Retire Tripleo: remove repo content

TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: Ic209179b0be9c3746a702ccea2dd35e883e78bee
This commit is contained in:
Ghanshyam Mann 2024-02-24 11:33:09 -08:00
parent 2ce67c3dbb
commit a43311b7ef
130 changed files with 8 additions and 3774 deletions

24
.gitignore vendored
View File

@ -1,24 +0,0 @@
*.pyc
*.qcow2
elements/seed-stack-config/local.json
# Unit test / coverage reports
.stestr
.tox
.venv
# Packages
*.egg-info
dist
build
# pbr generates these
AUTHORS
ChangeLog
# Editors
*.sw?
*~
# Files created by releasenotes build
releasenotes/build

View File

@ -1,3 +0,0 @@
[DEFAULT]
test_path=./tests/
top_dir=./

View File

@ -1,24 +0,0 @@
TripleO Style Guidelines
========================
- Step 1: Read the OpenStack Style Guidelines [1]_.
- Step 2: Read the tripleo-incubator HACKING.rst [2]_.
- Step 3: Read on.
Element Specific Guidelines
---------------------------
- Idempotency. A new version of metadata can be pushed at any time, for example
due to a `heat stack-update`. Elements' os-refresh-config scripts must handle
this gracefully. If they cannot be fully idempotent, they must fence their
once-only sections.
For example, the keepalived element's configure.d script either reloads or
restarts the service based on whether it appears to be already running.
Another method of fencing would be to write a marker to ephemeral storage on
first execution and skip once-only sections if the marker is present.
References
----------
.. [1] https://docs.openstack.org/hacking/latest/
.. [2] http://docs.openstack.org/developer/tripleo-incubator/HACKING.html

202
LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -1,3 +0,0 @@
include README.md
graft elements
graft docs

View File

@ -1,103 +1,10 @@
========================
Team and repository tags
========================
This project is no longer maintained.
.. image:: https://governance.openstack.org/tc/badges/tripleo-image-elements.svg
:target: https://governance.openstack.org/tc/reference/tags/index.html
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
.. Change things from this point on
Image building rules for OpenStack images
=========================================
These elements are used to build disk images for deploying OpenStack via Heat.
They are built as part of the TripleO_ umbrella project.
.. _TripleO: https://wiki.openstack.org/wiki/TripleO
Instructions
------------
Checkout this source tree and also the diskimage builder, export an
ELEMENTS_PATH to add elements from this tree, and build any disk images you
need::
virtualenv .
source bin/activate
pip install dib-utils pyyaml
git clone https://opendev.org/openstack/diskimage-builder.git
git clone https://opendev.org/openstack/tripleo-image-elements.git
export ELEMENTS_PATH=tripleo-image-elements/elements
diskimage-builder/bin/disk-image-create -u base vm bootstrap local-config stackuser heat-cfntools -a i386 -o bootstrap
Common element combinations
---------------------------
Always include heat-cfntools in images that you intend to boot via heat : if
that is not done, then the user ssh keys are not reliably pulled down from the
metadata server due to interactions with cloud-init.
Architecture
------------
OpenStack images are intended to be deployed and maintained using Nova + Heat.
As such they should strive to be stateless, maintained entirely via automation.
Configuration
-------------
In a running OpenStack there are several categories of config.
- per user - e.g. ssh key registration with nova: we repeat this sort
of config every time we add a user.
- local node - e.g. nova.conf or ovs-vsctl add-br br-ex : settings that
apply individually to machines
- inter-node - e.g. credentials on rabbitmq for a given nova compute node
- application state - e.g. 'neutron net-create ...' : settings that
apply to the whole cluster not on a per-user / per-tenant basis
We have five places we can do configuration in TripleO:
- image build time
- in-instance heat-driven (ORC scripts)
- from outside via APIs
- orchestrated by Heat
Our current heuristic for deciding where to do any particular configuration
step:
- per user config should be done from the outside via APIs, even for
users like 'admin' that we know we'll have. Note that service accounts
are different - they are a form of inter-node configuration.
- local node configuration should be done via ORC driven by Heat and/or
configuration management system metadata.
- inter-node configuration should be done by working through Heat. For
instance, creating a rabbit account for a nova compute node is something
that Heat should arrange, though the act of creating is probably done by a
script on the rabbit server - triggered by Heat - and applying the config is
done on the compute node by the local node script - again triggered by Heat.
- application state changes should be done from outside via APIs
Copyright
=========
Copyright 2012,2013 Hewlett-Packard Development Company, L.P.
Copyright (c) 2012 NTT DOCOMO, INC.
All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
Release notes for the project can be found at:
https://docs.openstack.org/releasenotes/tripleo-image-elements
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

