openstack/tripleo-common
Code Issues Proposed changes

Retire Tripleo: remove repo content

Browse Source 
TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: I2fcd63ee46cf8e3651fb997e414a1a556f2b2455
This commit is contained in:
Ghanshyam Mann 2024-02-24 11:32:46 -08:00
parent 9fca209d49
commit 120bd48006
580 changed files with 8 additions and 34712 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.coveragerc
View File

@ -1,7 +0,0 @@
[run]
branch = True
source = tripleo_common
omit = tripleo_common/tests/*
[report]
ignore_errors = True

58
.gitignore vendored
View File

@ -1,58 +0,0 @@
*.py[cod]
# C extensions
*.so
# Packages
*.egg*
dist
build
eggs
parts
bin
var
sdist
develop-eggs
.installed.cfg
lib
lib64
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
cover
.tox
.venv
.stestr/*
# Translations
*.mo
# Mr Developer
.mr.developer.cfg
.project
.pydevproject
# Complexity
output/*.html
output/*/index.html
# Sphinx
doc/build
# pbr generates these
AUTHORS
ChangeLog
# Editors
*~
.*.swp
.*sw?
# Files created by releasenotes build
releasenotes/build
# Playbook retry files
*.retry

3
.mailmap
View File

@ -1,3 +0,0 @@
# Format is:
# <preferred e-mail> <other e-mail 1>
# <preferred e-mail> <other e-mail 2>

33
.pre-commit-config.yaml
View File

@ -1,33 +0,0 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.4.0
hooks:
- id: trailing-whitespace
- id: mixed-line-ending
- id: check-byte-order-marker
- id: check-executables-have-shebangs
- id: check-merge-conflict
- id: debug-statements
- id: check-yaml
files: .*\.(yaml|yml)$
- repo: https://github.com/pycqa/flake8.git
rev: 3.9.0
hooks:
- id: flake8
- repo: https://github.com/openstack-dev/bashate.git
rev: 2.0.0
hooks:
- id: bashate
entry: bashate --error . --ignore=E006,E040,E042
# Run bashate check for all bash scripts
# Ignores the following rules:
# E006: Line longer than 79 columns (as many scripts use jinja
# templating, this is very difficult)
# E040: Syntax error determined using `bash -n` (as many scripts
# use jinja templating, this will often fail and the syntax
# error will be discovered in execution anyway)
- repo: https://github.com/PyCQA/pylint
rev: pylint-2.7.2
hooks:
- id: pylint

55
.pylintrc
View File

@ -1,55 +0,0 @@
[MESSAGES CONTROL]
disable =
# TODO(ssbarnea): remove temporary skips adding during initial adoption:
arguments-differ,
attribute-defined-outside-init,
broad-except,
consider-iterating-dictionary,
consider-merging-isinstance,
consider-using-dict-comprehension,
consider-using-in,
consider-using-set-comprehension,
dangerous-default-value,
duplicate-code,
fixme,
global-statement,
import-error,
inconsistent-return-statements,
invalid-name,
missing-class-docstring,
missing-function-docstring,
missing-module-docstring,
no-self-use,
no-value-for-parameter,
protected-access,
raise-missing-from,
redefined-argument-from-local,
redefined-builtin,
redefined-outer-name,
super-init-not-called,
super-with-arguments,
superfluous-parens,
too-few-public-methods,
too-many-ancestors,
too-many-arguments,
too-many-branches,
too-many-instance-attributes,
too-many-lines,
too-many-locals,
too-many-nested-blocks,
too-many-public-methods,
too-many-statements,
unidiomatic-typecheck,
unnecessary-comprehension,
unnecessary-pass,
unsubscriptable-object,
unused-argument,
unused-variable,
useless-object-inheritance,
useless-super-delegation,
wrong-import-order,
wrong-import-position
[REPORTS]
output-format = colorized

3
.stestr.conf
View File

@ -1,3 +0,0 @@
[DEFAULT]
test_path=${TEST_PATH:-./tripleo_common/tests}
top_dir=./

16
CONTRIBUTING.rst
View File

@ -1,16 +0,0 @@
If you would like to contribute to the development of OpenStack,
you must follow the steps in this page:
https://docs.openstack.org/infra/manual/developers.html
Once those steps have been completed, changes to OpenStack
should be submitted for review via the Gerrit tool, following
the workflow documented at:
https://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs should be filed on Launchpad, not GitHub:
https://bugs.launchpad.net/tripleo

4
HACKING.rst
View File

@ -1,4 +0,0 @@
tripleo-common Style Commandments
=================================
Read the OpenStack Style Commandments https://docs.openstack.org/hacking/latest/

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

26
README.rst
View File

@ -1,20 +1,10 @@
========================
Team and repository tags
========================
This project is no longer maintained.
.. image:: https://governance.openstack.org/tc/badges/tripleo-common.svg
:target: https://governance.openstack.org/tc/reference/tags/index.html
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
.. Change things from this point on
==============
tripleo-common
==============
A common library for TripleO workflows.
* Free software: Apache license
* Documentation: https://docs.openstack.org/tripleo-common/latest/
* Source: http://opendev.org/openstack/tripleo-common
* Bugs: https://bugs.launchpad.net/tripleo-common
* Release notes: https://docs.openstack.org/releasenotes/tripleo-common
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

38
bindep.txt
View File

@ -1,38 +0,0 @@
# This file facilitates OpenStack-CI package installation
# before the execution of any tests.
#
# See the following for details:
# - https://docs.openstack.org/infra/bindep/
# - https://opendev.org/opendev/bindep/
#
# Even if the role does not make use of this facility, it
# is better to have this file empty, otherwise OpenStack-CI
# will fall back to installing its default packages which
# will potentially be detrimental to the tests executed.
# The gcc compiler
gcc
# Base requirements for RPM distros
gcc-c++ [platform:rpm]
git [platform:rpm]
libffi-devel [platform:rpm]
openssl-devel [platform:rpm]
python-devel [(platform:rpm platform:base-py2)]
python2-dnf [(platform:rpm platform:base-py2)]
# For SELinux
libselinux-python [(platform:rpm platform:base-py2)]
python3-libselinux [(platform:rpm platform:base-py3)]
libsemanage-python [(platform:rpm platform:base-py2)]
python3-libsemanage-python [(platform:rpm platform:base-py3)]
# Required for compressing collected log files in CI
gzip
# Required to build language docs
gettext
# debian requirements (linters)
libffi-dev [platform:dpkg]
libssl-dev [platform:dpkg]

55
container-images/ceph.j2
View File

@ -1,55 +0,0 @@
- imagename: "{{ceph_namespace}}/{{ceph_image}}:{{ceph_tag}}"
image_source: ceph
params:
- ContainerCephDaemonImage
services:
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMgr
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::CephRbdMirror
- imagename: "{{ceph_prometheus_namespace}}/{{ceph_prometheus_image}}:{{ceph_prometheus_tag}}"
image_source: prom
params:
- PrometheusContainerImage
services:
- OS::TripleO::Services::CephGrafana
- imagename: "{{ceph_alertmanager_namespace}}/{{ceph_alertmanager_image}}:{{ceph_alertmanager_tag}}"
image_source: prom
params:
- AlertManagerContainerImage
services:
- OS::TripleO::Services::CephGrafana
- imagename: "{{ceph_node_exporter_namespace}}/{{ceph_node_exporter_image}}:{{ceph_node_exporter_tag}}"
image_source: prom
params:
- NodeExporterContainerImage
services:
- OS::TripleO::Services::CephGrafana
- imagename: "{{ceph_grafana_namespace}}/{{ceph_grafana_image}}:{{ceph_grafana_tag}}"
image_source: grafana
params:
- GrafanaContainerImage
services:
- OS::TripleO::Services::CephGrafana
- imagename: "{{ceph_keepalived_namespace}}/{{ceph_keepalived_image}}:{{ceph_keepalived_tag}}"
image_source: keepalived
params:
- KeepalivedContainerImage
services:
- OS::TripleO::Services::CephIngress
- imagename: "{{ceph_haproxy_namespace}}/{{ceph_haproxy_image}}:{{ceph_haproxy_tag}}"
image_source: haproxy
params:
- HaproxyContainerImage
services:
- OS::TripleO::Services::CephIngress

