Skip to content

Commit

Permalink
upstream ci: Create containers with IPA not configured
Browse files Browse the repository at this point in the history
To allow uspstream testing of deployment roles, containers that do not
have IPA pre-configured are necessary. Currently all the testing images
available come with pre-configured images.

This patch provides a new pipeline to create raw containers, that is,
containers that contain all necessary files, but do not have IPA
configured.

Currently, only 'fedora:latest' is supported.
  • Loading branch information
rjeffman committed Mar 9, 2024
1 parent 9aaff2e commit 79080c9
Show file tree
Hide file tree
Showing 5 changed files with 149 additions and 0 deletions.
3 changes: 3 additions & 0 deletions containers/fedora-latest/00-ipv6.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 1
50 changes: 50 additions & 0 deletions containers/fedora-latest/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
FROM fedora:latest
ENV container=docker

RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d / -s '/sbin/nologin' kdcproxy
RUN groupadd -g 289 ipaapi; useradd -u 289 -g 289 -c 'IPA Framework User' -r -d / -s '/sbin/nologin' ipaapi

RUN ln -s /bin/false /usr/sbin/systemd-machine-id-setup

RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
dnf makecache; \
dnf --assumeyes install \
/usr/bin/python3 \
/usr/bin/python3-config \
/usr/bin/dnf-3 \
sudo \
bash \
systemd \
procps-ng \
iproute \
sudo \
nss \
freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad freeipa-client \
firewalld \
&& \
dnf clean all;

ENTRYPOINT [ "/usr/sbin/init" ]
STOPSIGNAL RTMIN+3

RUN rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*; \
rm -rf /var/cache/dnf/;


RUN rmdir -v /etc/systemd/system/multi-user.target.wants \
&& mkdir /etc/systemd/system/container-ipa.target.wants \
&& ln -s /etc/systemd/system/container-ipa.target.wants /etc/systemd/system/multi-user.target.wants
RUN systemd-tmpfiles --remove --create

RUN mv /usr/bin/nisdomainname /usr/bin/nisdomainname.orig
ADD hostnamectl-wrapper /usr/bin/nisdomainname
ADD 00-ipv6.conf /etc/sysctl.d/00-ipv6.conf

EXPOSE 53/udp 53 80 443 389 636 88 464 88/udp 464/udp 123/udp

CMD ["/usr/sbin/init"]
12 changes: 12 additions & 0 deletions containers/fedora-latest/hostnamectl-wrapper
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash -eu

if setpriv --dump | grep -q sys_admin ; then
if [[ "$( basename "$0" )" =~ "domainname" ]] ; then
/usr/bin/hostname -y "$@"
else
"$0.orig" "$@"
fi
else
echo "Skipping invocation of $0 $* in unprivileged container." >&2
exit
fi
59 changes: 59 additions & 0 deletions tests/azure/build-raw-containers.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---

schedules:
- cron: "0 0 * * 0"
displayName: Weekly Sunday midnight build
branches:
include:
- master
always: true

trigger: none

pool:
vmImage: 'ubuntu-20.04'

stages:

#- stage: CentOS_7
# dependsOn: []
# jobs:
# - template: templates/build_container.yml
# parameters:
# job_name_suffix: Centos7
# container_name: centos-7
# build_scenario_name: centos-7-build
#
#- stage: CentOS_8_Stream
# dependsOn: []
# jobs:
# - template: templates/build_container.yml
# parameters:
# job_name_suffix: C8S
# container_name: c8s
# build_scenario_name: c8s-build
#
#- stage: CentOS_9_Stream
# dependsOn: []
# jobs:
# - template: templates/build_container.yml
# parameters:
# job_name_suffix: C9S
# container_name: c9s
# build_scenario_name: c9s-build

- stage: Fedora_Latest
dependsOn: []
jobs:
- template: templates/build_raw_container.yml
parameters:
job_name_suffix: FedoraLatest
container_name: fedora-latest

#- stage: Fedora_Rawhide
# dependsOn: []
# jobs:
# - template: templates/build_raw_container.yml
# parameters:
# job_name_suffix: FedoraRawhide
# container_name: fedora-rawhide
25 changes: 25 additions & 0 deletions tests/azure/templates/build_raw_container.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
parameters:
- name: job_name_suffix
type: string
- name: container_name
type: string

jobs:
- job: BuildTestImage${{ parameters.job_name_suffix }}
displayName: Build ${{ parameters.container_name }} test container
steps:
- script: |
docker build -t quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }} containers/${{ parameters.container_name }}
retryCountOnTaskFailure: 5
displayName: Create test container
- script: |
docker stop -i raw-${{ parameters.container_name }}
docker commit raw-${{ parameters.container_name }} quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }}
docker login -u="$QUAY_ROBOT_USERNAME" -p="$QUAY_ROBOT_TOKEN" quay.io
docker push quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.container_name }}
displayName: Save image and upload
env:
# Secrets needs to be mapped as env vars to work properly
QUAY_ROBOT_TOKEN: $(QUAY_ROBOT_TOKEN)

0 comments on commit 79080c9

Please sign in to comment.