View File

@ -1 +0,0 @@
[python: **.py]

View File

@ -1,3 +0,0 @@
openstackdocstheme>=2.2.1 # Apache-2.0
sphinx>=2.0.0,!=2.1.0 # BSD
reno>=3.1.0 # Apache-2.0

View File

@ -1,245 +0,0 @@
# -*- coding: utf-8 -*-
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = ['openstackdocstheme']
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
master_doc = 'index'
# General information about the project.
project = 'TripleO Image Elements'
copyright = '2014, OpenStack Developers'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '0.0'
# The full version, including alpha/beta/rc tags.
release = '0.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
# language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
# today = ''
# Else, today_fmt is used as the format for a strftime call.
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all
# documents.
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
# show_authors = False
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
# html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
# html_additional_pages = {}
# If false, no module index is generated.
# html_domain_indices = True
# If false, no index is generated.
# html_use_index = True
# If true, the index is split into individual pages for each letter.
# html_split_index = False
# If true, links to the reST sources are added to the pages.
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'TripleOImageElementsdoc'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('index', 'TripleOImageElements.tex',
'TripleO Image Elements Documentation',
'OpenStack Developers', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
# latex_use_parts = False
# If true, show page references after internal links.
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
# latex_appendices = []
# If false, no module index is generated.
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'tripleoimageelements', 'TripleO Image Elements Documentation',
['OpenStack Developers'], 1)
]
# If true, show URL addresses after external links.
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'TripleOImageElements',
'TripleO Image Elements Documentation',
'OpenStack Developers', 'TripleOImageElements',
'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
# texinfo_appendices = []
# If false, no module index is generated.
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
# openstackdocstheme options
openstackdocs_repo_name = 'openstack/tripleo-image-elements'
openstackdocs_auto_name = False
openstackdocs_bug_project = 'tripleo'
openstackdocs_bug_tag = 'documentation'

View File

@ -1,22 +0,0 @@
.. TripleO Image Elements documentation master file, created by
sphinx-quickstart on Fri Apr 18 09:19:09 2014.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to TripleO Image Elements's documentation!
==================================================
Contents:
.. toctree::
:maxdepth: 2
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

View File

View File

@ -1,3 +0,0 @@
enable-packages-install
This element will set the install types to package for all elements.

View File

@ -1 +0,0 @@
export DIB_DEFAULT_INSTALLTYPE=package

View File

@ -1,7 +0,0 @@
interface-names
===============
net.ifnames may be 0 in /etc/default/grub which can make generating a
configuration for the network interfaces difficult. The default in RHEL7
was to not have this defined. The kernel args can be tuned later in the
deployment so we want to clean it out if it is defined in grub.

View File

@ -1,10 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
if [ -f /etc/default/grub ]; then
# net.ifacenames is defined and set to 0 starting with RHEL8.
# This is a change from RHEL7 which can affect network configurations.
sed -i 's/net.ifnames=0//g' /etc/default/grub
fi

View File

@ -1,9 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
# https://bugs.centos.org/view.php?id=17133
rm -f /etc/sysconfig/network-scripts/ifcfg-ens*
# https://bugs.launchpad.net/tripleo/+bug/1931495
rm -f /etc/sysconfig/network-scripts/ifcfg-eth*

View File

@ -1,8 +0,0 @@
##iptables
This element installs a single script that consolidates the logic required
to handle inserting iptables rules. This script uses the check (-C) argument
to check whether a rule matching the specification does exist in the selected
chain before inserting it.
RULE: The rule to insert into iptables