61
container-images/container_image_prepare_defaults.yaml
View File

@ -1,61 +0,0 @@
parameter_defaults:
ContainerImagePrepare:
# Image label which allows the versioned tag to be looked up from the <tag>
# image.
- tag_from_label: rdo_version
# Uncomment to serve images from the undercloud registry. Images will be
# copied to the undercloud registry during preparation.
# To copy/serve from a different local registry, set the value to
# <address>:<port> of the registry service.
# push_destination: true
# Substitutions to be made when processing the template file
# <prefix>/share/tripleo-common/container-images/tripleo_containers.yaml.j2
set:
# Container image name components for OpenStack images.
namespace: quay.io/tripleomastercentos9
name_prefix: openstack-
name_suffix: ''
tag: current-tripleo
rhel_containers: false
# Substitute neutron images based on driver. Can be 'other' or 'ovn'.
# This is usually set automatically by detecting if ovn services are
# deployed.
neutron_driver: 'ovn'
# Container image name components for Ceph images.
# Only used if Ceph is deployed.
# Pass ceph_images: false to avoid pulling the Ceph related images
ceph_namespace: quay.rdoproject.org/tripleomastercentos9
ceph_image: daemon
ceph_tag: current-ceph
ceph_prometheus_namespace: quay.io/prometheus
ceph_prometheus_image: prometheus
ceph_prometheus_tag: v2.33.4
ceph_alertmanager_namespace: quay.io/prometheus
ceph_alertmanager_image: alertmanager
ceph_alertmanager_tag: v0.23.0
ceph_node_exporter_namespace: quay.io/prometheus
ceph_node_exporter_image: node-exporter
ceph_node_exporter_tag: v1.3.1
ceph_grafana_namespace: quay.io/ceph
ceph_grafana_image: ceph-grafana
ceph_grafana_tag: 6.7.4
ceph_haproxy_namespace: quay.io/ceph
ceph_haproxy_image: haproxy
ceph_haproxy_tag: 2.3
ceph_keepalived_namespace: quay.io/ceph
ceph_keepalived_image: keepalived
ceph_keepalived_tag: 2.1.5
pushgateway_namespace: quay.io/prometheus
pushgateway_image: pushgateway
pushgateway_tag: v1.4.2

1
container-images/kolla/barbican-base/sudoers
View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/

20
container-images/kolla/base/httpd_setup.sh
View File

@ -1,20 +0,0 @@
#!/bin/bash
# This script performs setup necessary to run the Apache httpd web server.
# It should be sourced rather than executed as environment variables are set.
# Assume the service runs on top of Apache httpd when user is root.
if [[ "$(whoami)" == 'root' ]]; then
# NOTE(pbourke): httpd will not clean up after itself in some cases which
# results in the container not being able to restart. (bug #1489676, 1557036)
rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*
# CentOS 8 has an issue with mod_ssl which produces an invalid Apache
# configuration in /etc/httpd/conf.d/ssl.conf. This causes the following error
# on startup:
# SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
# Work around this by generating certificates manually.
if [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
/usr/libexec/httpd-ssl-gencerts
fi
fi

434
container-images/kolla/base/set_configs.py
View File

@ -1,434 +0,0 @@
#!/usr/bin/env python3
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
import glob
import grp
import json
import logging
import os
import pwd
import shutil
import sys
# TODO(rhallisey): add docstring.
logging.basicConfig()
LOG = logging.getLogger(__name__)
LOG.setLevel(logging.INFO)
class ExitingException(Exception):
def __init__(self, message, exit_code=1):
super(ExitingException, self).__init__(message)
self.exit_code = exit_code
class ImmutableConfig(ExitingException):
pass
class InvalidConfig(ExitingException):
pass
class MissingRequiredSource(ExitingException):
pass
class UserNotFound(ExitingException):
pass
class ConfigFileBadState(ExitingException):
pass
class ConfigFile(object):
def __init__(self, source, dest, owner=None, perm=None, optional=False,
preserve_properties=False, merge=False):
self.source = source
self.dest = dest
self.owner = owner
self.perm = perm
self.optional = optional
self.merge = merge
self.preserve_properties = preserve_properties
def __str__(self):
return '<ConfigFile source:"{}" dest:"{}">'.format(self.source,
self.dest)
def _copy_file(self, source, dest):
self._delete_path(dest)
# dest endswith / means copy the <source> to <dest> folder
LOG.info('Copying %s to %s', source, dest)
if self.merge and self.preserve_properties and os.path.islink(source):
link_target = os.readlink(source)
os.symlink(link_target, dest)
else:
shutil.copy(source, dest)
self._set_properties(source, dest)
def _merge_directories(self, source, dest):
if os.path.isdir(source):
if os.path.lexists(dest) and not os.path.isdir(dest):
self._delete_path(dest)
if not os.path.isdir(dest):
LOG.info('Creating directory %s', dest)
os.makedirs(dest)
self._set_properties(source, dest)
dir_content = os.listdir(source)
for to_copy in dir_content:
self._merge_directories(os.path.join(source, to_copy),
os.path.join(dest, to_copy))
else:
self._copy_file(source, dest)
def _delete_path(self, path):
if not os.path.lexists(path):
return
LOG.info('Deleting %s', path)
if os.path.isdir(path):
shutil.rmtree(path)
else:
os.remove(path)
def _create_parent_dirs(self, path):
parent_path = os.path.dirname(path)
if not os.path.exists(parent_path):
os.makedirs(parent_path)
def _set_properties(self, source, dest):
if self.preserve_properties:
self._set_properties_from_file(source, dest)
else:
self._set_properties_from_conf(dest)
def _set_properties_from_file(self, source, dest):
shutil.copystat(source, dest)
stat = os.stat(source)
os.chown(dest, stat.st_uid, stat.st_gid)
def _set_properties_from_conf(self, path):
config = {'permissions':
[{'owner': self.owner, 'path': path, 'perm': self.perm}]}
handle_permissions(config)
def copy(self):
sources = glob.glob(self.source)
if not self.optional and not sources:
raise MissingRequiredSource('%s file is not found' % self.source)
# skip when there is no sources and optional
if self.optional and not sources:
return
for source in sources:
dest = self.dest
# dest endswith / means copy the <source> into <dest> folder,
# otherwise means copy the source to dest
if dest.endswith(os.sep):
dest = os.path.join(dest, os.path.basename(source))
if not self.merge:
self._delete_path(dest)
self._create_parent_dirs(dest)
try:
self._merge_directories(source, dest)
except OSError:
# If a source is tried to merge with a read-only mount, it
# may throw an OSError. Because we don't print the source or
# dest anywhere, let's catch the exception and log a better
# message to help with tracking down the issue.
LOG.error('Unable to merge %s with %s', source, dest)
raise
def _cmp_file(self, source, dest):
# check exsit
if (os.path.exists(source) and
not self.optional and
not os.path.exists(dest)):
return False
# check content
with open(source) as f1, open(dest) as f2:
if f1.read() != f2.read():
LOG.error('The content of source file(%s) and'
' dest file(%s) are not equal.', source, dest)
return False
# check perm
file_stat = os.stat(dest)
actual_perm = oct(file_stat.st_mode)[-4:]
if self.perm != actual_perm:
LOG.error('Dest file does not have expected perm: %s, actual: %s',
self.perm, actual_perm)
return False
# check owner
desired_user, desired_group = user_group(self.owner)
actual_user = pwd.getpwuid(file_stat.st_uid)
if actual_user.pw_name != desired_user:
LOG.error('Dest file does not have expected user: %s,'
' actual: %s ', desired_user, actual_user.pw_name)
return False
actual_group = grp.getgrgid(file_stat.st_gid)
if actual_group.gr_name != desired_group:
LOG.error('Dest file does not have expected group: %s,'
' actual: %s ', desired_group, actual_group.gr_name)
return False
return True
def _cmp_dir(self, source, dest):
for root, dirs, files in os.walk(source):
for dir_ in dirs:
full_path = os.path.join(root, dir_)
dest_full_path = os.path.join(dest, os.path.relpath(source,
full_path))
dir_stat = os.stat(dest_full_path)
actual_perm = oct(dir_stat.st_mode)[-4:]
if self.perm != actual_perm:
LOG.error('Dest dir does not have expected perm: %s,'
' actual %s', self.perm, actual_perm)
return False
for file_ in files:
full_path = os.path.join(root, file_)
dest_full_path = os.path.join(dest, os.path.relpath(source,
full_path))
if not self._cmp_file(full_path, dest_full_path):
return False
return True
def check(self):
bad_state_files = []
sources = glob.glob(self.source)
if not sources and not self.optional:
raise MissingRequiredSource('%s file is not found' % self.source)
if self.optional and not sources:
return
for source in sources:
dest = self.dest
# dest endswith / means copy the <source> into <dest> folder,
# otherwise means copy the source to dest
if dest.endswith(os.sep):
dest = os.path.join(dest, os.path.basename(source))
if os.path.isdir(source) and not self._cmp_dir(source, dest):
bad_state_files.append(source)
elif not self._cmp_file(source, dest):
bad_state_files.append(source)
if len(bad_state_files) != 0:
msg = 'Following files are in bad state: %s' % bad_state_files
raise ConfigFileBadState(msg)
def validate_config(config):
required_keys = {'source', 'dest'}
if 'command' not in config:
raise InvalidConfig('Config is missing required "command" key')
# Validate config sections
for data in config.get('config_files', list()):
# Verify required keys exist.
if not set(data.keys()) >= required_keys:
message = 'Config is missing required keys: %s' % required_keys
raise InvalidConfig(message)
if ('owner' not in data or 'perm' not in data) \
and not data.get('preserve_properties', False):
raise InvalidConfig(
'Config needs preserve_properties or owner and perm')
def validate_source(data):
source = data.get('source')
# Only check existence if no wildcard found
if '*' not in source:
if not os.path.exists(source):
if data.get('optional'):
LOG.info("%s does not exist, but is not required", source)
return False
raise MissingRequiredSource(
"The source to copy does not exist: %s" % source)
return True
def load_config():
def load_from_env():
config_raw = os.environ.get("KOLLA_CONFIG")
if config_raw is None:
return None
# Attempt to read config
try:
return json.loads(config_raw)
except ValueError:
raise InvalidConfig('Invalid json for Kolla config')
def load_from_file():
config_file = os.environ.get("KOLLA_CONFIG_FILE")
if not config_file:
config_file = '/var/lib/kolla/config_files/config.json'
LOG.info("Loading config file at %s", config_file)
# Attempt to read config file
with open(config_file) as f:
try:
return json.load(f)
except ValueError:
raise InvalidConfig(
"Invalid json file found at %s" % config_file)
except IOError as e:
raise InvalidConfig(
"Could not read file %s: %r" % (config_file, e))
config = load_from_env()
if config is None:
config = load_from_file()
LOG.info('Validating config file')
validate_config(config)
return config
def copy_config(config):
if 'config_files' in config:
LOG.info('Copying service configuration files')
for data in config['config_files']:
config_file = ConfigFile(**data)
config_file.copy()
else:
LOG.debug('No files to copy found in config')
LOG.info('Writing out command to execute')
LOG.debug("Command is: %s", config['command'])
# The value from the 'command' key will be written to '/run_command'
cmd = '/run_command'
with open(cmd, 'w+') as f:
f.write(config['command'])
# Make sure the generated file is readable by all users
try:
os.chmod(cmd, 0o644)
except OSError:
LOG.exception('Failed to set permission of %s to 0o644', cmd)
def user_group(owner):
if ':' in owner:
user, group = owner.split(':', 1)
if not group:
group = user
else:
user, group = owner, owner
return user, group
def handle_permissions(config):
for permission in config.get('permissions', list()):
path = permission.get('path')
owner = permission.get('owner')
recurse = permission.get('recurse', False)
perm = permission.get('perm')
desired_user, desired_group = user_group(owner)
uid = pwd.getpwnam(desired_user).pw_uid
gid = grp.getgrnam(desired_group).gr_gid
def set_perms(path, uid, gid, perm):
LOG.info('Setting permission for %s', path)
if not os.path.exists(path):
LOG.warning('%s does not exist', path)
return
try:
os.chown(path, uid, gid)
except OSError:
LOG.exception('Failed to change ownership of %s to %s:%s',
path, uid, gid)
if perm:
# NOTE(Jeffrey4l): py3 need '0oXXX' format for octal literals,
# and py2 support such format too.
if len(perm) == 4 and perm[1] != 'o':
perm = ''.join([perm[:1], 'o', perm[1:]])
perm = int(perm, base=0)
try:
os.chmod(path, perm)
except OSError:
LOG.exception('Failed to set permission of %s to %s',
path, perm)
for dest in glob.glob(path):
set_perms(dest, uid, gid, perm)
if recurse and os.path.isdir(dest):
for root, dirs, files in os.walk(dest):
for dir_ in dirs:
set_perms(os.path.join(root, dir_), uid, gid, perm)
for file_ in files:
set_perms(os.path.join(root, file_), uid, gid, perm)
def execute_config_strategy(config):
config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
LOG.info("Kolla config strategy set to: %s", config_strategy)
if config_strategy == "COPY_ALWAYS":
copy_config(config)
handle_permissions(config)
elif config_strategy == "COPY_ONCE":
if os.path.exists('/configured'):
raise ImmutableConfig(
"The config strategy prevents copying new configs",
exit_code=0)
copy_config(config)
handle_permissions(config)
os.mknod('/configured')
else:
raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly')
def execute_config_check(config):
for data in config['config_files']:
config_file = ConfigFile(**data)
config_file.check()
def main():
try:
parser = argparse.ArgumentParser()
parser.add_argument('--check',
action='store_true',
required=False,
help='Check whether the configs changed')
args = parser.parse_args()
config = load_config()
if args.check:
execute_config_check(config)
else:
execute_config_strategy(config)
except ExitingException as e:
LOG.error("%s: %s", e.__class__.__name__, e)
return e.exit_code
except Exception:
LOG.exception('Unexpected error:')
return 2
return 0
if __name__ == "__main__":
sys.exit(main())

