openstack
/
tripleo-image-elements
Code Issues Proposed changes

Retire Tripleo: remove repo content 

TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: Ic209179b0be9c3746a702ccea2dd35e883e78bee
This commit is contained in:
Ghanshyam Mann 2024-02-24 11:33:09 -08:00
parent 2ce67c3dbb
commit a43311b7ef
130 changed files with 8 additions and 3774 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.gitignore vendored
View File

@ -1,24 +0,0 @@
*.pyc
*.qcow2
elements/seed-stack-config/local.json
# Unit test / coverage reports
.stestr
.tox
.venv
# Packages
*.egg-info
dist
build
# pbr generates these
AUTHORS
ChangeLog
# Editors
*.sw?
*~
# Files created by releasenotes build
releasenotes/build

3
.stestr.conf
View File

@ -1,3 +0,0 @@
[DEFAULT]
test_path=./tests/
top_dir=./

24
HACKING.rst
View File

@ -1,24 +0,0 @@
TripleO Style Guidelines
========================
- Step 1: Read the OpenStack Style Guidelines [1]_.
- Step 2: Read the tripleo-incubator HACKING.rst [2]_.
- Step 3: Read on.
Element Specific Guidelines
---------------------------
- Idempotency. A new version of metadata can be pushed at any time, for example
due to a `heat stack-update`. Elements' os-refresh-config scripts must handle
this gracefully. If they cannot be fully idempotent, they must fence their
once-only sections.
For example, the keepalived element's configure.d script either reloads or
restarts the service based on whether it appears to be already running.
Another method of fencing would be to write a marker to ephemeral storage on
first execution and skip once-only sections if the marker is present.
References
----------
.. [1] https://docs.openstack.org/hacking/latest/
.. [2] http://docs.openstack.org/developer/tripleo-incubator/HACKING.html

202
LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

3
MANIFEST.in
View File

@ -1,3 +0,0 @@
include README.md
graft elements
graft docs

109
README.rst
View File

@ -1,103 +1,10 @@
========================
Team and repository tags
========================
This project is no longer maintained.
.. image:: https://governance.openstack.org/tc/badges/tripleo-image-elements.svg
:target: https://governance.openstack.org/tc/reference/tags/index.html
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
.. Change things from this point on
Image building rules for OpenStack images
=========================================
These elements are used to build disk images for deploying OpenStack via Heat.
They are built as part of the TripleO_ umbrella project.
.. _TripleO: https://wiki.openstack.org/wiki/TripleO
Instructions
------------
Checkout this source tree and also the diskimage builder, export an
ELEMENTS_PATH to add elements from this tree, and build any disk images you
need::
virtualenv .
source bin/activate
pip install dib-utils pyyaml
git clone https://opendev.org/openstack/diskimage-builder.git
git clone https://opendev.org/openstack/tripleo-image-elements.git
export ELEMENTS_PATH=tripleo-image-elements/elements
diskimage-builder/bin/disk-image-create -u base vm bootstrap local-config stackuser heat-cfntools -a i386 -o bootstrap
Common element combinations
---------------------------
Always include heat-cfntools in images that you intend to boot via heat : if
that is not done, then the user ssh keys are not reliably pulled down from the
metadata server due to interactions with cloud-init.
Architecture
------------
OpenStack images are intended to be deployed and maintained using Nova + Heat.
As such they should strive to be stateless, maintained entirely via automation.
Configuration
-------------
In a running OpenStack there are several categories of config.
- per user - e.g. ssh key registration with nova: we repeat this sort
of config every time we add a user.
- local node - e.g. nova.conf or ovs-vsctl add-br br-ex : settings that
apply individually to machines
- inter-node - e.g. credentials on rabbitmq for a given nova compute node
- application state - e.g. 'neutron net-create ...' : settings that
apply to the whole cluster not on a per-user / per-tenant basis
We have five places we can do configuration in TripleO:
- image build time
- in-instance heat-driven (ORC scripts)
- from outside via APIs
- orchestrated by Heat
Our current heuristic for deciding where to do any particular configuration
step:
- per user config should be done from the outside via APIs, even for
users like 'admin' that we know we'll have. Note that service accounts
are different - they are a form of inter-node configuration.
- local node configuration should be done via ORC driven by Heat and/or
configuration management system metadata.
- inter-node configuration should be done by working through Heat. For
instance, creating a rabbit account for a nova compute node is something
that Heat should arrange, though the act of creating is probably done by a
script on the rabbit server - triggered by Heat - and applying the config is
done on the compute node by the local node script - again triggered by Heat.
- application state changes should be done from outside via APIs
Copyright
=========
Copyright 2012,2013 Hewlett-Packard Development Company, L.P.
Copyright (c) 2012 NTT DOCOMO, INC.
All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
Release notes for the project can be found at:
https://docs.openstack.org/releasenotes/tripleo-image-elements
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

1
babel.cfg
View File

@ -1 +0,0 @@
[python: **.py]

3
doc/requirements.txt
View File

@ -1,3 +0,0 @@
openstackdocstheme>=2.2.1 # Apache-2.0
sphinx>=2.0.0,!=2.1.0 # BSD
reno>=3.1.0 # Apache-2.0

245
doc/source/conf.py
View File

@ -1,245 +0,0 @@
# -*- coding: utf-8 -*-
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = ['openstackdocstheme']
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
master_doc = 'index'
# General information about the project.
project = 'TripleO Image Elements'
copyright = '2014, OpenStack Developers'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '0.0'
# The full version, including alpha/beta/rc tags.
release = '0.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
# language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
# today = ''
# Else, today_fmt is used as the format for a strftime call.
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all
# documents.
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
# show_authors = False
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
# html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
# html_additional_pages = {}
# If false, no module index is generated.
# html_domain_indices = True
# If false, no index is generated.
# html_use_index = True
# If true, the index is split into individual pages for each letter.
# html_split_index = False
# If true, links to the reST sources are added to the pages.
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'TripleOImageElementsdoc'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('index', 'TripleOImageElements.tex',
'TripleO Image Elements Documentation',
'OpenStack Developers', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
# latex_use_parts = False
# If true, show page references after internal links.
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
# latex_appendices = []
# If false, no module index is generated.
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'tripleoimageelements', 'TripleO Image Elements Documentation',
['OpenStack Developers'], 1)
]
# If true, show URL addresses after external links.
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'TripleOImageElements',
'TripleO Image Elements Documentation',
'OpenStack Developers', 'TripleOImageElements',
'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
# texinfo_appendices = []
# If false, no module index is generated.
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
# openstackdocstheme options
openstackdocs_repo_name = 'openstack/tripleo-image-elements'
openstackdocs_auto_name = False
openstackdocs_bug_project = 'tripleo'
openstackdocs_bug_tag = 'documentation'

22
doc/source/index.rst
View File

@ -1,22 +0,0 @@
.. TripleO Image Elements documentation master file, created by
sphinx-quickstart on Fri Apr 18 09:19:09 2014.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to TripleO Image Elements's documentation!
==================================================
Contents:
.. toctree::
:maxdepth: 2
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

0
elements/__init__.py
View File

3
elements/enable-packages-install/README.md
View File

@ -1,3 +0,0 @@
enable-packages-install
This element will set the install types to package for all elements.

1
elements/enable-packages-install/environment.d/01-export-install-types.bash
View File

@ -1 +0,0 @@
export DIB_DEFAULT_INSTALLTYPE=package

7
elements/interface-names/README.md
View File

@ -1,7 +0,0 @@
interface-names
===============
net.ifnames may be 0 in /etc/default/grub which can make generating a
configuration for the network interfaces difficult. The default in RHEL7
was to not have this defined. The kernel args can be tuned later in the
deployment so we want to clean it out if it is defined in grub.

10
elements/interface-names/install.d/70-clear-net-ifnames
View File

@ -1,10 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
if [ -f /etc/default/grub ]; then
# net.ifacenames is defined and set to 0 starting with RHEL8.
# This is a change from RHEL7 which can affect network configurations.
sed -i 's/net.ifnames=0//g' /etc/default/grub
fi

9
elements/interface-names/install.d/71-clean-stale-interface
View File

@ -1,9 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
# https://bugs.centos.org/view.php?id=17133
rm -f /etc/sysconfig/network-scripts/ifcfg-ens*
# https://bugs.launchpad.net/tripleo/+bug/1931495
rm -f /etc/sysconfig/network-scripts/ifcfg-eth*

8
elements/iptables/README.md
View File

@ -1,8 +0,0 @@
##iptables
This element installs a single script that consolidates the logic required
to handle inserting iptables rules. This script uses the check (-C) argument
to check whether a rule matching the specification does exist in the selected
chain before inserting it.
RULE: The rule to insert into iptables

51
elements/iptables/bin/add-rule
View File

@ -1,51 +0,0 @@
#!/bin/bash
# Script to add iptables rules per element
#
# The only input argument is an iptables rule without the command option.
# This case covers all of the current usage of elements that insert rules
# in the 97-iptables files.
# Example usage:
# add-rule INPUT -p tcp -m multiport --dports 3260,8776 -j ACCEPT
# add-rule INPUT -p tcp --dport 4730 -j ACCEPT
# add-rule FORWARD -d 192.0.2.0/24 -j ACCEPT
set -eu
set -o pipefail
RULE="$@"
DISTRO=`lsb_release -si` || true
if [[ "RedHatEnterpriseServer RedHatEnterpriseWorkstation CentOS Fedora" =~ "$DISTRO" ]]; then
IPT_FILE=
# Check if the iptables service is active
if systemctl is-active iptables.service ; then
IPT_FILE=/etc/sysconfig/iptables
fi
if [ -f "$IPT_FILE" ]; then
iptables-restore < $IPT_FILE
fi
if [ -n "$IPT_FILE" ]; then
iptables -C $RULE || iptables -I $RULE
iptables-save > $IPT_FILE
fi
elif [[ "Debian Ubuntu" =~ "$DISTRO" ]]; then
# NOTE(kiall): os-svc-restart etc don't support the custom 'save'
# action, so we grab the name and call the service
# binary "by hand" instead.
SERVICE_NAME=$(svc-map iptables-persistent)
service $SERVICE_NAME reload
iptables -C $RULE || iptables -I $RULE
service $SERVICE_NAME save
fi

