forked from pool/rmt-server-image
[info=f55074f276c04f7d4cbd02bf74ab24fe]
OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/rmt-server-image?expand=0&rev=182
This commit is contained in:
commit
0e495a5edf
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
47
Dockerfile
Normal file
47
Dockerfile
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon.
|
||||||
|
|
||||||
|
# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
|
||||||
|
# It is maintained by the BCI team and generated by
|
||||||
|
# https://github.com/SUSE/BCI-dockerfile-generator
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
# You can contact the BCI team via https://github.com/SUSE/bci/discussions
|
||||||
|
|
||||||
|
|
||||||
|
#!BuildTag: opensuse/rmt-server:%%rmt_version%%
|
||||||
|
#!BuildTag: opensuse/rmt-server:%%rmt_version%%-%RELEASE%
|
||||||
|
#!BuildTag: opensuse/rmt-server:latest
|
||||||
|
|
||||||
|
FROM opensuse/tumbleweed:latest
|
||||||
|
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=org.opensuse.application.rmt-server
|
||||||
|
LABEL org.opencontainers.image.authors="openSUSE (https://www.opensuse.org/)"
|
||||||
|
LABEL org.opencontainers.image.title="openSUSE Tumbleweed SUSE RMT server"
|
||||||
|
LABEL org.opencontainers.image.description="SUSE RMT server container based on the openSUSE Tumbleweed Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="%%rmt_version%%"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.opensuse.org"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="openSUSE Project"
|
||||||
|
LABEL org.opencontainers.image.source="%SOURCEURL%"
|
||||||
|
LABEL org.opensuse.reference="registry.opensuse.org/opensuse/rmt-server:%%rmt_version%%-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
|
||||||
|
LABEL org.opensuse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/rmt-server-image/README.md"
|
||||||
|
|
||||||
|
RUN set -euo pipefail; zypper -n in --no-recommends rmt-server catatonit; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2}
|
||||||
|
ENV RAILS_ENV="production"
|
||||||
|
ENV LANG="en"
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
||||||
|
CMD ["/usr/share/rmt/bin/rails", "server", "-e", "production"]
|
||||||
|
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||||
|
RUN set -euo pipefail; chmod +x /usr/local/bin/entrypoint.sh
|
117
README.md
Normal file
117
README.md
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
# The {self.title} container image
|
||||||
|
![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green)
|
||||||
|
|
||||||
|
# Purpose
|
||||||
|
|
||||||
|
This chart deploys a SUSE Repository Mirroring Tool (RMT) server on Kubernetes.
|
||||||
|
It is tested on K3s but should work on any Kubernetes distribution.
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
To deploy SUSE RMT on top of Kubernetes, each component of the stack is deployed in a dedicated container using a
|
||||||
|
Helm chart.
|
||||||
|
### Repository Mirroring Tool (SUSE RMT) server
|
||||||
|
|
||||||
|
A containerized version of the SUSE RMT application that can pass its configuration via Helm values. Because persistent storage resides on a persistent volume, you need to adjust the volume size according to the number of repositories you need to mirror.
|
||||||
|
|
||||||
|
### MariaDB
|
||||||
|
|
||||||
|
The database back-end for SUSE RMT.
|
||||||
|
If needed, RMT creates the database and tables at startup, so no specific
|
||||||
|
post-installation task is required for it to be usable. Passwords are
|
||||||
|
self-generated, unless explicitly specified in the values file.
|
||||||
|
|
||||||
|
### NGINX
|
||||||
|
|
||||||
|
The web server with appropriate configuration for RMT routes. Having a correctly
|
||||||
|
configured web server right from the start allows you to target your ingress traffic
|
||||||
|
(for RMT) to directly to the server. You don't have to configure ingress for RMT specific
|
||||||
|
paths handling, as NGINX is configured to do that.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- a running Kubernetes cluster
|
||||||
|
- helm command configured to interact with the cluster
|
||||||
|
|
||||||
|
The Helm chart can be obtained using the following command:
|
||||||
|
|
||||||
|
`helm pull oci://registry.suse.com/suse/rmt-helm`
|
||||||
|
|
||||||
|
## Custom mandatory values
|
||||||
|
|
||||||
|
Certain values of the chart do not have any defaults:
|
||||||
|
- SCC mirroring credentials (refer to [more information](https://documentation.suse.com/sles/html/SLES-all/cha-rmt-mirroring.html#sec-rmt-mirroring-credentials) for more information)
|
||||||
|
- list of products to mirror
|
||||||
|
- list of products not to mirror
|
||||||
|
- DNS name used to reach the RMT server
|
||||||
|
- configured [storage](https://kubernetes.io/docs/concepts/storage/)
|
||||||
|
|
||||||
|
Before deploying the chart, you must fill a custom values file.