19
container-images/kolla/base/start.sh
View File

@ -1,19 +0,0 @@
#!/bin/bash
set -o errexit
set -o xtrace
# Processing /var/lib/kolla/config_files/config.json as root. This is necessary
# to permit certain files to be controlled by the root user which should
# not be writable by the dropped-privileged user, especially /run_command
sudo -E kolla_set_configs
CMD=$(cat /run_command)
ARGS=""
if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then
# Run additional commands if present
. kolla_extend_start
fi
echo "Running command: '${CMD}${ARGS:+ $ARGS}'"
umask "${TRIPLEO_KOLLA_UMASK:-0022}"
exec ${CMD} ${ARGS}

18
container-images/kolla/base/sudoers
View File

@ -1,18 +0,0 @@
# The idea here is a container service adds their UID to the kolla group
# via usermod -a -G kolla <uid>. Then the kolla_start may run
# kolla_set_configs via sudo as the root user which is necessary to protect
# the immutability of the container
# anyone in the kolla group may sudo -E (set the environment)
Defaults: %kolla setenv
# root may run any commands via sudo as the network seervice user. This is
# neededfor database migrations of existing services which have not been
# converted to run as a non-root user, but instead do that via sudo -E glance
root ALL=(ALL) ALL
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
# root user via sudo without password confirmation
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla*
#includedir /etc/sudoers.d

