openstack
/
magnum
Code Issues Proposed changes

Add fcct config for coreos user_data 

Until now we had only the output of the Fedora
CoreOS Configuration Transpiler. Add a yaml
that can transpile it to an ignition file.

The current ignition file was generate with
version v0.4.0:
podman run --rm -v ./fcct-config.yaml:/config.fcc:z \
quay.io/coreos/fcct:v0.4.0 \
--pretty --strict --input /config.fcc > ./user_data.json

story: 2005201
task: 39027

Change-Id: I5cb78aa625c926e101424c04573002d05ac82a59
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

(cherry picked from commit 78435e4ff8)
This commit is contained in:
Spyros Trigazis 2020-03-10 19:55:28 +01:00 committed by Spyros Trigazis
parent 75be4876eb
commit 17c6034e69
4 changed files with 284 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml Normal file
View File

@ -0,0 +1,190 @@
# Fedora CoreOS Configuration
#
# To generate user_data.json you need to use [0].
# For detailed instructions, please refer to the upstream documentation [1].
#
# You can use podman or docker to generate the ignition formatted json:
# podman run --rm \
# -v ./fcct-config.yaml:/config.fcc:z \
# quay.io/coreos/fcct:release \
# --pretty --strict --input /config.fcc > ./user_data.json
#
# [0] https://github.com/coreos/fcct
# [1] https://github.com/coreos/fedora-coreos-docs/blob/master/modules/ROOT/pages/producing-ign.adoc
variant: fcos
version: 1.0.0
passwd:
users:
- name: core
ssh_authorized_keys:
- "__SSH_KEY_VALUE__"
storage:
directories:
- path: /var/lib/cloud/data
# 493 (decimal) == 755 (octal)
mode: 493
user:
name: root
group:
name: root
- path: /var/lib/heat-cfntools
# 493 (decimal) == 755 (octal)
mode: 493
user:
name: root
group:
name: root
files:
- path: /etc/hostname
# 420 (decimal) == 644 (octal)
mode: 420
group:
name: root
user:
name: root
contents:
inline: |
__HOSTNAME__
- path: /etc/pki/ca-trust/source/anchors/openstack-ca.pem
# 420 (decimal) == 644 (octal)
mode: 420
user:
name: root
group:
name: root
contents:
inline: |
__OPENSTACK_CA__
- path: /root/configure-agent-env.sh
# 448 (decimal) == 700 (octal)
mode: 448
user:
name: root
group:
name: root
contents:
inline: |
#!/bin/bash
set -x
set -e
set +u
until [ -f /etc/pki/ca-trust/source/anchors/openstack-ca.pem ]
do
echo "waiting for /etc/pki/ca-trust/source/anchors/openstack-ca.pem"
sleep 3s
done
/usr/bin/update-ca-trust
HTTP_PROXY="__HTTP_PROXY__"
HTTPS_PROXY="__HTTPS_PROXY__"
NO_PROXY="__NO_PROXY__"
if [ -n "${HTTP_PROXY}" ]; then
export HTTP_PROXY
echo "http_proxy=${HTTP_PROXY}" >> /etc/environment
fi
if [ -n "${HTTPS_PROXY}" ]; then
export HTTPS_PROXY
echo "https_proxy=${HTTPS_PROXY}" >> /etc/environment
fi
if [ -n "${NO_PROXY}" ]; then
export NO_PROXY
echo "no_proxy=${NO_PROXY}" >> /etc/environment
fi
# Create a keypair for the heat-container-agent to
# access the node over ssh. It is useful to operate
# in host mount namespace and apply configuration.
id
mkdir -p /srv/magnum/.ssh
chmod 0700 /srv/magnum/.ssh
#touch /srv/magnum/.ssh/heat_agent_rsa
ssh-keygen -q -t rsa -N '' -f /tmp/heat_agent_rsa
mv /tmp/heat_agent_rsa /srv/magnum/.ssh/heat_agent_rsa
mv /tmp/heat_agent_rsa.pub /srv/magnum/.ssh/heat_agent_rsa.pub
chmod 0400 /srv/magnum/.ssh/heat_agent_rsa
chmod 0400 /srv/magnum/.ssh/heat_agent_rsa.pub
# Add the public to the host authorized_keys file.
mkdir -p /root/.ssh
chmod 0700 /root/.ssh
cat /srv/magnum/.ssh/heat_agent_rsa.pub > /root/.ssh/authorized_keys
# Add localost to know_hosts
ssh-keyscan 127.0.0.1 > /srv/magnum/.ssh/known_hosts
# ssh configguration file, to be specified with ssh -F
cat > /srv/magnum/.ssh/config <<EOF
Host localhost
HostName 127.0.0.1
User root
IdentityFile /srv/magnum/.ssh/heat_agent_rsa
UserKnownHostsFile /srv/magnum/.ssh/known_hosts
EOF
sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
# Security enhancement: Disable password authentication
sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
systemctl restart sshd
systemd:
units:
- name: configure-agent-env.service
enabled: true
contents: |
[Unit]
Description=Configure heat agent environment
After=sshd.service
[Service]
User=root
Group=root
Type=simple
ExecStart=/bin/bash /root/configure-agent-env.sh
Restart=on-failure
[Install]
WantedBy=multi-user.target
- name: heat-container-agent.service
enabled: true
contents: |
[Unit]
Description=Run heat-container-agent
After=network-online.target configure-agent-env.service
Wants=network-online.target
[Service]
EnvironmentFile=-/etc/environment
ExecStartPre=mkdir -p /var/lib/heat-container-agent
ExecStartPre=mkdir -p /var/run/heat-config
ExecStartPre=mkdir -p /var/run/os-collect-config
ExecStartPre=mkdir -p /opt/stack/os-config-refresh
ExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data
ExecStartPre=mkdir -p /srv/magnum
ExecStartPre=-/bin/podman kill heat-container-agent
ExecStartPre=-/bin/podman rm heat-container-agent
ExecStartPre=-/bin/podman pull __CONTAINER_INFRA_PREFIX__heat-container-agent:__HEAT_CONTAINER_AGENT_TAG__
ExecStart=/bin/podman run \
--name heat-container-agent \
--privileged \
--net=host \
--volume /srv/magnum:/srv/magnum \
--volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \
--volume /run/systemd:/run/systemd \
--volume /etc/:/etc/ \
--volume /var/lib:/var/lib \
--volume /var/run:/var/run \
--volume /var/log:/var/log \
--volume /tmp:/tmp \
--volume /dev:/dev \
--env REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt \
__CONTAINER_INFRA_PREFIX__heat-container-agent:__HEAT_CONTAINER_AGENT_TAG__ \
/usr/bin/start-heat-container-agent
TimeoutStartSec=10min
ExecStop=/bin/podman stop heat-container-agent
[Install]
WantedBy=multi-user.target