|
||||||
|
|
||||||
|
The following example enables ingress with TLS. The `create-certs.sh` script
|
||||||
|
supplied with the Helm chart can be used
|
||||||
|
to create self-signed certificates and add them to Kubernetes as a usable TLS
|
||||||
|
secret.
|
||||||
|
|
||||||
|
```
|
||||||
|
cat << EOF > myvalues.yaml
|
||||||
|
---
|
||||||
|
app:
|
||||||
|
storage:
|
||||||
|
class: my-storage-class
|
||||||
|
scc:
|
||||||
|
username: UXXXXXXX
|
||||||
|
password: PASSXXXX
|
||||||
|
products_enable:
|
||||||
|
- SLES/15.3/x86_64
|
||||||
|
- sle-module-python2/15.3/x86_64
|
||||||
|
products_disable:
|
||||||
|
- sle-module-legacy/15.3/x86_64
|
||||||
|
- sle-module-cap-tools/15.3/x86_64
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- host: chart-example.local
|
||||||
|
paths:
|
||||||
|
- path: "/"
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- secretName: rmt-cert
|
||||||
|
hosts:
|
||||||
|
- chart-example.local
|
||||||
|
db:
|
||||||
|
storage:
|
||||||
|
class: my-storage-class
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
The required values in the custom value file are as follows:
|
||||||
|
|
||||||
|
- `app.scc.password` SUSE Customer Center proxy password. The password string must be in quotes. If the quote character `"` is part of the string, it has to be escaped with `\`.
|
||||||
|
- `app.scc.username` SUSE Customer Center proxy user name. The user name string must be quotes. If the quote character `"` is part of the string, it has to be escaped with `\`.
|
||||||
|
- `app.scc.products_enable` List of products to enable for mirroring.
|
||||||
|
- `app.scc.products_disable` list of products to exclude from mirroring.
|
||||||
|
- `app.storage.class` Kubernetes storageclass.
|
||||||
|
- `db.storage.class` Kubernetes storageclass.
|
||||||
|
- `ingress.enabled` Enable or disable ingress.
|
||||||
|
- `ingress.hosts[0]` DNS name at which the RMT service is be accessible from clients.
|
||||||
|
- `ingress.tls[0].hosts[0]` DNS name at which the RMT service is be accessible from clients.
|
||||||
|
- `ingress.tls[0].secretName` TLS ingress certificate.
|
||||||
|
|
||||||
|
## Deploying
|
||||||
|
|
||||||
|
`helm install rmt ./helm -f myvalues.yaml`
|
||||||
|
|
||||||
|
## Further info
|
||||||
|
|
||||||
|
For more information on using RMT, refer to the [RMT Guide](https://documentation.suse.com/sles/html/SLES-all/book-rmt.html).
|
||||||
|
|
||||||
|
## Licensing
|
||||||
|
|
||||||
|
`SPDX-License-Identifier: MIT`
|
||||||
|
|
||||||
|
This documentation and the build recipe are licensed as MIT.
|
||||||
|
The container itself contains various software components under various open source licenses listed in the associated
|
||||||
|
Software Bill of Materials (SBOM).
|
||||||
|
|
||||||
|
This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).
