Rework amphora agent installation element

Merge source and RHEL elements, allowing both source and package based
installations.

Allow amphora agent install from distribution packages (not limited to
RHEL)

Add a new option to diskimage-create.sh script to do so (default is kept
to source installation from Octavia git tree)

For now, amphorae built with distribution packages will have SELinux
(when available) running in permissive mode.

Made the rebind-sshd element generic to streamline the script
Use POSIX syntax for logrotate kill command

Change-Id: I391b2a95d54c7b9fd8f31d3e2c136ff9cc3451f1

diskimage-create/README.rst

@@ -85,6 +85,7 @@ Command syntax:
         '-i' is the base OS (default: ubuntu)
         '-n' disable sshd (default: enabled)
         '-o' is the output image file name
+        '-p' install amphora-agent from distribution packages (default: disabled)"
         '-r' enable the root account in the generated image (default: disabled)
         '-s' is the image size to produce in gigabytes (default: 2)
         '-t' is the image type (default: qcow2)
@@ -130,6 +131,36 @@ OCTAVIA_REPO_PATH
     - Default: <directory above the script location>
     - Reference: https://github.com/openstack/octavia
 
+Using distribution packages for amphora agent
+---------------------------------------------
+By default, amphora agent is installed from Octavia Git repository.
+To use distribution packages, use the "-p" option.
+
+Note this needs a base system image with the required repositories enabled (for
+example RDO repositories for CentOS/Fedora). One of these variables must be
+set:
+
+DIB_LOCAL_IMAGE
+    - Path to the locally downloaded image
+    - Default: None
+
+DIB_CLOUD_IMAGES
+    - Directory base URL to download the image from
+    - Default: depends on the distribution
+
+For example to build a CentOS 7 amphora with Pike RPM packages:
+.. code:: bash
+
+    # Get image
+    $ wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
+
+    # Add repository
+    $ virt-customize -a CentOS-7-x86_64-GenericCloud.qcow2  --selinux-relabel --run-command 'yum install -y centos-release-openstack-pike'
+
+    # Point to modified image and run script
+    $ export DIB_LOCAL_IMAGE=/home/stack/CentOS-7-x86_64-GenericCloud.qcow2
+    $ ./diskimage-create.sh -p -i centos
+
 RHEL specific variables
 ------------------------
 Building a RHEL-based image requires:

diskimage-create/diskimage-create.sh

@@ -23,11 +23,12 @@ usage() {
     echo "            [-a i386 | **amd64** | armhf ]"
     echo "            [-b **haproxy** ]"
     echo "            [-c **~/.cache/image-create** | <cache directory> ]"
-    echo "            [-d **xenial** | trusty | <other release id> ]"
+    echo "            [-d **xenial**/**7** | trusty | <other release id> ]"
     echo "            [-h]"
     echo "            [-i **ubuntu** | fedora | centos | rhel ]"
     echo "            [-n]"
     echo "            [-o **amphora-x64-haproxy** | <filename> ]"
+    echo "            [-p]"
     echo "            [-r <root password> ]"
     echo "            [-s **2** | <size in GB> ]"
     echo "            [-t **qcow2** | tar | vhd ]"
@@ -42,6 +43,7 @@ usage() {
     echo "        '-i' is the base OS (default: ubuntu)"
     echo "        '-n' disable sshd (default: enabled)"
     echo "        '-o' is the output image file name"
+    echo "        '-p' install amphora-agent from distribution packages (default: disabled)"
     echo "        '-r' enable the root account in the generated image (default: disabled)"
     echo "        '-s' is the image size to produce in gigabytes (default: 2)"
     echo "        '-t' is the image type (default: qcow2)"
@@ -76,7 +78,7 @@ if [ -z $OCTAVIA_REPO_PATH ]; then
 fi
 dib_enable_tracing=
 
