From 2ed671c54dad28dd81763928b28cd17d5c76df66 Mon Sep 17 00:00:00 2001 From: "Szekeres, Balazs (Nokia - HU/Budapest)" Date: Thu, 2 May 2019 14:03:59 +0200 Subject: [PATCH 1/1] Added seed code for caas-registry. Added seed code for caas-registry. Change-Id: Ia3bcec2da70c138e7d3799d3b58a5c08a39000ab Signed-off-by: Szekeres, Balazs (Nokia - HU/Budapest) --- LICENSE | 179 +++ SPECS/registry.spec | 99 ++ SPECS/swift.spec | 93 ++ ansible/playbooks/registry.yaml | 23 + ansible/playbooks/registry_pre_config.yaml | 22 + ansible/playbooks/swift.yaml | 23 + ansible/roles/registry/meta/main.yaml | 19 + ansible/roles/registry/tasks/main.yml | 64 + .../registry/templates/main/docker-registry.yml | 71 + .../roles/registry/templates/main/dockerreg.yml | 36 + .../registry/templates/main/registry_service.yml | 31 + .../templates/update/docker-registry-update.yml | 71 + .../roles/registry/templates/update/dockerreg.yml | 36 + .../templates/update/update_registry_service.yml | 31 + ansible/roles/registry_pre_config/meta/main.yml | 48 + ansible/roles/registry_pre_config/tasks/main.yml | 46 + ansible/roles/swift/meta/main.yml | 57 + ansible/roles/swift/tasks/main.yml | 35 + ansible/roles/swift/tasks/password_gen.yml | 27 + ansible/roles/swift/tasks/password_handler.yml | 124 ++ ansible/roles/swift/tasks/swift_main.yml | 73 + ansible/roles/swift/tasks/swift_update.yml | 41 + .../roles/swift/templates/main/account-server.conf | 37 + ansible/roles/swift/templates/main/admin.yml | 19 + ansible/roles/swift/templates/main/admin_envfile | 18 + .../swift/templates/main/container-server.conf | 39 + ansible/roles/swift/templates/main/memcached | 20 + ansible/roles/swift/templates/main/nginx.conf | 32 + .../roles/swift/templates/main/object-server.conf | 42 + .../roles/swift/templates/main/proxy-server.conf | 51 + .../roles/swift/templates/main/registry_envfile | 19 + ansible/roles/swift/templates/main/rsyncd.conf | 60 + ansible/roles/swift/templates/main/supervisord.pid | 16 + ansible/roles/swift/templates/main/swift.conf | 20 + ansible/roles/swift/templates/main/swift_main.yml | 89 ++ .../roles/swift/templates/main/swift_service.yml | 30 + .../swift/templates/update/account-server.conf | 36 + ansible/roles/swift/templates/update/admin.yml | 19 + ansible/roles/swift/templates/update/admin_envfile | 18 + .../swift/templates/update/container-server.conf | 38 + ansible/roles/swift/templates/update/memcached | 20 + ansible/roles/swift/templates/update/nginx.conf | 32 + .../swift/templates/update/object-server.conf | 36 + .../roles/swift/templates/update/proxy-server.conf | 46 + .../roles/swift/templates/update/registry_envfile | 19 + ansible/roles/swift/templates/update/rsyncd.conf | 59 + .../roles/swift/templates/update/supervisord.pid | 16 + ansible/roles/swift/templates/update/swift.conf | 20 + .../roles/swift/templates/update/swift_update.yml | 72 + .../templates/update/swift_update_service.yml | 30 + ansible/roles/swift/vars/main.yml | 17 + docker-build/registry/Dockerfile | 42 + docker-build/registry/bom.json | 184 +++ docker-build/registry/build-pip | 23 + .../registry/common_scripts/wait-for-files | 46 + docker-build/registry/mainstart.sh | 23 + .../set-nologin-shell-to-system-users.sh | 76 + docker-build/registry/security-utils/utils.sh | 43 + docker-build/swift/Dockerfile | 161 ++ docker-build/swift/bom.json | 1624 ++++++++++++++++++++ docker-build/swift/build-pip | 23 + docker-build/swift/common_scripts/wait-for-files | 46 + docker-build/swift/get-package | 19 + docker-build/swift/healthchecker.sh | 18 + docker-build/swift/mainstart.sh | 56 + docker-build/swift/nginx.repo | 7 + docker-build/swift/source-list.txt | 75 + docker-build/swift/supervisord.conf | 188 +++ 68 files changed, 4873 insertions(+) create mode 100644 LICENSE create mode 100644 SPECS/registry.spec create mode 100644 SPECS/swift.spec create mode 100644 ansible/playbooks/registry.yaml create mode 100644 ansible/playbooks/registry_pre_config.yaml create mode 100644 ansible/playbooks/swift.yaml create mode 100644 ansible/roles/registry/meta/main.yaml create mode 100755 ansible/roles/registry/tasks/main.yml create mode 100644 ansible/roles/registry/templates/main/docker-registry.yml create mode 100644 ansible/roles/registry/templates/main/dockerreg.yml create mode 100644 ansible/roles/registry/templates/main/registry_service.yml create mode 100644 ansible/roles/registry/templates/update/docker-registry-update.yml create mode 100644 ansible/roles/registry/templates/update/dockerreg.yml create mode 100644 ansible/roles/registry/templates/update/update_registry_service.yml create mode 100644 ansible/roles/registry_pre_config/meta/main.yml create mode 100644 ansible/roles/registry_pre_config/tasks/main.yml create mode 100644 ansible/roles/swift/meta/main.yml create mode 100644 ansible/roles/swift/tasks/main.yml create mode 100644 ansible/roles/swift/tasks/password_gen.yml create mode 100644 ansible/roles/swift/tasks/password_handler.yml create mode 100644 ansible/roles/swift/tasks/swift_main.yml create mode 100644 ansible/roles/swift/tasks/swift_update.yml create mode 100644 ansible/roles/swift/templates/main/account-server.conf create mode 100644 ansible/roles/swift/templates/main/admin.yml create mode 100644 ansible/roles/swift/templates/main/admin_envfile create mode 100644 ansible/roles/swift/templates/main/container-server.conf create mode 100644 ansible/roles/swift/templates/main/memcached create mode 100644 ansible/roles/swift/templates/main/nginx.conf create mode 100644 ansible/roles/swift/templates/main/object-server.conf create mode 100644 ansible/roles/swift/templates/main/proxy-server.conf create mode 100644 ansible/roles/swift/templates/main/registry_envfile create mode 100644 ansible/roles/swift/templates/main/rsyncd.conf create mode 100644 ansible/roles/swift/templates/main/supervisord.pid create mode 100644 ansible/roles/swift/templates/main/swift.conf create mode 100644 ansible/roles/swift/templates/main/swift_main.yml create mode 100644 ansible/roles/swift/templates/main/swift_service.yml create mode 100644 ansible/roles/swift/templates/update/account-server.conf create mode 100644 ansible/roles/swift/templates/update/admin.yml create mode 100644 ansible/roles/swift/templates/update/admin_envfile create mode 100644 ansible/roles/swift/templates/update/container-server.conf create mode 100644 ansible/roles/swift/templates/update/memcached create mode 100644 ansible/roles/swift/templates/update/nginx.conf create mode 100644 ansible/roles/swift/templates/update/object-server.conf create mode 100644 ansible/roles/swift/templates/update/proxy-server.conf create mode 100644 ansible/roles/swift/templates/update/registry_envfile create mode 100644 ansible/roles/swift/templates/update/rsyncd.conf create mode 100644 ansible/roles/swift/templates/update/supervisord.pid create mode 100644 ansible/roles/swift/templates/update/swift.conf create mode 100644 ansible/roles/swift/templates/update/swift_update.yml create mode 100644 ansible/roles/swift/templates/update/swift_update_service.yml create mode 100644 ansible/roles/swift/vars/main.yml create mode 100644 docker-build/registry/Dockerfile create mode 100644 docker-build/registry/bom.json create mode 100644 docker-build/registry/build-pip create mode 100755 docker-build/registry/common_scripts/wait-for-files create mode 100644 docker-build/registry/mainstart.sh create mode 100755 docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh create mode 100755 docker-build/registry/security-utils/utils.sh create mode 100644 docker-build/swift/Dockerfile create mode 100644 docker-build/swift/bom.json create mode 100644 docker-build/swift/build-pip create mode 100644 docker-build/swift/common_scripts/wait-for-files create mode 100644 docker-build/swift/get-package create mode 100755 docker-build/swift/healthchecker.sh create mode 100644 docker-build/swift/mainstart.sh create mode 100644 docker-build/swift/nginx.repo create mode 100644 docker-build/swift/source-list.txt create mode 100644 docker-build/swift/supervisord.conf diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4959a5e --- /dev/null +++ b/LICENSE @@ -0,0 +1,179 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + diff --git a/SPECS/registry.spec b/SPECS/registry.spec new file mode 100644 index 0000000..7443b74 --- /dev/null +++ b/SPECS/registry.spec @@ -0,0 +1,99 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%define COMPONENT registry +%define RPM_NAME caas-%{COMPONENT} +%define RPM_MAJOR_VERSION 2.7.1 +%define RPM_MINOR_VERSION 1 +%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} +Name: %{RPM_NAME} +Version: %{RPM_MAJOR_VERSION} +Release: %{RPM_MINOR_VERSION}%{?dist} +Summary: Containers as a Service Registry component +License: %{_platform_license} and Apache License and GNU Lesser General Public License v3.0 only and BSD 3-clause New or Revised License and MIT License and Common Development and Distribution License and BSD and GNU General Public License v2.0 only +URL: https://github.com/docker/distribution +BuildArch: x86_64 +Vendor: %{_platform_vendor} and docker/distribution unmodified +Source0: %{name}-%{version}.tar.gz + +Requires: docker-ce >= 18.09.2 +BuildRequires: docker-ce >= 18.09.2 + +%description +This rpm contains the docker registry container and ansible for caas subsystem. +This container contains the registry service. + +%prep +%autosetup + +%build +# Building the container +docker build \ + --network=host \ + --no-cache \ + --force-rm \ + --build-arg HTTP_PROXY="${http_proxy}" \ + --build-arg HTTPS_PROXY="${https_proxy}" \ + --build-arg NO_PROXY="${no_proxy}" \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + --build-arg no_proxy="${no_proxy}" \ + --build-arg REGISTRY="%{version}" \ + --tag %{COMPONENT}:%{IMAGE_TAG} \ + %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build/%{COMPONENT}/ + +# Creating a new folder for the container tar file +mkdir -p %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/ + +# Save the container +docker save %{COMPONENT}:%{IMAGE_TAG} | gzip -c > %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar + +# Remove container +docker rmi -f %{COMPONENT}:%{IMAGE_TAG} + +%install +# at this point the version variable changes e.g.: from 2.7.1 to 2.7.1-100.el7.centos.akrainolite.x86_64 +mkdir -p %{buildroot}/%{_caas_container_tar_path} +rsync -av %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar %{buildroot}/%{_caas_container_tar_path}/ + +mkdir -p %{buildroot}/%{_playbooks_path}/ +rsync -av ansible/playbooks/registry_pre_config.yaml %{buildroot}/%{_playbooks_path}/ +rsync -av ansible/playbooks/registry.yaml %{buildroot}/%{_playbooks_path}/ + +mkdir -p %{buildroot}/%{_roles_path}/ +rsync -av ansible/roles/registry_pre_config %{buildroot}/%{_roles_path}/ +rsync -av ansible/roles/registry %{buildroot}/%{_roles_path}/ + +%files +%{_caas_container_tar_path}/%{COMPONENT}:%{IMAGE_TAG}.tar +%{_playbooks_path}/* +%{_roles_path}/* + + +%preun + +%post +mkdir -p %{_postconfig_path}/ +ln -sf %{_playbooks_path}/registry_pre_config.yaml %{_postconfig_path}/ +ln -sf %{_playbooks_path}/registry.yaml %{_postconfig_path}/ + +%postun +if [ $1 -eq 0 ]; then + rm -f %{_postconfig_path}/registry_pre_config.yaml + rm -f %{_postconfig_path}/registry.yaml +fi + +%clean +rm -rf ${buildroot} + diff --git a/SPECS/swift.spec b/SPECS/swift.spec new file mode 100644 index 0000000..159531b --- /dev/null +++ b/SPECS/swift.spec @@ -0,0 +1,93 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%define COMPONENT swift +%define RPM_NAME caas-%{COMPONENT} +%define RPM_MAJOR_VERSION 2.21.0 +%define RPM_MINOR_VERSION 1 +%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} +Name: %{RPM_NAME} +Version: %{RPM_MAJOR_VERSION} +Release: %{RPM_MINOR_VERSION}%{?dist} +Summary: Containers as a Service Swift component +License: %{_platform_license} and Apache License and GNU Lesser General Public License v3.0 only and BSD 3-clause New or Revised License and MIT License and Common Development and Distribution License and BSD and GNU General Public License v2.0 only +URL: https://github.com/openstack/swift +BuildArch: x86_64 +Vendor: %{_platform_vendor} and openstack/swift unmodified +Source0: %{name}-%{version}.tar.gz + +Requires: docker-ce >= 18.09.2 +BuildRequires: docker-ce >= 18.09.2 + +%description +This rpm contains the swift container and ansible for caas subsystem. +This container contains the swift service. + +%prep +%autosetup + +%build +# Building the container +docker build \ + --network=host \ + --no-cache \ + --force-rm \ + --build-arg HTTP_PROXY="${http_proxy}" \ + --build-arg HTTPS_PROXY="${https_proxy}" \ + --build-arg NO_PROXY="${no_proxy}" \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + --build-arg no_proxy="${no_proxy}" \ + --build-arg SWIFT="%{version}" \ + --tag %{COMPONENT}:%{IMAGE_TAG} \ + %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build/%{COMPONENT}/ + +# Creating a new folder for the container tar file +mkdir -p %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/ + +# Save the container +docker save %{COMPONENT}:%{IMAGE_TAG} | gzip -c > %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar + +# Remove container +docker rmi -f %{COMPONENT}:%{IMAGE_TAG} + +%install +mkdir -p %{buildroot}/%{_caas_container_tar_path}/ +rsync -av %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar %{buildroot}/%{_caas_container_tar_path}/ + +mkdir -p %{buildroot}/%{_playbooks_path}/ +rsync -av ansible/playbooks/swift.yaml %{buildroot}/%{_playbooks_path}/ + +mkdir -p %{buildroot}/%{_roles_path}/ +rsync -av ansible/roles/swift %{buildroot}/%{_roles_path}/ + + +%files +%{_caas_container_tar_path}/%{COMPONENT}:%{IMAGE_TAG}.tar +%{_playbooks_path}/* +%{_roles_path}/* + +%preun + +%post +mkdir -p %{_postconfig_path}/ +ln -sf %{_playbooks_path}/swift.yaml %{_postconfig_path}/ + +%postun +if [ $1 -eq 0 ]; then + rm -f %{_postconfig_path}/swift.yaml +fi + +%clean +rm -rf ${buildroot} diff --git a/ansible/playbooks/registry.yaml b/ansible/playbooks/registry.yaml new file mode 100644 index 0000000..95e9fc0 --- /dev/null +++ b/ansible/playbooks/registry.yaml @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# cmframework.requires: registry_pre_config.yaml +- hosts: caas_master + strategy: free + become: true + become_user: "{{ users.admin_user_name }}" + roles: + - registry + diff --git a/ansible/playbooks/registry_pre_config.yaml b/ansible/playbooks/registry_pre_config.yaml new file mode 100644 index 0000000..e69b2dd --- /dev/null +++ b/ansible/playbooks/registry_pre_config.yaml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# cmframework.requires: swift.yaml +- hosts: caas_nodes + strategy: free + become: true + become_user: "root" + roles: + - registry_pre_config diff --git a/ansible/playbooks/swift.yaml b/ansible/playbooks/swift.yaml new file mode 100644 index 0000000..a5b050f --- /dev/null +++ b/ansible/playbooks/swift.yaml @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# cmframework.requires: flannel.yaml +- hosts: caas_master + strategy: linear + become: true + become_user: "{{ users.admin_user_name }}" + roles: + - swift + diff --git a/ansible/roles/registry/meta/main.yaml b/ansible/roles/registry/meta/main.yaml new file mode 100644 index 0000000..a548113 --- /dev/null +++ b/ansible/roles/registry/meta/main.yaml @@ -0,0 +1,19 