Add role for Container file(s) generation

This change creates a role that implements the Dockerfile specification via simple template, which will allow us to generate our container files based on our current needs. When container files are generated, both a Dockerfile and Buildah script will be created in the selected base path. This will maintain flexability in our build choices. Change-Id: I86102fe7075fd6918644e3e981a28e0b31ae9694 Signed-off-by: Kevin Carter <kecarter@redhat.com>
2020-04-23 20:53:14 -05:00 · 2020-04-23 20:53:14 -05:00 · 1450561cba
commit 1450561cba
parent a1a1f1e82d
12 changed files with 545 additions and 0 deletions
--- a/doc/source/roles/role-tripleo_container_image_build.rst
+++ b/doc/source/roles/role-tripleo_container_image_build.rst
@ -0,0 +1,50 @@
+====================================
+Role - tripleo_container_image_build
+====================================
+
+.. ansibleautoplugin::
+  :role: tripleo_ansible/roles/tripleo_container_image_build
+
+This is an example application variable file.
+
+.. code-block:: yaml
+
+    ---
+
+    # FROM
+    tcib_from: "ubi8"
+
+    # Path where container file be generated
+    tcib_path: "{{ lookup('env', 'HOME') }}/tripleo-base"
+
+    # this ends up being a LABEL
+    tcib_labels:
+      maintainer: "TripleO"
+
+    # ENTRYPOINT
+    tcib_entrypoint: "dumb-init --single-child --"
+
+    # STOPSIGNAL
+    tcib_stopsignal: "SIGTERM"
+
+    # ENV
+    tcib_envs:
+      LANG: en_US.UTF-8
+
+    # RUN commands
+    tcib_runs:
+      - mkdir -p /etc/ssh
+      - touch /etc/ssh/ssh_known_host
+      - mkdir -p /openstack
+      - dnf install -y crudini curl
+
+    # COPY
+    tcib_copies:
+      - /usr/share/tripleo-common/healthcheck/common.sh /openstack/common.sh
+
+
+This role can be used with the TripleO playbook, `cli-generate-containerfile.yaml`.
+
+.. code-block:: shell
+
+    ansible-playbook -i 'localhost,' /usr/share/ansible/tripleo-playbooks/cli-generate-containerfile.yaml -e @~/tripleo-base.yaml
--- a/tripleo_ansible/playbooks/cli-generate-containerfile.yaml
+++ b/tripleo_ansible/playbooks/cli-generate-containerfile.yaml
@ -0,0 +1,24 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Generate container file(s)
+  connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
+  hosts: "{{ tripleo_target_host | default('localhost') }}"
+  remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
+  gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
+  any_errors_fatal: true
+  roles:
+    - role: tripleo_container_image_build
--- a/tripleo_ansible/roles/tripleo_container_image_build/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_container_image_build/defaults/main.yml
@ -0,0 +1,81 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+tcib_path: "{{ lookup('env', 'HOME') }}"
+
+# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#arg
+tcib_args: {}
+
+# String, required, 'item', implements https://docs.docker.com/engine/reference/builder/#from
+tcib_from: "centos:8"
+
+# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#label
+tcib_labels: {}
+
+# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#env
+tcib_envs: {}
+
+# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#onbuild
+tcib_onbuilds: []
+
+# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#volume
+tcib_volumes: []
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#workdir
+tcib_workdir: ''
+
+# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#add
+tcib_adds: []
+
+# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#copy
+tcib_copies: []
+
+# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#expose
+tcib_exposes: []
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#user
+tcib_user: ''
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#shell
+tcib_shell: ''
+
+# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#run
+tcib_runs: []
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#healthcheck
+tcib_healthcheck: ''
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#stopsignal
+tcib_stopsignal: ''
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#entrypoint
+tcib_entrypoint: ''
+
+# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#cmd
+tcib_cmd: ''
+
+# List of Dictionaries, single level key:value pairs, key=VERB, value=verb action.
+# NOTE(cloudnull): This allows for arbitrary docker verbs and maintains ordering.
+#                  all available verbs can be found here: https://docs.docker.com/engine/reference/builder
+tcib_actions: []
+
+# List of Strings, optional, <item>, Collects file from the host and stores them in the build directory.
+tcib_gather_files: []
+
+# Boolean, enables the gathering of files.
