wip

application/Dockerfile

@@ -5,7 +5,7 @@ FROM python:3.8-slim
 WORKDIR /app
 
 # Copy the current directory contents into the container at /app
-COPY . /app
+COPY src /app
 
 # Install any needed packages specified in requirements.txt
 RUN pip install --trusted-host pypi.python.org Flask
@@ -18,3 +18,4 @@ ENV NAME World
 
 # Run app.py when the container launches
 CMD ["python", "app.py"]
+    

application/README.md

@@ -0,0 +1,32 @@
+# Sample kiosk application
+
+Build the container image.
+
+```sh
+podman build -t localhost/kiosk-app:latest .
+```
+
+Run the container image.
+
+```sh
+podman run -it --rm --name kiosk-app -p 5000:5000 localhost/kiosk-app:latest
+```
+
+Test it.
+
+```sh
+curl -I http://localhost:5000/
+```
+
+Login to the registry.
+
+```sh
+podman login quay.io
+```
+
+Publish it to the registry.
+
+```sh
+podman tag localhost/kiosk-app:latest quay.io/nmasse_itix/kiosk-app:latest
+podman push quay.io/nmasse_itix/kiosk-app:latest
+```

documentation/INSTALL_RHEL9.md

@@ -50,6 +50,32 @@ cd red-hat-kiosk
 export GIT_REPO_CLONE="$PWD"
 ```
 
+## Create the container image
+
+Install podman and buildah.
+
+```sh
+sudo dnf install -y podman buildah
+```
+
+Define the target image properties.
+
+```sh
+REGISTRY="quay.io"
+IMAGE_NAME="nmasse_itix/kiosk-app"
+IMAGE_TAG="latest"
+```
+
+Build and push the image to the registry.
+
+```sh
+cd "$GIT_REPO_CLONE/application"
+podman build -t localhost/kiosk-app:latest .
+podman login "$REGISTRY"
+podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+```
+
 ## Nginx configuration
 
 ```sh
@@ -73,13 +99,20 @@ rm $HOME/rpmbuild
 ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild
 ```
 
-Build the Kiosk Configuration RPM
+Build the `kiosk-config` RPM
 
 ```sh
 spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec
 rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec
 ```
 
+Build the `microshift-manifests` RPM
+
+```sh
+spectool -g -R $HOME/rpmbuild/SPECS/microshift-manifests.spec
+rpmbuild -ba $HOME/rpmbuild/SPECS/microshift-manifests.spec
+```
+
 Rebuild the Google Chrome RPM
 
 ```sh
@@ -131,7 +164,7 @@ Verify all packages are present.
 
 ```sh
 sudo dnf clean all
-sudo dnf info kiosk-config google-chrome-stable
+sudo dnf info kiosk-config google-chrome-stable microshift-manifests
 ```
 
 ## Blueprint preparation

imagebuilder/kiosk.toml

@@ -12,7 +12,7 @@ version = "*"
 name = "cockpit"
 
 [[packages]]
-name = "microshift"
+name = "microshift-manifests"
 version = "*"
 
 [[packages]]

rpms/SOURCES/com.redhat.Kiosk.SampleApp.service

@@ -4,6 +4,6 @@ BindsTo=gnome-session.target
 After=gnome-session.target
 
 [Service]
-ExecStart=/usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk
+ExecStart=/usr/bin/kiosk-app
 Restart=always
 SendSIGHUP=true

rpms/SOURCES/kiosk-app

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -Eeuo pipefail
+
+while ! curl -sf --connect-timeout 5 --expect100-timeout 5 "$KIOSK_URL"; do
+    echo "Waiting for the Kiosk APP to become available..."
+    sleep 10
+done
+
+exec /usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk "$KIOSK_URL"

rpms/SOURCES/kiosk-environment

@@ -1 +1 @@
-export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
+export KIOSK_URL=http://10.43.191.230/

rpms/SOURCES/microshift-kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- main-manifest.yaml