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - role: docker_image_load + images: + - registry diff --git a/ansible/roles/registry/tasks/main.yml b/ansible/roles/registry/tasks/main.yml new file mode 100755 index 0000000..76f258f --- /dev/null +++ b/ansible/roles/registry/tasks/main.yml @@ -0,0 +1,64 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create docker repository folders + file: + path: "{{ item }}" + state: directory + owner: dockerreg + group: dockerreg + mode: 0700 + with_items: + - "{{ caas.registry_directory }}" + become_user: "root" + +- name: template main registry config + template: + src: main/dockerreg.yml + dest: /etc/docker-registry/docker-registry-main-config.yml + become_user: "root" + +- name: template update registry config + template: + src: update/dockerreg.yml + dest: /etc/docker-update-registry/docker-registry-update-config.yml + become_user: "root" + +- name: copy registry manifest files + template: + src: "{{ item }}" + dest: "{{ caas.manifests_directory }}/{{ item | basename }}" + with_items: + - main/docker-registry.yml + - update/docker-registry-update.yml + - main/registry_service.yml + - update/update_registry_service.yml + +- name: create kubernetes daemonset for registry + kubectl: + manifest: "{{ caas.manifests_directory }}/docker-registry.yml" + state: present + +- name: create kubernetes service for registry + kubectl: + manifest: "{{ caas.manifests_directory }}/registry_service.yml" + state: present + +- name: wait for registry kubernetes service to start + wait_for: + host: "{{ caas.registry_url }}" + port: "{{ caas.registry_port }}" + state: started + timeout: 60 diff --git a/ansible/roles/registry/templates/main/docker-registry.yml b/ansible/roles/registry/templates/main/docker-registry.yml new file mode 100644 index 0000000..e81d44e --- /dev/null +++ b/ansible/roles/registry/templates/main/docker-registry.yml @@ -0,0 +1,71 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: registry + namespace: kube-system +spec: + selector: + matchLabels: + name: registry + template: + metadata: + annotations: + danm.k8s.io/interfaces: | + [ + { + "network":"flannel" + } + ] + labels: + name: registry + spec: + dnsPolicy: ClusterFirst + nodeSelector: + nodetype: caas_master + securityContext: + runAsUser: {{ caas.uid.dockerreg }} + containers: + - name: registry + image: {{ container_image_names | select('search', '/registry:') | list | last }} + env: + - name: INTERFACE_NAME + value: "{{ caas.internal_flannel_interface }}" + - name: REGISTRY_PORT + value: "{{ caas.registry_port }}" + - name: REGISTRY_CONFIG + value: /etc/docker-registry/docker-registry-main-config.yml + volumeMounts: + - name: config + mountPath: /etc/docker-registry/ + readOnly: true + - name: store + mountPath: {{ caas.registry_directory }} + - name: ca + mountPath: /etc/ssl/certs/ + readOnly: true + volumes: + - name: config + hostPath: + path: /etc/docker-registry/ + - name: store + hostPath: + path: {{ caas.registry_directory }} + - name: ca + hostPath: + path: /etc/openssl/ diff --git a/ansible/roles/registry/templates/main/dockerreg.yml b/ansible/roles/registry/templates/main/dockerreg.yml new file mode 100644 index 0000000..bd7e49b --- /dev/null +++ b/ansible/roles/registry/templates/main/dockerreg.yml @@ -0,0 +1,36 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +version: 0.1 +storage: + cache: + blobdescriptor: inmemory + delete: + enabled: true + swift: + username: admin:registry + password: {{ swift_registry_pass }} + authurl: {{ caas.swift }}/auth/v1.0 + container: dockerregistry +http: + secret: 5f0fa8b7a739 + tls: + certificate: /etc/docker-registry/registry{{ nodeindex }}.pem + key: /etc/docker-registry/registry{{ nodeindex }}-key.pem + clientcas: + - /etc/docker-registry/ca.pem +log: + level: warn diff --git a/ansible/roles/registry/templates/main/registry_service.yml b/ansible/roles/registry/templates/main/registry_service.yml new file mode 100644 index 0000000..3269756 --- /dev/null +++ b/ansible/roles/registry/templates/main/registry_service.yml @@ -0,0 +1,31 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: registry + name: registry + namespace: kube-system + selfLink: /api/v1/namespaces/kube-system/services/registry +spec: + ports: + - name: registry + port: {{ caas.registry_port }} + protocol: TCP + selector: + name: registry diff --git a/ansible/roles/registry/templates/update/docker-registry-update.yml b/ansible/roles/registry/templates/update/docker-registry-update.yml new file mode 100644 index 0000000..39b0ce9 --- /dev/null +++ b/ansible/roles/registry/templates/update/docker-registry-update.yml @@ -0,0 +1,71 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: registry-update + namespace: kube-system +spec: + selector: + matchLabels: + name: registry-update + template: + metadata: + annotations: + danm.k8s.io/interfaces: | + [ + { + "network":"flannel" + } + ] + labels: + name: registry-update + spec: + dnsPolicy: ClusterFirst + nodeSelector: + nodename: caas_master1 + securityContext: + runAsUser: {{ caas.uid.dockerreg }} + containers: + - name: registry-update + image: {{ container_image_names | select('search', '/registry:') | list | last }} + env: + - name: INTERFACE_NAME + value: "{{ caas.internal_flannel_interface }}" + - name: REGISTRY_PORT + value: "{{ caas.update_registry_port }}" + - name: REGISTRY_CONFIG + value: /etc/docker-registry/docker-registry-update-config.yml + volumeMounts: + - name: config + mountPath: /etc/docker-registry/ + readOnly: true + - name: store + mountPath: {{ caas.registry_directory }} + - name: ca + mountPath: /etc/ssl/certs/ + readOnly: true + volumes: + - name: config + hostPath: + path: /etc/docker-update-registry/ + - name: store + hostPath: + path: {{ caas.registry_directory }} + - name: ca + hostPath: + path: /etc/openssl/ diff --git a/ansible/roles/registry/templates/update/dockerreg.yml b/ansible/roles/registry/templates/update/dockerreg.yml new file mode 100644 index 0000000..047658d --- /dev/null +++ b/ansible/roles/registry/templates/update/dockerreg.yml @@ -0,0 +1,36 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +version: 0.1 +storage: + cache: + blobdescriptor: inmemory + delete: + enabled: true + swift: + username: admin:registry + password: {{ swift_registry_pass }} + authurl: {{ caas.swift_update }}/auth/v1.0 + container: dockerregistry +http: + secret: 5f0fa8b7a739 + tls: + certificate: /etc/docker-registry/update-registry.pem + key: /etc/docker-registry/update-registry-key.pem + clientcas: + - /etc/docker-registry/ca.pem +log: + level: warn diff --git a/ansible/roles/registry/templates/update/update_registry_service.yml b/ansible/roles/registry/templates/update/update_registry_service.yml new file mode 100644 index 0000000..b31d686 --- /dev/null +++ b/ansible/roles/registry/templates/update/update_registry_service.yml @@ -0,0 +1,31 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: registry-update + name: registry-update + namespace: kube-system + selfLink: /api/v1/namespaces/kube-system/services/registry-update +spec: + ports: + - name: registry-update + port: {{ caas.update_registry_port }} + protocol: TCP + selector: + name: registry-update diff --git a/ansible/roles/registry_pre_config/meta/main.yml b/ansible/roles/registry_pre_config/meta/main.yml new file mode 100644 index 0000000..16b03ea --- /dev/null +++ b/ansible/roles/registry_pre_config/meta/main.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - role: creategroup + _name: dockerreg + _gid: "{{ caas.uid.dockerreg }}" + become: true + become_user: "root" + + - role: createuser + _name: dockerreg + _group: dockerreg + _groups: '' + _shell: /sbin/nologin + _uid: "{{ caas.uid.dockerreg }}" + become: true + become_user: "root" + + - role: cert + instance: "registry{{ nodeindex }}" + cert_path: /etc/docker-registry + alt_names: + dns: + - "{{ caas.registry_url }}" + add_users: + - dockerreg + + - role: cert + instance: "update-registry" + cert_path: /etc/docker-update-registry + alt_names: + dns: + - "{{ caas.update_registry_url }}" + add_users: + - dockerreg diff --git a/ansible/roles/registry_pre_config/tasks/main.yml b/ansible/roles/registry_pre_config/tasks/main.yml new file mode 100644 index 0000000..e277b4b --- /dev/null +++ b/ansible/roles/registry_pre_config/tasks/main.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create dir for client key files for registry access + file: + path: "/etc/docker/certs.d/{{ caas.registry_url }}:{{ caas.registry_port }}" + state: directory + +- name: symlink client key files for registry access + file: + src: "/etc/docker-registry/{{ item.src }}" + dest: "/etc/docker/certs.d/{{ caas.registry_url }}:{{ caas.registry_port }}/{{ item.dest }}" + state: link + force: yes + with_items: + - { src: "registry{{ nodeindex }}-key.pem", dest: "client.key" } + - { src: "registry{{ nodeindex }}.pem", dest: "client.cert" } + - { src: "ca.pem", dest: "ca.crt" } + +- name: create dir for client key files for update_registry access + file: + path: "/etc/docker/certs.d/{{ caas.update_registry_url }}:{{ caas.update_registry_port }}" + state: directory + +- name: symlink client key files for update_registry access + file: + src: "/etc/docker-update-registry//{{ item.src }}" + dest: "/etc/docker/certs.d/{{ caas.update_registry_url }}:{{ caas.update_registry_port }}/{{ item.dest }}" + state: link + force: yes + with_items: + - { src: "update-registry-key.pem", dest: "client.key" } + - { src: "update-registry.pem", dest: "client.cert" } + - { src: "ca.pem", dest: "ca.crt" } diff --git a/ansible/roles/swift/meta/main.yml b/ansible/roles/swift/meta/main.yml new file mode 100644 index 0000000..b8995b1 --- /dev/null +++ b/ansible/roles/swift/meta/main.yml @@ -0,0 +1,57 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - role: creategroup + _name: swift + _gid: "{{ caas.uid.swift }}" + become: true + become_user: "root" + + - role: createuser + _name: swift + _group: swift + _groups: '' + _shell: /sbin/nologin + _home: /var/lib/swift + _uid: "{{ caas.uid.swift }}" + become: true + become_user: "root" + + - role: cert + instance: "swift{{ nodeindex }}" + cert_path: /etc/swift/main/tls-proxy + alt_names: + dns: + - "{{ caas.swift_url }}" + add_users: + - swift + become: true + become_user: "root" + + - role: cert + instance: "swift-update{{ nodeindex }}" + cert_path: /etc/swift/update/tls-proxy + alt_names: + dns: + - "{{ caas.swift_update_url }}" + add_users: + - swift + become: true + become_user: "root" + + - role: docker_image_load + images: + - swift diff --git a/ansible/roles/swift/tasks/main.yml b/ansible/roles/swift/tasks/main.yml new file mode 100644 index 0000000..a9e89f7 --- /dev/null +++ b/ansible/roles/swift/tasks/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- import_tasks: password_handler.yml + +- name: create directories + file: + path: "{{ item }}" + state: directory + owner: swift + group: swift + mode: 0770 + recurse: yes + with_items: + - /etc/swift/main + - /etc/swift/update + - /srv/node/swift + - /srv/node/swift-update + become_user: "root" + +- import_tasks: swift_main.yml + +- import_tasks: swift_update.yml diff --git a/ansible/roles/swift/tasks/password_gen.yml b/ansible/roles/swift/tasks/password_gen.yml new file mode 100644 index 0000000..eaee056 --- /dev/null +++ b/ansible/roles/swift/tasks/password_gen.yml @@ -0,0 +1,27 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- shell: openssl rand -hex 10 | /usr/bin/openssl enc -aes-256-cbc -a -pass pass:{{ name }} + register: password + +- name: insert passwords into etcd + command: '/usr/bin/curl -X PUT + https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/{{ item }}?prevExist=false + --cacert /etc/etcd/ssl/ca.pem + --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem + --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem + --data-urlencode value="{{ password.stdout }}"' + become_user: "root" + diff --git a/ansible/roles/swift/tasks/password_handler.yml b/ansible/roles/swift/tasks/password_handler.yml new file mode 100644 index 0000000..72ea66a --- /dev/null +++ b/ansible/roles/swift/tasks/password_handler.yml @@ -0,0 +1,124 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include_tasks: password_gen.yml + with_items: + - "admin" + - "registry" + +- name: get admin password + command: '/usr/bin/curl + https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/admin + --cacert /etc/etcd/ssl/ca.pem + --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem + --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem' + register: admin_pass + become_user: "root" + +- name: get registry password + command: '/usr/bin/curl + https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/registry + --cacert /etc/etcd/ssl/ca.pem + --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem + --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem' + register: registry_pass + become_user: "root" + +- name: decode registry pass + shell: echo {{ (registry_pass.stdout|from_json).node.value }} | /usr/bin/openssl enc -d -aes-256-cbc -a -pass pass:{{ name }} + register: registry_pass + +- name: set registry pass + set_fact: + swift_registry_pass: "{{ registry_pass.stdout }}" + +- name: decode admin pass + shell: echo {{ (admin_pass.stdout|from_json).node.value }} | /usr/bin/openssl enc -d -aes-256-cbc -a -pass pass:{{ name }} + register: admin_pass + +- name: set admin pass + set_fact: + swift_admin_pass: "{{ admin_pass.stdout }}" + +- name: create dirs + file: + mode: 0750 + name: /etc/swift/usr/{{ item }} + state: directory + owner: swift + group: swift + with_items: + - "admin" + become_user: "root" + +- name: allowing cloud_admin_user to access /etc/swift folder + acl: + name: "/etc/swift" + entity: "{{ users.admin_user_name }}" + etype: user + permissions: rx + state: present + become_user: "root" + +- name: allowing cloud_admin_user to access /etc/swift/usr folder + acl: + name: "/etc/swift/usr" + entity: "{{ users.admin_user_name }}" + etype: user + permissions: rx + state: present + become_user: "root" + +- name: allowing cloud_admin_user to access /etc/swift/usr/admin folder + acl: + name: "/etc/swift/usr/admin" + entity: "{{ users.admin_user_name }}" + etype: user + permissions: rx + state: present + become_user: "root" + +- name: copy admin env_file + template: + src: main/admin_envfile + mode: 0640 + dest: /etc/swift/usr/admin/env_file + become_user: "root" + +- name: Copy admin.yml + template: + src: main/admin.yml + mode: 0640 + dest: /etc/swift/usr/admin/admin.yml + become_user: "root" + +- name: allowing users.admin_user_name to access /etc/swift/usr/admin/env_file + acl: + name: "/etc/swift/usr/admin/env_file" + entity: "{{ users.admin_user_name }}" + etype: user + permissions: r + state: present + become_user: "root" + +- name: allowing cloud_admin_user to access /etc/swift/usr/admin/admin.yml + acl: + name: "/etc/swift/usr/admin/admin.yml" + entity: "{{ users.admin_user_name }}" + etype: user + permissions: r + state: present + become_user: "root" + diff --git a/ansible/roles/swift/tasks/swift_main.yml b/ansible/roles/swift/tasks/swift_main.yml new file mode 100644 index 0000000..5a7267d --- /dev/null +++ b/ansible/roles/swift/tasks/swift_main.yml @@ -0,0 +1,73 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Get Swift pass from file + shell: 'grep "export SWIFT_PASS=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"' + register: swift_password_for_template + +- name: Get Swift pass from file + shell: 'grep "export SWIFT_USER=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"' + register: swift_user_for_template + +- name: Get Swift pass from file + shell: 'grep "export SWIFT_TENANT=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"' + register: swift_tenant_for_template + +- name: template config files + template: + src: "main/{{ item }}" + dest: "/etc/swift/main/{{ item }}" + owner: "{{ caas.uid.swift }}" + group: "{{ caas.uid.swift }}" + mode: 0640 + with_items: + - account-server.conf + - container-server.conf + - object-server.conf + - proxy-server.conf + - swift.conf + - rsyncd.conf + - memcached + - nginx.conf + become_user: "root" + +- name: Copy swift daemonset yaml + template: + src: main/swift_main.yml + dest: "{{ caas.manifests_directory }}/swift_main.yml" + +- name: Copy swift service yaml + template: + src: main/swift_service.yml + dest: "{{ caas.manifests_directory }}/swift_service.yml" + +- name: create Swift daemonset object + kubectl: + manifest: "{{ caas.manifests_directory }}/swift_main.yml" + state: present + when: ( nodename | search("caas_master1") ) + +- name: Create Swift service + kubectl: + manifest: "{{ caas.manifests_directory }}/swift_service.yml" + state: present + when: ( nodename | search("caas_master1") ) + +- name: wait for swift service to start + wait_for: + host: "{{ caas.swift_url }}" + port: "{{ caas.swift_port }}" + state: started + timeout: 60 diff --git a/ansible/roles/swift/tasks/swift_update.yml b/ansible/roles/swift/tasks/swift_update.yml new file mode 100644 index 0000000..63f8e60 --- /dev/null +++ b/ansible/roles/swift/tasks/swift_update.