From b84805d38d4c9e63b0452692f75b29d651356bb0 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 23 Apr 2020 16:18:34 -0400 Subject: [PATCH] Implement a new Container Images layout - Kolla files that we need to copy into the images. We removed the bits for Debian/Ubuntu and Upgrades stuffs that we don't use in TripleO. - A containerfile conversion tool has been added. This tool will interpret docker files and convert them to a simplified tcib format. - TCIB aka TripleO Container Image Build, a new directory with the image configs. One file per image, following a simple structure. All images were pushed, we'll make some adjustments later. Change-Id: Ib099c3be867f41c66b088de50d9e176cdcc0592c Signed-off-by: Kevin Carter --- container-images/kolla/base/httpd_setup.sh | 20 + container-images/kolla/base/set_configs.py | 436 ++++++++++++++++++ container-images/kolla/base/start.sh | 18 + container-images/kolla/base/sudoers | 18 + .../kolla/glance-api/extend_start.sh | 9 + .../kolla/horizon/extend_start.sh | 126 +++++ container-images/kolla/iscsid/extend_start.sh | 7 + .../kolla/keystone/extend_start.sh | 31 ++ .../kolla/mariadb/extend_start.sh | 35 ++ .../kolla/mariadb/security_reset.expect | 58 +++ .../kolla/neutron-base/neutron_sudoers | 6 + .../ovn-nb-db-server/start_nb_db_server.sh | 28 ++ .../ovn-sb-db-server/start_sb_db_server.sh | 29 ++ .../kolla/rabbitmq/extend_start.sh | 16 + .../kolla/swift-base/swift-rootwrap | 10 + .../kolla/swift-base/swift-sudoers | 2 + .../kolla/tripleoclient/create_super_user.sh | 18 + container-images/tcib/base/base.yaml | 53 +++ .../tcib/base/collectd/collectd.yaml | 64 +++ container-images/tcib/base/cron/cron.yaml | 6 + container-images/tcib/base/etcd/etcd.yaml | 7 + .../tcib/base/haproxy/haproxy.yaml | 10 + .../tcib/base/keepalived/keepalived.yaml | 6 + .../tcib/base/mariadb/mariadb.yaml | 35 ++ .../tcib/base/memcached/memcached.yaml | 9 + .../tcib/base/multipathd/multipathd.yaml | 6 + .../base/os/aodh-base/aodh-api/aodh-api.yaml | 11 + .../tcib/base/os/aodh-base/aodh-base.yaml | 6 + .../aodh-evaluator/aodh-evaluator.yaml | 7 + .../aodh-listener/aodh-listener.yaml | 7 + .../aodh-notifier/aodh-notifier.yaml | 7 + .../barbican-api/barbican-api.yaml | 11 + .../base/os/barbican-base/barbican-base.yaml | 7 + .../barbican-keystone-listener.yaml | 7 + .../barbican-worker/barbican-worker.yaml | 7 + .../os/ceilometer-base/ceilometer-base.yaml | 9 + .../ceilometer-central.yaml | 11 + .../ceilometer-compute.yaml | 10 + .../ceilometer-ipmi/ceilometer-ipmi.yaml | 11 + .../ceilometer-notification.yaml | 8 + .../os/cinder-base/cinder-api/cinder-api.yaml | 11 + .../cinder-backup/cinder-backup.yaml | 13 + .../tcib/base/os/cinder-base/cinder-base.yaml | 15 + .../cinder-scheduler/cinder-scheduler.yaml | 3 + .../cinder-volume/cinder-volume.yaml | 18 + .../designate-api/designate-api.yaml | 6 + .../designate-backend-bind9.yaml | 6 + .../os/designate-base/designate-base.yaml | 9 + .../designate-central/designate-central.yaml | 6 + .../designate-mdns/designate-mdns.yaml | 6 + .../designate-producer.yaml | 6 + .../designate-sink/designate-sink.yaml | 6 + .../designate-worker/designate-worker.yaml | 7 + .../tcib/base/os/glance-api/glance-api.yaml | 22 + .../gnocchi-base/gnocchi-api/gnocchi-api.yaml | 13 + .../base/os/gnocchi-base/gnocchi-base.yaml | 6 + .../gnocchi-metricd/gnocchi-metricd.yaml | 7 + .../gnocchi-statsd/gnocchi-statsd.yaml | 7 + .../base/os/heat-base/heat-all/heat-all.yaml | 8 + .../heat-base/heat-api-cfn/heat-api-cfn.yaml | 7 + .../base/os/heat-base/heat-api/heat-api.yaml | 7 + .../tcib/base/os/heat-base/heat-base.yaml | 10 + .../os/heat-base/heat-engine/heat-engine.yaml | 6 + .../tcib/base/os/horizon/horizon.yaml | 18 + .../os/ironic-base/ironic-api/ironic-api.yaml | 11 + .../tcib/base/os/ironic-base/ironic-base.yaml | 6 + .../ironic-conductor/ironic-conductor.yaml | 34 ++ .../ironic-inspector/ironic-inspector.yaml | 9 + .../os/ironic-base/ironic-pxe/ironic-pxe.yaml | 14 + .../tcib/base/os/iscsid/iscsid.yaml | 12 + .../tcib/base/os/keystone/keystone.yaml | 23 + .../os/manila-base/manila-api/manila-api.yaml | 10 + .../tcib/base/os/manila-base/manila-base.yaml | 6 + .../manila-scheduler/manila-scheduler.yaml | 3 + .../manila-share/manila-share.yaml | 14 + .../mistral-base/mistral-api/mistral-api.yaml | 11 + .../base/os/mistral-base/mistral-base.yaml | 9 + .../mistral-engine/mistral-engine.yaml | 7 + .../mistral-event-engine.yaml | 7 + .../mistral-executor/mistral-executor.yaml | 21 + .../ironic-neutron-agent.yaml | 8 + .../neutron-agent-base.yaml | 10 + .../neutron-dhcp-agent.yaml | 3 + .../neutron-l3-agent/neutron-l3-agent.yaml | 3 + .../neutron-metadata-agent-ovn.yaml | 7 + .../base/os/neutron-base/neutron-base.yaml | 18 + .../neutron-metadata-agent.yaml | 3 + .../neutron-openvswitch-agent.yaml | 7 + .../neutron-server-ovn.yaml | 12 + .../neutron-server/neutron-server.yaml | 11 + .../neutron-sriov-agent.yaml | 7 + .../base/os/nova-base/nova-api/nova-api.yaml | 12 + .../tcib/base/os/nova-base/nova-base.yaml | 6 + .../nova-compute-ironic.yaml | 14 + .../nova-base/nova-compute/nova-compute.yaml | 29 ++ .../nova-conductor/nova-conductor.yaml | 7 + .../nova-base/nova-libvirt/nova-libvirt.yaml | 29 ++ .../nova-novncproxy/nova-novncproxy.yaml | 8 + .../nova-scheduler/nova-scheduler.yaml | 12 + .../base/os/novajoin-base/novajoin-base.yaml | 6 + .../novajoin-notifier/novajoin-notifier.yaml | 2 + .../novajoin-server/novajoin-server.yaml | 2 + .../octavia-base/octavia-api/octavia-api.yaml | 12 + .../base/os/octavia-base/octavia-base.yaml | 6 + .../octavia-health-manager.yaml | 7 + .../octavia-housekeeping.yaml | 7 + .../octavia-worker/octavia-worker.yaml | 7 + container-images/tcib/base/os/os.yaml | 20 + .../base/os/placement-api/placement-api.yaml | 11 + .../swift-account/swift-account.yaml | 7 + .../tcib/base/os/swift-base/swift-base.yaml | 12 + .../swift-container/swift-container.yaml | 7 + .../swift-base/swift-object/swift-object.yaml | 7 + .../swift-proxy-server.yaml | 12 + .../tcib/base/os/tempest/tempest.yaml | 9 + .../tcib/base/os/zaqar-wsgi/zaqar-wsgi.yaml | 10 + .../tcib/base/ovn-base/ovn-base.yaml | 9 + .../ovn-controller/ovn-controller.yaml | 6 + .../ovn-nb-db-server/ovn-nb-db-server.yaml | 8 + .../base/ovn-base/ovn-northd/ovn-northd.yaml | 12 + .../ovn-sb-db-server/ovn-sb-db-server.yaml | 8 + .../tcib/base/qdrouterd/qdrouterd.yaml | 11 + .../tcib/base/rabbitmq/rabbitmq.yaml | 18 + container-images/tcib/base/redis/redis.yaml | 19 + .../tcib/base/rsyslog/rsyslog.yaml | 9 + .../base/tripleoclient/tripleoclient.yaml | 16 + container-images/tripleo_containers.yaml | 231 ++++++++++ scripts/containerfile-converter.py | 245 ++++++++++ 128 files changed, 2544 insertions(+) create mode 100644 container-images/kolla/base/httpd_setup.sh create mode 100644 container-images/kolla/base/set_configs.py create mode 100644 container-images/kolla/base/start.sh create mode 100644 container-images/kolla/base/sudoers create mode 100644 container-images/kolla/glance-api/extend_start.sh create mode 100644 container-images/kolla/horizon/extend_start.sh create mode 100644 container-images/kolla/iscsid/extend_start.sh create mode 100644 container-images/kolla/keystone/extend_start.sh create mode 100644 container-images/kolla/mariadb/extend_start.sh create mode 100644 container-images/kolla/mariadb/security_reset.expect create mode 100644 container-images/kolla/neutron-base/neutron_sudoers create mode 100755 container-images/kolla/ovn/ovn-nb-db-server/start_nb_db_server.sh create mode 100755 container-images/kolla/ovn/ovn-sb-db-server/start_sb_db_server.sh create mode 100644 container-images/kolla/rabbitmq/extend_start.sh create mode 100644 container-images/kolla/swift-base/swift-rootwrap create mode 100644 container-images/kolla/swift-base/swift-sudoers create mode 100644 container-images/kolla/tripleoclient/create_super_user.sh create mode 100644 container-images/tcib/base/base.yaml create mode 100644 container-images/tcib/base/collectd/collectd.yaml create mode 100644 container-images/tcib/base/cron/cron.yaml create mode 100644 container-images/tcib/base/etcd/etcd.yaml create mode 100644 container-images/tcib/base/haproxy/haproxy.yaml create mode 100644 container-images/tcib/base/keepalived/keepalived.yaml create mode 100644 container-images/tcib/base/mariadb/mariadb.yaml create mode 100644 container-images/tcib/base/memcached/memcached.yaml create mode 100644 container-images/tcib/base/multipathd/multipathd.yaml create mode 100644 container-images/tcib/base/os/aodh-base/aodh-api/aodh-api.yaml create mode 100644 container-images/tcib/base/os/aodh-base/aodh-base.yaml create mode 100644 container-images/tcib/base/os/aodh-base/aodh-evaluator/aodh-evaluator.yaml create mode 100644 container-images/tcib/base/os/aodh-base/aodh-listener/aodh-listener.yaml create mode 100644 container-images/tcib/base/os/aodh-base/aodh-notifier/aodh-notifier.yaml create mode 100644 container-images/tcib/base/os/barbican-base/barbican-api/barbican-api.yaml create mode 100644 container-images/tcib/base/os/barbican-base/barbican-base.yaml create mode 100644 container-images/tcib/base/os/barbican-base/barbican-keystone-listener/barbican-keystone-listener.yaml create mode 100644 container-images/tcib/base/os/barbican-base/barbican-worker/barbican-worker.yaml create mode 100644 container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml create mode 100644 container-images/tcib/base/os/ceilometer-base/ceilometer-central/ceilometer-central.yaml create mode 100644 container-images/tcib/base/os/ceilometer-base/ceilometer-compute/ceilometer-compute.yaml create mode 100644 container-images/tcib/base/os/ceilometer-base/ceilometer-ipmi/ceilometer-ipmi.yaml create mode 100644 container-images/tcib/base/os/ceilometer-base/ceilometer-notification/ceilometer-notification.yaml create mode 100644 container-images/tcib/base/os/cinder-base/cinder-api/cinder-api.yaml create mode 100644 container-images/tcib/base/os/cinder-base/cinder-backup/cinder-backup.yaml create mode 100644 container-images/tcib/base/os/cinder-base/cinder-base.yaml create mode 100644 container-images/tcib/base/os/cinder-base/cinder-scheduler/cinder-scheduler.yaml create mode 100644 container-images/tcib/base/os/cinder-base/cinder-volume/cinder-volume.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-api/designate-api.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-backend-bind9/designate-backend-bind9.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-base.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-central/designate-central.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-mdns/designate-mdns.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-producer/designate-producer.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-sink/designate-sink.yaml create mode 100644 container-images/tcib/base/os/designate-base/designate-worker/designate-worker.yaml create mode 100644 container-images/tcib/base/os/glance-api/glance-api.yaml create mode 100644 container-images/tcib/base/os/gnocchi-base/gnocchi-api/gnocchi-api.yaml create mode 100644 container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml create mode 100644 container-images/tcib/base/os/gnocchi-base/gnocchi-metricd/gnocchi-metricd.yaml create mode 100644 container-images/tcib/base/os/gnocchi-base/gnocchi-statsd/gnocchi-statsd.yaml create mode 100644 container-images/tcib/base/os/heat-base/heat-all/heat-all.yaml create mode 100644 container-images/tcib/base/os/heat-base/heat-api-cfn/heat-api-cfn.yaml create mode 100644 container-images/tcib/base/os/heat-base/heat-api/heat-api.yaml create mode 100644 container-images/tcib/base/os/heat-base/heat-base.yaml create mode 100644 container-images/tcib/base/os/heat-base/heat-engine/heat-engine.yaml create mode 100644 container-images/tcib/base/os/horizon/horizon.yaml create mode 100644 container-images/tcib/base/os/ironic-base/ironic-api/ironic-api.yaml create mode 100644 container-images/tcib/base/os/ironic-base/ironic-base.yaml create mode 100644 container-images/tcib/base/os/ironic-base/ironic-conductor/ironic-conductor.yaml create mode 100644 container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml create mode 100644 container-images/tcib/base/os/ironic-base/ironic-pxe/ironic-pxe.yaml create mode 100644 container-images/tcib/base/os/iscsid/iscsid.yaml create mode 100644 container-images/tcib/base/os/keystone/keystone.yaml create mode 100644 container-images/tcib/base/os/manila-base/manila-api/manila-api.yaml create mode 100644 container-images/tcib/base/os/manila-base/manila-base.yaml create mode 100644 container-images/tcib/base/os/manila-base/manila-scheduler/manila-scheduler.yaml create mode 100644 container-images/tcib/base/os/manila-base/manila-share/manila-share.yaml create mode 100644 container-images/tcib/base/os/mistral-base/mistral-api/mistral-api.yaml create mode 100644 container-images/tcib/base/os/mistral-base/mistral-base.yaml create mode 100644 container-images/tcib/base/os/mistral-base/mistral-engine/mistral-engine.yaml create mode 100644 container-images/tcib/base/os/mistral-base/mistral-event-engine/mistral-event-engine.yaml create mode 100644 container-images/tcib/base/os/mistral-base/mistral-executor/mistral-executor.yaml create mode 100644 container-images/tcib/base/os/neutron-base/ironic-neutron-agent/ironic-neutron-agent.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-agent-base.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-dhcp-agent/neutron-dhcp-agent.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-l3-agent/neutron-l3-agent.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-metadata-agent-ovn/neutron-metadata-agent-ovn.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-base.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-metadata-agent/neutron-metadata-agent.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-openvswitch-agent/neutron-openvswitch-agent.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-server-ovn/neutron-server-ovn.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-server/neutron-server.yaml create mode 100644 container-images/tcib/base/os/neutron-base/neutron-sriov-agent/neutron-sriov-agent.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-api/nova-api.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-base.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-compute-ironic/nova-compute-ironic.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-compute/nova-compute.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-conductor/nova-conductor.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-libvirt/nova-libvirt.