View File

@ -1,51 +0,0 @@
#!/bin/bash
# Script to add iptables rules per element
#
# The only input argument is an iptables rule without the command option.
# This case covers all of the current usage of elements that insert rules
# in the 97-iptables files.
# Example usage:
# add-rule INPUT -p tcp -m multiport --dports 3260,8776 -j ACCEPT
# add-rule INPUT -p tcp --dport 4730 -j ACCEPT
# add-rule FORWARD -d 192.0.2.0/24 -j ACCEPT
set -eu
set -o pipefail
RULE="$@"
DISTRO=`lsb_release -si` || true
if [[ "RedHatEnterpriseServer RedHatEnterpriseWorkstation CentOS Fedora" =~ "$DISTRO" ]]; then
IPT_FILE=
# Check if the iptables service is active
if systemctl is-active iptables.service ; then
IPT_FILE=/etc/sysconfig/iptables
fi
if [ -f "$IPT_FILE" ]; then
iptables-restore < $IPT_FILE
fi
if [ -n "$IPT_FILE" ]; then
iptables -C $RULE || iptables -I $RULE
iptables-save > $IPT_FILE
fi
elif [[ "Debian Ubuntu" =~ "$DISTRO" ]]; then
# NOTE(kiall): os-svc-restart etc don't support the custom 'save'
# action, so we grab the name and call the service
# binary "by hand" instead.
SERVICE_NAME=$(svc-map iptables-persistent)
service $SERVICE_NAME reload
iptables -C $RULE || iptables -I $RULE
service $SERVICE_NAME save
fi

View File

@ -1,103 +0,0 @@
#!/bin/bash
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
set -o pipefail
SCRIPT_NAME=$(basename $0)
function show_usage () {
cat << EOF
usage: '$SCRIPT_NAME INPUTFILE'
Script to configure iptables.
Positional arguments:
INPUTFILE File containing required configuration details.
An input file is parsed and iptables rules are configured accordingly.
Rules are applied idempotently (ie duplicate rules are not created)
and non-destructively (existing rules are not deleted/recreated).
The input file is essentially set of iptables command arguments, with
the restriction that each line should start with one of:
'-A', '-D', '-I', '-N', '-F' or '-X'.
Lines beginning with '#' and lines containing only whitespace are ignored.
Sample input file contents:
-N stunnel-INPUT
-A stunnel-INPUT -p tcp --dport 5000 -j REJECT
-A stunnel-INPUT -j RETURN
-I INPUT -p tcp -j stunnel-INPUT
EOF
exit 1
}
function check() {
check_chain_name ${@:2}
iptables $@ > /dev/null 2>&1
}
function check_chain_name() {
# Verify that a chain name is supplied
grep -qEv '^[[:space:]]*-|^[[:space:]]*$' < <(echo $@)
if [ $? -ne 0 ]; then
echo "$SCRIPT_NAME: bad input (no chain) \"$LINE\""
exit 1
fi
}
function apply() {
iptables $@
echo "$SCRIPT_NAME: iptables $@"
}
[ $# -ne 1 ] && show_usage
FILE=$1
if [ ! -r $FILE ]; then
echo "$SCRIPT_NAME: Cannot read input file ${FILE}."
exit 1
fi
while read LINE
do
CMD=${LINE:0:2}
ARGLIST=${LINE:2}
case "$CMD" in
-A | -I)
check -C $ARGLIST || apply $LINE
;;
-D)
check -C $ARGLIST && apply $LINE
;;
-F | -X)
check -L $ARGLIST && apply $LINE
;;
-N)
check -L $ARGLIST || apply $LINE
;;
*)
echo "$SCRIPT_NAME: bad input \"$LINE\""
exit 1
;;
esac
done < <(grep -Ev "^[[:space:]]*$|^#" $FILE)

View File

@ -1,12 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
install-packages iptables
if [[ "ubuntu debian" =~ "$DISTRO_NAME" ]]; then
# Note in later versions will
# need netfilter-persistent package
install-packages iptables-persistent
fi

View File

@ -1,9 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
if [[ "rhel rhel7 centos7 fedora" =~ "$DISTRO_NAME" ]]; then
echo '# empty ruleset created by tripleo-image-elements' > /etc/sysconfig/iptables
echo '# empty ruleset created by tripleo-image-elements' > /etc/sysconfig/ip6tables
fi

View File

@ -1,9 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
if [[ "ubuntu debian" =~ "$DISTRO_NAME" ]]; then
# Disable save of iptables rules on package install
debconf-set-selections <<< "iptables-persistent iptables-persistent/autosave_v4 boolean false"
debconf-set-selections <<< "iptables-persistent iptables-persistent/autosave_v6 boolean false"
fi

View File

@ -1,4 +0,0 @@
iptables-persistent:
default: iptables-persistent
ubuntu: iptables-persistent
debian: netfilter-persistent

View File

@ -1,7 +0,0 @@
======================
ironic-agent-multipath
======================
Updates the ironic agent, installing multipath and
iscsi package, and enabling needed modules by default,
to execute a modprobe for the needed drivers before it is started.