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: template config files + template: + owner: "{{ caas.uid.swift }}" + group: "{{ caas.uid.swift }}" + src: "update/{{ item }}" + dest: "/etc/swift/update/{{ item }}" + with_items: + - account-server.conf + - container-server.conf + - object-server.conf + - proxy-server.conf + - swift.conf + - rsyncd.conf + - memcached + - nginx.conf + become_user: "root" + +- name: template pod file + template: + src: update/swift_update.yml + dest: "{{ caas.manifests_directory }}/swift_update.yml" + +- name: Copy swift update service yaml + template: + src: update/swift_update_service.yml + dest: "{{ caas.manifests_directory }}/swift_update_service.yml" diff --git a/ansible/roles/swift/templates/main/account-server.conf b/ansible/roles/swift/templates/main/account-server.conf new file mode 100644 index 0000000..6ff05ac --- /dev/null +++ b/ansible/roles/swift/templates/main/account-server.conf @@ -0,0 +1,37 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = {{ ansible_host }} +bind_port = 6002 +workers = 4 + +[pipeline:main] +pipeline = recon account-server + +[app:account-server] +use = egg:swift#account + +[account-replicator] +interval = 300 + +[account-auditor] + +[account-reaper] + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +account_recon = true diff --git a/ansible/roles/swift/templates/main/admin.yml b/ansible/roles/swift/templates/main/admin.yml new file mode 100644 index 0000000..929fb29 --- /dev/null +++ b/ansible/roles/swift/templates/main/admin.yml @@ -0,0 +1,19 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +swift_user: admin +swift_tenant: admin +swift_password: {{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/main/admin_envfile b/ansible/roles/swift/templates/main/admin_envfile new file mode 100644 index 0000000..cf9ba16 --- /dev/null +++ b/ansible/roles/swift/templates/main/admin_envfile @@ -0,0 +1,18 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +export SWIFT_USER=admin +export SWIFT_TENANT=admin +export SWIFT_PASS={{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/main/container-server.conf b/ansible/roles/swift/templates/main/container-server.conf new file mode 100644 index 0000000..932b083 --- /dev/null +++ b/ansible/roles/swift/templates/main/container-server.conf @@ -0,0 +1,39 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = {{ ansible_host }} +bind_port = 6001 +workers = 4 + +[pipeline:main] +pipeline = recon container-server + +[app:container-server] +use = egg:swift#container + +[container-replicator] +interval = 60 + +[container-updater] + +[container-auditor] + +[container-sync] + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +container_recon = true diff --git a/ansible/roles/swift/templates/main/memcached b/ansible/roles/swift/templates/main/memcached new file mode 100644 index 0000000..d4dbc13 --- /dev/null +++ b/ansible/roles/swift/templates/main/memcached @@ -0,0 +1,20 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +PORT="{{ caas.swift_memcached_port }}" +USER="memcached" +MAXCONN="4096" +CACHESIZE="256" +OPTIONS="-l {{ ansible_host }}" diff --git a/ansible/roles/swift/templates/main/nginx.conf b/ansible/roles/swift/templates/main/nginx.conf new file mode 100644 index 0000000..052bc2f --- /dev/null +++ b/ansible/roles/swift/templates/main/nginx.conf @@ -0,0 +1,32 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +daemon off; +worker_processes auto; +error_log /dev/stderr; +pid /run/nginx.pid; +include /usr/share/nginx/modules/*.conf; +events { + worker_connections 1024; +} +stream { + server { + listen {{ caas.swift_port }} ssl; + ssl_certificate /etc/swift/tls-proxy/swift{{ nodeindex }}.pem; + ssl_certificate_key /etc/swift/tls-proxy/swift{{ nodeindex }}-key.pem; + proxy_pass 127.0.0.1:18084; + proxy_protocol on; + } +} diff --git a/ansible/roles/swift/templates/main/object-server.conf b/ansible/roles/swift/templates/main/object-server.conf new file mode 100644 index 0000000..4053877 --- /dev/null +++ b/ansible/roles/swift/templates/main/object-server.conf @@ -0,0 +1,42 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = {{ ansible_host }} +bind_port = 6000 +workers = 4 +ionice_class = IOPRIO_CLASS_RT +ionice_priority = 0 + +[pipeline:main] +pipeline = recon object-server + +[app:object-server] +use = egg:swift#object + +[object-replicator] +interval = 60 + +[object-updater] + +[object-auditor] +files_per_second = 2 +bytes_per_second = 1048576 +zero_byte_files_per_second = 2 + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +object_recon = true diff --git a/ansible/roles/swift/templates/main/proxy-server.conf b/ansible/roles/swift/templates/main/proxy-server.conf new file mode 100644 index 0000000..98baa3d --- /dev/null +++ b/ansible/roles/swift/templates/main/proxy-server.conf @@ -0,0 +1,51 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = 127.0.0.1 +bind_port = 18084 +workers = 4 +user = swift + +[pipeline:main] +pipeline = healthcheck cache tempauth proxy-server + +[app:proxy-server] +use = egg:swift#proxy +allow_account_management = true +account_autocreate = true +node_timeout = 30 +require_proxy_protocol = true + +[filter:cache] +use = egg:swift#memcache +memcache_servers = {% for host in groups['caas_master'] %}{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.swift_memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} +connect_timeout = 3 +pool_timeout = 3 +tries = 3 +io_timeout = 3 + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:tempauth] +storage_url_scheme = https +use = egg:swift#tempauth +# user__ = +user_admin_admin = {{ swift_admin_pass }} .admin .reseller_admin +user_admin_registry = {{ swift_registry_pass }} .admin diff --git a/ansible/roles/swift/templates/main/registry_envfile b/ansible/roles/swift/templates/main/registry_envfile new file mode 100644 index 0000000..1ec550f --- /dev/null +++ b/ansible/roles/swift/templates/main/registry_envfile @@ -0,0 +1,19 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +export SWIFT_USER=registry +export SWIFT_TENANT=admin +export SWIFT_PASS={{ swift_registry_pass }} + diff --git a/ansible/roles/swift/templates/main/rsyncd.conf b/ansible/roles/swift/templates/main/rsyncd.conf new file mode 100644 index 0000000..c9b8d44 --- /dev/null +++ b/ansible/roles/swift/templates/main/rsyncd.conf @@ -0,0 +1,60 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +# /etc/rsyncd: configuration file for rsync daemon mode + +# See rsyncd.conf man page for more options. + +# configuration example: + +# uid = nobody +# gid = nobody +# use chroot = yes +# max connections = 4 +# pid file = /var/run/rsyncd.pid +# exclude = lost+found/ +# transfer logging = yes +# timeout = 900 +# ignore nonreadable = yes +# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 + +# [ftp] +# path = /home/ftp +# comment = ftp export area + +uid = swift +gid = swift +log file = /var/log/swift/rsyncd.log +pid file = /var/run/rsyncd/rsyncd.pid +address = {{ ansible_host }} +use chroot = false + +[account] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/swift_locks/account.lock + +[container] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/swift_locks/container.lock + +[object] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/swift_locks/object.lock diff --git a/ansible/roles/swift/templates/main/supervisord.pid b/ansible/roles/swift/templates/main/supervisord.pid new file mode 100644 index 0000000..b2efd85 --- /dev/null +++ b/ansible/roles/swift/templates/main/supervisord.pid @@ -0,0 +1,16 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +10 diff --git a/ansible/roles/swift/templates/main/swift.conf b/ansible/roles/swift/templates/main/swift.conf new file mode 100644 index 0000000..1b5c09c --- /dev/null +++ b/ansible/roles/swift/templates/main/swift.conf @@ -0,0 +1,20 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[swift-hash] +# random unique strings that can never change (DO NOT LOSE) +swift_hash_path_prefix = b97da6ab8ec7c25b +swift_hash_path_suffix = 37cadcd41f889807 + diff --git a/ansible/roles/swift/templates/main/swift_main.yml b/ansible/roles/swift/templates/main/swift_main.yml new file mode 100644 index 0000000..bcbf9e8 --- /dev/null +++ b/ansible/roles/swift/templates/main/swift_main.yml @@ -0,0 +1,89 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: swift + namespace: kube-system +spec: + selector: + matchLabels: + name: swift + template: + metadata: + labels: + name: swift + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + nodetype: caas_master + securityContext: + runAsUser: {{ caas.uid.swift }} + containers: + - name: swift + image: {{ container_image_names | select('search', '/swift') | list | last }} + securityContext: + capabilities: + add: ["NET_BIND_SERVICE"] + args: + - BACKEND + resources: + limits: + memory: "4Gi" + requests: + memory: "1Gi" + env: + - name: "SWIFT_USER" + value: "{{ swift_user_for_template.stdout }}" + - name: "SWIFT_TENANT" + value: "{{ swift_tenant_for_template.stdout }}" + - name: "SWIFT_PASS" + value: "{{ swift_password_for_template.stdout }}" + - name: "SWIFT_PART_POWER" + value: "7" + - name: "SWIFT_PART_HOUR" + value: "0" + - name: "SWIFT_DISK" + value: "swift" + - name: "SWIFT_REPLICAS" + value: "{{groups['caas_master']|length|int}}" +{% for host in groups['caas_master']%} + - name: "SWIFT_OAM{{loop.index}}_IP" + value: "{{ hostvars[host]['networking']['infra_internal']['ip'] }}" +{% endfor %} + volumeMounts: + - name: config + mountPath: /etc/swift/ + - name: store + mountPath: /srv/node/swift + livenessProbe: + exec: + command: + - /bin/bash + - /usr/bin/healthchecker.sh + initialDelaySeconds: 60 + periodSeconds: 10 + failureThreshold: 5 + timeoutSeconds: 3 + volumes: + - name: config + hostPath: + path: /etc/swift/main/ + - name: store + hostPath: + path: /srv/node/swift diff --git a/ansible/roles/swift/templates/main/swift_service.yml b/ansible/roles/swift/templates/main/swift_service.yml new file mode 100644 index 0000000..e8919a0 --- /dev/null +++ b/ansible/roles/swift/templates/main/swift_service.yml @@ -0,0 +1,30 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: swift + name: swift + namespace: kube-system +spec: + ports: + - name: swift + port: {{ caas.swift_port }} + protocol: TCP + selector: + name: swift diff --git a/ansible/roles/swift/templates/update/account-server.conf b/ansible/roles/swift/templates/update/account-server.conf new file mode 100644 index 0000000..821ef08 --- /dev/null +++ b/ansible/roles/swift/templates/update/account-server.conf @@ -0,0 +1,36 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = {{ ansible_host }} +bind_port = 7002 +workers = 4 + +[pipeline:main] +pipeline = recon account-server + +[app:account-server] +use = egg:swift#account + +[account-replicator] + +[account-auditor] + +[account-reaper] + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +account_recon = true diff --git a/ansible/roles/swift/templates/update/admin.yml b/ansible/roles/swift/templates/update/admin.yml new file mode 100644 index 0000000..8e6515c --- /dev/null +++ b/ansible/roles/swift/templates/update/admin.yml @@ -0,0 +1,19 @@ +--- +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +swift_user: admin +swift_tenant: admin +swift_password: {{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/update/admin_envfile b/ansible/roles/swift/templates/update/admin_envfile new file mode 100644 index 0000000..cf9ba16 --- /dev/null +++ b/ansible/roles/swift/templates/update/admin_envfile @@ -0,0 +1,18 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +export SWIFT_USER=admin +export SWIFT_TENANT=admin +export SWIFT_PASS={{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/update/container-server.conf b/ansible/roles/swift/templates/update/container-server.conf new file mode 100644 index 0000000..2214b85 --- /dev/null +++ b/ansible/roles/swift/templates/update/container-server.conf @@ -0,0 +1,38 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = {{ ansible_host }} +bind_port = 7001 +workers = 4 + +[pipeline:main] +pipeline = recon container-server + +[app:container-server] +use = egg:swift#container + +[container-replicator] + +[container-updater] + +[container-auditor] + +[container-sync] + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +container_recon = true diff --git a/ansible/roles/swift/templates/update/memcached b/ansible/roles/swift/templates/update/memcached new file mode 100644 index 0000000..f46f074 --- /dev/null +++ b/ansible/roles/swift/templates/update/memcached @@ -0,0 +1,20 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +PORT="11212" +USER="memcached" +MAXCONN="1024" +CACHESIZE="64" +OPTIONS="-l {{ ansible_host }}" diff --git a/ansible/roles/swift/templates/update/nginx.conf b/ansible/roles/swift/templates/update/nginx.conf new file mode 100644 index 0000000..204fded --- /dev/null +++ b/ansible/roles/swift/templates/update/nginx.conf @@ -0,0 +1,32 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +daemon off; +worker_processes auto; +error_log /dev/stderr; +pid /run/nginx.pid; +include /usr/share/nginx/modules/*.conf; +events { + worker_connections 1024; +} +stream { + server { + listen {{ caas.update_swift_port }} ssl; + ssl_certificate /etc/swift/tls-proxy/swift-update{{ nodeindex }}.pem; + ssl_certificate_key /etc/swift/tls-proxy/swift-update{{ nodeindex }}-key.pem; + proxy_pass 127.0.0.1:18091; + proxy_protocol on; + } +} diff --git a/ansible/roles/swift/templates/update/object-server.conf b/ansible/roles/swift/templates/update/object-server.conf new file mode 100644 index 0000000..d440c57 --- /dev/null +++ b/ansible/roles/swift/templates/update/object-server.conf @@ -0,0 +1,36 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = {{ ansible_host }} +bind_port = 7000 +workers = 4 + +[pipeline:main] +pipeline = recon object-server + +[app:object-server] +use = egg:swift#object + +[object-replicator] + +[object-updater] + +[object-auditor] + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +object_recon = true diff --git a/ansible/roles/swift/templates/update/proxy-server.conf b/ansible/roles/swift/templates/update/proxy-server.conf new file mode 100644 index 0000000..b54378e --- /dev/null +++ b/ansible/roles/swift/templates/update/proxy-server.conf @@ -0,0 +1,46 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[DEFAULT] +bind_ip = 127.0.0.1 +bind_port = 18091 +workers = 4 +user = swift + +[pipeline:main] +pipeline = healthcheck cache tempauth proxy-server + +[app:proxy-server] +use = egg:swift#proxy +allow_account_management = true +account_autocreate = true +require_proxy_protocol = true + +[filter:cache] +use = egg:swift#memcache +memcache_servers = {{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}:11212 + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:tempauth] +storage_url_scheme = https +use = egg:swift#tempauth +# user__ = +user_admin_admin = {{ swift_admin_pass }} .admin .reseller_admin +user_admin_registry = {{ swift_registry_pass }} .admin diff --git a/ansible/roles/swift/templates/update/registry_envfile b/ansible/roles/swift/templates/update/registry_envfile new file mode 100644 index 0000000..1ec550f --- /dev/null +++ b/ansible/roles/swift/templates/update/registry_envfile @@ -0,0 +1,19 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +export SWIFT_USER=registry +export SWIFT_TENANT=admin +export SWIFT_PASS={{ swift_registry_pass }} + diff --git a/ansible/roles/swift/templates/update/rsyncd.conf b/ansible/roles/swift/templates/update/rsyncd.conf new file mode 100644 index 0000000..921bb44 --- /dev/null +++ b/ansible/roles/swift/templates/update/rsyncd.conf @@ -0,0 +1,59 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +# /etc/rsyncd: configuration file for rsync daemon mode + +# See rsyncd.conf man page for more options. + +# configuration example: + +# uid = nobody +# gid = nobody +# use chroot = yes +# max connections = 4 +# pid file = /var/run/rsyncd.pid +# exclude = lost+found/ +# transfer logging = yes +# timeout = 900 +# ignore nonreadable = yes +# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 + +# [ftp] +# path = /home/ftp +# comment = ftp export area + +uid = swift +gid = swift +log file = /var/log/swift/rsyncd.log +pid file = /var/run/rsyncd/rsyncd.pid +address = {{ ansible_host }} + +[account] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/swift_locks/account.lock + +[container] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/swift_locks/container.lock + +[object] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/swift_locks/object.lock diff --git a/ansible/roles/swift/templates/update/supervisord.pid b/ansible/roles/swift/templates/update/supervisord.pid new file mode 100644 index 0000000..b2efd85 --- /dev/null +++ b/ansible/roles/swift/templates/update/supervisord.pid @@ -0,0 +1,16 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +10 diff --git a/ansible/roles/swift/templates/update/swift.conf b/ansible/roles/swift/templates/update/swift.conf new file mode 100644 index 0000000..1b5c09c --- /dev/null +++ b/ansible/roles/swift/templates/update/swift.conf @@ -0,0 +1,20 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +[swift-hash] +# random unique strings that can never change (DO NOT LOSE) +swift_hash_path_prefix = b97da6ab8ec7c25b +swift_hash_path_suffix = 37cadcd41f889807 + diff --git a/ansible/roles/swift/templates/update/swift_update.yml b/ansible/roles/swift/templates/update/swift_update.yml new file mode 100644 index 0000000..8f6f940 --- /dev/null +++ b/ansible/roles/swift/templates/update/swift_update.yml @@ -0,0 +1,72 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: swift-update + namespace: kube-system +spec: + selector: + matchLabels: + name: swift-update + template: + metadata: + labels: + name: swift-update + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + nodename: caas_master1 + securityContext: + runAsUser: {{ caas.uid.swift }} + containers: + - name: swift-update + image: {{ container_image_names | select('search', '/swift') | list | last }} + securityContext: + capabilities: + add: ["NET_BIND_SERVICE"] + args: + - BACKEND + resources: + limits: + memory: "4Gi" + requests: + memory: "1Gi" + env: + - name: "SWIFT_PART_POWER" + value: "7" + - name: "SWIFT_PART_HOUR" + value: "0" + - name: "SWIFT_DISK" + value: "swift" + - name: "SWIFT_REPLICAS" + value: "1" + - name: "SWIFT_OAM1_IP" + value: "{{ hostvars[groups.caas_master[0]]['networking']['infra_internal']['ip'] }}" + volumeMounts: + - name: config + mountPath: /etc/swift/ + - name: store + mountPath: /srv/node/swift + volumes: + - name: config + hostPath: + path: /etc/swift/update/ + - name: store + hostPath: + path: /srv/node/swift-update diff --git a/ansible/roles/swift/templates/update/swift_update_service.yml b/ansible/roles/swift/templates/update/swift_update_service.yml new file mode 100644 index 0000000..efbf583 --- /dev/null +++ b/ansible/roles/swift/templates/update/swift_update_service.yml @@ -0,0 +1,30 @@ +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: swift-update + name: swift-update + namespace: kube-system +spec: + ports: + - name: swift-update + port: {{ caas.update_swift_port }} + protocol: TCP + selector: + name: swift-update diff --git a/ansible/roles/swift/vars/main.yml b/ansible/roles/swift/vars/main.yml new file mode 100644 index 0000000..5bc6f5a --- /dev/null +++ b/ansible/roles/swift/vars/main.yml @@ -0,0 +1,17 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +swiftdisk: "{{ ansible_env.SWIFT_DISK | default('') }}" +swiftpartition: "{{ ansible_env.SWIFT_DISK | default('') }}1" diff --git a/docker-build/registry/Dockerfile b/docker-build/registry/Dockerfile new file mode 100644 index 0000000..80cc4dc --- /dev/null +++ b/docker-build/registry/Dockerfile @@ -0,0 +1,42 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM alpine:3.9 +MAINTAINER Balint Varga + +ARG REGISTRY +ENV REGISTRY_VERSION=$REGISTRY +ENV GOPATH /build +ENV PATH /usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +ENV DOCKER_BUILDTAGS include_oss include_gcs + +WORKDIR ${GOPATH}/src/github.com/docker/distribution +COPY common_scripts/wait-for-files /usr/bin/ +COPY mainstart.sh / + +RUN adduser -u 149 -D -H -s /sbin/nologin dockerreg \ +&& chmod +x /mainstart.sh /usr/bin/wait-for-files \ +\ +&& apk add --no-cache --virtual .build-deps build-base go godep git curl tar \ +&& curl -fsSL -k https://github.com/docker/distribution/archive/v${REGISTRY_VERSION}.tar.gz | tar zx --strip-components=1 \ +&& go get -d -v \ +&& make PREFIX=/build clean binaries \ +&& mv ${GOPATH}/src/github.com/docker/distribution/bin/registry /usr/bin/ \ +\ +&& apk del .build-deps \ +&& rm -rf /build + +WORKDIR / +ENTRYPOINT ["/mainstart.sh"] diff --git a/docker-build/registry/bom.json b/docker-build/registry/bom.json new file mode 100644 index 0000000..9def159 --- /dev/null +++ b/docker-build/registry/bom.json @@ -0,0 +1,184 @@ +{ + "bom": [ + { + "name": "alpine-linux-container", + "version": "3.9", + "source-url": "https://github.com/gliderlabs/docker-alpine/archive/c4f4c7a6e14d6efeb9a160da464717e03d2cc3ee.tar.gz", + "foss": "yes" + }, + { + "name": "musl", + "version": "1.1.20-r3", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/musl/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "busybox", + "version": "1.29.3-r10", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/busybox/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "alpine-baselayout", + "version": "3.1.0-r3", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "alpine-keys", + "version": "2.1-r1", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-keys/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "libcrypto1.1", + "version": "1.1.1a-r1", + "source-url": "https://git.alpinelinux.org/aports/tree/main/openssl/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "libssl1.1", + "version": "1.1.1a-r1", + "source-url": "https://git.alpinelinux.org/aports/tree/main/openssl/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "ca-certificates-cacert", + "version": "20190108-r0", + "source-url": "https://git.alpinelinux.org/aports/tree/main/ca-certificates/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "libtls-standalone", + "version": "2.7.4-r6", + "source-url": "https://git.alpinelinux.org/aports/tree/main/libtls-standalone/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "ssl_client", + "version": "1.29.3-r10", + "source-url": "https://git.alpinelinux.org/aports/tree/main/busybox/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "zlib", + "version": "1.2.11-r1", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/zlib/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "apk-tools", + "version": "2.10.3-r1", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/apk-tools/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "scanelf", + "version": "1.2.3-r0", + "source-url": "https://git.alpinelinux.org/aports/tree/main/pax-utils/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "musl-utils", + "version": "1.1.20-r3", + "source-url": "https://git.alpinelinux.org/aports/tree/main/musl/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "libc-utils", + "version": "0.7.1-r0", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/libc-dev/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "libbz2", + "version": "1.0.6-r6", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/bzip2/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "expat", + "version": "2.2.6-r0", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/expat/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "libffi", + "version": "3.2.1-r6", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/libffi/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "gdbm", + "version": "1.13-r1", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/gdbm/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "ncurses-terminfo-base", + "version": "6.1_p20190105-r0", + "source-url": "https://git.alpinelinux.org/aports/tree/main/ncurses/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "ncurses-terminfo", + "version": "6.1_p20190105-r0", + "source-url": "https://git.alpinelinux.org/aports/tree/main/ncurses/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "ncurses-libs", + "version": "6.1_p20190105-r0", + "source-url": "https://git.alpinelinux.org/aports/tree/main/ncurses/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "readline", + "version": "7.0.003-r1", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/readline/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "sqlite-libs", + "version": "3.26.0-r3", + "source-url": "https://git.alpinelinux.org/aports/tree/main/sqlite/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "python2", + "version": "2.7.15-r3", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/python2/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "py-setuptools", + "version": "40.6.3-r0", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/py-setuptools/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "py2-pip", + "version": "18.1-r0", + "source-url": "https://git.alpinelinux.org/cgit/aports/tree/main/py2-pip/APKBUILD?h=3.9-stable", + "foss": "yes" + }, + { + "name": "pip", + "version": "19.0.2", + "source-url": "https://github.com/pypa/pip/archive/19.0.2.tar.gz", + "foss": "yes" + }, + { + "name": "setuptools", + "version": "40.6.3.post20190116", + "source-url": "https://github.com/pypa/setuptools/archive/v40.6.3.tar.gz", + "foss": "yes" + }, + { + "name": "registry", + "version": "2.7.1", + "source-url": "https://github.com/docker/distribution/archive/v2.7.1.tar.gz", + "foss": "yes" + } + ] +} diff --git a/docker-build/registry/build-pip b/docker-build/registry/build-pip new file mode 100644 index 0000000..f0ecce3 --- /dev/null +++ b/docker-build/registry/build-pip @@ -0,0 +1,23 @@ +#!/bin/sh -e +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +mkdir -p ${GOPATH}/pip +cd ${GOPATH}/pip +for MOD in ${@} +do + get-package ${MOD} + python setup.py install + rm -rf * +done diff --git a/docker-build/registry/common_scripts/wait-for-files b/docker-build/registry/common_scripts/wait-for-files new file mode 100755 index 0000000..7d59ec3 --- /dev/null +++ b/docker-build/registry/common_scripts/wait-for-files @@ -0,0 +1,46 @@ +#!/bin/sh +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +file_names=$1 +retry_counter=${2:-12} +echo ${retry_counter} +I=0 +Err_Flag=1 + +while [ $Err_Flag -ne 0 ] && [ $I -lt ${retry_counter} ] +do + Err_Flag=0 + for i in ${file_names}; + do + if [ ! -e "${i}" ] + then + Err_Flag=$((Err_Flag+1)) + fi + done + if [ $Err_Flag -ne 0 ] + then + I=$((I+1)) + sleep 5 + fi +done + +if [ $I -ge ${retry_counter} ] +then + echo "WARNING: At least one of the following file not found: ${file_names} !" + echo "WARNING: Exiting!" + exit 1 +else + echo "INFO: ${file_names} files found." +fi diff --git a/docker-build/registry/mainstart.sh b/docker-build/registry/mainstart.sh new file mode 100644 index 0000000..769dd58 --- /dev/null +++ b/docker-build/registry/mainstart.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +file_names="${REGISTRY_CONFIG}" +/usr/bin/wait-for-files "${file_names}" +rc=$?; if [[ $rc != 0 ]]; then exit $rc; fi + +ip_addr=`ip -4 addr list ${INTERFACE_NAME} | awk '$1 ~ /^inet/ { sub("/.*", "", $2); print $2 }'`; +export REGISTRY_HTTP_ADDR=${ip_addr}:${REGISTRY_PORT} + +registry serve ${REGISTRY_CONFIG}; diff --git a/docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh b/docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh new file mode 100755 index 0000000..0965bd0 --- /dev/null +++ b/docker-build/registry/security-utils/set-nologin-shell-to-system-users.sh @@ -0,0 +1,76 @@ +#!/bin/sh +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +. $(dirname "$0")/utils.sh + +is_nologin_shell () { + shell=$1 + + set -- "/sbin/nologin" "/bin/sync" "/sbin/halt" "/sbin/shutdown" + for no_login_shell + do + if [ "$no_login_shell" = "$shell" ] + then + return 1; + fi + done + return 0; +} + +set_nologin_shell () { + account=$1 + + name=$(echo "$account" | cut -d: -f1) + uid=$(echo "$account" | cut -d: -f3) + gid=$(echo "$account" | cut -d: -f4) + gecos=$(echo "$account" | cut -d: -f5) + home_dir=$(echo "$account" | cut -d: -f6) + + del_user "$name" > /dev/null 2&>1 + group_name=$(get_group_name "$gid") + if [ -z $group_name ] + then + group_command="" + else + group_command="-G $group_name" + fi + adduser -D -h "$home_dir" -g "$gecos" -s /sbin/nologin $group_command -u "$uid" "$name" + +} + +main () { + while read -r account + do + name=$(echo "$account" | cut -d: -f1) + if [ "$name" = "root" ] + then + continue; + fi + + shell=$(echo "$account" | cut -d: -f7) + if is_nologin_shell "$shell" + then + set_nologin_shell "$account" + fi + done < /etc/passwd + + if [[ `ls -ld /root | awk '{print $3"\n"$4}' | grep -v root` ]] + then + chown root:root /root + fi + +} + +main diff --git a/docker-build/registry/security-utils/utils.sh b/docker-build/registry/security-utils/utils.sh new file mode 100755 index 0000000..f7f2405 --- /dev/null +++ b/docker-build/registry/security-utils/utils.sh @@ -0,0 +1,43 @@ +#!