Browse Source
- Kolla files that we need to copy into the images. We removed the bits for Debian/Ubuntu and Upgrades stuffs that we don't use in TripleO. - A containerfile conversion tool has been added. This tool will interpret docker files and convert them to a simplified tcib format. - TCIB aka TripleO Container Image Build, a new directory with the image configs. One file per image, following a simple structure. All images were pushed, we'll make some adjustments later. Change-Id: Ib099c3be867f41c66b088de50d9e176cdcc0592c Signed-off-by: Kevin Carter <kecarter@redhat.com>changes/86/722486/80
Emilien Macchi
2 years ago
128 changed files with 2544 additions and 0 deletions
@ -0,0 +1,20 @@
|
||||
#!/bin/bash |
||||
|
||||
# This script performs setup necessary to run the Apache httpd web server. |
||||
# It should be sourced rather than executed as environment variables are set. |
||||
|
||||
# Assume the service runs on top of Apache httpd when user is root. |
||||
if [[ "$(whoami)" == 'root' ]]; then |
||||
# NOTE(pbourke): httpd will not clean up after itself in some cases which |
||||
# results in the container not being able to restart. (bug #1489676, 1557036) |
||||
rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* |
||||
|
||||
# CentOS 8 has an issue with mod_ssl which produces an invalid Apache |
||||
# configuration in /etc/httpd/conf.d/ssl.conf. This causes the following error |
||||
# on startup: |
||||
# SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty |
||||
# Work around this by generating certificates manually. |
||||
if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then |
||||
/usr/libexec/httpd-ssl-gencerts |
||||
fi |
||||
fi |
||||
@ -0,0 +1,436 @@
|
||||
#!/usr/bin/env python3 |
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
import argparse |
||||
import glob |
||||
import grp |
||||
import json |
||||
import logging |
||||
import os |
||||
import pwd |
||||
import shutil |
||||
import sys |
||||
|
||||
|
||||
# TODO(rhallisey): add docstring. |
||||
logging.basicConfig() |
||||
LOG = logging.getLogger(__name__) |
||||
LOG.setLevel(logging.INFO) |
||||
|
||||
|
||||
class ExitingException(Exception): |
||||
def __init__(self, message, exit_code=1): |
||||
super(ExitingException, self).__init__(message) |
||||
self.exit_code = exit_code |
||||
|
||||
|
||||
class ImmutableConfig(ExitingException): |
||||
pass |
||||
|
||||
|
||||
class InvalidConfig(ExitingException): |
||||
pass |
||||
|
||||
|
||||
class MissingRequiredSource(ExitingException): |
||||
pass |
||||
|
||||
|
||||
class UserNotFound(ExitingException): |
||||
pass |
||||
|
||||
|
||||
class ConfigFileBadState(ExitingException): |
||||
pass |
||||
|
||||
|
||||
class ConfigFile(object): |
||||
|
||||
def __init__(self, source, dest, owner=None, perm=None, optional=False, |
||||
preserve_properties=False, merge=False): |
||||
self.source = source |
||||
self.dest = dest |
||||
self.owner = owner |
||||
self.perm = perm |
||||
self.optional = optional |
||||
self.merge = merge |
||||
self.preserve_properties = preserve_properties |
||||
|
||||
def __str__(self): |
||||
return '<ConfigFile source:"{}" dest:"{}">'.format(self.source, |
||||
self.dest) |
||||
|
||||
def _copy_file(self, source, dest): |
||||
self._delete_path(dest) |
||||
# dest endswith / means copy the <source> to <dest> folder |
||||
LOG.info('Copying %s to %s', source, dest) |
||||
if self.merge and self.preserve_properties and os.path.islink(source): |
||||
link_target = os.readlink(source) |
||||
os.symlink(link_target, dest) |
||||
else: |
||||
shutil.copy(source, dest) |
||||
self._set_properties(source, dest) |
||||
|
||||
def _merge_directories(self, source, dest): |
||||
if os.path.isdir(source): |
||||
if os.path.lexists(dest) and not os.path.isdir(dest): |
||||
self._delete_path(dest) |
||||
if not os.path.isdir(dest): |
||||
LOG.info('Creating directory %s', dest) |
||||
os.makedirs(dest) |
||||
self._set_properties(source, dest) |
||||
|
||||
dir_content = os.listdir(source) |
||||
for to_copy in dir_content: |
||||
self._merge_directories(os.path.join(source, to_copy), |
||||
os.path.join(dest, to_copy)) |
||||
else: |
||||
self._copy_file(source, dest) |
||||
|
||||
def _delete_path(self, path): |
||||
if not os.path.lexists(path): |
||||
return |
||||
LOG.info('Deleting %s', path) |
||||
if os.path.isdir(path): |
||||
shutil.rmtree(path) |
||||
else: |
||||
os.remove(path) |
||||
|
||||
def _create_parent_dirs(self, path): |
||||
parent_path = os.path.dirname(path) |
||||
if not os.path.exists(parent_path): |
||||
os.makedirs(parent_path) |
||||
|
||||
def _set_properties(self, source, dest): |
||||
if self.preserve_properties: |
||||
self._set_properties_from_file(source, dest) |
||||
else: |
||||
self._set_properties_from_conf(dest) |
||||
|
||||
def _set_properties_from_file(self, source, dest): |
||||
shutil.copystat(source, dest) |
||||
stat = os.stat(source) |
||||
os.chown(dest, stat.st_uid, stat.st_gid) |
||||
|
||||
def _set_properties_from_conf(self, path): |
||||
config = {'permissions': |
||||
[{'owner': self.owner, 'path': path, 'perm': self.perm}]} |
||||
handle_permissions(config) |
||||
|
||||
def copy(self): |
||||
|
||||
sources = glob.glob(self.source) |
||||
|
||||
if not self.optional and not sources: |
||||
raise MissingRequiredSource('%s file is not found' % self.source) |
