ansible-tripleo-modify-image - 允许修改为TripleO项目构建的容器镜像的Ansible角色。
项目描述
TripleO修改镜像
允许修改为TripleO项目构建的容器镜像的角色。
角色变量
.. list-table:: 修改镜像时使用的变量 :widths: auto :header-rows: 1
-
- 名称
- 默认值
- 描述
-
source_image[未定义]- 修改要修改的源镜像的完全限定引用。提供的Dockerfile将被复制并修改,以使FROM指令与该变量匹配。
-
modify_dir_path[未定义]- 修改要修改的镜像的Dockerfile所在的目录的必填路径
-
modified_append_tagdate +-modified-%Y%m%d%H%M%S- 要附加到标签后的字符串,以表明这是源镜像的修改版本。
-
target_image[未定义]- 如果设置,修改的镜像将被标记为
target_image + modified_append_tag。如果未设置target_image,则修改的镜像将被标记为source_image + modified_append_tag。如果图像的目的没有改变,可能只需要依赖于source_image + modified_append_tag标签来识别这是源镜像的修改版本。
.. list-table:: yum更新时使用的变量 :widths: auto :header-rows: 1
-
- 名称
- 默认值
- 描述
-
source_image[未定义]- 参见修改镜像变量
-
modified_append_tagdate +-modified-%Y%m%d%H%M%S- 参见修改镜像变量
-
target_image''- 参见修改镜像变量
-
rpms_path''- 如果设置,rpms_path中的包将被更新,但如果需要,还必须包括依赖项,因为yum是用localupdate调用的。
-
update_repo''- 如果设置,则将从该仓库更新软件包。其他仓库将仅用于这些更新的依赖项。
-
yum_repos_dir_pathNone- 更新期间用作
/etc/yum.repos.d的目录的可选路径
-
yum_cacheNone- 更新期间 yum 缓存的宿主目录的可选路径。需要支持 overlay 功能的文件系统,并且还支持 SE 上下文重新标记。
-
force_purge_yum_cacheFalse- 可选参数,告诉 buildah 强制使用新内容重新填充 yum 缓存。
.. list-table:: 用于 yum 安装的变量 :widths: auto :header-rows: 1
-
- 名称
- 默认值
- 描述
-
source_image[未定义]- 参见修改镜像变量
-
modified_append_tagdate +-modified-%Y%m%d%H%M%S- 参见修改镜像变量
-
target_image''- 参见修改镜像变量
-
yum_packages[]- 提供要安装的软件包列表
-
yum_repos_dir_pathNone- 更新期间用作
/etc/yum.repos.d的目录的可选路径
.. list-table:: 用于 dev 安装的变量 :widths: auto :header-rows: 1
-
- 名称
- 默认值
- 描述
-
source_image[未定义]- 参见修改镜像变量
-
modified_append_tagdate +-modified-%Y%m%d%H%M%S- 参见修改镜像变量
-
target_image''- 参见修改镜像变量
-
refspecs[]- 要安装到生成的容器中的项目/refspec 对的数组。目前仅支持 Python 源项目。
-
python_dir[]- 包含一个 Python 项目,该项目已准备好使用 pip 安装。
需求
- ansible >= 2.4
- python >= 2.6
依赖关系
None
警告
磁盘上的仓库 ....................
请确保磁盘上仓库的 SELinux 标签正确。根据您的 container-selinux(和 podman)版本,您可能会遇到问题。
正确类型的示例
system_u:object_r:rpm_var_cache_tsystem_u:object_r:container_file_t
第一个与 /var/cache/dnf 的一个相匹配,可以在容器内部访问,而第二个可能允许容器实际上写入其中。
位于用户家目录中的目录 ......................................