/bin/sh +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +del_user () { + if command -v userdel + then + userdel "$1" + else + deluser "$1" + fi +} + +del_group () { + if command -v groupdel + then + groupdel "$1" + else + delgroup "$1" + fi +} + +get_group_name () { + while read -r group_info + do + gid=$(echo $group_info | cut -d: -f3) + if [ "$gid" = "$1" ] + then + echo $(echo "$group_info" | cut -d: -f1); + fi + done < /etc/group +} diff --git a/docker-build/swift/Dockerfile b/docker-build/swift/Dockerfile new file mode 100644 index 0000000..4233618 --- /dev/null +++ b/docker-build/swift/Dockerfile @@ -0,0 +1,161 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM centos:7.6.1810 +MAINTAINER Balint Varga + +ARG SWIFT +ENV SWIFT_VERSION=$SWIFT +ENV GOPATH /build +ENV PATH /usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +COPY get-package build-pip common_scripts/wait-for-files /usr/bin/ +COPY nginx.repo /etc/yum.repos.d/ + +RUN yum remove -y subscription-manager \ + && yum -y install \ + tar \ + bzip2 \ + python27-python-pip \ + && yum clean all \ + && mkdir -p ${GOPATH} \ + && chmod 755 /usr/bin/build-pip /usr/bin/get-package /usr/bin/wait-for-files \ + && echo "console" > /etc/securetty \ + && chmod 400 /etc/shadow \ + && chmod 700 /root + +COPY supervisord.conf /etc/supervisord.conf +COPY mainstart.sh /usr/bin/mainstart.sh +COPY healthchecker.sh /usr/bin/healthchecker.sh +COPY source-list.txt ${GOPATH}/ + +RUN useradd -u 146 -s /sbin/nologin swift \ +&& mkdir -p /var/run/rsyncd \ +&& chown -R swift:swift /var/run/rsyncd \ +&& mkdir -p /var/lock/swift_locks \ +&& chown -R swift:swift /var/lock/swift_locks \ +&& mkdir -p /var/log/swift \ +&& chown -R swift:swift /var/log/swift \ +&& chmod 644 ${GOPATH}/source-list.txt \ +&& yum install -y --setopt=skip_missing_names_on_install=False \ + gcc \ + make \ + autoconf \ + memcached \ + rsync \ + automake \ + libtool \ + libffi \ + libffi-devel \ + python-devel \ + openssl-devel \ + libxml2-devel \ + libxslt-devel \ + nginx \ + +# prepare nginx service +&& touch /run/nginx.pid \ +&& chown -R swift:swift /var/lib/nginx /var/log/nginx /run/nginx.pid \ + +# liberasurecode +&& mkdir ${GOPATH}/liberasurecode \ +&& cd ${GOPATH}/liberasurecode \ +&& get-package liberasurecode \ +&& ./autogen.sh \ +&& ./configure \ +&& make -j$(nproc) \ +&& make install \ + +# gf-complete +&& mkdir ${GOPATH}/gf-complete \ +&& cd ${GOPATH}/gf-complete \ +&& get-package gf-complete \ +&& autoreconf --force --install \ +&& ./configure \ +&& make -j$(nproc) \ +&& make install \ + +# jerasure +&& mkdir ${GOPATH}/Jerasure \ +&& cd ${GOPATH}/Jerasure \ +&& get-package Jerasure \ +&& autoreconf --force --install \ +&& ./configure LDFLAGS=-L${GOPATH}/other/gf-complete/src/.libs/ CPPFLAGS=-I${GOPATH}/other/gf-complete/include ax_cv_gcc_x86_cpuid_0x00000001=0 \ +&& make -j$(nproc) \ +&& make install \ + +# nasm +&& mkdir ${GOPATH}/nasm \ +&& cd ${GOPATH}/nasm \ +&& get-package nasm \ +&& ./configure \ +&& make -j$(nproc) \ +&& make install \ + +# isa-l +&& mkdir ${GOPATH}/isa-l \ +&& cd ${GOPATH}/isa-l \ +&& get-package isa-l \ +&& ./autogen.sh \ +&& ./configure \ +&& make -j$(nproc) \ +&& make install \ + +# setuptools +&& mkdir ${GOPATH}/setuptools \ +&& get-package python-setuptools \ +&& python bootstrap.py \ +&& python setup.py install \ +&& cd ${GOPATH} \ + +# workaround, because the new chardet python package can't override the old one correctly +&& curl -fsSL -k https://bootstrap.pypa.io/get-pip.py -o get-pip.py \ +&& python get-pip.py \ +&& pip uninstall -y chardet \ + +# python dependencies +&& build-pip python-enum-compat python-eventlet python-dnspython python-greenlet python-netifaces python-pastedeploy python-six \ +python-pycparser python-cffi python-xattr \ +python-idna python-enum34 python-ipaddress python-cryptography \ +python-PyECLib python-supervisor python-supervisor-stdout \ +python-lxml python-chardet python-requests \ + +# swift +&& mkdir -p ${GOPATH}/pip \ +&& cd ${GOPATH}/pip \ +&& curl -fsSL -k https://tarballs.openstack.org/swift/swift-${SWIFT_VERSION}.tar.gz | tar zx --strip-components=1 -C ${GOPATH}/pip/ \ +&& python setup.py install \ +&& rm -rf ${GOPATH}/pip/* \ + +# register the library path +&& echo '/usr/local/lib' > /etc/ld.so.conf \ +&& ldconfig \ + +# rights +&& chmod +x /usr/bin/mainstart.sh \ +&& mkdir -p /var/swift/recon \ +&& mkdir -p /var/cache/swift \ +&& mkdir /var/run/supervisor \ +&& chown -R swift /var/swift/recon \ +&& chown -R swift /var/cache/swift \ +&& chown -R swift /var/run/supervisor \ + +# cleaning +&& yum --setopt=tsflags=noscripts remove -y gcc libffi-devel autoconf automake libtool python-devel openssl-devel \ +&& yum clean all \ +&& rm -rf /etc/yum.repos.d/luxembourg.repo \ +&& rm -rf ${GOPATH} \ +&& setcap 'cap_net_bind_service=+ep' /usr/bin/rsync + +ENTRYPOINT ["/usr/bin/mainstart.sh"] diff --git a/docker-build/swift/bom.json b/docker-build/swift/bom.json new file mode 100644 index 0000000..e84dd2b --- /dev/null +++ b/docker-build/swift/bom.json @@ -0,0 +1,1624 @@ +{ + "bom": [ + { + "name": "centos-linux-container", + "version": "7.6.1810", + "source-url": "https://github.com/CentOS/sig-cloud-instance-images/archive/7c2e214edced0b2f22e663ab4175a80fc93acaa9.tar.gz", + "foss": "yes" + }, + { + "name": "GeoIP.x86_64", + "version": "1.5.0-13.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/GeoIP-1.5.0-13.el7.src.rpm", + "foss": "yes" + }, + { + "name": "acl.x86_64", + "version": "2.2.51-14.el7", + "source-url": "purkki.dynamic.nsn-net.net/mirrors/centos/snapshot/20181003/7/os/Source/SPackages/acl-2.2.51-14.el7.src.rpm", + "foss": "yes" + }, + { + "name": "audit-libs.x86_64", + "version": "2.8.4-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/audit-2.8.4-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "basesystem.noarch", + "version": "10.0-7.el7.centos", + "source-url": "http://purkki.dynamic.nsn-net.net/mirrors/centos/snapshot/20181003/7/os/Source/SPackages/basesystem-10.0-7.el7.centos.src.rpm", + "foss": "yes" + }, + { + "name": "bash.x86_64", + "version": "4.2.46-31.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/bash-4.2.46-31.el7.src.rpm", + "foss": "yes" + }, + { + "name": "bind-license.noarch", + "version": "32:9.9.4-72.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/bind-9.9.4-72.el7.src.rpm", + "foss": "yes" + }, + { + "name": "binutils.x86_64", + "version": "2.27-34.base.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/binutils-2.27-34.base.el7.src.rpm", + "foss": "yes" + }, + { + "name": "bzip2.x86_64", + "version": "1.0.6-13.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/bzip2-1.0.6-13.el7.src.rpm", + "foss": "yes" + }, + { + "name": "bzip2-libs.x86_64", + "version": "1.0.6-13.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/bzip2-1.0.6-13.el7.src.rpm", + "foss": "yes" + }, + { + "name": "ca-certificates.noarch", + "version": "2018.2.22-70.0.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/ca-certificates-2018.2.22-70.0.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "centos-release.x86_64", + "version": "7-6.1810.2.el7.centos", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/centos-release-7-6.1810.2.el7.centos.src.rpm", + "foss": "yes" + }, + { + "name": "chkconfig.x86_64", + "version": "1.7.4-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/chkconfig-1.7.4-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "coreutils.x86_64", + "version": "8.22-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/coreutils-8.22-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "cpio.x86_64", + "version": "2.11-27.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/cpio-2.11-27.el7.src.rpm", + "foss": "yes" + }, + { + "name": "cpp.x86_64", + "version": "4.8.5-36.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gcc-4.8.5-36.el7.src.rpm", + "foss": "yes" + }, + { + "name": "cracklib.x86_64", + "version": "2.9.0-11.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/cracklib-2.9.0-11.el7.src.rpm", + "foss": "yes" + }, + { + "name": "cracklib-dicts.x86_64", + "version": "2.9.0-11.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/cracklib-2.9.0-11.el7.src.rpm", + "foss": "yes" + }, + { + "name": "cryptsetup-libs.x86_64", + "version": "2.0.3-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/cryptsetup-2.0.3-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "curl.x86_64", + "version": "7.29.0-51.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/curl-7.29.0-51.el7.src.rpm", + "foss": "yes" + }, + { + "name": "cyrus-sasl-lib.x86_64", + "version": "2.1.26-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/cyrus-sasl-2.1.26-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dbus.x86_64", + "version": "1:1.10.24-12.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dbus-1.10.24-12.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dbus-glib.x86_64", + "version": "0.100-7.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dbus-glib-0.100-7.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dbus-libs.x86_64", + "version": "1:1.10.24-12.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dbus-1.10.24-12.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dbus-python.x86_64", + "version": "1.1.1-9.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dbus-python-1.1.1-9.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dejavu-fonts-common.noarch", + "version": "2.33-6.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dejavu-fonts-2.33-6.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dejavu-sans-fonts.noarch", + "version": "2.33-6.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dejavu-fonts-2.33-6.el7.src.rpm", + "foss": "yes" + }, + { + "name": "device-mapper.x86_64", + "version": "7:1.02.149-8.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/lvm2-2.02.180-8.el7.src.rpm", + "foss": "yes" + }, + { + "name": "device-mapper-libs.x86_64", + "version": "7:1.02.149-8.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/lvm2-2.02.180-8.el7.src.rpm", + "foss": "yes" + }, + { + "name": "diffutils.x86_64", + "version": "3.3-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/diffutils-3.3-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "dracut.x86_64", + "version": "033-554.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/dracut-033-554.el7.src.rpm", + "foss": "yes" + }, + { + "name": "elfutils-default-yama-scope.noarch", + "version": "0.172-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/elfutils-0.172-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "elfutils-libelf.x86_64", + "version": "0.172-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/elfutils-0.172-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "elfutils-libs.x86_64", + "version": "0.172-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/elfutils-0.172-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "expat.x86_64", + "version": "2.1.0-10.el7_3", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/expat-2.1.0-10.el7_3.src.rpm", + "foss": "yes" + }, + { + "name": "file-libs.x86_64", + "version": "5.11-35.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/file-5.11-35.el7.src.rpm", + "foss": "yes" + }, + { + "name": "filesystem.x86_64", + "version": "3.2-25.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/filesystem-3.2-25.el7.src.rpm", + "foss": "yes" + }, + { + "name": "findutils.x86_64", + "version": "1:4.5.11-6.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/findutils-4.5.11-6.el7.src.rpm", + "foss": "yes" + }, + { + "name": "fontconfig.x86_64", + "version": "2.13.0-4.3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/fontconfig-2.13.0-4.3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "fontpackages-filesystem.noarch", + "version": "1.44-8.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/fontpackages-1.44-8.el7.src.rpm", + "foss": "yes" + }, + { + "name": "freetype.x86_64", + "version": "2.8-12.el7_6.1", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/freetype-2.8-12.el7.src.rpm", + "foss": "yes" + }, + { + "name": "gawk.x86_64", + "version": "4.0.2-4.el7_3.1", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gawk-4.0.2-4.el7_3.1.src.rpm", + "foss": "yes" + }, + { + "name": "gd.x86_64", + "version": "2.0.35-26.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gd-2.0.35-26.el7.src.rpm", + "foss": "yes" + }, + { + "name": "gdbm.x86_64", + "version": "1.10-8.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gdbm-1.10-8.el7.src.rpm", + "foss": "yes" + }, + { + "name": "glib2.x86_64", + "version": "2.56.1-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/glib2-2.56.1-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "glibc.x86_64", + "version": "2.17-260.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/glibc-2.17-260.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "glibc-common.x86_64", + "version": "2.17-260.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/glibc-2.17-260.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "glibc-devel.x86_64", + "version": "2.17-260.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/glibc-2.17-260.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "glibc-headers.x86_64", + "version": "2.17-260.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/glibc-2.17-260.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "gmp.x86_64", + "version": "1:6.0.0-15.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gmp-6.0.0-15.el7.src.rpm", + "foss": "yes" + }, + { + "name": "gnupg2.x86_64", + "version": "2.0.22-5.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gnupg2-2.0.22-5.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "gobject-introspection.x86_64", + "version": "1.56.1-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gobject-introspection-1.56.1-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "gperftools-libs.x86_64", + "version": "2.6.1-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gperftools-2.6.1-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "gpgme.x86_64", + "version": "1.3.2-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gpgme-1.3.2-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "grep.x86_64", + "version": "2.20-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/grep-2.20-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "groff-base.x86_64", + "version": "1.22.2-8.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/groff-1.22.2-8.el7.src.rpm", + "foss": "yes" + }, + { + "name": "gzip.x86_64", + "version": "1.5-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gzip-1.5-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "hardlink.x86_64", + "version": "1:1.0-19.