16
magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
View File

@ -622,20 +622,20 @@ resources:
- str_replace:
template: {get_file: user_data.json}
params:
$HOSTNAME: {get_param: name}
$SSH_KEY_VALUE: {get_param: ssh_public_key}
$OPENSTACK_CA: {get_param: openstack_ca}
$CONTAINER_INFRA_PREFIX:
__HOSTNAME__: {get_param: name}
__SSH_KEY_VALUE__: {get_param: ssh_public_key}
__OPENSTACK_CA__: {get_param: openstack_ca}
__CONTAINER_INFRA_PREFIX__:
if:
- equals:
- get_param: container_infra_prefix
- ""
- "docker.io/openstackmagnum/"
- get_param: container_infra_prefix
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
$HTTP_PROXY: {get_param: http_proxy}
$HTTPS_PROXY: {get_param: https_proxy}
$NO_PROXY: {get_param: no_proxy}
__HEAT_CONTAINER_AGENT_TAG__: {get_param: heat_container_agent_tag}
__HTTP_PROXY__: {get_param: http_proxy}
__HTTPS_PROXY__: {get_param: https_proxy}
__NO_PROXY__: {get_param: no_proxy}
master_config:
type: OS::Heat::SoftwareConfig

16
magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
View File

@ -351,20 +351,20 @@ resources:
- str_replace:
template: {get_file: user_data.json}
params:
$HOSTNAME: {get_param: name}
$SSH_KEY_VALUE: {get_param: ssh_public_key}
$OPENSTACK_CA: {get_param: openstack_ca}
$CONTAINER_INFRA_PREFIX:
__HOSTNAME__: {get_param: name}
__SSH_KEY_VALUE__: {get_param: ssh_public_key}
__OPENSTACK_CA__: {get_param: openstack_ca}
__CONTAINER_INFRA_PREFIX__:
if:
- equals:
- get_param: container_infra_prefix
- ""
- "docker.io/openstackmagnum/"
- get_param: container_infra_prefix
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
$HTTP_PROXY: {get_param: http_proxy}
$HTTPS_PROXY: {get_param: https_proxy}
$NO_PROXY: {get_param: no_proxy}
__HEAT_CONTAINER_AGENT_TAG__: {get_param: heat_container_agent_tag}
__HTTP_PROXY__: {get_param: http_proxy}
__HTTPS_PROXY__: {get_param: https_proxy}
__NO_PROXY__: {get_param: no_proxy}
######################################################################
#