126
container-images/kolla/base/uid_gid_manage.sh
View File

@ -1,126 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This script maintains compatibility when upgrading kolla images to the
# TCIB images. To allow containers reading configuration files, we need to
# maintain the same UIDs/GIDs for now until we update file permissions during
# update/upgrade tasks.
#
# Usage:
# ./uid_gid_manage.sh qemu nova
#
# Note: order of args is maintained during the creation.
#
set -o errexit
set -o xtrace
[ -z $1 ] && echo "Argument missing: name of user to create" && exit 1
_USERS_TO_CREATE=$@
declare -A _SUPPORTED_USERS
# This comes from kolla/common/config.py.
# Format: <username> <uid> <gid> <optional homedir> <optional comma-separated list of extra groups>
# Note: if homedir isn't specified, extra groups aren't supported
_SUPPORTED_USERS['aodh']='aodh 42402 42402 /var/lib/aodh kolla'
_SUPPORTED_USERS['barbican']='barbican 42403 42403 /var/lib/barbican kolla,nfast'
_SUPPORTED_USERS['ceilometer']='ceilometer 42405 42405 /var/lib/ceilometer kolla'
_SUPPORTED_USERS['cinder']='cinder 42407 42407 /var/lib/cinder kolla'
_SUPPORTED_USERS['cloud-admin']='cloud-admin 42401 42401 /home/cloud-admin'
_SUPPORTED_USERS['collectd']='collectd 42409 42409 /var/lib/collectd kolla'
_SUPPORTED_USERS['designate']='designate 42411 42411 /var/lib/designate kolla'
_SUPPORTED_USERS['etcd']='etcd 42413 42413 /var/lib/etcd kolla'
_SUPPORTED_USERS['frrvty']='frrvty 42483 42483'
_SUPPORTED_USERS['frr']='frr 42484 42484 /var/run/frr kolla,frrvty'
_SUPPORTED_USERS['glance']='glance 42415 42415 /var/lib/glance kolla'
_SUPPORTED_USERS['gnocchi']='gnocchi 42416 42416 /var/lib/gnocchi kolla'
_SUPPORTED_USERS['haproxy']='haproxy 42454 42454 /var/lib/haproxy kolla'
_SUPPORTED_USERS['heat']='heat 42418 42418 /var/lib/heat kolla'
_SUPPORTED_USERS['horizon']='horizon 42420 42420 /var/lib/horizon kolla'
_SUPPORTED_USERS['hugetlbfs']='hugetlbfs 42477 42477'
_SUPPORTED_USERS['ironic']='ironic 42422 42422 /var/lib/ironic kolla'
_SUPPORTED_USERS['ironic-inspector']='ironic-inspector 42461 42461 /var/lib/ironic-inspector kolla'
_SUPPORTED_USERS['keystone']='keystone 42425 42425 /var/lib/keystone kolla'
_SUPPORTED_USERS['kolla']='kolla 42400 42400'
_SUPPORTED_USERS['libvirt']='libvirt 42473 42473'
_SUPPORTED_USERS['manila']='manila 42429 42429 /var/lib/manila kolla'
_SUPPORTED_USERS['memcached']='memcached 42457 42457 /run/memcache kolla'
_SUPPORTED_USERS['mysql']='mysql 42434 42434 /var/lib/mysql kolla'
_SUPPORTED_USERS['neutron']='neutron 42435 42435 /var/lib/neutron kolla'
_SUPPORTED_USERS['nfast']='nfast 42481 42481'
_SUPPORTED_USERS['nova']='nova 42436 42436 /var/lib/nova qemu,libvirt,tss,kolla'
_SUPPORTED_USERS['octavia']='octavia 42437 42437 /var/lib/octavia kolla'
_SUPPORTED_USERS['openvswitch']='openvswitch 42476 42476'
_SUPPORTED_USERS['ovn-bgp']='ovn-bgp 42486 42486 /var/lib/ovn-bgp kolla'
_SUPPORTED_USERS['placement']='placement 42482 42482 /var/lib/placement kolla'
_SUPPORTED_USERS['qdrouterd']='qdrouterd 42465 42465 /var/lib/qdrouterd kolla'
_SUPPORTED_USERS['qemu']='qemu 107 107'
_SUPPORTED_USERS['rabbitmq']='rabbitmq 42439 42439 /var/lib/rabbitmq kolla'
_SUPPORTED_USERS['redis']='redis 42460 42460 /run/redis kolla'
_SUPPORTED_USERS['swift']='swift 42445 42445 /var/lib/swift kolla'
_SUPPORTED_USERS['tempest']='tempest 42480 42480 /var/lib/tempest kolla'
_SUPPORTED_USERS['tss']='tss 59 59'
for _USER_TO_CREATE in $_USERS_TO_CREATE; do
# Initialize computed args
_EXTRA_GROUPS_ARG=
_EXTRA_PERMS=
_HOME_ARGS=
_NAME=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $1 }')
_UID=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $2 }')
_GID=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $3 }')
_HOME_DIR=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $4 }')
_EXTRA_GROUPS=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $5 }')
# User was not found, we fail
if [[ "$_NAME" != "$_USER_TO_CREATE" ]]; then
echo "User ${_USER_TO_CREATE} was not found in the supported list"
exit 1
fi
if [[ ! -z $_EXTRA_GROUPS ]]; then
_EXTRA_GROUPS_ARG="--groups $_EXTRA_GROUPS"
fi
# Some users don't need a home directory
if [[ -z $_HOME_DIR ]]; then
_HOME_ARGS="-M"
else
_HOME_ARGS="-m --home $_HOME_DIR"
fi
if id -g $_NAME 2>/dev/null; then
_GROUPADD_CMD="groupmod --gid $_GID $_NAME"
else
_GROUPADD_CMD="groupadd --gid $_GID $_NAME"
fi
if id $_NAME 2>/dev/null; then
# -M argument doesn't exist with usermod
if [[ -z $_HOME_DIR ]]; then
_HOME_ARGS=
# usermod doesn't guaranty the home directory permissions (best effort)
else
_EXTRA_PERMS="&& mkdir -p $_HOME_DIR && chown -R $_UID:$_GID $_HOME_DIR"
fi
# --append only exists with usermod
[[ ! -z $_EXTRA_GROUPS_ARG ]] && _EXTRA_GROUPS_ARG="--append $_EXTRA_GROUPS_ARG"
_USERADD_CMD="usermod ${_HOME_ARGS} --gid $_GID --uid $_UID ${_EXTRA_GROUPS_ARG} $_NAME ${_EXTRA_PERMS}"
else
_USERADD_CMD="useradd -l ${_HOME_ARGS} --shell /usr/sbin/nologin --uid $_UID --gid $_GID ${_EXTRA_GROUPS_ARG} $_NAME"
fi
eval $_GROUPADD_CMD
eval $_USERADD_CMD
done

1
container-images/kolla/cinder-backup/cinder-backup-sudoers
View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /var/lib/cinder

5
container-images/kolla/cinder-backup/extend_start.sh
View File

@ -1,5 +0,0 @@
#!/bin/bash
if [[ $(stat -c %U:%G /var/lib/cinder) != "cinder:kolla" ]]; then
sudo chown -R cinder:kolla /var/lib/cinder
fi

1
container-images/kolla/cinder-volume/cinder-volume-sudoers
View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /var/lib/cinder

5
container-images/kolla/cinder-volume/extend_start.sh
View File

@ -1,5 +0,0 @@
#!/bin/bash
if [[ $(stat -c %U:%G /var/lib/cinder) != "cinder:kolla" ]]; then
sudo chown -R cinder:kolla /var/lib/cinder
fi

9
container-images/kolla/glance-api/extend_start.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
glance-manage db_sync
glance-manage db_load_metadefs
exit 0
fi

119
container-images/kolla/horizon/extend_start.sh
View File

@ -1,119 +0,0 @@
#!/bin/bash
set -o errexit
FORCE_GENERATE="${FORCE_GENERATE}"
HASH_PATH=/var/lib/kolla/.settings.md5sum.txt
MANAGE_PY="/usr/bin/python3 /usr/bin/manage.py"
PYTHON_VERSION=$(python3 --version | awk '{print $2}' | awk -F'.' '{print $1"."$2}')
SITE_PACKAGES="/usr/lib/python${PYTHON_VERSION}/site-packages"
if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then
CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py"
if [[ ! -L ${CUSTOM_SETTINGS_FILE} ]]; then
ln -s /etc/openstack-dashboard/custom_local_settings ${CUSTOM_SETTINGS_FILE}
fi
fi
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
$MANAGE_PY migrate --noinput
exit 0
fi
function config_dashboard {
ENABLE=$1
SRC=$2
DEST=$3
if [[ ! -f ${SRC} ]]; then
echo "WARNING: ${SRC} is required"
elif [[ "${ENABLE}" == "yes" ]] && [[ ! -f "${DEST}" ]]; then
cp -a "${SRC}" "${DEST}"
FORCE_GENERATE="yes"
elif [[ "${ENABLE}" != "yes" ]] && [[ -f "${DEST}" ]]; then
# remove pyc pyo files too
rm -f "${DEST}" "${DEST}c" "${DEST}o"
FORCE_GENERATE="yes"
fi
}
function config_designate_dashboard {
for file in ${SITE_PACKAGES}/designatedashboard/enabled/_*[^__].py; do
config_dashboard "${ENABLE_DESIGNATE}" \
"${SITE_PACKAGES}/designatedashboard/enabled/${file##*/}" \
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
done
}
function config_heat_dashboard {
for file in ${SITE_PACKAGES}/heat_dashboard/enabled/_*[^__].py; do
config_dashboard "${ENABLE_HEAT}" \
"${SITE_PACKAGES}/heat_dashboard/enabled/${file##*/}" \
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
done
config_dashboard "${ENABLE_HEAT}" \
"${SITE_PACKAGES}/heat_dashboard/conf/heat_policy.json" \
"/etc/openstack-dashboard/heat_policy.json"
}
function config_ironic_dashboard {
for file in ${SITE_PACKAGES}/ironic_ui/enabled/_*[^__].py; do
config_dashboard "${ENABLE_IRONIC}" \
"${SITE_PACKAGES}/ironic_ui/enabled/${file##*/}" \
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
done
}
function config_manila_ui {
for file in ${SITE_PACKAGES}/manila_ui/local/enabled/_*[^__].py; do
config_dashboard "${ENABLE_MANILA}" \
"${SITE_PACKAGES}/manila_ui/local/enabled/${file##*/}" \
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
done
}
function config_octavia_dashboard {
config_dashboard "${ENABLE_OCTAVIA}" \
"${SITE_PACKAGES}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py" \
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py"
}
# Regenerate the compressed javascript and css if any configuration files have
# changed. Use a static modification date when generating the tarball
# so that we only trigger on content changes.
function settings_bundle {
tar -cf- --mtime=1970-01-01 \
/etc/openstack-dashboard/local_settings \
/etc/openstack-dashboard/custom_local_settings \
/etc/openstack-dashboard/local_settings.d 2> /dev/null
}
function settings_changed {
changed=1
if [[ ! -f $HASH_PATH ]] || ! settings_bundle | md5sum -c --status $HASH_PATH || [[ $FORCE_GENERATE == yes ]]; then
changed=0
fi
return ${changed}
}
config_designate_dashboard
config_heat_dashboard
config_ironic_dashboard
config_manila_ui
config_octavia_dashboard
if settings_changed; then
${MANAGE_PY} collectstatic --noinput --clear
${MANAGE_PY} compress --force
settings_bundle | md5sum > $HASH_PATH
fi
if [[ -f ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store ]] && [[ $(stat -c %U ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store) != "horizon" ]]; then
chown horizon ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store
fi
. /usr/local/bin/kolla_httpd_setup