View File

@ -1,3 +0,0 @@
install-static
package-installs
select-boot-kernel-initrd

View File

@ -1,2 +0,0 @@
iscsi-initiator-utils:
device-mapper-multipath:

View File

@ -1,9 +0,0 @@
qla4xxx
cxgb3i
cxgb4i
bnx2i
be2iscsi
iscsi_boot_sysfs
iscsi_ibft
iscsi_tcp
target_core_mod

View File

@ -1,15 +0,0 @@
network-gateway
===============
The network-gateway element allows for setting a network interface that will be
used as the default gateway. This is useful in deployments where they may be
external DHCP services offering leases, and the deployer would like to make the
route from one of those leases the default.
Currently only supported on ifcfg network configuration style systems.
Configuration
=============
network-config:
gateway-dev: eth1

View File

@ -1,24 +0,0 @@
#!/bin/bash
# This script must run after init-neutron-ovs, otherwise the default route may
# be overwritten.
set -eux
set -o pipefail
new_gatewaydev=$(os-apply-config --key network-config.gateway-dev --type raw --key-default '')
if [ -z "$new_gatewaydev" ]; then
echo "\$new_gatewaydev not set"
exit 0
fi
if grep -e "^\s*GATEWAYDEV=" /etc/sysconfig/network; then
sed -i "s/GATEWAYDEV=.*/GATEWAYDEV=$new_gatewaydev/" /etc/sysconfig/network
else
echo "GATEWAYDEV=$new_gatewaydev" >> /etc/sysconfig/network
fi
# Restart the device to pick up the change immediately.
ifdown $new_gatewaydev
ifup $new_gatewaydev

View File

@ -1,5 +0,0 @@
Install openvswitch from packages.
Enables the openvswitch service for systemd systems and
and adds an upstart script service to override the default
sysv one on systems with upstart.

View File

@ -1,2 +0,0 @@
os-svc-install
package-installs

View File

@ -1,22 +0,0 @@
#!/bin/bash
set -eux
if [ "$DIB_INIT_SYSTEM" == "systemd" ] ; then
os-svc-enable -n openvswitch-switch
fi
if [ "$DIB_INIT_SYSTEM" == "upstart" ] ; then
echo "start on starting cloud-init-nonet" >> /etc/init/openvswitch-switch.override
if [ ! -f /etc/init/openvswitch-switch.conf ] ; then
cat << 'EOF' > /etc/init/openvswitch-switch.conf
# openvswitch-switch
# the purpose of this job is
# * start openvwitch-switch in upstart rather than SysV startup
pre-start script
export RUNLEVEL=2
/etc/init.d/openvswitch-switch start
end script
post-stop exec /etc/init.d/openvswitch-switch stop
EOF
fi
fi

View File

@ -1 +0,0 @@
openvswitch-switch_package:

View File

@ -1,10 +0,0 @@
{
"family": {
"redhat": {
"openvswitch-switch_package": "openvswitch"
}
},
"default": {
"openvswitch-switch_package": "openvswitch-switch"
}
}

View File

@ -1,6 +0,0 @@
Install os-apply-config.
The contents of os-apply-config subdirectory in templates will be installed
into the default template directory automatically.
An os-refresh-config hook is created to invoke os-apply-config automatically.

View File

@ -1,3 +0,0 @@
os-refresh-config
package-installs
pip-manifest

View File

@ -1,3 +0,0 @@
if [ -z "${OS_APPLY_CONFIG_VENV_DIR:-}" ]; then
export OS_APPLY_CONFIG_VENV_DIR=${OPENSTACK_VENV_DIR:-"/opt/stack/venvs/os-apply-config"}
fi

View File

@ -1,6 +0,0 @@
#!/bin/bash
set -eux
TEMPLATE_ROOT=$(os-apply-config --print-templates)
mkdir -p $TEMPLATE_ROOT

View File

@ -1,10 +0,0 @@
#!/bin/bash
# Note that this relies on the detail that all elements share one dir
# inside the chroot. This will copy all the files that elements have
# added to element/os-apply-config into the appropriate location.
set -eux
TEMPLATE_ROOT=$(os-apply-config --print-templates)
TEMPLATE_SOURCE=$(dirname $0)/../os-apply-config
mkdir -p $TEMPLATE_ROOT
[ -d $TEMPLATE_SOURCE ] && rsync --exclude='.*.swp' -Cr $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/