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-novncproxy/nova-novncproxy.yaml create mode 100644 container-images/tcib/base/os/nova-base/nova-scheduler/nova-scheduler.yaml create mode 100644 container-images/tcib/base/os/novajoin-base/novajoin-base.yaml create mode 100644 container-images/tcib/base/os/novajoin-base/novajoin-notifier/novajoin-notifier.yaml create mode 100644 container-images/tcib/base/os/novajoin-base/novajoin-server/novajoin-server.yaml create mode 100644 container-images/tcib/base/os/octavia-base/octavia-api/octavia-api.yaml create mode 100644 container-images/tcib/base/os/octavia-base/octavia-base.yaml create mode 100644 container-images/tcib/base/os/octavia-base/octavia-health-manager/octavia-health-manager.yaml create mode 100644 container-images/tcib/base/os/octavia-base/octavia-housekeeping/octavia-housekeeping.yaml create mode 100644 container-images/tcib/base/os/octavia-base/octavia-worker/octavia-worker.yaml create mode 100644 container-images/tcib/base/os/os.yaml create mode 100644 container-images/tcib/base/os/placement-api/placement-api.yaml create mode 100644 container-images/tcib/base/os/swift-base/swift-account/swift-account.yaml create mode 100644 container-images/tcib/base/os/swift-base/swift-base.yaml create mode 100644 container-images/tcib/base/os/swift-base/swift-container/swift-container.yaml create mode 100644 container-images/tcib/base/os/swift-base/swift-object/swift-object.yaml create mode 100644 container-images/tcib/base/os/swift-base/swift-proxy-server/swift-proxy-server.yaml create mode 100644 container-images/tcib/base/os/tempest/tempest.yaml create mode 100644 container-images/tcib/base/os/zaqar-wsgi/zaqar-wsgi.yaml create mode 100644 container-images/tcib/base/ovn-base/ovn-base.yaml create mode 100644 container-images/tcib/base/ovn-base/ovn-controller/ovn-controller.yaml create mode 100644 container-images/tcib/base/ovn-base/ovn-nb-db-server/ovn-nb-db-server.yaml create mode 100644 container-images/tcib/base/ovn-base/ovn-northd/ovn-northd.yaml create mode 100644 container-images/tcib/base/ovn-base/ovn-sb-db-server/ovn-sb-db-server.yaml create mode 100644 container-images/tcib/base/qdrouterd/qdrouterd.yaml create mode 100644 container-images/tcib/base/rabbitmq/rabbitmq.yaml create mode 100644 container-images/tcib/base/redis/redis.yaml create mode 100644 container-images/tcib/base/rsyslog/rsyslog.yaml create mode 100644 container-images/tcib/base/tripleoclient/tripleoclient.yaml create mode 100644 container-images/tripleo_containers.yaml create mode 100755 scripts/containerfile-converter.py diff --git a/container-images/kolla/base/httpd_setup.sh b/container-images/kolla/base/httpd_setup.sh new file mode 100644 index 000000000..c5effa785 --- /dev/null +++ b/container-images/kolla/base/httpd_setup.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# This script performs setup necessary to run the Apache httpd web server. +# It should be sourced rather than executed as environment variables are set. + +# Assume the service runs on top of Apache httpd when user is root. +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + + # CentOS 8 has an issue with mod_ssl which produces an invalid Apache + # configuration in /etc/httpd/conf.d/ssl.conf. This causes the following error + # on startup: + # SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty + # Work around this by generating certificates manually. + if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then + /usr/libexec/httpd-ssl-gencerts + fi +fi diff --git a/container-images/kolla/base/set_configs.py b/container-images/kolla/base/set_configs.py new file mode 100644 index 000000000..5f030866f --- /dev/null +++ b/container-images/kolla/base/set_configs.py @@ -0,0 +1,436 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import glob +import grp +import json +import logging +import os +import pwd +import shutil +import sys + + +# TODO(rhallisey): add docstring. +logging.basicConfig() +LOG = logging.getLogger(__name__) +LOG.setLevel(logging.INFO) + + +class ExitingException(Exception): + def __init__(self, message, exit_code=1): + super(ExitingException, self).__init__(message) + self.exit_code = exit_code + + +class ImmutableConfig(ExitingException): + pass + + +class InvalidConfig(ExitingException): + pass + + +class MissingRequiredSource(ExitingException): + pass + + +class UserNotFound(ExitingException): + pass + + +class ConfigFileBadState(ExitingException): + pass + + +class ConfigFile(object): + + def __init__(self, source, dest, owner=None, perm=None, optional=False, + preserve_properties=False, merge=False): + self.source = source + self.dest = dest + self.owner = owner + self.perm = perm + self.optional = optional + self.merge = merge + self.preserve_properties = preserve_properties + + def __str__(self): + return ''.format(self.source, + self.dest) + + def _copy_file(self, source, dest): + self._delete_path(dest) + # dest endswith / means copy the to folder + LOG.info('Copying %s to %s', source, dest) + if self.merge and self.preserve_properties and os.path.islink(source): + link_target = os.readlink(source) + os.symlink(link_target, dest) + else: + shutil.copy(source, dest) + self._set_properties(source, dest) + + def _merge_directories(self, source, dest): + if os.path.isdir(source): + if os.path.lexists(dest) and not os.path.isdir(dest): + self._delete_path(dest) + if not os.path.isdir(dest): + LOG.info('Creating directory %s', dest) + os.makedirs(dest) + self._set_properties(source, dest) + + dir_content = os.listdir(source) + for to_copy in dir_content: + self._merge_directories(os.path.join(source, to_copy), + os.path.join(dest, to_copy)) + else: + self._copy_file(source, dest) + + def _delete_path(self, path): + if not os.path.lexists(path): + return + LOG.info('Deleting %s', path) + if os.path.isdir(path): + shutil.rmtree(path) + else: + os.remove(path) + + def _create_parent_dirs(self, path): + parent_path = os.path.dirname(path) + if not os.path.exists(parent_path): + os.makedirs(parent_path) + + def _set_properties(self, source, dest): + if self.preserve_properties: + self._set_properties_from_file(source, dest) + else: + self._set_properties_from_conf(dest) + + def _set_properties_from_file(self, source, dest): + shutil.copystat(source, dest) + stat = os.stat(source) + os.chown(dest, stat.st_uid, stat.st_gid) + + def _set_properties_from_conf(self, path): + config = {'permissions': + [{'owner': self.owner, 'path': path, 'perm': self.perm}]} + handle_permissions(config) + + def copy(self): + + sources = glob.glob(self.source) + + if not self.optional and not sources: + raise MissingRequiredSource('%s file is not found' % self.source) + # skip when there is no sources and optional + elif self.optional and not sources: + return + + for source in sources: + dest = self.dest + # dest endswith / means copy the into folder, + # otherwise means copy the source to dest + if dest.endswith(os.sep): + dest = os.path.join(dest, os.path.basename(source)) + if not self.merge: + self._delete_path(dest) + self._create_parent_dirs(dest) + try: + self._merge_directories(source, dest) + except OSError: + # If a source is tried to merge with a read-only mount, it + # may throw an OSError. Because we don't print the source or + # dest anywhere, let's catch the exception and log a better + # message to help with tracking down the issue. + LOG.error('Unable to merge %s with %s', source, dest) + raise + + def _cmp_file(self, source, dest): + # check exsit + if (os.path.exists(source) and + not self.optional and + not os.path.exists(dest)): + return False + # check content + with open(source) as f1, open(dest) as f2: + if f1.read() != f2.read(): + LOG.error('The content of source file(%s) and' + ' dest file(%s) are not equal.', source, dest) + return False + # check perm + file_stat = os.stat(dest) + actual_perm = oct(file_stat.st_mode)[-4:] + if self.perm != actual_perm: + LOG.error('Dest file does not have expected perm: %s, actual: %s', + self.perm, actual_perm) + return False + # check owner + desired_user, desired_group = user_group(self.owner) + actual_user = pwd.getpwuid(file_stat.st_uid) + if actual_user.pw_name != desired_user: + LOG.error('Dest file does not have expected user: %s,' + ' actual: %s ', desired_user, actual_user.pw_name) + return False + actual_group = grp.getgrgid(file_stat.st_gid) + if actual_group.gr_name != desired_group: + LOG.error('Dest file does not have expected group: %s,' + ' actual: %s ', desired_group, actual_group.gr_name) + return False + return True + + def _cmp_dir(self, source, dest): + for root, dirs, files in os.walk(source): + for dir_ in dirs: + full_path = os.path.join(root, dir_) + dest_full_path = os.path.join(dest, os.path.relpath(source, + full_path)) + dir_stat = os.stat(dest_full_path) + actual_perm = oct(dir_stat.st_mode)[-4:] + if self.perm != actual_perm: + LOG.error('Dest dir does not have expected perm: %s,' + ' actual %s', self.perm, actual_perm) + return False + for file_ in files: + full_path = os.path.join(root, file_) + dest_full_path = os.path.join(dest, os.path.relpath(source, + full_path)) + if not self._cmp_file(full_path, dest_full_path): + return False + return True + + def check(self): + bad_state_files = [] + sources = glob.glob(self.source) + + if not sources and not self.optional: + raise MissingRequiredSource('%s file is not found' % self.source) + elif self.optional and not sources: + return + + for source in sources: + dest = self.dest + # dest endswith / means copy the into folder, + # otherwise means copy the source to dest + if dest.endswith(os.sep): + dest = os.path.join(dest, os.path.basename(source)) + if os.path.isdir(source) and not self._cmp_dir(source, dest): + bad_state_files.append(source) + elif not self._cmp_file(source, dest): + bad_state_files.append(source) + if len(bad_state_files) != 0: + msg = 'Following files are in bad state: %s' % bad_state_files + raise ConfigFileBadState(msg) + + +def validate_config(config): + required_keys = {'source', 'dest'} + + if 'command' not in config: + raise InvalidConfig('Config is missing required "command" key') + + # Validate config sections + for data in config.get('config_files', list()): + # Verify required keys exist. + if not set(data.keys()) >= required_keys: + message = 'Config is missing required keys: %s' % required_keys + raise InvalidConfig(message) + if ('owner' not in data or 'perm' not in data) \ + and not data.get('preserve_properties', False): + raise InvalidConfig( + 'Config needs preserve_properties or owner and perm') + + +def validate_source(data): + source = data.get('source') + + # Only check existence if no wildcard found + if '*' not in source: + if not os.path.exists(source): + if data.get('optional'): + LOG.info("%s does not exist, but is not required", source) + return False + else: + raise MissingRequiredSource( + "The source to copy does not exist: %s" % source) + + return True + + +def load_config(): + def load_from_env(): + config_raw = os.environ.get("KOLLA_CONFIG") + if config_raw is None: + return None + + # Attempt to read config + try: + return json.loads(config_raw) + except ValueError: + raise InvalidConfig('Invalid json for Kolla config') + + def load_from_file(): + config_file = os.environ.get("KOLLA_CONFIG_FILE") + if not config_file: + config_file = '/var/lib/kolla/config_files/config.json' + LOG.info("Loading config file at %s", config_file) + + # Attempt to read config file + with open(config_file) as f: + try: + return json.load(f) + except ValueError: + raise InvalidConfig( + "Invalid json file found at %s" % config_file) + except IOError as e: + raise InvalidConfig( + "Could not read file %s: %r" % (config_file, e)) + + config = load_from_env() + if config is None: + config = load_from_file() + + LOG.info('Validating config file') + validate_config(config) + return config + + +def copy_config(config): + if 'config_files' in config: + LOG.info('Copying service configuration files') + for data in config['config_files']: + config_file = ConfigFile(**data) + config_file.copy() + else: + LOG.debug('No files to copy found in config') + + LOG.info('Writing out command to execute') + LOG.debug("Command is: %s", config['command']) + # The value from the 'command' key will be written to '/run_command' + cmd = '/run_command' + with open(cmd, 'w+') as f: + f.write(config['command']) + # Make sure the generated file is readable by all users + try: + os.chmod(cmd, 0o644) + except OSError: + LOG.exception('Failed to set permission of %s to 0o644', cmd) + + +def user_group(owner): + if ':' in owner: + user, group = owner.split(':', 1) + if not group: + group = user + else: + user, group = owner, owner + return user, group + + +def handle_permissions(config): + for permission in config.get('permissions', list()): + path = permission.get('path') + owner = permission.get('owner') + recurse = permission.get('recurse', False) + perm = permission.get('perm') + + desired_user, desired_group = user_group(owner) + uid = pwd.getpwnam(desired_user).pw_uid + gid = grp.getgrnam(desired_group).gr_gid + + def set_perms(path, uid, gid, perm): + LOG.info('Setting permission for %s', path) + if not os.path.exists(path): + LOG.warning('%s does not exist', path) + return + + try: + os.chown(path, uid, gid) + except OSError: + LOG.exception('Failed to change ownership of %s to %s:%s', + path, uid, gid) + + if perm: + # NOTE(Jeffrey4l): py3 need '0oXXX' format for octal literals, + # and py2 support such format too. + if len(perm) == 4 and perm[1] != 'o': + perm = ''.join([perm[:1], 'o', perm[1:]]) + perm = int(perm, base=0) + + try: + os.chmod(path, perm) + except OSError: + LOG.exception('Failed to set permission of %s to %s', + path, perm) + + for dest in glob.glob(path): + set_perms(dest, uid, gid, perm) + if recurse and os.path.isdir(dest): + for root, dirs, files in os.walk(dest): + for dir_ in dirs: + set_perms(os.path.join(root, dir_), uid, gid, perm) + for file_ in files: + set_perms(os.path.join(root, file_), uid, gid, perm) + + +def execute_config_strategy(config): + config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY") + LOG.info("Kolla config strategy set to: %s", config_strategy) + if config_strategy == "COPY_ALWAYS": + copy_config(config) + handle_permissions(config) + elif config_strategy == "COPY_ONCE": + if os.path.exists('/configured'): + raise ImmutableConfig( + "The config strategy prevents copying new configs", + exit_code=0) + else: + copy_config(config) + handle_permissions(config) + os.mknod('/configured') + else: + raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly') + + +def execute_config_check(config): + for data in config['config_files']: + config_file = ConfigFile(**data) + config_file.check() + + +def main(): + try: + parser = argparse.ArgumentParser() + parser.add_argument('--check', + action='store_true', + required=False, + help='Check whether the configs changed') + args = parser.parse_args() + config = load_config() + + if args.check: + execute_config_check(config) + else: + execute_config_strategy(config) + except ExitingException as e: + LOG.error("%s: %s", e.__class__.__name__, e) + return e.exit_code + except Exception: + LOG.exception('Unexpected error:') + return 2 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/container-images/kolla/base/start.sh b/container-images/kolla/base/start.sh new file mode 100644 index 000000000..34a6e5397 --- /dev/null +++ b/container-images/kolla/base/start.