Browse Source

Install podman in container for container-based builds

This installs podman inside the nodepool container, which is used by
the dependent change in DIB to extract initial chroot environments
from upstream containers.  This eliminates the need to run non-native
tools on build hosts (rpm/zypper on Ubuntu, etc.).

As noted in the config, podman defaults to assuming systemd is
installed and using various systemd interfaces.

Additionally, we map the a volume into the container which allows
nested podman to do what it needs to do.

Needed-By: https://review.opendev.org/700083
Change-Id: I6722aa2b32db57e099dae4417955a8a2cd28847e
changes/43/756643/14
Ian Wienand 10 months ago
parent
commit
a07bb0a0ae
  1. 11
      Dockerfile
  2. 6
      playbooks/nodepool-functional-container-openstack/templates/docker-compose.yaml.j2
  3. 21
      tools/kubic.asc

11
Dockerfile

@ -69,10 +69,13 @@ RUN echo "nodepool ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nodepool-sudo \
# are incoporated into the openstack-ci-core version
COPY tools/openstack-ci-core-ppa.asc /etc/apt/trusted.gpg.d/
COPY tools/kubic.asc /etc/apt/trusted.gpg.d/
RUN \
echo "deb http://ppa.launchpad.net/openstack-ci-core/vhd-util/ubuntu focal main" >> /etc/apt/sources.list \
&& echo "deb http://ppa.launchpad.net/openstack-ci-core/debootstrap/ubuntu focal main" >> /etc/apt/sources.list \
&& echo "deb https://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list \
&& echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /" > "/etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" \
&& apt-get update \
&& apt-get install -y \
curl \
@ -90,9 +93,17 @@ RUN \
yum \
yum-utils \
zypper \
libseccomp2/buster-backports \
podman \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Podman defaults to trying to use systemd to do cgroup things (insert
# hand-wavy motion) but it's not in the container.
RUN \
mkdir -p /etc/containers \
&& echo 'cgroup_manager="cgroupfs"' >> /etc/containers/libpod.conf
CMD _DAEMON_FLAG=${DEBUG:+-d} && \
_DAEMON_FLAG=${_DAEMON_FLAG:--f} && \
/usr/local/bin/nodepool-builder ${_DAEMON_FLAG}

6
playbooks/nodepool-functional-container-openstack/templates/docker-compose.yaml.j2

@ -1,4 +1,8 @@
version: '3.0'
volumes:
nested_var_lib_containers:
services:
nodepool-builder:
image: zuul/nodepool-builder{{ nodepool_container_tag|default('') }}
@ -23,6 +27,8 @@ services:
- /var/log/nodepool:/var/log/nodepool
# devstack tls-proxy puts CA here that is referenced by cloud config
- /opt/stack/data:/opt/stack/data:ro
# for nested podman/docker runs (container elements)
- nested_var_lib_containers:/var/lib/containers
# zookeeper certs
- /opt/zookeeper/ca:/opt/zookeeper/ca:ro

21
tools/kubic.asc

@ -0,0 +1,21 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQENBFtkV0cBCADStSTCG5qgYtzmWfymHZqxxhfwfS6fdHJcbGUeXsI5dxjeCWhs
XarZm6rWZOd5WfSmpXhbKOyM6Ll+6bpSl5ICHLa6fcpizYWEPa8fpg9EGl0cF12G
GgVLnnOZ6NIbsoW0LHt2YN0jn8xKVwyPp7KLHB2paZh+KuURERG406GXY/DgCxUx
Ffgdelym/gfmt3DSq6GAQRRGHyucMvPYm53r+jVcKsf2Bp6E1XAfqBrD5r0maaCU
Wvd7bi0B2Q0hIX0rfDCBpl4rFqvyaMPgn+Bkl6IW37zCkWIXqf1E5eDm/XzP881s
+yAvi+JfDwt7AE+Hd2dSf273o3WUdYJGRwyZABEBAAG0OGRldmVsOmt1YmljIE9C
UyBQcm9qZWN0IDxkZXZlbDprdWJpY0BidWlsZC5vcGVuc3VzZS5vcmc+iQE+BBMB
CAAoBQJfcJJOAhsDBQkIKusHBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBN
ZDkDdQYKpB0xCACmtCT6ruPiQa4l0DEptZ+u3NNbZfSVGH4fE4hyTjLbzrCxqcoh
xJvDKxspuJ85wWFWMtl57+lFFE1KP0AX2XTT+/v2vN1PIfwgOSw3yp2sgWuIXFAi
89YSjSh8G0SGAH90A9YFMnTbllzGoGURjSX03iasW3A408ljbDehA6rpS3t3FD7P
PnUF6204orYu00Qvc54an/xVJzxupb69MKW5EeK7x8MJnIToT8hIdOdGVD6axsis
x+1U71oMK1gBke7p4QPUdhJFpSUd6kT8bcO+7rYouoljFNYkUfwnqtUn7525fkfg
uDqqXvOJMpJ/sK1ajHOeehp5T4Q45L/qUCb3iEYEExECAAYFAltkV0cACgkQOzAR
t2udZSOoswCdF44NTN09DwhPFbNYhEMb9juP5ykAn0bcELvuKmgDwEwZMrPQkG8t
Pu9n
=42uC
-----END PGP PUBLIC KEY BLOCK-----
Loading…
Cancel
Save