Implement a new Container Images layout
- Kolla files that we need to copy into the images. We removed the bits for Debian/Ubuntu and Upgrades stuffs that we don't use in TripleO. - A containerfile conversion tool has been added. This tool will interpret docker files and convert them to a simplified tcib format. - TCIB aka TripleO Container Image Build, a new directory with the image configs. One file per image, following a simple structure. All images were pushed, we'll make some adjustments later. Change-Id: Ib099c3be867f41c66b088de50d9e176cdcc0592c Signed-off-by: Kevin Carter <kecarter@redhat.com>
This commit is contained in:
parent
ed7049ee84
commit
b84805d38d
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script performs setup necessary to run the Apache httpd web server.
|
||||||
|
# It should be sourced rather than executed as environment variables are set.
|
||||||
|
|
||||||
|
# Assume the service runs on top of Apache httpd when user is root.
|
||||||
|
if [[ "$(whoami)" == 'root' ]]; then
|
||||||
|
# NOTE(pbourke): httpd will not clean up after itself in some cases which
|
||||||
|
# results in the container not being able to restart. (bug #1489676, 1557036)
|
||||||
|
rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*
|
||||||
|
|
||||||
|
# CentOS 8 has an issue with mod_ssl which produces an invalid Apache
|
||||||
|
# configuration in /etc/httpd/conf.d/ssl.conf. This causes the following error
|
||||||
|
# on startup:
|
||||||
|
# SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
|
||||||
|
# Work around this by generating certificates manually.
|
||||||
|
if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
|
||||||
|
/usr/libexec/httpd-ssl-gencerts
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -0,0 +1,436 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import glob
|
||||||
|
import grp
|
||||||
|
import json
|
||||||
|
import logging
|
||||||
|
import os
|
||||||
|
import pwd
|
||||||
|
import shutil
|
||||||
|
import sys
|
||||||
|
|
||||||
|
|
||||||
|
# TODO(rhallisey): add docstring.
|
||||||
|
logging.basicConfig()
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
LOG.setLevel(logging.INFO)
|
||||||
|
|
||||||
|
|
||||||
|
class ExitingException(Exception):
|
||||||
|
def __init__(self, message, exit_code=1):
|
||||||
|
super(ExitingException, self).__init__(message)
|
||||||
|
self.exit_code = exit_code
|
||||||
|
|
||||||
|
|
||||||
|
class ImmutableConfig(ExitingException):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidConfig(ExitingException):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class MissingRequiredSource(ExitingException):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class UserNotFound(ExitingException):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class ConfigFileBadState(ExitingException):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class ConfigFile(object):
|
||||||
|
|
||||||
|
def __init__(self, source, dest, owner=None, perm=None, optional=False,
|
||||||
|
preserve_properties=False, merge=False):
|
||||||
|
self.source = source
|
||||||
|
self.dest = dest
|
||||||
|
self.owner = owner
|
||||||
|
self.perm = perm
|
||||||
|
self.optional = optional
|
||||||
|
self.merge = merge
|
||||||
|
self.preserve_properties = preserve_properties
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return '<ConfigFile source:"{}" dest:"{}">'.format(self.source,
|
||||||
|
self.dest)
|
||||||
|
|
||||||
|
def _copy_file(self, source, dest):
|
||||||
|
self._delete_path(dest)
|
||||||
|
# dest endswith / means copy the <source> to <dest> folder
|
||||||
|
LOG.info('Copying %s to %s', source, dest)
|
||||||
|
if self.merge and self.preserve_properties and os.path.islink(source):
|
||||||
|
link_target = os.readlink(source)
|
||||||
|
os.symlink(link_target, dest)
|
||||||
|
else:
|
||||||
|
shutil.copy(source, dest)
|
||||||
|
self._set_properties(source, dest)
|
||||||
|
|
||||||
|
def _merge_directories(self, source, dest):
|
||||||
|
if os.path.isdir(source):
|
||||||
|
if os.path.lexists(dest) and not os.path.isdir(dest):
|
||||||
|
self._delete_path(dest)
|
||||||
|
if not os.path.isdir(dest):
|
||||||
|
LOG.info('Creating directory %s', dest)
|
||||||
|
os.makedirs(dest)
|
||||||
|
self._set_properties(source, dest)
|
||||||
|
|
||||||
|
dir_content = os.listdir(source)
|
||||||
|
for to_copy in dir_content:
|
||||||
|
self._merge_directories(os.path.join(source, to_copy),
|
||||||
|
os.path.join(dest, to_copy))
|
||||||
|
else:
|
||||||
|
self._copy_file(source, dest)
|
||||||
|
|
||||||
|
def _delete_path(self, path):
|
||||||
|
if not os.path.lexists(path):
|
||||||
|
return
|
||||||
|
LOG.info('Deleting %s', path)
|
||||||
|
if os.path.isdir(path):
|
||||||
|
shutil.rmtree(path)
|
||||||
|
else:
|
||||||
|
os.remove(path)
|
||||||
|
|
||||||
|
def _create_parent_dirs(self, path):
|
||||||
|
parent_path = os.path.dirname(path)
|
||||||
|
if not os.path.exists(parent_path):
|
||||||
|
os.makedirs(parent_path)
|
||||||
|
|
||||||
|
def _set_properties(self, source, dest):
|
||||||
|
if self.preserve_properties:
|
||||||
|
self._set_properties_from_file(source, dest)
|
||||||
|
else:
|
||||||
|
self._set_properties_from_conf(dest)
|
||||||
|
|
||||||
|
def _set_properties_from_file(self, source, dest):
|
||||||
|
shutil.copystat(source, dest)
|
||||||
|
stat = os.stat(source)
|
||||||
|
os.chown(dest, stat.st_uid, stat.st_gid)
|
||||||
|
|
||||||
|
def _set_properties_from_conf(self, path):
|
||||||
|
config = {'permissions':
|
||||||
|
[{'owner': self.owner, 'path': path, 'perm': self.perm}]}
|
||||||
|
handle_permissions(config)
|
||||||
|
|
||||||
|
def copy(self):
|
||||||
|
|
||||||
|
sources = glob.glob(self.source)
|
||||||
|
|
||||||
|
if not self.optional and not sources:
|
||||||
|
raise MissingRequiredSource('%s file is not found' % self.source)
|
||||||
|
# skip when there is no sources and optional
|
||||||
|
elif self.optional and not sources:
|
||||||
|
return
|
||||||
|
|
||||||
|
for source in sources:
|
||||||
|
dest = self.dest
|
||||||
|
# dest endswith / means copy the <source> into <dest> folder,
|
||||||
|
# otherwise means copy the source to dest
|
||||||
|
if dest.endswith(os.sep):
|
||||||
|
dest = os.path.join(dest, os.path.basename(source))
|
||||||
|
if not self.merge:
|
||||||
|
self._delete_path(dest)
|
||||||
|
self._create_parent_dirs(dest)
|
||||||
|
try:
|
||||||
|
self._merge_directories(source, dest)
|
||||||
|
except OSError:
|
||||||
|
# If a source is tried to merge with a read-only mount, it
|
||||||
|
# may throw an OSError. Because we don't print the source or
|
||||||
|
# dest anywhere, let's catch the exception and log a better
|
||||||
|
# message to help with tracking down the issue.
|
||||||
|
LOG.error('Unable to merge %s with %s', source, dest)
|
||||||
|
raise
|
||||||
|
|
||||||
|
def _cmp_file(self, source, dest):
|
||||||
|
# check exsit
|
||||||
|
if (os.path.exists(source) and
|
||||||
|
not self.optional and
|
||||||
|
not os.path.exists(dest)):
|
||||||
|
return False
|
||||||
|
# check content
|
||||||
|
with open(source) as f1, open(dest) as f2:
|
||||||
|
if f1.read() != f2.read():
|
||||||
|
LOG.error('The content of source file(%s) and'
|
||||||
|
' dest file(%s) are not equal.', source, dest)
|
||||||
|
return False
|
||||||
|
# check perm
|
||||||
|
file_stat = os.stat(dest)
|
||||||
|
actual_perm = oct(file_stat.st_mode)[-4:]
|
||||||
|
if self.perm != actual_perm:
|
||||||
|
LOG.error('Dest file does not have expected perm: %s, actual: %s',
|
||||||
|
self.perm, actual_perm)
|
||||||
|
return False
|
||||||
|
# check owner
|
||||||
|
desired_user, desired_group = user_group(self.owner)
|
||||||
|
actual_user = pwd.getpwuid(file_stat.st_uid)
|
||||||
|
if actual_user.pw_name != desired_user:
|
||||||
|
LOG.error('Dest file does not have expected user: %s,'
|
||||||
|
' actual: %s ', desired_user, actual_user.pw_name)
|
||||||
|
return False
|
||||||
|
actual_group = grp.getgrgid(file_stat.st_gid)
|
||||||
|
if actual_group.gr_name != desired_group:
|
||||||
|
LOG.error('Dest file does not have expected group: %s,'
|
||||||
|
' actual: %s ', desired_group, actual_group.gr_name)
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
|
def _cmp_dir(self, source, dest):
|
||||||
|
for root, dirs, files in os.walk(source):
|
||||||
|
for dir_ in dirs:
|
||||||
|
full_path = os.path.join(root, dir_)
|
||||||
|
dest_full_path = os.path.join(dest, os.path.relpath(source,
|
||||||
|
full_path))
|
||||||
|
dir_stat = os.stat(dest_full_path)
|
||||||
|
actual_perm = oct(dir_stat.st_mode)[-4:]
|
||||||
|
if self.perm != actual_perm:
|
||||||
|
LOG.error('Dest dir does not have expected perm: %s,'
|
||||||
|
' actual %s', self.perm, actual_perm)
|
||||||
|
return False
|
||||||
|
for file_ in files:
|
||||||
|
full_path = os.path.join(root, file_)
|
||||||
|
dest_full_path = os.path.join(dest, os.path.relpath(source,
|
||||||
|
full_path))
|
||||||
|
if not self._cmp_file(full_path, dest_full_path):
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
|
def check(self):
|
||||||
|
bad_state_files = []
|
||||||
|
sources = glob.glob(self.source)
|
||||||
|
|
||||||
|
if not sources and not self.optional:
|
||||||
|
raise MissingRequiredSource('%s file is not found' % self.source)
|
||||||
|
elif self.optional and not sources:
|
||||||
|
return
|
||||||
|
|
||||||
|
for source in sources:
|
||||||
|
dest = self.dest
|
||||||
|
# dest endswith / means copy the <source> into <dest> folder,
|
||||||
|
# otherwise means copy the source to dest
|
||||||
|
if dest.endswith(os.sep):
|
||||||
|
dest = os.path.join(dest, os.path.basename(source))
|
||||||
|
if os.path.isdir(source) and not self._cmp_dir(source, dest):
|
||||||
|
bad_state_files.append(source)
|
||||||
|
elif not self._cmp_file(source, dest):
|
||||||
|
bad_state_files.append(source)
|
||||||
|
if len(bad_state_files) != 0:
|
||||||
|
msg = 'Following files are in bad state: %s' % bad_state_files
|
||||||
|
raise ConfigFileBadState(msg)
|
||||||
|
|
||||||
|
|
||||||
|
def validate_config(config):
|
||||||
|
required_keys = {'source', 'dest'}
|
||||||
|
|
||||||
|
if 'command' not in config:
|
||||||
|
raise InvalidConfig('Config is missing required "command" key')
|
||||||
|
|
||||||
|
# Validate config sections
|
||||||
|
for data in config.get('config_files', list()):
|
||||||
|
# Verify required keys exist.
|
||||||
|
if not set(data.keys()) >= required_keys:
|
||||||
|
message = 'Config is missing required keys: %s' % required_keys
|
||||||
|
raise InvalidConfig(message)
|
||||||
|
if ('owner' not in data or 'perm' not in data) \
|
||||||
|
and not data.get('preserve_properties', False):
|
||||||
|
raise InvalidConfig(
|
||||||
|
'Config needs preserve_properties or owner and perm')
|
||||||
|
|
||||||
|
|
||||||
|
def validate_source(data):
|
||||||
|
source = data.get('source')
|
||||||
|
|
||||||
|
# Only check existence if no wildcard found
|
||||||
|
if '*' not in source:
|
||||||
|
if not os.path.exists(source):
|
||||||
|
if data.get('optional'):
|
||||||
|
LOG.info("%s does not exist, but is not required", source)
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
raise MissingRequiredSource(
|
||||||
|
"The source to copy does not exist: %s" % source)
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
|
def load_config():
|
||||||
|
def load_from_env():
|
||||||
|
config_raw = os.environ.get("KOLLA_CONFIG")
|
||||||
|
if config_raw is None:
|
||||||
|
return None
|
||||||
|
|
||||||
|
# Attempt to read config
|
||||||
|
try:
|
||||||
|
return json.loads(config_raw)
|
||||||
|
except ValueError:
|
||||||
|
raise InvalidConfig('Invalid json for Kolla config')
|
||||||
|
|
||||||
|
def load_from_file():
|
||||||
|
config_file = os.environ.get("KOLLA_CONFIG_FILE")
|
||||||
|
if not config_file:
|
||||||
|
config_file = '/var/lib/kolla/config_files/config.json'
|
||||||
|
LOG.info("Loading config file at %s", config_file)
|
||||||
|
|
||||||
|
# Attempt to read config file
|
||||||
|
with open(config_file) as f:
|
||||||
|
try:
|
||||||
|
return json.load(f)
|
||||||
|
except ValueError:
|
||||||
|
raise InvalidConfig(
|
||||||
|
"Invalid json file found at %s" % config_file)
|
||||||
|
except IOError as e:
|
||||||
|
raise InvalidConfig(
|
||||||
|
"Could not read file %s: %r" % (config_file, e))
|
||||||
|
|
||||||
|
config = load_from_env()
|
||||||
|
if config is None:
|
||||||
|
config = load_from_file()
|
||||||
|
|
||||||
|
LOG.info('Validating config file')
|
||||||
|
validate_config(config)
|
||||||
|
return config
|
||||||
|
|
||||||
|
|
||||||
|
def copy_config(config):
|
||||||
|
if 'config_files' in config:
|
||||||
|
LOG.info('Copying service configuration files')
|
||||||
|
for data in config['config_files']:
|
||||||
|
config_file = ConfigFile(**data)
|
||||||
|
config_file.copy()
|
||||||
|
else:
|
||||||
|
LOG.debug('No files to copy found in config')
|
||||||
|
|
||||||
|
LOG.info('Writing out command to execute')
|
||||||
|
LOG.debug("Command is: %s", config['command'])
|
||||||
|
# The value from the 'command' key will be written to '/run_command'
|
||||||
|
cmd = '/run_command'
|
||||||
|
with open(cmd, 'w+') as f:
|
||||||
|
f.write(config['command'])
|
||||||
|
# Make sure the generated file is readable by all users
|
||||||
|
try:
|
||||||
|
os.chmod(cmd, 0o644)
|
||||||
|
except OSError:
|
||||||
|
LOG.exception('Failed to set permission of %s to 0o644', cmd)
|
||||||
|
|
||||||
|
|
||||||
|
def user_group(owner):
|
||||||
|
if ':' in owner:
|
||||||
|
user, group = owner.split(':', 1)
|
||||||
|
if not group:
|
||||||
|
group = user
|
||||||
|
else:
|
||||||
|
user, group = owner, owner
|
||||||
|
return user, group
|
||||||
|
|
||||||
|
|
||||||
|
def handle_permissions(config):
|
||||||
|
for permission in config.get('permissions', list()):
|
||||||
|
path = permission.get('path')
|
||||||
|
owner = permission.get('owner')
|
||||||
|
recurse = permission.get('recurse', False)
|
||||||
|
perm = permission.get('perm')
|
||||||
|
|
||||||
|
desired_user, desired_group = user_group(owner)
|
||||||
|
uid = pwd.getpwnam(desired_user).pw_uid
|
||||||
|
gid = grp.getgrnam(desired_group).gr_gid
|
||||||
|
|
||||||
|
def set_perms(path, uid, gid, perm):
|
||||||
|
LOG.info('Setting permission for %s', path)
|
||||||
|
if not os.path.exists(path):
|
||||||
|
LOG.warning('%s does not exist', path)
|
||||||
|
return
|
||||||
|
|
||||||
|
try:
|
||||||
|
os.chown(path, uid, gid)
|
||||||
|
except OSError:
|
||||||
|
LOG.exception('Failed to change ownership of %s to %s:%s',
|
||||||
|
path, uid, gid)
|
||||||
|
|
||||||
|
if perm:
|
||||||
|
# NOTE(Jeffrey4l): py3 need '0oXXX' format for octal literals,
|
||||||
|
# and py2 support such format too.
|
||||||
|
if len(perm) == 4 and perm[1] != 'o':
|
||||||
|
perm = ''.join([perm[:1], 'o', perm[1:]])
|
||||||
|
perm = int(perm, base=0)
|
||||||
|
|
||||||
|
try:
|
||||||
|
os.chmod(path, perm)
|
||||||
|
except OSError:
|
||||||
|
LOG.exception('Failed to set permission of %s to %s',
|
||||||
|
path, perm)
|
||||||
|
|
||||||
|
for dest in glob.glob(path):
|
||||||
|
set_perms(dest, uid, gid, perm)
|
||||||
|
if recurse and os.path.isdir(dest):
|
||||||
|
for root, dirs, files in os.walk(dest):
|
||||||
|
for dir_ in dirs:
|
||||||
|
set_perms(os.path.join(root, dir_), uid, gid, perm)
|
||||||
|
for file_ in files:
|
||||||
|
set_perms(os.path.join(root, file_), uid, gid, perm)
|
||||||
|
|
||||||
|
|
||||||
|
def execute_config_strategy(config):
|
||||||
|
config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
|
||||||
|
LOG.info("Kolla config strategy set to: %s", config_strategy)
|
||||||
|
if config_strategy == "COPY_ALWAYS":
|
||||||
|
copy_config(config)
|
||||||
|
handle_permissions(config)
|
||||||
|
elif config_strategy == "COPY_ONCE":
|
||||||
|
if os.path.exists('/configured'):
|
||||||
|
raise ImmutableConfig(
|
||||||
|
"The config strategy prevents copying new configs",
|
||||||
|
exit_code=0)
|
||||||
|
else:
|
||||||
|
copy_config(config)
|
||||||
|
handle_permissions(config)
|
||||||
|
os.mknod('/configured')
|
||||||
|
else:
|
||||||
|
raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly')
|
||||||
|
|
||||||
|
|
||||||
|
def execute_config_check(config):
|
||||||
|
for data in config['config_files']:
|
||||||
|
config_file = ConfigFile(**data)
|
||||||
|
config_file.check()
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
try:
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument('--check',
|
||||||
|
action='store_true',
|
||||||
|
required=False,
|
||||||
|
help='Check whether the configs changed')
|
||||||
|
args = parser.parse_args()
|
||||||
|
config = load_config()
|
||||||
|
|
||||||
|
if args.check:
|
||||||
|
execute_config_check(config)
|
||||||
|
else:
|
||||||
|
execute_config_strategy(config)
|
||||||
|
except ExitingException as e:
|
||||||
|
LOG.error("%s: %s", e.__class__.__name__, e)
|
||||||
|
return e.exit_code
|
||||||
|
except Exception:
|
||||||
|
LOG.exception('Unexpected error:')
|
||||||
|
return 2
|
||||||
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
sys.exit(main())
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -o errexit
|
||||||
|
set -o xtrace
|
||||||
|
|
||||||
|
# Processing /var/lib/kolla/config_files/config.json as root. This is necessary
|
||||||
|
# to permit certain files to be controlled by the root user which should
|
||||||
|
# not be writable by the dropped-privileged user, especially /run_command
|
||||||
|
sudo -E kolla_set_configs
|
||||||
|
CMD=$(cat /run_command)
|
||||||
|
ARGS=""
|
||||||
|
|
||||||
|
if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then
|
||||||
|
# Run additional commands if present
|
||||||
|
. kolla_extend_start
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Running command: '${CMD}${ARGS:+ $ARGS}'"
|
||||||
|
exec ${CMD} ${ARGS}
|
|
@ -0,0 +1,18 @@
|
||||||
|
# The idea here is a container service adds their UID to the kolla group
|
||||||
|
# via usermod -a -G kolla <uid>. Then the kolla_start may run
|
||||||
|
# kolla_set_configs via sudo as the root user which is necessary to protect
|
||||||
|
# the immutability of the container
|
||||||
|
|
||||||
|
# anyone in the kolla group may sudo -E (set the environment)
|
||||||
|
Defaults: %kolla setenv
|
||||||
|
|
||||||
|
# root may run any commands via sudo as the network seervice user. This is
|
||||||
|
# neededfor database migrations of existing services which have not been
|
||||||
|
# converted to run as a non-root user, but instead do that via sudo -E glance
|
||||||
|
root ALL=(ALL) ALL
|
||||||
|
|
||||||
|
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
|
||||||
|
# root user via sudo without password confirmation
|
||||||
|
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs
|
||||||
|
|
||||||
|
#includedir /etc/sudoers.d
|
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||||
|
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||||
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
|
glance-manage db_sync
|
||||||
|
glance-manage db_load_metadefs
|
||||||
|
exit 0
|
||||||
|
fi
|
|
@ -0,0 +1,126 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -o errexit
|
||||||
|
|
||||||
|
FORCE_GENERATE="${FORCE_GENERATE}"
|
||||||
|
HASH_PATH=/var/lib/kolla/.settings.md5sum.txt
|
||||||
|
MANAGE_PY="/usr/bin/python${KOLLA_DISTRO_PYTHON_VERSION} /usr/bin/manage.py"
|
||||||
|
|
||||||
|
if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then
|
||||||
|
CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py"
|
||||||
|
if [[ ! -L ${CUSTOM_SETTINGS_FILE} ]]; then
|
||||||
|
ln -s /etc/openstack-dashboard/custom_local_settings ${CUSTOM_SETTINGS_FILE}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||||
|
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||||
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
|
$MANAGE_PY migrate --noinput
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
function config_dashboard {
|
||||||
|
ENABLE=$1
|
||||||
|
SRC=$2
|
||||||
|
DEST=$3
|
||||||
|
if [[ ! -f ${SRC} ]]; then
|
||||||
|
echo "WARNING: ${SRC} is required"
|
||||||
|
elif [[ "${ENABLE}" == "yes" ]] && [[ ! -f "${DEST}" ]]; then
|
||||||
|
cp -a "${SRC}" "${DEST}"
|
||||||
|
FORCE_GENERATE="yes"
|
||||||
|
elif [[ "${ENABLE}" != "yes" ]] && [[ -f "${DEST}" ]]; then