103
elements/iptables/bin/os-iptables-stateful
View File

@ -1,103 +0,0 @@
#!/bin/bash
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
set -o pipefail
SCRIPT_NAME=$(basename $0)
function show_usage () {
cat << EOF
usage: '$SCRIPT_NAME INPUTFILE'
Script to configure iptables.
Positional arguments:
INPUTFILE File containing required configuration details.
An input file is parsed and iptables rules are configured accordingly.
Rules are applied idempotently (ie duplicate rules are not created)
and non-destructively (existing rules are not deleted/recreated).
The input file is essentially set of iptables command arguments, with
the restriction that each line should start with one of:
'-A', '-D', '-I', '-N', '-F' or '-X'.
Lines beginning with '#' and lines containing only whitespace are ignored.
Sample input file contents:
-N stunnel-INPUT
-A stunnel-INPUT -p tcp --dport 5000 -j REJECT
-A stunnel-INPUT -j RETURN
-I INPUT -p tcp -j stunnel-INPUT
EOF
exit 1
}
function check() {
check_chain_name ${@:2}
iptables $@ > /dev/null 2>&1
}
function check_chain_name() {
# Verify that a chain name is supplied
grep -qEv '^[[:space:]]*-|^[[:space:]]*$' < <(echo $@)
if [ $? -ne 0 ]; then
echo "$SCRIPT_NAME: bad input (no chain) \"$LINE\""
exit 1
fi
}
function apply() {
iptables $@
echo "$SCRIPT_NAME: iptables $@"
}
[ $# -ne 1 ] && show_usage
FILE=$1
if [ ! -r $FILE ]; then
echo "$SCRIPT_NAME: Cannot read input file ${FILE}."
exit 1
fi
while read LINE
do
CMD=${LINE:0:2}
ARGLIST=${LINE:2}
case "$CMD" in
-A | -I)
check -C $ARGLIST || apply $LINE
;;
-D)
check -C $ARGLIST && apply $LINE
;;
-F | -X)
check -L $ARGLIST && apply $LINE
;;
-N)
check -L $ARGLIST || apply $LINE
;;
*)
echo "$SCRIPT_NAME: bad input \"$LINE\""
exit 1
;;
esac
done < <(grep -Ev "^[[:space:]]*$|^#" $FILE)

12
elements/iptables/install.d/01-iptables
View File

@ -1,12 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
install-packages iptables
if [[ "ubuntu debian" =~ "$DISTRO_NAME" ]]; then
# Note in later versions will
# need netfilter-persistent package
install-packages iptables-persistent
fi

9
elements/iptables/install.d/99-empty-iptables
View File

@ -1,9 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
if [[ "rhel rhel7 centos7 fedora" =~ "$DISTRO_NAME" ]]; then
echo '# empty ruleset created by tripleo-image-elements' > /etc/sysconfig/iptables
echo '# empty ruleset created by tripleo-image-elements' > /etc/sysconfig/ip6tables
fi

9
elements/iptables/pre-install.d/00-iptables-disable-autosave
View File

@ -1,9 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
if [[ "ubuntu debian" =~ "$DISTRO_NAME" ]]; then
# Disable save of iptables rules on package install
debconf-set-selections <<< "iptables-persistent iptables-persistent/autosave_v4 boolean false"
debconf-set-selections <<< "iptables-persistent iptables-persistent/autosave_v6 boolean false"
fi

4
elements/iptables/svc-map
View File

@ -1,4 +0,0 @@
iptables-persistent:
default: iptables-persistent
ubuntu: iptables-persistent
debian: netfilter-persistent

7
elements/ironic-agent-multipath/README.rst
View File

@ -1,7 +0,0 @@
======================
ironic-agent-multipath
======================
Updates the ironic agent, installing multipath and
iscsi package, and enabling needed modules by default,
to execute a modprobe for the needed drivers before it is started.

3
elements/ironic-agent-multipath/element-deps
View File

@ -1,3 +0,0 @@
install-static
package-installs
select-boot-kernel-initrd

2
elements/ironic-agent-multipath/package-installs.yaml
View File

@ -1,2 +0,0 @@
iscsi-initiator-utils:
device-mapper-multipath:

9
elements/ironic-agent-multipath/static/etc/modules-load.d/iscsi.conf
View File

@ -1,9 +0,0 @@
qla4xxx
cxgb3i
cxgb4i
bnx2i
be2iscsi
iscsi_boot_sysfs
iscsi_ibft
iscsi_tcp
target_core_mod

15
elements/network-gateway/README.md
View File

@ -1,15 +0,0 @@
network-gateway
===============
The network-gateway element allows for setting a network interface that will be
used as the default gateway. This is useful in deployments where they may be
external DHCP services offering leases, and the deployer would like to make the
route from one of those leases the default.
Currently only supported on ifcfg network configuration style systems.
Configuration
=============
network-config:
gateway-dev: eth1

24
elements/network-gateway/os-refresh-config/configure.d/25-set-network-gateway
View File

@ -1,24 +0,0 @@
#!/bin/bash
# This script must run after init-neutron-ovs, otherwise the default route may
# be overwritten.
set -eux
set -o pipefail
new_gatewaydev=$(os-apply-config --key network-config.gateway-dev --type raw --key-default '')
if [ -z "$new_gatewaydev" ]; then
echo "\$new_gatewaydev not set"
exit 0
fi
if grep -e "^\s*GATEWAYDEV=" /etc/sysconfig/network; then
sed -i "s/GATEWAYDEV=.*/GATEWAYDEV=$new_gatewaydev/" /etc/sysconfig/network
else
echo "GATEWAYDEV=$new_gatewaydev" >> /etc/sysconfig/network
fi
# Restart the device to pick up the change immediately.
ifdown $new_gatewaydev
ifup $new_gatewaydev

5
elements/openvswitch/README.md
View File

@ -1,5 +0,0 @@
Install openvswitch from packages.
Enables the openvswitch service for systemd systems and
and adds an upstart script service to override the default
sysv one on systems with upstart.

2
elements/openvswitch/element-deps
View File

@ -1,2 +0,0 @@
os-svc-install
package-installs

22
elements/openvswitch/install.d/74-openvswitch
View File

@ -1,22 +0,0 @@
#!/bin/bash
set -eux
if [ "$DIB_INIT_SYSTEM" == "systemd" ] ; then
os-svc-enable -n openvswitch-switch
fi
if [ "$DIB_INIT_SYSTEM" == "upstart" ] ; then
echo "start on starting cloud-init-nonet" >> /etc/init/openvswitch-switch.override
if [ ! -f /etc/init/openvswitch-switch.conf ] ; then
cat << 'EOF' > /etc/init/openvswitch-switch.conf
# openvswitch-switch
# the purpose of this job is
# * start openvwitch-switch in upstart rather than SysV startup
pre-start script
export RUNLEVEL=2
/etc/init.d/openvswitch-switch start
end script
post-stop exec /etc/init.d/openvswitch-switch stop
EOF
fi
fi

1
elements/openvswitch/package-installs.yaml
View File

@ -1 +0,0 @@
openvswitch-switch_package:

10
elements/openvswitch/pkg-map
View File

@ -1,10 +0,0 @@
{
"family": {
"redhat": {
"openvswitch-switch_package": "openvswitch"
}
},
"default": {
"openvswitch-switch_package": "openvswitch-switch"
}
}

6
elements/os-apply-config/README.md
View File

@ -1,6 +0,0 @@
Install os-apply-config.
The contents of os-apply-config subdirectory in templates will be installed
into the default template directory automatically.
An os-refresh-config hook is created to invoke os-apply-config automatically.

3
elements/os-apply-config/element-deps
View File

@ -1,3 +0,0 @@
os-refresh-config
package-installs
pip-manifest

3
elements/os-apply-config/environment.d/10-os-apply-config-venv-dir.bash
View File

@ -1,3 +0,0 @@
if [ -z "${OS_APPLY_CONFIG_VENV_DIR:-}" ]; then
export OS_APPLY_CONFIG_VENV_DIR=${OPENSTACK_VENV_DIR:-"/opt/stack/venvs/os-apply-config"}
fi

6
elements/os-apply-config/install.d/11-create-template-root
View File

@ -1,6 +0,0 @@
#!/bin/bash
set -eux
TEMPLATE_ROOT=$(os-apply-config --print-templates)
mkdir -p $TEMPLATE_ROOT

10
elements/os-apply-config/install.d/99-install-config-templates
View File

@ -1,10 +0,0 @@
#!/bin/bash
# Note that this relies on the detail that all elements share one dir
# inside the chroot. This will copy all the files that elements have
# added to element/os-apply-config into the appropriate location.
set -eux
TEMPLATE_ROOT=$(os-apply-config --print-templates)
TEMPLATE_SOURCE=$(dirname $0)/../os-apply-config
mkdir -p $TEMPLATE_ROOT
[ -d $TEMPLATE_SOURCE ] && rsync --exclude='.*.swp' -Cr $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/

39
elements/os-apply-config/install.d/os-apply-config-source-install/10-os-apply-config
View File

@ -1,39 +0,0 @@
#!/bin/bash
set -eux
manifest=$(get-pip-manifest os-apply-config)
env | sort
if [[ "$DISTRO_NAME" == "debian" ]] && [[ "$DIB_RELEASE" == "stable" || "$DIB_RELEASE" == "bullseye" ]]
then
virtualenv $OS_APPLY_CONFIG_VENV_DIR
else
virtualenv --setuptools $OS_APPLY_CONFIG_VENV_DIR
fi
set +u
source $OS_APPLY_CONFIG_VENV_DIR/bin/activate
set -u
if [ -n "$manifest" ]; then
use-pip-manifest $manifest
else
# bug #1201253 : virtualenv-1.10.1 embeds setuptools-0.9.8, which
# doesn't manage correctly HTTPS sockets when downloading pbr from
# https://pypi.python.org/simple/ if using http_proxy and https_proxy
# envvars
$OS_APPLY_CONFIG_VENV_DIR/bin/pip install -U 'setuptools>=1.0'
# bug #1293812 : Avoid easy_install triggering on pbr.
$OS_APPLY_CONFIG_VENV_DIR/bin/pip install -U 'pbr>=0.11'
$OS_APPLY_CONFIG_VENV_DIR/bin/pip install -U os-apply-config
fi
# Write the manifest of what was installed
write-pip-manifest os-apply-config
ln -s $OS_APPLY_CONFIG_VENV_DIR/bin/os-apply-config /usr/local/bin/os-apply-config
set +u
deactivate
set -u

4
elements/os-apply-config/os-refresh-config/configure.d/20-os-apply-config
View File