|
10
_service
Normal file
10
_service
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
<services>
|
||||||
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="regex">%%rmt_version%%</param>
|
||||||
|
<param name="package">rmt-server</param>
|
||||||
|
<param name="parse-version">minor</param>
|
||||||
|
</service>
|
||||||
|
</services>
|
58
entrypoint.sh
Normal file
58
entrypoint.sh
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# PV could be empty, make sure the directories exist
|
||||||
|
mkdir -p /var/lib/rmt/public/repo
|
||||||
|
mkdir -p /var/lib/rmt/public/suma
|
||||||
|
mkdir -p /var/lib/rmt/regsharing
|
||||||
|
mkdir -p /var/lib/rmt/tmp
|
||||||
|
# Set permissions
|
||||||
|
chown -R _rmt:nginx /var/lib/rmt
|
||||||
|
|
||||||
|
if [ -z "${MYSQL_HOST}" ]; then
|
||||||
|
echo "MYSQL_HOST not set!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "${MYSQL_PASSWORD}" ]; then
|
||||||
|
echo "MYSQL_PASSWORD not set!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
MYSQL_DATABASE="${MYSQL_DATABASE:-rmt}"
|
||||||
|
MYSQL_USER="${MYSQL_USER:-rmt}"
|
||||||
|
SCC_SYNC="${SCC_SYNC:-true}"
|
||||||
|
|
||||||
|
# Create adjusted /etc/rmt.conf
|
||||||
|
echo -e "database:\n host: ${MYSQL_HOST}\n database: ${MYSQL_DATABASE}\n username: ${MYSQL_USER}\n password: ${MYSQL_PASSWORD}" > /etc/rmt.conf
|
||||||
|
echo -e " adapter: mysql2\n encoding: utf8\n timeout: 5000\n pool: 5\n" >> /etc/rmt.conf
|
||||||
|
echo -e "scc:\n username: ${SCC_USERNAME}\n password: ${SCC_PASSWORD}\n sync_systems: true\n scc_sync: ${SCC_SYNC}\n" >> /etc/rmt.conf
|
||||||
|
echo -e "log_level:\n rails: debug" >> /etc/rmt.conf
|
||||||
|
|
||||||
|
if [ $# -eq 0 ]; then
|
||||||
|
set -- /usr/share/rmt/bin/rails server -e production
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" == "/usr/share/rmt/bin/rails" -a "$2" == "server" ]; then
|
||||||
|
echo "Create/migrate SUSE RMT database"
|
||||||
|
pushd /usr/share/rmt > /dev/null
|
||||||
|
/usr/share/rmt/bin/rails db:create db:migrate RAILS_ENV=production
|
||||||
|
popd > /dev/null
|
||||||
|
if [ ${SCC_SYNC} == "true" ]; then
|
||||||
|
echo "Syncing product list"
|
||||||
|
rmt-cli sync
|
||||||
|
for PRODUCT in $SCC_PRODUCT_ENABLE
|
||||||
|
do
|
||||||
|
rmt-cli products enable $PRODUCT
|
||||||
|
done
|
||||||
|
for PRODUCT in $SCC_PRODUCT_DISABLE
|
||||||
|
do
|
||||||
|
rmt-cli products disable $PRODUCT
|
||||||
|
done
|
||||||
|
rmt-cli repos clean
|
||||||
|
fi
|
||||||
|
echo "Executing: catatonit -- $@"
|
||||||
|
exec catatonit -- "$@"
|
||||||
|
else
|
||||||
|
echo "Executing: $@"
|
||||||
|
exec "$@"
|
||||||
|
fi
|
119
rmt-server-image.changes
Normal file
119
rmt-server-image.changes
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 8 16:52:23 UTC 2024 - Natnael Getahun <natnael.getahun@suse.com>
|
||||||
|
|
||||||
|
- update rmt.conf to store airgap state in a separate config var.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 8 16:43:43 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- remove oci reference annotation again
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 5 11:38:13 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- add OCI reference annotation
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Aug 3 08:56:51 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- set OCI.authors attribute instead of deprecated MAINTAINER
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 31 12:06:45 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- set specific lifecycle url for openSUSE BCI
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 30 06:41:22 UTC 2024 - Natnael Getahun <natnael.getahun@suse.com>
|
||||||
|
|
||||||
|
- implement airgapped mode for rmt-server
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 8 08:57:27 UTC 2024 - Dmitri Popov <dmitri.popov@suse.com>
|
||||||
|
|
||||||
|
- README update to include helm chart instructions
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 18 17:24:16 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- use sentence style capitalization in READMEs
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 10 15:11:25 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update README; reduce unnecessary newlines
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 5 15:13:27 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Don't add artifacthub labels into labelprefix section
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 4 12:35:15 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
||||||
|
|
||||||
|
- Fix grammar mistake in licensing footer
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 17 07:41:58 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- README updates from doc team
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 16 13:40:35 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Update README from upstream
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 7 19:07:24 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- extend READMEs; correct eula for application images
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 12 12:03:53 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- Don't wipe everything in /var/log, only remove log files (this omits directories owned by packages)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add initial README stub
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 2 08:26:58 UTC 2024 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update year to 2024
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 28 14:29:10 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- add copyright and description header
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 23 15:33:33 UTC 2023 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- label capitalization and related cleanups
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 30 06:52:56 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add release stage and lifecycle url
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 3 07:24:36 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Add org.opencontainers.image.source label set to %SOURCEURL%
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 21 14:05:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- BuildTag sorting and consistency fixes
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 15 11:06:34 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Increase compatibility with openSUSE
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 3 09:03:35 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
- Use set -euo pipefail in every RUN command, use ; instead of && to prevent masking failures
|
Loading…
Reference in New Issue
Block a user