|
||||||
|
# remove pyc pyo files too
|
||||||
|
rm -f "${DEST}" "${DEST}c" "${DEST}o"
|
||||||
|
FORCE_GENERATE="yes"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function config_designate_dashboard {
|
||||||
|
for file in ${SITE_PACKAGES}/designatedashboard/enabled/_*[^__].py; do
|
||||||
|
config_dashboard "${ENABLE_DESIGNATE}" \
|
||||||
|
"${SITE_PACKAGES}/designatedashboard/enabled/${file##*/}" \
|
||||||
|
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function config_heat_dashboard {
|
||||||
|
for file in ${SITE_PACKAGES}/heat_dashboard/enabled/_*[^__].py; do
|
||||||
|
config_dashboard "${ENABLE_HEAT}" \
|
||||||
|
"${SITE_PACKAGES}/heat_dashboard/enabled/${file##*/}" \
|
||||||
|
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
|
||||||
|
done
|
||||||
|
|
||||||
|
config_dashboard "${ENABLE_HEAT}" \
|
||||||
|
"${SITE_PACKAGES}/heat_dashboard/conf/heat_policy.json" \
|
||||||
|
"/etc/openstack-dashboard/heat_policy.json"
|
||||||
|
}
|
||||||
|
|
||||||
|
function config_ironic_dashboard {
|
||||||
|
for file in ${SITE_PACKAGES}/ironic_ui/enabled/_*[^__].py; do
|
||||||
|
config_dashboard "${ENABLE_IRONIC}" \
|
||||||
|
"${SITE_PACKAGES}/ironic_ui/enabled/${file##*/}" \
|
||||||
|
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function config_manila_ui {
|
||||||
|
for file in ${SITE_PACKAGES}/manila_ui/local/enabled/_*[^__].py; do
|
||||||
|
config_dashboard "${ENABLE_MANILA}" \
|
||||||
|
"${SITE_PACKAGES}/manila_ui/local/enabled/${file##*/}" \
|
||||||
|
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function config_octavia_dashboard {
|
||||||
|
config_dashboard "${ENABLE_OCTAVIA}" \
|
||||||
|
"${SITE_PACKAGES}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py" \
|
||||||
|
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py"
|
||||||
|
}
|
||||||
|
|
||||||
|
function config_sahara_dashboard {
|
||||||
|
for file in ${SITE_PACKAGES}/sahara_dashboard/enabled/_*[^__].py; do
|
||||||
|
config_dashboard "${ENABLE_SAHARA}" \
|
||||||
|
"${SITE_PACKAGES}/sahara_dashboard/enabled/${file##*/}" \
|
||||||
|
"${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# Regenerate the compressed javascript and css if any configuration files have
|
||||||
|
# changed. Use a static modification date when generating the tarball
|
||||||
|
# so that we only trigger on content changes.
|
||||||
|
function settings_bundle {
|
||||||
|
tar -cf- --mtime=1970-01-01 \
|
||||||
|
/etc/openstack-dashboard/local_settings \
|
||||||
|
/etc/openstack-dashboard/custom_local_settings \
|
||||||
|
/etc/openstack-dashboard/local_settings.d 2> /dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
function settings_changed {
|
||||||
|
changed=1
|
||||||
|
|
||||||
|
if [[ ! -f $HASH_PATH ]] || ! settings_bundle | md5sum -c --status $HASH_PATH || [[ $FORCE_GENERATE == yes ]]; then
|
||||||
|
changed=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return ${changed}
|
||||||
|
}
|
||||||
|
|
||||||
|
config_designate_dashboard
|
||||||
|
config_heat_dashboard
|
||||||
|
config_ironic_dashboard
|
||||||
|
config_manila_ui
|
||||||
|
config_octavia_dashboard
|
||||||
|
config_sahara_dashboard
|
||||||
|
|
||||||
|
if settings_changed; then
|
||||||
|
${MANAGE_PY} collectstatic --noinput --clear
|
||||||
|
${MANAGE_PY} compress --force
|
||||||
|
settings_bundle | md5sum > $HASH_PATH
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -f ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store ]] && [[ $(stat -c %U ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store) != "horizon" ]]; then
|
||||||
|
chown horizon ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store
|
||||||
|
fi
|
||||||
|
|
||||||
|
. /usr/local/bin/kolla_httpd_setup
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# check if unique iSCSI initiator name already exists
|
||||||
|
if [[ ! -f /etc/iscsi/initiatorname.iscsi ]]; then
|
||||||
|
echo "Generating new iSCSI initiator name"
|
||||||
|
echo InitiatorName=$(/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi
|
||||||
|
fi
|
|
@ -0,0 +1,31 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Create log dir for Keystone logs
|
||||||
|
KEYSTONE_LOG_DIR="/var/log/keystone"
|
||||||
|
if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then
|
||||||
|
mkdir -p ${KEYSTONE_LOG_DIR}
|
||||||
|
fi
|
||||||
|
if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then
|
||||||
|
chown keystone:kolla ${KEYSTONE_LOG_DIR}
|
||||||
|
fi
|
||||||
|
if [ ! -f "${KEYSTONE_LOG_DIR}/keystone.log" ]; then
|
||||||
|
touch ${KEYSTONE_LOG_DIR}/keystone.log
|
||||||
|
fi
|
||||||
|
if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}/keystone.log) != "keystone:keystone" ]]; then
|
||||||
|
chown keystone:keystone ${KEYSTONE_LOG_DIR}/keystone.log
|
||||||
|
fi
|
||||||
|
if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then
|
||||||
|
chmod 755 ${KEYSTONE_LOG_DIR}
|
||||||
|
fi
|
||||||
|
|
||||||
|
EXTRA_KEYSTONE_MANAGE_ARGS=${EXTRA_KEYSTONE_MANAGE_ARGS-}
|
||||||
|
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||||
|
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||||
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
|
sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
. /usr/local/bin/kolla_httpd_setup
|
||||||
|
|
||||||
|
ARGS="-DFOREGROUND"
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
function bootstrap_db {
|
||||||
|
mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
|
||||||
|
# Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
|
||||||
|
# NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions.
|
||||||
|
# Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid.