@ -1,4 +0,0 @@
#!/bin/bash
set -ue
exec os-apply-config

4
elements/os-apply-config/package-installs.yaml
View File

@ -1,4 +0,0 @@
os-apply-config:
installtype: package
rsync:
phase: pre-install.d

17
elements/os-apply-config/pkg-map
View File

@ -1,17 +0,0 @@
{
"release": {
"debian": {
"bullseye": {
"os-apply-config": "python3-os-apply-config"
}
}
},
"family": {
"debian": {
"os-apply-config": "python-os-apply-config"
}
},
"default": {
"os-apply-config": "os-apply-config"
}
}

122
elements/os-collect-config/README.md
View File

@ -1,122 +0,0 @@
Setup os-collect-config to run as a system service. By default it will
run os-refresh-config on any changes.
Configuration
-------------
Heat Metadata can be used to configure os-collect-config:
os-collect-config:
command: os-refresh-config
cachedir: /var/run/os-collect-config
collectors:
- heat_local
- ec2
- cfn
polling_interval: 300
cfn:
metadata_url: http://foo:8000/v1
heat_metadata_hint: /var/lib/heat-cfntools/cfn-metadata-server
stack_name: required-stack-name
access_key_id: abcdefghijklmnop091234
secret_access_key: fffeeeeddddccccaaaa99999
path: ThisResource.Metadata
ca_certificate: /etc/ssl/ca.crt
ec2:
metadata_url: http://169.254.169.254/latest/meta-data
heat_local:
path: /var/lib/heat-cfntools/cfn-init-data
Note that `metadata_url` is optional, as it should be determined by the
file `heat_metadata_hint` refers to. This file is injected by Heat via
cloud-init at first boot. Those two parameters are the only optional
parameters. All of the others are required for the cfn data source
to function. Note that `ca_certificate` is also optional but required
in many cases where the metadata api is behind ssl.
`ec2` and `heat_local` do not require any configuration to work.
Typically the cfn collector is configured via EC2 metadata in a Heat
template:
Resources:
myserver:
Type: OS::Nova::Server
Properties:
...
Metadata:
os-collect-config:
cfn:
access_key_id:
Ref: Key
path: MyServerConfig.Metadata
secret_access_key:
Fn::GetAtt:
- Key
- SecretAccessKey
stack_name:
Ref: AWS::StackName
ca_certificate: /etc/ssl/ca.crt
The EC2 collector takes this metadata, passes it to os-apply-config
which in turn writes it out to /etc/os-collect-config.conf.
Note that the configuration references some other resources - a key
and access key, which are declared using:
Resources:
Key:
Properties:
UserName:
Ref: User
Type: AWS::IAM::AccessKey
User:
Properties:
Policies:
- Ref: AccessPolicy
Type: AWS::IAM::User
Note also that the IAM::User references an access policy which should
look like:
Resources:
AccessPolicy:
Properties:
AllowedResources:
- MyServerConfig
Type: OS::Heat::AccessPolicy
and, finally, the crucial bit is the MyServerConfig policy which is
referenced in the cfn collector configuration and the access policy:
Resources:
MyServerConfig:
Metadata:
os-collect-config:
cfn:
access_key_id:
Ref: Key
path: MyServerConfig.Metadata
secret_access_key:
Fn::GetAtt:
- Key
- SecretAccessKey
stack_name:
Ref: AWS::StackName
nova:
...
keystone:
...
Properties:
ImageId: '0'
InstanceType: foo
Type: AWS::AutoScaling::LaunchConfiguration
Essentially, this AutoScaling::LaunchConfiguration resource is a bunch
of boilerplate gunk to provide a metadata container from where the
os-collect-config cfn collector can pull configuration which will be
applied by os-apply-config. There's a os-collect-config section to
ensure the configuration from the EC2 metadata doesn't get
overwritten. And the rest is dummy values for the
LaunchConfiguration's required properties.

6
elements/os-collect-config/element-deps
View File

@ -1,6 +0,0 @@
os-apply-config
os-refresh-config
os-svc-install
package-installs
pip-manifest
source-repositories

3
elements/os-collect-config/environment.d/10-os-collect-config-venv-dir.bash
View File

@ -1,3 +0,0 @@
if [ -z "${OS_COLLECT_CONFIG_VENV_DIR:-}" ]; then
export OS_COLLECT_CONFIG_VENV_DIR=${OPENSTACK_VENV_DIR:-"/opt/stack/venvs/os-collect-config"}
fi

4
elements/os-collect-config/install.d/os-collect-config-package-install/10-enable-os-collect-config
View File

@ -1,4 +0,0 @@
#!/bin/bash
set -eux
os-svc-enable -n os-collect-config

80
elements/os-collect-config/install.d/os-collect-config-source-install/10-os-collect-config
View File

@ -1,80 +0,0 @@
#!/bin/bash
set -eux
manifest=$(get-pip-manifest os-collect-config)
if [[ "$DISTRO_NAME" == "debian" ]] && [[ "$DIB_RELEASE" == "stable" || "$DIB_RELEASE" == "bullseye" ]]
then
virtualenv $OS_COLLECT_CONFIG_VENV_DIR
else
virtualenv --setuptools $OS_COLLECT_CONFIG_VENV_DIR
fi
set +u
source $OS_COLLECT_CONFIG_VENV_DIR/bin/activate
set -u
if [ -n "$manifest" ]; then
use-pip-manifest $manifest
else
# Need setuptools>=1.0 to manage connections when
# downloading from pypi using http_proxy and https_proxy
$OS_COLLECT_CONFIG_VENV_DIR/bin/pip install -U 'setuptools>=1.0'
# bug #1293812 : Avoid easy_install triggering on pbr.
$OS_COLLECT_CONFIG_VENV_DIR/bin/pip install -U 'pbr>=0.11'
$OS_COLLECT_CONFIG_VENV_DIR/bin/pip install -U os-collect-config
fi
# Write the manifest of what was installed
write-pip-manifest os-collect-config
ln -s $OS_COLLECT_CONFIG_VENV_DIR/bin/os-collect-config /usr/local/bin/os-collect-config
# Minimal static config for bootstrapping
cat > /etc/os-collect-config.conf <<eof
[DEFAULT]
command=os-refresh-config
eof
chmod 600 /etc/os-collect-config.conf
if [ "$DIB_INIT_SYSTEM" == "upstart" ] ; then
cat > /etc/init/os-collect-config.conf <<eof
start on runlevel [2345]
stop on runlevel [016]
respawn
# We're logging to syslog
console none
exec os-collect-config 2>&1 | logger -t os-collect-config
eof
elif [ "$DIB_INIT_SYSTEM" == "systemd" ] ; then
if [ -d "/lib/systemd" ]; then
path=/lib/systemd/system/os-collect-config.service
else
path=/usr/lib/systemd/system/os-collect-config.service
fi
cat > $path <<eof
[Unit]
Description=Collect metadata and run hook commands.
After=cloud-config.service
Before=crond.service
[Service]
ExecStart=/usr/local/bin/os-collect-config
Restart=on-failure
[Install]
WantedBy=multi-user.target
eof
else
echo Only systems with systemd or upstart are supported.
exit 1
fi
os-svc-enable -n os-collect-config
set +u
deactivate
set -u

60
elements/os-collect-config/os-apply-config/etc/os-collect-config.conf
View File

@ -1,60 +0,0 @@
[DEFAULT]
{{^os-collect-config.command}}
command = os-refresh-config
{{/os-collect-config.command}}
{{#os-collect-config}}
{{#command}}
command = {{command}}
{{/command}}
{{#polling_interval}}
polling_interval = {{polling_interval}}
{{/polling_interval}}
{{#cachedir}}
cachedir = {{cachedir}}
{{/cachedir}}
{{#collectors}}
collectors = {{.}}
{{/collectors}}
{{#cfn}}
[cfn]
{{#metadata_url}}
metadata_url = {{metadata_url}}
{{/metadata_url}}
stack_name = {{stack_name}}
secret_access_key = {{secret_access_key}}
access_key_id = {{access_key_id}}
path = {{path}}
{{#ca_certificate}}
ca_certificate = {{.}}
{{/ca_certificate}}
{{/cfn}}
{{#heat}}
[heat]
auth_url = {{auth_url}}
user_id = {{user_id}}
password = {{password}}
project_id = {{project_id}}
stack_id = {{stack_id}}
resource_name = {{resource_name}}
{{/heat}}
{{#zaqar}}
[zaqar]
auth_url = {{auth_url}}
user_id = {{user_id}}
password = {{password}}
project_id = {{project_id}}
queue_id = {{queue_id}}
{{#use_websockets}}
use_websockets = {{.}}
{{/use_websockets}}
{{/zaqar}}
{{#request}}
[request]
metadata_url = {{metadata_url}}
{{/request}}
{{/os-collect-config}}

1
elements/os-collect-config/os-apply-config/etc/os-collect-config.conf.oac
View File

@ -1 +0,0 @@
mode: 0600

10
elements/os-collect-config/package-installs.yaml
View File

@ -1,10 +0,0 @@
os-collect-config:
installtype: package
build-essential:
libxml2-dev:
libz-dev:
libxslt-dev:
python-dev:
dib_python_version: 2
python3-dev:
dib_python_version: 3

32
elements/os-collect-config/pkg-map
View File

@ -1,32 +0,0 @@
{
"release": {
"ubuntu": {
"focal": {
"python-dev": "python3-dev"
}
}
},
"release": {
"debian": {
"bullseye": {
"os-collect-config": "python3-os-collect-config"
}
}
},
"family": {
"debian": {
"os-collect-config": "python-os-collect-config"
},
"suse": {
"libxml2-dev": "libxml2-devel",
"libz-dev": "zlib-devel",
"libxslt-dev": "libxslt-devel",
"python-dev": "python-devel",
"python3-dev": "python3-devel",
"build-essential": "pattern:devel_basis"
}
},
"default": {
"os-collect-config": "os-collect-config"
}
}

