Browse Source

Merge "Add role for Container file(s) generation" into stable/train

changes/07/742007/2
Zuul 3 weeks ago
committed by Gerrit Code Review
parent
commit
6dcf1c0ac0
12 changed files with 560 additions and 0 deletions
  1. +50
    -0
      doc/source/roles/role-tripleo-container-image-build.rst
  2. +24
    -0
      tripleo_ansible/playbooks/cli-generate-containerfile.yaml
  3. +81
    -0
      tripleo_ansible/roles/tripleo-container-image-build/defaults/main.yml
  4. +42
    -0
      tripleo_ansible/roles/tripleo-container-image-build/meta/main.yml
  5. +37
    -0
      tripleo_ansible/roles/tripleo-container-image-build/molecule/default/Dockerfile
  6. +53
    -0
      tripleo_ansible/roles/tripleo-container-image-build/molecule/default/molecule.yml
  7. +21
    -0
      tripleo_ansible/roles/tripleo-container-image-build/molecule/default/playbook.yml
  8. +21
    -0
      tripleo_ansible/roles/tripleo-container-image-build/molecule/default/prepare.yml
  9. +43
    -0
      tripleo_ansible/roles/tripleo-container-image-build/tasks/main.yml
  10. +77
    -0
      tripleo_ansible/roles/tripleo-container-image-build/templates/Containerfile.j2
  11. +102
    -0
      tripleo_ansible/roles/tripleo-container-image-build/templates/buildahfile.sh.j2
  12. +9
    -0
      zuul.d/molecule.yaml

+ 50
- 0
doc/source/roles/role-tripleo-container-image-build.rst View File

@@ -0,0 +1,50 @@
====================================
Role - tripleo-container-image-build
====================================

.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo-container-image-build

This is an example application variable file.

.. code-block:: yaml

---

# FROM
tcib_from: "ubi8"

# Path where container file be generated
tcib_path: "{{ lookup('env', 'HOME') }}/tripleo-base"

# this ends up being a LABEL
tcib_labels:
maintainer: "TripleO"

# ENTRYPOINT
tcib_entrypoint: "dumb-init --single-child --"

# STOPSIGNAL
tcib_stopsignal: "SIGTERM"

# ENV
tcib_envs:
LANG: en_US.UTF-8

# RUN commands
tcib_runs:
- mkdir -p /etc/ssh
- touch /etc/ssh/ssh_known_host
- mkdir -p /openstack
- dnf install -y crudini curl

# COPY
tcib_copies:
- /usr/share/tripleo-common/healthcheck/common.sh /openstack/common.sh


This role can be used with the TripleO playbook, `cli-generate-containerfile.yaml`.

.. code-block:: shell

ansible-playbook -i 'localhost,' /usr/share/ansible/tripleo-playbooks/cli-generate-containerfile.yaml -e @~/tripleo-base.yaml

+ 24
- 0
tripleo_ansible/playbooks/cli-generate-containerfile.yaml View File

@@ -0,0 +1,24 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Generate container file(s)
connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
hosts: "{{ tripleo_target_host | default('localhost') }}"
remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
any_errors_fatal: true
roles:
- role: tripleo-container-image-build

+ 81
- 0
tripleo_ansible/roles/tripleo-container-image-build/defaults/main.yml View File

@@ -0,0 +1,81 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


# All variables intended for modification should be placed in this file.
tcib_path: "{{ lookup('env', 'HOME') }}"

# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#arg
tcib_args: {}

# String, required, 'item', implements https://docs.docker.com/engine/reference/builder/#from
tcib_from: "centos:8"

# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#label
tcib_labels: {}

# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#env
tcib_envs: {}

# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#onbuild
tcib_onbuilds: []

# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#volume
tcib_volumes: []

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#workdir
tcib_workdir: ''

# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#add
tcib_adds: []

# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#copy
tcib_copies: []

# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#expose
tcib_exposes: []

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#user
tcib_user: ''

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#shell
tcib_shell: ''

# List of Strings, optional, <item>, implements https://docs.docker.com/engine/reference/builder/#run
tcib_runs: []

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#healthcheck
tcib_healthcheck: ''

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#stopsignal
tcib_stopsignal: ''

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#entrypoint
tcib_entrypoint: ''

# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#cmd
tcib_cmd: ''

# List of Dictionaries, single level key:value pairs, key=VERB, value=verb action.
# NOTE(cloudnull): This allows for arbitrary docker verbs and maintains ordering.
# all available verbs can be found here: https://docs.docker.com/engine/reference/builder
tcib_actions: []

# List of Strings, optional, <item>, Collects file from the host and stores them in the build directory.
tcib_gather_files: []