rpms/SOURCES/microshift-main-manifest.yaml

@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubernetes.io/metadata.name: kiosk-app
+  name: kiosk-app
+spec:
+  finalizers:
+  - kubernetes
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: haproxy
+  namespace: kiosk-app
+data:
+  haproxy.cfg: |
+    global
+      log stdout format raw local0
+      maxconn     4000
+
+    defaults
+        mode                    http
+        log                     global
+        option                  dontlognull
+        option                  redispatch
+        retries                 3
+        timeout http-request    10s
+        timeout queue           1m
+        timeout connect         10s
+        timeout client          1m
+        timeout server          1m
+        timeout http-keep-alive 10s
+        timeout check           10s
+        maxconn                 3000
+
+    frontend webserver
+      bind 0.0.0.0:8080
+      acl main_service_failed nbsrv(appserver_main) le 0
+      use_backend appserver_backup if main_service_failed
+      default_backend appserver_main
+
+    backend appserver_main
+      http-request set-header Host ipinfo.io
+      balance roundrobin
+      # 34.117.186.192 is one of the IP Addresses serving the website "ipinfo.io"
+      server svc-main1 34.117.186.192:80 check
+
+    backend appserver_backup 
+      http-request set-header Host kiosk-app.kiosk-app.svc.cluster.local
+      balance roundrobin
+      server svc-backup1 kiosk-app:5000 check
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: haproxy
+  namespace: kiosk-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haproxy
+  template:
+    metadata:
+      labels:
+        app: haproxy
+    spec:
+      containers:
+      - name: haproxy
+        image: haproxy:latest
+        volumeMounts:
+        - name: config-volume
+          mountPath: /usr/local/etc/haproxy/haproxy.cfg
+          subPath: haproxy.cfg
+        ports:
+        - containerPort: 8080
+      volumes:
+      - name: config-volume
+        configMap:
+          name: haproxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: haproxy
+  namespace: kiosk-app
+spec:
+  type: ClusterIP
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  clusterIP: 10.43.191.230
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: haproxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kiosk-app
+  namespace: kiosk-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kiosk-app
+  template:
+    metadata:
+      labels:
+        app: kiosk-app
+    spec:
+      containers:
+      - name: kiosk-app
+        image: quay.io/nmasse_itix/kiosk-app:latest
+        ports:
+        - containerPort: 5000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kiosk-app
+  namespace: kiosk-app
+spec:
+  type: ClusterIP
+  ports:
+  - port: 5000
+    targetPort: 5000
+  selector:
+    app: kiosk-app

rpms/SPECS/kiosk-config.spec

@@ -10,6 +10,7 @@ Source3:    redhat-kiosk-sampleapp.session
 Source4:    redhat-kiosk-sampleapp.desktop
 Source5:    com.redhat.Kiosk.SampleApp.service
 Source6:    session.conf
+Source7:    kiosk-app
 Requires(pre): shadow-utils
 Requires: gnome-kiosk
 Requires: gdm
@@ -39,6 +40,7 @@ cp %{S:3} redhat-kiosk-sampleapp.session
 cp %{S:4} redhat-kiosk-sampleapp.desktop
 cp %{S:5} com.redhat.Kiosk.SampleApp.service
 cp %{S:6} session.conf
+cp %{S:7} kiosk-app
 
 %build
 
@@ -54,6 +56,7 @@ install -m 0644 -D session.conf %{buildroot}%{_userunitdir}/gnome-session@redhat
 install -m 0755 -d %{buildroot}/etc/accountsservice/user-templates/
 install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/standard
 install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/administrator
+install -m 0755 -D kiosk-app %{buildroot}/usr/bin/kiosk-app
 
 %files
 %config(noreplace) %attr(0644, root, root) /etc/profile.d/kiosk.sh
@@ -65,6 +68,7 @@ install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates
 %attr(0644, root, root) %{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf
 %config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/standard
 %config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/administrator
+%attr(0755, root, root) /usr/bin/kiosk-app
 
 %pre
 getent group kiosk >/dev/null 2>&1 || groupadd kiosk

rpms/SPECS/microshift-manifests.spec

@@ -0,0 +1,36 @@
+Name:       microshift-manifests
+Version:    0.0.1
+Release:    rh1
+Summary:    Custom manifests for Microshift
+License:    BSD
+Source0:    microshift-kustomization.yaml
+Source1:    microshift-main-manifest.yaml
+Requires:   microshift
+
+%description
+Custom manifests for Microshift
+
+# Since we don't recompile from source, disable the build_id checking
+%global _missing_build_ids_terminate_build 0
+%global _build_id_links none
+%global debug_package %{nil}
+
+# We are evil, we have no changelog !
+%global source_date_epoch_from_changelog 0
+
+%prep
+cp %{S:0} kustomization.yaml
+cp %{S:1} main-manifest.yaml
+
+%build
+
+%install
+install -m 0755 -d %{buildroot}/usr/lib/microshift/manifests.d/custom/
+install -m 0644 -D kustomization.yaml %{buildroot}/usr/lib/microshift/manifests.d/custom/kustomization.yaml
+install -m 0644 -D main-manifest.yaml %{buildroot}/usr/lib/microshift/manifests.d/custom/main-manifest.yaml
+
+%files
+%attr(0644, root, root) /usr/lib/microshift/manifests.d/custom/kustomization.yaml
+%attr(0644, root, root) /usr/lib/microshift/manifests.d/custom/main-manifest.yaml
+
+%changelog