40
elements/os-refresh-config/README.md
View File

@ -1,40 +0,0 @@
Install os-refresh-config
=========================
os-refresh-config uses dib-run-parts to run scripts in a pre-defined set
of directories. Its intended purpose is to quiesce (pre-configure.d),
configure (configure.d), migrate (migration.d), and then activate
(post-configure.d) a configuration on first boot or in response to Heat
Metadata changes.
To cause a script to be run on every os-refresh-config run, install
it into one of the following directories:
/opt/stack/os-config-refresh/pre-configure.d
/opt/stack/os-config-refresh/configure.d
/opt/stack/os-config-refresh/migration.d
/opt/stack/os-config-refresh/post-configure.d
If you want to have os-refresh-config run on any updates to a particular
Resource in the heat stack, you will need at the minimum the following snippet
of json in this instance's Metadata:
{
"OpenStack::Config": {
"heat": {
"access_key_id": {"Ref": "ApiKeyResource"},
"secret_key": {"Fn::GetAtt": [ "ApiKeyResource", "SecretAccessKey" ]},
"refresh": [ {"resource": "SomeResource"} ],
"stack": {Ref: 'AWS::Stack'},
"region": {Ref: 'AWS::Region'}
}
}
}
If you would like to signal a wait condition at the end of
post-configure.d, a generic name of 'completion-handle' can be used
like so:
{
"completion-handle": {"Ref": "CompletionHandleName"}
}

5
elements/os-refresh-config/element-deps
View File

@ -1,5 +0,0 @@
os-apply-config
package-installs
pip-and-virtualenv
pip-manifest
source-repositories

7
elements/os-refresh-config/install.d/99-os-refresh-config-install-scripts
View File

@ -1,7 +0,0 @@
#!/bin/bash
set -eux
SCRIPT_BASE=$(os-refresh-config --print-base)
SCRIPT_SOURCE=$(dirname $0)/../os-refresh-config
rsync -r $SCRIPT_SOURCE/ $SCRIPT_BASE/

46
elements/os-refresh-config/install.d/os-refresh-config-source-install/10-os-refresh-config
View File

@ -1,46 +0,0 @@
#!/bin/bash
# We need to install this early in install.d because other elements will
# need to use os-refresh-config --print-base to know where to put files
set -eux
manifest=$(get-pip-manifest os-refresh-config)
# pip and virtualenv is installed by the pip-and-virtualenv element
if [[ "$DISTRO_NAME" == "debian" ]] && [[ "$DIB_RELEASE" == "stable" || "$DIB_RELEASE" == "bullseye" ]]
then
virtualenv /opt/stack/venvs/os-refresh-config
else
virtualenv --setuptools /opt/stack/venvs/os-refresh-config
fi
set +u
source /opt/stack/venvs/os-refresh-config/bin/activate
set -u
if [ -n "$manifest" ]; then
use-pip-manifest $manifest
else
# Need setuptools>=1.0 to manage connections when
# downloading from pypi using http_proxy and https_proxy
/opt/stack/venvs/os-refresh-config/bin/pip install -U pip
/opt/stack/venvs/os-refresh-config/bin/pip install -U 'setuptools>=1.0'
# bug #1293812 : Avoid easy_install triggering on pbr.
/opt/stack/venvs/os-refresh-config/bin/pip install -U 'pbr>=0.11'
/opt/stack/venvs/os-refresh-config/bin/pip install -U os-refresh-config
fi
# Write the manifest of what was installed
write-pip-manifest os-refresh-config
ln -s /opt/stack/venvs/os-refresh-config/bin/os-refresh-config /usr/local/bin/os-refresh-config
ln -s /opt/stack/venvs/os-refresh-config/bin/dib-run-parts /usr/local/bin/dib-run-parts
for d in pre-configure.d configure.d migration.d post-configure.d; do
install -m 0755 -o root -g root -d $(os-refresh-config --print-base)/$d
done
set +u
deactivate
set -u

0
elements/os-refresh-config/os-refresh-config/.git-keep-empty
View File

85
elements/os-refresh-config/os-refresh-config/post-configure.d/99-refresh-completed
View File

@ -1,85 +0,0 @@
#!/bin/bash
set -eux
# Some templates explictly pass completion-handle/completion-signal in the
# StructuredConfig data, if we find a handle, send a completion signal
# Note, this for backwards compatibility, in general the logic below should be
# used instead, where a per-deployment signal is sent using the handle provided
# automatically by heat
HANDLE=$(os-apply-config --key completion-handle --type raw --key-default "")
SIGNAL=$(os-apply-config --key completion-signal --type raw --key-default "")
ID=$(os-apply-config --key instance-id --type raw --key-default "")
[ -n "$ID" ] || exit 0
call_curl() {
local method=$1
local url=$2
local output=$(mktemp)
status=$(curl -s -w %{http_code} -X $method -H 'Content-Type: application/json' -o $output --data-binary "{\"Status\" : \"SUCCESS\",\"Reason\" : \"Configuration Complete\",\"UniqueId\" : \"$ID\",\"Data\" : \"Finished os-refresh-config.\"}" $url)
cat $output
rm $output
if [ "$status" != "200" ]; then
exit 1
fi
}
call_curl_deployment() {
local method=$1
local url=$2
local stdout=$3
local output=$(mktemp)
status=$(curl -s -w %{http_code} -X $method -H 'Content-Type: application/json' -o $output --data-binary "{\"deploy_stdout\": \"$stdout\", \"deploy_status_code\": \"0\"}" $url)
cat $output
rm $output
if [ "$status" != "200" ]; then
exit 1
fi
}
# Signals use POST, wait handles use PUT
if [ -n "$HANDLE" ]; then
call_curl PUT $HANDLE
fi
if [ -n "$SIGNAL" ]; then
call_curl POST $SIGNAL
fi
# This extracts "deploy_signal_id" from any deployments of group "os-apply-config"
# deploy_signal_id is a pre-signed URL when CFN_SIGNAL is specified, it's not
# included if NO_SIGNAL is specified. Won't yet work with HEAT_SIGNAL.
# We also include the id, which provides a means to identify when a config
# being deployed has changed. DEPLOYMENTS is a list of concatenated ID+URL.
#
# The jq is really hard to read, so here's the process line by line:
# 1. Extract all deployments data via os-apply-config
# 2. Select all which have a config group of "os-apply-config"
# 3. Filter further for only deployments with a deploy_signal_id input
# thus avoiding NO_SIGNAL deployments
# 4. Extract and join the "id" key and the input value for deploy_signal_id
# 5. Print the elements of the resulting list to enable for loop iteration
DEPLOYMENTS=$(os-apply-config --key deployments --type raw --key-default "" |
jq -r "map(select(.group == \"os-apply-config\") |
select(.inputs[].name == \"deploy_signal_id\") |
.id + (.inputs | map(select(.name == \"deploy_signal_id\")) | .[].value)) |
.[]")
# We store a file per deployment similar to how heat-config stores them under
# /var/lib/heat-config/deployed, here we use /var/lib/os-apply-config-deployments/deployed
DEPLOYED_DIR="/var/lib/os-apply-config-deployments/deployed"
if [ ! -d $DEPLOYED_DIR ]; then
mkdir -p $DEPLOYED_DIR
fi
for dep in ${DEPLOYMENTS}
do
DEPLOY_ID=$(echo $dep | sed "s/http.*$//")
DEPLOY_URL=$(echo $dep | sed "s/^.*http/http/")
if [ ! -f $DEPLOYED_DIR/$DEPLOY_ID ]; then
echo "Signalling os-apply-config deployment $DEPLOY_ID $DEPLOY_URL"
call_curl_deployment POST $DEPLOY_URL "os-apply-config deployment $DEPLOY_ID completed"
touch $DEPLOYED_DIR/$DEPLOY_ID
else
echo "Skipping $DEPLOY_ID, already deployed"
fi
done

3
elements/os-refresh-config/package-installs.yaml
View File

@ -1,3 +0,0 @@
jq:
os-refresh-config:
installtype: package

17
elements/os-refresh-config/pkg-map
View File

@ -1,17 +0,0 @@
{
"release": {
"debian": {
"bullseye": {
"os-refresh-config": "python3-os-refresh-config"
}
}
},
"family": {
"debian": {
"os-refresh-config": "python-os-refresh-config"
}
},
"default": {
"os-refresh-config": "os-refresh-config"
}
}

34
elements/os-svc-install/README.md
View File

@ -1,34 +0,0 @@
Command line utilities to simplify installation of OpenStack services.
## os-svc-install
Given a git repo url, pip-install the repo and all of its python dependencies into a virtualenv.
NOTE: By default the virtualenv is installed to /opt/stack/venvs/SERVICENAME but this can be customized.
NOTE: By default services do not autostart until os-svc-enable is called.
## os-svc-daemon
Given a system service command line and run-as user, generate and install system service start script. See output of `os-svc-daemon -h` for online help.
## os-svc-enable
Enable the given service name so it starts on boot.
This is typically called in an os-refresh-config/post-configure.d script to
enable a service once it has been fully configured.
## os-svc-enable-upstart (upstart distros only)
Given an upstart job and an action, acts on the enabled or disabled state
of jobs produced by os-svc-daemon. This requires the os-svc-enable upstart
job which is installed by this element as well. There is also an action,
'enabled', which allows checking whether or not a service is enabled;
the command exits 0 if it is enabled, or 1 if it is not. A disabled
service will not be started automatically nor can it be manually started.
## example usage
```bash
# clone nova, and install it and its dependencies to /opt/stack/venvs/nova
os-svc-install -u nova -r https://opendev.org/openstack/nova.git
# install a system-start script for nova-api
os-svc-daemon -e 'foo=bar bar=baz' -n nova-api -u nova -c /opt/stack/venvs/nova/bin/nova-api -- --config-dir /etc/nova
# enable nova-api so that it starts on boot
os-svc-enable -n nova-api
```