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -o errexit +set -o xtrace + +# Processing /var/lib/kolla/config_files/config.json as root. This is necessary +# to permit certain files to be controlled by the root user which should +# not be writable by the dropped-privileged user, especially /run_command +sudo -E kolla_set_configs +CMD=$(cat /run_command) +ARGS="" + +if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then + # Run additional commands if present + . kolla_extend_start +fi + +echo "Running command: '${CMD}${ARGS:+ $ARGS}'" +exec ${CMD} ${ARGS} diff --git a/container-images/kolla/base/sudoers b/container-images/kolla/base/sudoers new file mode 100644 index 000000000..76baefcb0 --- /dev/null +++ b/container-images/kolla/base/sudoers @@ -0,0 +1,18 @@ +# The idea here is a container service adds their UID to the kolla group +# via usermod -a -G kolla . Then the kolla_start may run +# kolla_set_configs via sudo as the root user which is necessary to protect +# the immutability of the container + +# anyone in the kolla group may sudo -E (set the environment) +Defaults: %kolla setenv + +# root may run any commands via sudo as the network seervice user. This is +# neededfor database migrations of existing services which have not been +# converted to run as a non-root user, but instead do that via sudo -E glance +root ALL=(ALL) ALL + +# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the +# root user via sudo without password confirmation +%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs + +#includedir /etc/sudoers.d diff --git a/container-images/kolla/glance-api/extend_start.sh b/container-images/kolla/glance-api/extend_start.sh new file mode 100644 index 000000000..3d8d7f512 --- /dev/null +++ b/container-images/kolla/glance-api/extend_start.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + glance-manage db_sync + glance-manage db_load_metadefs + exit 0 +fi diff --git a/container-images/kolla/horizon/extend_start.sh b/container-images/kolla/horizon/extend_start.sh new file mode 100644 index 000000000..f4db52a33 --- /dev/null +++ b/container-images/kolla/horizon/extend_start.sh @@ -0,0 +1,126 @@ +#!/bin/bash + +set -o errexit + +FORCE_GENERATE="${FORCE_GENERATE}" +HASH_PATH=/var/lib/kolla/.settings.md5sum.txt +MANAGE_PY="/usr/bin/python${KOLLA_DISTRO_PYTHON_VERSION} /usr/bin/manage.py" + +if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then + CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py" + if [[ ! -L ${CUSTOM_SETTINGS_FILE} ]]; then + ln -s /etc/openstack-dashboard/custom_local_settings ${CUSTOM_SETTINGS_FILE} + fi +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + $MANAGE_PY migrate --noinput + exit 0 +fi + +function config_dashboard { + ENABLE=$1 + SRC=$2 + DEST=$3 + if [[ ! -f ${SRC} ]]; then + echo "WARNING: ${SRC} is required" + elif [[ "${ENABLE}" == "yes" ]] && [[ ! -f "${DEST}" ]]; then + cp -a "${SRC}" "${DEST}" + FORCE_GENERATE="yes" + elif [[ "${ENABLE}" != "yes" ]] && [[ -f "${DEST}" ]]; then + # remove pyc pyo files too + rm -f "${DEST}" "${DEST}c" "${DEST}o" + FORCE_GENERATE="yes" + fi +} + +function config_designate_dashboard { + for file in ${SITE_PACKAGES}/designatedashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_DESIGNATE}" \ + "${SITE_PACKAGES}/designatedashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_heat_dashboard { + for file in ${SITE_PACKAGES}/heat_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_HEAT}" \ + "${SITE_PACKAGES}/heat_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_HEAT}" \ + "${SITE_PACKAGES}/heat_dashboard/conf/heat_policy.json" \ + "/etc/openstack-dashboard/heat_policy.json" +} + +function config_ironic_dashboard { + for file in ${SITE_PACKAGES}/ironic_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_IRONIC}" \ + "${SITE_PACKAGES}/ironic_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_manila_ui { + for file in ${SITE_PACKAGES}/manila_ui/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MANILA}" \ + "${SITE_PACKAGES}/manila_ui/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_octavia_dashboard { + config_dashboard "${ENABLE_OCTAVIA}" \ + "${SITE_PACKAGES}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py" +} + +function config_sahara_dashboard { + for file in ${SITE_PACKAGES}/sahara_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SAHARA}" \ + "${SITE_PACKAGES}/sahara_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +# Regenerate the compressed javascript and css if any configuration files have +# changed. Use a static modification date when generating the tarball +# so that we only trigger on content changes. +function settings_bundle { + tar -cf- --mtime=1970-01-01 \ + /etc/openstack-dashboard/local_settings \ + /etc/openstack-dashboard/custom_local_settings \ + /etc/openstack-dashboard/local_settings.d 2> /dev/null +} + +function settings_changed { + changed=1 + + if [[ ! -f $HASH_PATH ]] || ! settings_bundle | md5sum -c --status $HASH_PATH || [[ $FORCE_GENERATE == yes ]]; then + changed=0 + fi + + return ${changed} +} + +config_designate_dashboard +config_heat_dashboard +config_ironic_dashboard +config_manila_ui +config_octavia_dashboard +config_sahara_dashboard + +if settings_changed; then + ${MANAGE_PY} collectstatic --noinput --clear + ${MANAGE_PY} compress --force + settings_bundle | md5sum > $HASH_PATH +fi + +if [[ -f ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store ]] && [[ $(stat -c %U ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store) != "horizon" ]]; then + chown horizon ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store +fi + +. /usr/local/bin/kolla_httpd_setup diff --git a/container-images/kolla/iscsid/extend_start.sh b/container-images/kolla/iscsid/extend_start.sh new file mode 100644 index 000000000..78f2317d2 --- /dev/null +++ b/container-images/kolla/iscsid/extend_start.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# check if unique iSCSI initiator name already exists +if [[ ! -f /etc/iscsi/initiatorname.iscsi ]]; then + echo "Generating new iSCSI initiator name" + echo InitiatorName=$(/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi +fi diff --git a/container-images/kolla/keystone/extend_start.sh b/container-images/kolla/keystone/extend_start.sh new file mode 100644 index 000000000..98571ebc6 --- /dev/null +++ b/container-images/kolla/keystone/extend_start.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Create log dir for Keystone logs +KEYSTONE_LOG_DIR="/var/log/keystone" +if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then + mkdir -p ${KEYSTONE_LOG_DIR} +fi +if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then + chown keystone:kolla ${KEYSTONE_LOG_DIR} +fi +if [ ! -f "${KEYSTONE_LOG_DIR}/keystone.log" ]; then + touch ${KEYSTONE_LOG_DIR}/keystone.log +fi +if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}/keystone.log) != "keystone:keystone" ]]; then + chown keystone:keystone ${KEYSTONE_LOG_DIR}/keystone.log +fi +if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then + chmod 755 ${KEYSTONE_LOG_DIR} +fi + +EXTRA_KEYSTONE_MANAGE_ARGS=${EXTRA_KEYSTONE_MANAGE_ARGS-} +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync + exit 0 +fi + +. /usr/local/bin/kolla_httpd_setup + +ARGS="-DFOREGROUND" diff --git a/container-images/kolla/mariadb/extend_start.sh b/container-images/kolla/mariadb/extend_start.sh new file mode 100644 index 000000000..24356ee91 --- /dev/null +++ b/container-images/kolla/mariadb/extend_start.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +function bootstrap_db { + mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid & + # Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout + # NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions. + # Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid. + TIMEOUT=${DB_MAX_TIMEOUT:-60} + while [[ ! -S /var/lib/mysql/mysql.sock ]] && \ + [[ ! -S /var/run/mysqld/mysqld.sock ]] || \ + [[ ! -f /var/lib/mysql/mariadb.pid ]]; do + if [[ ${TIMEOUT} -gt 0 ]]; then + let TIMEOUT-=1 + sleep 1 + else + exit 1 + fi + done + + sudo -E kolla_security_reset + mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" + mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" + mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown +} + +# This catches all cases of the BOOTSTRAP variable being set, including empty +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + mysql_install_db + bootstrap_db + exit 0 +fi + +if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then + ARGS="${BOOTSTRAP_ARGS}" +fi diff --git a/container-images/kolla/mariadb/security_reset.expect b/container-images/kolla/mariadb/security_reset.expect new file mode 100644 index 000000000..6d2755e4d --- /dev/null +++ b/container-images/kolla/mariadb/security_reset.expect @@ -0,0 +1,58 @@ +#!/usr/bin/expect -f + +if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10} +spawn mysql_secure_installation +expect { + timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } + "Enter current password for root (enter for none):" +} +send "\r" +expect { + timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } + "Set root password?" +} +send "y\r" +expect { + timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } + "New password:" +} +send "$env(DB_ROOT_PASSWORD)\r" + +expect { + timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } + "Re-enter new password:" +} +send "$env(DB_ROOT_PASSWORD)\r" + +expect { + timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } + "Remove anonymous users?" +} +send "y\r" + +expect { + timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } + "Disallow root login remotely?" +} +send "n\r" + +expect { + timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } + "Remove test database and access to it?" +} +send "y\r" + +expect { + timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } + "Reload privilege tables now?" +} +send "y\r" +expect eof diff --git a/container-images/kolla/neutron-base/neutron_sudoers b/container-images/kolla/neutron-base/neutron_sudoers new file mode 100644 index 000000000..7a7252e50 --- /dev/null +++ b/container-images/kolla/neutron-base/neutron_sudoers @@ -0,0 +1,6 @@ +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf +neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy +neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy +neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables +neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables diff --git a/container-images/kolla/ovn/ovn-nb-db-server/start_nb_db_server.sh b/container-images/kolla/ovn/ovn-nb-db-server/start_nb_db_server.sh new file mode 100755 index 000000000..d08dd2890 --- /dev/null +++ b/container-images/kolla/ovn/ovn-nb-db-server/start_nb_db_server.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# All the option passed to this script will be +# passed to the ovn-ctl script. Please see the options +# supported by ovn-ctl script - +# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl +args=$@ + +# Use ovn-ctl script to start ovn NB db server as it +# takes care of creating the db file from the schema +# file if the db file is not present. It also takes care +# of updating the db file if the schema file is updated. + +# Check for the presence of ovn-ctl script in two locations. +# If latest OVN is used (post split from openvswitch), +# then the new location for the ovn-ctl script is +# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is +# /usr/share/openvswitch/scripts/ovn-ctl. + +if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then + set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor +elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then + set /usr/share/ovn/scripts/ovn-ctl --no-monitor +else + exit 1 +fi + +$@ $args run_nb_ovsdb diff --git a/container-images/kolla/ovn/ovn-sb-db-server/start_sb_db_server.sh b/container-images/kolla/ovn/ovn-sb-db-server/start_sb_db_server.sh new file mode 100755 index 000000000..ef39b8d25 --- /dev/null +++ b/container-images/kolla/ovn/ovn-sb-db-server/start_sb_db_server.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# All the option passed to this script will be +# passed to the ovn-ctl script. Please see the options +# supported by ovn-ctl script - +# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl +args=$@ + +# Use ovn-ctl script to start ovn SB db server as it +# takes care of creating the db file from the schema +# file if the db file is not present. It also takes care +# of updating the db file if the schema file is updated. + +# Check for the presence of ovn-ctl script in two locations. +# If latest OVN is used (post split from openvswitch), +# then the new location for the ovn-ctl script is +# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is +# /usr/share/openvswitch/scripts/ovn-ctl. + + +if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then + set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor +elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then + set /usr/share/ovn/scripts/ovn-ctl --no-monitor +else + exit 1 +fi + +$@ $args run_sb_ovsdb diff --git a/container-images/kolla/rabbitmq/extend_start.sh b/container-images/kolla/rabbitmq/extend_start.sh new file mode 100644 index 000000000..858d3aa16 --- /dev/null +++ b/container-images/kolla/rabbitmq/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + +# NOTE(sbezverk): In kubernetes environment, if this file exists from previous +# bootstrap, the system does not allow to overwrite it (it bootstrap files with +# permission denied error) but it allows to delete it and then recreate it. + if [[ -e "/var/lib/rabbitmq/.erlang.cookie" ]]; then + rm -f /var/lib/rabbitmq/.erlang.cookie + fi + echo "${RABBITMQ_CLUSTER_COOKIE}" > /var/lib/rabbitmq/.erlang.cookie + chmod 400 /var/lib/rabbitmq/.erlang.cookie + exit 0 +fi diff --git a/container-images/kolla/swift-base/swift-rootwrap b/container-images/kolla/swift-base/swift-rootwrap new file mode 100644 index 000000000..5fe6099a5 --- /dev/null +++ b/container-images/kolla/swift-base/swift-rootwrap @@ -0,0 +1,10 @@ +#!/usr/bin/python3 +# PBR Generated from u'console_scripts' + +import sys + +from oslo_rootwrap.cmd import main + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/container-images/kolla/swift-base/swift-sudoers b/container-images/kolla/swift-base/swift-sudoers new file mode 100644 index 000000000..f60e2260b --- /dev/null +++ b/container-images/kolla/swift-base/swift-sudoers @@ -0,0 +1,2 @@ +swift ALL=(root) NOPASSWD: /bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+ +swift ALL=(root) NOPASSWD: /usr/bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+ diff --git a/container-images/kolla/tripleoclient/create_super_user.sh b/container-images/kolla/tripleoclient/create_super_user.sh new file mode 100644 index 000000000..7bdefbc18 --- /dev/null +++ b/container-images/kolla/tripleoclient/create_super_user.