Add logically bound images for EDPM services

This change adds logically bound images for use with bootc. This is implementing based on: https://containers.github.io/bootc/logically-bound-images.html Signed-off-by: Brendan Shephard <[email protected]>
openstack-k8s-operators · Dec 2, 2024 · 39bcd79 · 39bcd79
1 parent 1f6b557
commit 39bcd79
Show file tree

Hide file tree

Showing 16 changed files with 780 additions and 28 deletions.
diff --git a/bootc/Containerfile.centos9 b/bootc/Containerfile.centos9
@@ -4,34 +4,64 @@ RUN rm -rf /etc/yum.repos.d/*.repo
 COPY output/yum.repos.d /etc/yum.repos.d
 
 ARG PACKAGES="\
-bind-utils \
-buildah \
-cephadm \
-chrony \
-cloud-init \
-crudini \
-crypto-policies-scripts \
-device-mapper-multipath \
-driverctl \
-grubby \
-iproute-tc \
-iptables-services \
-iscsi-initiator-utils \
-jq \
-lvm2 \
-nftables \
-numactl \
-openssh-server \
-openstack-selinux \
-openvswitch \
-os-net-config \
-podman \
-python3-libselinux \
-python3-pyyaml \
-rsync \
-tmpwatch \
-tuned-profiles-cpu-partitioning \
-sysstat"
+	bind-utils \
+	buildah \
+	cephadm \
+	chrony \
+	cloud-init \
+	crudini \
+	crypto-policies-scripts \
+	device-mapper-multipath \
+	driverctl \
+	grubby \
+	iproute-tc \
+	iptables-services \
+	iscsi-initiator-utils \
+	jq \
+	lvm2 \
+	NetworkManager-ovs \
+	nftables \
+	numactl \
+	openssh-server \
+	openstack-selinux \
+	openvswitch \
+	os-net-config \
+	podman \
+	python3-libselinux \
+	python3-pyyaml \
+	rsync \
+	sysstat \
+	tmpwatch \
+	tuned-profiles-cpu-partitioning"
+
 ARG ENABLE_UNITS="openvswitch"
 
 RUN dnf -y update && dnf -y install $PACKAGES && dnf clean all && systemctl enable $ENABLE_UNITS
+
+# Template systemd service for services
+COPY embedded-services/quadlets/systemd/service-template.kube /usr/share/containers/systemd/[email protected]
+
+## Service specific quadlets
+COPY embedded-services/quadlets/ovn-controller/ovn_controller.yaml /usr/share/containers/systemd/ovn_controller.yaml
+COPY embedded-services/quadlets/ovn-controller/ovn_controller.image /usr/share/containers/systemd/ovn_controller.image
+COPY embedded-services/quadlets/iscsid/iscsid.yaml /usr/share/containers/systemd/iscsid.yaml
+COPY embedded-services/quadlets/iscsid/iscsid.image /usr/share/containers/systemd/iscsid.image
+COPY embedded-services/quadlets/nova_compute/nova_compute.yaml /usr/share/containers/systemd/nova_compute.yaml
+COPY embedded-services/quadlets/nova_compute/nova_compute.image /usr/share/containers/systemd/nova_compute.image
+COPY embedded-services/quadlets/ovn_metadata_agent/ovn_metadata_agent.yaml /usr/share/containers/systemd/ovn_metadata_agent.yaml
+COPY embedded-services/quadlets/ovn_metadata_agent/ovn_metadata_agent.image /usr/share/containers/systemd/ovn_metadata_agent.image
+COPY embedded-services/quadlets/logrotate_crond/logrotate_crond.yaml /usr/share/containers/systemd/logrotate_crond.yaml
+COPY embedded-services/quadlets/logrotate_crond/logrotate_crond.image /usr/share/containers/systemd/logrotate_crond.image
+COPY embedded-services/quadlets/multipathd/multipathd.yaml /usr/share/containers/systemd/multipathd.yaml
+COPY embedded-services/quadlets/multipathd/multipathd.image /usr/share/containers/systemd/multipathd.image
+COPY embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.yaml /usr/share/containers/systemd/ceilometer_agent_compute.yaml
+COPY embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.image /usr/share/containers/systemd/ceilometer_agent_compute.image
+
+# Pre-cache containers for each service
+RUN podman pull quay.io/podified-antelope-centos9/openstack-ceilometer-compute:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-iscsid:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-cron:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-multipathd:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-ovn-controller:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified
diff --git a/bootc/embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.image b/bootc/embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.image
@@ -0,0 +1,5 @@
+[install]
+WantedBy=edpm-compute@ceilometer_agent_compute.service
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-ceilometer-compute:current-podified
diff --git a/bootc/embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.yaml b/bootc/embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.yaml
@@ -0,0 +1,80 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options: /var/lib/openstack/cacerts/telemetry/tls-ca-bundle.pem:z
+  creationTimestamp: "2024-11-21T04:54:58Z"
+  labels:
+    app: ceilometeragentcompute-pod
+  name: ceilometeragentcompute-pod
+spec:
+  containers:
+  - args:
+    - kolla_start
+    env:
+    - name: KOLLA_CONFIG_STRATEGY
+      value: COPY_ALWAYS
+    - name: OS_ENDPOINT_TYPE
+      value: internal
+    image: quay.io/podified-antelope-centos9/openstack-ceilometer-compute:current-podified
+    name: ceilometeragentcompute
+    securityContext:
+      runAsGroup: 42405
+      runAsUser: 42405
+      seLinuxOptions:
+        type: ceilometer_polling_t
+    volumeMounts:
+    - mountPath: /openstack
+      name: var-lib-openstack-healthchecks-ceilometer_agent_compute-host-0
+      readOnly: true
+    - mountPath: /run/libvirt
+      name: run-libvirt-host-2
+      readOnly: true
+    - mountPath: /dev/log
+      name: dev-log-host-3
+    - mountPath: /var/lib/kolla/config_files/config.json
+      name: var-lib-openstack-config-telemetry-ceilometer-agent-compute.json-host-6
+    - mountPath: /etc/hosts
+      name: etc-hosts-host-7
+      readOnly: true
+    - mountPath: /var/lib/openstack/config/
+      name: var-lib-openstack-config-telemetry-host-8
+    - mountPath: /etc/localtime
+      name: etc-localtime-host-9
+      readOnly: true
+  hostNetwork: true
+  hostname: edpm-compute-0
+  volumes:
+  - hostPath:
+      path: /var/lib/openstack/healthchecks/ceilometer_agent_compute
+      type: Directory
+    name: var-lib-openstack-healthchecks-ceilometer_agent_compute-host-0
+  - hostPath:
+      path: /run/libvirt
+      type: Directory
+    name: run-libvirt-host-2
+  - hostPath:
+      path: /dev/log
+      type: File
+    name: dev-log-host-3
+  - hostPath:
+      path: /etc/pki/ca-trust/source/anchors
+      type: Directory
+    name: etc-pki-ca-trust-source-anchors-host-4
+  - hostPath:
+      path: /var/lib/openstack/config/telemetry/ceilometer-agent-compute.json
+      type: File
+    name: var-lib-openstack-config-telemetry-ceilometer-agent-compute.json-host-6
+  - hostPath:
+      path: /etc/hosts
+      type: File
+    name: etc-hosts-host-7
+  - hostPath:
+      path: /var/lib/openstack/config/telemetry
+      type: Directory
+    name: var-lib-openstack-config-telemetry-host-8
+  - hostPath:
+      path: /etc/localtime
+      type: File
+    name: etc-localtime-host-9
diff --git a/bootc/embedded-services/quadlets/iscsid/iscsid.image b/bootc/embedded-services/quadlets/iscsid/iscsid.image
@@ -0,0 +1,5 @@
+[install]
+[email protected]
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-iscsid:current-podified
diff --git a/bootc/embedded-services/quadlets/iscsid/iscsid.yaml b/bootc/embedded-services/quadlets/iscsid/iscsid.yaml
@@ -0,0 +1,103 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options: /var/lib/openstack/healthchecks/iscsid:z
+  creationTimestamp: "2024-11-20T02:16:18Z"
+  labels:
+    app: iscsid-pod
+  name: iscsid-pod
+spec:
+  containers:
+  - args:
+    - kolla_start
+    env:
+    - name: KOLLA_CONFIG_STRATEGY
+      value: COPY_ALWAYS
+    image: quay.io/podified-antelope-centos9/openstack-iscsid@sha256:4c9b5389a2564388e7a862d5756c37dc7d9739472b8d822dd6faae868a483a2d
+    name: iscsid
+    securityContext:
+      privileged: true
+      procMount: Unmasked
+    volumeMounts:
+    - mountPath: /etc/target
+      name: etc-target-host-1
+    - mountPath: /sys
+      name: sys-host-3
+    - mountPath: /dev/log
+      name: dev-log-host-4
+    - mountPath: /lib/modules
+      name: lib-modules-host-5
+      readOnly: true
+    - mountPath: /var/lib/iscsi
+      name: var-lib-iscsi-host-6
+    - mountPath: /etc/hosts
+      name: etc-hosts-host-7
+      readOnly: true
+    - mountPath: /etc/localtime
+      name: etc-localtime-host-8
+      readOnly: true
+    - mountPath: /var/lib/kolla/config_files/config.json
+      name: var-lib-kolla-config_files-iscsid.json-host-12
+      readOnly: true
+    - mountPath: /etc/iscsi
+      name: etc-iscsi-host-13
+    - mountPath: /run
+      name: run-host-14
+    - mountPath: /dev
+      name: dev-host-15
+    - mountPath: /openstack
+      name: var-lib-openstack-healthchecks-iscsid-host-16
+      readOnly: true
+  hostNetwork: true
+  hostname: edpm-compute-0
+  volumes:
+  - hostPath:
+      path: /etc/target
+      type: Directory
+    name: etc-target-host-1
+  - hostPath:
+      path: /sys
+      type: Directory
+    name: sys-host-3
+  - hostPath:
+      path: /dev/log
+      type: File
+    name: dev-log-host-4
+  - hostPath:
+      path: /lib/modules
+      type: Directory
+    name: lib-modules-host-5
+  - hostPath:
+      path: /var/lib/iscsi
+      type: Directory
+    name: var-lib-iscsi-host-6
+  - hostPath:
+      path: /etc/hosts
+      type: File
+    name: etc-hosts-host-7
+  - hostPath:
+      path: /etc/localtime
+      type: File
+    name: etc-localtime-host-8
+  - hostPath:
+      path: /var/lib/kolla/config_files/iscsid.json
+      type: File
+    name: var-lib-kolla-config_files-iscsid.json-host-12
+  - hostPath:
+      path: /etc/iscsi
+      type: Directory
+    name: etc-iscsi-host-13
+  - hostPath:
+      path: /run
+      type: Directory
+    name: run-host-14
+  - hostPath:
+      path: /dev
+      type: Directory
+    name: dev-host-15
+  - hostPath:
+      path: /var/lib/openstack/healthchecks/iscsid
+      type: Directory
+    name: var-lib-openstack-healthchecks-iscsid-host-16
diff --git a/bootc/embedded-services/quadlets/logrotate_crond/logrotate_crond.image b/bootc/embedded-services/quadlets/logrotate_crond/logrotate_crond.image
@@ -0,0 +1,5 @@
+[install]
+WantedBy=edpm-compute@logrotate_crond.service
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-cron:current-podified
diff --git a/bootc/embedded-services/quadlets/logrotate_crond/logrotate_crond.yaml b/bootc/embedded-services/quadlets/logrotate_crond/logrotate_crond.yaml
@@ -0,0 +1,76 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options: /var/lib/openstack/healthchecks/logrotate_crond:z
+  creationTimestamp: "2024-11-21T04:43:22Z"
+  labels:
+    app: logrotatecrond-pod
+  name: logrotatecrond-pod
+spec:
+  containers:
+  - args:
+    - kolla_start
+    env:
+    - name: KOLLA_CONFIG_STRATEGY
+      value: COPY_ALWAYS
+    - name: EDPM_CONFIG_HASH
+      value: dbeb85a6e8c49962f43cd1b33d267c56e4fc2875277fdec63dde667651963664
+    image: quay.io/podified-antelope-centos9/openstack-cron:current-podified
+    name: logrotatecrond
+    securityContext:
+      privileged: true
+      procMount: Unmasked
+    volumeMounts:
+    - mountPath: /dev/log
+      name: dev-log-host-2
+    - mountPath: /var/lib/kolla/config_files/src
+      name: var-lib-config-data-ansible-generated-crond-host-3
+      readOnly: true
+    - mountPath: /var/log/containers
+      name: var-log-containers-host-4
+    - mountPath: /etc/localtime
+      name: etc-localtime-host-7
+      readOnly: true
+    - mountPath: /etc/hosts
+      name: etc-hosts-host-9
+      readOnly: true
+    - mountPath: /var/lib/kolla/config_files/config.json
+      name: var-lib-kolla-config_files-logrotate_crond.json-host-10
+      readOnly: true
+    - mountPath: /openstack
+      name: var-lib-openstack-healthchecks-logrotate_crond-host-11
+      readOnly: true
+  volumes:
+  - hostPath:
+      path: /dev/log
+      type: File
+    name: dev-log-host-2
+  - hostPath:
+      path: /var/lib/config-data/ansible-generated/crond
+      type: Directory
+    name: var-lib-config-data-ansible-generated-crond-host-3
+  - hostPath:
+      path: /var/log/containers
+      type: Directory
+    name: var-log-containers-host-4
+  - hostPath:
+      path: /etc/pki/tls/certs/ca-bundle.crt
+      type: File
+  - hostPath:
+      path: /etc/localtime
+      type: File
+    name: etc-localtime-host-7
+  - hostPath:
+      path: /etc/hosts
+      type: File
+    name: etc-hosts-host-9
+  - hostPath:
+      path: /var/lib/kolla/config_files/logrotate_crond.json
+      type: File
+    name: var-lib-kolla-config_files-logrotate_crond.json-host-10
+  - hostPath:
+      path: /var/lib/openstack/healthchecks/logrotate_crond
+      type: Directory
+    name: var-lib-openstack-healthchecks-logrotate_crond-host-11
diff --git a/bootc/embedded-services/quadlets/multipathd/multipathd.image b/bootc/embedded-services/quadlets/multipathd/multipathd.image
@@ -0,0 +1,5 @@
+[install]
+[email protected]
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-multipathd:current-podified