View File

@ -1,39 +0,0 @@
#!/bin/bash
set -eux
manifest=$(get-pip-manifest os-apply-config)
env | sort
if [[ "$DISTRO_NAME" == "debian" ]] && [[ "$DIB_RELEASE" == "stable" || "$DIB_RELEASE" == "bullseye" ]]
then
virtualenv $OS_APPLY_CONFIG_VENV_DIR
else
virtualenv --setuptools $OS_APPLY_CONFIG_VENV_DIR
fi
set +u
source $OS_APPLY_CONFIG_VENV_DIR/bin/activate
set -u
if [ -n "$manifest" ]; then
use-pip-manifest $manifest
else
# bug #1201253 : virtualenv-1.10.1 embeds setuptools-0.9.8, which
# doesn't manage correctly HTTPS sockets when downloading pbr from
# https://pypi.python.org/simple/ if using http_proxy and https_proxy
# envvars
$OS_APPLY_CONFIG_VENV_DIR/bin/pip install -U 'setuptools>=1.0'
# bug #1293812 : Avoid easy_install triggering on pbr.
$OS_APPLY_CONFIG_VENV_DIR/bin/pip install -U 'pbr>=0.11'
$OS_APPLY_CONFIG_VENV_DIR/bin/pip install -U os-apply-config
fi
# Write the manifest of what was installed
write-pip-manifest os-apply-config
ln -s $OS_APPLY_CONFIG_VENV_DIR/bin/os-apply-config /usr/local/bin/os-apply-config
set +u
deactivate
set -u

View File

@ -1,4 +0,0 @@
#!/bin/bash
set -ue
exec os-apply-config

View File

@ -1,4 +0,0 @@
os-apply-config:
installtype: package
rsync:
phase: pre-install.d

View File

@ -1,17 +0,0 @@
{
"release": {
"debian": {
"bullseye": {
"os-apply-config": "python3-os-apply-config"
}
}
},
"family": {
"debian": {
"os-apply-config": "python-os-apply-config"
}
},
"default": {
"os-apply-config": "os-apply-config"
}
}

View File

@ -1,122 +0,0 @@
Setup os-collect-config to run as a system service. By default it will
run os-refresh-config on any changes.
Configuration
-------------
Heat Metadata can be used to configure os-collect-config:
os-collect-config:
command: os-refresh-config
cachedir: /var/run/os-collect-config
collectors:
- heat_local
- ec2
- cfn
polling_interval: 300
cfn:
metadata_url: http://foo:8000/v1
heat_metadata_hint: /var/lib/heat-cfntools/cfn-metadata-server
stack_name: required-stack-name
access_key_id: abcdefghijklmnop091234
secret_access_key: fffeeeeddddccccaaaa99999
path: ThisResource.Metadata
ca_certificate: /etc/ssl/ca.crt
ec2:
metadata_url: http://169.254.169.254/latest/meta-data
heat_local:
path: /var/lib/heat-cfntools/cfn-init-data
Note that `metadata_url` is optional, as it should be determined by the
file `heat_metadata_hint` refers to. This file is injected by Heat via
cloud-init at first boot. Those two parameters are the only optional
parameters. All of the others are required for the cfn data source
to function. Note that `ca_certificate` is also optional but required
in many cases where the metadata api is behind ssl.
`ec2` and `heat_local` do not require any configuration to work.
Typically the cfn collector is configured via EC2 metadata in a Heat
template:
Resources:
myserver:
Type: OS::Nova::Server
Properties:
...
Metadata:
os-collect-config:
cfn:
access_key_id:
Ref: Key
path: MyServerConfig.Metadata
secret_access_key:
Fn::GetAtt:
- Key
- SecretAccessKey
stack_name:
Ref: AWS::StackName
ca_certificate: /etc/ssl/ca.crt
The EC2 collector takes this metadata, passes it to os-apply-config
which in turn writes it out to /etc/os-collect-config.conf.
Note that the configuration references some other resources - a key
and access key, which are declared using:
Resources:
Key:
Properties:
UserName:
Ref: User
Type: AWS::IAM::AccessKey
User:
Properties:
Policies:
- Ref: AccessPolicy
Type: AWS::IAM::User
Note also that the IAM::User references an access policy which should
look like:
Resources:
AccessPolicy:
Properties:
AllowedResources:
- MyServerConfig
Type: OS::Heat::AccessPolicy
and, finally, the crucial bit is the MyServerConfig policy which is
referenced in the cfn collector configuration and the access policy:
Resources:
MyServerConfig:
Metadata:
os-collect-config:
cfn:
access_key_id:
Ref: Key
path: MyServerConfig.Metadata
secret_access_key:
Fn::GetAtt:
- Key
- SecretAccessKey
stack_name:
Ref: AWS::StackName
nova:
...
keystone:
...
Properties:
ImageId: '0'
InstanceType: foo
Type: AWS::AutoScaling::LaunchConfiguration
Essentially, this AutoScaling::LaunchConfiguration resource is a bunch
of boilerplate gunk to provide a metadata container from where the
os-collect-config cfn collector can pull configuration which will be
applied by os-apply-config. There's a os-collect-config section to
ensure the configuration from the EC2 metadata doesn't get
overwritten. And the rest is dummy values for the
LaunchConfiguration's required properties.