0
elements/os-svc-install/__init__.py
View File

93
elements/os-svc-install/bin/map-services-tripleo
View File

@ -1,93 +0,0 @@
#!/usr/bin/env python3
# dib-lint: disable=indent
# Copyright 2012 Hewlett-Packard Development Company, L.P.
# Copyright 2014 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import sys
# Manually maintained for brevity; consider making this compiled from
# distromatch or other rich data sources.
# TripleO service name on the left, Fedora/RHEL on the right.
service_map = {
'apache2': 'httpd',
'ceilometer-api': 'openstack-ceilometer-api',
'ceilometer-agent-central': 'openstack-ceilometer-central',
'ceilometer-agent-compute': 'openstack-ceilometer-compute',
'ceilometer-agent-notification': 'openstack-ceilometer-notification',
'ceilometer-collector': 'openstack-ceilometer-collector',
'cinder-api': 'openstack-cinder-api',
'cinder-backup': 'openstack-cinder-backup',
'cinder-scheduler': 'openstack-cinder-scheduler',
'cinder-volume': 'openstack-cinder-volume',
'glance-api': 'openstack-glance-api',
'glance-reg': 'openstack-glance-registry',
'heat-api': 'openstack-heat-api',
'heat-api-cfn': 'openstack-heat-api-cfn',
'heat-api-cloudwatch': 'openstack-heat-api-cloudwatch',
'heat-engine': 'openstack-heat-engine',
'ironic-api': 'openstack-ironic-api',
'ironic-conductor': 'openstack-ironic-conductor',
'keystone': 'openstack-keystone',
'libvirt-bin': 'libvirtd',
'mysql': ['mysqld', 'mariadb'],
'nova-conductor': 'openstack-nova-conductor',
'nova-api': 'openstack-nova-api',
'nova-cert': 'openstack-nova-cert',
'nova-scheduler': 'openstack-nova-scheduler',
'nova-consoleauth': 'openstack-nova-consoleauth',
'nova-compute': 'openstack-nova-compute',
'nova-novncproxy': 'openstack-nova-novncproxy',
'openvswitch-switch': 'openvswitch',
'rsync': 'rsyncd',
'swift-proxy': 'openstack-swift-proxy',
'swift-account': 'openstack-swift-account',
'swift-account-auditor': 'openstack-swift-account-auditor',
'swift-account-reaper': 'openstack-swift-account-reaper',
'swift-account-replicator': 'openstack-swift-account-replicator',
'swift-container': 'openstack-swift-container',
'swift-container-auditor': 'openstack-swift-container-auditor',
'swift-container-replicator': 'openstack-swift-container-replicator',
'swift-container-updater': 'openstack-swift-container-updater',
'swift-object': 'openstack-swift-object',
'swift-object-auditor': 'openstack-swift-object-auditor',
'swift-object-replicator': 'openstack-swift-object-replicator',
'swift-object-updater': 'openstack-swift-object-updater',
'tgt': 'tgtd',
}
print("WARNING: map-services has been deprecated. "
"Please use the svc-map element.", file=sys.stderr)
for arg in sys.argv[1:]:
# We need to support the service name being different when installing from
# source vs. packages. So, if the requested service file already exists,
# just use that.
if os.path.exists('/lib/systemd/system/%s.service' % arg):
print(arg)
else:
mapping = service_map.get(arg, arg)
# Handle cases where a service may map to multiple names depending on
# which specific distribution we're using.
if isinstance(mapping, list):
for name in mapping:
if os.path.exists('/lib/systemd/system/%s.service' % name):
print(name)
break
else:
# We didn't find a match for any of the mappings.
print(arg)
else:
print(mapping)
sys.exit(0)

18
elements/os-svc-install/bin/os-db-create
View File

@ -1,18 +0,0 @@
#!/bin/bash
set -eu
function create_db() {
local sql="
create database if not exists $1;
grant all on $1.* to '$2'@'localhost' identified by '$3';
grant all on $1.* to '$2'@'%' identified by '$3';
flush privileges;"
echo "$sql" | mysql
}
if [ $# -lt 3 ]; then
echo "Usage: os-db-create DB_NAME DB_USER DB_PASS"
exit 1
fi
create_db $*

261
elements/os-svc-install/bin/os-svc-daemon
View File

@ -1,261 +0,0 @@
#!/bin/bash
set -eu
DEFAULT_POSTSTART="exec sleep 1"
usage() {
echo "Usage: os-svc-daemon [ -ph ] [ -s POSTSTART ] [ -e ENV ] -n SERVICENAME -u RUNAS [ -c RUNCMD -- [arg [arg...]]]"
echo ""
echo "SERVICENAME, RUNAS, RUNCMD, and POSTSTART can be set via the"
echo "environment as well. Command line arguments will override"
echo "environment variables. By default this will create a python logging"
echo "configuration file in /etc/os-logging/servicename.conf"
echo ""
echo " -a Use alternate svc-map instead of map-services"
echo " -h Show help and exit"
echo " -p Print the job file instead of writing to disk"
echo " -l Create neither a python logging.conf nor pass --log-config-append argument to command."
echo " -d [NAME] Specify the name of the runtime directory, which will be"
echo " /var/run/[NAME]"
echo " -s POSTSTART post_start will be added to the upstart job. Ignored with systemd."
echo " default: $DEFAULT_POSTSTART"
echo " -e ENV Environment name=value entries to set in the service/job"
echo " -n SERVICENAME Name of job/service file."
echo " -i INSTALLDIR Optional: virtualenv installation directory. Defaults to: /opt/stack/venvs/<SERVICENAME>"
echo " -u RUNAS User to run main executable as."
echo " -c RUNCMD Command to execute. Must stay in foreground."
echo " arg... Arguments will be passed to COMMAND"
echo ""
}
# Can be set in environment now
SERVICENAME=${SERVICENAME:-""}
INSTALLDIR=
RUNAS=${RUNAS:-""}
RUNCMD=${RUNCMD:-""}
ENV=${ENV:-""}
DISABLE_LOGGING_CONF=
CREATE_DIR_NAME=${CREATE_DIR_NAME:-""}
# The default helps avoid race with daemon listening. http://pad.lv/1179766
POSTSTART=${POSTSTART:-$DEFAULT_POSTSTART}
MAPPING_COMMAND=map-services
print_only() {
cat
}
print_to_file() {
cat > $1
}
append_to_file() {
cat >> $1
}
OUTPUT=print_to_file
APPEND=append_to_file
nshift=0
while getopts "aplhd:s:n:i:u:c:e:" opt; do
case "$opt" in
n) SERVICENAME=$OPTARG;;
i) INSTALLDIR=$OPTARG;;
u) RUNAS=$OPTARG;;
c) RUNCMD=$OPTARG;;
s) POSTSTART=$OPTARG;;
e) ENV=$OPTARG;;
a) MAPPING_COMMAND=svc-map;;
p) OUTPUT=print_only; APPEND=print_only;;
l) DISABLE_LOGGING_CONF="1";;
d) CREATE_DIR_NAME=$OPTARG;;
h) usage; exit 0;;
\?) usage; exit 1;;
:) usage; exit 1;;
esac
done
shift $(($OPTIND-1))
if [ -z "$SERVICENAME" ] || [ -z "$RUNAS" ] ; then
if [ $# -lt 3 ] ; then
usage
exit 1
fi
fi
function deprecated_posarg_warning {
echo "WARNING: Setting $1 via positional argument is deprecated and will be removed in a future release."
}
# Compatibility with old style passing w/o switches
if [ -z "$SERVICENAME" ]; then
SERVICENAME=$1
shift
deprecated_posarg_warning "SERVICENAME"
fi
if [ -z "$RUNAS" ]; then
RUNAS=$1
shift
deprecated_posarg_warning "RUNAS"
fi
if [ -z "$RUNCMD" ]; then
CHECK=${1:-""}
if [ -n "$CHECK" ]; then
RUNCMD=$1
shift
deprecated_posarg_warning "CHECK"
fi
fi
# if INSTALLDIR isn't set use /opt/stack/venvs/RUNAS
# NOTE: this was our default before adding the -i option
if [ -z "$INSTALLDIR" ]; then
INSTALLDIR="/opt/stack/venvs/$RUNAS"
fi
if [ -z "$DISABLE_LOGGING_CONF" ]; then
# Set up service-specific logging config
LOGGING_CONFIG="/etc/os-logging/$SERVICENAME.config"
mkdir /etc/os-logging || true
$OUTPUT $LOGGING_CONFIG <<EOF
[loggers]
keys=root
[handlers]
keys=syslog
[formatters]
keys=normal
[logger_root]
handlers=syslog
[handler_syslog]
class=handlers.SysLogHandler
args=('/dev/log', handlers.SysLogHandler.LOG_USER)
formatter=normal
[formatter_normal]
format=$SERVICENAME: %(asctime)s %(levelname)s %(message)s
EOF
fi
function install_upstart {
local name=$1
local install_dir=$2
local user=$3
local dirname=${4:-$user}
local cmd=$5
shift; shift; shift; shift; shift
local args=$*
local env_entries=''
if [ -n "$ENV" ]; then
local env_pad=" $ENV"
env_entries=${env_pad// /
env }
fi
local target_file="/etc/init/$name.conf"
if [ -z "$DISABLE_LOGGING_CONF" ]; then
args="--log-config-append $LOGGING_CONFIG $args"
fi
$OUTPUT $target_file <<EOF
start on runlevel [2345]
stop on runlevel [016]
$env_entries
env OS_SVC_ENABLE_CONTROL=1
export OS_SVC_ENABLE_CONTROL
pre-start script
mkdir -p /var/run/$dirname
chown -R $user:$user /var/run/$dirname
end script
EOF
if [ -n "$cmd" ]; then
$APPEND $target_file <<EOF
respawn
# the default post-start of 1 second sleep delays respawning enough to
# not hit the default of 10 times in 5 seconds. Make it 2 times in 10s.
respawn limit 2 10
exec start-stop-daemon --start -c $user --exec $install_dir/bin/$cmd -- $args
post-start $POSTSTART
EOF
fi
}
function install_systemd {
local name=$1
local install_dir=$2
local user=$3
local cmd=$4
shift; shift; shift; shift;
local args=$*
local env_entries=''
if [ -n "$ENV" ]; then
local env_pad=" $ENV"
env_entries=${env_pad// /
Environment=}
fi
if [ -z "$DISABLE_LOGGING_CONF" ]; then
args="--log-config-append $LOGGING_CONFIG $args"
fi
$OUTPUT /lib/systemd/system/$name.service <<EOF
[Unit]
Description=$name Service
After=os-refresh-config.service
Requires=$name-create-dir.service
[Service]
ExecStart=$install_dir/bin/$cmd $args
User=$user
$env_entries
[Install]
WantedBy=multi-user.target
Alias=$name.service
EOF
}
function install_create_dir_systemd {
local name="$($MAPPING_COMMAND "$1")"
local user=$2
local dirname=${3:-$user}
$OUTPUT /lib/systemd/system/$name-create-dir.service <<EOF
[Unit]
Description=Create /var/run/$dirname
[Service]
ExecStartPre=/bin/mkdir -p /var/run/$dirname
ExecStartPre=/usr/local/bin/restore-selinux-file-context /var/run/$dirname
ExecStart=/bin/chown -R $user:$user /var/run/$dirname
[Install]
RequiredBy=$name.service
EOF
}
# TODO: SysV init fallback support
DIB_INIT_SYSTEM=$(dib-init-system)
if [ "$DIB_INIT_SYSTEM" == "upstart" ]; then
install_upstart $SERVICENAME $INSTALLDIR $RUNAS "$CREATE_DIR_NAME" "$RUNCMD" $*
elif [ "$DIB_INIT_SYSTEM" == "systemd" ]; then
if [ "$POSTSTART" != "$DEFAULT_POSTSTART" ] ; then
echo "WARNING: post start is ignored with systemd." >&2
fi
if [ -n "$RUNCMD" ]; then
install_systemd $SERVICENAME $INSTALLDIR $RUNAS $RUNCMD $*
fi
install_create_dir_systemd $SERVICENAME $RUNAS $CREATE_DIR_NAME
fi