|
||||||
|
TIMEOUT=${DB_MAX_TIMEOUT:-60}
|
||||||
|
while [[ ! -S /var/lib/mysql/mysql.sock ]] && \
|
||||||
|
[[ ! -S /var/run/mysqld/mysqld.sock ]] || \
|
||||||
|
[[ ! -f /var/lib/mysql/mariadb.pid ]]; do
|
||||||
|
if [[ ${TIMEOUT} -gt 0 ]]; then
|
||||||
|
let TIMEOUT-=1
|
||||||
|
sleep 1
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
sudo -E kolla_security_reset
|
||||||
|
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
|
||||||
|
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
|
||||||
|
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
|
||||||
|
}
|
||||||
|
|
||||||
|
# This catches all cases of the BOOTSTRAP variable being set, including empty
|
||||||
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
|
mysql_install_db
|
||||||
|
bootstrap_db
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then
|
||||||
|
ARGS="${BOOTSTRAP_ARGS}"
|
||||||
|
fi
|
|
@ -0,0 +1,58 @@
|
||||||
|
#!/usr/bin/expect -f
|
||||||
|
|
||||||
|
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
|
||||||
|
spawn mysql_secure_installation
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||||
|
"Enter current password for root (enter for none):"
|
||||||
|
}
|
||||||
|
send "\r"
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
|
||||||
|
"Set root password?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||||
|
"New password:"
|
||||||
|
}
|
||||||
|
send "$env(DB_ROOT_PASSWORD)\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||||
|
"Re-enter new password:"
|
||||||
|
}
|
||||||
|
send "$env(DB_ROOT_PASSWORD)\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||||
|
"Remove anonymous users?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||||
|
"Disallow root login remotely?"
|
||||||
|
}
|
||||||
|
send "n\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||||
|
"Remove test database and access to it?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||||
|
"Reload privilege tables now?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
expect eof
|
|
@ -0,0 +1,6 @@
|
||||||
|
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
|
||||||
|
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
|
||||||
|
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
|
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||||
|
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
|
||||||
|
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables
|
|
@ -0,0 +1,28 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# All the option passed to this script will be
|
||||||
|
# passed to the ovn-ctl script. Please see the options
|
||||||
|
# supported by ovn-ctl script -
|
||||||
|
# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl
|
||||||
|
args=$@
|
||||||
|
|
||||||
|
# Use ovn-ctl script to start ovn NB db server as it
|
||||||
|
# takes care of creating the db file from the schema
|
||||||
|
# file if the db file is not present. It also takes care
|
||||||
|
# of updating the db file if the schema file is updated.
|
||||||
|
|
||||||
|
# Check for the presence of ovn-ctl script in two locations.
|
||||||
|
# If latest OVN is used (post split from openvswitch),
|
||||||
|
# then the new location for the ovn-ctl script is
|
||||||
|
# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is
|
||||||
|
# /usr/share/openvswitch/scripts/ovn-ctl.
|
||||||
|
|
||||||
|
if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then
|
||||||
|
set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor
|
||||||
|
elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then
|
||||||
|
set /usr/share/ovn/scripts/ovn-ctl --no-monitor
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
$@ $args run_nb_ovsdb
|
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# All the option passed to this script will be
|
||||||
|
# passed to the ovn-ctl script. Please see the options
|
||||||
|
# supported by ovn-ctl script -
|
||||||
|
# https://github.com/ovn-org/ovn/blob/master/utilities/ovn-ctl
|
||||||
|
args=$@
|
||||||
|
|
||||||
|
# Use ovn-ctl script to start ovn SB db server as it
|
||||||
|
# takes care of creating the db file from the schema
|
||||||
|
# file if the db file is not present. It also takes care
|
||||||
|
# of updating the db file if the schema file is updated.
|
||||||
|
|
||||||
|
# Check for the presence of ovn-ctl script in two locations.
|
||||||
|
# If latest OVN is used (post split from openvswitch),
|
||||||
|
# then the new location for the ovn-ctl script is
|
||||||
|
# is - /usr/share/ovn/scripts/ovn-ctl. Otherwise it is
|
||||||
|
# /usr/share/openvswitch/scripts/ovn-ctl.
|
||||||
|
|
||||||
|
|
||||||
|
if [[ -f "/usr/share/openvswitch/scripts/ovn-ctl" ]]; then
|
||||||
|
set /usr/share/openvswitch/scripts/ovn-ctl --no-monitor
|
||||||
|
elif [[ -f "/usr/share/ovn/scripts/ovn-ctl" ]]; then
|
||||||
|
set /usr/share/ovn/scripts/ovn-ctl --no-monitor
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
$@ $args run_sb_ovsdb
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||||
|
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||||
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
|
|
||||||
|
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous
|
||||||
|
# bootstrap, the system does not allow to overwrite it (it bootstrap files with
|
||||||
|
# permission denied error) but it allows to delete it and then recreate it.
|
||||||
|
if [[ -e "/var/lib/rabbitmq/.erlang.cookie" ]]; then
|
||||||
|
rm -f /var/lib/rabbitmq/.erlang.cookie
|
||||||
|
fi
|
||||||
|
echo "${RABBITMQ_CLUSTER_COOKIE}" > /var/lib/rabbitmq/.erlang.cookie
|
||||||
|
chmod 400 /var/lib/rabbitmq/.erlang.cookie
|
||||||
|
exit 0
|
||||||
|
fi
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
# PBR Generated from u'console_scripts'
|
||||||
|
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from oslo_rootwrap.cmd import main
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
sys.exit(main())
|
|
@ -0,0 +1,2 @@
|
||||||
|
swift ALL=(root) NOPASSWD: /bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+
|
||||||
|
swift ALL=(root) NOPASSWD: /usr/bin/find /srv/node/ -maxdepth 1 -type d -execdir chown swift\:swift {} \\+
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# This is a useful entrypoint/cmd if you wish to run commands in a container
|
||||||
|
# in an existing users $HOME directory
|
||||||
|
# For example: podman run -ti -e USER=stack -e UID=1000 --privileged=true --volume=/home/stack/:/home/stack/ tripleoclient:latest /usr/local/bin/create_super_user.sh
|
||||||
|
|
||||||
|
if [ -n "$USER" -a -n "$UID" ]; then
|
||||||
|
useradd "$USER" -u "$UID" -M
|
||||||
|
cat >> /etc/sudoers <<EOF_CAT
|
||||||
|
$USER ALL=(ALL) NOPASSWD:ALL
|
||||||
|
EOF_CAT
|
||||||
|
su -l $USER
|
||||||
|
export TERM="xterm"
|
||||||
|
alias ls='ls --color=auto'
|
||||||
|
/bin/bash
|
||||||
|
else
|
||||||
|
echo "Please set valid $USER and $UID env variables."