View File

@ -1,6 +0,0 @@
os-apply-config
os-refresh-config
os-svc-install
package-installs
pip-manifest
source-repositories

View File

@ -1,3 +0,0 @@
if [ -z "${OS_COLLECT_CONFIG_VENV_DIR:-}" ]; then
export OS_COLLECT_CONFIG_VENV_DIR=${OPENSTACK_VENV_DIR:-"/opt/stack/venvs/os-collect-config"}
fi

View File

@ -1,4 +0,0 @@
#!/bin/bash
set -eux
os-svc-enable -n os-collect-config

View File

@ -1,80 +0,0 @@
#!/bin/bash
set -eux
manifest=$(get-pip-manifest os-collect-config)
if [[ "$DISTRO_NAME" == "debian" ]] && [[ "$DIB_RELEASE" == "stable" || "$DIB_RELEASE" == "bullseye" ]]
then
virtualenv $OS_COLLECT_CONFIG_VENV_DIR
else
virtualenv --setuptools $OS_COLLECT_CONFIG_VENV_DIR
fi
set +u
source $OS_COLLECT_CONFIG_VENV_DIR/bin/activate
set -u
if [ -n "$manifest" ]; then
use-pip-manifest $manifest
else
# Need setuptools>=1.0 to manage connections when
# downloading from pypi using http_proxy and https_proxy
$OS_COLLECT_CONFIG_VENV_DIR/bin/pip install -U 'setuptools>=1.0'
# bug #1293812 : Avoid easy_install triggering on pbr.
$OS_COLLECT_CONFIG_VENV_DIR/bin/pip install -U 'pbr>=0.11'
$OS_COLLECT_CONFIG_VENV_DIR/bin/pip install -U os-collect-config
fi
# Write the manifest of what was installed
write-pip-manifest os-collect-config
ln -s $OS_COLLECT_CONFIG_VENV_DIR/bin/os-collect-config /usr/local/bin/os-collect-config
# Minimal static config for bootstrapping
cat > /etc/os-collect-config.conf <<eof
[DEFAULT]
command=os-refresh-config
eof
chmod 600 /etc/os-collect-config.conf
if [ "$DIB_INIT_SYSTEM" == "upstart" ] ; then
cat > /etc/init/os-collect-config.conf <<eof
start on runlevel [2345]
stop on runlevel [016]
respawn
# We're logging to syslog
console none
exec os-collect-config 2>&1 | logger -t os-collect-config
eof
elif [ "$DIB_INIT_SYSTEM" == "systemd" ] ; then
if [ -d "/lib/systemd" ]; then
path=/lib/systemd/system/os-collect-config.service
else
path=/usr/lib/systemd/system/os-collect-config.service
fi
cat > $path <<eof
[Unit]
Description=Collect metadata and run hook commands.
After=cloud-config.service
Before=crond.service
[Service]
ExecStart=/usr/local/bin/os-collect-config
Restart=on-failure
[Install]
WantedBy=multi-user.target
eof
else
echo Only systems with systemd or upstart are supported.
exit 1
fi
os-svc-enable -n os-collect-config
set +u
deactivate
set -u