133
magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json
View File

@ -17,68 +17,91 @@
{
"name": "core",
"sshAuthorizedKeys": [
"$SSH_KEY_VALUE"
"__SSH_KEY_VALUE__"
]
}
]
},
"storage": {
"directories":[
{
"path": "/var/lib/cloud/data",
"group": {"name": "root"},
"user": {"name": "root"},
"mode": 644
},
{
"path": "/var/lib/heat-cfntools",
"group": {"name": "root"},
"user": {"name": "root"},
"mode": 644
}
],
"files": [
{
"filesystem": "root",
"path": "/etc/hostname",
"mode": 420,
"contents": { "source": "data:,$HOSTNAME" }
},
{
"filesystem": "root",
"group": {"name": "root"},
"path": "/etc/pki/ca-trust/source/anchors/openstack-ca.pem",
"user": {"name": "root"},
"contents": {
"source": "data:,$OPENSTACK_CA",
"verification": {}
},
"mode": 644
},
{
"user": {"name": "root"},
"group": {"name": "root"},
"mode": 700,
"path": "/root/configure-agent-env.sh",
"contents": {
"source": "data:,%23%21%2Fbin%2Fbash%0A%0Aset%20-x%0Aset%20-e%0Aset%20%2Bu%0A%0Auntil%20%5B%20-f%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%20%5D%0Ado%0A%20%20%20%20echo%20%22waiting%20for%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%22%0A%20%20%20%20sleep%203s%0Adone%0A%2Fusr%2Fbin%2Fupdate-ca-trust%0A%0AHTTP_PROXY%3D%22$HTTP_PROXY%22%0AHTTPS_PROXY%3D%22$HTTPS_PROXY%22%0ANO_PROXY%3D%22$NO_PROXY%22%0ACONTAINER_INFRA_PREFIX%3D%22$CONTAINER_INFRA_PREFIX%22%0AHEAT_CONTAINER_AGENT_TAG%3D%22$HEAT_CONTAINER_AGENT_TAG%22%0A%0A%0Aif%20%5B%20-n%20%22%24%7BHTTP_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTP_PROXY%0A%20%20%20%20echo%20%22http_proxy%3D%24%7BHTTP_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BHTTPS_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTPS_PROXY%0A%20%20%20%20echo%20%22https_proxy%3D%24%7BHTTPS_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BNO_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20NO_PROXY%0A%20%20%20%20echo%20%22no_proxy%3D%24%7BNO_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0A%23%20Create%20a%20keypair%20for%20the%20heat-container-agent%20to%0A%23%20access%20the%20node%20over%20ssh.%20It%20is%20useful%20to%20operate%0A%23%20in%20host%20mount%20namespace%20and%20apply%20configuration.%0Aid%0Amkdir%20-p%20%2Fsrv%2Fmagnum%2F.ssh%0Achmod%200700%20%2Fsrv%2Fmagnum%2F.ssh%0A%23touch%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Assh-keygen%20-q%20-t%20rsa%20-N%20%27%27%20-f%20%2Ftmp%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa.pub%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0A%23%20Add%20the%20public%20to%20the%20host%20authorized_keys%20file.%0Amkdir%20-p%20%2Froot%2F.ssh%0Achmod%200700%20%2Froot%2F.ssh%0Acat%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%20%3E%20%2Froot%2F.ssh%2Fauthorized_keys%0A%23%20Add%20localost%20to%20know_hosts%0Assh-keyscan%20127.0.0.1%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0A%23%20ssh%20configguration%20file%2C%20to%20be%20specified%20with%20ssh%20-F%0Acat%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fconfig%20%3C%3CEOF%0AHost%20localhost%0A%20%20%20%20%20HostName%20127.0.0.1%0A%20%20%20%20%20User%20root%0A%20%20%20%20%20IdentityFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0A%20%20%20%20%20UserKnownHostsFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0AEOF%0A%0Ased%20-i%20%27%2F%5EPermitRootLogin%2F%20s%2F%20.%2A%2F%20without-password%2F%27%20%2Fetc%2Fssh%2Fsshd_config%0A%23%20Security%20enhancement%3A%20Disable%20password%20authentication%0Ased%20-i%20%27%2F%5EPasswordAuthentication%20yes%2F%20s%2F%20yes%2F%20no%2F%27%20%2Fetc%2Fssh%2Fsshd_config%0A%0Asystemctl%20restart%20sshd",
