 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
systemctl enable octavia-amphora-agent

View File

@ -1,3 +1,8 @@
Element to install an Octavia Amphora agent.
By default, it installs the agent from source. To enable installation from
distribution repositories, define the following:
export DIB_INSTALLTYPE_amphora_agent=package
Note: this requires a system base image modified to include OpenStack
repositories

View File

@ -1,5 +1,6 @@
dib-init-system
install-static
package-installs
pkg-map
pip-and-virtualenv
source-repositories
svc-map

View File

@ -1,18 +0,0 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent
# Accommodate centos default install location
ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true
mkdir /etc/octavia
# we assume certs, etc will come in through the config drive
mkdir /etc/octavia/certs
mkdir -p /var/lib/octavia

View File

@ -0,0 +1,37 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
SCRIPTDIR=$(dirname $0)
pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent
# Accommodate centos default install location
ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true
mkdir /etc/octavia
# we assume certs, etc will come in through the config drive
mkdir /etc/octavia/certs
mkdir -p /var/lib/octavia
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.logrotate /etc/logrotate.d/amphora-agent
case "$DIB_INIT_SYSTEM" in
upstart)
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.conf /etc/init/amphora-agent.conf
;;
systemd)
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.service /usr/lib/systemd/system/amphora-agent.service
;;
sysv)
install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.init /etc/init.d/amphora-agent.init
;;
*)
echo "Unsupported init system"
exit 1
;;
esac

View File

@ -0,0 +1,14 @@
/var/log/amphora-agent.log {
daily
rotate 10
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
# Signal name shall not have the SIG prefix in kill command
# http://pubs.opengroup.org/onlinepubs/9699919799/utilities/kill.html
kill -s USR1 $(cat /var/run/amphora-agent.pid)
endscript
}

View File

@ -1,4 +1,10 @@
amphora-agent:
installtype: package
build-essential:
installtype: source
libffi-dev:
installtype: source
libssl-dev:
installtype: source
python-dev:
installtype: source

View File

@ -0,0 +1,10 @@
{
"family": {
"redhat": {
"amphora-agent": "openstack-octavia-amphora-agent"
}
},
"default": {
"amphora-agent": "amphora-agent"
}
}

View File

@ -3,9 +3,10 @@
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
if [[ -f /bin/systemctl ]]; then
/bin/systemctl enable amphora-agent
if [ "$DIB_INIT_SYSTEM" == "systemd" ]; then
systemctl enable $(svc-map amphora-agent)
fi

View File

@ -1,3 +1,3 @@
# This is temporary until we have a pip package
# This is used for source-based builds
amphora-agent git /opt/amphora-agent https://git.openstack.org/openstack/octavia
upper-constraints file /opt/upper-constraints.txt https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt

View File

@ -1,12 +0,0 @@
/var/log/amphora-agent.log {
daily
rotate 10
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
kill -s SIGUSR1 $(cat /var/run/amphora-agent.pid)
endscript
}

View File

@ -1,2 +1,3 @@
amphora-agent:
default: amphora-agent
redhat: octavia-amphora-agent

View File

@ -1,5 +1,9 @@
#!/bin/bash
echo '#!/bin/sh
# isc dhcpd specific section
if [[ $DISTRO_NAME = "ubuntu" || $DISTRO_NAME = "debian" ]]; then
echo '#!/bin/sh
if [ "$reason" = "BOUND" ]; then
if `grep -q "#ListenAddress 0.0.0.0" /etc/ssh/sshd_config`; then
/bin/sed -i "s/^#ListenAddress 0.0.0.0.*$/ListenAddress $new_ip_address/g" /etc/ssh/sshd_config
@ -8,4 +12,5 @@ if [ "$reason" = "BOUND" ]; then
fi
fi
fi' > /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
fi