7
container-images/kolla/iscsid/extend_start.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
# check if unique iSCSI initiator name already exists
if [[ ! -f /etc/iscsi/initiatorname.iscsi ]]; then
echo "Generating new iSCSI initiator name"
echo InitiatorName=$(/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi
fi

31
container-images/kolla/keystone/extend_start.sh
View File

@ -1,31 +0,0 @@
#!/bin/bash
# Create log dir for Keystone logs
KEYSTONE_LOG_DIR="/var/log/keystone"
if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then
mkdir -p ${KEYSTONE_LOG_DIR}
fi
if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then
chown keystone:kolla ${KEYSTONE_LOG_DIR}
fi
if [ ! -f "${KEYSTONE_LOG_DIR}/keystone.log" ]; then
touch ${KEYSTONE_LOG_DIR}/keystone.log
fi
if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}/keystone.log) != "keystone:keystone" ]]; then
chown keystone:keystone ${KEYSTONE_LOG_DIR}/keystone.log
fi
if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then
chmod 755 ${KEYSTONE_LOG_DIR}
fi
EXTRA_KEYSTONE_MANAGE_ARGS=${EXTRA_KEYSTONE_MANAGE_ARGS-}
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync
exit 0
fi
. /usr/local/bin/kolla_httpd_setup
ARGS="-DFOREGROUND"

35
container-images/kolla/mariadb/extend_start.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
function bootstrap_db {
mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
# Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
# NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions.
# Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid.
TIMEOUT=${DB_MAX_TIMEOUT:-60}
while [[ ! -S /var/lib/mysql/mysql.sock ]] && \
[[ ! -S /var/run/mysqld/mysqld.sock ]] || \
[[ ! -f /var/lib/mysql/mariadb.pid ]]; do
if [[ ${TIMEOUT} -gt 0 ]]; then
let TIMEOUT-=1
sleep 1
else
exit 1
fi
done
sudo -E kolla_security_reset
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
}
# This catches all cases of the BOOTSTRAP variable being set, including empty
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
mysql_install_db
bootstrap_db
exit 0
fi
if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then
ARGS="${BOOTSTRAP_ARGS}"
fi

58
container-images/kolla/mariadb/security_reset.expect
View File

@ -1,58 +0,0 @@
#!/usr/bin/expect -f
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
spawn mysql_secure_installation
expect {
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
"Enter current password for root (enter for none):"
}
send "\r"
expect {
timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
"Set root password?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
"New password:"
}
send "$env(DB_ROOT_PASSWORD)\r"
expect {
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
"Re-enter new password:"
}
send "$env(DB_ROOT_PASSWORD)\r"
expect {
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
"Remove anonymous users?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
"Disallow root login remotely?"
}
send "n\r"
expect {
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
"Remove test database and access to it?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
"Reload privilege tables now?"
}
send "y\r"
expect eof

67
container-images/kolla/mariadb/security_reset.expect.10.5
View File

@ -1,67 +0,0 @@
#!/usr/bin/expect -f
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
spawn mysql_secure_installation
expect {
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
"Enter current password for root (enter for none):"
}
send "\r"
expect {
timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Switch to unix_socket authentication' prompt\n"; exit 1 }
"Switch to unix_socket authentication \\\[Y/n\\\] "
}
send "n\r"
expect {
timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Change the root password?' prompt\n"; exit 1 }
"Change the root password? \\\[Y/n\\\] "
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
"New password:"
}
send "$env(DB_ROOT_PASSWORD)\r"
expect {
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
"Re-enter new password:"
}
send "$env(DB_ROOT_PASSWORD)\r"
expect {
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
"Remove anonymous users?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
"Disallow root login remotely?"
}
send "n\r"
expect {
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
"Remove test database and access to it?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
"Reload privilege tables now?"
}
send "y\r"
expect eof

4
container-images/kolla/neutron-base/neutron_sudoers
View File

@ -1,4 +0,0 @@
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables

28
container-images/kolla/ovn/ovn-nb-db-server/start_nb_db_server.sh
View File

@ -1,28 +0,0 @@
#!/bin/bash
# All the option passed to this script will be
# passed to the ovn-ctl script. Please see the options
# supported by ovn-ctl script -
# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl
args=$@
# Use ovn-ctl script to start ovn NB db server as it
# takes care of creating the db file from the schema
# file if the db file is not present. It also takes care
# of updating the db file if the schema file is updated.
# Check for the presence of ovn-ctl script in two locations.
# If latest OVN is used (post split from openvswitch),
# then the new location for the ovn-ctl script is
# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is
# /usr/share/openvswitch/scripts/ovn-ctl.
if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then
set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor
elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then
set /usr/share/ovn/scripts/ovn-ctl --no-monitor
else
exit 1
fi
$@ $args run_nb_ovsdb

29
container-images/kolla/ovn/ovn-sb-db-server/start_sb_db_server.sh
View File

@ -1,29 +0,0 @@
#!/bin/bash
# All the option passed to this script will be
# passed to the ovn-ctl script. Please see the options
# supported by ovn-ctl script -
# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl
args=$@
# Use ovn-ctl script to start ovn SB db server as it
# takes care of creating the db file from the schema
# file if the db file is not present. It also takes care
# of updating the db file if the schema file is updated.
# Check for the presence of ovn-ctl script in two locations.
# If latest OVN is used (post split from openvswitch),
# then the new location for the ovn-ctl script is
# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is
# /usr/share/openvswitch/scripts/ovn-ctl.
if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then
set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor
elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then
set /usr/share/ovn/scripts/ovn-ctl --no-monitor
else
exit 1
fi
$@ $args run_sb_ovsdb

16
container-images/kolla/rabbitmq/extend_start.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous
# bootstrap, the system does not allow to overwrite it (it bootstrap files with
# permission denied error) but it allows to delete it and then recreate it.
if [[ -e "/var/lib/rabbitmq/.erlang.cookie" ]]; then
rm -f /var/lib/rabbitmq/.erlang.cookie
fi
echo "${RABBITMQ_CLUSTER_COOKIE}" > /var/lib/rabbitmq/.erlang.cookie
chmod 400 /var/lib/rabbitmq/.erlang.cookie
exit 0
fi

10
container-images/kolla/swift-base/swift-rootwrap
View File

@ -1,10 +0,0 @@
#!/usr/bin/python3
# PBR Generated from u'console_scripts'
import sys
from oslo_rootwrap.cmd import main
if __name__ == "__main__":
sys.exit(main())

2
container-images/kolla/swift-base/swift-sudoers
View File

@ -1,2 +0,0 @@
swift ALL=(root) NOPASSWD: /bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+
swift ALL=(root) NOPASSWD: /usr/bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+

19
container-images/kolla/tripleo-ansible-ee/requirements.yaml
View File

@ -1,19 +0,0 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Custom Roles and collections not shipped as a part of tripleo-ansible
collections: []
roles: []

