summaryrefslogtreecommitdiffstats
path: root/images/installer
diff options
context:
space:
mode:
Diffstat (limited to 'images/installer')
-rw-r--r--images/installer/Dockerfile51
-rw-r--r--images/installer/Dockerfile.rhel745
-rw-r--r--images/installer/system-container/README.md31
-rw-r--r--images/installer/system-container/root/exports/config.json.template234
-rw-r--r--images/installer/system-container/root/exports/manifest.json12
-rw-r--r--images/installer/system-container/root/exports/service.template6
-rw-r--r--images/installer/system-container/root/exports/tmpfiles.template2
-rwxr-xr-ximages/installer/system-container/root/usr/local/bin/run-system-container.sh4
8 files changed, 385 insertions, 0 deletions
diff --git a/images/installer/Dockerfile b/images/installer/Dockerfile
new file mode 100644
index 000000000..915dfe377
--- /dev/null
+++ b/images/installer/Dockerfile
@@ -0,0 +1,51 @@
+# Using playbook2image as a base
+# See https://github.com/openshift/playbook2image for details on the image
+# including documentation for the settings/env vars referenced below
+FROM registry.centos.org/openshift/playbook2image:latest
+
+MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com>
+
+LABEL name="openshift/origin-ansible" \
+ summary="OpenShift's installation and configuration tool" \
+ description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+ url="https://github.com/openshift/openshift-ansible" \
+ io.k8s.display-name="openshift-ansible" \
+ io.k8s.description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+ io.openshift.expose-services="" \
+ io.openshift.tags="openshift,install,upgrade,ansible"
+
+USER root
+
+# Create a symlink to /opt/app-root/src so that files under /usr/share/ansible are accessible.
+# This is required since the system-container uses by default the playbook under
+# /usr/share/ansible/openshift-ansible. With this change we won't need to keep two different
+# configurations for the two images.
+RUN mkdir -p /usr/share/ansible/ && ln -s /opt/app-root/src /usr/share/ansible/openshift-ansible
+
+RUN INSTALL_PKGS="skopeo openssl java-1.8.0-openjdk-headless httpd-tools" && \
+ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+ rpm -V $INSTALL_PKGS && \
+ yum clean all
+
+USER ${USER_UID}
+
+# The playbook to be run is specified via the PLAYBOOK_FILE env var.
+# This sets a default of openshift_facts.yml as it's an informative playbook
+# that can help test that everything is set properly (inventory, sshkeys)
+ENV PLAYBOOK_FILE=playbooks/byo/openshift_facts.yml \
+ OPTS="-v" \
+ INSTALL_OC=true
+
+# playbook2image's assemble script expects the source to be available in
+# /tmp/src (as per the source-to-image specs) so we import it there
+ADD . /tmp/src
+
+# Running the 'assemble' script provided by playbook2image will install
+# dependencies specified in requirements.txt and install the 'oc' client
+# as per the INSTALL_OC environment setting above
+RUN /usr/libexec/s2i/assemble
+
+# Add files for running as a system container
+COPY images/installer/system-container/root /
+
+CMD [ "/usr/libexec/s2i/run" ]
diff --git a/images/installer/Dockerfile.rhel7 b/images/installer/Dockerfile.rhel7
new file mode 100644
index 000000000..9d7eeec24
--- /dev/null
+++ b/images/installer/Dockerfile.rhel7
@@ -0,0 +1,45 @@
+FROM openshift3/playbook2image
+
+MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com>
+
+LABEL name="openshift3/ose-ansible" \
+ summary="OpenShift's installation and configuration tool" \
+ description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+ url="https://github.com/openshift/openshift-ansible" \
+ io.k8s.display-name="openshift-ansible" \
+ io.k8s.description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \
+ io.openshift.expose-services="" \
+ io.openshift.tags="openshift,install,upgrade,ansible" \
+ com.redhat.component="aos3-installation-docker" \
+ version="v3.4.1" \
+ release="1" \
+ architecture="x86_64"
+
+# Playbooks, roles and their dependencies are installed from packages.
+# Unlike in Dockerfile, we don't invoke the 'assemble' script here
+# because all content and dependencies (like 'oc') is already
+# installed via yum.
