From 28c75e6e5c02ee0c796d378846c2ad8f7a3a8c22 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Mar 2017 17:17:10 +0100 Subject: installer: support running as a system container Example: atomic install --system --set INVENTORY_FILE=$(pwd)/hosts.inventory \ --set SSH_ROOT=/root/.ssh \ --set PLAYBOOK_FILE=./playbooks/byo/config.yml openshift-ansible Signed-off-by: Giuseppe Scrivano --- system-container/root/exports/config.json.template | 213 +++++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100644 system-container/root/exports/config.json.template (limited to 'system-container/root/exports/config.json.template') diff --git a/system-container/root/exports/config.json.template b/system-container/root/exports/config.json.template new file mode 100644 index 000000000..ede2414c1 --- /dev/null +++ b/system-container/root/exports/config.json.template @@ -0,0 +1,213 @@ +{ + "ociVersion": "1.0.0", + "platform": { + "os": "linux", + "arch": "amd64" + }, + "process": { + "terminal": false, + "consoleSize": { + "height": 0, + "width": 0 + }, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "/usr/local/bin/run-system-container.sh" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "OPTS=$OPTS", + "PLAYBOOK_FILE=$PLAYBOOK_FILE" + ], + "cwd": "/opt/app-root/src/", + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "type": "bind", + "source": "$SSH_ROOT", + "destination": "/opt/app-root/src/.ssh", + "options": [ + "bind", + "rw", + "mode=755" + ] + }, + { + "type": "bind", + "source": "$SSH_ROOT", + "destination": "/root/.ssh", + "options": [ + "bind", + "rw", + "mode=755" + ] + }, + { + "type": "bind", + "source": "$VAR_LIB_OPENSHIFT_INSTALLER", + "destination": "/var/lib/openshift-installer", + "options": [ + "bind", + "rw", + "mode=755" + ] + }, + { + "destination": "/root/.ansible", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755" + ] + }, + { + "destination": "/tmp", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755" + ] + }, + { + "type": "bind", + "source": "$INVENTORY_FILE", + "destination": "/etc/ansible/hosts", + "options": [ + "bind", + "rw", + "mode=755" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "hooks": { + + }, + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/kcore", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/sys/firmware" + ], + "readonlyPaths": [ + "/proc/asound", + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + } +} -- cgit v1.2.3 From 11e470c7e198c3260c4bf66a069e2b7f8e21e519 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Mon, 20 Mar 2017 11:08:07 -0400 Subject: installer: Add system container variable for log saving A new environment variable, VAR_LOG_ANSIBLE_LOG, was created to allow the installer to bind mount the location and write the log back to the host. By default the value is /var/log/ansible.log Example: atomic install --system --set INVENTORY_FILE=$(pwd)/hosts.inventory \ --set SSH_ROOT=/root/.ssh \ --set VAR_LOG_ANSIBLE_LOG=/some/log/location/ansible.log \ --set PLAYBOOK_FILE=./playbooks/byo/config.yml openshift-ansible --- system-container/root/exports/config.json.template | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'system-container/root/exports/config.json.template') diff --git a/system-container/root/exports/config.json.template b/system-container/root/exports/config.json.template index ede2414c1..383e3696e 100644 --- a/system-container/root/exports/config.json.template +++ b/system-container/root/exports/config.json.template @@ -130,6 +130,16 @@ "mode=755" ] }, + { + "type": "bind", + "source": "$VAR_LOG_OPENSHIFT_LOG", + "destination": "/var/log/ansible.log", + "options": [ + "bind", + "rw", + "mode=755" + ] + }, { "destination": "/root/.ansible", "type": "tmpfs", -- cgit v1.2.3