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# This is a useful entrypoint/cmd if you wish to run commands in a container +# in an existing users $HOME directory +# For example: podman run -ti -e USER=stack -e UID=1000 --privileged=true --volume=/home/stack/:/home/stack/ tripleoclient:latest /usr/local/bin/create_super_user.sh + +if [ -n "$USER" -a -n "$UID" ]; then + useradd "$USER" -u "$UID" -M +cat >> /etc/sudoers <- + dnf install -y crudini && + crudini --del /etc/dnf/dnf.conf main override_install_langs && + crudini --set /etc/dnf/dnf.conf main clean_requirements_on_remove True && + crudini --set /etc/dnf/dnf.conf main exactarch 1 && + crudini --set /etc/dnf/dnf.conf main gpgcheck 1 && + crudini --set /etc/dnf/dnf.conf main install_weak_deps False && + crudini --set /etc/dnf/dnf.conf main installonly_limit 0 && + crudini --set /etc/dnf/dnf.conf main keepcache 0 && + crudini --set /etc/dnf/dnf.conf main obsoletes 1 && + crudini --set /etc/dnf/dnf.conf main plugins 1 && + crudini --set /etc/dnf/dnf.conf main skip_missing_names_on_install False && + crudini --set /etc/dnf/dnf.conf main tsflags nodocs +- run: groupadd --force --gid 42400 kolla && useradd -l -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla +- run: touch /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start +- copy: /usr/share/tripleo-common/container-images/kolla/base/set_configs.py /usr/local/bin/kolla_set_configs +- run: chmod 755 /usr/local/bin/kolla_set_configs +- copy: /usr/share/tripleo-common/container-images/kolla/base/start.sh /usr/local/bin/kolla_start +- run: chmod 755 /usr/local/bin/kolla_start +- copy: /usr/share/tripleo-common/container-images/kolla/base/httpd_setup.sh /usr/local/bin/kolla_httpd_setup +- run: chmod 755 /usr/local/bin/kolla_httpd_setup +- copy: /usr/share/tripleo-common/container-images/kolla/base/sudoers /etc/sudoers +- run: chmod 440 /etc/sudoers +- run: sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth +- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} +- run: mkdir -p /openstack +- run: dnf update -y && dnf clean all && rm -rf /var/cache/dnf +tcib_cmd: kolla_start +tcib_entrypoint: dumb-init --single-child -- +tcib_envs: + LANG: en_US.UTF-8 + container: oci +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/base/*'', wantlist=True) }}' +tcib_labels: + maintainer: OpenStack TripleO team +tcib_packages: + common: + - ca-certificates + - curl + - dumb-init + - glibc-langpack-en + - iscsi-initiator-utils + - openstack-selinux + - openstack-tripleo-common-container-base + - procps-ng + - python3 + - rsync + - socat + - sudo + - tar + - util-linux-user +tcib_stopsignal: SIGTERM diff --git a/container-images/tcib/base/collectd/collectd.yaml b/container-images/tcib/base/collectd/collectd.yaml new file mode 100644 index 000000000..5c9cbe50d --- /dev/null +++ b/container-images/tcib/base/collectd/collectd.yaml @@ -0,0 +1,64 @@ +tcib_actions: +- run: >- + if [ '{{ tcib_distro }}' == 'rhel' ]; then + {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %} + fi +- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi +- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /var/lib/collectd && useradd -d /var/lib/collectd -l -M --shell /usr/sbin/nologin collectd && chown collectd:collectd /var/lib/collectd +- run: chown -R collectd /var/lib/collectd && chown -R collectd /etc/collectd* && chown -R collectd /var/run/ +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - collectd + - collectd-amqp1 + - collectd-apache + - collectd-bind + - collectd-ceph + - collectd-chrony + - collectd-connectivity + - collectd-curl + - collectd-curl_json + - collectd-curl_xml + - collectd-dbi + - collectd-disk + - collectd-dns + - collectd-generic-jmx + - collectd-ipmi + - collectd-iptables + - collectd-log_logstash + - collectd-mcelog + - collectd-memcachec + - collectd-mysql + - collectd-netlink + - collectd-openldap + - collectd-ovs-events + - collectd-ovs-stats + - collectd-ping + - collectd-procevent + - collectd-python + - collectd-sensors + - collectd-sensubility + - collectd-smart + - collectd-snmp + - collectd-snmp-agent + - collectd-sysevent + - collectd-utils + - collectd-virt + - collectd-write_http + - collectd-write_kafka + - collectd-write_prometheus + - python3-collectd-gnocchi + - python3-sqlalchemy-collectd + modules: + - disable: virt:rhel + - enable: virt:8.2 + rhel: + - python3-collectd-rabbitmq-monitoring + x86_64: + - collectd-hugepages + - collectd-pcie-errors + - collectd-pmu + - collectd-rdt + - collectd-turbostat diff --git a/container-images/tcib/base/cron/cron.yaml b/container-images/tcib/base/cron/cron.yaml new file mode 100644 index 000000000..6d45d5d4f --- /dev/null +++ b/container-images/tcib/base/cron/cron.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - cronie + - logrotate diff --git a/container-images/tcib/base/etcd/etcd.yaml b/container-images/tcib/base/etcd/etcd.yaml new file mode 100644 index 000000000..fac2e4bd9 --- /dev/null +++ b/container-images/tcib/base/etcd/etcd.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - etcd +tcib_user: etcd diff --git a/container-images/tcib/base/haproxy/haproxy.yaml b/container-images/tcib/base/haproxy/haproxy.yaml new file mode 100644 index 000000000..eb6536be1 --- /dev/null +++ b/container-images/tcib/base/haproxy/haproxy.yaml @@ -0,0 +1,10 @@ +tcib_actions: +- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - haproxy + - libqb + - pacemaker + - pacemaker-remote + - pcs + - resource-agents diff --git a/container-images/tcib/base/keepalived/keepalived.yaml b/container-images/tcib/base/keepalived/keepalived.yaml new file mode 100644 index 000000000..52352c064 --- /dev/null +++ b/container-images/tcib/base/keepalived/keepalived.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - hostname + - keepalived diff --git a/container-images/tcib/base/mariadb/mariadb.yaml b/container-images/tcib/base/mariadb/mariadb.yaml new file mode 100644 index 000000000..4db555944 --- /dev/null +++ b/container-images/tcib/base/mariadb/mariadb.yaml @@ -0,0 +1,35 @@ +tcib_actions: +- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset' +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start +- run: chmod 755 /usr/local/bin/kolla_extend_start +- run: usermod -a -G kolla {{ tcib_user }} +- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/security_reset.expect /usr/local/bin/kolla_security_reset +- run: chmod 755 /usr/local/bin/kolla_security_reset +- run: rm -rf /var/lib/mysql/* /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf +- run: mkdir -p /etc/libqb +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mariadb /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_cmd: kolla_start +tcib_entrypoint: dumb-init -- +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/mariadb/*'', wantlist=True) }}' +tcib_packages: + common: + - expect + - galera + - hostname + - libqb + - mariadb + - mariadb-backup + - mariadb-server-galera + - mariadb-server-utils + - pacemaker + - pacemaker-remote + - pcs + - resource-agents + - rsync + - tar + - xinetd + modules: + - enable: mariadb:10.3 +tcib_user: mysql diff --git a/container-images/tcib/base/memcached/memcached.yaml b/container-images/tcib/base/memcached/memcached.yaml new file mode 100644 index 000000000..779297155 --- /dev/null +++ b/container-images/tcib/base/memcached/memcached.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla {{ tcib_user }} +- run: mkdir -p /run/memcache && chown -R memcached:memcached /run/memcache +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - memcached +tcib_user: memcached diff --git a/container-images/tcib/base/multipathd/multipathd.yaml b/container-images/tcib/base/multipathd/multipathd.yaml new file mode 100644 index 000000000..ebbee661f --- /dev/null +++ b/container-images/tcib/base/multipathd/multipathd.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/multipathd /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - device-mapper-multipath diff --git a/container-images/tcib/base/os/aodh-base/aodh-api/aodh-api.yaml b/container-images/tcib/base/os/aodh-base/aodh-api/aodh-api.yaml new file mode 100644 index 000000000..32ecbf579 --- /dev/null +++ b/container-images/tcib/base/os/aodh-base/aodh-api/aodh-api.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /var/www/cgi-bin/aodh && chmod 755 /var/www/cgi-bin/aodh && cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/ && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-aodh-api + - python3-ldappool + - python3-mod_wsgi diff --git a/container-images/tcib/base/os/aodh-base/aodh-base.yaml b/container-images/tcib/base/os/aodh-base/aodh-base.yaml new file mode 100644 index 000000000..f0aace632 --- /dev/null +++ b/container-images/tcib/base/os/aodh-base/aodh-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla aodh +tcib_packages: + common: + - openstack-aodh-common diff --git a/container-images/tcib/base/os/aodh-base/aodh-evaluator/aodh-evaluator.yaml b/container-images/tcib/base/os/aodh-base/aodh-evaluator/aodh-evaluator.yaml new file mode 100644 index 000000000..b3160ce7b --- /dev/null +++ b/container-images/tcib/base/os/aodh-base/aodh-evaluator/aodh-evaluator.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-evaluator /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-aodh-evaluator +tcib_user: aodh diff --git a/container-images/tcib/base/os/aodh-base/aodh-listener/aodh-listener.yaml b/container-images/tcib/base/os/aodh-base/aodh-listener/aodh-listener.yaml new file mode 100644 index 000000000..edb186606 --- /dev/null +++ b/container-images/tcib/base/os/aodh-base/aodh-listener/aodh-listener.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-aodh-listener +tcib_user: aodh diff --git a/container-images/tcib/base/os/aodh-base/aodh-notifier/aodh-notifier.yaml b/container-images/tcib/base/os/aodh-base/aodh-notifier/aodh-notifier.yaml new file mode 100644 index 000000000..a0b5c4fc6 --- /dev/null +++ b/container-images/tcib/base/os/aodh-base/aodh-notifier/aodh-notifier.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-notifier /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-aodh-notifier +tcib_user: aodh diff --git a/container-images/tcib/base/os/barbican-base/barbican-api/barbican-api.yaml b/container-images/tcib/base/os/barbican-base/barbican-api/barbican-api.yaml new file mode 100644 index 000000000..0df7e34aa --- /dev/null +++ b/container-images/tcib/base/os/barbican-base/barbican-api/barbican-api.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-barbican-api + - python3-mod_wsgi +tcib_user: barbican diff --git a/container-images/tcib/base/os/barbican-base/barbican-base.yaml b/container-images/tcib/base/os/barbican-base/barbican-base.yaml new file mode 100644 index 000000000..c56a9ce3f --- /dev/null +++ b/container-images/tcib/base/os/barbican-base/barbican-base.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers' +- run: usermod -a -G kolla barbican +tcib_packages: + common: + - openstack-barbican-common diff --git a/container-images/tcib/base/os/barbican-base/barbican-keystone-listener/barbican-keystone-listener.yaml b/container-images/tcib/base/os/barbican-base/barbican-keystone-listener/barbican-keystone-listener.yaml new file mode 100644 index 000000000..10b455b0d --- /dev/null +++ b/container-images/tcib/base/os/barbican-base/barbican-keystone-listener/barbican-keystone-listener.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-keystone-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-barbican-keystone-listener +tcib_user: barbican diff --git a/container-images/tcib/base/os/barbican-base/barbican-worker/barbican-worker.yaml b/container-images/tcib/base/os/barbican-base/barbican-worker/barbican-worker.yaml new file mode 100644 index 000000000..727c88311 --- /dev/null +++ b/container-images/tcib/base/os/barbican-base/barbican-worker/barbican-worker.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-worker /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-barbican-worker +tcib_user: barbican diff --git a/container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml b/container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml new file mode 100644 index 000000000..ce6819b3a --- /dev/null +++ b/container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla ceilometer +tcib_packages: + common: + - openstack-ceilometer-common + - python3-oslo-db + - python3-panko + - python3-tooz diff --git a/container-images/tcib/base/os/ceilometer-base/ceilometer-central/ceilometer-central.yaml b/container-images/tcib/base/os/ceilometer-base/ceilometer-central/ceilometer-central.yaml new file mode 100644 index 000000000..f1ea49975 --- /dev/null +++ b/container-images/tcib/base/os/ceilometer-base/ceilometer-central/ceilometer-central.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-central /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-ceilometer-central + modules: + - disable: virt:rhel + - enable: virt:8.2 +tcib_user: ceilometer diff --git a/container-images/tcib/base/os/ceilometer-base/ceilometer-compute/ceilometer-compute.yaml b/container-images/tcib/base/os/ceilometer-base/ceilometer-compute/ceilometer-compute.yaml new file mode 100644 index 000000000..4f0c319ec --- /dev/null +++ b/container-images/tcib/base/os/ceilometer-base/ceilometer-compute/ceilometer-compute.yaml @@ -0,0 +1,10 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-ceilometer-compute + modules: + - disable: virt:rhel + - enable: virt:8.2 diff --git a/container-images/tcib/base/os/ceilometer-base/ceilometer-ipmi/ceilometer-ipmi.yaml b/container-images/tcib/base/os/ceilometer-base/ceilometer-ipmi/ceilometer-ipmi.yaml new file mode 100644 index 000000000..c52e3d65c --- /dev/null +++ b/container-images/tcib/base/os/ceilometer-base/ceilometer-ipmi/ceilometer-ipmi.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-ipmi /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-ceilometer-ipmi + modules: + - disable: virt:rhel + - enable: virt:8.2 +tcib_user: ceilometer diff --git a/container-images/tcib/base/os/ceilometer-base/ceilometer-notification/ceilometer-notification.yaml b/container-images/tcib/base/os/ceilometer-base/ceilometer-notification/ceilometer-notification.yaml new file mode 100644 index 000000000..dbf8e12d3 --- /dev/null +++ b/container-images/tcib/base/os/ceilometer-base/ceilometer-notification/ceilometer-notification.yaml @@ -0,0 +1,8 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-notification /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-ceilometer-notification + - python3-pyngus +tcib_user: ceilometer diff --git a/container-images/tcib/base/os/cinder-base/cinder-api/cinder-api.yaml b/container-images/tcib/base/os/cinder-base/cinder-api/cinder-api.yaml new file mode 100644 index 000000000..353287117 --- /dev/null +++ b/container-images/tcib/base/os/cinder-base/cinder-api/cinder-api.