||||
# skip when there is no sources and optional |
||||
elif self.optional and not sources: |
||||
return |
||||
|
||||
for source in sources: |
||||
dest = self.dest |
||||
# dest endswith / means copy the <source> into <dest> folder, |
||||
# otherwise means copy the source to dest |
||||
if dest.endswith(os.sep): |
||||
dest = os.path.join(dest, os.path.basename(source)) |
||||
if not self.merge: |
||||
self._delete_path(dest) |
||||
self._create_parent_dirs(dest) |
||||
try: |
||||
self._merge_directories(source, dest) |
||||
except OSError: |
||||
# If a source is tried to merge with a read-only mount, it |
||||
# may throw an OSError. Because we don't print the source or |
||||
# dest anywhere, let's catch the exception and log a better |
||||
# message to help with tracking down the issue. |
||||
LOG.error('Unable to merge %s with %s', source, dest) |
||||
raise |
||||
|
||||
def _cmp_file(self, source, dest): |
||||
# check exsit |
||||
if (os.path.exists(source) and |
||||
not self.optional and |
||||
not os.path.exists(dest)): |
||||
return False |
||||
# check content |
||||
with open(source) as f1, open(dest) as f2: |
||||
if f1.read() != f2.read(): |
||||
LOG.error('The content of source file(%s) and' |
||||
' dest file(%s) are not equal.', source, dest) |
||||
return False |
||||
# check perm |
||||
file_stat = os.stat(dest) |
||||
actual_perm = oct(file_stat.st_mode)[-4:] |
||||
if self.perm != actual_perm: |
||||
LOG.error('Dest file does not have expected perm: %s, actual: %s', |
||||
self.perm, actual_perm) |
||||
return False |
||||
# check owner |
||||
desired_user, desired_group = user_group(self.owner) |
||||
actual_user = pwd.getpwuid(file_stat.st_uid) |
||||
if actual_user.pw_name != desired_user: |
||||
LOG.error('Dest file does not have expected user: %s,' |
||||
' actual: %s ', desired_user, actual_user.pw_name) |
||||
return False |
||||
actual_group = grp.getgrgid(file_stat.st_gid) |
||||
if actual_group.gr_name != desired_group: |
||||
LOG.error('Dest file does not have expected group: %s,' |
||||
' actual: %s ', desired_group, actual_group.gr_name) |
||||
return False |
||||
return True |
||||
|
||||
def _cmp_dir(self, source, dest): |
||||
for root, dirs, files in os.walk(source): |
||||
for dir_ in dirs: |
||||
full_path = os.path.join(root, dir_) |
||||
dest_full_path = os.path.join(dest, os.path.relpath(source, |
||||
full_path)) |
||||
dir_stat = os.stat(dest_full_path) |
||||
actual_perm = oct(dir_stat.st_mode)[-4:] |
||||
if self.perm != actual_perm: |
||||
LOG.error('Dest dir does not have expected perm: %s,' |
||||
' actual %s', self.perm, actual_perm) |
||||
return False |
||||
for file_ in files: |
||||
full_path = os.path.join(root, file_) |
||||
dest_full_path = os.path.join(dest, os.path.relpath(source, |
||||
full_path)) |
||||
if not self._cmp_file(full_path, dest_full_path): |
||||
return False |
||||
return True |
||||
|
||||
def check(self): |
||||
bad_state_files = [] |
||||
sources = glob.glob(self.source) |
||||
|
||||
if not sources and not self.optional: |
||||
raise MissingRequiredSource('%s file is not found' % self.source) |
||||
elif self.optional and not sources: |
||||
return |
||||
|
||||
for source in sources: |
||||
dest = self.dest |
||||
# dest endswith / means copy the <source> into <dest> folder, |
||||
# otherwise means copy the source to dest |
||||
if dest.endswith(os.sep): |
||||
dest = os.path.join(dest, os.path.basename(source)) |
||||
if os.path.isdir(source) and not self._cmp_dir(source, dest): |
||||
bad_state_files.append(source) |
||||
elif not self._cmp_file(source, dest): |
||||
bad_state_files.append(source) |
||||
if len(bad_state_files) != 0: |
||||
msg = 'Following files are in bad state: %s' % bad_state_files |
||||
raise ConfigFileBadState(msg) |
||||
|
||||
|
||||
def validate_config(config): |
||||
required_keys = {'source', 'dest'} |
||||
|
||||
if 'command' not in config: |
||||
raise InvalidConfig('Config is missing required "command" key') |
||||
|
||||
# Validate config sections |
||||
for data in config.get('config_files', list()): |
||||
# Verify required keys exist. |
||||
if not set(data.keys()) >= required_keys: |
||||
message = 'Config is missing required keys: %s' % required_keys |
||||
raise InvalidConfig(message) |
||||
if ('owner' not in data or 'perm' not in data) \ |
||||
and not data.get('preserve_properties', False): |
||||
raise InvalidConfig( |
||||
'Config needs preserve_properties or owner and perm') |
||||
|
||||
|
||||
def validate_source(data): |
||||
source = data.get('source') |
||||
|
||||
# Only check existence if no wildcard found |
||||
if '*' not in source: |
||||
if not os.path.exists(source): |
||||
if data.get('optional'): |
||||
LOG.info("%s does not exist, but is not required", source) |
||||
return False |
||||
else: |
||||
raise MissingRequiredSource( |
||||
"The source to copy does not exist: %s" % source) |
||||
|
||||
return True |
||||
|
||||
|
||||
def load_config(): |
||||
def load_from_env(): |
||||
config_raw = os.environ.get("KOLLA_CONFIG") |
||||
if config_raw is None: |
||||
return None |
||||
|
||||
# Attempt to read config |
||||
try: |
||||
return json.loads(config_raw) |
||||
except ValueError: |
||||
raise InvalidConfig('Invalid json for Kolla config') |
||||
|
||||
def load_from_file(): |
||||