+tcib_pre_build: false
--- a/tripleo_ansible/roles/tripleo_container_image_build/meta/main.yml
+++ b/tripleo_ansible/roles/tripleo_container_image_build/meta/main.yml
@ -0,0 +1,42 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO OpenStack Role -- tripleo_container_image_build
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.7
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+        - 8
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []
--- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/Dockerfile
+++ b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/Dockerfile
@ -0,0 +1,37 @@
+# Molecule managed
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
+
+{% for pkg in item.easy_install | default([]) %}
+# install pip for centos where there is no python-pip rpm in default repos
+RUN easy_install {{ pkg }}
+{% endfor %}
+
+
+CMD ["sh", "-c", "while true; do sleep 10000; done"]
--- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/converge.yml
+++ b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/converge.yml
@ -0,0 +1,21 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  hosts: all
+  roles:
+    - role: "tripleo_container_image_build"
--- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/molecule.yml
+++ b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/molecule.yml
@ -0,0 +1,38 @@
+---
+driver:
+  name: podman
+
+log: true
+
+platforms:
+  - name: centos8
+    hostname: centos8
+    image: centos:8
+    dockerfile: Dockerfile
+    pkg_extras: python*-setuptools
+    volumes:
+      - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
+    environment: &env
+      http_proxy: "{{ lookup('env', 'http_proxy') }}"
+      https_proxy: "{{ lookup('env', 'https_proxy') }}"
+    ulimits: &ulimit
+      - host
+
+provisioner:
+  name: ansible
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+  test_sequence:
+    - destroy
+    - create
+    - prepare
+    - converge
+    - check
+    - verify
+    - destroy
+
+verifier:
+  name: testinfra
--- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/prepare.yml
+++ b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/prepare.yml
@ -0,0 +1,21 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+  hosts: all
+  roles:
+    - role: test_deps
--- a/tripleo_ansible/roles/tripleo_container_image_build/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo_container_image_build/tasks/main.yml
@ -0,0 +1,43 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# "tripleo_container_image_build" will search for and load any operating system variable file
+
+- name: Ensure path exists
+  file:
+    path: "{{ tcib_path }}"
+    state: "directory"
+
+- name: Gather files
+  fetch:
+    src: "{{ item }}"
+    dest: "{{ tcib_path }}/{{ item }}"
+    flat: true
+  loop: "{{ tcib_gather_files }}"
+  when:
+    - tcib_pre_build | bool
+
+- name: Create a container file
+  template:
+    src: "Containerfile.j2"
+    dest: "{{ tcib_path }}/Dockerfile"
+
+- name: Create a buildah file
+  template:
+    src: "buildahfile.sh.j2"
+    dest: "{{ tcib_path }}/buildahfile.sh"
+    mode: "0755"
--- a/tripleo_ansible/roles/tripleo_container_image_build/templates/Containerfile.j2
+++ b/tripleo_ansible/roles/tripleo_container_image_build/templates/Containerfile.j2
@ -0,0 +1,77 @@
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+{% for key, value in tcib_args.items() %}
+ARG = {{ key }}={{ value | to_json }}
+{% endfor %}
+FROM {{ tcib_from }}
+{% for key, value in tcib_labels.items() %}
+LABEL {{ key }}={{ value | to_json }}
+{% endfor %}
+{% for key, value in tcib_envs.items() %}
+ENV {{ key }}={{ value | to_json }}
+{% endfor %}
+{% for item in tcib_onbuilds %}
+ONBUILD {{ item }}
+{% endfor %}
+{% if tcib_volumes | length > 0 %}
+VOLUME {{ tcib_volumes }}
+{% endif %}
+{% if tcib_workdir | length > 0 %}
+WORKDIR {{ tcib_workdir | to_json }}
+{% endif %}
+{% for item in tcib_adds %}
+ADD {{ item }}
+{% endfor %}
+{% for item in tcib_exposes %}
+EXPOSE {{ item }}
+{% endfor %}
+{% for item in tcib_copies %}
+COPY {{ item }}
+{% endfor %}
+{% if tcib_shell | length > 0 %}
+SHELL {{ tcib_shell.split() | to_json }}
+{% endif %}
+{% for item in tcib_runs %}
+{%   if item is iterable and item is not string %}
+RUN {{ item | to_json }}
+{%   else %}
+RUN {{ item }}
+{%   endif %}
+{% endfor %}
+{% for item in tcib_actions %}
+{%   for key, value in item.items() %}
+{%     if value is iterable and value is not string %}
+{{ key.upper() }} {{ value | to_json }}
+{%     else %}
+{{ key.upper() }} {{ value }}
+{%     endif %}
+{%   endfor %}
+{% endfor %}
+{% if tcib_healthcheck | length > 0 %}
+HEALTHCHECK {{ tcib_healthcheck }}
+{% endif %}
+{% if tcib_stopsignal | length > 0 %}
+STOPSIGNAL {{ tcib_stopsignal }}
+{% endif %}
