Add role for Container file(s) generation

This change creates a role that implements the Dockerfile specification via
simple template, which will allow us to generate our container files based on
our current needs. When container files are generated, both a Dockerfile
and Buildah script will be created in the selected base path. This will maintain
flexability in our build choices.

Change-Id: I86102fe7075fd6918644e3e981a28e0b31ae9694
Signed-off-by: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit 1450561cba)
This commit is contained in:
Kevin Carter 2020-04-23 20:53:14 -05:00 committed by Emilien Macchi
parent 132b9d20d5
commit 0b20e680c1
12 changed files with 560 additions and 0 deletions

View File

@ -0,0 +1,50 @@
====================================
Role - tripleo-container-image-build
====================================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo-container-image-build
This is an example application variable file.
.. code-block:: yaml
---
# FROM
tcib_from: "ubi8"
# Path where container file be generated
tcib_path: "{{ lookup('env', 'HOME') }}/tripleo-base"
# this ends up being a LABEL
tcib_labels:
maintainer: "TripleO"
# ENTRYPOINT
tcib_entrypoint: "dumb-init --single-child --"
# STOPSIGNAL
tcib_stopsignal: "SIGTERM"
# ENV
tcib_envs:
LANG: en_US.UTF-8
# RUN commands
tcib_runs:
- mkdir -p /etc/ssh
- touch /etc/ssh/ssh_known_host
- mkdir -p /openstack
- dnf install -y crudini curl
# COPY
tcib_copies:
- /usr/share/tripleo-common/healthcheck/common.sh /openstack/common.sh
This role can be used with the TripleO playbook, `cli-generate-containerfile.yaml`.
.. code-block:: shell
ansible-playbook -i 'localhost,' /usr/share/ansible/tripleo-playbooks/cli-generate-containerfile.yaml -e @~/tripleo-base.yaml

View File

@ -0,0 +1,24 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Generate container file(s)
connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
hosts: "{{ tripleo_target_host | default('localhost') }}"
remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
any_errors_fatal: true
roles:
- role: tripleo-container-image-build

View File

@ -0,0 +1,81 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
tcib_path: "{{ lookup('env', 'HOME') }}"
# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#arg
tcib_args: {}
# String, required, 'item', implements https://docs.docker.com/engine/reference/builder/#from
tcib_from: "centos:8"
# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#label
tcib_labels: {}
# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#env
tcib_envs: {}
# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#onbuild
tcib_onbuilds: []
# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#volume
tcib_volumes: []
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#workdir
tcib_workdir: ''
# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#add
tcib_adds: []
# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#copy
tcib_copies: []
# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#expose
tcib_exposes: []
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#user
tcib_user: ''
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#shell
tcib_shell: ''
# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#run
tcib_runs: []
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#healthcheck
tcib_healthcheck: ''
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#stopsignal
tcib_stopsignal: ''
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#entrypoint
tcib_entrypoint: ''
# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#cmd
tcib_cmd: ''
# List of Dictionaries, single level key:value pairs, key=VERB, value=verb action.
# NOTE(cloudnull): This allows for arbitrary docker verbs and maintains ordering.
# all available verbs can be found here: https://docs.docker.com/engine/reference/builder
tcib_actions: []
# List of Strings, optional, <item>, Collects file from the host and stores them in the build directory.
tcib_gather_files: []
# Boolean, enables the gathering of files.
tcib_pre_build: false

View File

@ -0,0 +1,42 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-container-image-build
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: CentOS
versions:
- 7
- 8
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,53 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
dockerfile: Dockerfile
pkg_extras: python-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
dockerfile: Dockerfile
pkg_extras: python*-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- check
- verify
- destroy
lint:
enabled: false
verifier:
name: testinfra
lint:
name: flake8

View File

@ -0,0 +1,21 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
roles:
- role: "tripleo-container-image-build"

View File

@ -0,0 +1,21 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps

View File

@ -0,0 +1,43 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# "tripleo-container-image-build" will search for and load any operating system variable file
- name: Ensure path exists
file:
path: "{{ tcib_path }}"
state: "directory"
- name: Gather files
fetch:
src: "{{ item }}"
dest: "{{ tcib_path }}/{{ item }}"
flat: true
loop: "{{ tcib_gather_files }}"
when:
- tcib_pre_build | bool
- name: Create a container file
template:
src: "Containerfile.j2"
dest: "{{ tcib_path }}/Dockerfile"
- name: Create a buildah file
template:
src: "buildahfile.sh.j2"
dest: "{{ tcib_path }}/buildahfile.sh"
mode: "0755"

View File

@ -0,0 +1,77 @@
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% for key, value in tcib_args.items() %}
ARG = {{ key }}={{ value | to_json }}
{% endfor %}
FROM {{ tcib_from }}
{% for key, value in tcib_labels.items() %}
LABEL {{ key }}={{ value | to_json }}
{% endfor %}
{% for key, value in tcib_envs.items() %}
ENV {{ key }}={{ value | to_json }}
{% endfor %}
{% for item in tcib_onbuilds %}
ONBUILD {{ item }}
{% endfor %}
{% if tcib_volumes | length > 0 %}
VOLUME {{ tcib_volumes }}
{% endif %}
{% if tcib_workdir | length > 0 %}
WORKDIR {{ tcib_workdir | to_json }}
{% endif %}
{% for item in tcib_adds %}
ADD {{ item }}
{% endfor %}
{% for item in tcib_exposes %}
EXPOSE {{ item }}
{% endfor %}
{% for item in tcib_copies %}
COPY {{ item }}
{% endfor %}
{% if tcib_shell | length > 0 %}
SHELL {{ tcib_shell.split() | to_json }}
{% endif %}
{% for item in tcib_runs %}
{% if item is iterable and item is not string %}
RUN {{ item | to_json }}
{% else %}
RUN {{ item }}
{% endif %}
{% endfor %}
{% for item in tcib_actions %}
{% for key, value in item.items() %}
{% if value is iterable and value is not string %}
{{ key.upper() }} {{ value | to_json }}
{% else %}
{{ key.upper() }} {{ value }}
{% endif %}
{% endfor %}
{% endfor %}
{% if tcib_healthcheck | length > 0 %}
HEALTHCHECK {{ tcib_healthcheck }}
{% endif %}
{% if tcib_stopsignal | length > 0 %}
STOPSIGNAL {{ tcib_stopsignal }}
{% endif %}
{% if tcib_entrypoint | length > 0 %}
ENTRYPOINT {{ tcib_entrypoint.split() | to_json }}
{% endif %}
{% if tcib_cmd | length > 0 %}
CMD {{ tcib_cmd.split() | to_json }}
{% endif %}
{% if tcib_user | length > 0 %}
USER {{ tcib_user }}
{% endif %}