config_file = os.environ.get("KOLLA_CONFIG_FILE") |
||||
if not config_file: |
||||
config_file = '/var/lib/kolla/config_files/config.json' |
||||
LOG.info("Loading config file at %s", config_file) |
||||
|
||||
# Attempt to read config file |
||||
with open(config_file) as f: |
||||
try: |
||||
return json.load(f) |
||||
except ValueError: |
||||
raise InvalidConfig( |
||||
"Invalid json file found at %s" % config_file) |
||||
except IOError as e: |
||||
raise InvalidConfig( |
||||
"Could not read file %s: %r" % (config_file, e)) |
||||
|
||||
config = load_from_env() |
||||
if config is None: |
||||
config = load_from_file() |
||||
|
||||
LOG.info('Validating config file') |
||||
validate_config(config) |
||||
return config |
||||
|
||||
|
||||
def copy_config(config): |
||||
if 'config_files' in config: |
||||
LOG.info('Copying service configuration files') |
||||
for data in config['config_files']: |
||||
config_file = ConfigFile(**data) |
||||
config_file.copy() |
||||
else: |
||||
LOG.debug('No files to copy found in config') |
||||
|
||||
LOG.info('Writing out command to execute') |
||||
LOG.debug("Command is: %s", config['command']) |
||||
# The value from the 'command' key will be written to '/run_command' |
||||
cmd = '/run_command' |
||||
with open(cmd, 'w+') as f: |
||||
f.write(config['command']) |
||||
# Make sure the generated file is readable by all users |
||||
try: |
||||
os.chmod(cmd, 0o644) |
||||
except OSError: |
||||
LOG.exception('Failed to set permission of %s to 0o644', cmd) |
||||
|
||||
|
||||
def user_group(owner): |
||||
if ':' in owner: |
||||
user, group = owner.split(':', 1) |
||||
if not group: |
||||
group = user |
||||
else: |
||||
user, group = owner, owner |
||||
return user, group |
||||
|
||||
|
||||
def handle_permissions(config): |
||||
for permission in config.get('permissions', list()): |
||||
path = permission.get('path') |
||||
owner = permission.get('owner') |
||||
recurse = permission.get('recurse', False) |
||||
perm = permission.get('perm') |
||||
|
||||
desired_user, desired_group = user_group(owner) |
||||
uid = pwd.getpwnam(desired_user).pw_uid |
||||
gid = grp.getgrnam(desired_group).gr_gid |
||||
|
||||
def set_perms(path, uid, gid, perm): |
||||
LOG.info('Setting permission for %s', path) |
||||
if not os.path.exists(path): |
||||
LOG.warning('%s does not exist', path) |
||||
return |
||||
|
||||
try: |
||||
os.chown(path, uid, gid) |
||||
except OSError: |
||||
LOG.exception('Failed to change ownership of %s to %s:%s', |
||||
path, uid, gid) |
||||
|
||||
if perm: |
||||
# NOTE(Jeffrey4l): py3 need '0oXXX' format for octal literals, |
||||
# and py2 support such format too. |
||||
if len(perm) == 4 and perm[1] != 'o': |
||||
perm = ''.join([perm[:1], 'o', perm[1:]]) |
||||
perm = int(perm, base=0) |
||||
|
||||
try: |
||||
os.chmod(path, perm) |
||||
except OSError: |
||||
LOG.exception('Failed to set permission of %s to %s', |
||||
path, perm) |
||||
|
||||
for dest in glob.glob(path): |
||||
set_perms(dest, uid, gid, perm) |
||||
if recurse and os.path.isdir(dest): |
||||
for root, dirs, files in os.walk(dest): |
||||
for dir_ in dirs: |
||||
set_perms(os.path.join(root, dir_), uid, gid, perm) |
||||
for file_ in files: |
||||
set_perms(os.path.join(root, file_), uid, gid, perm) |
||||
|
||||
|
||||
def execute_config_strategy(config): |
||||
config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY") |
||||
LOG.info("Kolla config strategy set to: %s", config_strategy) |
||||
if config_strategy == "COPY_ALWAYS": |
||||
copy_config(config) |
||||
handle_permissions(config) |
||||
elif config_strategy == "COPY_ONCE": |
||||
if os.path.exists('/configured'): |
||||
raise ImmutableConfig( |
||||
"The config strategy prevents copying new configs", |
||||
exit_code=0) |
||||
else: |
||||
copy_config(config) |
||||
handle_permissions(config) |
||||
os.mknod('/configured') |
||||
else: |
||||
raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly') |
||||
|
||||
|
||||
def execute_config_check(config): |
||||
for data in config['config_files']: |
||||
config_file = ConfigFile(**data) |
||||
config_file.check() |
||||
|
||||
|
||||
def main(): |
||||
try: |
||||
parser = argparse.ArgumentParser() |
||||
parser.add_argument('--check', |
||||
action='store_true', |
||||
required=False, |
||||
help='Check whether the configs changed') |
||||
args = parser.parse_args() |
||||
config = load_config() |
||||
|
||||
if args.check: |
||||
execute_config_check(config) |
||||
else: |
||||
execute_config_strategy(config) |
||||
except ExitingException as e: |
||||
LOG.error("%s: %s", e.__class__.__name__, e) |
||||
return e.exit_code |
||||
except Exception: |
||||
LOG.exception('Unexpected error:') |
||||
return 2 |
||||
return 0 |
||||
|
||||
|
||||
if __name__ == "__main__": |
||||
sys.exit(main()) |
||||
@ -0,0 +1,18 @@
|
||||
#!/bin/bash |
||||
set -o errexit |
||||
set -o xtrace |
||||
|
||||
# Processing /var/lib/kolla/config_files/config.json as root. This is necessary |
||||
# to permit certain files to be controlled by the root user which should |
||||
# not be writable by the dropped-privileged user, especially /run_command |
||||
sudo -E kolla_set_configs |
||||
CMD=$(cat /run_command) |
||||
ARGS="" |
||||
|
||||
if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then |
||||
# Run additional commands if present |
||||
. kolla_extend_start |