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/hardlink-1.0-19.el7.src.rpm", + "foss": "yes" + }, + { + "name": "hostname.x86_64", + "version": "3.13-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/hostname-3.13-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "info.x86_64", + "version": "5.1-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/texinfo-5.1-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "iputils.x86_64", + "version": "20160308-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/iputils-20160308-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "json-c.x86_64", + "version": "0.11-4.el7_0", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/json-c-0.11-4.el7_0.src.rpm", + "foss": "yes" + }, + { + "name": "kernel-headers.x86_64", + "version": "3.10.0-957.5.1.el7", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/kernel-3.10.0-957.5.1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "keyutils-libs.x86_64", + "version": "1.5.8-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/keyutils-1.5.8-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "keyutils-libs-devel.x86_64", + "version": "1.5.8-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/keyutils-1.5.8-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "kmod.x86_64", + "version": "20-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/kmod-20-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "kmod-libs.x86_64", + "version": "20-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/kmod-20-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "kpartx.x86_64", + "version": "0.4.9-123.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/device-mapper-multipath-0.4.9-123.el7.src.rpm", + "foss": "yes" + }, + { + "name": "krb5-devel.x86_64", + "version": "1.15.1-37.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/krb5-1.15.1-37.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "krb5-libs.x86_64", + "version": "1.15.1-37.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/krb5-1.15.1-37.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "libX11.x86_64", + "version": "1.6.5-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libX11-1.6.5-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libX11-common.noarch", + "version": "1.6.5-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libX11-1.6.5-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libXau.x86_64", + "version": "1.0.8-2.1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libXau-1.0.8-2.1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libXpm.x86_64", + "version": "3.5.12-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libXpm-3.5.12-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libacl.x86_64", + "version": "2.2.51-14.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/acl-2.2.51-14.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libassuan.x86_64", + "version": "2.1.0-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libassuan-2.1.0-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libattr.x86_64", + "version": "2.4.46-13.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/attr-2.4.46-13.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libblkid.x86_64", + "version": "2.23.2-59.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/util-linux-2.23.2-59.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libcap.x86_64", + "version": "2.22-9.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libcap-2.22-9.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libcap-ng.x86_64", + "version": "0.7.5-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libcap-ng-0.7.5-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libcom_err.x86_64", + "version": "1.42.9-13.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/e2fsprogs-1.42.9-13.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libcom_err-devel.x86_64", + "version": "1.42.9-13.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/e2fsprogs-1.42.9-13.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libcurl.x86_64", + "version": "7.29.0-51.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/curl-7.29.0-51.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libdb.x86_64", + "version": "5.3.21-24.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libdb-5.3.21-24.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libdb-utils.x86_64", + "version": "5.3.21-24.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libdb-5.3.21-24.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libevent.x86_64", + "version": "2.0.21-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libevent-2.0.21-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libffi.x86_64", + "version": "3.0.13-18.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libffi-3.0.13-18.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libgcc.x86_64", + "version": "4.8.5-36.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gcc-4.8.5-36.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libgcrypt.x86_64", + "version": "1.5.3-14.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libgcrypt-1.5.3-14.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libgcrypt-devel.x86_64", + "version": "1.5.3-14.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libgcrypt-1.5.3-14.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libgomp.x86_64", + "version": "4.8.5-36.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gcc-4.8.5-36.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libgpg-error.x86_64", + "version": "1.12-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libgpg-error-1.12-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libgpg-error-devel.x86_64", + "version": "1.12-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libgpg-error-1.12-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libidn.x86_64", + "version": "1.28-4.el7", + "source-url": "entos.org/7.6.1810/os/Source/SPackages/libidn-1.28-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libjpeg-turbo.x86_64", + "version": "1.2.90-6.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libjpeg-turbo-1.2.90-6.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libkadm5.x86_64", + "version": "1.15.1-37.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/krb5-1.15.1-37.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "libmount.x86_64", + "version": "2.23.2-59.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/util-linux-2.23.2-59.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libmpc.x86_64", + "version": "1.0.1-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libmpc-1.0.1-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libpng.x86_64", + "version": "2:1.5.13-7.el7_2", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libpng-1.5.13-7.el7_2.src.rpm", + "foss": "yes" + }, + { + "name": "libpwquality.x86_64", + "version": "1.2.3-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libpwquality-1.2.3-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libselinux.x86_64", + "version": "2.5-14.1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libselinux-2.5-14.1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libselinux-devel.x86_64", + "version": "2.5-14.1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libselinux-2.5-14.1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libsemanage.x86_64", + "version": "2.5-14.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libsemanage-2.5-14.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libsepol.x86_64", + "version": "2.5-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libsepol-2.5-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libsepol-devel.x86_64", + "version": "2.5-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libsepol-2.5-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libsmartcols.x86_64", + "version": "2.23.2-59.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/util-linux-2.23.2-59.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libssh2.x86_64", + "version": "1.4.3-12.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libssh2-1.4.3-12.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libstdc++.x86_64", + "version": "4.8.5-36.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/gcc-4.8.5-36.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libtasn1.x86_64", + "version": "4.10-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libtasn1-4.10-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libuser.x86_64", + "version": "0.60-9.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libuser-0.60-9.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libutempter.x86_64", + "version": "1.1.6-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libutempter-1.1.6-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libuuid.x86_64", + "version": "2.23.2-59.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/util-linux-2.23.2-59.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libverto.x86_64", + "version": "0.2.5-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libverto-0.2.5-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libverto-devel.x86_64", + "version": "0.2.5-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libverto-0.2.5-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libxcb.x86_64", + "version": "1.13-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libxcb-1.13-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libxml2.x86_64", + "version": "2.9.1-6.el7_2.3", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libxml2-2.9.1-6.el7_2.3.src.rpm", + "foss": "yes" + }, + { + "name": "libxml2-devel.x86_64", + "version": "2.9.1-6.el7_2.3", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libxml2-2.9.1-6.el7_2.3.src.rpm", + "foss": "yes" + }, + { + "name": "libxml2-python.x86_64", + "version": "2.9.1-6.el7_2.3", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libxml2-2.9.1-6.el7_2.3.src.rpm", + "foss": "yes" + }, + { + "name": "libxslt.x86_64", + "version": "1.1.28-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libxslt-1.1.28-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "libxslt-devel.x86_64", + "version": "1.1.28-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/libxslt-1.1.28-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "lua.x86_64", + "version": "5.1.4-15.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/lua-5.1.4-15.el7.src.rpm", + "foss": "yes" + }, + { + "name": "lz4.x86_64", + "version": "1.7.5-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/lz4-1.7.5-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "m4.x86_64", + "version": "1.4.16-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/m4-1.4.16-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "make.x86_64", + "version": "1:3.82-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/make-3.82-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "memcached.x86_64", + "version": "1.4.15-10.el7_3.1", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/memcached-1.4.15-10.el7_3.1.src.rpm", + "foss": "yes" + }, + { + "name": "mpfr.x86_64", + "version": "3.1.1-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/mpfr-3.1.1-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "ncurses.x86_64", + "version": "5.9-14.20130511.el7_4", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/ncurses-5.9-14.20130511.el7_4.src.rpm", + "foss": "yes" + }, + { + "name": "ncurses-base.noarch", + "version": "5.9-14.20130511.el7_4", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/ncurses-5.9-14.20130511.el7_4.src.rpm", + "foss": "yes" + }, + { + "name": "ncurses-libs.x86_64", + "version": "5.9-14.20130511.el7_4", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/ncurses-5.9-14.20130511.el7_4.src.rpm", + "foss": "yes" + }, + { + "name": "nginx.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-all-modules.noarch", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-filesystem.noarch", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-mod-http-geoip.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-mod-http-image-filter.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-mod-http-perl.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-mod-http-xslt-filter.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-mod-mail.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nginx-mod-stream.x86_64", + "version": "1:1.12.2-2.el7", + "source-url": "https://download-ib01.fedoraproject.org/pub/epel/7/SRPMS/Packages/n/nginx-1.12.2-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nspr.x86_64", + "version": "4.19.0-1.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nspr-4.19.0-1.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "nss.x86_64", + "version": "3.36.0-7.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-3.36.0-7.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "nss-pem.x86_64", + "version": "1.0.3-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-pem-1.0.3-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "nss-softokn.x86_64", + "version": "3.36.0-5.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-softokn-3.36.0-5.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "nss-softokn-freebl.x86_64", + "version": "3.36.0-5.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-softokn-3.36.0-5.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "nss-sysinit.x86_64", + "version": "3.36.0-7.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-softokn-3.36.0-5.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "nss-tools.x86_64", + "version": "3.36.0-7.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-softokn-3.36.0-5.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "nss-util.x86_64", + "version": "3.36.0-1.el7_5", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/nss-softokn-3.36.0-5.el7_5.src.rpm", + "foss": "yes" + }, + { + "name": "openldap.x86_64", + "version": "2.4.44-20.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/openldap-2.4.44-20.el7.src.rpm", + "foss": "yes" + }, + { + "name": "openssl.x86_64", + "version": "1:1.0.2k-16.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/openssl-1.0.2k-16.el7.src.rpm", + "foss": "yes" + }, + { + "name": "openssl-libs.x86_64", + "version": "1:1.0.2k-16.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/openssl-1.0.2k-16.el7.src.rpm", + "foss": "yes" + }, + { + "name": "p11-kit.x86_64", + "version": "0.23.5-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/p11-kit-0.23.5-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "p11-kit-trust.x86_64", + "version": "0.23.5-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/p11-kit-0.23.5-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pam.x86_64", + "version": "1.1.8-22.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pam-1.1.8-22.el7.src.rpm", + "foss": "yes" + }, + { + "name": "passwd.x86_64", + "version": "0.79-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/passwd-0.79-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pcre.x86_64", + "version": "8.32-17.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pcre-8.32-17.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pcre-devel.x86_64", + "version": "8.32-17.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pcre-8.32-17.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl.x86_64", + "version": "4:5.16.3-294.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/perl-5.16.3-294.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Carp.noarch", + "version": "1.26-244.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Carp-1.26-244.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Data-Dumper.x86_64", + "version": "2.145-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Data-Dumper-2.145-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Encode.x86_64", + "version": "2.51-7.