26
container-images/kolla/tripleo-ansible-ee/settings
View File

@ -1,26 +0,0 @@
# If no output is detected from ansible in this number of seconds the execution will
# be terminated.
idle_timeout: ${RUNNER_IDLE_TIMEOUT:-600}
# The maximum amount of time to allow the job to run for, exceeding this and the
# execution will be terminated.
job_timeout: ${RUNNER_JOB_TIMEOUT:-3600}
# Number of seconds for the internal pexpect command to wait to block on
# input before continuing.
pexpect_timeout: ${RUNNER_PEXPECT_TIMEOUT:-10}
# Use poll() function for communication with child processes instead of select().
# select() is used when the value is set to False. select() has a known limitation of
# using only up to 1024 file descriptors.
pexpect_use_poll: ${RUNNER_PEXPECT_USE_POLL:-True}
# Allow output from ansible to not be streamed to the stdout or stderr files inside
# of the artifacts directory.
suppress_output_file: ${RUNNER_SUPPRESS_OUTPUT_FILE:-False}
# Allow output from ansible to not be printed to the screen.
suppress_ansible_output: ${RUNNER_SUPPRESS_ANSIBLE_OUTPUT:-False}
# The directory relative to artifacts where jsonfile fact caching will be stored.
# Defaults to fact_cache. This is ignored if fact_cache_type is different than jsonfile.
fact_cache: ${RUNNER_FACT_CACHE:-'fact_cache'}
# The type of fact cache to use. Defaults to jsonfile.
fact_cache_type: ${RUNNER_FACT_CACHE_TYPE:-'jsonfile'}

17
container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh
View File

@ -1,17 +0,0 @@
#!/usr/bin/env bash
# Adding tripleo ansible-runner specific scripts here
# Expand the variables
eval "echo \"$(cat /runner/env/settings)\"" > /runner/env/settings
if [ -n "$RUNNER_INVENTORY" ]; then
echo "---" > /runner/inventory/inventory.yaml
echo "$RUNNER_INVENTORY" >> /runner/inventory/inventory.yaml
fi
if [ -n "$RUNNER_PLAYBOOK" ]; then
echo "---" > /runner/project/playbook.yaml
echo "$RUNNER_PLAYBOOK" >> /runner/project/playbook.yaml
fi
# Contents from ansible-runner entrypoint

18
container-images/kolla/tripleoclient/create_super_user.sh
View File

@ -1,18 +0,0 @@
#!/bin/bash
# This is a useful entrypoint/cmd if you wish to run commands in a container
# in an existing users $HOME directory
# For example: podman run -ti -e USER=stack -e UID=1000 --privileged=true --volume=/home/stack/:/home/stack/ tripleoclient:latest /usr/local/bin/create_super_user.sh
if [ -n "$USER" -a -n "$UID" ]; then
useradd "$USER" -u "$UID" -M
cat >> /etc/sudoers <<EOF_CAT
$USER ALL=(ALL) NOPASSWD:ALL
EOF_CAT
su -l $USER
export TERM="xterm"
alias ls='ls --color=auto'
/bin/bash
else
echo "Please set valid $USER and $UID env variables."
exit 1
fi

1
container-images/kolla/tripleoclient/tripleoclient_sudoers
View File

@ -1 +0,0 @@
cloud-admin ALL=(ALL) NOPASSWD: ALL

102
container-images/tcib/base/base.yaml
View File

@ -1,102 +0,0 @@
tcib_actions:
- run: if [ -f "/etc/yum.repos.d/ubi.repo" ]; then rm -f /etc/yum.repos.d/ubi.repo && dnf clean all && rm -rf /var/cache/dnf; fi
- run: >-
dnf install -y crudini &&
crudini --del /etc/dnf/dnf.conf main override_install_langs &&
crudini --set /etc/dnf/dnf.conf main clean_requirements_on_remove True &&
crudini --set /etc/dnf/dnf.conf main exactarch 1 &&
crudini --set /etc/dnf/dnf.conf main gpgcheck 1 &&
crudini --set /etc/dnf/dnf.conf main install_weak_deps False &&
if [ '{{ tcib_distro }}' == 'centos' ];then crudini --set /etc/dnf/dnf.conf main best False; fi &&
crudini --set /etc/dnf/dnf.conf main installonly_limit 0 &&
crudini --set /etc/dnf/dnf.conf main keepcache 0 &&
crudini --set /etc/dnf/dnf.conf main obsoletes 1 &&
crudini --set /etc/dnf/dnf.conf main plugins 1 &&
crudini --set /etc/dnf/dnf.conf main skip_missing_names_on_install False &&
crudini --set /etc/dnf/dnf.conf main tsflags nodocs
- run: >-
if [ '{{ tcib_distro }}' == 'rhel' ] && [ '{{ tcib_release }}' == '8' ]; then
{%- if "el" ~ tcib_release in tcib_packages.modules %}
{% for item in tcib_packages.modules["el" ~ tcib_release] %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}
{%- else %}
echo "WARNING: No modules defined for el{{ tcib_release}}";
{%- endif %}
fi
- run: dnf install -y openstack-tripleo-common-containers
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/base/uid_gid_manage.sh /usr/local/bin/uid_gid_manage
- run: chmod 755 /usr/local/bin/uid_gid_manage
- run: bash /usr/local/bin/uid_gid_manage kolla hugetlbfs libvirt qemu
- run: touch /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/base/set_configs.py /usr/local/bin/kolla_set_configs
- run: chmod 755 /usr/local/bin/kolla_set_configs
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/base/start.sh /usr/local/bin/kolla_start
- run: chmod 755 /usr/local/bin/kolla_start
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/base/httpd_setup.sh /usr/local/bin/kolla_httpd_setup
- run: chmod 755 /usr/local/bin/kolla_httpd_setup
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/base/sudoers /etc/sudoers
- run: chmod 440 /etc/sudoers
- run: >-
if [ '{{ tcib_release }}' == '8' ];then
sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth &&
dnf install -y curl; fi
- run: sed -ri '/^(passwd:|group:)/ s/systemd//g' /etc/nsswitch.conf
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }}
- run: >-
if [ '{{ tcib_release }}' == '9' ];then
dnf -y reinstall which &&
rpm -e --nodeps tzdata &&
dnf -y install tzdata; fi
- run: mkdir -p /openstack
- run: >-
if [ '{{ tcib_distro }}' == 'centos' ];then
if [ -n "$(rpm -qa redhat-release)" ];then rpm -e --nodeps redhat-release; fi ;
dnf -y install centos-stream-release; fi
# TODO: Temporary pinning nettle to 3.8-3.el9, so it can be reinstalled from centos-9 repos.
# nettle-3.8-3 is already installed in ubi9 image, but it conflicts with newer versions on gnutls
# installed from centos-9 repos. This workaround can be reverted once ubi9.2 is released, which
# should contain a newer version of gnutls with fixes to run under FIPS mode.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=2154924 and
# https://bugs.launchpad.net/tripleo/+bug/1984237
- run: >-
if [ '{{ tcib_release }}' == '9' ];then
dnf -y install nettle-3.8-3.el9; fi
- run: dnf update --excludepkgs redhat-release -y && dnf clean all && rm -rf /var/cache/dnf
tcib_cmd: kolla_start
tcib_entrypoint: dumb-init --single-child --
tcib_envs:
LANG: en_US.UTF-8
container: oci
tcib_labels:
maintainer: OpenStack TripleO team
tcib_managed: True
tcib_packages:
common:
- ca-certificates
- dumb-init
- glibc-langpack-en
- iscsi-initiator-utils
- openstack-tripleo-common-containers
- openstack-tripleo-common-container-base
- procps-ng
- python3
- rsync
- socat
- sudo
- tar
- util-linux-user
- which
modules:
el8:
- disable: container-tools:rhel8
- disable: virt:rhel
- enable: container-tools:{{ tcib_rhel_modules['container-tools'] | default('3.0') }}
- enable: mariadb:{{ tcib_rhel_modules['mariadb'] | default('10.3') }}
- enable: virt:{{ tcib_rhel_modules['virt'] | default('av') }}
- enable: redis:{{ tcib_rhel_modules['redis'] | default('5') }}
- enable: nodejs:{{ tcib_rhel_modules['nodejs'] | default('14') }}
el9:
- disable: virt:rhel
- enable: virt:{{ tcib_rhel_modules['virt'] | default('av') }}
- enable: redis:{{ tcib_rhel_modules['redis'] | default('5') }}
- enable: mariadb:{{ tcib_rhel_modules['mariadb'] | default('10.5') }}
tcib_stopsignal: SIGTERM