+{% if tcib_entrypoint | length > 0 %}
+ENTRYPOINT {{ tcib_entrypoint.split() | to_json }}
+{% endif %}
+{% if tcib_cmd | length > 0 %}
+CMD {{ tcib_cmd.split() | to_json }}
+{% endif %}
+{% if tcib_user | length > 0 %}
+USER {{ tcib_user }}
+{% endif %}
--- a/tripleo_ansible/roles/tripleo_container_image_build/templates/buildahfile.sh.j2
+++ b/tripleo_ansible/roles/tripleo_container_image_build/templates/buildahfile.sh.j2
@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -ev
+
+{% set verb_matrix = {
+    'label': 'label',
+    'cmd': 'cmd',
+    'entrypoint': 'entrypoint',
+    'env': 'env',
+    'expose': 'port',
+    'healthcheck': 'healthcheck',
+    'onbuild': 'onbuild',
+    'shell': 'shell',
+    'stopsignal': 'stop-signal',
+    'user': 'user',
+    'volume': 'volume',
+    'workdir': 'workingdir'
+   }
+%}
+{% for key, value in tcib_args.items() %}
+export {{ key }}={{ value | to_json }}
+{% endfor %}
+CONTAINER=$(buildah from {{ tcib_from }})
+MOUNTPOINT=$(buildah mount ${CONTAINER})
+{% for key, value in tcib_labels.items() %}
+buildah config --label {{ key }}={{ value | to_json }} ${CONTAINER}
+{% endfor %}
+{% for key, value in tcib_envs.items() %}
+buildah config --env {{ key }}={{ value | to_json }} ${CONTAINER}
+{% endfor %}
+{% if tcib_workdir | length > 0 %}
+buildah config --workingdir {{ tcib_workdir | to_json }} ${CONTAINER}
+{% endif %}
+{% for item in tcib_onbuilds %}
+buildah config --onbuild {{ item }} ${CONTAINER}
+{% endfor %}
+{% for item in tcib_volumes %}
+buildah config --volume {{ item }} ${CONTAINER}
+{% endfor %}
+{% for item in tcib_exposes %}
+buildah config --port {{ item }} ${CONTAINER}
+{% endfor %}
+{% if tcib_shell | length > 0 %}
+buildah config --shell {{ tcib_shell | to_json }} ${CONTAINER}
+{% endif %}
+{% if tcib_healthcheck | length > 0 %}
+buildah config --healthcheck {{ tcib_healthcheck | to_json }} ${CONTAINER}
+{% endif %}
+{% if tcib_stopsignal | length > 0 %}
+buildah config --stop-signal {{ tcib_stopsignal }} ${CONTAINER}
+{% endif %}
+{% if tcib_entrypoint | length > 0 %}
+buildah config --entrypoint {{ tcib_entrypoint | to_json }} ${CONTAINER}
+{% endif %}
+{% if tcib_cmd | length > 0 %}
+buildah config --cmd {{ tcib_cmd | to_json }} ${CONTAINER}
+{% endif %}
+{% for item in tcib_adds %}
+buildah add ${CONTAINER} {{ item }}
+{% endfor %}
+{% for item in tcib_copies %}
+buildah copy ${CONTAINER} {{ item }}
+{% endfor %}
+{% for item in tcib_runs %}
+{%   if item is iterable and item is not string %}
+buildah run ${CONTAINER} {{ item | join(' ') }}
+{%   else %}
+buildah run ${CONTAINER} {{ item }}
+{%   endif %}
+{% endfor %}
+{% for item in tcib_actions %}
+{%   for key, value in item.items() %}
+{%     if key.lower() in verb_matrix.keys() %}
+buildah config --{{ verb_matrix[key.lower()] | to_json }} ${CONTAINER}
+{%     else %}
+{%       if value is iterable and value is not string %}
+buildah {{ key.lower() }} ${CONTAINER} {{ value | join(' ') }}
+{%       else %}
+buildah {{ key.lower() }} ${CONTAINER} {{ value }}
+{%       endif %}
+{%     endif %}
+{%   endfor %}
+{% endfor %}
+{% if tcib_user | length > 0 %}
+buildah config --user {{ tcib_user }} ${CONTAINER}
+{% endif %}
+buildah commit ${CONTAINER} {{ tcib_path | basename }}
+buildah unmount ${CONTAINER}
--- a/zuul.d/molecule.yaml
+++ b/zuul.d/molecule.yaml
@ -15,6 +15,7 @@
      - tripleo-ansible-centos-8-molecule-tripleo_ceph_run_ansible
      - tripleo-ansible-centos-8-molecule-tripleo_clients_install
      - tripleo-ansible-centos-8-molecule-tripleo_config
+      - tripleo-ansible-centos-8-molecule-tripleo_container_image_build
      - tripleo-ansible-centos-8-molecule-tripleo_container_image_prepare
      - tripleo-ansible-centos-8-molecule-tripleo_container_manage
      - tripleo-ansible-centos-8-molecule-tripleo_container_rm
@ -60,6 +61,7 @@
      - tripleo-ansible-centos-8-molecule-tripleo_ceph_run_ansible
      - tripleo-ansible-centos-8-molecule-tripleo_clients_install
      - tripleo-ansible-centos-8-molecule-tripleo_config
+      - tripleo-ansible-centos-8-molecule-tripleo_container_image_build
      - tripleo-ansible-centos-8-molecule-tripleo_container_image_prepare
      - tripleo-ansible-centos-8-molecule-tripleo_container_manage
      - tripleo-ansible-centos-8-molecule-tripleo_container_rm
@ -216,6 +218,13 @@
    parent: tripleo-ansible-centos-8-base
    vars:
      tripleo_role_name: tripleo_config
+- job:
+    files:
+    - ^tripleo_ansible/roles/tripleo_container_image_build/.*
+    name: tripleo-ansible-centos-8-molecule-tripleo_container_image_build
+    parent: tripleo-ansible-centos-8-base
+    vars:
+      tripleo_role_name: tripleo_container_image_build
 - job:
    files:
    - ^tripleo_ansible/roles/tripleo_container_image_prepare/.*