70
elements/os-svc-install/bin/os-svc-enable
View File

@ -1,70 +0,0 @@
#!/bin/bash
#
# Copyright 2013 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
usage() {
echo "Usage: os-svc-enable -n SERVICENAME"
echo ""
echo " -a Use alternate svc-map instead of map-services"
echo " -h Show help and exit"
echo " -n SERVICENAME Name of job/service file."
echo ""
exit $1
}
SERVICENAME=${SERVICENAME:-""}
MAPPING_COMMAND=map-services
nshift=0
while getopts "ahn:" opt; do
case "$opt" in
n) SERVICENAME=$OPTARG;;
h) usage 0;;
a) MAPPING_COMMAND=svc-map;;
\?) usage 1;;
:) usage 1;;
esac
done
shift $(($OPTIND-1))
if [ -z "$SERVICENAME" ] ; then
usage 1
fi
function enable_upstart_service() {
local name="$1"
os-svc-enable-upstart "$name" enable
}
function enable_systemd_service() {
local name="$1"
local service_name="$($MAPPING_COMMAND "$name")"
systemctl enable "$service_name.service"
# Also enable the create-dir service if it exists
if [ -f "/usr/lib/systemd/system/$service_name-create-dir.service" ]; then
systemctl enable "$service_name-create-dir.service"
fi
}
# TODO: SysV init fallback support
DIB_INIT_SYSTEM=$(dib-init-system)
if [ "$DIB_INIT_SYSTEM" = "upstart" ]; then
enable_upstart_service "$SERVICENAME"
elif [ "$DIB_INIT_SYSTEM" = "systemd" ]; then
enable_systemd_service "$SERVICENAME"
fi

81
elements/os-svc-install/bin/os-svc-enable-upstart
View File

@ -1,81 +0,0 @@
#!/bin/bash
#
# Copyright 2013 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
job_name=${1:-}
action=${2:-}
function usage() {
echo "usage: $(basename $0) job_name [enable|disable|enabled|clear]"
}
if [ -z "$job_name" ] || [ -z "$action" ] ; then
usage
exit 1
fi
OS_UPSTART_STATE_DIR=${OS_UPSTART_STATE_DIR:-/var/lib/os-svc-enable-upstart}
if [ "$action" != "enabled" ] ; then
if ! [ -d "$OS_UPSTART_STATE_DIR" ] ; then
if ! mkdir -p $OS_UPSTART_STATE_DIR ; then
echo "ERROR: $OS_UPSTART_STATE_DIR does not exist or is not a directory."
exit 1
fi
fi
if ! [ -w "$OS_UPSTART_STATE_DIR" ] ; then
if ! chmod +w $OS_UPSTART_STATE_DIR ; then
echo "ERROR: $OS_UPSTART_STATE_DIR is not writable."
exit 1
fi
fi
fi
if [ ! -e "/etc/init/${job_name}.conf" ] ; then
# Perhaps it's an init.d script.
if [ "$action" = "enable" -a -e "/etc/init.d/$job_name" ]; then
update-rc.d $job_name defaults 2>/dev/null
exit 0
else
echo "WARNING: $job_name does not exist!"
fi
fi
enable_file="${OS_UPSTART_STATE_DIR}/${job_name}.enable"
case $action in
clear)
rm -f $enable_file
;;
enable)
# Upstart jobs can have sub directories
enable_file_home=$(dirname $enable_file)
mkdir -p $enable_file_home
touch $enable_file
;;
disable)
rm -f $enable_file
;;
enabled)
if [ -e "$enable_file" ] ; then
exit 0
fi
exit 1
;;
esac

149
elements/os-svc-install/bin/os-svc-install
View File

@ -1,149 +0,0 @@
#!/bin/bash
set -eux
function python_install() {
local svc_root=$1
local install_dir=$2
local system_site_packages=${3:-"False"}
local name=$(basename $install_dir)
local svc_manifest=$(get-pip-manifest $name)
SITE_PCKGS="--no-site-packages"
if [ $system_site_packages == "True" ]; then
SITE_PCKGS="--system-site-packages"
fi
mkdir -p $(dirname $install_dir)
virtualenv $SITE_PCKGS $install_dir
set +u
source $install_dir/bin/activate
set -u
# If given an exact deps list, use it, and upgrade to the local git service
if [ -n "$svc_manifest" ]; then
use-pip-manifest $svc_manifest
else
if [ -e $svc_root/requirements.txt ]; then
reqs=$svc_root/requirements.txt
elif [ -e $svc_root/tools/pip-requires ]; then
reqs=$svc_root/tools/pip-requires
else
reqs=""
fi
# bug #1201253 : virtualenv-1.10.1 embeds setuptools-0.9.8, which
# doesn't manage correctly HTTPS sockets when downloading pbr from
# https://pypi.python.org/simple/ if using http_proxy and
# https_proxy envvars
pip install -U 'setuptools>=1.0'
# bug #1293812 : Avoid easy_install triggering on pbr.
pip install -U 'pbr>=0.11'
if [ -n "$reqs" ] ; then
# Install requirements off source repo if the install type
# "source" has been specified and a cloned repo exists.
for i in $(cat $reqs | grep -v ^# | grep -v ^$ | awk -F'[=><]' '{print $1}') ; do
INSTALL_TYPE_VAR=DIB_INSTALLTYPE_${i//[^A-Za-z0-9]/_}
INSTALL_TYPE=${!INSTALL_TYPE_VAR:-source}
GIT_CLONE_DIR="/opt/stack/$i"
if [ "$INSTALL_TYPE" = "source" ] && [ -d "$GIT_CLONE_DIR" ] ; then
pip install $GIT_CLONE_DIR
fi
done
pip install -r $reqs
fi
fi
# Always replay this, as we cannot use the entry this would generate in the manifest
pip install $svc_root
# Write the manifest of what was installed
write-pip-manifest $name
set +u
deactivate
set -u
}
function install_os_service() {
local user=$1
local repo=$(echo $2 | sed 's/github.com/review.opendev.org/')
local branch=$3
local directory=$4
local system_site_packages=$5
id $user || useradd $user --system -d /var/run/$user -s /bin/false
install -d -m 0750 -o $user -g $user /etc/$user
local svc_root=/opt/stack/$user
local git_dir="--git-dir $svc_root/.git"
# if the repository is an absolute local path then
# we assume its present, on the correct branch and use it
# this would be the case when the source was retrieved by
# the source-repositories element
if [ "${repo:0:1}" = "/" ] ; then
python_install $repo $directory $system_site_packages
elif [ ! -e $svc_root ]; then
git clone --depth=1 -b $branch $repo $svc_root
python_install $svc_root $directory $system_site_packages
else
if ! git $git_dir remote -v | grep $repo; then
echo "ERROR: $svc_root exists and did not come from $repo"
exit 1
fi
actual_rev=$(git $git_dir show | head -1 | awk '{print $2}')
git $git_dir checkout $branch
expected_rev=$(git $git_dir show | head -1 | awk '{print $2}')
if [ "$expected_rev" != "$actual_rev" ]; then
echo "ERROR: $repo exists and is not on rev $branch"
exit 1
fi
fi
}
function usage() {
echo "options:"
echo " -h show usage and exit"
echo " -r service's git repo url"
echo " -b repo branch or ref (default 'master')"
echo " -i Optional: installation directory for the virtualenv."
echo " If not specified defaults to /opt/stack/venv/<service_name>."
echo " -u name of the service run-as user"
echo " -s enable --system-site-packages in the virtualenv."
}
user=
repo=
install_dir=
system_site_packages="False"
while getopts hsr:u:b:i: opt; do
case "$opt" in
u) user=$OPTARG;;
i) install_dir=$OPTARG;;
h) usage; exit 0;;
r) repo=$OPTARG;;
b) branch=$OPTARG;;
s) system_site_packages="True";;
\?) usage; exit 1;;
:) usage; exit 1;;
esac
done
branch=${branch:-master}
if [[ -z "$user" || -z "$repo" ]]; then
echo "missing required parameter"
exit 1
fi
if [[ -z "$install_dir" ]]; then
install_dir="/opt/stack/venvs/$user"
fi
install-packages python-dev git-core gcc libc6-dev libxml2-dev libxslt-dev libz-dev
install_os_service "$user" "$repo" "$branch" "$install_dir" "$system_site_packages"

65
elements/os-svc-install/bin/os-svc-restart
View File

@ -1,65 +0,0 @@
#!/bin/bash
#
# Copyright 2013 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
usage() {
echo "Usage: os-svc-restart -n SERVICENAME"
echo ""
echo " -a Use alternate svc-map instead of map-services"
echo " -h Show help and exit"
echo " -n SERVICENAME Name of job/service file."
echo ""
exit $1
}
SERVICENAME=${SERVICENAME:-""}
MAPPING_COMMAND=map-services
nshift=0
while getopts "ahn:" opt; do
case "$opt" in
n) SERVICENAME=$OPTARG;;
h) usage 0;;
a) MAPPING_COMMAND=svc-map;;
\?) usage 0;;
:) usage 1;;
esac
done
shift $(($OPTIND-1))
if [ -z "$SERVICENAME" ] ; then
usage 1
fi
function restart_upstart_service {
local name="$1"
service "$name" restart
}
function restart_systemd_service {
local name="$1"
systemctl restart "$($MAPPING_COMMAND "$name").service"
}
# TODO: SysV init fallback support
DIB_INIT_SYSTEM=$(dib-init-system)
if [ "$DIB_INIT_SYSTEM" == "upstart" ]; then
restart_upstart_service "$SERVICENAME"
elif [ "$DIB_INIT_SYSTEM" == "systemd" ]; then
restart_systemd_service "$SERVICENAME"
fi

