From 28c75e6e5c02ee0c796d378846c2ad8f7a3a8c22 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 16 Mar 2017 17:17:10 +0100
Subject: installer: support running as a system container
Example:
atomic install --system --set INVENTORY_FILE=$(pwd)/hosts.inventory \
--set SSH_ROOT=/root/.ssh \
--set PLAYBOOK_FILE=./playbooks/byo/config.yml openshift-ansible
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
system-container/root/exports/config.json.template | 213 +++++++++++++++++++++
system-container/root/exports/manifest.json | 10 +
system-container/root/exports/service.template | 6 +
system-container/root/exports/tmpfiles.template | 1 +
4 files changed, 230 insertions(+)
create mode 100644 system-container/root/exports/config.json.template
create mode 100644 system-container/root/exports/manifest.json
create mode 100644 system-container/root/exports/service.template
create mode 100644 system-container/root/exports/tmpfiles.template
(limited to 'system-container/root/exports')
diff --git a/system-container/root/exports/config.json.template b/system-container/root/exports/config.json.template
new file mode 100644
index 000000000..ede2414c1
--- /dev/null
+++ b/system-container/root/exports/config.json.template
@@ -0,0 +1,213 @@
+{
+ "ociVersion": "1.0.0",
+ "platform": {
+ "os": "linux",
+ "arch": "amd64"
+ },
+ "process": {
+ "terminal": false,
+ "consoleSize": {
+ "height": 0,
+ "width": 0
+ },
+ "user": {
+ "uid": 0,
+ "gid": 0
+ },
+ "args": [
+ "/usr/local/bin/run-system-container.sh"
+ ],
+ "env": [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM=xterm",
+ "OPTS=$OPTS",
+ "PLAYBOOK_FILE=$PLAYBOOK_FILE"
+ ],
+ "cwd": "/opt/app-root/src/",
+ "rlimits": [
+ {
+ "type": "RLIMIT_NOFILE",
+ "hard": 1024,
+ "soft": 1024
+ }
+ ],
+ "noNewPrivileges": true
+ },
+ "root": {
+ "path": "rootfs",
+ "readonly": true
+ },
+ "mounts": [
+ {
+ "destination": "/proc",
+ "type": "proc",
+ "source": "proc"
+ },
+ {
+ "destination": "/dev",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755",
+ "size=65536k"
+ ]
+ },
+ {
+ "destination": "/dev/pts",
+ "type": "devpts",
+ "source": "devpts",
+ "options": [
+ "nosuid",
+ "noexec",
+ "newinstance",
+ "ptmxmode=0666",
+ "mode=0620",
+ "gid=5"
+ ]
+ },
+ {
+ "destination": "/dev/shm",
+ "type": "tmpfs",
+ "source": "shm",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "mode=1777",
+ "size=65536k"
+ ]
+ },
+ {
+ "destination": "/dev/mqueue",
+ "type": "mqueue",
+ "source": "mqueue",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev"
+ ]
+ },
+ {
+ "destination": "/sys",
+ "type": "sysfs",
+ "source": "sysfs",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "ro"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$SSH_ROOT",
+ "destination": "/opt/app-root/src/.ssh",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$SSH_ROOT",
+ "destination": "/root/.ssh",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$VAR_LIB_OPENSHIFT_INSTALLER",
+ "destination": "/var/lib/openshift-installer",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "destination": "/root/.ansible",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755"
+ ]
+ },
+ {
+ "destination": "/tmp",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755"
+ ]
+ },
+ {
+ "type": "bind",
+ "source": "$INVENTORY_FILE",
+ "destination": "/etc/ansible/hosts",
+ "options": [
+ "bind",
+ "rw",
+ "mode=755"
+ ]
+ },
+ {
+ "destination": "/sys/fs/cgroup",
+ "type": "cgroup",
+ "source": "cgroup",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "relatime",
+ "ro"
+ ]
+ }
+ ],
+ "hooks": {
+
+ },
+ "linux": {
+ "resources": {
+ "devices": [
+ {
+ "allow": false,
+ "access": "rwm"
+ }
+ ]
+ },
+ "namespaces": [
+ {
+ "type": "pid"
+ },
+ {
+ "type": "mount"
+ }
+ ],
+ "maskedPaths": [
+ "/proc/kcore",
+ "/proc/latency_stats",
+ "/proc/timer_list",
+ "/proc/timer_stats",
+ "/proc/sched_debug",
+ "/sys/firmware"
+ ],
+ "readonlyPaths": [
+ "/proc/asound",
+ "/proc/bus",
+ "/proc/fs",
+ "/proc/irq",
+ "/proc/sys",
+ "/proc/sysrq-trigger"
+ ]
+ }
+}
diff --git a/system-container/root/exports/manifest.json b/system-container/root/exports/manifest.json
new file mode 100644
index 000000000..615b53261
--- /dev/null
+++ b/system-container/root/exports/manifest.json
@@ -0,0 +1,10 @@
+{
+ "version": "1.0",
+ "defaultValues": {
+ "OPTS": "",
+ "VAR_LIB_OPENSHIFT_INSTALLER" : "/var/lib/openshift-installer",
+ "PLAYBOOK_FILE": "/usr/share/ansible/openshift-ansible/playbooks/byo/config.yml",
+ "SSH_ROOT": "/root/.ssh",
+ "INVENTORY_FILE": "/dev/null"
+ }
+}
diff --git a/system-container/root/exports/service.template b/system-container/root/exports/service.template
new file mode 100644
index 000000000..bf5316af6
--- /dev/null
+++ b/system-container/root/exports/service.template
@@ -0,0 +1,6 @@
+[Service]
+ExecStart=$EXEC_START
+ExecStop=-$EXEC_STOP
+Restart=no
+WorkingDirectory=$DESTDIR
+Type=oneshot
diff --git a/system-container/root/exports/tmpfiles.template b/system-container/root/exports/tmpfiles.template
new file mode 100644
index 000000000..327e6f45d
--- /dev/null
+++ b/system-container/root/exports/tmpfiles.template
@@ -0,0 +1 @@
+d $VAR_LIB_OPENSHIFT_INSTALLER - - - - -
--
cgit v1.2.3