From cf858399d53c94c791a3f6dec1a6a6479fe83fa4 Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Wed, 2 May 2018 16:51:16 +1200 Subject: [PATCH] task to yum update in the image --- README.md | 36 ++++++++++++++++++-- files/compare-package-json.py | 20 +++++++++++ files/yum_update.sh | 13 ++++++++ tasks/modify_image.yml | 10 +++--- tasks/set_defaults.yml | 9 +++++ tasks/yum_update.yml | 62 +++++++++++++++++++++++++++++++++++ templates/Dockerfile.j2 | 18 ++++++++++ vars/main.yml | 6 +--- 8 files changed, 161 insertions(+), 13 deletions(-) create mode 100755 files/compare-package-json.py create mode 100755 files/yum_update.sh create mode 100644 tasks/set_defaults.yml create mode 100644 tasks/yum_update.yml diff --git a/README.md b/README.md index bbefcc1..67d317f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A role to allow modification to container images built for the TripleO project. ## Role Variables ## -**Variables used for modifying an image** +**Variables used for modify image** | Name | Default Value | Description | |-------------------|---------------------|----------------------| @@ -13,6 +13,15 @@ A role to allow modification to container images built for the TripleO project. | `modified_append_tag` | `None` | String to be appended after the tag to indicate this is a modified version of the source image. Defaults to the output of the command `date +-modified-%Y%m%d%H%M%S` | | `modified_image` | `{{source_image}}` | If set, the modified image will be tagged with this reference. If the purpose of the image is not changing, it may be enough to rely on `modified_append_tag` to identify that this is a modified version of the source image. `modified_append_tag` will still be appended to this reference. | +**Variables used for yum update** + +| Name | Default Value | Description | +|-------------------|---------------------|----------------------| +| `source_image` | `None` | See modify image variables | +| `modified_append_tag` | `None` | See modify image variables | +| `modified_image` | `{{source_image}}` | See modify image variables | +| `yum_repos_dir_path` | `None` | Optional path of directory to be used as `/etc/yum.repos.d` during the update | +| `compare_host_packages` | False | If True, skip yum update when package versions match host package versions | ## Requirements ## @@ -27,8 +36,11 @@ None ## Example Playbooks ## -The following playbook will produce a modified image tagged with -`latest-modified-` +### Modify Image ### + +The following playbook will produce a modified image with the tag +`:latest-modified-` based on the Dockerfile in the custom directory +`/path/to/example_modify_dir`. - hosts: localhost tasks: @@ -56,6 +68,24 @@ the modification, for example: # switch the container back to the default user USER nova +### Yum update ### + +The following playbook will produce a modified image with the tag +`:latest-updated` which will do a yum update using the host's /etc/yum.repos.d. +The yum update will only occur if there are differences between host and image +package versions. + + - hosts: localhost + tasks: + - name: include tripleo-modify-image + import_role: + name: tripleo-modify-image + tasks_from: yum_update.yml + vars: + source_image: docker.io/tripleomaster/centos-binary-nova-api:latest + compare_host_packages: true + yum_repos_dir_path: /etc/yum.repos.d + modified_append_tag: updated ## License ## diff --git a/files/compare-package-json.py b/files/compare-package-json.py new file mode 100755 index 0000000..a88e735 --- /dev/null +++ b/files/compare-package-json.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +import json +import subprocess +import sys + +host_packages = json.load(sys.stdin) +rpm_output = subprocess.check_output( + ['rpm', '-qa', '--qf', '%{NAME} %{VERSION}-%{RELEASE}\n']).split('\n') + +image_packages = dict(i.split(' ') for i in rpm_output if i) + +for pkg, version in image_packages.items(): + host_version = host_packages.get(pkg) + if host_version and version != host_version: + print('%s-%s does not match host version %s' % ( + pkg, version, host_version)) + sys.exit(1) + +print('No package version differences found') diff --git a/files/yum_update.sh b/files/yum_update.sh new file mode 100755 index 0000000..59d942b --- /dev/null +++ b/files/yum_update.