make a gentoo nodepool image

Depends-On: I17202de3016616ce34c8cbead7d0fb047a64e96b

Change-Id: Icf5e7e8bc4f005111cd2492d3c1a2c492b8a7a96

nodepool/elements/infra-package-needs/install.d/10-pip-packages

@@ -22,6 +22,9 @@ set -e
 
 packages='tox'
 
-for package in $packages ; do
+# non-system root installed packages can interfere with things
-    pip install $package
+if [ "${DISTRO_NAME}" != "gentoo" ]; then
-done
+    for package in $packages ; do
+        pip install $package
+    done
+fi

nodepool/elements/infra-package-needs/package-installs.yaml

@@ -32,3 +32,4 @@ centos-release-openstack-ocata:
 redhat-rpm-config:
 redhat-lsb-core:
 curl:
+tox:

nodepool/elements/infra-package-needs/pkg-map

@@ -11,9 +11,15 @@
       "build-essential": "",
       "cron": "sys-process/cronie",
       "curl": "net-misc/curl",
+      "dnsutils": "net-dns/bind-tools",
+      "git": "dev-vcs/git",
+      "iptables": "net-firewall/iptables",
+      "iputils-ping": "net-misc/iputils",
       "ntp": "net-misc/ntp",
+      "ntpdate": "net-misc/ntp",
       "python-dev": "",
       "python3-dev": "",
+      "tox": "dev-python/tox",
       "traceroute": "net-analyzer/traceroute",
       "uuid-runtime": ""
     },
@@ -57,6 +63,7 @@
     "redhat-rpm-config": "",
     "redhat-lsb-core": "",
     "python-xml": "",
-    "python3": ""
+    "python3": "",
+    "tox": ""
   }
 }

nodepool/elements/infra-package-needs/post-install.d/80-enable-haveged

@@ -15,9 +15,7 @@ case "$DIB_INIT_SYSTEM" in
         systemctl enable haveged.service
         ;;
     openrc)
-        # TODO(pabelanger): Make sure we support gentoo if we bring images
+        rc-update add haveged default
-        # online for nodepool.o.o.
-        exit 0
         ;;
     sysv)
         exit 0

nodepool/elements/infra-package-needs/post-install.d/80-enable-infra-services

@@ -19,8 +19,8 @@ case "$DIB_INIT_SYSTEM" in
         fi
         ;;
     openrc)
-        # let dib-init-system's postinstall handle enabling init scripts
+        rc-update add ntp-client default
-        exit 0
+        rc-update add acpid default
         ;;
     sysv)
         # ntp is enabled by default, nothing to do

nodepool/elements/infra-package-needs/pre-install.d/00-gentoo-useflags

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+# needed for unbound
+if [ "${DISTRO_NAME}" == "gentoo" ]; then
+    mkdir -p /etc/portage/package.use
+    echo "dev-libs/openssl static-libs -bindist" >> /etc/portage/package.use/openssl
+    echo "net-misc/openssh -bindist" >> /etc/portage/package.use/openssh
+    echo "sys-libs/zlib static-libs" >> /etc/portage/package.use/zlib
+fi

nodepool/elements/jenkins-slave/install.d/20-jenkins-slave

@@ -33,7 +33,7 @@ if [ ! -f $_pub_key ]; then
     die "Can not find Jenkins public key!"
 fi
 
-mkdir /home/jenkins/.ssh
+mkdir -p /home/jenkins/.ssh
 chmod 700 /home/jenkins/.ssh
 
 cp $_pub_key /home/jenkins/.ssh/authorized_keys

nodepool/elements/nodepool-base/finalise.d/89-unbound

@@ -53,6 +53,10 @@ echo "$UNBOUND_LOGGING_CONF" > /tmp/unbound-logging.conf
 
 if [[ "$DISTRO_NAME" =~ (centos|fedora|opensuse) ]] ; then
     UNBOUND_CONFD=/etc/unbound/conf.d
+elif [[ "$DISTRO_NAME" =~ 'gentoo' ]] ; then
+    UNBOUND_CONFD=/etc/unbound/conf.d
+    mkdir -p $UNBOUND_CONFD
+    echo "include: \"$UNBOUND_CONFD\"" >> /etc/unbound/unbound.conf
 else
     UNBOUND_CONFD=/etc/unbound/unbound.conf.d
 fi
@@ -67,6 +71,8 @@ chmod 0644 /var/log/unbound.log
 