||||
fi |
||||
|
||||
echo "Running command: '${CMD}${ARGS:+ $ARGS}'" |
||||
exec ${CMD} ${ARGS} |
||||
@ -0,0 +1,18 @@
|
||||
# The idea here is a container service adds their UID to the kolla group |
||||
# via usermod -a -G kolla <uid>. Then the kolla_start may run |
||||
# kolla_set_configs via sudo as the root user which is necessary to protect |
||||
# the immutability of the container |
||||
|
||||
# anyone in the kolla group may sudo -E (set the environment) |
||||
Defaults: %kolla setenv |
||||
|
||||
# root may run any commands via sudo as the network seervice user. This is |
||||
# neededfor database migrations of existing services which have not been |
||||
# converted to run as a non-root user, but instead do that via sudo -E glance |
||||
root ALL=(ALL) ALL |
||||
|
||||
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the |
||||
# root user via sudo without password confirmation |
||||
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs |
||||
|
||||
#includedir /etc/sudoers.d |
||||
@ -0,0 +1,9 @@
|
||||
#!/bin/bash |
||||
|
||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases |
||||
# of the KOLLA_BOOTSTRAP variable being set, including empty. |
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then |
||||
glance-manage db_sync |
||||
glance-manage db_load_metadefs |
||||
exit 0 |
||||
fi |
||||
@ -0,0 +1,126 @@
|
||||
#!/bin/bash |
||||
|
||||
set -o errexit |
||||
|
||||
FORCE_GENERATE="${FORCE_GENERATE}" |
||||
HASH_PATH=/var/lib/kolla/.settings.md5sum.txt |
||||
MANAGE_PY="/usr/bin/python${KOLLA_DISTRO_PYTHON_VERSION} /usr/bin/manage.py" |
||||
|
||||
if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then |
||||
CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py" |
||||
if [[ ! -L ${CUSTOM_SETTINGS_FILE} ]]; then |
||||
ln -s /etc/openstack-dashboard/custom_local_settings ${CUSTOM_SETTINGS_FILE} |
||||
fi |
||||
fi |
||||
|
||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases |
||||
# of the KOLLA_BOOTSTRAP variable being set, including empty. |
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then |
||||
$MANAGE_PY migrate --noinput |
||||
exit 0 |
||||
fi |
||||
|
||||
function config_dashboard { |
||||
ENABLE=$1 |
||||
SRC=$2 |
||||
DEST=$3 |
||||
if [[ ! -f ${SRC} ]]; then |
||||
echo "WARNING: ${SRC} is required" |
||||
elif [[ "${ENABLE}" == "yes" ]] && [[ ! -f "${DEST}" ]]; then |
||||
cp -a "${SRC}" "${DEST}" |
||||
FORCE_GENERATE="yes" |
||||
elif [[ "${ENABLE}" != "yes" ]] && [[ -f "${DEST}" ]]; then |
||||
# remove pyc pyo files too |
||||
rm -f "${DEST}" "${DEST}c" "${DEST}o" |
||||
FORCE_GENERATE="yes" |
||||
fi |
||||
} |
||||
|
||||
function config_designate_dashboard { |
||||
for file in ${SITE_PACKAGES}/designatedashboard/enabled/_*[^__].py; do |
||||
config_dashboard "${ENABLE_DESIGNATE}" \ |
||||
"${SITE_PACKAGES}/designatedashboard/enabled/${file##*/}" \ |
||||
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" |
||||
done |
||||
} |
||||
|
||||
function config_heat_dashboard { |
||||
for file in ${SITE_PACKAGES}/heat_dashboard/enabled/_*[^__].py; do |
||||
config_dashboard "${ENABLE_HEAT}" \ |
||||
"${SITE_PACKAGES}/heat_dashboard/enabled/${file##*/}" \ |
||||
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" |
||||
done |
||||
|
||||
config_dashboard "${ENABLE_HEAT}" \ |
||||
"${SITE_PACKAGES}/heat_dashboard/conf/heat_policy.json" \ |
||||
"/etc/openstack-dashboard/heat_policy.json" |
||||
} |
||||
|
||||
function config_ironic_dashboard { |
||||
for file in ${SITE_PACKAGES}/ironic_ui/enabled/_*[^__].py; do |
||||
config_dashboard "${ENABLE_IRONIC}" \ |
||||
"${SITE_PACKAGES}/ironic_ui/enabled/${file##*/}" \ |
||||
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" |
||||
done |
||||
} |
||||
|
||||
function config_manila_ui { |
||||
for file in ${SITE_PACKAGES}/manila_ui/local/enabled/_*[^__].py; do |
||||
config_dashboard "${ENABLE_MANILA}" \ |
||||
"${SITE_PACKAGES}/manila_ui/local/enabled/${file##*/}" \ |
||||
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" |
||||
done |
||||
} |
||||
|
||||
function config_octavia_dashboard { |
||||
config_dashboard "${ENABLE_OCTAVIA}" \ |
||||
"${SITE_PACKAGES}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py" \ |
||||
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py" |
||||
} |
||||
|
||||
function config_sahara_dashboard { |
||||
for file in ${SITE_PACKAGES}/sahara_dashboard/enabled/_*[^__].py; do |
||||
config_dashboard "${ENABLE_SAHARA}" \ |
||||
"${SITE_PACKAGES}/sahara_dashboard/enabled/${file##*/}" \ |
||||
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" |
||||
done |
||||
} |
||||
|
||||
# Regenerate the compressed javascript and css if any configuration files have |
||||
# changed. Use a static modification date when generating the tarball |
||||
# so that we only trigger on content changes. |
||||
function settings_bundle { |
||||
tar -cf- --mtime=1970-01-01 \ |
||||
/etc/openstack-dashboard/local_settings \ |
||||
/etc/openstack-dashboard/custom_local_settings \ |
||||
/etc/openstack-dashboard/local_settings.d 2> /dev/null |
||||
} |
||||
|
||||
function settings_changed { |
||||
changed=1 |
||||
|
||||
if [[ ! -f $HASH_PATH ]] || ! settings_bundle | md5sum -c --status $HASH_PATH || [[ $FORCE_GENERATE == yes ]]; then |
||||
changed=0 |
||||
fi |
||||
|
||||
return ${changed} |
||||
} |
||||
|
