From 241addd67b50d5807f824fda74c8a0b77b1747d0 Mon Sep 17 00:00:00 2001 From: zhipengl Date: Tue, 30 Oct 2018 19:15:40 +0800 Subject: [PATCH] Move memcached changes from platform-utils Use mecached-custom package to package service file to system folder instead of platform-utils. Basic deployment test pass and service file status check pass. Story: 2004108 Task: 27517 Depends-on: https://review.openstack.org/#/c/614085/ Change-Id: Ic66f077159be2f21caa6e8e68241aae65b9f2245 Signed-off-by: zhipengl --- .../platform-util/centos/platform-util.spec | 17 ++---- .../platform-util/scripts/memcached.service | 55 ------------------- 2 files changed, 5 insertions(+), 67 deletions(-) delete mode 100644 utilities/platform-util/scripts/memcached.service diff --git a/utilities/platform-util/centos/platform-util.spec b/utilities/platform-util/centos/platform-util.spec index 8b04c97c..69f3e698 100644 --- a/utilities/platform-util/centos/platform-util.spec +++ b/utilities/platform-util/centos/platform-util.spec @@ -13,6 +13,8 @@ BuildRequires: python-setuptools BuildRequires: python2-pip BuildRequires: python2-wheel +%global _buildsubdir %{_builddir}/%{name}-%{version} + %description Platform utilities @@ -22,12 +24,6 @@ Summary: non controller platform utilities %description -n platform-util-noncontroller Platform utilities that don't get packaged on controller hosts -%package -n platform-util-controller -Summary: controller platform utilities - -%description -n platform-util-controller -Platform utilities that packaged on controllers or one node system - %define local_dir /usr/local %define local_bindir %{local_dir}/bin %define local_sbindir %{local_dir}/sbin @@ -41,15 +37,17 @@ Platform utilities that packaged on controllers or one node system %py2_build_wheel %install + + %{__python} setup.py install --root=$RPM_BUILD_ROOT \ --install-lib=%{pythonroot} \ --prefix=/usr \ --install-data=/usr/share \ --single-version-externally-managed + mkdir -p $RPM_BUILD_ROOT/wheels install -m 644 dist/*.whl $RPM_BUILD_ROOT/wheels/ -%global _buildsubdir %{_builddir}/%{name}-%{version} install -d %{buildroot}%{local_bindir} install %{_buildsubdir}/scripts/cgcs_tc_setup.sh %{buildroot}%{local_bindir} install %{_buildsubdir}/scripts/remotelogging_tc_setup.sh %{buildroot}%{local_bindir} @@ -63,7 +61,6 @@ install -m 700 -p -D %{_buildsubdir}/scripts/patch-restart-haproxy %{buildroot}% install -d %{buildroot}/etc/systemd/system install -m 644 -p -D %{_buildsubdir}/scripts/opt-platform.mount %{buildroot}/etc/systemd/system install -m 644 -p -D %{_buildsubdir}/scripts/opt-platform.service %{buildroot}/etc/systemd/system -install -m 644 -p -D %{_buildsubdir}/scripts/memcached.service %{buildroot}/etc/systemd/system # Mask the systemd ctrl-alt-delete.target, to disable reboot on ctrl-alt-del ln -sf /dev/null %{buildroot}/etc/systemd/system/ctrl-alt-del.target @@ -98,10 +95,6 @@ systemctl enable opt-platform.service /etc/systemd/system/opt-platform.mount /etc/systemd/system/opt-platform.service -%files -n platform-util-controller -%defattr(-,root,root,-) -/etc/systemd/system/memcached.service - %package wheels Summary: %{name} wheels diff --git a/utilities/platform-util/scripts/memcached.service b/utilities/platform-util/scripts/memcached.service deleted file mode 100644 index 8dd1e891..00000000 --- a/utilities/platform-util/scripts/memcached.service +++ /dev/null @@ -1,55 +0,0 @@ -# -# This service file is a customized version in platform-util package from -# openstack/stx-integ project - -[Unit] -Description=memcached daemon -Before=httpd.service -After=network-online.target - -[Service] -EnvironmentFile=/etc/sysconfig/memcached -ExecStart=/usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS - -# Set up a new file system namespace and mounts private /tmp and /var/tmp directories -# so this service cannot access the global directories and other processes cannot -# access this service's directories. -PrivateTmp=true - -# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. -ProtectSystem=full - -# Ensures that the service process and all its children can never gain new privileges -NoNewPrivileges=true - -# Sets up a new /dev namespace for the executed processes and only adds API pseudo devices -# such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, -# but no physical devices such as /dev/sda. -PrivateDevices=true - -# Required for dropping privileges and running as a different user -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE -LimitNOFILE=16384 - -# Attempts to create memory mappings that are writable and executable at the same time, -# or to change existing memory mappings to become executable are prohibited. -# XXX: this property is supported with systemd 231+ which is not yet on EL7 -# MemoryDenyWriteExecute=true - -# Restricts the set of socket address families accessible to the processes of this unit. -# Protects against vulnerabilities such as CVE-2016-8655 -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX - -# These service parameters are commented out since they are incompatible with -# Centos 7 and generate warning messages when included. -#ProtectKernelModules=true -#ProtectKernelTunables=true -#ProtectControlGroups=true -#RestrictRealtime=true -#RestrictNamespaces=true - -Restart=always -RestartSec=10 - -[Install] -WantedBy=multi-user.target