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /var/www/cgi-bin/cinder && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: chown -R cinder /var/www/cgi-bin/cinder && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - python3-keystone + - python3-mod_wsgi diff --git a/container-images/tcib/base/os/cinder-base/cinder-backup/cinder-backup.yaml b/container-images/tcib/base/os/cinder-base/cinder-backup/cinder-backup.yaml new file mode 100644 index 000000000..052b866ed --- /dev/null +++ b/container-images/tcib/base/os/cinder-base/cinder-backup/cinder-backup.yaml @@ -0,0 +1,13 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /etc/libqb +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-backup /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - libqb + - nfs-utils + - pacemaker + - pacemaker-remote + - pcs + - resource-agents +tcib_user: cinder diff --git a/container-images/tcib/base/os/cinder-base/cinder-base.yaml b/container-images/tcib/base/os/cinder-base/cinder-base.yaml new file mode 100644 index 000000000..d21028ced --- /dev/null +++ b/container-images/tcib/base/os/cinder-base/cinder-base.yaml @@ -0,0 +1,15 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla cinder +tcib_packages: + common: + - ceph-common + - cryptsetup + - lvm2 + - openstack-cinder + - python3-automaton + - python3-oslo-vmware + modules: + - disable: virt:rhel + - enable: virt:8.2 diff --git a/container-images/tcib/base/os/cinder-base/cinder-scheduler/cinder-scheduler.yaml b/container-images/tcib/base/os/cinder-base/cinder-scheduler/cinder-scheduler.yaml new file mode 100644 index 000000000..c61a21f83 --- /dev/null +++ b/container-images/tcib/base/os/cinder-base/cinder-scheduler/cinder-scheduler.yaml @@ -0,0 +1,3 @@ +tcib_actions: +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_user: cinder diff --git a/container-images/tcib/base/os/cinder-base/cinder-volume/cinder-volume.yaml b/container-images/tcib/base/os/cinder-base/cinder-volume/cinder-volume.yaml new file mode 100644 index 000000000..aa169b767 --- /dev/null +++ b/container-images/tcib/base/os/cinder-base/cinder-volume/cinder-volume.yaml @@ -0,0 +1,18 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /etc/libqb +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - libqb + - nfs-utils + - nvmetcli + - pacemaker + - pacemaker-remote + - pcs + - python3-cinderlib + - python3-rtslib + - resource-agents + - sysfsutils + - targetcli +tcib_user: cinder diff --git a/container-images/tcib/base/os/designate-base/designate-api/designate-api.yaml b/container-images/tcib/base/os/designate-base/designate-api/designate-api.yaml new file mode 100644 index 000000000..f93c2a46f --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-api/designate-api.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-designate-api +tcib_user: designate diff --git a/container-images/tcib/base/os/designate-base/designate-backend-bind9/designate-backend-bind9.yaml b/container-images/tcib/base/os/designate-base/designate-backend-bind9/designate-backend-bind9.yaml new file mode 100644 index 000000000..f24ce7272 --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-backend-bind9/designate-backend-bind9.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /var/lib/named/ /run/named && chown -R root /var/lib/named /run/named && chmod 755 /run/named +tcib_packages: + common: + - bind diff --git a/container-images/tcib/base/os/designate-base/designate-base.yaml b/container-images/tcib/base/os/designate-base/designate-base.yaml new file mode 100644 index 000000000..4c63ee3be --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-base.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla designate +tcib_packages: + common: + - openstack-designate-common + - python3-oslo-reports + - python3-suds + - python3-tooz diff --git a/container-images/tcib/base/os/designate-base/designate-central/designate-central.yaml b/container-images/tcib/base/os/designate-base/designate-central/designate-central.yaml new file mode 100644 index 000000000..686a9e492 --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-central/designate-central.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-designate-central +tcib_user: designate diff --git a/container-images/tcib/base/os/designate-base/designate-mdns/designate-mdns.yaml b/container-images/tcib/base/os/designate-base/designate-mdns/designate-mdns.yaml new file mode 100644 index 000000000..d08a43044 --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-mdns/designate-mdns.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-designate-mdns +tcib_user: designate diff --git a/container-images/tcib/base/os/designate-base/designate-producer/designate-producer.yaml b/container-images/tcib/base/os/designate-base/designate-producer/designate-producer.yaml new file mode 100644 index 000000000..953b78c5a --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-producer/designate-producer.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-designate-producer +tcib_user: designate diff --git a/container-images/tcib/base/os/designate-base/designate-sink/designate-sink.yaml b/container-images/tcib/base/os/designate-base/designate-sink/designate-sink.yaml new file mode 100644 index 000000000..4eac94499 --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-sink/designate-sink.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-designate-sink +tcib_user: designate diff --git a/container-images/tcib/base/os/designate-base/designate-worker/designate-worker.yaml b/container-images/tcib/base/os/designate-base/designate-worker/designate-worker.yaml new file mode 100644 index 000000000..8b1471e1a --- /dev/null +++ b/container-images/tcib/base/os/designate-base/designate-worker/designate-worker.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - bind + - openstack-designate-worker +tcib_user: designate diff --git a/container-images/tcib/base/os/glance-api/glance-api.yaml b/container-images/tcib/base/os/glance-api/glance-api.yaml new file mode 100644 index 000000000..dca2e6bdf --- /dev/null +++ b/container-images/tcib/base/os/glance-api/glance-api.yaml @@ -0,0 +1,22 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla {{ tcib_user }} +- copy: /usr/share/tripleo-common/container-images/kolla/glance-api/extend_start.sh /usr/local/bin/kolla_extend_start +- run: chmod 755 /usr/local/bin/kolla_extend_start +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/glance-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/glance-api/*'', wantlist=True) }}' +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-glance + - python3-oslo-vmware + - python3-rados + - python3-rbd + - qemu-img + modules: + - disable: virt:rhel + - enable: virt:8.2 +tcib_user: glance diff --git a/container-images/tcib/base/os/gnocchi-base/gnocchi-api/gnocchi-api.yaml b/container-images/tcib/base/os/gnocchi-base/gnocchi-api/gnocchi-api.yaml new file mode 100644 index 000000000..69df14925 --- /dev/null +++ b/container-images/tcib/base/os/gnocchi-base/gnocchi-api/gnocchi-api.yaml @@ -0,0 +1,13 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - gnocchi-api + - httpd + - mod_ssl + - python3-boto3 + - python3-cradox + - python3-ldappool + - python3-mod_wsgi diff --git a/container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml b/container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml new file mode 100644 index 000000000..43271799e --- /dev/null +++ b/container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla gnocchi +tcib_packages: + common: + - gnocchi-common diff --git a/container-images/tcib/base/os/gnocchi-base/gnocchi-metricd/gnocchi-metricd.yaml b/container-images/tcib/base/os/gnocchi-base/gnocchi-metricd/gnocchi-metricd.yaml new file mode 100644 index 000000000..1773f9eca --- /dev/null +++ b/container-images/tcib/base/os/gnocchi-base/gnocchi-metricd/gnocchi-metricd.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-metricd /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - gnocchi-metricd +tcib_user: gnocchi diff --git a/container-images/tcib/base/os/gnocchi-base/gnocchi-statsd/gnocchi-statsd.yaml b/container-images/tcib/base/os/gnocchi-base/gnocchi-statsd/gnocchi-statsd.yaml new file mode 100644 index 000000000..1929f8371 --- /dev/null +++ b/container-images/tcib/base/os/gnocchi-base/gnocchi-statsd/gnocchi-statsd.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-statsd /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - gnocchi-statsd +tcib_user: gnocchi diff --git a/container-images/tcib/base/os/heat-base/heat-all/heat-all.yaml b/container-images/tcib/base/os/heat-base/heat-all/heat-all.yaml new file mode 100644 index 000000000..b1a3ff460 --- /dev/null +++ b/container-images/tcib/base/os/heat-base/heat-all/heat-all.yaml @@ -0,0 +1,8 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-heat-api + - openstack-heat-engine + - openstack-heat-monolith +tcib_user: heat diff --git a/container-images/tcib/base/os/heat-base/heat-api-cfn/heat-api-cfn.yaml b/container-images/tcib/base/os/heat-base/heat-api-cfn/heat-api-cfn.yaml new file mode 100644 index 000000000..dc28702d3 --- /dev/null +++ b/container-images/tcib/base/os/heat-base/heat-api-cfn/heat-api-cfn.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cfn /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-heat-api-cfn +tcib_user: heat diff --git a/container-images/tcib/base/os/heat-base/heat-api/heat-api.yaml b/container-images/tcib/base/os/heat-base/heat-api/heat-api.yaml new file mode 100644 index 000000000..ecd9a2c8d --- /dev/null +++ b/container-images/tcib/base/os/heat-base/heat-api/heat-api.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-heat-api +tcib_user: heat diff --git a/container-images/tcib/base/os/heat-base/heat-base.yaml b/container-images/tcib/base/os/heat-base/heat-base.yaml new file mode 100644 index 000000000..7302c0969 --- /dev/null +++ b/container-images/tcib/base/os/heat-base/heat-base.yaml @@ -0,0 +1,10 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla heat +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-heat-common + - python3-mod_wsgi diff --git a/container-images/tcib/base/os/heat-base/heat-engine/heat-engine.yaml b/container-images/tcib/base/os/heat-base/heat-engine/heat-engine.yaml new file mode 100644 index 000000000..4668de9d0 --- /dev/null +++ b/container-images/tcib/base/os/heat-base/heat-engine/heat-engine.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openstack-heat-engine +tcib_user: heat diff --git a/container-images/tcib/base/os/horizon/horizon.yaml b/container-images/tcib/base/os/horizon/horizon.yaml new file mode 100644 index 000000000..b03180b1b --- /dev/null +++ b/container-images/tcib/base/os/horizon/horizon.yaml @@ -0,0 +1,18 @@ +tcib_actions: +- run: mv /etc/rpm/macros.image-language-conf /tmp && dnf -y install openstack-dashboard && mv /tmp/macros.image-language-conf /etc/rpm && dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/horizon/extend_start.sh /usr/local/bin/kolla_extend_start +- run: chmod 755 /usr/local/bin/kolla_extend_start +- run: 'sed -i -r ''s,^(Listen 80),#\1,'' /etc/httpd/conf/httpd.conf && sed -i -r ''s,^(Listen 443),#\1,'' /etc/httpd/conf.d/ssl.conf && ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python3.6/site-packages/openstack_dashboard && ln -s /usr/share/openstack-dashboard/static /usr/lib/python3.6/site-packages/static && chown -R apache /etc/openstack-dashboard /usr/share/openstack-dashboard && chown -R apache /usr/share/openstack-dashboard/static && sed -i "s|WEBROOT = ''/dashboard/''|WEBROOT = ''/''|" /etc/openstack-dashboard/local_settings && cp /usr/share/openstack-dashboard/manage.py /usr/bin/manage.py && rm -f /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/?[^_]*.py* && rm -f /usr/lib/python3.6/site-packages/openstack_dashboard/local/enabled/?[^_]*.py* && for locale in /usr/lib/python3.6/site-packages/*/locale; do (cd ${locale%/*} && /usr/bin/django-admin compilemessages) done' +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/horizon /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/horizon/*'', wantlist=True) }}' +tcib_packages: + common: + - gettext + - httpd + - mod_ssl + - openstack-heat-ui + - openstack-ironic-ui + - openstack-manila-ui + - openstack-octavia-ui + - python3-mod_wsgi diff --git a/container-images/tcib/base/os/ironic-base/ironic-api/ironic-api.yaml b/container-images/tcib/base/os/ironic-base/ironic-api/ironic-api.yaml new file mode 100644 index 000000000..f5b1dcc3a --- /dev/null +++ b/container-images/tcib/base/os/ironic-base/ironic-api/ironic-api.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-ironic-api + - python3-mod_wsgi +tcib_user: ironic diff --git a/container-images/tcib/base/os/ironic-base/ironic-base.yaml b/container-images/tcib/base/os/ironic-base/ironic-base.yaml new file mode 100644 index 000000000..62241451a --- /dev/null +++ b/container-images/tcib/base/os/ironic-base/ironic-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla ironic +tcib_packages: + common: + - openstack-ironic-common diff --git a/container-images/tcib/base/os/ironic-base/ironic-conductor/ironic-conductor.yaml b/container-images/tcib/base/os/ironic-base/ironic-conductor/ironic-conductor.yaml new file mode 100644 index 000000000..b9ff57fae --- /dev/null +++ b/container-images/tcib/base/os/ironic-base/ironic-conductor/ironic-conductor.yaml @@ -0,0 +1,34 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-conductor /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - genisoimage + - dosfstools + - e2fsprogs + - gdisk + - ipmitool + - openssh-clients + - openstack-ironic-conductor + - openstack-ironic-staging-drivers + - parted + - psmisc + - python3-dracclient + - python3-ironic-inspector-client + - python3-proliantutils + - python3-pysnmp + - python3-scciclient + - python3-sushy + - python3-systemd + - qemu-img + - util-linux + - xfsprogs + modules: + - disable: virt:rhel + - enable: virt:8.2 + rhel: + - python-ovirt-engine-sdk4 + - python3dist\(ansible\) +tcib_user: ironic diff --git a/container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml b/container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml new file mode 100644 index 000000000..a24b52ee8 --- /dev/null +++ b/container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla {{ tcib_user }} +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-inspector /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-ironic-inspector + - openstack-ironic-inspector-dnsmasq +tcib_user: ironic-inspector diff --git a/container-images/tcib/base/os/ironic-base/ironic-pxe/ironic-pxe.yaml b/container-images/tcib/base/os/ironic-base/ironic-pxe/ironic-pxe.yaml new file mode 100644 index 000000000..1e0f5709c --- /dev/null +++ b/container-images/tcib/base/os/ironic-base/ironic-pxe/ironic-pxe.yaml @@ -0,0 +1,14 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: echo -e "re ^(/tftpboot/) /tftpboot/\2\nre ^/tftpboot/ /tftpboot/\nre ^(^/) /tftpboot/\1\nre ^([^/]) /tftpboot/\1" > /map-file +- run: echo ". /usr/local/bin/kolla_httpd_setup"> /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-pxe /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - ipxe-bootimgs + - mod_ssl + - python3-mod_wsgi + - syslinux-tftpboot + - tftp-server diff --git a/container-images/tcib/base/os/iscsid/iscsid.yaml b/container-images/tcib/base/os/iscsid/iscsid.yaml new file mode 100644 index 000000000..d8a2abfaf --- /dev/null +++ b/container-images/tcib/base/os/iscsid/iscsid.