Add logically bound images for EDPM services

This change adds logically bound images for use with bootc.
This is implementing based on: https://containers.github.io/bootc/logically-bound-images.html

Signed-off-by: Brendan Shephard <[email protected]>

Author: bshephar

bootc/Containerfile.centos9

@@ -4,34 +4,64 @@ RUN rm -rf /etc/yum.repos.d/*.repo
 COPY output/yum.repos.d /etc/yum.repos.d
 
 ARG PACKAGES="\
-bind-utils \
-buildah \
-cephadm \
-chrony \
-cloud-init \
-crudini \
-crypto-policies-scripts \
-device-mapper-multipath \
-driverctl \
-grubby \
-iproute-tc \
-iptables-services \
-iscsi-initiator-utils \
-jq \
-lvm2 \
-nftables \
-numactl \
-openssh-server \
-openstack-selinux \
-openvswitch \
-os-net-config \
-podman \
-python3-libselinux \
-python3-pyyaml \
-rsync \
-tmpwatch \
-tuned-profiles-cpu-partitioning \
-sysstat"
+	bind-utils \
+	buildah \
+	cephadm \
+	chrony \
+	cloud-init \
+	crudini \
+	crypto-policies-scripts \
+	device-mapper-multipath \
+	driverctl \
+	grubby \
+	iproute-tc \
+	iptables-services \
+	iscsi-initiator-utils \
+	jq \
+	lvm2 \
+	NetworkManager-ovs \
+	nftables \
+	numactl \
+	openssh-server \
+	openstack-selinux \
+	openvswitch \
+	os-net-config \
+	podman \
+	python3-libselinux \
+	python3-pyyaml \
+	rsync \
+	sysstat \
+	tmpwatch \
+	tuned-profiles-cpu-partitioning"
+
 ARG ENABLE_UNITS="openvswitch"
 
 RUN dnf -y update && dnf -y install $PACKAGES && dnf clean all && systemctl enable $ENABLE_UNITS
+
+# Template systemd service for services
+COPY embedded-services/quadlets/systemd/service-template.kube /usr/share/containers/systemd/[email protected]
+
+## Service specific quadlets
+COPY embedded-services/quadlets/ovn-controller/ovn_controller.yaml /usr/share/containers/systemd/ovn_controller.yaml
+COPY embedded-services/quadlets/ovn-controller/ovn_controller.image /usr/share/containers/systemd/ovn_controller.image
+COPY embedded-services/quadlets/iscsid/iscsid.yaml /usr/share/containers/systemd/iscsid.yaml
+COPY embedded-services/quadlets/iscsid/iscsid.image /usr/share/containers/systemd/iscsid.image
+COPY embedded-services/quadlets/nova_compute/nova_compute.yaml /usr/share/containers/systemd/nova_compute.yaml
+COPY embedded-services/quadlets/nova_compute/nova_compute.image /usr/share/containers/systemd/nova_compute.image
+COPY embedded-services/quadlets/ovn_metadata_agent/ovn_metadata_agent.yaml /usr/share/containers/systemd/ovn_metadata_agent.yaml
+COPY embedded-services/quadlets/ovn_metadata_agent/ovn_metadata_agent.image /usr/share/containers/systemd/ovn_metadata_agent.image
+COPY embedded-services/quadlets/logrotate_crond/logrotate_crond.yaml /usr/share/containers/systemd/logrotate_crond.yaml
+COPY embedded-services/quadlets/logrotate_crond/logrotate_crond.image /usr/share/containers/systemd/logrotate_crond.image
+COPY embedded-services/quadlets/multipathd/multipathd.yaml /usr/share/containers/systemd/multipathd.yaml
+COPY embedded-services/quadlets/multipathd/multipathd.image /usr/share/containers/systemd/multipathd.image
+COPY embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.yaml /usr/share/containers/systemd/ceilometer_agent_compute.yaml
+COPY embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.image /usr/share/containers/systemd/ceilometer_agent_compute.image
+
+# Pre-cache containers for each service
+RUN podman pull quay.io/podified-antelope-centos9/openstack-ceilometer-compute:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-iscsid:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-cron:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-multipathd:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-ovn-controller:current-podified
+RUN podman pull quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified

bootc/embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.image

@@ -0,0 +1,5 @@
+[install]
+WantedBy=edpm-compute@ceilometer_agent_compute.service
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-ceilometer-compute:current-podified

bootc/embedded-services/quadlets/ceilometer_agent_compute/ceilometer_agent_compute.yaml