59
container-images/tcib/base/collectd/collectd.yaml
View File

@ -1,59 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage collectd
- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi
- run: if [ '{{ tcib_release }}' == '8' ];then dnf -y install {{ tcib_packages['el8'] | join(' ') }}; fi
- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: chown -R collectd:collectd /etc/collectd* /var/run/
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- collectd
- collectd-amqp1
- collectd-apache
- collectd-bind
- collectd-ceph
- collectd-chrony
- collectd-connectivity
- collectd-curl
- collectd-curl_json
- collectd-curl_xml
- collectd-disk
- collectd-dns
- collectd-ipmi
- collectd-libpod-stats
- collectd-log_logstash
- collectd-mcelog
- collectd-mysql
- collectd-netlink
- collectd-openldap
- collectd-ovs-events
- collectd-ovs-stats
- collectd-ping
- collectd-pmu
- collectd-procevent
- collectd-python
- collectd-sensors
- collectd-sensubility
- collectd-smart
- collectd-snmp
- collectd-snmp-agent
- collectd-sysevent
- collectd-utils
- collectd-virt
- collectd-write_http
- collectd-write_kafka
- collectd-write_prometheus
- python3-sqlalchemy-collectd
- podman-remote
- jq
rhel:
- python3-collectd-rabbitmq-monitoring
x86_64:
- collectd-hugepages
- collectd-pcie-errors
- collectd-rdt
- collectd-turbostat
el8:
- collectd-generic-jmx
- collectd-iptables

6
container-images/tcib/base/cron/cron.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- cronie
- logrotate

8
container-images/tcib/base/etcd/etcd.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- etcd
tcib_user: etcd

9
container-images/tcib/base/frr/frr.yaml
View File

@ -1,9 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage frrvty frr
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/frr /openstack/healthcheck && chmod a+rx /openstack/healthcheck
- run: mkdir -p /var/lock/subsys && chown "frr:" /var/lock/subsys
tcib_packages:
common:
- frr
tcib_user: frr

10
container-images/tcib/base/haproxy/haproxy.yaml
View File

@ -1,10 +0,0 @@
tcib_actions:
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- haproxy
- libqb
- pacemaker
- pacemaker-remote
- pcs
- resource-agents

31
container-images/tcib/base/mariadb/mariadb.yaml
View File

@ -1,31 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/mariadb/security_reset.expect{{ tcib_release is version('8', '==') | ternary('', '.10.5') }} /usr/local/bin/kolla_security_reset
- run: chmod 755 /usr/local/bin/kolla_security_reset
- run: rm -rf /var/lib/mysql/* /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf
- run: mkdir -p /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mariadb /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_cmd: kolla_start
tcib_entrypoint: dumb-init --
tcib_packages:
common:
- expect
- galera
- hostname
- libqb
- mariadb
- mariadb-backup
- mariadb-server-galera
- mariadb-server-utils
- pacemaker
- pacemaker-remote
- pcs
- python3-pynacl
- resource-agents
- rsync
- socat
- tar
tcib_user: mysql

8
container-images/tcib/base/memcached/memcached.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- memcached
tcib_user: memcached

6
container-images/tcib/base/multipathd/multipathd.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/multipathd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- device-mapper-multipath

11
container-images/tcib/base/os/aodh-base/aodh-api/aodh-api.yaml
View File

@ -1,11 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/www/cgi-bin/aodh && chmod 755 /var/www/cgi-bin/aodh && cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/ && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- mod_ssl
- openstack-aodh-api
- python3-ldappool
- python3-mod_wsgi

6
container-images/tcib/base/os/aodh-base/aodh-base.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage aodh
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-aodh-common

7
container-images/tcib/base/os/aodh-base/aodh-evaluator/aodh-evaluator.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-evaluator /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-aodh-evaluator
tcib_user: aodh

7
container-images/tcib/base/os/aodh-base/aodh-listener/aodh-listener.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-aodh-listener
tcib_user: aodh

7
container-images/tcib/base/os/aodh-base/aodh-notifier/aodh-notifier.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-notifier /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-aodh-notifier
tcib_user: aodh

11
container-images/tcib/base/os/barbican-base/barbican-api/barbican-api.yaml
View File

@ -1,11 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- mod_ssl
- openstack-barbican-api
- python3-mod_wsgi
tcib_user: barbican

8
container-images/tcib/base/os/barbican-base/barbican-base.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage nfast barbican
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/barbican-base/sudoers /etc/sudoers.d/barbican_sudoers
- run: chmod 640 /etc/sudoers.d/barbican_sudoers
tcib_packages:
common:
- openstack-barbican-common

7
container-images/tcib/base/os/barbican-base/barbican-keystone-listener/barbican-keystone-listener.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-keystone-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-barbican-keystone-listener
tcib_user: barbican

7
container-images/tcib/base/os/barbican-base/barbican-worker/barbican-worker.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-worker /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-barbican-worker
tcib_user: barbican

8
container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage ceilometer
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-ceilometer-common
- python3-oslo-db
- python3-tooz

7
container-images/tcib/base/os/ceilometer-base/ceilometer-central/ceilometer-central.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-central /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-ceilometer-central
tcib_user: ceilometer

6
container-images/tcib/base/os/ceilometer-base/ceilometer-compute/ceilometer-compute.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-ceilometer-compute

7
container-images/tcib/base/os/ceilometer-base/ceilometer-ipmi/ceilometer-ipmi.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-ipmi /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-ceilometer-ipmi
tcib_user: ceilometer

8
container-images/tcib/base/os/ceilometer-base/ceilometer-notification/ceilometer-notification.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-notification /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-ceilometer-notification
- python3-pyngus
tcib_user: ceilometer

11
container-images/tcib/base/os/cinder-base/cinder-api/cinder-api.yaml
View File

@ -1,11 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/www/cgi-bin/cinder && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: chown -R cinder /var/www/cgi-bin/cinder && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- mod_ssl
- python3-keystone
- python3-mod_wsgi

16
container-images/tcib/base/os/cinder-base/cinder-backup/cinder-backup.yaml
View File

@ -1,16 +0,0 @@
tcib_envs:
MALLOC_ARENA_MAX: 1
MALLOC_MMAP_THRESHOLD_: 131072
MALLOC_TRIM_THRESHOLD_: 262144
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/cinder-backup/extend_start.sh /usr/local/bin/kolla_extend_start
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/cinder-backup/cinder-backup-sudoers /etc/sudoers.d/cinder-backup-sudoers
- run: chmod 755 /usr/local/bin/kolla_extend_start && chmod 440 /etc/sudoers.d/cinder-backup-sudoers && mkdir -p /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-backup /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- pacemaker
- pacemaker-remote
- pcs
tcib_user: cinder

7
container-images/tcib/base/os/cinder-base/cinder-base.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage cinder
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- ceph-common
- openstack-cinder

3
container-images/tcib/base/os/cinder-base/cinder-scheduler/cinder-scheduler.yaml
View File

@ -1,3 +0,0 @@
tcib_actions:
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_user: cinder

17
container-images/tcib/base/os/cinder-base/cinder-volume/cinder-volume.yaml
View File

@ -1,17 +0,0 @@
tcib_envs:
MALLOC_ARENA_MAX: 1
MALLOC_MMAP_THRESHOLD_: 131072
MALLOC_TRIM_THRESHOLD_: 262144
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/cinder-volume/extend_start.sh /usr/local/bin/kolla_extend_start
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/cinder-volume/cinder-volume-sudoers /etc/sudoers.d/cinder-volume-sudoers
- run: chmod 755 /usr/local/bin/kolla_extend_start && chmod 440 /etc/sudoers.d/cinder-volume-sudoers && mkdir -p /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- pacemaker
- pacemaker-remote
- pcs
- python3-cinderlib
tcib_user: cinder

9
container-images/tcib/base/os/designate-base/designate-api/designate-api.yaml
View File

@ -1,9 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-designate-api
- httpd
- mod_ssl
- python3-mod_wsgi
tcib_user: designate

6
container-images/tcib/base/os/designate-base/designate-backend-bind9/designate-backend-bind9.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/lib/named/ /run/named && chown -R root /var/lib/named /run/named && chmod 755 /run/named
tcib_packages:
common:
- bind