"verification": {}
}
}
]
},
"systemd": {
"units": [
"directories": [
{
"name": "configure-agent-env.service",
"enabled": true,
"contents": "[Unit]\nDescription=Configure heat agent environment\nAfter=sshd.service\n\n[Service]\nUser=root\nGroup=root\nType=simple\nExecStart=/bin/bash /root/configure-agent-env.sh\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target"
"group": {
"name": "root"
},
"path": "/var/lib/cloud/data",
"user": {
"name": "root"
},
"mode": 493
},
{
"name": "heat-container-agent.service",
"enabled": true,
"contents": "[Unit]\nDescription=Run heat-container-agent\nAfter=network-online.target configure-agent-env.service\nWants=network-online.target\n\n[Service]\nEnvironmentFile=-/etc/environment\nExecStartPre=mkdir -p /var/lib/heat-container-agent\nExecStartPre=mkdir -p /var/run/heat-config\nExecStartPre=mkdir -p /var/run/os-collect-config\nExecStartPre=mkdir -p /opt/stack/os-config-refresh\nExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data\nExecStartPre=mkdir -p /srv/magnum\nExecStartPre=-/bin/podman kill heat-container-agent\nExecStartPre=-/bin/podman rm heat-container-agent\nExecStartPre=-/bin/podman pull $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG\nExecStart=/bin/podman run \\\n --name heat-container-agent \\\n --privileged \\\n --volume /srv/magnum:/srv/magnum \\\n --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\\n --volume /run/systemd:/run/systemd \\\n --volume /etc/:/etc/ \\\n --volume /var/lib:/var/lib \\\n --volume /var/run:/var/run \\\n --volume /var/log:/var/log \\\n --volume /tmp:/tmp \\\n --volume /dev:/dev \\\n --env REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt --net=host \\\n $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG \\\n /usr/bin/start-heat-container-agent\nTimeoutStartSec=10min\n\nExecStop=/bin/podman stop heat-container-agent\n\n[Install]\nWantedBy=multi-user.target\n"
"group": {
"name": "root"
},
"path": "/var/lib/heat-cfntools",
"user": {
"name": "root"
},
"mode": 493
}
]
],
"files": [
{
"group": {
"name": "root"
},
"path": "/etc/hostname",
"user": {
"name": "root"
},
"contents": {
"source": "data:,__HOSTNAME__%0A",
"verification": {}
},
"mode": 420
},
{
"group": {
"name": "root"
},
"path": "/etc/pki/ca-trust/source/anchors/openstack-ca.pem",
"user": {
"name": "root"
},
"contents": {
"source": "data:,__OPENSTACK_CA__%0A",
"verification": {}
},
"mode": 420
},
{
"group": {
"name": "root"
},
"path": "/root/configure-agent-env.sh",
"user": {
"name": "root"
},
"contents": {
"source": "data:,%23!%2Fbin%2Fbash%0A%0Aset%20-x%0Aset%20-e%0Aset%20%2Bu%0A%0Auntil%20%5B%20-f%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%20%5D%0Ado%0A%20%20%20%20echo%20%22waiting%20for%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%22%0A%20%20%20%20sleep%203s%0Adone%0A%0A%2Fusr%2Fbin%2Fupdate-ca-trust%0A%0AHTTP_PROXY%3D%22__HTTP_PROXY__%22%0AHTTPS_PROXY%3D%22__HTTPS_PROXY__%22%0ANO_PROXY%3D%22__NO_PROXY__%22%0A%0Aif%20%5B%20-n%20%22%24%7BHTTP_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTP_PROXY%0A%20%20%20%20echo%20%22http_proxy%3D%24%7BHTTP_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BHTTPS_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTPS_PROXY%0A%20%20%20%20echo%20%22https_proxy%3D%24%7BHTTPS_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BNO_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20NO_PROXY%0A%20%20%20%20echo%20%22no_proxy%3D%24%7BNO_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0A%23%20Create%20a%20keypair%20for%20the%20heat-container-agent%20to%0A%23%20access%20the%20node%20over%20ssh.