||||
config_designate_dashboard |
||||
config_heat_dashboard |
||||
config_ironic_dashboard |
||||
config_manila_ui |
||||
config_octavia_dashboard |
||||
config_sahara_dashboard |
||||
|
||||
if settings_changed; then |
||||
${MANAGE_PY} collectstatic --noinput --clear |
||||
${MANAGE_PY} compress --force |
||||
settings_bundle | md5sum > $HASH_PATH |
||||
fi |
||||
|
||||
if [[ -f ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store ]] && [[ $(stat -c %U ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store) != "horizon" ]]; then |
||||
chown horizon ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store |
||||
fi |
||||
|
||||
. /usr/local/bin/kolla_httpd_setup |
||||
@ -0,0 +1,7 @@
|
||||
#!/bin/bash |
||||
|
||||
# check if unique iSCSI initiator name already exists |
||||
if [[ ! -f /etc/iscsi/initiatorname.iscsi ]]; then |
||||
echo "Generating new iSCSI initiator name" |
||||
echo InitiatorName=$(/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi |
||||
fi |
||||
@ -0,0 +1,31 @@
|
||||
#!/bin/bash |
||||
|
||||
# Create log dir for Keystone logs |
||||
KEYSTONE_LOG_DIR="/var/log/keystone" |
||||
if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then |
||||
mkdir -p ${KEYSTONE_LOG_DIR} |
||||
fi |
||||
if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then |
||||
chown keystone:kolla ${KEYSTONE_LOG_DIR} |
||||
fi |
||||
if [ ! -f "${KEYSTONE_LOG_DIR}/keystone.log" ]; then |
||||
touch ${KEYSTONE_LOG_DIR}/keystone.log |
||||
fi |
||||
if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}/keystone.log) != "keystone:keystone" ]]; then |
||||
chown keystone:keystone ${KEYSTONE_LOG_DIR}/keystone.log |
||||
fi |
||||
if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then |
||||
chmod 755 ${KEYSTONE_LOG_DIR} |
||||
fi |
||||
|
||||
EXTRA_KEYSTONE_MANAGE_ARGS=${EXTRA_KEYSTONE_MANAGE_ARGS-} |
||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases |
||||
# of the KOLLA_BOOTSTRAP variable being set, including empty. |
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then |
||||
sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync |
||||
exit 0 |
||||
fi |
||||
|
||||
. /usr/local/bin/kolla_httpd_setup |
||||
|
||||
ARGS="-DFOREGROUND" |
||||
@ -0,0 +1,35 @@
|
||||
#!/bin/bash |
||||
|
||||
function bootstrap_db { |
||||
mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid & |
||||
# Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout |
||||
# NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions. |
||||
# Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid. |
||||
TIMEOUT=${DB_MAX_TIMEOUT:-60} |
||||
while [[ ! -S /var/lib/mysql/mysql.sock ]] && \ |
||||
[[ ! -S /var/run/mysqld/mysqld.sock ]] || \ |
||||
[[ ! -f /var/lib/mysql/mariadb.pid ]]; do |
||||
if [[ ${TIMEOUT} -gt 0 ]]; then |
||||
let TIMEOUT-=1 |
||||
sleep 1 |
||||
else |
||||
exit 1 |
||||
fi |
||||
done |
||||
|
||||
sudo -E kolla_security_reset |
||||
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" |
||||
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" |
||||
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown |
||||
} |
||||
|
||||
# This catches all cases of the BOOTSTRAP variable being set, including empty |
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then |
||||
mysql_install_db |
||||
bootstrap_db |
||||
exit 0 |
||||
fi |
||||
|
||||
if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then |
||||
ARGS="${BOOTSTRAP_ARGS}" |
||||
fi |
||||
@ -0,0 +1,58 @@
|
||||
#!/usr/bin/expect -f |
||||
|
||||
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10} |
||||
spawn mysql_secure_installation |
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } |
||||
"Enter current password for root (enter for none):" |
||||
} |
||||
send "\r" |
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } |
||||
"Set root password?" |
||||
} |
||||
send "y\r" |
||||
expect { |
||||
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } |
||||
"New password:" |
||||
} |
||||
send "$env(DB_ROOT_PASSWORD)\r" |
||||
|
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } |
||||
"Re-enter new password:" |
||||
} |
||||
send "$env(DB_ROOT_PASSWORD)\r" |
||||
|
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } |
||||
"Remove anonymous users?" |
||||
} |
||||
send "y\r" |
||||
|
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } |
||||
"Disallow root login remotely?" |
||||
} |
||||
send "n\r" |
||||
|
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } |
||||
"Remove test database and access to it?" |
||||
} |
||||
send "y\r" |
||||
|
||||
expect { |
||||
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } |
||||
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } |
||||
"Reload privilege tables now?" |
||||
} |
||||
send "y\r" |
||||
expect eof |
||||
@ -0,0 +1,6 @@
|
||||
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * |
||||
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf |
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy |
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy |
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables |
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables |
||||
@ -0,0 +1,28 @@
|
||||
#!/bin/bash |
||||
|
||||
# All the option passed to this script will be |
||||
# passed to the ovn-ctl script. Please see the options |
||||
# supported by ovn-ctl script - |
||||
# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl |
||||
args=$@ |
||||
|
||||
# Use ovn-ctl script to start ovn NB db server as it |
||||
# takes care of creating the db file from the schema |
||||
# file if the db file is not present. It also takes care |
||||
# of updating the db file if the schema file is updated. |
||||
|
||||
# Check for the presence of ovn-ctl script in two locations. |
||||
# If latest OVN is used (post split from openvswitch), |
||||
# then the new location for the ovn-ctl script is |
||||
# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is |
||||
# /usr/share/openvswitch/scripts/ovn-ctl. |
||||
|
||||
if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then |
||||
set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor |
||||
elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then |
||||
set /usr/share/ovn/scripts/ovn-ctl --no-monitor |
||||
else |
||||
exit 1 |
||||
fi |
||||
|
||||
$@ $args run_nb_ovsdb |
||||
@ -0,0 +1,29 @@
|
||||
#!/bin/bash |
||||
|
||||
# All the option passed to this script will be |
||||
# passed to the ovn-ctl script. Please see the options |
||||
# supported by ovn-ctl script - |
||||
# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl |
||||
args=$@ |
||||
|
||||
# Use ovn-ctl script to start ovn SB db server as it |
||||
# takes care of creating the db file from the schema |
||||
# file if the db file is not present. It also takes care |
||||
# of updating the db file if the schema file is updated. |
||||
|
||||
# Check for the presence of ovn-ctl script in two locations. |
||||
# If latest OVN is used (post split from openvswitch), |
||||
# then the new location for the ovn-ctl script is |
||||
# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is |
||||
# /usr/share/openvswitch/scripts/ovn-ctl. |
||||
|
||||
|
||||
if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then |
||||
set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor |
||||
elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then |
||||
set /usr/share/ovn/scripts/ovn-ctl --no-monitor |
||||
else |
||||
exit 1 |
||||
fi |
||||
|
||||
$@ $args run_sb_ovsdb |
||||
@ -0,0 +1,16 @@
|
||||
#!/bin/bash |
||||
|
||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases |
||||
# of the KOLLA_BOOTSTRAP variable being set, including empty. |
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then |
||||
|
||||
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous |
||||
# bootstrap, the system does not allow to overwrite it (it bootstrap files with |
||||
# permission denied error) but it allows to delete it and then recreate it. |
||||
if [[ -e "/var/lib/rabbitmq/.erlang.cookie" ]]; then |
||||
rm -f /var/lib/rabbitmq/.erlang.cookie |
||||
fi |
||||
echo "${RABBITMQ_CLUSTER_COOKIE}" > /var/lib/rabbitmq/.erlang.cookie |
||||
chmod 400 /var/lib/rabbitmq/.erlang.cookie |
||||
exit 0 |
||||
fi |
||||
@ -0,0 +1,10 @@
|
||||
#!/usr/bin/python3 |
||||
# PBR Generated from u'console_scripts' |
||||
|
||||
import sys |
||||
|
||||
from oslo_rootwrap.cmd import main |
||||
|
||||
|
||||
if __name__ == "__main__": |
||||
sys.exit(main()) |
||||
@ -0,0 +1,2 @@
|
||||
swift ALL=(root) NOPASSWD: /bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+ |
||||
swift ALL=(root) NOPASSWD: /usr/bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+ |
||||
@ -0,0 +1,18 @@
|
||||
#!/bin/bash |
||||
# This is a useful entrypoint/cmd if you wish to run commands in a container |
||||
# in an existing users $HOME directory |
||||
# For example: podman run -ti -e USER=stack -e UID=1000 --privileged=true --volume=/home/stack/:/home/stack/ tripleoclient:latest /usr/local/bin/create_super_user.sh |
||||
|
||||
if [ -n "$USER" -a -n "$UID" ]; then |
||||
useradd "$USER" -u "$UID" -M |
||||
cat >> /etc/sudoers <<EOF_CAT |
||||
$USER ALL=(ALL) NOPASSWD:ALL |
||||
EOF_CAT |
||||
su -l $USER |
||||
export TERM="xterm" |
||||
alias ls='ls --color=auto' |
||||
/bin/bash |
||||
else |
||||
echo "Please set valid $USER and $UID env variables." |
||||
exit 1 |
||||
fi |
||||
@ -0,0 +1,53 @@
|
||||
tcib_actions: |
||||
- run: >- |
||||
dnf install -y crudini && |
||||
crudini --del /etc/dnf/dnf.conf main override_install_langs && |
||||
crudini --set /etc/dnf/dnf.conf main clean_requirements_on_remove True && |
||||
crudini --set /etc/dnf/dnf.conf main exactarch 1 && |
||||
crudini --set /etc/dnf/dnf.conf main gpgcheck 1 && |
||||
crudini --set /etc/dnf/dnf.conf main install_weak_deps False && |
||||
crudini --set /etc/dnf/dnf.conf main installonly_limit 0 && |
||||
crudini --set /etc/dnf/dnf.conf main keepcache 0 && |
||||
crudini --set /etc/dnf/dnf.conf main obsoletes 1 && |
||||
crudini --set /etc/dnf/dnf.conf main plugins 1 && |
||||
crudini --set /etc/dnf/dnf.conf main skip_missing_names_on_install False && |
||||
crudini --set /etc/dnf/dnf.conf main tsflags nodocs |
||||
- run: groupadd --force --gid 42400 kolla && useradd -l -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla |
||||
- run: touch /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start |
||||
- copy: /usr/share/tripleo-common/container-images/kolla/base/set_configs.py /usr/local/bin/kolla_set_configs |
||||
- run: chmod 755 /usr/local/bin/kolla_set_configs |
||||
- copy: /usr/share/tripleo-common/container-images/kolla/base/start.sh /usr/local/bin/kolla_start |