9
container-images/tcib/base/os/designate-base/designate-base.yaml
View File

@ -1,9 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage designate
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-designate-common
- python3-oslo-reports
- python3-suds
- python3-tooz

6
container-images/tcib/base/os/designate-base/designate-central/designate-central.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-designate-central
tcib_user: designate

6
container-images/tcib/base/os/designate-base/designate-mdns/designate-mdns.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-designate-mdns
tcib_user: designate

6
container-images/tcib/base/os/designate-base/designate-producer/designate-producer.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-designate-producer
tcib_user: designate

6
container-images/tcib/base/os/designate-base/designate-sink/designate-sink.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-designate-sink
tcib_user: designate

7
container-images/tcib/base/os/designate-base/designate-worker/designate-worker.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- bind
- openstack-designate-worker
tcib_user: designate

17
container-images/tcib/base/os/glance-api/glance-api.yaml
View File

@ -1,17 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/glance-api/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/glance-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
tcib_packages:
common:
- httpd
- mod_ssl
- openstack-glance
- python3-oslo-vmware
- python3-rados
- python3-rbd
- qemu-img
tcib_user: glance

7
container-images/tcib/base/os/gnocchi-base/gnocchi-api/gnocchi-api.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- gnocchi-api

14
container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml
View File

@ -1,14 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage gnocchi
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- gnocchi-common
- python3-rados
- python3-eventlet
- httpd
- librados2
- mod_ssl
- python3-boto3
- python3-ldappool
- python3-mod_wsgi

7
container-images/tcib/base/os/gnocchi-base/gnocchi-metricd/gnocchi-metricd.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-metricd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- gnocchi-metricd
tcib_user: gnocchi

7
container-images/tcib/base/os/gnocchi-base/gnocchi-statsd/gnocchi-statsd.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-statsd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- gnocchi-statsd
tcib_user: gnocchi

8
container-images/tcib/base/os/heat-base/heat-all/heat-all.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-heat-api
- openstack-heat-engine
- openstack-heat-monolith
tcib_user: heat

7
container-images/tcib/base/os/heat-base/heat-api-cfn/heat-api-cfn.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cfn /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-heat-api-cfn
tcib_user: heat

7
container-images/tcib/base/os/heat-base/heat-api/heat-api.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-heat-api
tcib_user: heat

10
container-images/tcib/base/os/heat-base/heat-base.yaml
View File

@ -1,10 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage heat
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
tcib_packages:
common:
- httpd
- mod_ssl
- openstack-heat-common
- python3-mod_wsgi

7
container-images/tcib/base/os/heat-base/heat-engine/heat-engine.yaml
View File

@ -1,7 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-engine /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-heat-engine
tcib_user: heat

20
container-images/tcib/base/os/horizon/horizon.yaml
View File

@ -1,20 +0,0 @@
tcib_actions:
- run: mv /etc/rpm/macros.image-language-conf /tmp && dnf -y install {{ tcib_packages.with_localization | join(' ') }} && mv /tmp/macros.image-language-conf /etc/rpm && dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/horizon/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: 'sed -i -r ''s,^(Listen 80),#\1,'' /etc/httpd/conf/httpd.conf && sed -i -r ''s,^(Listen 443),#\1,'' /etc/httpd/conf.d/ssl.conf && ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python{{ tcib_python_version | default("3.9" if tcib_release is version("9", "==") else "3.6") }}/site-packages/openstack_dashboard && ln -s /usr/share/openstack-dashboard/static /usr/lib/python{{ tcib_python_version | default("3.9" if tcib_release is version("9", "==") else "3.6") }}/site-packages/static && chown -R apache /etc/openstack-dashboard /usr/share/openstack-dashboard && chown -R apache /usr/share/openstack-dashboard/static && sed -i "s|WEBROOT = ''/dashboard/''|WEBROOT = ''/''|" /etc/openstack-dashboard/local_settings && cp /usr/share/openstack-dashboard/manage.py /usr/bin/manage.py && rm -f /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/?[^_]*.py* && rm -f /usr/lib/python{{ tcib_python_version | default("3.9" if tcib_release is version("9", "==") else "3.6") }}/site-packages/openstack_dashboard/local/enabled/?[^_]*.py* && for locale in /usr/lib/python{{ tcib_python_version | default("3.9" if tcib_release is version("9", "==") else "3.6") }}/site-packages/*/locale; do (cd ${locale%/*} && /usr/bin/django-admin compilemessages) done'
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/horizon /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- gettext
- httpd
- mod_ssl
- python3-mod_wsgi
- python3-PyMySQL
with_localization:
- openstack-dashboard
- openstack-heat-ui
- openstack-ironic-ui
- openstack-manila-ui
- openstack-octavia-ui
- openstack-designate-ui

12
container-images/tcib/base/os/ironic-base/ironic-api/ironic-api.yaml
View File

@ -1,12 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/www/cgi-bin/ironic && cp -a /usr/bin/ironic-api-wsgi /var/www/cgi-bin/ironic/app
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- mod_ssl
- openstack-ironic-api
- python3-mod_wsgi
tcib_user: ironic

6
container-images/tcib/base/os/ironic-base/ironic-base.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage ironic
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-ironic-common

26
container-images/tcib/base/os/ironic-base/ironic-conductor/ironic-conductor.yaml
View File

@ -1,26 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-conductor /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- xorriso
- dosfstools
- e2fsprogs
- gdisk
- ipmitool
- openssh-clients
- openstack-ironic-conductor
- openstack-ironic-staging-drivers
- parted
- psmisc
- python3-dracclient
- python3-ironic-inspector-client
- python3-proliantutils
- python3-pysnmp
- python3-scciclient
- python3-sushy
- python3-systemd
- qemu-img
- util-linux
- xfsprogs
tcib_user: ironic

9
container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml
View File

@ -1,9 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-inspector /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- openstack-ironic-inspector
- openstack-ironic-inspector-dnsmasq
tcib_user: ironic-inspector

14
container-images/tcib/base/os/ironic-base/ironic-pxe/ironic-pxe.yaml
View File

@ -1,14 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: echo ". /usr/local/bin/kolla_httpd_setup"> /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-pxe /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- ipxe-bootimgs
- mod_ssl
- python3-mod_wsgi
- dnsmasq
- grub2-efi-x64
- shim

11
container-images/tcib/base/os/iscsid/iscsid.yaml
View File

@ -1,11 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/iscsid/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: rm -f /etc/iscsi/initiatorname.iscsi
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/iscsid /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- iscsi-initiator-utils
- python3-rtslib
- targetcli

25
container-images/tcib/base/os/keystone/keystone.yaml
View File

@ -1,25 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage keystone
- run: >-
if [ '{{ tcib_release }}' == '8' ];then
dnf module -y enable mod_auth_openidc; fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/www/cgi-bin/keystone && chown -R keystone /var/www/cgi-bin/keystone
- run: cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/keystone/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main
- run: cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
- run: sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/keystone /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- mod_auth_gssapi
- mod_auth_mellon
- mod_auth_openidc
- mod_ssl
- openstack-keystone
- python3-ldappool
- python3-mod_wsgi
- python3-requests-kerberos

11
container-images/tcib/base/os/manila-base/manila-api/manila-api.yaml
View File

@ -1,11 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/www/cgi-bin/manila && cp -a /usr/bin/manila-wsgi /var/www/cgi-bin/manila/manila-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
- run: chown -R manila /var/www/cgi-bin/manila && chmod 755 /var/www/cgi-bin/manila/manila-wsgi
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/manila-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- httpd
- mod_ssl
- python3-mod_wsgi
tcib_user: manila

6
container-images/tcib/base/os/manila-base/manila-base.yaml
View File

@ -1,6 +0,0 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage manila
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
tcib_packages:
common:
- openstack-manila

3
container-images/tcib/base/os/manila-base/manila-scheduler/manila-scheduler.yaml
View File

@ -1,3 +0,0 @@
tcib_actions:
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/manila-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_user: manila

16
container-images/tcib/base/os/manila-base/manila-share/manila-share.yaml
View File

@ -1,16 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/manila-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- ceph-common
- dbus-tools
- libqb
- openstack-manila-share
- pacemaker
- pacemaker-remote
- pcs
- resource-agents
- sqlite
tcib_user: manila

8
container-images/tcib/base/os/neutron-base/ironic-neutron-agent/ironic-neutron-agent.yaml
View File

@ -1,8 +0,0 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-neutron-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:
- python3-ironic-neutron-agent
- python3-networking-baremetal
tcib_user: neutron

Some files were not shown because too many files have changed in this diff Show More