-while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do
+while getopts "a:b:c:d:hi:no:pt:r:s:vw:x" opt; do
     case $opt in
         a)
             AMP_ARCH=$OPTARG
@@ -120,6 +122,9 @@ while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do
         o)
             AMP_OUTPUTFILENAME=$(readlink -f $OPTARG)
         ;;
+        p)
+            export DIB_INSTALLTYPE_amphora_agent=package
+        ;;
         t)
             AMP_IMAGETYPE=$OPTARG
             if [ $AMP_IMAGETYPE != "qcow2" ] && \
@@ -169,8 +174,8 @@ AMP_BASEOS=${AMP_BASEOS:-"ubuntu"}
 
 if [ "$AMP_BASEOS" = "ubuntu" ]; then
     export DIB_RELEASE=${AMP_DIB_RELEASE:-"xenial"}
-else
-    export DIB_RELEASE=${AMP_DIB_RELEASE}
+elif [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
+    export DIB_RELEASE=${AMP_DIB_RELEASE:-"7"}
 fi
 
 AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy"}
@@ -299,14 +304,11 @@ pushd $TEMP > /dev/null
 
 # Setup the elements list
 
-if [ "$AMP_BASEOS" = "ubuntu" ]; then
-    AMP_element_sequence=${AMP_element_sequence:-"base vm ubuntu"}
-elif [ "$AMP_BASEOS" = "fedora" ]; then
-    AMP_element_sequence=${AMP_element_sequence:-"base vm fedora selinux-permissive"}
-elif [ "$AMP_BASEOS" = "centos" ]; then
-    AMP_element_sequence=${AMP_element_sequence:-"base vm centos7 selinux-permissive"}
-elif [ "$AMP_BASEOS" = "rhel" ]; then
-    AMP_element_sequence=${AMP_element_sequence:-"base vm rhel7 selinux-permissive"}
+AMP_element_sequence=${AMP_element_sequence:-"base vm"}
+if [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then
+    AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}${DIB_RELEASE}"
+else
+    AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}"
 fi
 
 # Add our backend element (haproxy, etc.)
@@ -318,17 +320,11 @@ if [ "$AMP_ROOTPW" ]; then
 fi
 
 # Add the Amphora Agent and Pyroute elements
-if [ "$AMP_BASEOS" = "ubuntu" ]; then
-    AMP_element_sequence="$AMP_element_sequence rebind-sshd"
-    AMP_element_sequence="$AMP_element_sequence no-resolvconf"
-    AMP_element_sequence="$AMP_element_sequence amphora-agent"
-elif [ "$AMP_BASEOS" = "rhel" ]; then
-    AMP_element_sequence="$AMP_element_sequence no-resolvconf"
-    AMP_element_sequence="$AMP_element_sequence amphora-agent-rhel"
-else
-    AMP_element_sequence="$AMP_element_sequence no-resolvconf"
-    AMP_element_sequence="$AMP_element_sequence amphora-agent"
-fi
+AMP_element_sequence="$AMP_element_sequence rebind-sshd"
+AMP_element_sequence="$AMP_element_sequence no-resolvconf"
+AMP_element_sequence="$AMP_element_sequence amphora-agent"
+#TODO(bcafarel): make this conditional
+AMP_element_sequence="$AMP_element_sequence selinux-permissive"
 
 # Add keepalived-octavia element
 AMP_element_sequence="$AMP_element_sequence keepalived-octavia"

elements/amphora-agent-rhel/README.rst

@@ -1 +0,0 @@
-Element to install an Octavia Amphora agent on RHEL systems.

elements/amphora-agent-rhel/element-deps

@@ -1 +0,0 @@
-package-installs

elements/amphora-agent-rhel/package-installs.yaml

@@ -1 +0,0 @@
-openstack-octavia-amphora-agent:

elements/amphora-agent-rhel/post-install.d/11-enable-octavia-amphora-agent-systemd

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
-    set -x
-fi
-set -eu
-set -o pipefail
-
-systemctl enable octavia-amphora-agent

elements/amphora-agent/README.rst

@@ -1,3 +1,8 @@
 Element to install an Octavia Amphora agent.
 
+By default, it installs the agent from source. To enable installation from
+distribution repositories, define the following:
+    export DIB_INSTALLTYPE_amphora_agent=package
 
+Note: this requires a system base image modified to include OpenStack
+repositories

elements/amphora-agent/element-deps

@@ -1,5 +1,6 @@
 dib-init-system
-install-static
 package-installs
+pkg-map
 pip-and-virtualenv
 source-repositories
+svc-map

elements/amphora-agent/install.d/75-run_setup_install

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
-    set -x
-fi
-set -eu
-set -o pipefail
-
-pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent
-
-# Accommodate centos default install location
-ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true
-
-mkdir /etc/octavia
-# we assume certs, etc will come in through the config drive
-mkdir /etc/octavia/certs
-mkdir -p /var/lib/octavia
-

elements/amphora-agent/install.d/amphora-agent-source-install/75-amphora-agent-install