+USER root
+RUN INSTALL_PKGS="atomic-openshift-utils atomic-openshift-clients python-boto" && \
+ yum repolist > /dev/null && \
+ yum-config-manager --enable rhel-7-server-ose-3.4-rpms && \
+ yum-config-manager --enable rhel-7-server-rh-common-rpms && \
+ yum install -y $INSTALL_PKGS && \
+ yum clean all
+
+USER ${USER_UID}
+
+# The playbook to be run is specified via the PLAYBOOK_FILE env var.
+# This sets a default of openshift_facts.yml as it's an informative playbook
+# that can help test that everything is set properly (inventory, sshkeys).
+# As the playbooks are installed via packages instead of being copied to
+# $APP_HOME by the 'assemble' script, we set the WORK_DIR env var to the
+# location of openshift-ansible.
+ENV PLAYBOOK_FILE=playbooks/byo/openshift_facts.yml \
+ WORK_DIR=/usr/share/ansible/openshift-ansible \
+ OPTS="-v"
+
+# Add files for running as a system container
+COPY system-container/root /
+
+CMD [ "/usr/libexec/s2i/run" ]
diff --git a/images/installer/system-container/README.md b/images/installer/system-container/README.md
new file mode 100644
index 000000000..fbcd47c4a
--- /dev/null
+++ b/images/installer/system-container/README.md
@@ -0,0 +1,31 @@
+# System container installer
+
+These files are needed to run the installer using an [Atomic System container](http://www.projectatomic.io/blog/2016/09/intro-to-system-containers/).
+
+* config.json.template - Template of the configuration file used for running containers.
+
+* manifest.json - Used to define various settings for the system container, such as the default values to use for the installation.
+
+* run-system-container.sh - Entrypoint to the container.
+
+* service.template - Template file for the systemd service.
+
+* tmpfiles.template - Template file for systemd-tmpfiles.
+
+## Options
+
+These options may be set via the ``atomic`` ``--set`` flag. For defaults see ``root/exports/manifest.json``
+
+* OPTS - Additional options to pass to ansible when running the installer
+
+* VAR_LIB_OPENSHIFT_INSTALLER - Full path of the installer code to mount into the container
+
+* VAR_LOG_OPENSHIFT_LOG - Full path of the log file to mount into the container
+
+* PLAYBOOK_FILE - Full path of the playbook inside the container
+
+* HOME_ROOT - Full path on host to mount as the root home directory inside the container (for .ssh/, etc..)
+
+* ANSIBLE_CONFIG - Full path for the ansible configuration file to use inside the container
+
+* INVENTORY_FILE - Full path for the inventory to use from the host
diff --git a/images/installer/system-container/root/exports/config.json.template b/images/installer/system-container/root/exports/config.json.template
new file mode 100644
index 000000000..739c0080f
--- /dev/null
+++ b/images/installer/system-container/root/exports/config.json.template
@@ -0,0 +1,234 @@
+{
+ "ociVersion": "1.0.0",
+ "platform": {
+ "os": "linux",
+ "arch": "amd64"
+ },
+ "process": {
+ "terminal": false,
+ "consoleSize": {
+ "height": 0,
+ "width": 0
+ },
+ "user": {
+ "uid": 0,
+ "gid": 0
+ },
+ "args": [
+ "/usr/local/bin/run-system-container.sh"
+ ],
+ "env": [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM=xterm",
+ "OPTS=$OPTS",
+ "PLAYBOOK_FILE=$PLAYBOOK_FILE",
+ "ANSIBLE_CONFIG=$ANSIBLE_CONFIG"
+ ],
+ "cwd": "/opt/app-root/src/",
+ "rlimits": [
+ {
+ "type": "RLIMIT_NOFILE",
+ "hard": 1024,
+ "soft": 1024
+ }
+ ],
+ "noNewPrivileges": true
+ },
+ "root": {
+ "path": "rootfs",
+ "readonly": true
+ },
+ "mounts": [
+ {
+ "destination": "/proc",
+ "type": "proc",
+ "source": "proc"
+ },
+ {
+ "destination": "/dev",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755",
+ "size=65536k"
+ ]
+ },
+ {
+ "destination": "/dev/pts",
+ "type": "devpts",
+ "source": "devpts",
+ "options": [
+ "nosuid",
+ "noexec",
+ "newinstance",
+ "ptmxmode=0666",
+ "mode=0620",
+ "gid=5"
+ ]
+ },
+ {
+ "destination": "/dev/shm",
+ "type": "tmpfs",