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -0,0 +1,53 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: >-
|
||||||
|
dnf install -y crudini &&
|
||||||
|
crudini --del /etc/dnf/dnf.conf main override_install_langs &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main clean_requirements_on_remove True &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main exactarch 1 &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main gpgcheck 1 &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main install_weak_deps False &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main installonly_limit 0 &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main keepcache 0 &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main obsoletes 1 &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main plugins 1 &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main skip_missing_names_on_install False &&
|
||||||
|
crudini --set /etc/dnf/dnf.conf main tsflags nodocs
|
||||||
|
- run: groupadd --force --gid 42400 kolla && useradd -l -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla
|
||||||
|
- run: touch /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/base/set_configs.py /usr/local/bin/kolla_set_configs
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_set_configs
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/base/start.sh /usr/local/bin/kolla_start
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_start
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/base/httpd_setup.sh /usr/local/bin/kolla_httpd_setup
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_httpd_setup
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/base/sudoers /etc/sudoers
|
||||||
|
- run: chmod 440 /etc/sudoers
|
||||||
|
- run: sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
|
||||||
|
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }}
|
||||||
|
- run: mkdir -p /openstack
|
||||||
|
- run: dnf update -y && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_cmd: kolla_start
|
||||||
|
tcib_entrypoint: dumb-init --single-child --
|
||||||
|
tcib_envs:
|
||||||
|
LANG: en_US.UTF-8
|
||||||
|
container: oci
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/base/*'', wantlist=True) }}'
|
||||||
|
tcib_labels:
|
||||||
|
maintainer: OpenStack TripleO team
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- ca-certificates
|
||||||
|
- curl
|
||||||
|
- dumb-init
|
||||||
|
- glibc-langpack-en
|
||||||
|
- iscsi-initiator-utils
|
||||||
|
- openstack-selinux
|
||||||
|
- openstack-tripleo-common-container-base
|
||||||
|
- procps-ng
|
||||||
|
- python3
|
||||||
|
- rsync
|
||||||
|
- socat
|
||||||
|
- sudo
|
||||||
|
- tar
|
||||||
|
- util-linux-user
|
||||||
|
tcib_stopsignal: SIGTERM
|
|
@ -0,0 +1,64 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: >-
|
||||||
|
if [ '{{ tcib_distro }}' == 'rhel' ]; then
|
||||||
|
{% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}
|
||||||
|
fi
|
||||||
|
- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi
|
||||||
|
- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /var/lib/collectd && useradd -d /var/lib/collectd -l -M --shell /usr/sbin/nologin collectd && chown collectd:collectd /var/lib/collectd
|
||||||
|
- run: chown -R collectd /var/lib/collectd && chown -R collectd /etc/collectd* && chown -R collectd /var/run/
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- collectd
|
||||||
|
- collectd-amqp1
|
||||||
|
- collectd-apache
|
||||||
|
- collectd-bind
|
||||||
|
- collectd-ceph
|
||||||
|
- collectd-chrony
|
||||||
|
- collectd-connectivity
|
||||||
|
- collectd-curl
|
||||||
|
- collectd-curl_json
|
||||||
|
- collectd-curl_xml
|
||||||
|
- collectd-dbi
|
||||||
|
- collectd-disk
|
||||||
|
- collectd-dns
|
||||||
|
- collectd-generic-jmx
|
||||||
|
- collectd-ipmi
|
||||||
|
- collectd-iptables
|
||||||
|
- collectd-log_logstash
|
||||||
|
- collectd-mcelog
|
||||||
|
- collectd-memcachec
|
||||||
|
- collectd-mysql
|
||||||
|
- collectd-netlink
|
||||||
|
- collectd-openldap
|
||||||
|
- collectd-ovs-events
|
||||||
|
- collectd-ovs-stats
|
||||||
|
- collectd-ping
|
||||||
|
- collectd-procevent
|
||||||
|
- collectd-python
|
||||||
|
- collectd-sensors
|
||||||
|
- collectd-sensubility
|
||||||
|
- collectd-smart
|
||||||
|
- collectd-snmp
|
||||||
|
- collectd-snmp-agent
|
||||||
|
- collectd-sysevent
|
||||||
|
- collectd-utils
|
||||||
|
- collectd-virt
|
||||||
|
- collectd-write_http
|
||||||
|
- collectd-write_kafka
|
||||||
|
- collectd-write_prometheus
|
||||||
|
- python3-collectd-gnocchi
|
||||||
|
- python3-sqlalchemy-collectd
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
rhel:
|
||||||
|
- python3-collectd-rabbitmq-monitoring
|
||||||
|
x86_64:
|
||||||
|
- collectd-hugepages
|
||||||
|
- collectd-pcie-errors
|
||||||
|
- collectd-pmu
|
||||||
|
- collectd-rdt
|
||||||
|
- collectd-turbostat
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- cronie
|
||||||
|
- logrotate
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- etcd
|
||||||
|
tcib_user: etcd
|
|
@ -0,0 +1,10 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- haproxy
|
||||||
|
- libqb
|
||||||
|
- pacemaker
|
||||||
|
- pacemaker-remote
|
||||||
|
- pcs
|
||||||
|
- resource-agents
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- hostname
|
||||||
|
- keepalived
|
|
@ -0,0 +1,35 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset'
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- run: usermod -a -G kolla {{ tcib_user }}
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/security_reset.expect /usr/local/bin/kolla_security_reset
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_security_reset
|
||||||
|
- run: rm -rf /var/lib/mysql/* /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf
|
||||||
|
- run: mkdir -p /etc/libqb
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mariadb /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_cmd: kolla_start
|
||||||
|
tcib_entrypoint: dumb-init --
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/mariadb/*'', wantlist=True) }}'
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- expect
|
||||||
|
- galera
|
||||||
|
- hostname
|
||||||
|
- libqb
|
||||||
|
- mariadb
|
||||||
|
- mariadb-backup
|
||||||
|
- mariadb-server-galera
|
||||||
|
- mariadb-server-utils
|
||||||
|
- pacemaker
|
||||||
|
- pacemaker-remote
|
||||||
|
- pcs
|
||||||
|
- resource-agents
|
||||||
|
- rsync
|
||||||
|
- tar
|
||||||
|
- xinetd
|
||||||
|
modules:
|
||||||
|
- enable: mariadb:10.3
|
||||||
|
tcib_user: mysql
|
|
@ -0,0 +1,9 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla {{ tcib_user }}
|
||||||
|
- run: mkdir -p /run/memcache && chown -R memcached:memcached /run/memcache
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- memcached
|
||||||
|
tcib_user: memcached
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/multipathd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- device-mapper-multipath
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /var/www/cgi-bin/aodh && chmod 755 /var/www/cgi-bin/aodh && cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/ && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-aodh-api
|
||||||
|
- python3-ldappool
|
||||||
|
- python3-mod_wsgi
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla aodh
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-aodh-common
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-evaluator /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-aodh-evaluator
|
||||||
|
tcib_user: aodh
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-aodh-listener
|
||||||
|
tcib_user: aodh
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-notifier /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-aodh-notifier
|
||||||
|
tcib_user: aodh
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-barbican-api
|
||||||
|
- python3-mod_wsgi
|
||||||
|
tcib_user: barbican
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers'
|
||||||
|
- run: usermod -a -G kolla barbican
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-barbican-common
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-keystone-listener /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-barbican-keystone-listener
|
||||||
|
tcib_user: barbican
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/barbican-worker /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-barbican-worker
|
||||||
|
tcib_user: barbican
|
|
@ -0,0 +1,9 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla ceilometer
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ceilometer-common
|
||||||
|
- python3-oslo-db
|
||||||
|
- python3-panko
|
||||||
|
- python3-tooz
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-central /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ceilometer-central
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
tcib_user: ceilometer
|
|
@ -0,0 +1,10 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ceilometer-compute