# Boolean, enables the gathering of files.
tcib_pre_build: false

+ 42
- 0
tripleo_ansible/roles/tripleo-container-image-build/meta/main.yml View File

@@ -0,0 +1,42 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-container-image-build
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: CentOS
versions:
- 7
- 8

galaxy_tags:
- tripleo


# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

+ 37
- 0
tripleo_ansible/roles/tripleo-container-image-build/molecule/default/Dockerfile View File

@@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 53
- 0
tripleo_ansible/roles/tripleo-container-image-build/molecule/default/molecule.yml View File

@@ -0,0 +1,53 @@
---
driver:
name: docker

log: true

platforms:
- name: centos7
hostname: centos7
image: centos:7
dockerfile: Dockerfile
pkg_extras: python-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"

- name: centos8
hostname: centos8
image: centos:8
dockerfile: Dockerfile
pkg_extras: python*-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env

provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml

scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- check
- verify
- destroy

lint:
enabled: false

verifier:
name: testinfra
lint:
name: flake8

+ 21
- 0
tripleo_ansible/roles/tripleo-container-image-build/molecule/default/playbook.yml View File

@@ -0,0 +1,21 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Converge
hosts: all
roles:
- role: "tripleo-container-image-build"

+ 21
- 0
tripleo_ansible/roles/tripleo-container-image-build/molecule/default/prepare.yml View File

@@ -0,0 +1,21 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Prepare
hosts: all
roles:
- role: test_deps

+ 43
- 0
tripleo_ansible/roles/tripleo-container-image-build/tasks/main.yml View File

@@ -0,0 +1,43 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


# "tripleo-container-image-build" will search for and load any operating system variable file

- name: Ensure path exists
file:
path: "{{ tcib_path }}"
state: "directory"

- name: Gather files
fetch:
src: "{{ item }}"
dest: "{{ tcib_path }}/{{ item }}"
flat: true
loop: "{{ tcib_gather_files }}"
when:
- tcib_pre_build | bool

- name: Create a container file
template:
src: "Containerfile.j2"
dest: "{{ tcib_path }}/Dockerfile"

- name: Create a buildah file
template:
src: "buildahfile.sh.j2"
dest: "{{ tcib_path }}/buildahfile.sh"
mode: "0755"

+ 77
- 0
tripleo_ansible/roles/tripleo-container-image-build/templates/Containerfile.j2 View File

@@ -0,0 +1,77 @@
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

{% for key, value in tcib_args.items() %}
ARG = {{ key }}={{ value | to_json }}
{% endfor %}
FROM {{ tcib_from }}
{% for key, value in tcib_labels.items() %}
LABEL {{ key }}={{ value | to_json }}
{% endfor %}
{% for key, value in tcib_envs.items() %}
ENV {{ key }}={{ value | to_json }}
{% endfor %}
{% for item in tcib_onbuilds %}
ONBUILD {{ item }}
{% endfor %}
{% if tcib_volumes | length > 0 %}
VOLUME {{ tcib_volumes }}
{% endif %}
{% if tcib_workdir | length > 0 %}
WORKDIR {{ tcib_workdir | to_json }}
{% endif %}
{% for item in tcib_adds %}
ADD {{ item }}
{% endfor %}
{% for item in tcib_exposes %}
EXPOSE {{ item }}
{% endfor %}
{% for item in tcib_copies %}
COPY {{ item }}
{% endfor %}
{% if tcib_shell | length > 0 %}
SHELL {{ tcib_shell.split() | to_json }}
{% endif %}
{% for item in tcib_runs %}
{% if item is iterable and item is not string %}
RUN {{ item | to_json }}
{% else %}
RUN {{ item }}
{% endif %}
{% endfor %}
{% for item in tcib_actions %}
{% for key, value in item.items() %}
{% if value is iterable and value is not string %}
{{ key.upper() }} {{ value | to_json }}
{% else %}
{{ key.upper() }} {{ value }}
{% endif %}
{% endfor %}
{% endfor %}
{% if tcib_healthcheck | length > 0 %}
HEALTHCHECK {{ tcib_healthcheck }}
{% endif %}
{% if tcib_stopsignal | length > 0 %}
STOPSIGNAL {{ tcib_stopsignal }}
{% endif %}
{% if tcib_entrypoint | length > 0 %}
ENTRYPOINT {{ tcib_entrypoint.split() | to_json }}
{% endif %}
{% if tcib_cmd | length > 0 %}
CMD {{ tcib_cmd.split() | to_json }}
{% endif %}
{% if tcib_user | length > 0 %}
USER {{ tcib_user }}
{% endif %}

+ 102
- 0
tripleo_ansible/roles/tripleo-container-image-build/templates/buildahfile.sh.j2 View File

