forked from freeipa/ansible-freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upstream ci: Create containers with IPA not configured
To allow uspstream testing of deployment roles, containers that do not have IPA pre-configured are necessary. Currently all the testing images available come with pre-configured images. This patch provides a new pipeline to create raw containers, that is, containers that contain all necessary files, but do not have IPA configured. Currently, only 'fedora:latest' is supported.
- Loading branch information
Showing
4 changed files
with
145 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
FROM fedora:latest | ||
ENV container=docker | ||
|
||
RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy | ||
RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi | ||
|
||
RUN ln -s /bin/false /usr/sbin/systemd-machine-id-setup | ||
|
||
RUN rm -fv /var/cache/dnf/metadata_lock.pid; \ | ||
dnf makecache; \ | ||
dnf --assumeyes install \ | ||
/usr/bin/python3 \ | ||
/usr/bin/python3-config \ | ||
/usr/bin/dnf-3 \ | ||
sudo \ | ||
bash \ | ||
systemd \ | ||
procps-ng \ | ||
iproute \ | ||
sudo \ | ||
nss \ | ||
freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad freeipa-client \ | ||
firewalld \ | ||
&& \ | ||
dnf clean all; | ||
|
||
ENTRYPOINT [ "/usr/sbin/init" ] | ||
STOPSIGNAL RTMIN+3 | ||
|
||
RUN rm -f /etc/systemd/system/*.wants/*;\ | ||
rm -f /lib/systemd/system/local-fs.target.wants/*; \ | ||
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ | ||
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ | ||
rm -f /lib/systemd/system/basic.target.wants/*;\ | ||
rm -f /lib/systemd/system/anaconda.target.wants/*; \ | ||
rm -rf /var/cache/dnf/; | ||
|
||
|
||
RUN rmdir -v /etc/systemd/system/multi-user.target.wants \ | ||
&& mkdir /etc/systemd/system/container-ipa.target.wants \ | ||
&& ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants | ||
RUN systemd-tmpfiles --remove --create | ||
|
||
RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig | ||
ADD hostnamectl-wrapper /usr/bin/nisdomainname | ||
|
||
EXPOSE 53/udp 53 80 443 389 636 88 464 88/udp 464/udp 123/udp | ||
|
||
CMD ["/usr/sbin/init"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
|
||
if setpriv --dump | grep -q sys_admin ; then | ||
if [[ "$( basename $0 )" =~ "domainname" ]] ; then | ||
/usr/bin/hostname -y "$@" | ||
else | ||
$0.orig "$@" | ||
fi | ||
else | ||
echo "Skipping invocation of $0 $@ in unprivileged container." >&2 | ||
exit | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
|
||
schedules: | ||
- cron: "0 0 * * 0" | ||
displayName: Weekly Sunday midnight build | ||
branches: | ||
include: | ||
- master | ||
always: true | ||
|
||
trigger: none | ||
|
||
pool: | ||
vmImage: 'ubuntu-20.04' | ||
|
||
stages: | ||
|
||
#- stage: CentOS_7 | ||
# dependsOn: [] | ||
# jobs: | ||
# - template: templates/build_container.yml | ||
# parameters: | ||
# job_name_suffix: Centos7 | ||
# container_name: centos-7 | ||
# build_scenario_name: centos-7-build | ||
# | ||
#- stage: CentOS_8_Stream | ||
# dependsOn: [] | ||
# jobs: | ||
# - template: templates/build_container.yml | ||
# parameters: | ||
# job_name_suffix: C8S | ||
# container_name: c8s | ||
# build_scenario_name: c8s-build | ||
# | ||
#- stage: CentOS_9_Stream | ||
# dependsOn: [] | ||
# jobs: | ||
# - template: templates/build_container.yml | ||
# parameters: | ||
# job_name_suffix: C9S | ||
# container_name: c9s | ||
# build_scenario_name: c9s-build | ||
|
||
- stage: Fedora_Latest | ||
dependsOn: [] | ||
jobs: | ||
- template: templates/build_raw_container.yml | ||
parameters: | ||
job_name_suffix: FedoraLatest | ||
container_name: fedora-latest | ||
|
||
#- stage: Fedora_Rawhide | ||
# dependsOn: [] | ||
# jobs: | ||
# - template: templates/build_raw_container.yml | ||
# parameters: | ||
# job_name_suffix: FedoraRawhide | ||
# container_name: fedora-rawhide |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
parameters: | ||
- name: job_name_suffix | ||
type: string | ||
- name: container_name | ||
type: string | ||
|
||
jobs: | ||
- job: BuildTestImage${{ parameters.job_name_suffix }} | ||
displayName: Build ${{ parameters.container_name }} test container | ||
steps: | ||
- script: | | ||
docker build -t raw-${ parameters.container_name }} containers/${{ parameters.container_name }} | ||
retryCountOnTaskFailure: 5 | ||
displayName: Create test container | ||
- script: | | ||
docker stop -i raw-${{ parameters.parameters.container_name }} | ||
docker commit raw-${{ parameters.parameters.container_name }} quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }} | ||
docker login -u="$QUAY_ROBOT_USERNAME" -p="$QUAY_ROBOT_TOKEN" quay.io | ||
docker push quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }} | ||
displayName: Save image and upload | ||
env: | ||
# Secrets needs to be mapped as env vars to work properly | ||
QUAY_ROBOT_TOKEN: $(QUAY_ROBOT_TOKEN) |