+ "source": "shm",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "mode=1777",
+ "size=65536k"
+ ]
+ },
+ {
+ "destination": "/dev/mqueue",
+ "type": "mqueue",
+ "source": "mqueue",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev"
+ ]
+ },
+ {
+ "destination": "/sys",
+ "type": "sysfs",
+ "source": "sysfs",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "ro"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$HOME_ROOT/.ssh",
+ "destination": "/opt/app-root/src/.ssh",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$HOME_ROOT",
+ "destination": "/root",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$VAR_LIB_OPENSHIFT_INSTALLER",
+ "destination": "/var/lib/openshift-installer",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$VAR_LOG_OPENSHIFT_LOG",
+ "destination": "/var/log/ansible.log",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "destination": "/root/.ansible",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755"
+ ]
+ },
+ {
+ "destination": "/tmp",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$INVENTORY_FILE",
+ "destination": "/etc/ansible/hosts",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "destination": "/etc/resolv.conf",
+ "type": "bind",
+ "source": "/etc/resolv.conf",
+ "options": [
+ "ro",
+ "rbind",
+ "rprivate"
+ ]
+ },
+ {
+ "destination": "/sys/fs/cgroup",
+ "type": "cgroup",
+ "source": "cgroup",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "relatime",
+ "ro"
+ ]
+ }
+ ],
+ "hooks": {
+
+ },
+ "linux": {
+ "resources": {
+ "devices": [
+ {
+ "allow": false,
+ "access": "rwm"
+ }
+ ]
+ },
+ "namespaces": [
+ {
+ "type": "pid"
+ },
+ {
+ "type": "mount"
+ }
+ ],
+ "maskedPaths": [
+ "/proc/kcore",
+ "/proc/latency_stats",
+ "/proc/timer_list",
+ "/proc/timer_stats",
+ "/proc/sched_debug",
+ "/sys/firmware"
+ ],
+ "readonlyPaths": [
+ "/proc/asound",
+ "/proc/bus",
+ "/proc/fs",
+ "/proc/irq",
+ "/proc/sys",
+ "/proc/sysrq-trigger"
+ ]
+ }
+}
diff --git a/images/installer/system-container/root/exports/manifest.json b/images/installer/system-container/root/exports/manifest.json
new file mode 100644
index 000000000..8b984d7a3
--- /dev/null
+++ b/images/installer/system-container/root/exports/manifest.json
@@ -0,0 +1,12 @@
+{
+ "version": "1.0",
+ "defaultValues": {
+ "OPTS": "",
+ "VAR_LIB_OPENSHIFT_INSTALLER" : "/var/lib/openshift-installer",
+ "VAR_LOG_OPENSHIFT_LOG": "/var/log/ansible.log",
+ "PLAYBOOK_FILE": "/usr/share/ansible/openshift-ansible/playbooks/byo/config.yml",
+ "HOME_ROOT": "/root",
+ "ANSIBLE_CONFIG": "/usr/share/atomic-openshift-utils/ansible.cfg",
+ "INVENTORY_FILE": "/dev/null"
+ }
+}
diff --git a/images/installer/system-container/root/exports/service.template b/images/installer/system-container/root/exports/service.template
new file mode 100644
index 000000000..bf5316af6
--- /dev/null
+++ b/images/installer/system-container/root/exports/service.template
@@ -0,0 +1,6 @@
+[Service]
+ExecStart=$EXEC_START
+ExecStop=-$EXEC_STOP
+Restart=no
+WorkingDirectory=$DESTDIR
+Type=oneshot
diff --git a/images/installer/system-container/root/exports/tmpfiles.template b/images/installer/system-container/root/exports/tmpfiles.template
new file mode 100644
index 000000000..b1f6caf47
--- /dev/null
+++ b/images/installer/system-container/root/exports/tmpfiles.template
@@ -0,0 +1,2 @@
+d $VAR_LIB_OPENSHIFT_INSTALLER - - - - -
+f $VAR_LOG_OPENSHIFT_LOG - - - - -
diff --git a/images/installer/system-container/root/usr/local/bin/run-system-container.sh b/images/installer/system-container/root/usr/local/bin/run-system-container.sh
new file mode 100755
index 000000000..9ce7c7328
--- /dev/null
+++ b/images/installer/system-container/root/usr/local/bin/run-system-container.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+export ANSIBLE_LOG_PATH=/var/log/ansible.log
+exec ansible-playbook -i /etc/ansible/hosts ${OPTS} ${PLAYBOOK_FILE}