3
elements/os-svc-install/element-deps
View File

@ -1,3 +0,0 @@
pip-and-virtualenv
pip-manifest
svc-map

16
elements/os-svc-install/install.d/04-os-svc-install
View File

@ -1,16 +0,0 @@
#!/bin/bash
set -eux
install -m 0755 -o root -g root $(dirname $0)/../bin/os-svc-install /usr/local/bin/os-svc-install
install -m 0755 -o root -g root $(dirname $0)/../bin/os-svc-daemon /usr/local/bin/os-svc-daemon
install -m 0755 -o root -g root $(dirname $0)/../bin/os-db-create /usr/local/bin/os-db-create
install -m 0755 -o root -g root $(dirname $0)/../bin/os-svc-enable /usr/local/bin/os-svc-enable
install -m 0755 -o root -g root $(dirname $0)/../bin/map-services-tripleo /usr/local/bin/map-services
if [ "$(dib-init-system)" = "upstart" ] ; then
install -m 0755 -o root -g root $(dirname $0)/../bin/os-svc-enable-upstart /usr/local/bin/os-svc-enable-upstart
install -m 0644 -o root -g root $(dirname $0)/../upstart/os-svc-enable.conf /etc/init/os-svc-enable.conf
install -m 0644 -o root -g root $(dirname $0)/../rsyslog.d/25-tripleo-apps.conf /etc/rsyslog.d/25-tripleo-apps.conf
fi
install -m 0755 -o root -g root -d /opt/stack/venvs

3
elements/os-svc-install/rsyslog.d/25-tripleo-apps.conf
View File

@ -1,3 +0,0 @@
# Log each app to its own log file
$template tripleoAppLogFile,"/var/log/%programname%.log"
user.notice ?tripleoAppLogFile

0
elements/os-svc-install/tests/__init__.py
View File

225
elements/os-svc-install/tests/test_os_svc_daemon.py
View File

@ -1,225 +0,0 @@
# Copyright 2014 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import tests.base
class TestOsSvcDaemon(tests.base.ScriptTestBase):
def setUp(self):
super(TestOsSvcDaemon, self).setUp()
self._stub_script('map-services', 'echo $1')
def test_standard_systemd(self):
self._stub_script('dib-init-system', 'echo systemd')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'bar',
'-c', 'baz', 'arg',
])
expected = """[Unit]
Description=foo Service
After=os-refresh-config.service
Requires=foo-create-dir.service
[Service]
ExecStart=/opt/stack/venvs/bar/bin/baz arg
User=bar
[Install]
WantedBy=multi-user.target
Alias=foo.service
[Unit]
Description=Create /var/run/bar
[Service]
ExecStartPre=/bin/mkdir -p /var/run/bar
ExecStartPre=/usr/local/bin/restore-selinux-file-context /var/run/bar
ExecStart=/bin/chown -R bar:bar /var/run/bar
[Install]
RequiredBy=foo.service
"""
self.assertEqual(expected, output)
def test_standard_upstart(self):
self._stub_script('dib-init-system', 'echo upstart')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'bar',
'-c', 'baz', 'a',
])
expected = """start on runlevel [2345]
stop on runlevel [016]
env OS_SVC_ENABLE_CONTROL=1
export OS_SVC_ENABLE_CONTROL
pre-start script
mkdir -p /var/run/bar
chown -R bar:bar /var/run/bar
end script
respawn
# the default post-start of 1 second sleep delays respawning enough to
# not hit the default of 10 times in 5 seconds. Make it 2 times in 10s.
respawn limit 2 10
exec start-stop-daemon --start -c bar --exec /opt/stack/venvs/bar/bin/baz -- a
post-start exec sleep 1
"""
self.assertEqual(expected, output)
def test_dir_only_systemd(self):
self._stub_script('dib-init-system', 'echo systemd')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'bar',
])
expected = """[Unit]
Description=Create /var/run/bar
[Service]
ExecStartPre=/bin/mkdir -p /var/run/bar
ExecStartPre=/usr/local/bin/restore-selinux-file-context /var/run/bar
ExecStart=/bin/chown -R bar:bar /var/run/bar
[Install]
RequiredBy=foo.service
"""
self.assertEqual(expected, output)
def test_dir_only_upstart(self):
self._stub_script('dib-init-system', 'echo upstart')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'bar',
])
expected = """start on runlevel [2345]
stop on runlevel [016]
env OS_SVC_ENABLE_CONTROL=1
export OS_SVC_ENABLE_CONTROL
pre-start script
mkdir -p /var/run/bar
chown -R bar:bar /var/run/bar
end script
"""
self.assertEqual(expected, output)
def test_install_dir_systemd(self):
self._stub_script('dib-init-system', 'echo systemd')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'foo',
'-i', '/test/dir',
'-c', 'foo', 'arg',
])
self.assertIn('ExecStart=/test/dir/bin/foo arg', output)
def test_install_dir_upstart(self):
self._stub_script('dib-init-system', 'echo upstart')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'foo',
'-i', '/test/dir',
'-c', 'foo', 'arg',
])
self.assertIn('--exec /test/dir/bin/foo -- arg', output)
def test_environment_systemd(self):
self._stub_script('dib-init-system', 'echo systemd')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-p',
'-n', 'foo',
'-u', 'foo',
'-e', '"foo=bar"',
'-c', 'foo', 'arg',
])
self.assertIn('Environment="foo=bar"', output)
def test_environment_upstart(self):
self._stub_script('dib-init-system', 'echo upstart')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-p',
'-l',
'-n', 'foo',
'-u', 'foo',
'-e', 'foo=bar',
'-c', 'foo', 'arg',
])
self.assertIn('env foo=bar', output)
def test_post_start_upstart(self):
self._stub_script('dib-init-system', 'echo upstart')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-l',
'-p',
'-n', 'foo',
'-u', 'foo',
'-s', 'bar',
'-c', 'foo', 'arg',
])
self.assertIn('post-start bar', output)
def test_runtime_dir_systemd(self):
self._stub_script('dib-init-system', 'echo systemd')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-p',
'-n', 'foo',
'-u', 'bar',
'-d', 'baz',
'-c', 'foo', 'arg',
])
self.assertIn('ExecStartPre=/bin/mkdir -p /var/run/baz', output)
self.assertIn('ExecStart=/bin/chown -R bar:bar /var/run/baz', output)
def test_runtime_dir_upstart(self):
self._stub_script('dib-init-system', 'echo upstart')
output = self._run_command(
['elements/os-svc-install/bin/os-svc-daemon',
'-p',
'-n', 'foo',
'-u', 'bar',
'-d', 'baz',
'-c', 'foo', 'arg',
])
self.assertIn('mkdir -p /var/run/baz', output)
self.assertIn('chown -R bar:bar /var/run/baz', output)

11
elements/os-svc-install/upstart/os-svc-enable.conf
View File

@ -1,11 +0,0 @@
description "TripleO Service Control Job"
start on starting OS_SVC_ENABLE_CONTROL=1
instance $JOB
task
console none
script
# --no-wait is extremely important as $JOB is already blocked on
# this job. Thus the change to the stop goal will be delayed until
# this job exits.
os-svc-enable-upstart $JOB enabled || exec stop --no-wait $JOB
end script

13
elements/overcloud-partition-uefi/README.rst
View File

@ -1,13 +0,0 @@
overcloud-partition-uefi
========================
overcloud-partition-uefi is an element to add extra security hardening features to
the tripleo images: partition creation. This
element is the equivalent of overcloud-partition one, but is used when needed to
build images that are capable of booting from uefi.
It includes the block-device-default definition, that creates independent
partitions on the overcloud image, allowing those to accomplish the ANSSI
security requirements. Please note that the sizes of the partitions may not
be enough for production usage, they will need to be resized properly after
deployment depending on the available disk size.

153
elements/overcloud-partition-uefi/block-device-default.yaml
View File

@ -1,153 +0,0 @@
- local_loop:
name: image0
- partitioning:
base: image0
label: gpt
partitions:
- name: ESP
type: 'EF00'
size: 16MiB
mkfs:
type: vfat
mount:
mount_point: /boot/efi
fstab:
options: "defaults"
fsck-passno: 2
- name: BSP
type: 'EF02'
size: 8MiB
- name: boot
type: 'BC13C2FF-59E6-4262-A352-B275FD6F7172'
size: 500MiB
mkfs:
type: ext4
mount:
mount_point: /boot
fstab:
options: "defaults"
fsck-passno: 1
- name: root
flags: [ boot ]
# The passed-in DIB_IMAGE_SIZE is 6GiB, 6144MiB
# Otherwise, there is a 2MiB overhead
size: 5618MiB
- lvm:
name: lvm
base: [ root ]
pvs:
- name: pv
base: root
options: [ "--force" ]
vgs:
- name: vg
base: [ "pv" ]
options: [ "--force" ]
lvs:
- name: lv_thinpool
type: thin-pool
base: vg
# 20MiB overhead from root partition size
size: 5044MiB
- name: lv_root
type: thin
thin-pool: lv_thinpool
base: vg
# Volume sizes should be a multiple of 4MiB (1 LVM extent)
# so this is rounded down from 3706MiB
size: 3704MiB
- name: lv_tmp
type: thin
thin-pool: lv_thinpool
base: vg
size: 240MiB
- name: lv_var
type: thin
thin-pool: lv_thinpool
base: vg
size: 952MiB
- name: lv_log
type: thin
thin-pool: lv_thinpool
base: vg
size: 240MiB
- name: lv_audit
type: thin
thin-pool: lv_thinpool
base: vg
size: 192MiB
- name: lv_home
type: thin
thin-pool: lv_thinpool
base: vg
size: 240MiB
- name: lv_srv
type: thin
thin-pool: lv_thinpool
base: vg
size: 48MiB
- mkfs:
name: fs_root
base: lv_root
type: xfs
label: "img-rootfs"
mount:
mount_point: /
fstab:
options: "rw,relatime"
fsck-passno: 1
- mkfs:
name: fs_tmp
base: lv_tmp
type: xfs
mount:
mount_point: /tmp
fstab:
options: "rw,nosuid,nodev,noexec,relatime"
fsck-passno: 2
- mkfs:
name: fs_var
base: lv_var
type: xfs
mount:
mount_point: /var
fstab:
options: "rw,relatime"
fsck-passno: 2
- mkfs:
name: fs_log
base: lv_log
type: xfs
mount:
mount_point: /var/log
fstab:
options: "rw,relatime"
fsck-passno: 2
- mkfs:
name: fs_audit
base: lv_audit
type: xfs
mount:
mount_point: /var/log/audit
fstab:
options: "rw,relatime"
fsck-passno: 2
- mkfs:
name: fs_home
base: lv_home
type: xfs
mount:
mount_point: /home
fstab:
options: "rw,nodev,relatime"
fsck-passno: 2
- mkfs:
name: fs_srv
base: lv_srv
type: xfs
mount:
mount_point: /srv
fstab:
options: "rw,nodev,relatime"
fsck-passno: 2

