wip

3 months ago · 65b10b9af5
10 changed files with 91 additions and 22 deletions
--- a/config.env
+++ b/config.env
@ -0,0 +1 @@
 TARGET_IMAGE_TEMPLATE='edge-registry.itix.fr/demo-edge-retail/${SCENARIO}:latest'
--- a/generic/Containerfile
+++ b/generic/Containerfile
@ -7,7 +7,10 @@ RUN <<EOF
 set -Eeuo pipefail
 dnf config-manager --enable ansible-automation-platform-2.5-for-rhel-9-$(arch)-rpms
-dnf install -y mkpasswd podman skopeo flightctl-agent
+dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-machines cockpit-podman \
               cockpit-files cockpit-ostree cockpit-pcp cockpit-system libvirt libvirt-daemon-kvm \
               virt-install virt-top libguestfs-tools genisoimage greenboot greenboot-default-health-checks
 dnf clean all
 if [ -n "$ADMIN_USERNAME" ]; then
  useradd -m -G wheel -p "$(echo -n "$ADMIN_PASSWORD" | mkpasswd -m bcrypt --stdin)" "$ADMIN_USERNAME"
@ -18,6 +21,11 @@ ADD --chown=root:root root /
 RUN <<EOF
 set -Eeuo pipefail
-systemctl enable flightctl-agent.service
+systemctl enable flightctl-agent.service cockpit.socket libvirtd.service libvirt-guests.service
 systemctl mask bootc-fetch-apply-updates.timer
 if [ -n "$ADMIN_USERNAME" -a -f "/etc/ssh/authorized_keys/$ADMIN_USERNAME.keys" ]; then
  chown "$ADMIN_USERNAME:$ADMIN_USERNAME" "/etc/ssh/authorized_keys/$ADMIN_USERNAME.keys"
 fi
 semanage fcontext -a -t ssh_home_t "/etc/ssh/authorized_keys(/.*)?"
 restorecon -Rf /etc/ssh/authorized_keys
 EOF
--- a/generic/root/etc/ssh/sshd_config.d/00-authorized_keys.conf
+++ b/generic/root/etc/ssh/sshd_config.d/00-authorized_keys.conf
@ -0,0 +1,3 @@
 AuthorizedKeysFile /etc/ssh/authorized_keys/%u.keys .ssh/authorized_keys
 PermitRootLogin prohibit-password
 #LogLevel DEBUG
--- a/generic/root/etc/sudoers
+++ b/generic/root/etc/sudoers
@ -0,0 +1,13 @@
 Defaults   !visiblepw
 Defaults    always_set_home
 Defaults    match_group_by_gid
 Defaults    always_query_group_plugin
 Defaults    env_reset
 Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
 Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
 Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
 Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
 Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
 Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
 root    ALL=(ALL)       NOPASSWD: ALL
 %wheel  ALL=(ALL)       NOPASSWD: ALL
--- a/scenario1/Containerfile
+++ b/scenario1/Containerfile
@ -1,23 +1,8 @@
 FROM edge-registry.itix.fr/demo-edge-retail/generic:latest
 ARG ADMIN_USERNAME=demo \
    ADMIN_PASSWORD=redhat
 RUN <<EOF
 set -Eeuo pipefail
 dnf config-manager --enable ansible-automation-platform-2.5-for-rhel-9-$(arch)-rpms
 dnf install -y mkpasswd podman skopeo flightctl-agent
 if [ -n "$ADMIN_USERNAME" ]; then
  useradd -m -G wheel -p "$(echo -n "$ADMIN_PASSWORD" | mkpasswd -m bcrypt --stdin)" "$ADMIN_USERNAME"
 fi
 EOF
 ADD --chown=root:root root /
 RUN <<EOF
 set -Eeuo pipefail
-systemctl enable flightctl-agent.service
+systemctl enable odoo.target
 systemctl mask bootc-fetch-apply-updates.timer
 EOF
--- a/scenario1/root/etc/containers/systemd/odoo-db.container
+++ b/scenario1/root/etc/containers/systemd/odoo-db.container
@ -21,7 +21,7 @@ EnvironmentFile=/etc/containers/systemd/configs/odoo-db.env
 Volume=/var/lib/postgresql/data:/var/lib/postgresql/data:Z