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+SCRIPTDIR=$(dirname $0)
+
+pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent
+
+# Accommodate centos default install location
+ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true
+
+mkdir /etc/octavia
+# we assume certs, etc will come in through the config drive
+mkdir /etc/octavia/certs
+mkdir -p /var/lib/octavia
+
+install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.logrotate /etc/logrotate.d/amphora-agent
+
+case "$DIB_INIT_SYSTEM" in
+    upstart)
+        install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.conf /etc/init/amphora-agent.conf
+        ;;
+    systemd)
+        install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.service /usr/lib/systemd/system/amphora-agent.service
+        ;;
+    sysv)
+        install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.init /etc/init.d/amphora-agent.init
+        ;;
+    *)
+        echo "Unsupported init system"
+        exit 1
+        ;;
+esac

elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.logrotate

@@ -0,0 +1,14 @@
+/var/log/amphora-agent.log {
+    daily
+    rotate 10
+    missingok
+    notifempty
+    compress
+    delaycompress
+    sharedscripts
+    postrotate
+        # Signal name shall not have the SIG prefix in kill command
+        # http://pubs.opengroup.org/onlinepubs/9699919799/utilities/kill.html
+        kill -s USR1 $(cat /var/run/amphora-agent.pid)
+    endscript
+}

elements/amphora-agent/package-installs.yaml

@@ -1,4 +1,10 @@
+amphora-agent:
+  installtype: package
 build-essential:
+  installtype: source
 libffi-dev:
+  installtype: source
 libssl-dev:
+  installtype: source
 python-dev:
+  installtype: source

elements/amphora-agent/pkg-map

@@ -0,0 +1,10 @@
+{
+  "family": {
+    "redhat": {
+      "amphora-agent": "openstack-octavia-amphora-agent"
+    }
+  },
+  "default": {
+    "amphora-agent": "amphora-agent"
+  }
+}

elements/amphora-agent/post-install.d/11-enable-amphora-agent-systemd

@@ -3,9 +3,10 @@
 if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
     set -x
 fi
+
 set -eu
 set -o pipefail
 
-if [[ -f /bin/systemctl ]]; then
-    /bin/systemctl enable amphora-agent
+if [ "$DIB_INIT_SYSTEM" == "systemd" ]; then
+    systemctl enable $(svc-map amphora-agent)
 fi

elements/amphora-agent/source-repository-amphora-agent

@@ -1,3 +1,3 @@
-# This is temporary until we have a pip package
+# This is used for source-based builds
 amphora-agent git /opt/amphora-agent https://git.openstack.org/openstack/octavia
 upper-constraints file /opt/upper-constraints.txt https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt

elements/amphora-agent/static/etc/logrotate.d/amphora-agent

@@ -1,12 +0,0 @@
-/var/log/amphora-agent.log {
-    daily
-    rotate 10
-    missingok
-    notifempty
-    compress
-    delaycompress
-    sharedscripts
-    postrotate
-        kill -s SIGUSR1 $(cat /var/run/amphora-agent.pid)
-    endscript
-}

elements/amphora-agent/svc-map

@@ -1,2 +1,3 @@
 amphora-agent:
   default: amphora-agent
+  redhat: octavia-amphora-agent

elements/rebind-sshd/finalise.d/98-rebind-sshd-after-dhcp

@@ -1,5 +1,9 @@
 #!/bin/bash
-echo '#!/bin/sh
+
+# isc dhcpd specific section
+if [[ $DISTRO_NAME = "ubuntu" || $DISTRO_NAME = "debian" ]]; then
+
+  echo '#!/bin/sh
 if [ "$reason" = "BOUND" ]; then
     if `grep -q "#ListenAddress 0.0.0.0" /etc/ssh/sshd_config`; then
         /bin/sed -i "s/^#ListenAddress 0.0.0.0.*$/ListenAddress $new_ip_address/g" /etc/ssh/sshd_config
@@ -8,4 +12,5 @@ if [ "$reason" = "BOUND" ]; then
         fi
     fi
 fi' > /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
-chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
+  chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd
+fi