@@ -0,0 +1,102 @@
#!/usr/bin/env bash
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

set -ev

{% set verb_matrix = {
'label': 'label',
'cmd': 'cmd',
'entrypoint': 'entrypoint',
'env': 'env',
'expose': 'port',
'healthcheck': 'healthcheck',
'onbuild': 'onbuild',
'shell': 'shell',
'stopsignal': 'stop-signal',
'user': 'user',
'volume': 'volume',
'workdir': 'workingdir'
}
%}
{% for key, value in tcib_args.items() %}
export {{ key }}={{ value | to_json }}
{% endfor %}
CONTAINER=$(buildah from {{ tcib_from }})
MOUNTPOINT=$(buildah mount ${CONTAINER})
{% for key, value in tcib_labels.items() %}
buildah config --label {{ key }}={{ value | to_json }} ${CONTAINER}
{% endfor %}
{% for key, value in tcib_envs.items() %}
buildah config --env {{ key }}={{ value | to_json }} ${CONTAINER}
{% endfor %}
{% if tcib_workdir | length > 0 %}
buildah config --workingdir {{ tcib_workdir | to_json }} ${CONTAINER}
{% endif %}
{% for item in tcib_onbuilds %}
buildah config --onbuild {{ item }} ${CONTAINER}
{% endfor %}
{% for item in tcib_volumes %}
buildah config --volume {{ item }} ${CONTAINER}
{% endfor %}
{% for item in tcib_exposes %}
buildah config --port {{ item }} ${CONTAINER}
{% endfor %}
{% if tcib_shell | length > 0 %}
buildah config --shell {{ tcib_shell | to_json }} ${CONTAINER}
{% endif %}
{% if tcib_healthcheck | length > 0 %}
buildah config --healthcheck {{ tcib_healthcheck | to_json }} ${CONTAINER}
{% endif %}
{% if tcib_stopsignal | length > 0 %}
buildah config --stop-signal {{ tcib_stopsignal }} ${CONTAINER}
{% endif %}
{% if tcib_entrypoint | length > 0 %}
buildah config --entrypoint {{ tcib_entrypoint | to_json }} ${CONTAINER}
{% endif %}
{% if tcib_cmd | length > 0 %}
buildah config --cmd {{ tcib_cmd | to_json }} ${CONTAINER}
{% endif %}
{% for item in tcib_adds %}
buildah add ${CONTAINER} {{ item }}
{% endfor %}
{% for item in tcib_copies %}
buildah copy ${CONTAINER} {{ item }}
{% endfor %}
{% for item in tcib_runs %}
{% if item is iterable and item is not string %}
buildah run ${CONTAINER} {{ item | join(' ') }}
{% else %}
buildah run ${CONTAINER} {{ item }}
{% endif %}
{% endfor %}
{% for item in tcib_actions %}
{% for key, value in item.items() %}
{% if key.lower() in verb_matrix.keys() %}
buildah config --{{ verb_matrix[key.lower()] | to_json }} ${CONTAINER}
{% else %}
{% if value is iterable and value is not string %}
buildah {{ key.lower() }} ${CONTAINER} {{ value | join(' ') }}
{% else %}
buildah {{ key.lower() }} ${CONTAINER} {{ value }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% if tcib_user | length > 0 %}
buildah config --user {{ tcib_user }} ${CONTAINER}
{% endif %}
buildah commit ${CONTAINER} {{ tcib_path | basename }}
buildah unmount ${CONTAINER}

+ 9
- 0
zuul.d/molecule.yaml View File

@@ -22,6 +22,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-ptp
- tripleo-ansible-centos-7-molecule-tripleo-timezone
- tripleo-ansible-centos-7-molecule-tripleo-config
- tripleo-ansible-centos-7-molecule-tripleo-container-image-build
- tripleo-ansible-centos-7-molecule-tripleo-container-stop
- tripleo-ansible-centos-7-molecule-tripleo-hieradata
- tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera
@@ -66,6 +67,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-ptp
- tripleo-ansible-centos-7-molecule-tripleo-timezone
- tripleo-ansible-centos-7-molecule-tripleo-config
- tripleo-ansible-centos-7-molecule-tripleo-container-image-build
- tripleo-ansible-centos-7-molecule-tripleo-container-stop
- tripleo-ansible-centos-7-molecule-tripleo-hieradata
- tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera
@@ -235,6 +237,13 @@
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-config
- job:
files:
- ^tripleo_ansible/roles/tripleo-container-image-build/.*
name: tripleo-ansible-centos-7-molecule-tripleo-container-image-build
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-container-image-build
- job:
files:
- ^tripleo_ansible/roles/tripleo-container-stop/.*


Loading…
Cancel
Save