||||
- run: chmod 755 /usr/local/bin/kolla_start |
||||
- copy: /usr/share/tripleo-common/container-images/kolla/base/httpd_setup.sh /usr/local/bin/kolla_httpd_setup |
||||
- run: chmod 755 /usr/local/bin/kolla_httpd_setup |
||||
- copy: /usr/share/tripleo-common/container-images/kolla/base/sudoers /etc/sudoers |
||||
- run: chmod 440 /etc/sudoers |
||||
- run: sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth |
||||
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} |
||||
- run: mkdir -p /openstack |
||||
- run: dnf update -y && dnf clean all && rm -rf /var/cache/dnf |
||||
tcib_cmd: kolla_start |
||||
tcib_entrypoint: dumb-init --single-child -- |
||||
tcib_envs: |
||||
LANG: en_US.UTF-8 |
||||
container: oci |
||||
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/base/*'', wantlist=True) }}' |
||||
tcib_labels: |
||||
maintainer: OpenStack TripleO team |
||||
tcib_packages: |
||||
common: |
||||
- ca-certificates |
||||
- curl |
||||
- dumb-init |
||||
- glibc-langpack-en |
||||
- iscsi-initiator-utils |
||||
- openstack-selinux |
||||
- openstack-tripleo-common-container-base |
||||
- procps-ng |
||||
- python3 |
||||
- rsync |
||||
- socat |
||||
- sudo |
||||
- tar |
||||
- util-linux-user |
||||
tcib_stopsignal: SIGTERM |
||||
@ -0,0 +1,64 @@
|
||||
tcib_actions: |
||||
- run: >- |
||||
if [ '{{ tcib_distro }}' == 'rhel' ]; then |
||||
{% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %} |
||||
fi |
||||
- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi |
||||
- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: mkdir -p /var/lib/collectd && useradd -d /var/lib/collectd -l -M --shell /usr/sbin/nologin collectd && chown collectd:collectd /var/lib/collectd |
||||
- run: chown -R collectd /var/lib/collectd && chown -R collectd /etc/collectd* && chown -R collectd /var/run/ |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- collectd |
||||
- collectd-amqp1 |
||||
- collectd-apache |
||||
- collectd-bind |
||||
- collectd-ceph |
||||
- collectd-chrony |
||||
- collectd-connectivity |
||||
- collectd-curl |
||||
- collectd-curl_json |
||||
- collectd-curl_xml |
||||
- collectd-dbi |
||||
- collectd-disk |
||||
- collectd-dns |
||||
- collectd-generic-jmx |
||||
- collectd-ipmi |
||||
- collectd-iptables |
||||
- collectd-log_logstash |
||||
- collectd-mcelog |
||||
- collectd-memcachec |
||||
- collectd-mysql |
||||
- collectd-netlink |
||||
- collectd-openldap |
||||
- collectd-ovs-events |
||||
- collectd-ovs-stats |
||||
- collectd-ping |
||||
- collectd-procevent |
||||
- collectd-python |
||||
- collectd-sensors |
||||
- collectd-sensubility |
||||
- collectd-smart |
||||
- collectd-snmp |
||||
- collectd-snmp-agent |
||||
- collectd-sysevent |
||||
- collectd-utils |
||||
- collectd-virt |
||||
- collectd-write_http |
||||
- collectd-write_kafka |
||||
- collectd-write_prometheus |
||||
- python3-collectd-gnocchi |
||||
- python3-sqlalchemy-collectd |
||||
modules: |
||||
- disable: virt:rhel |
||||
- enable: virt:8.2 |
||||
rhel: |
||||
- python3-collectd-rabbitmq-monitoring |
||||
x86_64: |
||||
- collectd-hugepages |
||||
- collectd-pcie-errors |
||||
- collectd-pmu |
||||
- collectd-rdt |
||||
- collectd-turbostat |
||||
@ -0,0 +1,6 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
tcib_packages: |
||||
common: |
||||
- cronie |
||||
- logrotate |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- etcd |
||||
tcib_user: etcd |
||||
@ -0,0 +1,10 @@
|
||||
tcib_actions: |
||||
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
tcib_packages: |
||||
common: |
||||
- haproxy |
||||
- libqb |
||||
- pacemaker |
||||
- pacemaker-remote |
||||
- pcs |
||||
- resource-agents |
||||
@ -0,0 +1,6 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
tcib_packages: |
||||
common: |
||||
- hostname |
||||
- keepalived |
||||
@ -0,0 +1,35 @@
|
||||
tcib_actions: |
||||
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset' |
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start |
||||
- run: chmod 755 /usr/local/bin/kolla_extend_start |
||||
- run: usermod -a -G kolla {{ tcib_user }} |
||||
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/security_reset.expect /usr/local/bin/kolla_security_reset |
||||
- run: chmod 755 /usr/local/bin/kolla_security_reset |
||||
- run: rm -rf /var/lib/mysql/* /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf |
||||
- run: mkdir -p /etc/libqb |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mariadb /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_cmd: kolla_start |
||||
tcib_entrypoint: dumb-init -- |
||||
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/mariadb/*'', wantlist=True) }}' |
||||
tcib_packages: |
||||
common: |
||||
- expect |
||||
- galera |
||||
- hostname |
||||
- libqb |
||||
- mariadb |
||||
- mariadb-backup |
||||
- mariadb-server-galera |
||||
- mariadb-server-utils |
||||
- pacemaker |
||||
- pacemaker-remote |
||||
- pcs |
||||
- resource-agents |
||||
- rsync |
||||
- tar |
||||
- xinetd |
||||
modules: |
||||
- enable: mariadb:10.3 |
||||
tcib_user: mysql |
||||
@ -0,0 +1,9 @@
|
||||
tcib_actions: |
||||
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: usermod -a -G kolla {{ tcib_user }} |
||||
- run: mkdir -p /run/memcache && chown -R memcached:memcached /run/memcache |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- memcached |