@@ -0,0 +1,95 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options: /var/lib/openstack/cacerts/telemetry/tls-ca-bundle.pem:z
+  labels:
+    app: ceilometeragentcompute
+  name: ceilometeragentcompute
+spec:
+  containers:
+  - args:
+    - kolla_start
+    env:
+    - name: KOLLA_CONFIG_STRATEGY
+      value: COPY_ALWAYS
+    - name: OS_ENDPOINT_TYPE
+      value: internal
+    image: quay.io/podified-antelope-centos9/openstack-ceilometer-compute@sha256:f6bba9df7ce1d877daa7fe2cd36e5149b99ded1f3e9b88576944d83a4429f25b
+    name: ceilometeragentcompute
+    securityContext:
+      runAsGroup: 42405
+      runAsUser: 42405
+      seLinuxOptions:
+        type: ceilometer_polling_t
+    volumeMounts:
+    - mountPath: /openstack
+      name: var-lib-openstack-healthchecks-ceilometer_agent_compute-host-0
+      readOnly: true
+    - mountPath: /etc/pki/tls/certs/ca-bundle.trust.crt
+      name: etc-pki-tls-certs-ca-bundle.trust.crt-host-1
+      readOnly: true
+    - mountPath: /run/libvirt
+      name: run-libvirt-host-2
+      readOnly: true
+    - mountPath: /dev/log
+      name: dev-log-host-3
+    - mountPath: /etc/pki/ca-trust/source/anchors
+      name: etc-pki-ca-trust-source-anchors-host-4
+      readOnly: true
+    - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+      name: var-lib-openstack-cacerts-telemetry-tls-ca-bundle.pem-host-5
+      readOnly: true
+    - mountPath: /var/lib/kolla/config_files/config.json
+      name: var-lib-openstack-config-telemetry-ceilometer-agent-compute.json-host-6
+    - mountPath: /etc/hosts
+      name: etc-hosts-host-7
+      readOnly: true
+    - mountPath: /var/lib/openstack/config/
+      name: var-lib-openstack-config-telemetry-host-8
+    - mountPath: /etc/localtime
+      name: etc-localtime-host-9
+      readOnly: true
+  hostNetwork: true
+  volumes:
+  - hostPath:
+      path: /var/lib/openstack/healthchecks/ceilometer_agent_compute
+      type: Directory
+    name: var-lib-openstack-healthchecks-ceilometer_agent_compute-host-0
+  - hostPath:
+      path: /etc/pki/tls/certs/ca-bundle.trust.crt
+      type: File
+    name: etc-pki-tls-certs-ca-bundle.trust.crt-host-1
+  - hostPath:
+      path: /run/libvirt
+      type: Directory
+    name: run-libvirt-host-2
+  - hostPath:
+      path: /dev/log
+      type: File
+    name: dev-log-host-3
+  - hostPath:
+      path: /etc/pki/ca-trust/source/anchors
+      type: Directory
+    name: etc-pki-ca-trust-source-anchors-host-4
+  - hostPath:
+      path: /var/lib/openstack/cacerts/telemetry/tls-ca-bundle.pem
+      type: File
+    name: var-lib-openstack-cacerts-telemetry-tls-ca-bundle.pem-host-5
+  - hostPath:
+      path: /var/lib/openstack/config/telemetry/ceilometer-agent-compute.json
+      type: File
+    name: var-lib-openstack-config-telemetry-ceilometer-agent-compute.json-host-6
+  - hostPath:
+      path: /etc/hosts
+      type: File
+    name: etc-hosts-host-7
+  - hostPath:
+      path: /var/lib/openstack/config/telemetry
+      type: Directory
+    name: var-lib-openstack-config-telemetry-host-8
+  - hostPath:
+      path: /etc/localtime
+      type: File
+    name: etc-localtime-host-9

bootc/embedded-services/quadlets/iscsid/iscsid.image

@@ -0,0 +1,5 @@
+[install]
+[email protected]
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-iscsid:current-podified