1
elements/overcloud-partition-uefi/element-deps
View File

@ -1 +0,0 @@
growvols

1
elements/overcloud-partition-uefi/element-provides
View File

@ -1 +0,0 @@
block-device

10
elements/overcloud-partition-uefi/environment.d/15-block-device.bash
View File

@ -1,10 +0,0 @@
#
# Arch gate
#
if [[ "ppc64 ppc64le ppc64el" =~ "$ARCH" ]]; then
echo "overcloud-partition-uefi is not supported on Power"
exit 1
fi
export DIB_BLOCK_DEVICE=efi

11
elements/overcloud-partition-uefi/post-install.d/80-enable-fstrim
View File

@ -1,11 +0,0 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
sed -i "/^OnCalendar=/c\OnCalendar=daily" /usr/lib/systemd/system/fstrim.timer
sed -i "/^Description=/c\Description=Discard unused blocks once a day" /usr/lib/systemd/system/fstrim.timer
systemctl enable fstrim.timer

8
elements/overcloud-partition-uefi/post-install.d/98-enable-tmp-mount
View File

@ -1,8 +0,0 @@
#!/bin/bash
set -eux
# Ensure tmp.mount isn't masked, which is done in cloud images
# such as CentOS-Stream-GenericCloud-8
systemctl unmask tmp.mount
systemctl enable tmp.mount

56
elements/overcloud-partition-uefi/static/usr/lib/udev/rules.d/13-dm-disk.rules
View File

@ -1,56 +0,0 @@
# Copyright (C) 2009 Red Hat, Inc. All rights reserved.
#
# This file is part of LVM2.
# Udev rules for device-mapper devices.
#
# These rules create symlinks in /dev/disk directory.
# Symlinks that depend on probing filesystem type,
# label and uuid are created only if the device is not
# suspended.
# "add" event is processed on coldplug only!
ACTION!="add|change", GOTO="dm_end"
ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="dm_end"
ENV{DM_UDEV_DISABLE_DISK_RULES_FLAG}=="1", GOTO="dm_end"
SYMLINK+="disk/by-id/dm-name-$env{DM_NAME}"
ENV{DM_UUID}=="?*", SYMLINK+="disk/by-id/dm-uuid-$env{DM_UUID}"
ENV{DM_SUSPENDED}=="1", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", GOTO="dm_import"
ENV{DM_NOSCAN}=="1", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", GOTO="dm_import"
ENV{DM_SUSPENDED}=="1", GOTO="dm_end"
ENV{DM_NOSCAN}=="1", GOTO="dm_watch"
IMPORT{builtin}="blkid"
GOTO="dm_link"
LABEL="dm_import"
IMPORT{db}="ID_FS_USAGE"
IMPORT{db}="ID_FS_UUID_ENC"
IMPORT{db}="ID_FS_LABEL_ENC"
IMPORT{db}="ID_PART_ENTRY_NAME"
IMPORT{db}="ID_PART_ENTRY_UUID"
IMPORT{db}="ID_PART_ENTRY_SCHEME"
IMPORT{db}="ID_PART_GPT_AUTO_ROOT"
LABEL="dm_link"
ENV{DM_UDEV_LOW_PRIORITY_FLAG}=="1", OPTIONS="link_priority=-100"
ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}"
ENV{ID_FS_USAGE}=="filesystem|other", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}"
ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}"
ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_GPT_AUTO_ROOT}=="1", SYMLINK+="gpt-auto-root"
# Add inotify watch to track changes on this device.
# Using the watch rule is not optimal - it generates a lot of spurious
# and useless events whenever the device opened for read-write is closed.
# The best would be to generete the event directly in the tool changing
# relevant information so only relevant events will be processed
# (like creating a filesystem, changing filesystem label etc.).
#
# But let's use this until we have something better...
LABEL="dm_watch"
OPTIONS+="watch"
LABEL="dm_end"

5
elements/overcloud-secure/README.rst
View File

@ -1,5 +0,0 @@
overcloud-secure
================
overcloud-secure is an element to add extra security hardening features to
the tripleo images: unsafe package uninstall.

1
elements/overcloud-secure/element-deps
View File

@ -1 +0,0 @@
package-installs

4
elements/overcloud-secure/package-installs.yaml
View File

@ -1,4 +0,0 @@
kexec-tools:
uninstall: True
telnet:
uninstall: True

57
elements/pip-manifest/README.md
View File

@ -1,57 +0,0 @@
Utility element to enable repeatable pip installs
=================================================
Set this element as a dependency to make the utility scripts available,
and then use them as appropriate.
## Usage
This element makes a number of scripts available for use in image building, and
performs actions to copy specified manifests into the image for use in building.
It also copies manifests generated during the build back to the build environment
during cleanup.
## bin
Utility scripts for use in other elements to create and reuse pip manifests,
as detailed in the usage section.
### get-pip-manifest
Echoes the name of the pip manifest file if one has been copied in, or just
returns. The caller passes the name associated with their element, which
should be descriptive of the element, to get the correct value.
For example, the nova element calls `get-pip-manifest nova`.
The name of the element is transformed to conform with bash variable naming
rules, so any charaters that are not [A-Za-z0-9] are replaced with '\_'.
### use-pip-manifest
Uses the given manifest to perform the pip installs necessary.
Note that any development versions listed in the manifest are not reinstalled.
The reason for this is that development versions are expected to have been
installed from a source other than pypi or the mirror in use, and so development
versions will not be reinstallable without extra information.
The exact details with respect to this are for the relevant consuming element to
determine.
### write-pip-manifest
Calls pip freeze and writes the versions of all of the packages currently
installed to a manifest file.
The format of the manifest is the standard python requirements format that is
generated by the "pip freeze" command.
## extra-data.d
### 75-inject-pip-manifests
Copies any pip manifest specified in DIB\_PIP\_MANIFEST\_\* environment variables
into the image chroot environment.
## install.d
### 01-pip-manifest
Installs the scripts in this element into the image for later use by other elements.

26
elements/pip-manifest/bin/get-pip-manifest
View File

@ -1,26 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eux
name=${1:?"Usage: ${0} <name>"}
build_manifest=${DIB_MANIFEST_PIP_DIR}/dib-pip-build-manifest-${name//[^A-Za-z0-9]/_}
if [[ -f "${build_manifest}" ]]; then
echo "${build_manifest}"
fi

27
elements/pip-manifest/bin/use-pip-manifest
View File

@ -1,27 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eux
manifest=${1:?"Usage: ${0} <manifest>"}
# Comment out the dev versions listed, as they may not be reinstallable
sed -i "s/^\(.*[.]dev.*\)$/# \1/g" $manifest
# also dev versions listed via the -e (editable) option
sed -i "s/^\(-e .*\)$/# \1/g" $manifest
pip install --no-deps -r $manifest

24
elements/pip-manifest/bin/write-pip-manifest
View File

@ -1,24 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eux
name=${1:?"Usage: ${0} <name>"}
manifest_name=dib-manifest-pip-${name//[^A-Za-z0-9]/_}
pip freeze -l | tee ${DIB_MANIFEST_PIP_DIR}/${manifest_name}

1
elements/pip-manifest/element-deps
View File

@ -1 +0,0 @@
manifests

20
elements/pip-manifest/environment.d/15-pip-manifests
View File

@ -1,20 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eu
export DIB_MANIFEST_PIP_DIR=${DIB_MANIFEST_PIP_DIR:-${DIB_MANIFEST_IMAGE_DIR}/dib-manifests-pip}

26
elements/pip-manifest/extra-data.d/75-inject-pip-manifests
View File

@ -1,26 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eux
sudo mkdir -p $TMP_MOUNT_PATH/$DIB_MANIFEST_PIP_DIR
# Find all of the pip manifests and copy them into the image for use in install.d
for manifest in ${!DIB_PIP_MANIFEST_*}
do
sudo cp ${!manifest} $TMP_MOUNT_PATH/$DIB_MANIFEST_PIP_DIR/dib-pip-build-manifest-${manifest##DIB_PIP_MANIFEST_}
done

22
elements/pip-manifest/install.d/01-pip-manifest
View File

@ -1,22 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eux
install -m 0755 -o root -g root $(dirname $0)/../bin/get-pip-manifest /usr/local/bin/get-pip-manifest
install -m 0755 -o root -g root $(dirname $0)/../bin/write-pip-manifest /usr/local/bin/write-pip-manifest
install -m 0755 -o root -g root $(dirname $0)/../bin/use-pip-manifest /usr/local/bin/use-pip-manifest

5
elements/realtime-kernel/README.rst
View File

@ -1,5 +0,0 @@
realtime-kernel
===============
realtime-kernel element replaces the default kernel with the realtime
kernel. The appropriate repos must already be enabled.

1
elements/realtime-kernel/element-deps
View File

@ -1 +0,0 @@
package-installs

10
elements/realtime-kernel/install.d/99-remove-default-kernel
View File

@ -1,10 +0,0 @@
#!/bin/bash
set -eux
# Uninstalling the default kernel in chroot might fail, if it is the same
# kernel that runs in the host. Therefore we are forcing it here by
# disabling the protected_packages config.
# The machine suffix is required to not accidentally remove the
# kernel-rt again in case the default kernel is not installed.
yum -v -y --setopt=protected_packages= erase kernel.$(uname -m)

3
elements/realtime-kernel/package-installs.yaml
View File

@ -1,3 +0,0 @@
kernel-rt:
kernel-rt-kvm:
tuned-profiles-nfv-host:

10
elements/reset-bls-entries/README.rst
View File

@ -1,10 +0,0 @@
reset-bls-entries
=================
This is an element which will run a script on first boot to rename
`/boot/loader/entries` filenames to match the new value of `/etc/machine-id`.
This is required for `grub2-mkconfig` calls to incorporate existing values in
the boot loader entry files.
It only runs when first-boot criteria is met, such as when `uninitialized` is
written to `/etc/machine-id`

13
elements/reset-bls-entries/init-scripts/systemd/reset-bls-entries.service
View File

@ -1,13 +0,0 @@
[Unit]
Description=Rename all bootloader entries to match the machine-id
DefaultDependencies=no
After=local-fs.target
ConditionFirstBoot=yes
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/systemd/reset-bls-entries
[Install]
WantedBy=sysinit.target

Some files were not shown because too many files have changed in this diff Show More