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Encode-2.51-7.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Exporter.noarch", + "version": "5.68-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Exporter-5.68-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-File-Path.noarch", + "version": "2.09-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-File-Path-2.09-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-File-Temp.noarch", + "version": "0.23.01-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-File-Temp-0.23.01-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Filter.x86_64", + "version": "1.49-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Filter-1.49-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Getopt-Long.noarch", + "version": "2.40-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Getopt-Long-2.40-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-HTTP-Tiny.noarch", + "version": "0.033-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-HTTP-Tiny-0.033-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-PathTools.x86_64", + "version": "3.40-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-PathTools-3.40-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Pod-Escapes.noarch", + "version": "1:1.04-294.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/perl-5.16.3-294.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Pod-Perldoc.noarch", + "version": "3.20-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Pod-Perldoc-3.20-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Pod-Simple.noarch", + "version": "1:3.28-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Pod-Simple-3.28-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Pod-Usage.noarch", + "version": "1.63-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Pod-Usage-1.63-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Scalar-List-Utils.x86_64", + "version": "1.27-248.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Scalar-List-Utils-1.27-248.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Socket.x86_64", + "version": "2.010-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Socket-2.010-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Storable.x86_64", + "version": "2.45-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Storable-2.45-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Test-Harness.noarch", + "version": "3.28-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Test-Harness-3.28-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Text-ParseWords.noarch", + "version": "3.29-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Text-ParseWords-3.29-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Thread-Queue.noarch", + "version": "3.02-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Thread-Queue-3.02-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Time-HiRes.x86_64", + "version": "4:1.9725-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Time-HiRes-1.9725-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-Time-Local.noarch", + "version": "1.2300-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-Time-Local-1.2300-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-constant.noarch", + "version": "1.27-2.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-constant-1.27-2.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-libs.x86_64", + "version": "4:5.16.3-294.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/perl-5.16.3-294.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "perl-macros.x86_64", + "version": "4:5.16.3-294.el7_6", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/perl-5.16.3-294.el7_6.src.rpm", + "foss": "yes" + }, + { + "name": "perl-parent.noarch", + "version": "1:0.225-244.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-parent-0.225-244.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-podlators.noarch", + "version": "2.5.1-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-podlators-2.5.1-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-threads.x86_64", + "version": "1.87-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-threads-1.87-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "perl-threads-shared.x86_64", + "version": "1.43-6.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/perl-threads-shared-1.43-6.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pinentry.x86_64", + "version": "0.8.1-17.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pinentry-0.8.1-17.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pkgconfig.x86_64", + "version": "1:0.27.1-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pkgconfig-0.27.1-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "popt.x86_64", + "version": "1.13-16.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/popt-1.13-16.el7.src.rpm", + "foss": "yes" + }, + { + "name": "procps-ng.x86_64", + "version": "3.3.10-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/procps-ng-3.3.10-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pth.x86_64", + "version": "2.0.7-23.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pth-2.0.7-23.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pygpgme.x86_64", + "version": "0.3-9.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pygpgme-0.3-9.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pyliblzma.x86_64", + "version": "0.5.3-11.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pyliblzma-0.5.3-11.el7.src.rpm", + "foss": "yes" + }, + { + "name": "python.x86_64", + "version": "2.7.5-76.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-2.7.5-76.el7.src.rpm", + "foss": "yes" + }, + { + "name": "python-chardet.noarch", + "version": "2.2.1-1.el7_1", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-chardet-2.2.1-1.el7_1.src.rpm", + "foss": "yes" + }, + { + "name": "python-gobject-base.x86_64", + "version": "3.22.0-1.el7_4.1", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pygobject3-3.22.0-1.el7_4.1.src.rpm", + "foss": "yes" + }, + { + "name": "python-iniparse.noarch", + "version": "0.4-9.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-iniparse-0.4-9.el7.src.rpm", + "foss": "yes" + }, + { + "name": "python-kitchen.noarch", + "version": "1.1.1-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-kitchen-1.1.1-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "python-libs.x86_64", + "version": "2.7.5-76.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-2.7.5-76.el7.src.rpm", + "foss": "yes" + }, + { + "name": "python-pycurl.x86_64", + "version": "7.19.0-19.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-pycurl-7.19.0-19.el7.src.rpm", + "foss": "yes" + }, + { + "name": "python-urlgrabber.noarch", + "version": "3.10-9.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/python-urlgrabber-3.10-9.el7.src.rpm", + "foss": "yes" + }, + { + "name": "pyxattr.x86_64", + "version": "0.5.1-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/pyxattr-0.5.1-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "qrencode-libs.x86_64", + "version": "3.4.1-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/qrencode-3.4.1-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "readline.x86_64", + "version": "6.2-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/readline-6.2-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "rootfiles.noarch", + "version": "8.1-11.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/rootfiles-8.1-11.el7.src.rpm", + "foss": "yes" + }, + { + "name": "rpm.x86_64", + "version": "4.11.3-35.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/rpm-4.11.3-35.el7.src.rpm", + "foss": "yes" + }, + { + "name": "rpm-build-libs.x86_64", + "version": "4.11.3-35.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/rpm-4.11.3-35.el7.src.rpm", + "foss": "yes" + }, + { + "name": "rpm-libs.x86_64", + "version": "4.11.3-35.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/rpm-4.11.3-35.el7.src.rpm", + "foss": "yes" + }, + { + "name": "rpm-python.x86_64", + "version": "4.11.3-35.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/rpm-4.11.3-35.el7.src.rpm", + "foss": "yes" + }, + { + "name": "rsync.x86_64", + "version": "3.1.2-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/rsync-3.1.2-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "sed.x86_64", + "version": "4.2.2-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/sed-4.2.2-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "setup.noarch", + "version": "2.8.71-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/setup-2.8.71-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "shadow-utils.x86_64", + "version": "2:4.1.5.1-25.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/shadow-utils-4.1.5.1-25.el7.src.rpm", + "foss": "yes" + }, + { + "name": "shared-mime-info.x86_64", + "version": "1.8-4.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/shared-mime-info-1.8-4.el7.src.rpm", + "foss": "yes" + }, + { + "name": "sqlite.x86_64", + "version": "3.7.17-8.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/sqlite-3.7.17-8.el7.src.rpm", + "foss": "yes" + }, + { + "name": "systemd.x86_64", + "version": "219-62.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/systemd-219-62.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "systemd-libs.x86_64", + "version": "219-62.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/systemd-219-62.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "systemd-sysv.x86_64", + "version": "219-62.el7_6.3", + "source-url": "vault.centos.org/7.6.1810/updates/Source/SPackages/systemd-219-62.el7_6.3.src.rpm", + "foss": "yes" + }, + { + "name": "tar.x86_64", + "version": "2:1.26-35.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/tar-1.26-35.el7.src.rpm", + "foss": "yes" + }, + { + "name": "tzdata.noarch", + "version": "2018e-3.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/tzdata-2018e-3.el7.src.rpm", + "foss": "yes" + }, + { + "name": "ustr.x86_64", + "version": "1.0.4-16.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/ustr-1.0.4-16.el7.src.rpm", + "foss": "yes" + }, + { + "name": "util-linux.x86_64", + "version": "2.23.2-59.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/util-linux-2.23.2-59.el7.src.rpm", + "foss": "yes" + }, + { + "name": "vim-minimal.x86_64", + "version": "2:7.4.160-5.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/vim-7.4.160-5.el7.src.rpm", + "foss": "yes" + }, + { + "name": "xz.x86_64", + "version": "5.2.2-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/xz-5.2.2-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "xz-devel.x86_64", + "version": "5.2.2-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/xz-5.2.2-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "xz-libs.x86_64", + "version": "5.2.2-1.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/xz-5.2.2-1.el7.src.rpm", + "foss": "yes" + }, + { + "name": "yum.noarch", + "version": "3.4.3-161.el7.centos", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/yum-3.4.3-161.el7.centos.src.rpm", + "foss": "yes" + }, + { + "name": "yum-metadata-parser.x86_64", + "version": "1.1.4-10.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/yum-metadata-parser-1.1.4-10.el7.src.rpm", + "foss": "yes" + }, + { + "name": "yum-plugin-fastestmirror.noarch", + "version": "1.1.31-50.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/yum-utils-1.1.31-50.el7.src.rpm", + "foss": "yes" + }, + { + "name": "yum-plugin-ovl.noarch", + "version": "1.1.31-50.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/yum-utils-1.1.31-50.el7.src.rpm", + "foss": "yes" + }, + { + "name": "yum-utils.noarch", + "version": "1.1.31-50.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/yum-utils-1.1.31-50.el7.src.rpm", + "foss": "yes" + }, + { + "name": "zlib.x86_64", + "version": "1.2.7-18.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/zlib-1.2.7-18.el7.src.rpm", + "foss": "yes" + }, + { + "name": "zlib-devel.x86_64", + "version": "1.2.7-18.el7", + "source-url": "vault.centos.org/7.6.1810/os/Source/SPackages/zlib-1.2.7-18.el7.src.rpm", + "foss": "yes" + }, + { + "name": "asn1crypto", + "version": "0.24.0", + "source-url": "https://github.com/wbond/asn1crypto/archive/0.24.0.tar.gz", + "foss": "yes" + }, + { + "name": "certifi", + "version": "2018.11.29", + "source-url": "https://github.com/certifi/python-certifi/archive/2018.11.29.tar.gz", + "foss": "yes" + }, + { + "name": "cffi", + "version": "1.11.5", + "source-url": "https://bitbucket.org/cffi/cffi/get/v1.11.5.tar.gz", + "foss": "yes" + }, + { + "name": "chardet", + "version": "3.0.4", + "source-url": "https://github.com/chardet/chardet/archive/3.0.4.tar.gz", + "foss": "yes" + }, + { + "name": "cryptography", + "version": "2.3.1", + "source-url": "https://github.com/pyca/cryptography/archive/2.3.1.tar.gz", + "foss": "yes" + }, + { + "name": "dnspython", + "version": "1.15.0", + "source-url": "https://github.com/rthalley/dnspython/archive/v1.15.0.tar.gz", + "foss": "yes" + }, + { + "name": "enum-compat", + "version": "0.0.2", + "source-url": "https://github.com/jstasiak/enum-compat/archive/0.0.2.tar.gz", + "foss": "yes" + }, + { + "name": "enum34", + "version": "1.1.6", + "source-url": "https://bitbucket.org/stoneleaf/enum34/get/1.1.6.tar.gz", + "foss": "yes" + }, + { + "name": "eventlet", + "version": "0.24.0", + "source-url": "https://github.com/eventlet/eventlet/archive/v0.24.0.tar.gz", + "foss": "yes" + }, + { + "name": "greenlet", + "version": "0.4.14", + "source-url": "https://github.com/python-greenlet/greenlet/archive/0.4.14.tar.gz", + "foss": "yes" + }, + { + "name": "idna", + "version": "2.7", + "source-url": "https://github.com/kjd/idna/archive/v2.7.tar.gz", + "foss": "yes" + }, + { + "name": "iniparse", + "version": "0.4", + "source-url": "https://github.com/candlepin/python-iniparse/archive/f296cbfe4fd46f000734275fd11bb8a59d8aae72.tar.gz", + "foss": "yes" + }, + { + "name": "ipaddress", + "version": "1.0.22", + "source-url": "https://github.com/phihag/ipaddress/archive/v1.0.22.tar.gz", + "foss": "yes" + }, + { + "name": "kitchen", + "version": "1.1.1", + "source-url": "https://github.com/fedora-infra/kitchen/archive/1.1.1.tar.gz", + "foss": "yes" + }, + { + "name": "lxml", + "version": "4.2.4", + "source-url": "https://github.com/lxml/lxml/archive/lxml-4.2.4.tar.gz", + "foss": "yes" + }, + { + "name": "meld3", + "version": "1.0.2", + "source-url": "https://github.com/supervisor/meld3/archive/1.0.2.tar.gz", + "foss": "yes" + }, + { + "name": "monotonic", + "version": "1.5", + "source-url": "https://github.com/atdt/monotonic/archive/1.5.tar.gz", + "foss": "yes" + }, + { + "name": "netifaces", + "version": "0.10.7", + "source-url": "https://github.com/al45tair/netifaces/archive/release_0_10_7.tar.gz", + "foss": "yes" + }, + { + "name": "PasteDeploy", + "version": "1.5.2", + "source-url": "https://github.com/Pylons/pastedeploy/archive/1.5.2.tar.gz", + "foss": "yes" + }, + { + "name": "pip", + "version": "19.0.2", + "source-url": "https://github.com/pypa/pip/archive/19.0.2.tar.gz", + "foss": "yes" + }, + { + "name": "pycparser", + "version": "2.18", + "source-url": "https://github.com/eliben/pycparser/archive/release_v2.18.tar.gz", + "foss": "yes" + }, + { + "name": "pycurl", + "version": "7.19.0", + "source-url": "https://github.com/pycurl/pycurl/archive/REL_7_19_0.tar.gz", + "