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-ipmi /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ceilometer-ipmi
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
tcib_user: ceilometer
|
|
@ -0,0 +1,8 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ceilometer-agent-notification /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ceilometer-notification
|
||||||
|
- python3-pyngus
|
||||||
|
tcib_user: ceilometer
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /var/www/cgi-bin/cinder && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: chown -R cinder /var/www/cgi-bin/cinder && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- python3-keystone
|
||||||
|
- python3-mod_wsgi
|
|
@ -0,0 +1,13 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /etc/libqb
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-backup /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- libqb
|
||||||
|
- nfs-utils
|
||||||
|
- pacemaker
|
||||||
|
- pacemaker-remote
|
||||||
|
- pcs
|
||||||
|
- resource-agents
|
||||||
|
tcib_user: cinder
|
|
@ -0,0 +1,15 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla cinder
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- ceph-common
|
||||||
|
- cryptsetup
|
||||||
|
- lvm2
|
||||||
|
- openstack-cinder
|
||||||
|
- python3-automaton
|
||||||
|
- python3-oslo-vmware
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
|
@ -0,0 +1,3 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_user: cinder
|
|
@ -0,0 +1,18 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /etc/libqb
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- libqb
|
||||||
|
- nfs-utils
|
||||||
|
- nvmetcli
|
||||||
|
- pacemaker
|
||||||
|
- pacemaker-remote
|
||||||
|
- pcs
|
||||||
|
- python3-cinderlib
|
||||||
|
- python3-rtslib
|
||||||
|
- resource-agents
|
||||||
|
- sysfsutils
|
||||||
|
- targetcli
|
||||||
|
tcib_user: cinder
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-designate-api
|
||||||
|
tcib_user: designate
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /var/lib/named/ /run/named && chown -R root /var/lib/named /run/named && chmod 755 /run/named
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- bind
|
|
@ -0,0 +1,9 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla designate
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-designate-common
|
||||||
|
- python3-oslo-reports
|
||||||
|
- python3-suds
|
||||||
|
- python3-tooz
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-designate-central
|
||||||
|
tcib_user: designate
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-designate-mdns
|
||||||
|
tcib_user: designate
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-designate-producer
|
||||||
|
tcib_user: designate
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-designate-sink
|
||||||
|
tcib_user: designate
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- bind
|
||||||
|
- openstack-designate-worker
|
||||||
|
tcib_user: designate
|
|
@ -0,0 +1,22 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla {{ tcib_user }}
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/glance-api/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/glance-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/glance-api/*'', wantlist=True) }}'
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-glance
|
||||||
|
- python3-oslo-vmware
|
||||||
|
- python3-rados
|
||||||
|
- python3-rbd
|
||||||
|
- qemu-img
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
tcib_user: glance
|
|
@ -0,0 +1,13 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- gnocchi-api
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- python3-boto3
|
||||||
|
- python3-cradox
|
||||||
|
- python3-ldappool
|
||||||
|
- python3-mod_wsgi
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla gnocchi
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- gnocchi-common
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-metricd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- gnocchi-metricd
|
||||||
|
tcib_user: gnocchi
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/gnocchi-statsd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- gnocchi-statsd
|
||||||
|
tcib_user: gnocchi
|
|
@ -0,0 +1,8 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-heat-api
|
||||||
|
- openstack-heat-engine
|
||||||
|
- openstack-heat-monolith
|
||||||
|
tcib_user: heat
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api-cfn /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-heat-api-cfn
|
||||||
|
tcib_user: heat
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/heat-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-heat-api
|
||||||
|
tcib_user: heat
|
|
@ -0,0 +1,10 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla heat
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-heat-common
|
||||||
|
- python3-mod_wsgi
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-heat-engine
|
||||||
|
tcib_user: heat
|
|
@ -0,0 +1,18 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: mv /etc/rpm/macros.image-language-conf /tmp && dnf -y install openstack-dashboard && mv /tmp/macros.image-language-conf /etc/rpm && dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/horizon/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- run: 'sed -i -r ''s,^(Listen 80),#\1,'' /etc/httpd/conf/httpd.conf && sed -i -r ''s,^(Listen 443),#\1,'' /etc/httpd/conf.d/ssl.conf && ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python3.6/site-packages/openstack_dashboard && ln -s /usr/share/openstack-dashboard/static /usr/lib/python3.6/site-packages/static && chown -R apache /etc/openstack-dashboard /usr/share/openstack-dashboard && chown -R apache /usr/share/openstack-dashboard/static && sed -i "s|WEBROOT = ''/dashboard/''|WEBROOT = ''/''|" /etc/openstack-dashboard/local_settings && cp /usr/share/openstack-dashboard/manage.py /usr/bin/manage.py && rm -f /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/?[^_]*.py* && rm -f /usr/lib/python3.6/site-packages/openstack_dashboard/local/enabled/?[^_]*.py* && for locale in /usr/lib/python3.6/site-packages/*/locale; do (cd ${locale%/*} && /usr/bin/django-admin compilemessages) done'
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/horizon /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/horizon/*'', wantlist=True) }}'
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- gettext
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-heat-ui
|
||||||
|
- openstack-ironic-ui
|
||||||
|
- openstack-manila-ui
|
||||||
|
- openstack-octavia-ui
|
||||||
|
- python3-mod_wsgi
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-ironic-api
|
||||||
|
- python3-mod_wsgi
|
||||||
|
tcib_user: ironic
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla ironic
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ironic-common
|
|
@ -0,0 +1,34 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-conductor /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- genisoimage
|
||||||
|
- dosfstools
|
||||||
|
- e2fsprogs
|
||||||
|
- gdisk
|
||||||
|
- ipmitool
|
||||||
|
- openssh-clients
|
||||||
|
- openstack-ironic-conductor
|
||||||
|
- openstack-ironic-staging-drivers
|
||||||
|
- parted
|
||||||
|
- psmisc
|
||||||
|
- python3-dracclient
|
||||||
|
- python3-ironic-inspector-client
|
||||||
|
- python3-proliantutils
|
||||||
|
- python3-pysnmp
|
||||||
|
- python3-scciclient
|
||||||
|
- python3-sushy
|
||||||
|
- python3-systemd
|
||||||
|
- qemu-img
|
||||||
|
- util-linux
|
||||||
|
- xfsprogs
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
rhel:
|
||||||
|
- python-ovirt-engine-sdk4
|
||||||
|
- python3dist\(ansible\)
|
||||||
|
tcib_user: ironic
|
|
@ -0,0 +1,9 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla {{ tcib_user }}
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-inspector /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-ironic-inspector
|
||||||
|
- openstack-ironic-inspector-dnsmasq
|
||||||
|
tcib_user: ironic-inspector
|
|
@ -0,0 +1,14 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: echo -e "re ^(/tftpboot/) /tftpboot/\2\nre ^/tftpboot/ /tftpboot/\nre ^(^/) /tftpboot/\1\nre ^([^/]) /tftpboot/\1" > /map-file
|
||||||
|
- run: echo ". /usr/local/bin/kolla_httpd_setup"> /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-pxe /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- ipxe-bootimgs
|
||||||
|
- mod_ssl
|
||||||
|
- python3-mod_wsgi
|
||||||
|
- syslinux-tftpboot
|
||||||
|
- tftp-server
|
|
@ -0,0 +1,12 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/iscsid/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- run: rm /etc/iscsi/initiatorname.iscsi
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/iscsid /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/iscsid/*'', wantlist=True) }}'
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- iscsi-initiator-utils
|
||||||
|
- python3-rtslib
|
||||||
|
- targetcli
|
|
