From d43d3fce86040f6b7e190d83380e6f7106260202 Mon Sep 17 00:00:00 2001 From: Bernard Cafarelli Date: Thu, 23 Nov 2017 18:45:34 +0100 Subject: [PATCH] Rework amphora agent installation element Merge source and RHEL elements, allowing both source and package based installations. Allow amphora agent install from distribution packages (not limited to RHEL) Add a new option to diskimage-create.sh script to do so (default is kept to source installation from Octavia git tree) For now, amphorae built with distribution packages will have SELinux (when available) running in permissive mode. Made the rebind-sshd element generic to streamline the script Use POSIX syntax for logrotate kill command Change-Id: I391b2a95d54c7b9fd8f31d3e2c136ff9cc3451f1 --- diskimage-create/README.rst | 31 ++++++++++++++ diskimage-create/diskimage-create.sh | 42 +++++++++---------- elements/amphora-agent-rhel/README.rst | 1 - elements/amphora-agent-rhel/element-deps | 1 - .../amphora-agent-rhel/package-installs.yaml | 1 - .../11-enable-octavia-amphora-agent-systemd | 9 ---- elements/amphora-agent/README.rst | 5 +++ elements/amphora-agent/element-deps | 3 +- .../install.d/75-run_setup_install | 18 -------- .../75-amphora-agent-install | 37 ++++++++++++++++ .../amphora-agent.conf | 0 .../amphora-agent.init} | 0 .../amphora-agent.logrotate | 14 +++++++ .../amphora-agent.service | 0 elements/amphora-agent/package-installs.yaml | 6 +++ elements/amphora-agent/pkg-map | 10 +++++ .../11-enable-amphora-agent-systemd | 5 ++- .../source-repository-amphora-agent | 2 +- .../static/etc/logrotate.d/amphora-agent | 12 ------ elements/amphora-agent/svc-map | 1 + .../finalise.d/98-rebind-sshd-after-dhcp | 9 +++- 21 files changed, 136 insertions(+), 71 deletions(-) delete mode 100644 elements/amphora-agent-rhel/README.rst delete mode 100644 elements/amphora-agent-rhel/element-deps delete mode 100644 elements/amphora-agent-rhel/package-installs.yaml delete mode 100755 elements/amphora-agent-rhel/post-install.d/11-enable-octavia-amphora-agent-systemd delete mode 100755 elements/amphora-agent/install.d/75-run_setup_install create mode 100755 elements/amphora-agent/install.d/amphora-agent-source-install/75-amphora-agent-install rename elements/amphora-agent/{init-scripts/upstart => install.d/amphora-agent-source-install}/amphora-agent.conf (100%) rename elements/amphora-agent/{init-scripts/sysv/amphora-agent => install.d/amphora-agent-source-install/amphora-agent.init} (100%) create mode 100644 elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.logrotate rename elements/amphora-agent/{init-scripts/systemd => install.d/amphora-agent-source-install}/amphora-agent.service (100%) create mode 100644 elements/amphora-agent/pkg-map delete mode 100644 elements/amphora-agent/static/etc/logrotate.d/amphora-agent diff --git a/diskimage-create/README.rst b/diskimage-create/README.rst index 5d2521b4fe..2b5c85c194 100644 --- a/diskimage-create/README.rst +++ b/diskimage-create/README.rst @@ -85,6 +85,7 @@ Command syntax: '-i' is the base OS (default: ubuntu) '-n' disable sshd (default: enabled) '-o' is the output image file name + '-p' install amphora-agent from distribution packages (default: disabled)" '-r' enable the root account in the generated image (default: disabled) '-s' is the image size to produce in gigabytes (default: 2) '-t' is the image type (default: qcow2) @@ -130,6 +131,36 @@ OCTAVIA_REPO_PATH - Default: - Reference: https://github.com/openstack/octavia +Using distribution packages for amphora agent +--------------------------------------------- +By default, amphora agent is installed from Octavia Git repository. +To use distribution packages, use the "-p" option. + +Note this needs a base system image with the required repositories enabled (for +example RDO repositories for CentOS/Fedora). One of these variables must be +set: + +DIB_LOCAL_IMAGE + - Path to the locally downloaded image + - Default: None + +DIB_CLOUD_IMAGES + - Directory base URL to download the image from + - Default: depends on the distribution + +For example to build a CentOS 7 amphora with Pike RPM packages: +.. code:: bash + + # Get image + $ wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2 + + # Add repository + $ virt-customize -a CentOS-7-x86_64-GenericCloud.qcow2 --selinux-relabel --run-command 'yum install -y centos-release-openstack-pike' + + # Point to modified image and run script + $ export DIB_LOCAL_IMAGE=/home/stack/CentOS-7-x86_64-GenericCloud.qcow2 + $ ./diskimage-create.sh -p -i centos + RHEL specific variables ------------------------ Building a RHEL-based image requires: diff --git a/diskimage-create/diskimage-create.sh b/diskimage-create/diskimage-create.sh index 29f1eb190a..e309287676 100755 --- a/diskimage-create/diskimage-create.sh +++ b/diskimage-create/diskimage-create.sh @@ -23,11 +23,12 @@ usage() { echo " [-a i386 | **amd64** | armhf ]" echo " [-b **haproxy** ]" echo " [-c **~/.cache/image-create** | ]" - echo " [-d **xenial** | trusty | ]" + echo " [-d **xenial**/**7** | trusty | ]" echo " [-h]" echo " [-i **ubuntu** | fedora | centos | rhel ]" echo " [-n]" echo " [-o **amphora-x64-haproxy** | ]" + echo " [-p]" echo " [-r ]" echo " [-s **2** | ]" echo " [-t **qcow2** | tar | vhd ]" @@ -42,6 +43,7 @@ usage() { echo " '-i' is the base OS (default: ubuntu)" echo " '-n' disable sshd (default: enabled)" echo " '-o' is the output image file name" + echo " '-p' install amphora-agent from distribution packages (default: disabled)" echo " '-r' enable the root account in the generated image (default: disabled)" echo " '-s' is the image size to produce in gigabytes (default: 2)" echo " '-t' is the image type (default: qcow2)" @@ -76,7 +78,7 @@ if [ -z $OCTAVIA_REPO_PATH ]; then fi dib_enable_tracing= -while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do +while getopts "a:b:c:d:hi:no:pt:r:s:vw:x" opt; do case $opt in a) AMP_ARCH=$OPTARG @@ -120,6 +122,9 @@ while getopts "a:b:c:d:hi:no:t:r:s:vw:x" opt; do o) AMP_OUTPUTFILENAME=$(readlink -f $OPTARG) ;; + p) + export DIB_INSTALLTYPE_amphora_agent=package + ;; t) AMP_IMAGETYPE=$OPTARG if [ $AMP_IMAGETYPE != "qcow2" ] && \ @@ -169,8 +174,8 @@ AMP_BASEOS=${AMP_BASEOS:-"ubuntu"} if [ "$AMP_BASEOS" = "ubuntu" ]; then export DIB_RELEASE=${AMP_DIB_RELEASE:-"xenial"} -else - export DIB_RELEASE=${AMP_DIB_RELEASE} +elif [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then + export DIB_RELEASE=${AMP_DIB_RELEASE:-"7"} fi AMP_OUTPUTFILENAME=${AMP_OUTPUTFILENAME:-"$PWD/amphora-x64-haproxy"} @@ -299,14 +304,11 @@ pushd $TEMP > /dev/null # Setup the elements list -if [ "$AMP_BASEOS" = "ubuntu" ]; then - AMP_element_sequence=${AMP_element_sequence:-"base vm ubuntu"} -elif [ "$AMP_BASEOS" = "fedora" ]; then - AMP_element_sequence=${AMP_element_sequence:-"base vm fedora selinux-permissive"} -elif [ "$AMP_BASEOS" = "centos" ]; then - AMP_element_sequence=${AMP_element_sequence:-"base vm centos7 selinux-permissive"} -elif [ "$AMP_BASEOS" = "rhel" ]; then - AMP_element_sequence=${AMP_element_sequence:-"base vm rhel7 selinux-permissive"} +AMP_element_sequence=${AMP_element_sequence:-"base vm"} +if [ "${AMP_BASEOS}" = "centos" ] || [ "${AMP_BASEOS}" = "rhel" ]; then + AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}${DIB_RELEASE}" +else + AMP_element_sequence="$AMP_element_sequence ${AMP_BASEOS}" fi # Add our backend element (haproxy, etc.) @@ -318,17 +320,11 @@ if [ "$AMP_ROOTPW" ]; then fi # Add the Amphora Agent and Pyroute elements -if [ "$AMP_BASEOS" = "ubuntu" ]; then - AMP_element_sequence="$AMP_element_sequence rebind-sshd" - AMP_element_sequence="$AMP_element_sequence no-resolvconf" - AMP_element_sequence="$AMP_element_sequence amphora-agent" -elif [ "$AMP_BASEOS" = "rhel" ]; then - AMP_element_sequence="$AMP_element_sequence no-resolvconf" - AMP_element_sequence="$AMP_element_sequence amphora-agent-rhel" -else - AMP_element_sequence="$AMP_element_sequence no-resolvconf" - AMP_element_sequence="$AMP_element_sequence amphora-agent" -fi +AMP_element_sequence="$AMP_element_sequence rebind-sshd" +AMP_element_sequence="$AMP_element_sequence no-resolvconf" +AMP_element_sequence="$AMP_element_sequence amphora-agent" +#TODO(bcafarel): make this conditional +AMP_element_sequence="$AMP_element_sequence selinux-permissive" # Add keepalived-octavia element AMP_element_sequence="$AMP_element_sequence keepalived-octavia" diff --git a/elements/amphora-agent-rhel/README.rst b/elements/amphora-agent-rhel/README.rst deleted file mode 100644 index 115c2c22c9..0000000000 --- a/elements/amphora-agent-rhel/README.rst +++ /dev/null @@ -1 +0,0 @@ -Element to install an Octavia Amphora agent on RHEL systems. diff --git a/elements/amphora-agent-rhel/element-deps b/elements/amphora-agent-rhel/element-deps deleted file mode 100644 index 7076aba945..0000000000 --- a/elements/amphora-agent-rhel/element-deps +++ /dev/null @@ -1 +0,0 @@ -package-installs diff --git a/elements/amphora-agent-rhel/package-installs.yaml b/elements/amphora-agent-rhel/package-installs.yaml deleted file mode 100644 index abf6c8f913..0000000000 --- a/elements/amphora-agent-rhel/package-installs.yaml +++ /dev/null @@ -1 +0,0 @@ -openstack-octavia-amphora-agent: diff --git a/elements/amphora-agent-rhel/post-install.d/11-enable-octavia-amphora-agent-systemd b/elements/amphora-agent-rhel/post-install.d/11-enable-octavia-amphora-agent-systemd deleted file mode 100755 index 4697a56ec1..0000000000 --- a/elements/amphora-agent-rhel/post-install.d/11-enable-octavia-amphora-agent-systemd +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then - set -x -fi -set -eu -set -o pipefail - -systemctl enable octavia-amphora-agent diff --git a/elements/amphora-agent/README.rst b/elements/amphora-agent/README.rst index 2b6ca5f60d..3c20dfe99e 100644 --- a/elements/amphora-agent/README.rst +++ b/elements/amphora-agent/README.rst @@ -1,3 +1,8 @@ Element to install an Octavia Amphora agent. +By default, it installs the agent from source. To enable installation from +distribution repositories, define the following: + export DIB_INSTALLTYPE_amphora_agent=package +Note: this requires a system base image modified to include OpenStack +repositories diff --git a/elements/amphora-agent/element-deps b/elements/amphora-agent/element-deps index d253c6b66e..66bcd50a0e 100644 --- a/elements/amphora-agent/element-deps +++ b/elements/amphora-agent/element-deps @@ -1,5 +1,6 @@ dib-init-system -install-static package-installs +pkg-map pip-and-virtualenv source-repositories +svc-map diff --git a/elements/amphora-agent/install.d/75-run_setup_install b/elements/amphora-agent/install.d/75-run_setup_install deleted file mode 100755 index 98216999ff..0000000000 --- a/elements/amphora-agent/install.d/75-run_setup_install +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then - set -x -fi -set -eu -set -o pipefail - -pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent - -# Accommodate centos default install location -ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true - -mkdir /etc/octavia -# we assume certs, etc will come in through the config drive -mkdir /etc/octavia/certs -mkdir -p /var/lib/octavia - diff --git a/elements/amphora-agent/install.d/amphora-agent-source-install/75-amphora-agent-install b/elements/amphora-agent/install.d/amphora-agent-source-install/75-amphora-agent-install new file mode 100755 index 0000000000..060b8917a3 --- /dev/null +++ b/elements/amphora-agent/install.d/amphora-agent-source-install/75-amphora-agent-install @@ -0,0 +1,37 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +SCRIPTDIR=$(dirname $0) + +pip install -U -c /opt/upper-constraints.txt /opt/amphora-agent + +# Accommodate centos default install location +ln -s /bin/amphora-agent /usr/local/bin/amphora-agent || true + +mkdir /etc/octavia +# we assume certs, etc will come in through the config drive +mkdir /etc/octavia/certs +mkdir -p /var/lib/octavia + +install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.logrotate /etc/logrotate.d/amphora-agent + +case "$DIB_INIT_SYSTEM" in + upstart) + install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.conf /etc/init/amphora-agent.conf + ;; + systemd) + install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.service /usr/lib/systemd/system/amphora-agent.service + ;; + sysv) + install -D -g root -o root -m 0644 ${SCRIPTDIR}/amphora-agent.init /etc/init.d/amphora-agent.init + ;; + *) + echo "Unsupported init system" + exit 1 + ;; +esac diff --git a/elements/amphora-agent/init-scripts/upstart/amphora-agent.conf b/elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.conf similarity index 100% rename from elements/amphora-agent/init-scripts/upstart/amphora-agent.conf rename to elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.conf diff --git a/elements/amphora-agent/init-scripts/sysv/amphora-agent b/elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.init similarity index 100% rename from elements/amphora-agent/init-scripts/sysv/amphora-agent rename to elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.init diff --git a/elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.logrotate b/elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.logrotate new file mode 100644 index 0000000000..c2b87642dd --- /dev/null +++ b/elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.logrotate @@ -0,0 +1,14 @@ +/var/log/amphora-agent.log { + daily + rotate 10 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + # Signal name shall not have the SIG prefix in kill command + # http://pubs.opengroup.org/onlinepubs/9699919799/utilities/kill.html + kill -s USR1 $(cat /var/run/amphora-agent.pid) + endscript +} diff --git a/elements/amphora-agent/init-scripts/systemd/amphora-agent.service b/elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.service similarity index 100% rename from elements/amphora-agent/init-scripts/systemd/amphora-agent.service rename to elements/amphora-agent/install.d/amphora-agent-source-install/amphora-agent.service diff --git a/elements/amphora-agent/package-installs.yaml b/elements/amphora-agent/package-installs.yaml index 83a8c7ccce..5f7ac337d2 100644 --- a/elements/amphora-agent/package-installs.yaml +++ b/elements/amphora-agent/package-installs.yaml @@ -1,4 +1,10 @@ +amphora-agent: + installtype: package build-essential: + installtype: source libffi-dev: + installtype: source libssl-dev: + installtype: source python-dev: + installtype: source diff --git a/elements/amphora-agent/pkg-map b/elements/amphora-agent/pkg-map new file mode 100644 index 0000000000..92b1622291 --- /dev/null +++ b/elements/amphora-agent/pkg-map @@ -0,0 +1,10 @@ +{ + "family": { + "redhat": { + "amphora-agent": "openstack-octavia-amphora-agent" + } + }, + "default": { + "amphora-agent": "amphora-agent" + } +} diff --git a/elements/amphora-agent/post-install.d/11-enable-amphora-agent-systemd b/elements/amphora-agent/post-install.d/11-enable-amphora-agent-systemd index 4135231a7f..65fb85f3d2 100755 --- a/elements/amphora-agent/post-install.d/11-enable-amphora-agent-systemd +++ b/elements/amphora-agent/post-install.d/11-enable-amphora-agent-systemd @@ -3,9 +3,10 @@ if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then set -x fi + set -eu set -o pipefail -if [[ -f /bin/systemctl ]]; then - /bin/systemctl enable amphora-agent +if [ "$DIB_INIT_SYSTEM" == "systemd" ]; then + systemctl enable $(svc-map amphora-agent) fi diff --git a/elements/amphora-agent/source-repository-amphora-agent b/elements/amphora-agent/source-repository-amphora-agent index 50bcb72f05..491aabe478 100644 --- a/elements/amphora-agent/source-repository-amphora-agent +++ b/elements/amphora-agent/source-repository-amphora-agent @@ -1,3 +1,3 @@ -# This is temporary until we have a pip package +# This is used for source-based builds amphora-agent git /opt/amphora-agent https://git.openstack.org/openstack/octavia upper-constraints file /opt/upper-constraints.txt https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt diff --git a/elements/amphora-agent/static/etc/logrotate.d/amphora-agent b/elements/amphora-agent/static/etc/logrotate.d/amphora-agent deleted file mode 100644 index e54a76a062..0000000000 --- a/elements/amphora-agent/static/etc/logrotate.d/amphora-agent +++ /dev/null @@ -1,12 +0,0 @@ -/var/log/amphora-agent.log { - daily - rotate 10 - missingok - notifempty - compress - delaycompress - sharedscripts - postrotate - kill -s SIGUSR1 $(cat /var/run/amphora-agent.pid) - endscript -} diff --git a/elements/amphora-agent/svc-map b/elements/amphora-agent/svc-map index b850c874db..dc1cc5685f 100644 --- a/elements/amphora-agent/svc-map +++ b/elements/amphora-agent/svc-map @@ -1,2 +1,3 @@ amphora-agent: default: amphora-agent + redhat: octavia-amphora-agent diff --git a/elements/rebind-sshd/finalise.d/98-rebind-sshd-after-dhcp b/elements/rebind-sshd/finalise.d/98-rebind-sshd-after-dhcp index b0cb46feec..45af3a1574 100755 --- a/elements/rebind-sshd/finalise.d/98-rebind-sshd-after-dhcp +++ b/elements/rebind-sshd/finalise.d/98-rebind-sshd-after-dhcp @@ -1,5 +1,9 @@ #!/bin/bash -echo '#!/bin/sh + +# isc dhcpd specific section +if [[ $DISTRO_NAME = "ubuntu" || $DISTRO_NAME = "debian" ]]; then + + echo '#!/bin/sh if [ "$reason" = "BOUND" ]; then if `grep -q "#ListenAddress 0.0.0.0" /etc/ssh/sshd_config`; then /bin/sed -i "s/^#ListenAddress 0.0.0.0.*$/ListenAddress $new_ip_address/g" /etc/ssh/sshd_config @@ -8,4 +12,5 @@ if [ "$reason" = "BOUND" ]; then fi fi fi' > /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd -chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd + chmod +x /etc/dhcp/dhclient-enter-hooks.d/rebind-sshd +fi