foss": "yes" + }, + { + "name": "pyeclib", + "version": "1.5.0", + "source-url": "https://github.com/openstack/pyeclib/archive/1.5.0.tar.gz", + "foss": "yes" + }, + { + "name": "pygobject", + "version": "3.22.0", + "source-url": "https://gitlab.gnome.org/GNOME/pygobject/-/archive/3.22.0/pygobject-3.22.0.tar.gz", + "foss": "yes" + }, + { + "name": "pygpgme", + "version": "0.3", + "source-url": "https://launchpad.net/pygpgme/trunk/0.3/+download/pygpgme-0.3.tar.gz", + "foss": "yes" + }, + { + "name": "pyliblzma", + "version": "0.5.3", + "source-url": "https://bazaar.launchpad.net/~proyvind/pyliblzma/trunk/tarball/498?start_revid=498", + "foss": "yes" + }, + { + "name": "pyxattr", + "version": "0.5.1", + "source-url": "https://github.com/iustin/pyxattr/archive/pyxattr-v0.5.1.tar.gz", + "foss": "yes" + }, + { + "name": "requests", + "version": "2.19.1", + "source-url": "https://github.com/kennethreitz/requests/archive/v2.19.1.tar.gz", + "foss": "yes" + }, + { + "name": "setuptools", + "version": "40.0.0.post20190213", + "source-url": "https://github.com/pypa/setuptools/archive/v40.0.0.tar.gz", + "foss": "yes" + }, + { + "name": "six", + "version": "1.12.0", + "source-url": "https://github.com/benjaminp/six/archive/1.12.0.tar.gz", + "foss": "yes" + }, + { + "name": "supervisor", + "version": "3.3.4", + "source-url": "https://github.com/Supervisor/supervisor/archive/3.3.4.tar.gz", + "foss": "yes" + }, + { + "name": "supervisor-stdout", + "version": "0.1.1", + "source-url": "https://github.com/coderanger/supervisor-stdout/archive/9b4b3813cee38d969c4f33a4b2c099279c26060a.tar.gz", + "foss": "yes" + }, + { + "name": "swift", + "version": "2.20.0", + "source-url": "https://github.com/openstack/swift/archive/2.20.0.tar.gz", + "foss": "yes" + }, + { + "name": "urlgrabber", + "version": "3.10", + "source-url": "http://yum.baseurl.org/gitweb/?p=urlgrabber.git;a=tag;h=refs/tags/urlgrabber-3-10-2", + "foss": "yes" + }, + { + "name": "urllib3", + "version": "1.23", + "source-url": "https://github.com/urllib3/urllib3/archive/1.23.tar.gz", + "foss": "yes" + }, + { + "name": "wheel", + "version": "0.33.0", + "source-url": "https://github.com/pypa/wheel/archive/0.33.0.tar.gz", + "foss": "yes" + }, + { + "name": "xattr", + "version": "0.9.6", + "source-url": "https://github.com/xattr/xattr/archive/v0.9.6.tar.gz", + "foss": "yes" + }, + { + "name": "yum-metadata-parser", + "version": "1.1.4", + "source-url": "https://github.com/rpm-software-management/yum-metadata-parser/archive/b2565c134876542b44ae795553229912ccbb078e.tar.gz", + "foss": "yes" + } + ] +} diff --git a/docker-build/swift/build-pip b/docker-build/swift/build-pip new file mode 100644 index 0000000..f0ecce3 --- /dev/null +++ b/docker-build/swift/build-pip @@ -0,0 +1,23 @@ +#!/bin/sh -e +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +mkdir -p ${GOPATH}/pip +cd ${GOPATH}/pip +for MOD in ${@} +do + get-package ${MOD} + python setup.py install + rm -rf * +done diff --git a/docker-build/swift/common_scripts/wait-for-files b/docker-build/swift/common_scripts/wait-for-files new file mode 100644 index 0000000..7d59ec3 --- /dev/null +++ b/docker-build/swift/common_scripts/wait-for-files @@ -0,0 +1,46 @@ +#!/bin/sh +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +file_names=$1 +retry_counter=${2:-12} +echo ${retry_counter} +I=0 +Err_Flag=1 + +while [ $Err_Flag -ne 0 ] && [ $I -lt ${retry_counter} ] +do + Err_Flag=0 + for i in ${file_names}; + do + if [ ! -e "${i}" ] + then + Err_Flag=$((Err_Flag+1)) + fi + done + if [ $Err_Flag -ne 0 ] + then + I=$((I+1)) + sleep 5 + fi +done + +if [ $I -ge ${retry_counter} ] +then + echo "WARNING: At least one of the following file not found: ${file_names} !" + echo "WARNING: Exiting!" + exit 1 +else + echo "INFO: ${file_names} files found." +fi diff --git a/docker-build/swift/get-package b/docker-build/swift/get-package new file mode 100644 index 0000000..84191eb --- /dev/null +++ b/docker-build/swift/get-package @@ -0,0 +1,19 @@ +#!/bin/sh -e +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +URL=`cat ${GOPATH}/source-list.txt | grep "> ${1}" | cut -d'=' -f2` + +curl -fsSL -k ${URL} | tar zx --strip-components=1 + diff --git a/docker-build/swift/healthchecker.sh b/docker-build/swift/healthchecker.sh new file mode 100755 index 0000000..db7df24 --- /dev/null +++ b/docker-build/swift/healthchecker.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +SWIFT_AUTH_KEY=$(curl --cacert /etc/swift/tls-proxy/ca.pem -Ss -XGET -i -H"X-Auth-User:${SWIFT_TENANT}:${SWIFT_USER}" -H"X-Auth-Key:${SWIFT_PASS}" https://swift.kube-system.svc.nokia.net:8084/auth/v1.0 | grep X-Auth-Token: | awk "{ print \$2 }") + +curl --fail --cacert /etc/swift/tls-proxy/ca.pem -Ss -XGET -H"X-Auth-Token: ${SWIFT_AUTH_KEY}" https://swift.kube-system.svc.nokia.net:8084/v1.0/AUTH_admin diff --git a/docker-build/swift/mainstart.sh b/docker-build/swift/mainstart.sh new file mode 100644 index 0000000..62f8601 --- /dev/null +++ b/docker-build/swift/mainstart.sh @@ -0,0 +1,56 @@ +#!/bin/sh +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#Before start: +#Part power, replica and hour as env + +if [ $1 == "BACKEND_BUILDER" ]; then + echo "Remove unnecessary pid file" + rm -rf /var/run/rsyncd/rsyncd.pid +fi + +file_names="/etc/swift/account-server.conf /etc/swift/container-server.conf /etc/swift/object-server.conf /etc/swift/proxy-server.conf /etc/swift/rsyncd.conf /etc/swift/swift.conf /etc/swift/memcached" +/usr/bin/wait-for-files "${file_names}" +rc=$?; if [[ $rc != 0 ]]; then exit $rc; fi + +if [ ! -e /etc/swift/account.ring.gz ]; then + cd /etc/swift + echo "Ring files not found. Create them..." + # get ports from the config files + SWIFT_ACCOUNT_PORT=`grep "bind_port" /etc/swift/account-server.conf | awk '{print $3}'` + SWIFT_CONTAINER_PORT=`grep "bind_port" /etc/swift/container-server.conf | awk '{print $3}'` + SWIFT_OBJECT_PORT=`grep "bind_port" /etc/swift/object-server.conf | awk '{print $3}'` + + swift-ring-builder account.builder create ${SWIFT_PART_POWER} ${SWIFT_REPLICAS} ${SWIFT_PART_HOUR} + swift-ring-builder container.builder create ${SWIFT_PART_POWER} ${SWIFT_REPLICAS} ${SWIFT_PART_HOUR} + swift-ring-builder object.builder create ${SWIFT_PART_POWER} ${SWIFT_REPLICAS} ${SWIFT_PART_HOUR} + + for IP in ${SWIFT_OAM1_IP} ${SWIFT_OAM2_IP} ${SWIFT_OAM3_IP}; do + swift-ring-builder account.builder add r1z2-$IP:${SWIFT_ACCOUNT_PORT}/${SWIFT_DISK} 10 + swift-ring-builder container.builder add r1z2-$IP:${SWIFT_CONTAINER_PORT}/${SWIFT_DISK} 10 + swift-ring-builder object.builder add r1z2-$IP:${SWIFT_OBJECT_PORT}/${SWIFT_DISK} 10 + echo "swift-ring-builder object.builder add r1z2-$IP:6000/${SWIFT_DISK} 10" + done + + swift-ring-builder account.builder + swift-ring-builder container.builder + swift-ring-builder object.builder + + swift-ring-builder account.builder rebalance + swift-ring-builder container.builder rebalance + swift-ring-builder object.builder rebalance +fi + +exec /usr/bin/supervisord -c /etc/supervisord.conf diff --git a/docker-build/swift/nginx.repo b/docker-build/swift/nginx.repo new file mode 100644 index 0000000..67e94f6 --- /dev/null +++ b/docker-build/swift/nginx.repo @@ -0,0 +1,7 @@ +[nginx-epel-7] +name=Nginx Epel +baseurl=https://dl.fedoraproject.org/pub/epel/7/x86_64/ +enabled=1 +metadata_expire=1d +gpgcheck=0 + diff --git a/docker-build/swift/source-list.txt b/docker-build/swift/source-list.txt new file mode 100644 index 0000000..d25d4b3 --- /dev/null +++ b/docker-build/swift/source-list.txt @@ -0,0 +1,75 @@ +########################## +# PIP modules # +########################## +## +> python-dnspython=https://github.com/rthalley/dnspython/archive/v1.15.0.tar.gz +## +> python-eventlet=https://github.com/eventlet/eventlet/archive/v0.24.0.tar.gz +## +> python-greenlet=https://files.pythonhosted.org/packages/5d/82/2e53a8def6f99db51992ca3a0a2448c3bbec1a9db3a7cbf7d5dad011e138/greenlet-0.4.14.tar.gz +## +> python-netifaces=https://files.pythonhosted.org/packages/81/39/4e9a026265ba944ddf1fea176dbb29e0fe50c43717ba4fcf3646d099fe38/netifaces-0.10.7.tar.gz +## +> python-pastedeploy=https://pypi.python.org/packages/0f/90/8e20cdae206c543ea10793cbf4136eb9a8b3f417e04e40a29d72d9922cbd/PasteDeploy-1.5.2.tar.gz +## +> python-six=https://files.pythonhosted.org/packages/16/d8/bc6316cf98419719bd59c91742194c111b6f2e85abac88e496adefaf7afe/six-1.11.0.tar.gz +## +> python-xattr=https://files.pythonhosted.org/packages/60/80/a1f35bfd3c7ffb78791b2a6a15c233584a102a20547fd96d48933ec453e7/xattr-0.9.6.tar.gz +## +> python-PyECLib=https://files.pythonhosted.org/packages/e3/02/2814399e18c10f0ea6912bf7e7ce5e20c9482b4b5fae9f756c72c97cc144/pyeclib-1.5.0.tar.gz +## +> python-cryptography=https://files.pythonhosted.org/packages/22/21/233e38f74188db94e8451ef6385754a98f3cad9b59bedf3a8e8b14988be4/cryptography-2.3.1.tar.gz +## +> python-lxml=https://files.pythonhosted.org/packages/ca/63/139b710671c1655aed3b20c1e6776118c62e9f9311152f4c6031e12a0554/lxml-4.2.4.tar.gz +## +> python-chardet=https://files.pythonhosted.org/packages/fc/bb/a5768c230f9ddb03acc9ef3f0d4a3cf93462473795d18e9535498c8f929d/chardet-3.0.4.tar.gz +## +> python-requests=https://files.pythonhosted.org/packages/54/1f/782a5734931ddf2e1494e4cd615a51ff98e1879cbe9eecbdfeaf09aa75e9/requests-2.19.1.tar.gz +## +######################### +# SOMETHINGS # +######################### +## +> python-cffi=https://files.pythonhosted.org/packages/e7/a7/4cd50e57cc6f436f1cc3a7e8fa700ff9b8b4d471620629074913e3735fb2/cffi-1.11.5.tar.gz +## +> python-pycparser=https://files.pythonhosted.org/packages/8c/2d/aad7f16146f4197a11f8e91fb81df177adcc2073d36a17b1491fd09df6ed/pycparser-2.18.tar.gz +## +> python-enum-compat=https://pypi.python.org/packages/95/6e/26bdcba28b66126f66cf3e4cd03bcd63f7ae330d29ee68b1f6b623550bfa/enum-compat-0.0.2.tar.gz +## +> python-idna=https://files.pythonhosted.org/packages/65/c4/80f97e9c9628f3cac9b98bfca0402ede54e0563b56482e3e6e45c43c4935/idna-2.7.tar.gz +## +> python-enum34=https://pypi.python.org/packages/bf/3e/31d502c25302814a7c2f1d3959d2a3b3f78e509002ba91aea64993936876/enum34-1.1.6.tar.gz +## +> python-ipaddress=https://files.pythonhosted.org/packages/97/8d/77b8cedcfbf93676148518036c6b1ce7f8e14bf07e95d7fd4ddcb8cc052f/ipaddress-1.0.22.tar.gz +## +> python-setuptools=https://github.com/pypa/setuptools/archive/v40.0.0.tar.gz +## +> python-supervisor=https://files.pythonhosted.org/packages/44/60/698e54b4a4a9b956b2d709b4b7b676119c833d811d53ee2500f1b5e96dc3/supervisor-3.3.4.tar.gz +## +> python-supervisor-stdout=https://pypi.python.org/packages/ef/98/557ea85b26753c990a00159e32ead242be617754b0f9f2683b0d4350a1b2/supervisor-stdout-0.1.1.tar.gz +## +########################## +# Main programs # +########################## +## +> swift=https://tarballs.openstack.org/swift/swift-2.19.0.tar.gz +## +########################## +# Other # +########################## +## +> liberasurecode=https://github.com/openstack/liberasurecode/archive/1.5.0.tar.gz +## +> gf-complete=http://jerasure.org/jerasure/gf-complete/repository/archive.tar.gz +#> gf-complete=https://github.com/ceph/gf-complete/archive/master.tar.gz +## +> isa-l=https://github.com/01org/isa-l/archive/v2.23.0.tar.gz +## +> Jerasure=http://lab.jerasure.org/jerasure/jerasure/repository/archive.tar.gz +#> Jerasure=https://github.com/tsuraan/Jerasure/archive/master.tar.gz +## +> nasm=https://fossies.org/linux/misc/nasm-2.14.02.tar.gz +#> nasm=http://www.nasm.us/pub/nasm/releasebuilds/2.13.03/nasm-2.13.03.tar.gz +## + + diff --git a/docker-build/swift/supervisord.conf b/docker-build/swift/supervisord.conf new file mode 100644 index 0000000..419073f --- /dev/null +++ b/docker-build/swift/supervisord.conf @@ -0,0 +1,188 @@ +[unix_http_server] +file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) +chmod = 0770 +chown = swift:swift +username = dummy +password = dummy + +;[inet_http_server] ; inet (TCP) server disabled by default + +[supervisord] +user=swift +logfile=/dev/null +logfile_maxbytes=0 +loglevel=info +pidfile=/var/run/supervisor/supervisord.pid +nodaemon=true +minfds=1024 +minprocs=200 + +[supervisorctl] +serverurl=unix:///var/run/supervisor/supervisor.sock +username = dummy +password = dummy + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[program:memcached] +command=/bin/sh -c "source /etc/swift/memcached && /usr/bin/memcached -v -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS" +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 1 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:proxy-server] +command=/usr/bin/python /usr/bin/swift-proxy-server -v /etc/swift/proxy-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 2 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:rsync] +command=/usr/bin/rsync --config /etc/swift/rsyncd.conf --daemon --no-detach +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 3 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-object-server] +command=/usr/bin/swift-object-server -v /etc/swift/object-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 4 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-object-replicator] +command=/usr/bin/swift-object-replicator -v /etc/swift/object-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 5 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-object-updater] +command=/usr/bin/swift-object-updater -v /etc/swift/object-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 6 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-object-auditor] +command=/usr/bin/swift-object-auditor -v /etc/swift/object-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 6 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-container-server] +command=/usr/bin/swift-container-server -v /etc/swift/container-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 7 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-container-replicator] +command=/usr/bin/swift-container-replicator -v /etc/swift/container-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 8 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-container-updater] +command=/usr/bin/swift-container-updater -v /etc/swift/container-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 9 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-container-auditor] +command=/usr/bin/swift-container-auditor -v /etc/swift/container-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 10 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-account-server] +command=/usr/bin/swift-account-server -v /etc/swift/account-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 11 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-account-replicator] +command=/usr/bin/swift-account-replicator -v /etc/swift/account-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 12 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-account-reaper] +command=/usr/bin/swift-account-reaper -v /etc/swift/account-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 13 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:swift-account-auditor] +command=/usr/bin/swift-account-auditor -v /etc/swift/account-server.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 14 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:nginx] +command=/usr/sbin/nginx -c /etc/swift/nginx.conf +startsecs=3 +startretries=1 +stopwaitsecs = 3 +priority = 15 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + + -- 2.16.6