||||
tcib_user: memcached |
||||
@ -0,0 +1,6 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/multipathd /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- device-mapper-multipath |
||||
@ -0,0 +1,11 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: mkdir -p /var/www/cgi-bin/aodh && chmod 755 /var/www/cgi-bin/aodh && cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/ && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- httpd |
||||
- mod_ssl |
||||
- openstack-aodh-api |
||||
- python3-ldappool |
||||
- python3-mod_wsgi |
||||
@ -0,0 +1,6 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: usermod -a -G kolla aodh |
||||
tcib_packages: |
||||
common: |
||||
- openstack-aodh-common |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-evaluator /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-aodh-evaluator |
||||
tcib_user: aodh |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-aodh-listener |
||||
tcib_user: aodh |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-notifier /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-aodh-notifier |
||||
tcib_user: aodh |
||||
@ -0,0 +1,11 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- httpd |
||||
- mod_ssl |
||||
- openstack-barbican-api |
||||
- python3-mod_wsgi |
||||
tcib_user: barbican |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers' |
||||
- run: usermod -a -G kolla barbican |
||||
tcib_packages: |
||||
common: |
||||
- openstack-barbican-common |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-keystone-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-barbican-keystone-listener |
||||
tcib_user: barbican |
||||
@ -0,0 +1,7 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-worker /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-barbican-worker |
||||
tcib_user: barbican |
||||
@ -0,0 +1,9 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: usermod -a -G kolla ceilometer |
||||
tcib_packages: |
||||
common: |
||||
- openstack-ceilometer-common |
||||
- python3-oslo-db |
||||
- python3-panko |
||||
- python3-tooz |
||||
@ -0,0 +1,11 @@
|
||||
tcib_actions: |
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-central /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-ceilometer-central |
||||
modules: |
||||
- disable: virt:rhel |
||||
- enable: virt:8.2 |
||||
tcib_user: ceilometer |
||||
@ -0,0 +1,10 @@
|
||||
tcib_actions: |
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-ceilometer-compute |
||||
modules: |
||||
- disable: virt:rhel |
||||
- enable: virt:8.2 |
||||
@ -0,0 +1,11 @@
|
||||
tcib_actions: |
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-ipmi /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-ceilometer-ipmi |
||||
modules: |
||||
- disable: virt:rhel |
||||
- enable: virt:8.2 |
||||
tcib_user: ceilometer |
||||
@ -0,0 +1,8 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-notification /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- openstack-ceilometer-notification |
||||
- python3-pyngus |
||||
tcib_user: ceilometer |
||||
@ -0,0 +1,11 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: mkdir -p /var/www/cgi-bin/cinder && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf |
||||
- run: chown -R cinder /var/www/cgi-bin/cinder && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- httpd |
||||
- mod_ssl |
||||
- python3-keystone |
||||
- python3-mod_wsgi |
||||
@ -0,0 +1,13 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: mkdir -p /etc/libqb |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-backup /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- libqb |
||||
- nfs-utils |
||||
- pacemaker |
||||
- pacemaker-remote |
||||
- pcs |
||||
- resource-agents |
||||
tcib_user: cinder |
||||
@ -0,0 +1,15 @@
|
||||
tcib_actions: |
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: usermod -a -G kolla cinder |
||||
tcib_packages: |
||||
common: |
||||
- ceph-common |
||||
- cryptsetup |
||||
- lvm2 |
||||
- openstack-cinder |
||||
- python3-automaton |
||||
- python3-oslo-vmware |
||||
modules: |
||||
- disable: virt:rhel |
||||
- enable: virt:8.2 |
||||
@ -0,0 +1,3 @@
|
||||
tcib_actions: |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_user: cinder |
||||
@ -0,0 +1,18 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: mkdir -p /etc/libqb |
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && chmod a+rx /openstack/healthcheck |
||||
tcib_packages: |
||||
common: |
||||
- libqb |
||||
- nfs-utils |
||||
- nvmetcli |
||||
- pacemaker |
||||
- pacemaker-remote |
||||
- pcs |
||||
- python3-cinderlib |
||||
- python3-rtslib |
||||
- resource-agents |
||||
- sysfsutils |
||||
- targetcli |
||||
tcib_user: cinder |
||||
@ -0,0 +1,6 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
tcib_packages: |
||||
common: |
||||
- openstack-designate-api |
||||
tcib_user: designate |
||||
@ -0,0 +1,6 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: mkdir -p /var/lib/named/ /run/named && chown -R root /var/lib/named /run/named && chmod 755 /run/named |
||||
tcib_packages: |
||||
common: |
||||
- bind |
||||
@ -0,0 +1,9 @@
|
||||
tcib_actions: |
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf |
||||
- run: usermod -a -G kolla designate |
||||
tcib_packages: |
||||
common: |
||||
- openstack-designate-common |
||||
- python3-oslo-reports |
||||
- python3-suds |
||||