当运行此角色时,您可能希望避免指向 $HOME 中的目录,尤其是当它从 TripleO 客户端运行时(例如,使用 openstack tripleo container image prepare 命令)。这样做可能会因为与您的家目录关联的 SELinux 标签和权限而中断。
请使用其他位置,例如 /opt 或甚至 /tmp - 并仔细检查其中的 SELinux 标签。
示例 Playbooks
修改镜像
The following playbook will produce a modified image with the tag
`:latest-modified-<timestamp>` based on the Dockerfile in the custom directory
`/path/to/example_modify_dir`.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
tasks_from: modify_image.yml
vars:
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
modify_dir_path: /path/to/example_modify_dir
The directory `example_modify_dir` contains the `Dockerfile` which will perform
the modification, for example:
.. code-block::
# This will be replaced in the file Dockerfile.modified
FROM centos-binary-nova-api
# switch to root to install packages
USER root
# install packages
RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "/tmp/get-pip.py"
RUN python /tmp/get-pip.py
# switch the container back to the default user
USER nova
Yum update
~~~~~~~~~~
The following playbook will produce a modified image with the tag
`:latest-updated` which will do a yum update using the host's /etc/yum.repos.d.
Only file repositories will be used (with baseurl=file://...).
In this playbook the tasks\_from is set as a variable instead of an
`import_role` parameter.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: yum_update.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
yum_repos_dir_path: /etc/yum.repos.d
modified_append_tag: updated
yum_cache: /tmp/containers-updater/yum_cache
rpms_path: /opt/rpms
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: yum_update.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
modified_append_tag: updated
rpms_path: /opt/rpms/
Note, if you have a locally installed gating repo, you can add
``update_repo: gating-repo``. This may be the case for the consequent in-place
deployments, like those performed with the CI reproducer script.
Yum install
~~~~~~~~~~~
The following playbook will produce a modified image with the tag
`:latest-updated` which will do a yum install of the requested packages
using the host's /etc/yum.repos.d. In this playbook the tasks\_from is set as
a variable instead of an `import_role` parameter.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: yum_install.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
yum_repos_dir_path: /etc/yum.repos.d
yum_packages: ['foobar-nova-plugin', 'fizzbuzz-nova-plugin']
RPM install
~~~~~~~~~~~
The following playbook will produce a modified image with RPMs from the
specified rpms\_path on the local filesystem installed as a new layer
for the container. The new container tag is appened with the '-hotfix'
suffix. Useful for creating adhoc hotfix containers with local RPMs with no
network connectivity.
.. code-block::
- hosts: localhost
tasks:
- name: include ansible-role-tripleo-modify-image
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: rpm_install.yml
source_image: docker.io/tripleomaster/centos-binary-nova-api:latest
rpms_path: /opt/rpms
modified_append_tag: -hotfix
Dev install
~~~~~~~~~~~
The following playbook will produce a modified image with Python source
code installed via pip. To minimize dependencies within the container
we generate the sdist locally and then copy it into the resulting
container image as an sdist tarball to run pip install locally.
It can be used to pull a review from OpenDev Gerrit:
.. code-block::
- hosts: localhost
connection: local
tasks:
- name: dev install heat-api
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: dev_install.yml
source_image: docker.io/tripleomaster/centos-binary-heat-api:current-tripleo
refspecs:
-
project: heat
refspec: refs/changes/12/1234/3
modified_append_tag: -devel
or it can be used to build an image from a local Python directory:
.. code-block::
- hosts: localhost
connection: local
tasks:
- name: dev install heat-api
import_role:
name: ansible-role-tripleo-modify-image
vars:
tasks_from: dev_install.yml
source_image: docker.io/tripleomaster/centos-binary-heat-api:current-tripleo
modified_append_tag: -devel
python_dir:
- /home/joe/git/openstack/heat
Note: here, we can use a directory located in the user's home because it's
probably launched by the user.
License
-------
Apache 2.0
关闭
哈希值 for ansible-role-tripleo-modify-image-1.5.0.tar.gz
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 4582d09248575319068d9a01d5697d7d24152e834dc0785ca857bfb48c2679cf |
|
| MD5 | a2e273ee82c0c0f8770465ea711a182b |
|
| BLAKE2b-256 | 8abc87f68cf0002112fed806ee5a458a5e0df2123509b90d30e0b6dcc8671a80 |
关闭
哈希值 for ansible_role_tripleo_modify_image-1.5.0-py2.py3-none-any.whl
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 5cd731c1c9acdc42c4f518b345a66eb5270457483fa536ffd2d6c66363c84a94 |
|
| MD5 | 9bcbfe03b8a16907f897782292566e97 |
|
| BLAKE2b-256 | a2b884066dac29d23366a90fce8d17b9aeaaf3d4cb24150bab07f59bc48f0664 |