 if [[ "$DISTRO_NAME" =~ (opensuse) ]] ; then
     rclocal=/etc/init.d/boot.local
+elif [[ "${DISTRO_NAME}" =~ "gentoo" ]]; then
+    rclocal=/etc/local.d/unbound.start
 else
     # You'd think rc.local would be simple ...
     #
@@ -147,7 +153,7 @@ fi
 dhcp_file=''
 if [[ "$DISTRO_NAME" =~ (centos|rhel7|fedora) ]] ; then
     dhcp_file=/etc/dhcp/dhclient-eth0.conf
-elif [[ "$DISTRO_NAME" =~ (debian|ubuntu) ]] ; then
+elif [[ "$DISTRO_NAME" =~ (debian|ubuntu|gentoo) ]] ; then
     dhcp_file=/etc/dhcp/dhclient.conf
 fi
 if [ -n "$dhcp_file" ] ; then
@@ -170,7 +176,7 @@ case "$DIB_INIT_SYSTEM" in
         systemctl enable unbound.service
         ;;
     openrc)
-        # let dib-init-system's postinstall handle enabling init scripts
+        rc-update add unbound default
         ;;
     sysv)
         # nothing to do

nodepool/elements/nodepool-base/install.d/20-iptables

@@ -32,6 +32,10 @@ elif [[ "$DISTRO_NAME" =~ 'opensuse' ]] ; then
     rules_dir=/etc/sysconfig
     ipv4_rules=${rules_dir}/iptables
     ipv6_rules=${rules_dir}/ip6tables
+elif [[ "$DISTRO_NAME" =~ 'gentoo' ]] ; then
+    rules_dir=/var/lib/iptables  # not needed, part of the package install
+    ipv4_rules=/var/lib/iptables/rules-save
+    ipv6_rules=/var/lib/ip6tables/rules-save
 else
     echo "Unsupported operating system $DISTRO_NAME"
     exit 1
@@ -96,5 +100,9 @@ fw_custom_after_finished() {
     /usr/sbin/ip6tables-restore $ipv6_rules
 }
 EOF
-
+fi
+
+if [[ "$DISTRO_NAME" =~ 'gentoo' ]] ; then
+    /sbin/iptables-restore $ipv4_rules
+    /sbin/ip6tables-restore $ipv6_rules
 fi

nodepool/elements/nodepool-base/post-install.d/20-iptables

@@ -30,6 +30,10 @@ elif [[ "$DISTRO_NAME" =~ (centos|fedora) ]] ; then
     service_name=iptables
 elif [[ "$DISTRO_NAME" == 'opensuse' ]] ; then
     service_name=SuSEfirewall2
+elif [[ "$DISTRO_NAME" == 'gentoo' ]] ; then
+    service_name=iptables  # for systemd
+    service_name1=iptables  # for openrc
+    service_name2=ip6tables  # for openrc
 else
     echo "Unsupported operating system $DISTRO_NAME"
     exit 1
@@ -45,6 +49,10 @@ case "$DIB_INIT_SYSTEM" in
             systemctl enable ip6tables.service
         fi
         ;;
+    openrc)
+        rc-update add ${service_name1} default
+        rc-update add ${service_name2} default
+        ;;
     *)
         echo "Unsupported init system $DIB_INIT_SYSTEM"
         exit 1

nodepool/elements/zuul-worker/install.d/60-zuul-worker

@@ -30,7 +30,7 @@ if [ ! -f $_pub_key ]; then
     die "Can not find Zuul public key!"
 fi
 
-mkdir /home/zuul/.ssh
+mkdir -p /home/zuul/.ssh
 chmod 700 /home/zuul/.ssh
 cp $_pub_key /home/zuul/.ssh/authorized_keys
 

nodepool/nl02.openstack.org.yaml

@@ -518,6 +518,26 @@ diskimages:
       DIB_IMAGE_CACHE: /opt/dib_cache
       QEMU_IMG_OPTIONS: compat=0.10
       DIB_GRUB_TIMEOUT: '0'
+  - name: gentoo
+    elements:
+      - gentoo
+      - vm
+      - simple-init
+      - openstack-repos
+      - nodepool-base
+      - growroot
+      - infra-package-needs
+    env-vars:
+      TMPDIR: /opt/dib_tmp
+      DIB_CHECKSUM: '1'
+      DIB_IMAGE_CACHE: /opt/dib_cache
+      QEMU_IMG_OPTIONS: compat=0.10
+      DIB_GRUB_TIMEOUT: '0'
+      GENTOO_PORTAGE_CLEANUP: 'True'
+      DIB_INSTALLTYPE_pip_and_virtualenv: 'package'
+      DIB_INSTALLTYPE_simple_init: 'repo'
+      GENTOO_PYTHON_TARGETS: 'python2_7 python3_5'
+      GENTOO_PYTHON_ACTIVE_VERSION: python3.5
   - name: opensuse-423
     elements:
       - opensuse-minimal