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/iscsid/extend_start.sh /usr/local/bin/kolla_extend_start +- run: chmod 755 /usr/local/bin/kolla_extend_start +- run: rm /etc/iscsi/initiatorname.iscsi +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/iscsid /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/iscsid/*'', wantlist=True) }}' +tcib_packages: + common: + - iscsi-initiator-utils + - python3-rtslib + - targetcli diff --git a/container-images/tcib/base/os/keystone/keystone.yaml b/container-images/tcib/base/os/keystone/keystone.yaml new file mode 100644 index 000000000..e43b2ad9e --- /dev/null +++ b/container-images/tcib/base/os/keystone/keystone.yaml @@ -0,0 +1,23 @@ +tcib_actions: +- run: dnf module -y enable mod_auth_openidc && dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla keystone +- run: mkdir -p /var/www/cgi-bin/keystone && chown -R keystone /var/www/cgi-bin/keystone +- copy: /usr/share/tripleo-common/container-images/kolla/keystone/extend_start.sh /usr/local/bin/kolla_extend_start +- run: chmod 755 /usr/local/bin/kolla_extend_start +- run: cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main +- run: cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +- run: sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/keystone /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/keystone/*'', wantlist=True) }}' +tcib_packages: + common: + - httpd + - mod_auth_gssapi + - mod_auth_mellon + - mod_auth_openidc + - mod_ssl + - openstack-keystone + - python3-ldappool + - python3-mod_wsgi + - python3-requests-kerberos diff --git a/container-images/tcib/base/os/manila-base/manila-api/manila-api.yaml b/container-images/tcib/base/os/manila-base/manila-api/manila-api.yaml new file mode 100644 index 000000000..7066d8940 --- /dev/null +++ b/container-images/tcib/base/os/manila-base/manila-api/manila-api.yaml @@ -0,0 +1,10 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /var/www/cgi-bin/manila && cp -a /usr/bin/manila-wsgi /var/www/cgi-bin/manila/manila-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: chown -R manila /var/www/cgi-bin/manila && chmod 755 /var/www/cgi-bin/manila/manila-wsgi +tcib_packages: + common: + - httpd + - mod_ssl + - python3-mod_wsgi +tcib_user: manila diff --git a/container-images/tcib/base/os/manila-base/manila-base.yaml b/container-images/tcib/base/os/manila-base/manila-base.yaml new file mode 100644 index 000000000..c7d16e1ce --- /dev/null +++ b/container-images/tcib/base/os/manila-base/manila-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla manila +tcib_packages: + common: + - openstack-manila diff --git a/container-images/tcib/base/os/manila-base/manila-scheduler/manila-scheduler.yaml b/container-images/tcib/base/os/manila-base/manila-scheduler/manila-scheduler.yaml new file mode 100644 index 000000000..b89dc7f01 --- /dev/null +++ b/container-images/tcib/base/os/manila-base/manila-scheduler/manila-scheduler.yaml @@ -0,0 +1,3 @@ +tcib_actions: +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/manila-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_user: manila diff --git a/container-images/tcib/base/os/manila-base/manila-share/manila-share.yaml b/container-images/tcib/base/os/manila-base/manila-share/manila-share.yaml new file mode 100644 index 000000000..4575d5d00 --- /dev/null +++ b/container-images/tcib/base/os/manila-base/manila-share/manila-share.yaml @@ -0,0 +1,14 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /etc/libqb +tcib_packages: + common: + - ceph-common + - libqb + - openstack-manila-share + - pacemaker + - pacemaker-remote + - pcs + - resource-agents + - sqlite +tcib_user: manila diff --git a/container-images/tcib/base/os/mistral-base/mistral-api/mistral-api.yaml b/container-images/tcib/base/os/mistral-base/mistral-api/mistral-api.yaml new file mode 100644 index 000000000..1dd66af3b --- /dev/null +++ b/container-images/tcib/base/os/mistral-base/mistral-api/mistral-api.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-mistral-api + - python3-mod_wsgi +tcib_user: mistral diff --git a/container-images/tcib/base/os/mistral-base/mistral-base.yaml b/container-images/tcib/base/os/mistral-base/mistral-base.yaml new file mode 100644 index 000000000..aa45d858e --- /dev/null +++ b/container-images/tcib/base/os/mistral-base/mistral-base.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla mistral +tcib_packages: + common: + - openstack-mistral-common + - openstack-tripleo-common + - python3-shade + - python3dist\(ansible\) diff --git a/container-images/tcib/base/os/mistral-base/mistral-engine/mistral-engine.yaml b/container-images/tcib/base/os/mistral-base/mistral-engine/mistral-engine.yaml new file mode 100644 index 000000000..de657df8a --- /dev/null +++ b/container-images/tcib/base/os/mistral-base/mistral-engine/mistral-engine.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-engine /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-mistral-engine +tcib_user: mistral diff --git a/container-images/tcib/base/os/mistral-base/mistral-event-engine/mistral-event-engine.yaml b/container-images/tcib/base/os/mistral-base/mistral-event-engine/mistral-event-engine.yaml new file mode 100644 index 000000000..9a2475d94 --- /dev/null +++ b/container-images/tcib/base/os/mistral-base/mistral-event-engine/mistral-event-engine.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-event-engine /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-mistral-event-engine +tcib_user: mistral diff --git a/container-images/tcib/base/os/mistral-base/mistral-executor/mistral-executor.yaml b/container-images/tcib/base/os/mistral-base/mistral-executor/mistral-executor.yaml new file mode 100644 index 000000000..4fb810c8d --- /dev/null +++ b/container-images/tcib/base/os/mistral-base/mistral-executor/mistral-executor.yaml @@ -0,0 +1,21 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-executor /openstack/healthcheck && chmod a+rx /openstack/healthcheck +- run: test -f /usr/bin/ansible-playbook-3 || ln -s /usr/bin/ansible-playbook /usr/bin/ansible-playbook-3 +- run: useradd validations +tcib_packages: + common: + - ipmitool + - openstack-mistral-executor + - openstack-nova-common + - openstack-tripleo-heat-templates + - openstack-tripleo-validations + - python3-novajoin + - qemu-img + modules: + - disable: virt:rhel + - enable: virt:8.2 + - disable: container-tools:rhel8 + - enable: container-tools:2.0 +tcib_user: mistral diff --git a/container-images/tcib/base/os/neutron-base/ironic-neutron-agent/ironic-neutron-agent.yaml b/container-images/tcib/base/os/neutron-base/ironic-neutron-agent/ironic-neutron-agent.yaml new file mode 100644 index 000000000..23ee30abf --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/ironic-neutron-agent/ironic-neutron-agent.yaml @@ -0,0 +1,8 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-neutron-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - python3-ironic-neutron-agent + - python3-networking-baremetal +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-agent-base.yaml b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-agent-base.yaml new file mode 100644 index 000000000..b40e9f322 --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-agent-base.yaml @@ -0,0 +1,10 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - libseccomp + - podman + modules: + - disable: container-tools:rhel8 + - enable: container-tools:2.0 diff --git a/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-dhcp-agent/neutron-dhcp-agent.yaml b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-dhcp-agent/neutron-dhcp-agent.yaml new file mode 100644 index 000000000..e3113e273 --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-dhcp-agent/neutron-dhcp-agent.yaml @@ -0,0 +1,3 @@ +tcib_actions: +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-dhcp /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-l3-agent/neutron-l3-agent.yaml b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-l3-agent/neutron-l3-agent.yaml new file mode 100644 index 000000000..c7cef64de --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-l3-agent/neutron-l3-agent.yaml @@ -0,0 +1,3 @@ +tcib_actions: +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-l3 /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-metadata-agent-ovn/neutron-metadata-agent-ovn.yaml b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-metadata-agent-ovn/neutron-metadata-agent-ovn.yaml new file mode 100644 index 000000000..8f63b2085 --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-agent-base/neutron-metadata-agent-ovn/neutron-metadata-agent-ovn.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-metadata /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - python3-networking-ovn-metadata-agent +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-base.yaml b/container-images/tcib/base/os/neutron-base/neutron-base.yaml new file mode 100644 index 000000000..09c69bd40 --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-base.yaml @@ -0,0 +1,18 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla neutron +- copy: /usr/share/tripleo-common/container-images/kolla/neutron-base/neutron_sudoers /etc/sudoers.d/neutron_sudoers +- run: chmod 440 /etc/sudoers.d/neutron_sudoers +# TODO(emilien) add support for tripleo-common being installed from source +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/neutron-base/*'', wantlist=True) }}' +tcib_packages: + common: + - iputils + - net-tools + - openstack-neutron + - openstack-neutron-ml2 + - openvswitch + - python3-networking-baremetal + - python3-networking-vmware-nsx + - python3-openvswitch + - python3-oslo-vmware diff --git a/container-images/tcib/base/os/neutron-base/neutron-metadata-agent/neutron-metadata-agent.yaml b/container-images/tcib/base/os/neutron-base/neutron-metadata-agent/neutron-metadata-agent.yaml new file mode 100644 index 000000000..5c0c4412c --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-metadata-agent/neutron-metadata-agent.yaml @@ -0,0 +1,3 @@ +tcib_actions: +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-metadata /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-openvswitch-agent/neutron-openvswitch-agent.yaml b/container-images/tcib/base/os/neutron-base/neutron-openvswitch-agent/neutron-openvswitch-agent.yaml new file mode 100644 index 000000000..b22b3156c --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-openvswitch-agent/neutron-openvswitch-agent.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-ovs-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-neutron-openvswitch +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-server-ovn/neutron-server-ovn.yaml b/container-images/tcib/base/os/neutron-base/neutron-server-ovn/neutron-server-ovn.yaml new file mode 100644 index 000000000..80f8b64a2 --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-server-ovn/neutron-server-ovn.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - python3-networking-ansible + - python3-networking-baremetal + - python3-networking-ovn +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-server/neutron-server.yaml b/container-images/tcib/base/os/neutron-base/neutron-server/neutron-server.yaml new file mode 100644 index 000000000..61f7faca2 --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-server/neutron-server.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - python3-networking-ansible + - python3-networking-baremetal +tcib_user: neutron diff --git a/container-images/tcib/base/os/neutron-base/neutron-sriov-agent/neutron-sriov-agent.yaml b/container-images/tcib/base/os/neutron-base/neutron-sriov-agent/neutron-sriov-agent.yaml new file mode 100644 index 000000000..10d743e2e --- /dev/null +++ b/container-images/tcib/base/os/neutron-base/neutron-sriov-agent/neutron-sriov-agent.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-sriov-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-neutron-sriov-nic-agent +tcib_user: neutron diff --git a/container-images/tcib/base/os/nova-base/nova-api/nova-api.yaml b/container-images/tcib/base/os/nova-base/nova-api/nova-api.yaml new file mode 100644 index 000000000..cfb418e4d --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-api/nova-api.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-nova-api + - python3-mod_wsgi + - python3-novajoin +tcib_user: nova diff --git a/container-images/tcib/base/os/nova-base/nova-base.yaml b/container-images/tcib/base/os/nova-base/nova-base.yaml new file mode 100644 index 000000000..a9281cb77 --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: mkdir -p /etc/ssh && touch /etc/ssh/ssh_known_host +- run: dnf install -y {{ tcib_packages | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla nova +tcib_packages: +- openstack-nova-common diff --git a/container-images/tcib/base/os/nova-base/nova-compute-ironic/nova-compute-ironic.yaml b/container-images/tcib/base/os/nova-base/nova-compute-ironic/nova-compute-ironic.yaml new file mode 100644 index 000000000..9c140fe49 --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-compute-ironic/nova-compute-ironic.yaml @@ -0,0 +1,14 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-ironic /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - genisoimage + - nvme-cli + - openstack-nova-compute + - python3-novajoin + modules: + - disable: virt:rhel + - enable: virt:8.2 +tcib_user: nova diff --git a/container-images/tcib/base/os/nova-base/nova-compute/nova-compute.yaml b/container-images/tcib/base/os/nova-base/nova-compute/nova-compute.yaml new file mode 100644 index 000000000..5d76534e9 --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-compute/nova-compute.yaml @@ -0,0 +1,29 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: rm -f /etc/machine-id +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - ceph-common + - device-mapper-multipath + - e2fsprogs + - genisoimage + - iscsi-initiator-utils + - nfs-utils + - nvme-cli + - openssh-server + - openstack-nova-compute + - openstack-nova-migration + - openvswitch + - parted + - python3-libguestfs + - python3-oslo-vmware + - python3-rtslib + - sysfsutils + - targetcli + - xfsprogs + modules: + - disable: virt:rhel + - enable: virt:8.2 +tcib_user: nova diff --git a/container-images/tcib/base/os/nova-base/nova-conductor/nova-conductor.yaml b/container-images/tcib/base/os/nova-base/nova-conductor/nova-conductor.yaml new file mode 100644 index 000000000..5c17cd388 --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-conductor/nova-conductor.