%20It%20is%20useful%20to%20operate%0A%23%20in%20host%20mount%20namespace%20and%20apply%20configuration.%0Aid%0Amkdir%20-p%20%2Fsrv%2Fmagnum%2F.ssh%0Achmod%200700%20%2Fsrv%2Fmagnum%2F.ssh%0A%23touch%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Assh-keygen%20-q%20-t%20rsa%20-N%20''%20-f%20%2Ftmp%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa.pub%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0A%23%20Add%20the%20public%20to%20the%20host%20authorized_keys%20file.%0Amkdir%20-p%20%2Froot%2F.ssh%0Achmod%200700%20%2Froot%2F.ssh%0Acat%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%20%3E%20%2Froot%2F.ssh%2Fauthorized_keys%0A%23%20Add%20localost%20to%20know_hosts%0Assh-keyscan%20127.0.0.1%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0A%23%20ssh%20configguration%20file%2C%20to%20be%20specified%20with%20ssh%20-F%0Acat%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fconfig%20%3C%3CEOF%0AHost%20localhost%0A%20%20%20%20%20HostName%20127.0.0.1%0A%20%20%20%20%20User%20root%0A%20%20%20%20%20IdentityFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0A%20%20%20%20%20UserKnownHostsFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0AEOF%0A%0Ased%20-i%20'%2F%5EPermitRootLogin%2F%20s%2F%20.*%2F%20without-password%2F'%20%2Fetc%2Fssh%2Fsshd_config%0A%23%20Security%20enhancement%3A%20Disable%20password%20authentication%0Ased%20-i%20'%2F%5EPasswordAuthentication%20yes%2F%20s%2F%20yes%2F%20no%2F'%20%2Fetc%2Fssh%2Fsshd_config%0A%0Asystemctl%20restart%20sshd%0A",
"verification": {}
},
"mode": 448
}
]
},
"systemd": {
"units": [
{
"contents": "[Unit]\nDescription=Configure heat agent environment\nAfter=sshd.service\n\n[Service]\nUser=root\nGroup=root\nType=simple\nExecStart=/bin/bash /root/configure-agent-env.sh\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "configure-agent-env.service"
},
{
"contents": "[Unit]\nDescription=Run heat-container-agent\nAfter=network-online.target configure-agent-env.service\nWants=network-online.target\n\n[Service]\nEnvironmentFile=-/etc/environment\nExecStartPre=mkdir -p /var/lib/heat-container-agent\nExecStartPre=mkdir -p /var/run/heat-config\nExecStartPre=mkdir -p /var/run/os-collect-config\nExecStartPre=mkdir -p /opt/stack/os-config-refresh\nExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data\nExecStartPre=mkdir -p /srv/magnum\nExecStartPre=-/bin/podman kill heat-container-agent\nExecStartPre=-/bin/podman rm heat-container-agent\nExecStartPre=-/bin/podman pull __CONTAINER_INFRA_PREFIX__heat-container-agent:__HEAT_CONTAINER_AGENT_TAG__\nExecStart=/bin/podman run \\\n --name heat-container-agent \\\n --privileged \\\n --net=host \\\n --volume /srv/magnum:/srv/magnum \\\n --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\\n --volume /run/systemd:/run/systemd \\\n --volume /etc/:/etc/ \\\n --volume /var/lib:/var/lib \\\n --volume /var/run:/var/run \\\n --volume /var/log:/var/log \\\n --volume /tmp:/tmp \\\n --volume /dev:/dev \\\n --env REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt \\\n __CONTAINER_INFRA_PREFIX__heat-container-agent:__HEAT_CONTAINER_AGENT_TAG__ \\\n /usr/bin/start-heat-container-agent\nTimeoutStartSec=10min\n\nExecStop=/bin/podman stop heat-container-agent\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "heat-container-agent.service"
}
]
}
}
}