View File

@ -1,60 +0,0 @@
[DEFAULT]
{{^os-collect-config.command}}
command = os-refresh-config
{{/os-collect-config.command}}
{{#os-collect-config}}
{{#command}}
command = {{command}}
{{/command}}
{{#polling_interval}}
polling_interval = {{polling_interval}}
{{/polling_interval}}
{{#cachedir}}
cachedir = {{cachedir}}
{{/cachedir}}
{{#collectors}}
collectors = {{.}}
{{/collectors}}
{{#cfn}}
[cfn]
{{#metadata_url}}
metadata_url = {{metadata_url}}
{{/metadata_url}}
stack_name = {{stack_name}}
secret_access_key = {{secret_access_key}}
access_key_id = {{access_key_id}}
path = {{path}}
{{#ca_certificate}}
ca_certificate = {{.}}
{{/ca_certificate}}
{{/cfn}}
{{#heat}}
[heat]
auth_url = {{auth_url}}
user_id = {{user_id}}
password = {{password}}
project_id = {{project_id}}
stack_id = {{stack_id}}
resource_name = {{resource_name}}
{{/heat}}
{{#zaqar}}
[zaqar]
auth_url = {{auth_url}}
user_id = {{user_id}}
password = {{password}}
project_id = {{project_id}}
queue_id = {{queue_id}}
{{#use_websockets}}
use_websockets = {{.}}
{{/use_websockets}}
{{/zaqar}}
{{#request}}
[request]
metadata_url = {{metadata_url}}
{{/request}}
{{/os-collect-config}}

View File

@ -1,10 +0,0 @@
os-collect-config:
installtype: package
build-essential:
libxml2-dev:
libz-dev:
libxslt-dev:
python-dev:
dib_python_version: 2
python3-dev:
dib_python_version: 3

View File

@ -1,32 +0,0 @@
{
"release": {
"ubuntu": {
"focal": {
"python-dev": "python3-dev"
}
}
},
"release": {
"debian": {
"bullseye": {
"os-collect-config": "python3-os-collect-config"
}
}
},
"family": {
"debian": {
"os-collect-config": "python-os-collect-config"
},
"suse": {
"libxml2-dev": "libxml2-devel",
"libz-dev": "zlib-devel",
"libxslt-dev": "libxslt-devel",
"python-dev": "python-devel",
"python3-dev": "python3-devel",
"build-essential": "pattern:devel_basis"
}
},
"default": {
"os-collect-config": "os-collect-config"
}
}

View File

@ -1,40 +0,0 @@
Install os-refresh-config
=========================
os-refresh-config uses dib-run-parts to run scripts in a pre-defined set
of directories. Its intended purpose is to quiesce (pre-configure.d),
configure (configure.d), migrate (migration.d), and then activate
(post-configure.d) a configuration on first boot or in response to Heat
Metadata changes.
To cause a script to be run on every os-refresh-config run, install
it into one of the following directories:
/opt/stack/os-config-refresh/pre-configure.d
/opt/stack/os-config-refresh/configure.d
/opt/stack/os-config-refresh/migration.d
/opt/stack/os-config-refresh/post-configure.d
If you want to have os-refresh-config run on any updates to a particular
Resource in the heat stack, you will need at the minimum the following snippet
of json in this instance's Metadata:
{
"OpenStack::Config": {
"heat": {
"access_key_id": {"Ref": "ApiKeyResource"},
"secret_key": {"Fn::GetAtt": [ "ApiKeyResource", "SecretAccessKey" ]},
"refresh": [ {"resource": "SomeResource"} ],
"stack": {Ref: 'AWS::Stack'},
"region": {Ref: 'AWS::Region'}
}
}
}
If you would like to signal a wait condition at the end of
post-configure.d, a generic name of 'completion-handle' can be used
like so:
{
"completion-handle": {"Ref": "CompletionHandleName"}
}

View File

@ -1,5 +0,0 @@
os-apply-config
package-installs
pip-and-virtualenv
pip-manifest
source-repositories

View File

@ -1,7 +0,0 @@
#!/bin/bash
set -eux
SCRIPT_BASE=$(os-refresh-config --print-base)
SCRIPT_SOURCE=$(dirname $0)/../os-refresh-config
rsync -r $SCRIPT_SOURCE/ $SCRIPT_BASE/

View File

@ -1,46 +0,0 @@
#!/bin/bash
# We need to install this early in install.d because other elements will
# need to use os-refresh-config --print-base to know where to put files