@ -0,0 +1,23 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf module -y enable mod_auth_openidc && dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla keystone
|
||||||
|
- run: mkdir -p /var/www/cgi-bin/keystone && chown -R keystone /var/www/cgi-bin/keystone
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/keystone/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
|
- run: cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main
|
||||||
|
- run: cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
|
||||||
|
- run: sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/keystone /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/keystone/*'', wantlist=True) }}'
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_auth_gssapi
|
||||||
|
- mod_auth_mellon
|
||||||
|
- mod_auth_openidc
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-keystone
|
||||||
|
- python3-ldappool
|
||||||
|
- python3-mod_wsgi
|
||||||
|
- python3-requests-kerberos
|
|
@ -0,0 +1,10 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /var/www/cgi-bin/manila && cp -a /usr/bin/manila-wsgi /var/www/cgi-bin/manila/manila-wsgi && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: chown -R manila /var/www/cgi-bin/manila && chmod 755 /var/www/cgi-bin/manila/manila-wsgi
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- python3-mod_wsgi
|
||||||
|
tcib_user: manila
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla manila
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-manila
|
|
@ -0,0 +1,3 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/manila-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_user: manila
|
|
@ -0,0 +1,14 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: mkdir -p /etc/libqb
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- ceph-common
|
||||||
|
- libqb
|
||||||
|
- openstack-manila-share
|
||||||
|
- pacemaker
|
||||||
|
- pacemaker-remote
|
||||||
|
- pcs
|
||||||
|
- resource-agents
|
||||||
|
- sqlite
|
||||||
|
tcib_user: manila
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-mistral-api
|
||||||
|
- python3-mod_wsgi
|
||||||
|
tcib_user: mistral
|
|
@ -0,0 +1,9 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla mistral
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-mistral-common
|
||||||
|
- openstack-tripleo-common
|
||||||
|
- python3-shade
|
||||||
|
- python3dist\(ansible\)
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-engine /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-mistral-engine
|
||||||
|
tcib_user: mistral
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-event-engine /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-mistral-event-engine
|
||||||
|
tcib_user: mistral
|
|
@ -0,0 +1,21 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/mistral-executor /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
- run: test -f /usr/bin/ansible-playbook-3 || ln -s /usr/bin/ansible-playbook /usr/bin/ansible-playbook-3
|
||||||
|
- run: useradd validations
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- ipmitool
|
||||||
|
- openstack-mistral-executor
|
||||||
|
- openstack-nova-common
|
||||||
|
- openstack-tripleo-heat-templates
|
||||||
|
- openstack-tripleo-validations
|
||||||
|
- python3-novajoin
|
||||||
|
- qemu-img
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
- disable: container-tools:rhel8
|
||||||
|
- enable: container-tools:2.0
|
||||||
|
tcib_user: mistral
|
|
@ -0,0 +1,8 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-neutron-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- python3-ironic-neutron-agent
|
||||||
|
- python3-networking-baremetal
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,10 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- libseccomp
|
||||||
|
- podman
|
||||||
|
modules:
|
||||||
|
- disable: container-tools:rhel8
|
||||||
|
- enable: container-tools:2.0
|
|
@ -0,0 +1,3 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-dhcp /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,3 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-l3 /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ovn-metadata /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- python3-networking-ovn-metadata-agent
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,18 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla neutron
|
||||||
|
- copy: /usr/share/tripleo-common/container-images/kolla/neutron-base/neutron_sudoers /etc/sudoers.d/neutron_sudoers
|
||||||
|
- run: chmod 440 /etc/sudoers.d/neutron_sudoers
|
||||||
|
# TODO(emilien) add support for tripleo-common being installed from source
|
||||||
|
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/neutron-base/*'', wantlist=True) }}'
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- iputils
|
||||||
|
- net-tools
|
||||||
|
- openstack-neutron
|
||||||
|
- openstack-neutron-ml2
|
||||||
|
- openvswitch
|
||||||
|
- python3-networking-baremetal
|
||||||
|
- python3-networking-vmware-nsx
|
||||||
|
- python3-openvswitch
|
||||||
|
- python3-oslo-vmware
|
|
@ -0,0 +1,3 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-metadata /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-ovs-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-neutron-openvswitch
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,12 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- python3-networking-ansible
|
||||||
|
- python3-networking-baremetal
|
||||||
|
- python3-networking-ovn
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,11 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- python3-networking-ansible
|
||||||
|
- python3-networking-baremetal
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/neutron-sriov-agent /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-neutron-sriov-nic-agent
|
||||||
|
tcib_user: neutron
|
|
@ -0,0 +1,12 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- openstack-nova-api
|
||||||
|
- python3-mod_wsgi
|
||||||
|
- python3-novajoin
|
||||||
|
tcib_user: nova
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: mkdir -p /etc/ssh && touch /etc/ssh/ssh_known_host
|
||||||
|
- run: dnf install -y {{ tcib_packages | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla nova
|
||||||
|
tcib_packages:
|
||||||
|
- openstack-nova-common
|
|
@ -0,0 +1,14 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-ironic /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- genisoimage
|
||||||
|
- nvme-cli
|
||||||
|
- openstack-nova-compute
|
||||||
|
- python3-novajoin
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
tcib_user: nova
|
|
@ -0,0 +1,29 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: rm -f /etc/machine-id
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- ceph-common
|
||||||
|
- device-mapper-multipath
|
||||||
|
- e2fsprogs
|
||||||
|
- genisoimage
|
||||||
|
- iscsi-initiator-utils
|
||||||
|
- nfs-utils
|
||||||
|
- nvme-cli
|
||||||
|
- openssh-server
|
||||||
|
- openstack-nova-compute
|
||||||
|
- openstack-nova-migration
|
||||||
|
- openvswitch
|
||||||
|
- parted
|
||||||
|
- python3-libguestfs
|
||||||
|
- python3-oslo-vmware
|
||||||
|
- python3-rtslib
|
||||||
|
- sysfsutils
|
||||||
|
- targetcli
|
||||||
|
- xfsprogs
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
tcib_user: nova
|
|
@ -0,0 +1,7 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-conductor /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-nova-conductor
|
||||||
|
tcib_user: nova
|
|
@ -0,0 +1,29 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-libvirt /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- ceph-common
|
||||||
|
- cyrus-sasl-scram
|
||||||
|
- libcgroup-tools
|
||||||
|
- libguestfs
|
||||||
|
- libseccomp
|
||||||
|
- libvirt-client
|
||||||
|
- libvirt-daemon
|
||||||
|
- libvirt-daemon-config-nwfilter
|
||||||
|
- libvirt-daemon-driver-nwfilter
|
||||||
|
- openssl-perl
|
||||||
|
- openstack-nova-migration
|
||||||
|
- openvswitch
|
||||||
|
- podman
|
||||||
|
- qemu-kvm
|
||||||
|
- trousers
|
||||||
|
modules:
|
||||||
|
- disable: container-tools:rhel8
|
||||||
|
- enable: container-tools:2.0
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
x86_64:
|
||||||
|
- edk2-ovmf
|
|
@ -0,0 +1,8 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-vnc-proxy /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- novnc
|
||||||
|
- openstack-nova-novncproxy
|
||||||
|
tcib_user: nova
|
|
@ -0,0 +1,12 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||||
|
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-scheduler /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- openstack-nova-scheduler
|
||||||
|
- openstack-tripleo-common
|
||||||
|
modules:
|
||||||
|
- disable: virt:rhel
|
||||||
|
- enable: virt:8.2
|
||||||
|
tcib_user: nova
|
|
@ -0,0 +1,6 @@
|
||||||
|
tcib_actions:
|
||||||
|
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||||
|
- run: usermod -a -G kolla novajoin
|
||||||
|
tcib_packages:
|
||||||
|
common:
|
||||||
|
- python3-novajoin
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue