From 7ff0ba880b45610e9e40692a37a9c5fec83ebe4d Mon Sep 17 00:00:00 2001 From: Trung Thai Date: Wed, 10 Jul 2019 23:32:45 -0400 Subject: [PATCH] Initial commit of mysqlclient-utility container. Utility containers shall act as an interface to an Airship environment and shall enable them to perform routine operational and debugging activities. Utility containers shall enable Operations to seamlessly support Airship environment without exposing secrets and credentials, and at the same time restricting the access to actual containers. This container allows users access to MariaDB pods remotely to perform db functions. Authorized users will able to run db queries through 'utilscli' helper. Change-Id: I72f5f202b094de9733c13b6a5a6ce3d29205b574 --- .zuul.yaml | 3 - .../Dockerfile.ubuntu_xenial | 28 +++ Dockerfiles/mysqlclient-utility/build.sh | 19 ++ install_mysqlclient_utility.sh | 19 ++ mysqlclient-utility/Chart.yaml | 18 ++ mysqlclient-utility/README.md | 237 ++++++++++++++++++ mysqlclient-utility/requirements.yaml | 18 ++ .../templates/bin/_bootstrap.sh.tpl | 19 ++ .../templates/bin/_start.sh.tpl | 34 +++ .../templates/bin/_utilscli-sudo.tpl | 16 ++ .../utility/_mysqlclient-utility-rootwrap.tpl | 49 ++++ .../templates/bin/utility/_utilscli.tpl | 17 ++ .../templates/configmap-bin.yaml | 48 ++++ .../templates/configmap-etc-client.yaml | 30 +++ .../templates/configmap-etc-sudoers.yaml | 27 ++ .../templates/deployment-utility.yaml | 143 +++++++++++ .../templates/tests/check-mysql-client.yaml | 26 ++ mysqlclient-utility/values.yaml | 161 ++++++++++++ tools/gate/playbooks/docker-image-upload.yaml | 112 +++++++++ .../gate/playbooks/files/docker-systemd.conf | 8 + tools/gate/playbooks/vars.yaml | 19 ++ tools/gate/playbooks/zuul-linter.yaml | 4 +- zuul.d/base.yaml | 67 +++++ zuul.d/mysqlclient-utility.yaml | 75 ++++++ 24 files changed, 1192 insertions(+), 5 deletions(-) delete mode 100644 .zuul.yaml create mode 100644 Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial create mode 100644 Dockerfiles/mysqlclient-utility/build.sh create mode 100755 install_mysqlclient_utility.sh create mode 100644 mysqlclient-utility/Chart.yaml create mode 100644 mysqlclient-utility/README.md create mode 100644 mysqlclient-utility/requirements.yaml create mode 100644 mysqlclient-utility/templates/bin/_bootstrap.sh.tpl create mode 100644 mysqlclient-utility/templates/bin/_start.sh.tpl create mode 100644 mysqlclient-utility/templates/bin/_utilscli-sudo.tpl create mode 100644 mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl create mode 100644 mysqlclient-utility/templates/bin/utility/_utilscli.tpl create mode 100644 mysqlclient-utility/templates/configmap-bin.yaml create mode 100644 mysqlclient-utility/templates/configmap-etc-client.yaml create mode 100644 mysqlclient-utility/templates/configmap-etc-sudoers.yaml create mode 100644 mysqlclient-utility/templates/deployment-utility.yaml create mode 100644 mysqlclient-utility/templates/tests/check-mysql-client.yaml create mode 100644 mysqlclient-utility/values.yaml create mode 100644 tools/gate/playbooks/docker-image-upload.yaml create mode 100644 tools/gate/playbooks/files/docker-systemd.conf create mode 100644 tools/gate/playbooks/vars.yaml create mode 100644 zuul.d/base.yaml create mode 100644 zuul.d/mysqlclient-utility.yaml diff --git a/.zuul.yaml b/.zuul.yaml deleted file mode 100644 index e7c200ac..00000000 --- a/.zuul.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- project: - templates: - - noop-jobs diff --git a/Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial b/Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial new file mode 100644 index 00000000..6cb7eb80 --- /dev/null +++ b/Dockerfiles/mysqlclient-utility/Dockerfile.ubuntu_xenial @@ -0,0 +1,28 @@ +ARG FROM=docker.io/ubuntu:xenial +FROM ${FROM} +MAINTAINER Trung Thai + +RUN set -xe \ + && sed -i '/nobody/d' /etc/passwd \ + && echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd ;\ + apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + bash \ + moreutils \ + vim \ + sudo \ + screen \ + rsyslog \ + python-oslo.rootwrap \ + python3-oslo.rootwrap \ + mysql-client ;\ + sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf ; \ + apt-get clean -y ;\ + rm -rf \ + /var/cache/debconf/* \ + /var/lib/apt/lists/* \ + /var/log/* \ + /tmp/* \ + /var/tmp/* +CMD ["/bin/bash"] \ No newline at end of file diff --git a/Dockerfiles/mysqlclient-utility/build.sh b/Dockerfiles/mysqlclient-utility/build.sh new file mode 100644 index 00000000..8af15491 --- /dev/null +++ b/Dockerfiles/mysqlclient-utility/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -xe +SCRIPT=`realpath $0` +SCRIPT_DIR=`dirname ${SCRIPT}` +## Only build from main folder +cd ${SCRIPT_DIR}/.. + +IMAGE="mysqlclient-utility" +VERSION=${VERSION:-latest} +DISTRO=${DISTRO:-ubuntu_xenial} +REGISTRY_URI=${REGISTRY_URI:-"airshipit/"} +EXTRA_TAG_INFO=${EXTRA_TAG_INFO:-""} +docker build \ +-f ${IMAGE}/Dockerfile.${DISTRO} \ +--network=host \ +-t ${REGISTRY_URI}${IMAGE}:${VERSION}-${DISTRO}${EXTRA_TAG_INFO} \ +${extra_build_args} ${IMAGE} + +cd - diff --git a/install_mysqlclient_utility.sh b/install_mysqlclient_utility.sh new file mode 100755 index 00000000..ad63b206 --- /dev/null +++ b/install_mysqlclient_utility.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -xe + +#NOTE: Lint and package chart +: ${OSH_INFRA_PATH:="../../openstack-helm-infra"} + +typeset uc=mysqlclient-utility + +make ${uc} +helm upgrade --install ${uc} ${uc} --namespace=utility + +#NOTE: Wait for deploy +./${OSH_INFRA_PATH}/tools/deployment/common/wait-for-pods.sh utility + +#NOTE: Validate Deployment info +kubectl get pods -n utility |grep ${uc} +helm status ${uc} + +helm test ${uc} --timeout 900 diff --git a/mysqlclient-utility/Chart.yaml b/mysqlclient-utility/Chart.yaml new file mode 100644 index 00000000..d30d25f6 --- /dev/null +++ b/mysqlclient-utility/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Porthole MySql Client +name: mysqlclient-utility +version: 0.1.0 diff --git a/mysqlclient-utility/README.md b/mysqlclient-utility/README.md new file mode 100644 index 00000000..ca38da98 --- /dev/null +++ b/mysqlclient-utility/README.md @@ -0,0 +1,237 @@ +# MySqlClient Utility Container + +## Prerequisites: Deploy OSH-AIO + +## Installation + +1. Add the below to /etc/sudoers + +>root ALL=(ALL) NOPASSWD: ALL \ +ubuntu ALL=(ALL) NOPASSWD: ALL + +2. Install the latest versions of Git, CA Certs bundle & Make if necessary + +>sudo apt-get update \ +sudo apt-get dist-upgrade -y \ +sudo apt-get install --no-install-recommends -y \ +ca-certificates \ +git \ +make \ +jq \ +nmap \ +curl \ +uuid-runtime + +3. Clone the OpenStack-Helm Repos + +>git clone https://git.openstack.org/openstack/openstack-helm-infra.git \ +git clone https://git.openstack.org/openstack/openstack-helm.git + +4. Proxy Configuration + +In order to deploy OpenStack-Helm behind corporate proxy servers (if any) +add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml + +>proxy: \ +http: http://username:password@host:port \ +https: https://username:password@host:port \ +noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local + +Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables. + +>export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local \ +export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local + + +5. Deploy Kubernetes & Helm +- cd openstack-helm + - ./tools/deployment/developer/common/010-deploy-k8s.sh +- Setup Clients on the host and assemble the charts + - ./tools/deployment/developer/common/020-setup-client.sh +- Deploy the ingress controller + - ./tools/deployment/developer/common/030-ingress.sh +- Deploy Ceph + - ./tools/deployment/developer/ceph/040-ceph.sh +- Activate the namespace to be able to use Ceph + - ./tools/deployment/developer/ceph/045-ceph-ns-activate.sh +-. Deploy Keystone + - ./tools/deployment/developer/ceph/080-keystone.sh +- Deploy Heat + - ./tools/deployment/developer/ceph/090-heat.sh +- Deploy Horizon + - ./tools/deployment/developer/ceph/100-horizon.sh +- Deploy Glance + - ./tools/deployment/developer/ceph/120-glance.sh +- Deploy Cinder + - ./tools/deployment/developer/ceph/130-cinder.sh +- Deploy LibVirt + - ./tools/deployment/developer/ceph/150-libvirt.sh +- Deploy Compute Kit (Nova and Neutron) + - ./tools/deployment/developer/ceph/160-compute-kit.sh +- To run further commands from the CLI manually, execute the following to set up authentication credentials + - export OS_CLOUD=openstack_helm + +6. Clone the Porthole and this utility repo as well. +- $git clone https://review.opendev.org/airship/porthole + +7. $cd porthole + +**Optionally pull in this PS if it's not ready merged; otherwise, skip step below.** +- $git pull https://review.opendev.org/airship/porthole refs/changes/81/674881/[latest change set] + +- **$bash ./install_mysqlclient_utility.sh** +--- +
+ + +../../openstack-helm-infra + + typeset uc=mysqlclient-utility + + make mysqlclient-utility + + ===== Processing [mysqlclient-utility] chart ===== + make[1]: Entering directory '/home/ubuntu/osh/openstack-helm/porthole' + if [ -f mysqlclient-utility/Makefile ]; then make -C mysqlclient-utility; fi + if [ -f mysqlclient-utility/requirements.yaml ]; then helm dep up mysqlclient-utility; fi + Hang tight while we grab the latest from your chart repositories... + ...Successfully got an update from the "local" chart repository + Update Complete. ⎈Happy Helming!⎈ + Saving 1 charts + Downloading helm-toolkit from repo http://localhost:8879/charts + Deleting outdated charts + if [ -d mysqlclient-utility ]; then helm lint mysqlclient-utility; fi + ==> Linting mysqlclient-utility + [INFO] Chart.yaml: icon is recommended + + 1 chart(s) linted, no failures + if [ -d mysqlclient-utility ]; then helm package mysqlclient-utility; fi + Successfully packaged chart and saved it to: /home/ubuntu/osh/openstack-helm/porthole/mysqlclient-utility-0.1.0.tgz + make[1]: Leaving directory '/home/ubuntu/osh/openstack-helm/porthole' + + helm upgrade --install mysqlclient-utility mysqlclient-utility --namespace=utility + Release "mysqlclient-utility" does not exist. Installing it now. + NAME: mysqlclient-utility + LAST DEPLOYED: Fri Jul 19 01:38:55 2019 + NAMESPACE: utility + STATUS: DEPLOYED + + RESOURCES: + ==> v1/ConfigMap + NAME DATA AGE + mysqlclient-utility-bin 2 1s + mysqlclient-utility-bin-utilscli 2 1s + mysqlclient-utility-etc 2 1s + mysqlclient-utility-sudoers 1 1s + + ==> v1/Deployment + NAME READY UP-TO-DATE AVAILABLE AGE + mysqlclient-utility 0/1 1 0 1s + + ==> v1/Pod(related) + NAME READY STATUS RESTARTS AGE + mysqlclient-utility-775bf65c97-8z97s 0/1 ContainerCreating 0 1s + + ==> v1/ServiceAccount + NAME SECRETS AGE + mysqlclient-utility 1 1s + + ==> v1beta1/ClusterRole + NAME AGE + mysqlclient-utility 1s + + ==> v1beta1/ClusterRoleBinding + NAME AGE + mysqlclient-utility 1s + + + ../../openstack-helm-infra/tools/deployment/common/wait-for-pods.sh utility + + kubectl get pods -n utility + + grep mysqlclient-utility + mysqlclient-utility-775bf65c97-8z97s 1/1 Running 0 17s + + helm status mysqlclient-utility + LAST DEPLOYED: Fri Jul 19 01:38:55 2019 + NAMESPACE: utility + STATUS: DEPLOYED + + RESOURCES: + ==> v1/ConfigMap + NAME DATA AGE + mysqlclient-utility-bin 2 18s + mysqlclient-utility-bin-utilscli 2 18s + mysqlclient-utility-etc 2 18s + mysqlclient-utility-sudoers 1 18s + + ==> v1/Deployment + NAME READY UP-TO-DATE AVAILABLE AGE + mysqlclient-utility 1/1 1 1 18s + + ==> v1/Pod(related) + NAME READY STATUS RESTARTS AGE + mysqlclient-utility-775bf65c97-8z97s 1/1 Running 0 18s + + ==> v1/ServiceAccount + NAME SECRETS AGE + mysqlclient-utility 1 18s + + ==> v1beta1/ClusterRole + NAME AGE + mysqlclient-utility 18s + + ==> v1beta1/ClusterRoleBinding + NAME AGE + mysqlclient-utility 18s + + + helm test mysqlclient-utility --timeout 900 + RUNNING: mysqlclient-utility-check-mysql-client-installation + PASSED: mysqlclient-utility-check-mysql-client-installation +
+ + +## POST-Installation + +Validate pods are deployed and running + +$ kubectl get pods -n utility + - NAME READY STATUS RESTARTS AGE + - mysqlclient-utility-775bf65c97-8z97s 1/1 Running 0 8m47s + - mysqlclient-utility-check-mysql-client-installation 0/1 Completed 0 8m29s + + +## Usage & Test + +Get in to the utility pod using kubectl exec, perform the followings: + +### Case 1 - Execute into the pod + $kubectl exec -it -n utility /bin/bash + +### Case 2 - Test connectiviy to Mariadb (optional) + + - Find mariadb pod and its corresponding IP +--- + - $kubectl get pods --all-namespaces |grep -i mariadb-server |awk '{print $1,$2}'|while read a b ; do + kubectl get pod $b -n $a -o wide + done +--- +- An Output should look similar to below + + - NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES + - mariadb-server-0 1/1 Running 0 5h49m 192.168.251.93 mtn13b2 + + - Now connect to the pod as prescribe in Case 1 by providing the arguements accordingly to CLI, like below. + + - $kubectl exec -it -n utility -- mysql -h -u root -p -e 'show databases;' + + It's expected to see an output looks similar to below. + +>--------------------+\ +| Database |\ +|--------------------|\ +| cinder |\ +| glance |\ +| heat |\ +| horizon |\ +| information_schema |\ +| keystone |\ +| mysql |\ +| neutron |\ +| nova |\ +| nova_api |\ +| nova_cell0 |\ +| performance_schema |\ ++--------------------+\ \ No newline at end of file diff --git a/mysqlclient-utility/requirements.yaml b/mysqlclient-utility/requirements.yaml new file mode 100644 index 00000000..e69c985d --- /dev/null +++ b/mysqlclient-utility/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/mysqlclient-utility/templates/bin/_bootstrap.sh.tpl b/mysqlclient-utility/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 00000000..99f7c2b6 --- /dev/null +++ b/mysqlclient-utility/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +set -ex +sudo ./tmp/start.sh +tail -f /var/log/syslog diff --git a/mysqlclient-utility/templates/bin/_start.sh.tpl b/mysqlclient-utility/templates/bin/_start.sh.tpl new file mode 100644 index 00000000..4defdc00 --- /dev/null +++ b/mysqlclient-utility/templates/bin/_start.sh.tpl @@ -0,0 +1,34 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +set -ex +# move this into build image v1.0.1 8/13/19 +#sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf +/etc/init.d/rsyslog start + +# for readiness probe +touch /tmp/done + +{{/* +These lines will disable extra handler, extra formatter, extra level to the +root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl. +These lines will get rid of duplicate logs, generated because of the formatter +attached by oslo-rootwrap. +*/}} +sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py \ No newline at end of file diff --git a/mysqlclient-utility/templates/bin/_utilscli-sudo.tpl b/mysqlclient-utility/templates/bin/_utilscli-sudo.tpl new file mode 100644 index 00000000..d1db41cb --- /dev/null +++ b/mysqlclient-utility/templates/bin/_utilscli-sudo.tpl @@ -0,0 +1,16 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/mysqlclient-utility-rootwrap /etc/mysqlclient-utility/rootwrap.conf * diff --git a/mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl b/mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl new file mode 100644 index 00000000..4a1ee1ad --- /dev/null +++ b/mysqlclient-utility/templates/bin/utility/_mysqlclient-utility-rootwrap.tpl @@ -0,0 +1,49 @@ +#!/usr/bin/python +{{/* +Copyright 2019 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# PBR Generated from u'console_scripts' +import sys +import os +import logging +import getpass + +from oslo_rootwrap.cmd import main + +exec_name = sys.argv[0] +host_name = os.environ.get("HOSTNAME") +log_level = {{ .Values.conf.mysqlclientrootwrapconf.DEFAULT.syslog_log_level | quote }} +facility = {{ .Values.conf.mysqlclientrootwrapconf.DEFAULT.syslog_log_facility | quote }} + +if "AUSER" in os.environ: + user_id = os.environ["AUSER"] +elif {{ .Values.conf.utility.always_log_user | quote }} == 'true': + user_id = 'development site' +else: + print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.") + exit() + +try: + handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility) +except IOError: + print("Unable to setup logging, for security reasons access restricted from connecting to container.") + exit() + +formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s') +handler.setFormatter(formatter) +root = logging.getLogger() +root.setLevel(log_level) +root.addHandler(handler) + +if __name__ == "__main__": + sys.exit(main()) diff --git a/mysqlclient-utility/templates/bin/utility/_utilscli.tpl b/mysqlclient-utility/templates/bin/utility/_utilscli.tpl new file mode 100644 index 00000000..309a8bdd --- /dev/null +++ b/mysqlclient-utility/templates/bin/utility/_utilscli.tpl @@ -0,0 +1,17 @@ +#!/bin/bash +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/mysqlclient-utility-rootwrap /etc/mysqlclient-utility/rootwrap.conf $*" diff --git a/mysqlclient-utility/templates/configmap-bin.yaml b/mysqlclient-utility/templates/configmap-bin.yaml new file mode 100644 index 00000000..639ddeaf --- /dev/null +++ b/mysqlclient-utility/templates/configmap-bin.yaml @@ -0,0 +1,48 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_bin .Values.deployment.mysqlclient }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "bin" }} +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + mysqlclient-utility-rootwrap: | +{{ tuple "bin/utility/_mysqlclient-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }} +data: + utilscli: | +{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +{{- end }} diff --git a/mysqlclient-utility/templates/configmap-etc-client.yaml b/mysqlclient-utility/templates/configmap-etc-client.yaml new file mode 100644 index 00000000..c892bdd9 --- /dev/null +++ b/mysqlclient-utility/templates/configmap-etc-client.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_etc_client .Values.deployment.mysqlclient }} +{{- $envAll := . }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} +data: + rootwrap.conf: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.mysqlclientrootwrapconf | indent 4 }} + mysqlclient-rootwrap-filter: | +{{ include "helm-toolkit.utils.to_ini" .Values.conf.mysqlclientfilter | indent 4 }} +{{- end }} diff --git a/mysqlclient-utility/templates/configmap-etc-sudoers.yaml b/mysqlclient-utility/templates/configmap-etc-sudoers.yaml new file mode 100644 index 00000000..9b6357b0 --- /dev/null +++ b/mysqlclient-utility/templates/configmap-etc-sudoers.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.mysqlclient }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }} +data: + utilscli-sudo: | +{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/mysqlclient-utility/templates/deployment-utility.yaml b/mysqlclient-utility/templates/deployment-utility.yaml new file mode 100644 index 00000000..7fb2e63a --- /dev/null +++ b/mysqlclient-utility/templates/deployment-utility.yaml @@ -0,0 +1,143 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.mysqlclient .Values.conf.features.utility) }} +{{- $envAll := . }} + +{{- $serviceAccountName := printf "%s" $envAll.Release.Name }} +{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - get + - list + - watch + - exec + - create +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $envAll.Release.Namespace }} +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ printf "%s" $envAll.Release.Name }} + labels: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.utility }} + selector: + matchLabels: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + name: {{ printf "%s" $envAll.Release.Name }} + annotations: + {{ tuple . | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + securityContext: + runAsUser: 65534 + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "mysqlclient" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }} + containers: + - name: {{ printf "%s" $envAll.Release.Name }} +{{ tuple $envAll "mysqlclient_utility" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.mysql_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/bootstrap.sh + readinessProbe: + exec: + command: + - cat + - /tmp/done + initialDelaySeconds: 5 + periodSeconds: 15 + livenessProbe: + exec: + command: + - utilscli + initialDelaySeconds: 5 + periodSeconds: 15 + volumeMounts: + - name: mysqlclient-utility-bin-utilscli + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true + - name: mysqlclient-utility-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: mysqlclient-utility-bin-utilscli + mountPath: /usr/local/bin/utilscli + subPath: utilscli + readOnly: true + - name: mysqlclient-utility-bin + mountPath: /usr/local/bin/mysqlclient-utility-rootwrap + subPath: mysqlclient-utility-rootwrap + readOnly: true + - name: mysqlclient-utility-sudoers + mountPath: /etc/sudoers.d/utilscli-sudo + subPath: utilscli-sudo + readOnly: true + - name: mysqlclient-utility-etc + mountPath: /etc/mysqlclient-utility/rootwrap.d/mysqlclient-rootwrap-filter + subPath: mysqlclient-rootwrap-filter + readOnly: true + - name: mysqlclient-utility-etc + mountPath: /etc/mysqlclient-utility/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + volumes: + - name: mysqlclient-utility-sudoers + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }} + defaultMode: 0644 + - name: mysqlclient-utility-bin + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "bin" }} + defaultMode: 0555 + - name: mysqlclient-utility-etc + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} + defaultMode: 0555 + - name: mysqlclient-utility-bin-utilscli + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "bin-utilscli" }} + defaultMode: 0755 +{{- end }} diff --git a/mysqlclient-utility/templates/tests/check-mysql-client.yaml b/mysqlclient-utility/templates/tests/check-mysql-client.yaml new file mode 100644 index 00000000..cbeecbbc --- /dev/null +++ b/mysqlclient-utility/templates/tests/check-mysql-client.yaml @@ -0,0 +1,26 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: v1 + +kind: Pod +metadata: + name: "{{ .Release.Name }}-check-mysql-client-installation" + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: "{{ .Release.Name }}-check-mysql-client-installation" + image: {{ .Values.images.tags.mysqlclient_utility }} + command: ["/bin/bash", "-c", "type mysql"] + restartPolicy: Never diff --git a/mysqlclient-utility/values.yaml b/mysqlclient-utility/values.yaml new file mode 100644 index 00000000..31f3c11a --- /dev/null +++ b/mysqlclient-utility/values.yaml @@ -0,0 +1,161 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mysql-client. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +deployment: + mysqlclient: true + +release_group: null + +images: + tags: + mysqlclient_utility: 'quay.io/trthai/tuc:mysql-client-utility-v1.0.1' + image_repo_sync: docker.io/docker:18.09.02 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + utility: + node_selector_key: openstack-helm-node-class + node_selector_value: primary + +pod: + dns_policy: "ClusterFirstWithHostNet" + replicas: + utility: 1 + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + resources: + enabled: false + utility: + requests: + memory: "100Mi" + cpu: "250m" + limits: + memory: "250Mi" + cpu: "500m" + jobs: + bootstrap: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + + +conf: + features: + utility: true + mysqlclientconf: + etc: mysqlclient-etc + mysqlclientfilter: + Filters: + # mysqlclient-rootwrap command filters for mysqlclient utility container + # This file should be owned by (and only-writeable by) the root user + mysql: CommandFilter, mysql, root + #kubectl: CommandFilter, kubectl, root + mysqlclientrootwrapconf: + DEFAULT: + # Configuration for mysqlclient-rootwrap + # This file should be owned by (and only-writeable by) the root user + # List of directories to load filter definitions from (separated by ','). + # These directories MUST all be only writeable by root ! + filters_path: /etc/mysqlclient-utility/rootwrap.d + # List of directories to search executables in, in case filters do not + # explicitely specify a full path (separated by ',') + # If not specified, defaults to system PATH environment variable. + # These directories MUST all be only writeable by root ! + exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp + # Enable logging to syslog + # Default value is False + use_syslog: True + # Which syslog facility to use. + # Valid values include auth, authpriv, syslog, local0, local1... + # Default value is 'syslog' + syslog_log_facility: syslog + # Which messages to log. + # INFO means log all usage + # ERROR means only log unsuccessful attempts + syslog_log_level: INFO + #keystone_auth: + # auth_url: http://keystone.openstack.svc.cluster.local/v3 + # auth_version: "3" + utility: + # Set to true for development sites, + # Set to false otherwise + always_log_user: true + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - mysqlclient-utility-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +bootstrap: + enabled: true + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + +monitoring: + prometheus: + enabled: true + +manifests: + configmap_bin: true + configmap_etc_client: true + configmap_etc_sudoers: true + deployment_utility: true + diff --git a/tools/gate/playbooks/docker-image-upload.yaml b/tools/gate/playbooks/docker-image-upload.yaml new file mode 100644 index 00000000..03e202b4 --- /dev/null +++ b/tools/gate/playbooks/docker-image-upload.yaml @@ -0,0 +1,112 @@ +- hosts: all + tasks: + - include_vars: vars.yaml + + - name: Install Docker (Debian) + when: ansible_os_family == 'Debian' + block: + - file: + path: "{{ item }}" + state: directory + with_items: + - /etc/docker/ + - /etc/systemd/system/docker.service.d/ + - /var/lib/docker/ + - mount: + path: /var/lib/docker/ + src: tmpfs + fstype: tmpfs + opts: size=25g + state: mounted + - copy: "{{ item }}" + with_items: + - content: "{{ docker_daemon | to_json }}" + dest: /etc/docker/daemon.json + - src: files/docker-systemd.conf + dest: /etc/systemd/system/docker.service.d/ + - apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + - apt_repository: + repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable + - apt: + name: "{{ item }}" + allow_unauthenticated: True + with_items: + - docker-ce + - python-pip + - pip: + name: docker + version: 2.7.0 + # NOTE(SamYaple): Allow all connections from containers to host so the + # containers can access the http server for git and wheels + - iptables: + action: insert + chain: INPUT + in_interface: docker0 + jump: ACCEPT + become: True + + - name: Debug tag generation inputs + block: + - debug: + var: publish + - debug: + var: tags + - debug: + var: zuul + - debug: + msg: "{{ tags | to_json }}" + + - name: Determine tags + shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py + environment: + BRANCH: "{{ zuul.branch | default('') }}" + CHANGE: "{{ zuul.change | default('') }}" + COMMIT: "{{ zuul.newrev | default('') }}" + PATCHSET: "{{ zuul.patchset | default('') }}" + register: image_tags + + - name: Debug computed tags + debug: + var: image_tags + + - name: Make images + when: not publish + block: + - make: + chdir: "{{ zuul.project.src_dir }}" + target: images + params: + IMAGE_TAG: "{{ item }}" + with_items: "{{ image_tags.stdout_lines }}" + + - shell: "docker images" + register: docker_images + + - debug: + var: docker_images + + become: True + + - name: Publish images + block: + - docker_login: + username: "{{ quay_credentials.username }}" + password: "{{ quay_credentials.password }}" + registry_url: "https://quay.io/api/v1/" + - make: + chdir: "{{ zuul.project.src_dir }}" + target: images + params: + DOCKER_REGISTRY: "quay.io" + IMAGE_PREFIX: "airshipit" + IMAGE_TAG: "{{ item }}" + COMMIT: "{{ zuul.newrev | default('') }}" + PUSH_IMAGE: "true" + with_items: "{{ image_tags.stdout_lines }}" + - shell: "docker images" + register: docker_images + - debug: + var: docker_images + when: publish + become: True \ No newline at end of file diff --git a/tools/gate/playbooks/files/docker-systemd.conf b/tools/gate/playbooks/files/docker-systemd.conf new file mode 100644 index 00000000..6b01af0f --- /dev/null +++ b/tools/gate/playbooks/files/docker-systemd.conf @@ -0,0 +1,8 @@ +# NOTE(SamYaple): CentOS cannot be build with userns-remap enabled. httpd uses +# cap_set_file capability and there is no way to pass that in at build as of +# docker 17.06. +# TODO(SamYaple): Periodically check to see if this is possible in newer +# versions of Docker +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml new file mode 100644 index 00000000..c89b7980 --- /dev/null +++ b/tools/gate/playbooks/vars.yaml @@ -0,0 +1,19 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +docker_daemon: + group: zuul + registry-mirrors: + - "http://{{ zuul_site_mirror_fqdn }}:8082/" + storage-driver: overlay2 diff --git a/tools/gate/playbooks/zuul-linter.yaml b/tools/gate/playbooks/zuul-linter.yaml index b86a1279..44f31473 100644 --- a/tools/gate/playbooks/zuul-linter.yaml +++ b/tools/gate/playbooks/zuul-linter.yaml @@ -1,4 +1,4 @@ -# Copyright 2019 The Openstack-Helm Authors. +# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +15,6 @@ - hosts: primary tasks: - name: Execute a Whitespace Linter check - command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -not -name "*.png" -type f -exec egrep -l " +$" {} \; + command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \; register: result failed_when: result.stdout != "" \ No newline at end of file diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml new file mode 100644 index 00000000..76ba4619 --- /dev/null +++ b/zuul.d/base.yaml @@ -0,0 +1,67 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- nodeset: + name: airship-porthole-single-node + nodes: + - name: primary + label: ubuntu-xenial + +- job: + name: porthole-images-build + parent: build-docker-image + abstract: true + ansible-version: 2.8 + description: | + irrelevant-files: + - ^\.git.* + - ^.*\.(example|md|rst)$ + - ^doc/.* + - ^releasenotes/.* + timeout: 3600 + +- job: + name: porthole-images-upload + parent: upload-docker-image + abstract: true + ansible-version: 2.8 + secrets: + name: quay_credentials + secret: quay_credentials + pass-to-parent: true + timeout: 3600 + +- secret: + name: quay_credentials + data: + username: !encrypted/pkcs1-oaep + - SQ0e+mvFN7eU+snMDhXC417r3yy+OoZ+QQcAPAoI2xuUDbZOrCSXIlRATrNZX+NrRx/sT + GoxeeScqpX3hnBTHAvWn6iDzVoSIOgW8aG4+/kCjU1dtKzPgyuo4t+rFEe1iplLFyG1P1 + xshMrc8dRpAJTjyUwWzY1zatb46LEBK1DD15kkAaS+6KKfD2dH/AX3XYzp3671cdsXtC7 + R7Lm8lKh2MYYmF+ybuCd/JbeuH2aLQc1pLnigPBWJgslzxQ2F2hLXssj8cd+rGSxQ8jVG + SCqFkyggBdv/TGQdhihnse8Taj8tqgmqbh5KPZIKeCM5ekXbsCMuI1KNH0Fr7UeffOYNU + 5CJsWnuZoX5xQxcRHWAprBaGr8jr6EeklW896GC7wMcFq+C4166H1Y44NMrLtzAlXEs8p + uO6Vl2AGqt4/ORkJ7aIUdjI21u0r7ULEFcj+Q7hMoC0q81f1RVqbvTWtAi6CfjiUdpEwm + vwpyfwUP4JugjC3UALe4tMyMO5pQiAIPzYs34/skqxvEQN+5+8BrBnr2tNAIbxMmgpZOU + Ov89WfURzb7pxBbVgC6HuyX2mQi3OHdYS33TM9e+pXgLN8XK7dzASaCFXa0zjA1xj4pHh + oBO66rVON6DsjEmliMUHLnkgXJnqqm9pLEa+avCuK0Kt7i5st1DBnxK/Goy2ec= + password: !encrypted/pkcs1-oaep + - CuInAjNp1dAXxxNzfs9O9I7+T6OJLx4gaPeafLxfjJs4uCRC8L6N1Kcyc1QPYlr6hfvFz + D8Er9OKTzbmQixDxGzCSJh/RRcpjwh8GJMn7cvGYMTsrWcYzvK2RC5778huxVnwT0gWiB + TaqUqOBsHQMlXumEAKO7qqaKxJ4LadXMp/eqcyVfCw1roEOO69QqhBajwhk/5RS3qm6QZ + KGr0T3AfDAtF276e4GI9L5paVNjME7Au22+S1pVaIxX91/qx3HFAz+HSErvhxGHVKhHr4 + 4G/YygeSJMWyKpk28kjoncxgzHNwREXZXbRabMwXoGuweOB4ZZ7JXy9yEkagojx0buBtn + Phv48p/8C/7ZN3v8xOiHRAnLk6jsWA4cu5Zhplark22Uq+d7MtlEgRpWvqDBWNF+9GCOQ + Vlpomy02Nj4PkZZDKY7Eo3uf/+3aa8/hhvJursqv6VvqwYl75euT8Immo1EUw/Hw4PBpJ + JXcwlGoK6kvXmYaG2c7yEiH2xNtTzVTai10fsalubQWR4FTmJA5LU9+HatHBa46XLy4gS + vMHs2uJudmxhqLIhs5Er248FVjfxw7le5dPun3ir4J7Mjgypu5y8eLCMZAFIwpeqlJrVU + uih8ByaTlSEh6FBzle7Hb330RjSztC4pX6xiNAmtkpxhF2rEEFS66B/ixwCphQ= diff --git a/zuul.d/mysqlclient-utility.yaml b/zuul.d/mysqlclient-utility.yaml new file mode 100644 index 00000000..a7ba6236 --- /dev/null +++ b/zuul.d/mysqlclient-utility.yaml @@ -0,0 +1,75 @@ +# Copyright 2019 The Airship Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + check: + jobs: + - porthole-mysqlclient-lint-ws + - porthole-mysqlclient-images-build + + gate: + jobs: + - porthole-mysqlclient-lint-ws + - porthole-mysqlclient-images-build + + post: + jobs: + - porthole-mysqlclient-images-upload + +- job: + name: porthole-mysqlclient-lint-ws + description: | + Lints all files for trailing whitespace + run: tools/gate/playbooks/zuul-linter.yaml + timeout: 300 + nodeset: airship-porthole-single-node + +- job: + name: porthole-mysqlclient-images-build + parent: porthole-images-build + description: Build mysqclient images + vars: &mysqlclient_vars + currentdate: "{{ now(utc=True,fmt='%Y%m%d') }}" + docker_images: + - context: Dockerfiles/mysqlclient-utility + repository: porthole/mysqlclient-utility + dockerfile: Dockerfile.ubuntu_xenial + tags: + - latest-ubuntu_xenial + - "ubuntu_xenial-{{ currentdate }}" + files: &mysqlclient_files + - Dockerfiles/mysqlclient-utility/.* + - zuul.d/mysqlclient-utility.yaml + +- job: + name: porthole-mysqlclient-images-upload + timeout: 1800 + run: tools/gate/playbooks/docker-image-upload.yaml + nodeset: airship-porthole-single-node + secrets: + - quay_credentials + vars: + publish: true + tags: + dynamic: + branch: true + commit: true + static: + - latest + irrelevant-files: + - ^charts/.*$ + - ^etc/.*$ + - ^tests/.*$ + - ^tools/.*$ +