 # Health check
-HealthCmd=pg_isready -U odoo
+HealthCmd=pg_isready -U odoo -d postgres
 HealthInterval=30s
 HealthTimeout=10s
 HealthStartPeriod=60s
@ -33,5 +33,8 @@ RestartSec=10
 TimeoutStartSec=120
 TimeoutStopSec=30
 # Skaffold filesystem + fix permissions
 ExecStartPre=install -m 0700 -o 70 -g 70 -d /var/lib/postgresql/data
 [Install]
 WantedBy=odoo.target
--- a/scenario1/root/etc/containers/systemd/odoo-init.container
+++ b/scenario1/root/etc/containers/systemd/odoo-init.container
@ -39,7 +39,7 @@ RemainAfterExit=yes
 ExecStartPost=/bin/touch /var/lib/odoo/initialized
 # Skaffold filesystem + fix permissions
-ExecStartPre=/bin/sh -c 'for d in /var/lib/odoo/data /var/lib/odoo/addons /var/log/odoo; do mkdir -p "$d" ; chmod 700 "$d" ; chown 101:101 "$d" ; done'
+ExecStartPre=install -m 0700 -o 101 -g 101 -d /var/lib/odoo/data /var/lib/odoo/addons /var/log/odoo
 # Wait for PostgreSQL to be ready
 ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5432; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
--- a/scenario1/root/etc/greenboot/check/required.d/odoo-check.sh
+++ b/scenario1/root/etc/greenboot/check/required.d/odoo-check.sh
@ -0,0 +1,28 @@
 #!/bin/bash
 set -Eeuo pipefail
 declare -a container_state=()
 MAX_ATTEMPTS=60
 for attempt in {1..$MAX_ATTEMPTS}; do
  echo "Checking Odoo deployment ($attempt/$MAX_ATTEMPTS)..."
  state=1
  for container in odoo-db odoo-app; do
 	container_state=( $( ( podman inspect "$container" || true ) | jq -r '.[0].State.Status // "unknown", .[0].State.Health.Status // "unknown"') )
    echo "Container $container has state ${container_state[0]} and its health is ${container_state[1]}!"
 	if [[ "${container_state[0]}-${container_state[1]}" != "running-healthy" ]]; then
 	  state=0
 	fi
  done
  if [[ $state -eq 1 ]]; then
    echo "Odoo deployment is up and running!"
    exit 0
  fi
  sleep 5
 done
 echo "Odoo deployment is not running correctly after $MAX_ATTEMPTS attempts!"
 exit 1
--- a/scripts/build.sh
+++ b/scripts/build.sh
@ -7,8 +7,12 @@ if [[ "$UID" -ne 0 ]]; then
  exit 1
 fi
-. "$PWD/env.sh"
+if [ "$#" -ne 1 ]; then
  echo "Usage: $0 <target-image>"
  exit 1
 fi
 TARGET_IMAGE="$1"
 OCI_REGISTRY="${TARGET_IMAGE%%/*}"
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
@ -39,5 +43,5 @@ if [ ! -f "$REGISTRY_AUTH_FILE" ]; then
  podman login registry.redhat.io
 fi
-podman build -t "${TARGET_IMAGE}" .
+podman build --no-cache -t "${TARGET_IMAGE}" .
 podman push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "${TARGET_IMAGE}"
--- a/scripts/buildall.sh
+++ b/scripts/buildall.sh
@ -0,0 +1,24 @@
 #!/bin/bash
 set -Eeuo pipefail
 if [[ "$UID" -ne 0 ]]; then
  echo "This command must be run as root!"
  exit 1
 fi
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 . "$PROJECT_DIR/config.env"
 for dir in "$PROJECT_DIR"/{generic,scenario*}; do
  if [ -d "$dir" -a -f "$dir/Containerfile" ]; then
    export SCENARIO="${dir##*/}"
    TARGET_IMAGE="$(echo -n "$TARGET_IMAGE_TEMPLATE" | envsubst)"
    echo "Building container image $TARGET_IMAGE from $SCENARIO..."
    pushd "$dir" > /dev/null
    "$SCRIPT_DIR/build.sh" "$TARGET_IMAGE"
    popd > /dev/null
  fi
 done
	`@ -0,0 +1 @@`
					`TARGET_IMAGE_TEMPLATE='edge-registry.itix.fr/demo-edge-retail/${SCENARIO}:latest'`