View File

@ -0,0 +1,102 @@
#!/usr/bin/env bash
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -ev
{% set verb_matrix = {
'label': 'label',
'cmd': 'cmd',
'entrypoint': 'entrypoint',
'env': 'env',
'expose': 'port',
'healthcheck': 'healthcheck',
'onbuild': 'onbuild',
'shell': 'shell',
'stopsignal': 'stop-signal',
'user': 'user',
'volume': 'volume',
'workdir': 'workingdir'
}
%}
{% for key, value in tcib_args.items() %}
export {{ key }}={{ value | to_json }}
{% endfor %}
CONTAINER=$(buildah from {{ tcib_from }})
MOUNTPOINT=$(buildah mount ${CONTAINER})
{% for key, value in tcib_labels.items() %}
buildah config --label {{ key }}={{ value | to_json }} ${CONTAINER}
{% endfor %}
{% for key, value in tcib_envs.items() %}
buildah config --env {{ key }}={{ value | to_json }} ${CONTAINER}
{% endfor %}
{% if tcib_workdir | length > 0 %}
buildah config --workingdir {{ tcib_workdir | to_json }} ${CONTAINER}
{% endif %}
{% for item in tcib_onbuilds %}
buildah config --onbuild {{ item }} ${CONTAINER}
{% endfor %}
{% for item in tcib_volumes %}
buildah config --volume {{ item }} ${CONTAINER}
{% endfor %}
{% for item in tcib_exposes %}
buildah config --port {{ item }} ${CONTAINER}
{% endfor %}
{% if tcib_shell | length > 0 %}
buildah config --shell {{ tcib_shell | to_json }} ${CONTAINER}
{% endif %}
{% if tcib_healthcheck | length > 0 %}
buildah config --healthcheck {{ tcib_healthcheck | to_json }} ${CONTAINER}
{% endif %}
{% if tcib_stopsignal | length > 0 %}
buildah config --stop-signal {{ tcib_stopsignal }} ${CONTAINER}
{% endif %}
{% if tcib_entrypoint | length > 0 %}
buildah config --entrypoint {{ tcib_entrypoint | to_json }} ${CONTAINER}
{% endif %}
{% if tcib_cmd | length > 0 %}
buildah config --cmd {{ tcib_cmd | to_json }} ${CONTAINER}
{% endif %}
{% for item in tcib_adds %}
buildah add ${CONTAINER} {{ item }}
{% endfor %}
{% for item in tcib_copies %}
buildah copy ${CONTAINER} {{ item }}
{% endfor %}
{% for item in tcib_runs %}
{% if item is iterable and item is not string %}
buildah run ${CONTAINER} {{ item | join(' ') }}
{% else %}
buildah run ${CONTAINER} {{ item }}
{% endif %}
{% endfor %}
{% for item in tcib_actions %}
{% for key, value in item.items() %}
{% if key.lower() in verb_matrix.keys() %}
buildah config --{{ verb_matrix[key.lower()] | to_json }} ${CONTAINER}
{% else %}
{% if value is iterable and value is not string %}
buildah {{ key.lower() }} ${CONTAINER} {{ value | join(' ') }}
{% else %}
buildah {{ key.lower() }} ${CONTAINER} {{ value }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% if tcib_user | length > 0 %}
buildah config --user {{ tcib_user }} ${CONTAINER}
{% endif %}
buildah commit ${CONTAINER} {{ tcib_path | basename }}
buildah unmount ${CONTAINER}

View File

@ -22,6 +22,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-ptp
- tripleo-ansible-centos-7-molecule-tripleo-timezone
- tripleo-ansible-centos-7-molecule-tripleo-config
- tripleo-ansible-centos-7-molecule-tripleo-container-image-build
- tripleo-ansible-centos-7-molecule-tripleo-container-stop
- tripleo-ansible-centos-7-molecule-tripleo-hieradata
- tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera
@ -66,6 +67,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-ptp
- tripleo-ansible-centos-7-molecule-tripleo-timezone
- tripleo-ansible-centos-7-molecule-tripleo-config
- tripleo-ansible-centos-7-molecule-tripleo-container-image-build
- tripleo-ansible-centos-7-molecule-tripleo-container-stop
- tripleo-ansible-centos-7-molecule-tripleo-hieradata
- tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera
@ -235,6 +237,13 @@
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-config
- job:
files:
- ^tripleo_ansible/roles/tripleo-container-image-build/.*
name: tripleo-ansible-centos-7-molecule-tripleo-container-image-build
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-container-image-build
- job:
files:
- ^tripleo_ansible/roles/tripleo-container-stop/.*