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-conductor /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-nova-conductor +tcib_user: nova diff --git a/container-images/tcib/base/os/nova-base/nova-libvirt/nova-libvirt.yaml b/container-images/tcib/base/os/nova-base/nova-libvirt/nova-libvirt.yaml new file mode 100644 index 000000000..11393c7cb --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-libvirt/nova-libvirt.yaml @@ -0,0 +1,29 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-libvirt /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - ceph-common + - cyrus-sasl-scram + - libcgroup-tools + - libguestfs + - libseccomp + - libvirt-client + - libvirt-daemon + - libvirt-daemon-config-nwfilter + - libvirt-daemon-driver-nwfilter + - openssl-perl + - openstack-nova-migration + - openvswitch + - podman + - qemu-kvm + - trousers + modules: + - disable: container-tools:rhel8 + - enable: container-tools:2.0 + - disable: virt:rhel + - enable: virt:8.2 + x86_64: + - edk2-ovmf diff --git a/container-images/tcib/base/os/nova-base/nova-novncproxy/nova-novncproxy.yaml b/container-images/tcib/base/os/nova-base/nova-novncproxy/nova-novncproxy.yaml new file mode 100644 index 000000000..465a8a3de --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-novncproxy/nova-novncproxy.yaml @@ -0,0 +1,8 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-vnc-proxy /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - novnc + - openstack-nova-novncproxy +tcib_user: nova diff --git a/container-images/tcib/base/os/nova-base/nova-scheduler/nova-scheduler.yaml b/container-images/tcib/base/os/nova-base/nova-scheduler/nova-scheduler.yaml new file mode 100644 index 000000000..291e03ac2 --- /dev/null +++ b/container-images/tcib/base/os/nova-base/nova-scheduler/nova-scheduler.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-nova-scheduler + - openstack-tripleo-common + modules: + - disable: virt:rhel + - enable: virt:8.2 +tcib_user: nova diff --git a/container-images/tcib/base/os/novajoin-base/novajoin-base.yaml b/container-images/tcib/base/os/novajoin-base/novajoin-base.yaml new file mode 100644 index 000000000..691853e69 --- /dev/null +++ b/container-images/tcib/base/os/novajoin-base/novajoin-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla novajoin +tcib_packages: + common: + - python3-novajoin diff --git a/container-images/tcib/base/os/novajoin-base/novajoin-notifier/novajoin-notifier.yaml b/container-images/tcib/base/os/novajoin-base/novajoin-notifier/novajoin-notifier.yaml new file mode 100644 index 000000000..25cfc714f --- /dev/null +++ b/container-images/tcib/base/os/novajoin-base/novajoin-notifier/novajoin-notifier.yaml @@ -0,0 +1,2 @@ +tcib_actions: +- run: mkdir -p /novajoin-notifier \ No newline at end of file diff --git a/container-images/tcib/base/os/novajoin-base/novajoin-server/novajoin-server.yaml b/container-images/tcib/base/os/novajoin-base/novajoin-server/novajoin-server.yaml new file mode 100644 index 000000000..86c32376b --- /dev/null +++ b/container-images/tcib/base/os/novajoin-base/novajoin-server/novajoin-server.yaml @@ -0,0 +1,2 @@ +tcib_actions: +- run: mkdir -p /novajoin-server \ No newline at end of file diff --git a/container-images/tcib/base/os/octavia-base/octavia-api/octavia-api.yaml b/container-images/tcib/base/os/octavia-base/octavia-api/octavia-api.yaml new file mode 100644 index 000000000..90d4a55ac --- /dev/null +++ b/container-images/tcib/base/os/octavia-base/octavia-api/octavia-api.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-octavia-api + - python3-mod_wsgi + - python3-networking-ovn +tcib_user: octavia diff --git a/container-images/tcib/base/os/octavia-base/octavia-base.yaml b/container-images/tcib/base/os/octavia-base/octavia-base.yaml new file mode 100644 index 000000000..d717b2750 --- /dev/null +++ b/container-images/tcib/base/os/octavia-base/octavia-base.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla octavia +tcib_packages: + common: + - openstack-octavia-common diff --git a/container-images/tcib/base/os/octavia-base/octavia-health-manager/octavia-health-manager.yaml b/container-images/tcib/base/os/octavia-base/octavia-health-manager/octavia-health-manager.yaml new file mode 100644 index 000000000..f7e48296a --- /dev/null +++ b/container-images/tcib/base/os/octavia-base/octavia-health-manager/octavia-health-manager.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-health-manager /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-octavia-health-manager +tcib_user: octavia diff --git a/container-images/tcib/base/os/octavia-base/octavia-housekeeping/octavia-housekeeping.yaml b/container-images/tcib/base/os/octavia-base/octavia-housekeeping/octavia-housekeeping.yaml new file mode 100644 index 000000000..fa06e1cd4 --- /dev/null +++ b/container-images/tcib/base/os/octavia-base/octavia-housekeeping/octavia-housekeeping.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-housekeeping /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-octavia-housekeeping +tcib_user: octavia diff --git a/container-images/tcib/base/os/octavia-base/octavia-worker/octavia-worker.yaml b/container-images/tcib/base/os/octavia-base/octavia-worker/octavia-worker.yaml new file mode 100644 index 000000000..b579ac6e9 --- /dev/null +++ b/container-images/tcib/base/os/octavia-base/octavia-worker/octavia-worker.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-worker /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-octavia-worker +tcib_user: octavia diff --git a/container-images/tcib/base/os/os.yaml b/container-images/tcib/base/os/os.yaml new file mode 100644 index 000000000..82b0d83ed --- /dev/null +++ b/container-images/tcib/base/os/os.yaml @@ -0,0 +1,20 @@ +tcib_actions: +- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - cronie + - iscsi-initiator-utils + - python3-barbicanclient + - python3-cinderclient + - python3-designateclient + - python3-glanceclient + - python3-gnocchiclient + - python3-ironicclient + - python3-keystoneclient + - python3-manilaclient + - python3-neutronclient + - python3-novaclient + - python3-octaviaclient + - python3-openstackclient + - python3-swiftclient + - python3-zaqarclient diff --git a/container-images/tcib/base/os/placement-api/placement-api.yaml b/container-images/tcib/base/os/placement-api/placement-api.yaml new file mode 100644 index 000000000..eeb91a454 --- /dev/null +++ b/container-images/tcib/base/os/placement-api/placement-api.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/placement-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-placement-api + - openstack-placement-common + - python3-mod_wsgi diff --git a/container-images/tcib/base/os/swift-base/swift-account/swift-account.yaml b/container-images/tcib/base/os/swift-base/swift-account/swift-account.yaml new file mode 100644 index 000000000..265f88a93 --- /dev/null +++ b/container-images/tcib/base/os/swift-base/swift-account/swift-account.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-account-server /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-swift-account +tcib_user: swift diff --git a/container-images/tcib/base/os/swift-base/swift-base.yaml b/container-images/tcib/base/os/swift-base/swift-base.yaml new file mode 100644 index 000000000..b1eee28c2 --- /dev/null +++ b/container-images/tcib/base/os/swift-base/swift-base.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla swift +- copy: /usr/share/tripleo-common/container-images/kolla/swift-base/swift-rootwrap /usr/bin/swift-rootwrap +- copy: /usr/share/tripleo-common/container-images/kolla/swift-base/swift-sudoers /etc/sudoers.d/swift-sudoers +- run: chmod 755 /usr/bin/swift-rootwrap && chmod 440 /etc/sudoers.d/swift-sudoers +- run: touch /etc/swift/rootwrap.conf && chmod 644 /etc/swift/rootwrap.conf && crudini --set /etc/swift/rootwrap.conf DEFAULT filters_path /etc/swift/rootwrap.d,/usr/share/swift/rootwrap && crudini --set /etc/swift/rootwrap.conf DEFAULT exec_dirs /sbin,/usr/sbin,/bin,/usr/bin && crudini --set /etc/swift/rootwrap.conf DEFAULT use_syslog False && crudini --set /etc/swift/rootwrap.conf DEFAULT syslog_log_facility syslog && crudini --set /etc/swift/rootwrap.conf DEFAULT syslog_log_level ERROR +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/swift-base/*'', wantlist=True) }}' +tcib_packages: + common: + - nmap-ncat + - openstack-swift diff --git a/container-images/tcib/base/os/swift-base/swift-container/swift-container.yaml b/container-images/tcib/base/os/swift-base/swift-container/swift-container.yaml new file mode 100644 index 000000000..bbbf41ad5 --- /dev/null +++ b/container-images/tcib/base/os/swift-base/swift-container/swift-container.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-container-server /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-swift-container +tcib_user: swift diff --git a/container-images/tcib/base/os/swift-base/swift-object/swift-object.yaml b/container-images/tcib/base/os/swift-base/swift-object/swift-object.yaml new file mode 100644 index 000000000..5cc9a201f --- /dev/null +++ b/container-images/tcib/base/os/swift-base/swift-object/swift-object.yaml @@ -0,0 +1,7 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-object-server /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openstack-swift-object +tcib_user: swift diff --git a/container-images/tcib/base/os/swift-base/swift-proxy-server/swift-proxy-server.yaml b/container-images/tcib/base/os/swift-base/swift-proxy-server/swift-proxy-server.yaml new file mode 100644 index 000000000..83f50cf3a --- /dev/null +++ b/container-images/tcib/base/os/swift-base/swift-proxy-server/swift-proxy-server.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/swift-proxy /openstack/healthcheck && chmod a+rx /openstack/healthcheck +- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-ceilometer-common + - openstack-swift-proxy + - python3-ceilometermiddleware +tcib_user: swift diff --git a/container-images/tcib/base/os/tempest/tempest.yaml b/container-images/tcib/base/os/tempest/tempest.yaml new file mode 100644 index 000000000..3ff8dc570 --- /dev/null +++ b/container-images/tcib/base/os/tempest/tempest.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: groupadd --force --gid 42480 tempest && useradd -l -M --shell /usr/sbin/nologin --uid 42480 --gid 42480 tempest +- run: usermod -a -G kolla tempest +tcib_packages: + common: + - iputils + - openstack-tempest-all +tcib_user: tempest diff --git a/container-images/tcib/base/os/zaqar-wsgi/zaqar-wsgi.yaml b/container-images/tcib/base/os/zaqar-wsgi/zaqar-wsgi.yaml new file mode 100644 index 000000000..12ce5ac33 --- /dev/null +++ b/container-images/tcib/base/os/zaqar-wsgi/zaqar-wsgi.yaml @@ -0,0 +1,10 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /var/www/cgi-bin/zaqar && chown -R zaqar /var/www/cgi-bin/zaqar && cp -a /usr/lib/python3.6/site-packages/zaqar/transport/wsgi/app.py /var/www/cgi-bin/zaqar/ && chmod 755 /var/www/cgi-bin/zaqar && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf +tcib_packages: + common: + - httpd + - mod_ssl + - openstack-zaqar + - python3-ldappool + - python3-mod_wsgi diff --git a/container-images/tcib/base/ovn-base/ovn-base.yaml b/container-images/tcib/base/ovn-base/ovn-base.yaml new file mode 100644 index 000000000..36971a201 --- /dev/null +++ b/container-images/tcib/base/ovn-base/ovn-base.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - openvswitch + - openvswitch-ovn-common + - python3-netifaces + - python3-openvswitch + - tcpdump diff --git a/container-images/tcib/base/ovn-base/ovn-controller/ovn-controller.yaml b/container-images/tcib/base/ovn-base/ovn-controller/ovn-controller.yaml new file mode 100644 index 000000000..5fb1e0182 --- /dev/null +++ b/container-images/tcib/base/ovn-base/ovn-controller/ovn-controller.yaml @@ -0,0 +1,6 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-controller /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - openvswitch-ovn-host diff --git a/container-images/tcib/base/ovn-base/ovn-nb-db-server/ovn-nb-db-server.yaml b/container-images/tcib/base/ovn-base/ovn-nb-db-server/ovn-nb-db-server.yaml new file mode 100644 index 000000000..3267f966b --- /dev/null +++ b/container-images/tcib/base/ovn-base/ovn-nb-db-server/ovn-nb-db-server.yaml @@ -0,0 +1,8 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/ovn/ovn-nb-db-server/start_nb_db_server.sh /usr/local/bin/start-nb-db-server +- run: chmod 755 /usr/local/bin/start-nb-db-server +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/ovn/ovn-nb-db-server/*'', wantlist=True) }}' +tcib_packages: + common: + - openvswitch-ovn-central diff --git a/container-images/tcib/base/ovn-base/ovn-northd/ovn-northd.yaml b/container-images/tcib/base/ovn-base/ovn-northd/ovn-northd.yaml new file mode 100644 index 000000000..3f9a6211d --- /dev/null +++ b/container-images/tcib/base/ovn-base/ovn-northd/ovn-northd.yaml @@ -0,0 +1,12 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: mkdir -p /etc/libqb +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-dbs /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - libqb + - openvswitch-ovn-central + - pacemaker + - pacemaker-remote + - pcs + - resource-agents diff --git a/container-images/tcib/base/ovn-base/ovn-sb-db-server/ovn-sb-db-server.yaml b/container-images/tcib/base/ovn-base/ovn-sb-db-server/ovn-sb-db-server.yaml new file mode 100644 index 000000000..fab5c7e4c --- /dev/null +++ b/container-images/tcib/base/ovn-base/ovn-sb-db-server/ovn-sb-db-server.yaml @@ -0,0 +1,8 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/ovn/ovn-sb-db-server/start_sb_db_server.sh /usr/local/bin/start-sb-db-server +- run: chmod 755 /usr/local/bin/start-sb-db-server +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/ovn/ovn-sb-db-server/*'', wantlist=True) }}' +tcib_packages: + common: + - openvswitch-ovn-central diff --git a/container-images/tcib/base/qdrouterd/qdrouterd.yaml b/container-images/tcib/base/qdrouterd/qdrouterd.yaml new file mode 100644 index 000000000..d4ceda058 --- /dev/null +++ b/container-images/tcib/base/qdrouterd/qdrouterd.yaml @@ -0,0 +1,11 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod -a -G kolla qdrouterd && mkdir -p /var/lib/qdrouterd && chown -R qdrouterd /var/lib/qdrouterd +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/qdrouterd /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - cyrus-sasl-lib + - cyrus-sasl-plain + - qpid-dispatch-router + - qpid-dispatch-tools +tcib_user: qdrouterd diff --git a/container-images/tcib/base/rabbitmq/rabbitmq.yaml b/container-images/tcib/base/rabbitmq/rabbitmq.yaml new file mode 100644 index 000000000..9996d8736 --- /dev/null +++ b/container-images/tcib/base/rabbitmq/rabbitmq.yaml @@ -0,0 +1,18 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/rabbitmq/extend_start.sh /usr/local/bin/kolla_extend_start +- run: chmod 755 /usr/local/bin/kolla_extend_start +- run: usermod -a -G kolla {{ tcib_user }} +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/rabbitmq /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/rabbitmq/*'', wantlist=True) }}' +tcib_packages: + common: + - erlang-hipe + - hostname + - libqb + - pacemaker + - pacemaker-remote + - pcs + - rabbitmq-server + - resource-agents +tcib_user: rabbitmq diff --git a/container-images/tcib/base/redis/redis.yaml b/container-images/tcib/base/redis/redis.yaml new file mode 100644 index 000000000..f03d8fb00 --- /dev/null +++ b/container-images/tcib/base/redis/redis.yaml @@ -0,0 +1,19 @@ +tcib_actions: +- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi +- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: usermod --append --home /run/redis --groups kolla redis && mkdir -p /run/redis && chown -R redis /run/redis +- run: mkdir /etc/libqb +- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/redis /openstack/healthcheck && chmod a+rx /openstack/healthcheck +tcib_packages: + common: + - libqb + - pacemaker + - pacemaker-remote + - pcs + - procps-ng + - redis + - resource-agents + - stunnel + modules: + - install: redis:5 +tcib_user: redis diff --git a/container-images/tcib/base/rsyslog/rsyslog.yaml b/container-images/tcib/base/rsyslog/rsyslog.yaml new file mode 100644 index 000000000..234cb2efd --- /dev/null +++ b/container-images/tcib/base/rsyslog/rsyslog.yaml @@ -0,0 +1,9 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +tcib_packages: + common: + - rsyslog + - rsyslog-elasticsearch + - rsyslog-gnutls + - rsyslog-mmjsonparse + - rsyslog-mmnormalize diff --git a/container-images/tcib/base/tripleoclient/tripleoclient.yaml b/container-images/tcib/base/tripleoclient/tripleoclient.yaml new file mode 100644 index 000000000..bce6eeed5 --- /dev/null +++ b/container-images/tcib/base/tripleoclient/tripleoclient.yaml @@ -0,0 +1,16 @@ +tcib_actions: +- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- copy: /usr/share/tripleo-common/container-images/kolla/tripleoclient/create_super_user.sh /usr/local/bin/create_super_user.sh +- run: chmod 750 /usr/local/bin/create_super_user.sh +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/tripleoclient/*'', wantlist=True) }}' +tcib_packages: + common: + - sudo + - e2fsprogs + - git + - openssh-clients + - openstack-tripleo-validations + - puppet-tripleo + - python3-openstackclient + - python3-tripleoclient + - xfsprogs diff --git a/container-images/tripleo_containers.yaml b/container-images/tripleo_containers.yaml new file mode 100644 index 000000000..ba24f70c5 --- /dev/null +++ b/container-images/tripleo_containers.yaml @@ -0,0 +1,231 @@ +container_images: +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-os:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-aodh-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-aodh-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-aodh-evaluator:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-aodh-listener:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-aodh-notifier:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-barbican-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-barbican-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-barbican-keystone-listener:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-barbican-worker:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ceilometer-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ceilometer-ipmi:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ceilometer-central:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ceilometer-compute:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ceilometer-notification:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-cinder-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-cinder-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-cinder-backup:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-cinder-scheduler:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-cinder-volume:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-collectd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-cron:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-backend-bind9:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-central:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-mdns:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-producer:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-sink:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-designate-worker:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-etcd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-glance-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-gnocchi-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-gnocchi-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-gnocchi-metricd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-gnocchi-statsd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-haproxy:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-heat-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-heat-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-heat-api-cfn:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-heat-engine:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-heat-all:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-horizon:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ironic-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ironic-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ironic-conductor:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ironic-inspector:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ironic-neutron-agent:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ironic-pxe:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-iscsid:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-keepalived:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-keystone:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-manila-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-manila-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-manila-scheduler:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-manila-share:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-mariadb:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-memcached:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-mistral-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-mistral-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-mistral-engine:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-mistral-event-engine:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-mistral-executor:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-multipathd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-agent-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-dhcp-agent:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-l3-agent:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-metadata-agent-ovn:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-metadata-agent:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-openvswitch-agent:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-server:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-server-ovn:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-neutron-sriov-agent:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-libvirt:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-compute:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-compute-ironic:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-conductor:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-novncproxy:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-nova-scheduler:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-novajoin-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-novajoin-notifier:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-novajoin-server:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-octavia-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-octavia-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-octavia-health-manager:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-octavia-housekeeping:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-octavia-worker:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ovn-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ovn-controller:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ovn-northd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ovn-nb-db-server:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-ovn-sb-db-server:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-placement-api:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-qdrouterd:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-rabbitmq:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-redis:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-rsyslog:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-swift-base:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-swift-account:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-swift-container:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-swift-object:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-swift-proxy-server:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-tempest:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-tripleoclient:current-tripleo +- image_source: tripleo + imagename: quay.io/tripleomaster/openstack-zaqar-wsgi:current-tripleo +- imagename: docker.io/ceph/daemon:v4.0.10-stable-4.0-nautilus-centos-7-x86_64 + image_source: ceph +- imagename: docker.io/prom/prometheus:v2.7.2 + image_source: prom +- imagename: docker.io/prom/alertmanager:v0.16.2 + image_source: prom +- imagename: docker.io/prom/node-exporter:v0.17.0 + image_source: prom +- imagename: docker.io/grafana/grafana:5.2.4 + image_source: grafana diff --git a/scripts/containerfile-converter.py b/scripts/containerfile-converter.py new file mode 100755 index 000000000..c03447dd7 --- /dev/null +++ b/scripts/containerfile-converter.py @@ -0,0 +1,245 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os +import re +import sys + +import yaml + + +TCIB_MAP = { + "tcib_path": None, + "tcib_args": {}, + "tcib_from": None, + "tcib_labels": {}, + "tcib_envs": {}, + "tcib_onbuilds": [], + "tcib_volumes": [], + "tcib_workdir": None, + "tcib_adds": [], + "tcib_copies": [], + "tcib_exposes": [], + "tcib_user": None, + "tcib_shell": None, + "tcib_runs": [], + "tcib_healthcheck": None, + "tcib_stopsignal": None, + "tcib_entrypoint": None, + "tcib_cmd": None, + "tcib_actions": [], + "tcib_gather_files": [], +} + +DOCKER_VERB_MAP = { + "FROM": "tcib_from", + "RUN": "tcib_runs", + "CMD": "tcib_cmd", + "LABEL": "tcib_labels", + "EXPOSE": "tcib_exposes", + "ENV": "tcib_envs", + "ADD": "tcib_adds", + "COPY": "tcib_copies", + "ENTRYPOINT": "tcib_entrypoint", + "VOLUME": "tcib_volumes", + "USER": "tcib_user", + "WORKDIR": "tcib_workdir", + "ARG": "tcib_args", + "ONBUILD": "tcib_onbuilds", + "STOPSIGNAL": "tcib_stopsignal", + "HEALTHCHECK": "tcib_healthcheck", + "SHELL": "tcib_shell", +} + + +def line_reader(lines, return_lines=None): + """Read all lines of a container file. + + This will concatinate all them into a machine readable array. + + :param Lines: list of lines to read. + :type Lines: List + :param return_lines: List of lines that will be returned. + :type return_lines: List + :returns: List + """ + if not return_lines: + return_lines = list() + try: + line = next(lines) + line = line.strip() + if line: + if line.endswith("\\"): + while True: + new_line = next(lines) + if not new_line.startswith("#"): + new_line = new_line.strip() + line = line.rstrip("\\") + line += " {line}".format(line=new_line.rstrip("\\")) + if not new_line.endswith("\\"): + break + return_lines.append(line) + else: + if not line.startswith("#"): + return_lines.append(line) + except StopIteration: + return return_lines + else: + return line_reader(lines, return_lines=return_lines) + + +def package_parse(packages_line, lines): + """Parse a command line which runs a dnf install. + + :param package_line: Line to parse + :type package_line: String + :param lines: List of lines + :type lines: List + :returns: List + """ + a = re.search(r".*dnf -y install (.*?) (&&|' ')", packages_line) + TCIB_MAP["tcib_packages"] = {"common": sorted(a.group(1).split())} + index = lines.index(packages_line) + lines.pop(index) + lines.insert( + 0, + packages_line.replace( + a.group(1), r"{{ tcib_packages.common | join(' ') }}" + ), + ) + return lines + + +def module_parse(module_line, lines): + """Parse a command line which runs a dnf module. + + :param module_line: Line to parse + :type module_line: String + :param lines: List of lines + :type lines: List + :returns: List + """ + modules_list = TCIB_MAP["tcib_packages"]["modules"] = list() + pattern = re.compile( + r"dnf -y module (disable|enable|info|install|list|provides|" + r"remove|repoquery|reset|update)(.*?)(&&|' ')" + ) + for match in re.findall(pattern, module_line): + key, value, _ = match + modules = [i for i in value.split() if i] + for module in modules: + modules_list.append({key: module}) + module_jinja = ( + r"RUN if [ '{{ tcib_distro }}' == 'rhel' ]; then " + r"{% for item in tcib_packages.modules %}" + r"{% set key, value = (item.items() | list).0 %}" + r"dnf module -y {{ key }} {{ value }}; " + r"{% endfor %}fi" + ) + index = lines.index(module_line) + lines.pop(index) + lines.insert( + index, + module_line.replace( + " ".join( + [ + i[0] + for i in re.findall( + r"(dnf -y module.*?(&&|' '))", module_line + ) + ] + ), + "", + ), + ) + lines.insert(index, module_jinja) + return lines + + +def line_parser(lines): + """Line parser which will translate strings into machine data. + + :param lines: List of lines + :type lines: List + """ + for line in lines: + verb, content = line.split(" ", 1) + if verb in ["ADD", "COPY", "RUN"]: + TCIB_MAP["tcib_actions"].append({verb.lower(): content.strip()}) + elif verb in ["FROM", "LABEL"]: + continue + else: + map_item = TCIB_MAP[DOCKER_VERB_MAP[verb]] + if isinstance(map_item, list): + map_item.append(content) + elif isinstance(map_item, dict): + try: + key, value = content.split("=", 1) + except ValueError: + key, value = content.split(" ", 1) + map_item[key] = value.strip('"') + else: + TCIB_MAP[DOCKER_VERB_MAP[verb]] = content + + +def main(containerfile): + """Run the main application. + + :param containerfile: File to parse, this requires the full path. + :type containerfile: String + """ + with open(containerfile) as f: + lines = [ + " ".join( + i.split() + ) for i in line_reader(lines=iter(f.readlines())) + ] + + r = re.compile(".*dnf.*install(.*)($| )") + packages_lines = list(filter(r.match, lines)) + if len(packages_lines) == 1: + lines = package_parse(packages_line=packages_lines[0], lines=lines) + elif len(packages_lines) > 1: + print( + "Warning: packages not parsed because there is more than one " + "install command, file '{}' will need to be manually converted " + "to using the packages structure.".format(containerfile) + ) + + r = re.compile(".*dnf.*module(.*)($| )") + module_lines = list(filter(r.match, lines)) + if len(module_lines) == 1: + lines = module_parse(module_line=module_lines[0], lines=lines) + elif len(module_lines) > 1: + print( + "Warning: modules not parsed because there is more than one " + "module command, file '{}' will need to be manually converted to " + "using the module structure.".format(containerfile) + ) + + line_parser(lines=lines) + render_vars = dict() + for key, value in TCIB_MAP.items(): + if value: + render_vars[key] = value + + dir_path = os.path.dirname(containerfile) + var_file = "{var}.yaml".format( + var=os.path.basename(dir_path).replace("-container", "") + ) + with open(os.path.join(dir_path, var_file), "w") as f: + f.write(yaml.dump(render_vars, default_flow_style=False, width=4096)) + + +if __name__ == "__main__": + main(containerfile=sys.argv[1])