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -ex + +if [ -f /tmp/host_packages.json ]; then + if /tmp/compare-package-json.py < /tmp/host_packages.json ; then + echo "Host package versions match, no update required" + exit + fi +fi +yum -y update +yum clean all +rm -rf /var/cache/yum diff --git a/tasks/modify_image.yml b/tasks/modify_image.yml index 329f0e5..7aebbd2 100644 --- a/tasks/modify_image.yml +++ b/tasks/modify_image.yml @@ -1,13 +1,13 @@ +- name: Set default facts + include_role: + name: tripleo-modify-image + tasks_from: set_defaults.yml + - name: Copy Dockerfile to Dockerfile.modified copy: src: "{{ modify_dir_path }}/Dockerfile" dest: "{{ modify_dir_path }}/Dockerfile.modified" -- name: Set default modified_append_tag - set_fact: - modified_append_tag: "{{ lookup('pipe','date +-modified-%Y%m%d%H%M%S') }}" - when: modified_append_tag is undefined or modified_append_tag == None - - name: Replace FROM directive lineinfile: path: "{{ modify_dir_path }}/Dockerfile.modified" diff --git a/tasks/set_defaults.yml b/tasks/set_defaults.yml new file mode 100644 index 0000000..587ebcc --- /dev/null +++ b/tasks/set_defaults.yml @@ -0,0 +1,9 @@ +- name: Set default modified_append_tag + set_fact: + modified_append_tag: "{{ lookup('pipe','date +-modified-%Y%m%d%H%M%S') }}" + when: modified_append_tag is undefined + +- name: Set default modified_image + set_fact: + modified_image: "{{source_image}}" + when: modified_image is undefined diff --git a/tasks/yum_update.yml b/tasks/yum_update.yml new file mode 100644 index 0000000..4c979b5 --- /dev/null +++ b/tasks/yum_update.yml @@ -0,0 +1,62 @@ +- name: Set default facts + include_role: + name: tripleo-modify-image + tasks_from: set_defaults.yml + +- name: Inspect image + docker_image_facts: + name: "{{ source_image }}" + register: source_image_facts + +- name: Set original_user + set_fact: + original_user: "{{ source_image_facts.images[0].Config.User }}" + +- name: Create image build context directory + tempfile: + state: directory + prefix: tripleo-modify-image + register: context_dir + +- name: Copy directory used for /etc/yum.repos.d + copy: + src: "{{ yum_repos_dir_path }}" + dest: "{{ context_dir.path }}/yum.repos.d" + when: yum_repos_dir_path is defined + +- name: Generate host package json file + block: + + - command: | + rpm -qa --qf '"%{NAME}": "%{VERSION}-%{RELEASE}"\n' + register: rpm_query_output + + - copy: + content: "{{ rpm_query_output.stdout | from_yaml | to_nice_json }}" + dest: "{{ context_dir.path }}/host_packages.json" + + when: compare_host_packages is defined and compare_host_packages + +- name: Write Dockerfile to {{ context_dir.path }} + template: + src: Dockerfile.j2 + dest: "{{ context_dir.path }}/Dockerfile" + +- name: Write yum_update.sh + copy: + src: yum_update.sh + dest: "{{ context_dir.path }}/yum_update.sh" + mode: 0555 + +- name: Write compare-package-json.py + copy: + src: compare-package-json.py + dest: "{{ context_dir.path }}/compare-package-json.py" + mode: 0555 + +- name: Modify image + include_role: + name: tripleo-modify-image + tasks_from: modify_image.yml + vars: + modify_dir_path: "{{ context_dir.path }}" diff --git a/templates/Dockerfile.j2 b/templates/Dockerfile.j2 index 97ded3f..178004b 100644 --- a/templates/Dockerfile.j2 +++ b/templates/Dockerfile.j2 @@ -1,2 +1,20 @@ FROM {{ source_image }} LABEL modified_append_tag={{ modified_append_tag }} + +USER root + +COPY yum_update.sh /tmp/ +COPY compare-package-json.py /tmp/ + +{% if yum_repos_dir_path is defined %} +COPY yum.repos.d /etc/ +{% endif %} + +{% if compare_host_packages is defined %} +COPY host_packages.json /tmp/ +{% endif %} + +RUN /tmp/yum_update.sh + +USER {{ original_user }} + diff --git a/vars/main.yml b/vars/main.yml index 5eed80c..ed97d53 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,5 +1 @@ -# Modify image -source_image: -modify_dir_path: -modified_append_tag: -modified_image: "{{ source_image }}" +---