bootc/embedded-services/quadlets/iscsid/iscsid.yaml

@@ -0,0 +1,137 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options: /etc/iscsi:z
+  creationTimestamp: "2024-12-09T02:00:14Z"
+  labels:
+    app: iscsid
+  name: iscsid
+spec:
+  containers:
+  - args:
+    - kolla_start
+    env:
+    - name: KOLLA_CONFIG_STRATEGY
+      value: COPY_ALWAYS
+    image: quay.io/podified-antelope-centos9/openstack-iscsid@sha256:4c9b5389a2564388e7a862d5756c37dc7d9739472b8d822dd6faae868a483a2d
+    name: iscsid
+    securityContext:
+      privileged: true
+      procMount: Unmasked
+    volumeMounts:
+    - mountPath: /etc/pki/ca-trust/source/anchors
+      name: etc-pki-ca-trust-source-anchors-host-0
+      readOnly: true
+    - mountPath: /etc/target
+      name: etc-target-host-1
+    - mountPath: /etc/pki/tls/cert.pem
+      name: etc-pki-tls-cert.pem-host-2
+      readOnly: true
+    - mountPath: /sys
+      name: sys-host-3
+    - mountPath: /dev/log
+      name: dev-log-host-4
+    - mountPath: /lib/modules
+      name: lib-modules-host-5
+      readOnly: true
+    - mountPath: /var/lib/iscsi
+      name: var-lib-iscsi-host-6
+    - mountPath: /etc/hosts
+      name: etc-hosts-host-7
+      readOnly: true
+    - mountPath: /etc/localtime
+      name: etc-localtime-host-8
+      readOnly: true
+    - mountPath: /etc/pki/tls/certs/ca-bundle.crt
+      name: etc-pki-tls-certs-ca-bundle.crt-host-9
+      readOnly: true
+    - mountPath: /etc/pki/tls/certs/ca-bundle.trust.crt
+      name: etc-pki-tls-certs-ca-bundle.trust.crt-host-10
+      readOnly: true
+    - mountPath: /etc/pki/ca-trust/extracted
+      name: etc-pki-ca-trust-extracted-host-11
+      readOnly: true
+    - mountPath: /var/lib/kolla/config_files/config.json
+      name: var-lib-kolla-config_files-iscsid.json-host-12
+      readOnly: true
+    - mountPath: /etc/iscsi
+      name: etc-iscsi-host-13
+    - mountPath: /run
+      name: run-host-14
+    - mountPath: /dev
+      name: dev-host-15
+    - mountPath: /openstack
+      name: var-lib-openstack-healthchecks-iscsid-host-16
+      readOnly: true
+  hostNetwork: true
+  volumes:
+  - hostPath:
+      path: /etc/pki/ca-trust/source/anchors
+      type: Directory
+    name: etc-pki-ca-trust-source-anchors-host-0
+  - hostPath:
+      path: /etc/target
+      type: Directory
+    name: etc-target-host-1
+  - hostPath:
+      path: /etc/pki/tls/cert.pem
+      type: File
+    name: etc-pki-tls-cert.pem-host-2
+  - hostPath:
+      path: /sys
+      type: Directory
+    name: sys-host-3
+  - hostPath:
+      path: /dev/log
+      type: File
+    name: dev-log-host-4
+  - hostPath:
+      path: /lib/modules
+      type: Directory
+    name: lib-modules-host-5
+  - hostPath:
+      path: /var/lib/iscsi
+      type: Directory
+    name: var-lib-iscsi-host-6
+  - hostPath:
+      path: /etc/hosts
+      type: File
+    name: etc-hosts-host-7
+  - hostPath:
+      path: /etc/localtime
+      type: File
+    name: etc-localtime-host-8
+  - hostPath:
+      path: /etc/pki/tls/certs/ca-bundle.crt
+      type: File
+    name: etc-pki-tls-certs-ca-bundle.crt-host-9
+  - hostPath:
+      path: /etc/pki/tls/certs/ca-bundle.trust.crt
+      type: File
+    name: etc-pki-tls-certs-ca-bundle.trust.crt-host-10
+  - hostPath:
+      path: /etc/pki/ca-trust/extracted
+      type: Directory
+    name: etc-pki-ca-trust-extracted-host-11
+  - hostPath:
+      path: /var/lib/kolla/config_files/iscsid.json
+      type: File
+    name: var-lib-kolla-config_files-iscsid.json-host-12
+  - hostPath:
+      path: /etc/iscsi
+      type: Directory
+    name: etc-iscsi-host-13
+  - hostPath:
+      path: /run
+      type: Directory
+    name: run-host-14
+  - hostPath:
+      path: /dev
+      type: Directory
+    name: dev-host-15
+  - hostPath:
+      path: /var/lib/openstack/healthchecks/iscsid
+      type: Directory
+    name: var-lib-openstack-healthchecks-iscsid-host-16

bootc/embedded-services/quadlets/logrotate_crond/logrotate_crond.image

@@ -0,0 +1,5 @@
+[install]
+WantedBy=edpm-compute@logrotate_crond.service
+
+[Image]
+Image=quay.io/podified-antelope-centos9/openstack-cron:current-podified