From f6a76191e7a6828d3930b39f8cb0e28de4e1c2ae798ebe9a7973586f6215f4a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Mon, 8 Jul 2024 09:01:28 +0000 Subject: [PATCH] [info=67ca86f9b66eca97e550e4edb36400fd] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/rmt-server-image?expand=0&rev=167 --- .gitattributes | 23 ++++++++ .gitignore | 1 + Dockerfile | 48 ++++++++++++++++ README.md | 117 +++++++++++++++++++++++++++++++++++++++ _service | 10 ++++ entrypoint.sh | 55 ++++++++++++++++++ rmt-server-image.changes | 89 +++++++++++++++++++++++++++++ 7 files changed, 343 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 _service create mode 100644 entrypoint.sh create mode 100644 rmt-server-image.changes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1b56f12 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: MIT + +# Copyright (c) 2024 SUSE LLC + +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. + +# The content of THIS FILE IS AUTOGENERATED and should not be manually modified. +# It is maintained by the BCI team and generated by +# https://github.com/SUSE/BCI-dockerfile-generator + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# You can contact the BCI team via https://github.com/SUSE/bci/discussions + + +#!BuildTag: opensuse/rmt-server:%%rmt_version%% +#!BuildTag: opensuse/rmt-server:%%rmt_version%%-%RELEASE% +#!BuildTag: opensuse/rmt-server:latest + +FROM opensuse/tumbleweed:latest + +MAINTAINER openSUSE (https://www.opensuse.org/) + +# Define labels according to https://en.opensuse.org/Building_derived_containers +# labelprefix=org.opensuse.application.rmt-server +LABEL org.opencontainers.image.title="openSUSE Tumbleweed SUSE RMT server" +LABEL org.opencontainers.image.description="SUSE RMT server container based on the openSUSE Tumbleweed Base Container Image." +LABEL org.opencontainers.image.version="%%rmt_version%%" +LABEL org.opencontainers.image.url="https://www.opensuse.org" +LABEL org.opencontainers.image.created="%BUILDTIME%" +LABEL org.opencontainers.image.vendor="openSUSE Project" +LABEL org.opencontainers.image.source="%SOURCEURL%" +LABEL org.opensuse.reference="registry.opensuse.org/opensuse/rmt-server:%%rmt_version%%-%RELEASE%" +LABEL org.openbuildservice.disturl="%DISTURL%" +LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime" +LABEL org.opensuse.release-stage="released" +# endlabelprefix +LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/rmt-server-image/README.md" + +RUN set -euo pipefail; zypper -n in --no-recommends rmt-server catatonit; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2} +ENV RAILS_ENV="production" +ENV LANG="en" + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["/usr/share/rmt/bin/rails", "server", "-e", "production"] +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +RUN set -euo pipefail; chmod +x /usr/local/bin/entrypoint.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..76de555 --- /dev/null +++ b/README.md @@ -0,0 +1,117 @@ +# The {self.title} container image +![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green) + +# Purpose + +This chart deploys a SUSE Repository Mirroring Tool (RMT) server on Kubernetes. +It is tested on K3s but should work on any Kubernetes distribution. + +## Overview + +To deploy SUSE RMT on top of Kubernetes, each component of the stack is deployed in a dedicated container using a +Helm chart. +### Repository Mirroring Tool (SUSE RMT) server + +A containerized version of the SUSE RMT application that can pass its configuration via Helm values. Because persistent storage resides on a persistent volume, you need to adjust the volume size according to the number of repositories you need to mirror. + +### MariaDB + +The database back-end for SUSE RMT. +If needed, RMT creates the database and tables at startup, so no specific +post-installation task is required for it to be usable. Passwords are +self-generated, unless explicitly specified in the values file. + +### NGINX + +The web server with appropriate configuration for RMT routes. Having a correctly +configured web server right from the start allows you to target your ingress traffic +(for RMT) to directly to the server. You don't have to configure ingress for RMT specific +paths handling, as NGINX is configured to do that. + +## Prerequisites + +- a running Kubernetes cluster +- helm command configured to interact with the cluster + +The Helm chart can be obtained using the following command: + +`helm pull oci://registry.suse.com/suse/rmt-helm` + +## Custom mandatory values + +Certain values of the chart do not have any defaults: +- SCC mirroring credentials (refer to [more information](https://documentation.suse.com/sles/html/SLES-all/cha-rmt-mirroring.html#sec-rmt-mirroring-credentials) for more information) +- list of products to mirror +- list of products not to mirror +- DNS name used to reach the RMT server +- configured [storage](https://kubernetes.io/docs/concepts/storage/) + +Before deploying the chart, you must fill a custom values file. + +The following example enables ingress with TLS. The `create-certs.sh` script +supplied with the Helm chart can be used +to create self-signed certificates and add them to Kubernetes as a usable TLS +secret. + +``` +cat << EOF > myvalues.yaml +--- +app: + storage: + class: my-storage-class + scc: + username: UXXXXXXX + password: PASSXXXX + products_enable: + - SLES/15.3/x86_64 + - sle-module-python2/15.3/x86_64 + products_disable: + - sle-module-legacy/15.3/x86_64 + - sle-module-cap-tools/15.3/x86_64 +ingress: + enabled: true + hosts: + - host: chart-example.local + paths: + - path: "/" + pathType: Prefix + tls: + - secretName: rmt-cert + hosts: + - chart-example.local +db: + storage: + class: my-storage-class +EOF +``` + +The required values in the custom value file are as follows: + +- `app.scc.password` SUSE Customer Center proxy password. The password string must be in quotes. If the quote character `"` is part of the string, it has to be escaped with `\`. +- `app.scc.username` SUSE Customer Center proxy user name. The user name string must be quotes. If the quote character `"` is part of the string, it has to be escaped with `\`. +- `app.scc.products_enable` List of products to enable for mirroring. +- `app.scc.products_disable` list of products to exclude from mirroring. +- `app.storage.class` Kubernetes storageclass. +- `db.storage.class` Kubernetes storageclass. +- `ingress.enabled` Enable or disable ingress. +- `ingress.hosts[0]` DNS name at which the RMT service is be accessible from clients. +- `ingress.tls[0].hosts[0]` DNS name at which the RMT service is be accessible from clients. +- `ingress.tls[0].secretName` TLS ingress certificate. + +## Deploying + +`helm install rmt ./helm -f myvalues.yaml` + +## Further info + +For more information on using RMT, refer to the [RMT Guide](https://documentation.suse.com/sles/html/SLES-all/book-rmt.html). + +## Licensing + +`SPDX-License-Identifier: MIT` + +This documentation and the build recipe are licensed as MIT. +The container itself contains various software components under various open source licenses listed in the associated +Software Bill of Materials (SBOM). + +This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/). diff --git a/_service b/_service new file mode 100644 index 0000000..bd03860 --- /dev/null +++ b/_service @@ -0,0 +1,10 @@ + + + + + Dockerfile + %%rmt_version%% + rmt-server + minor + + \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..f9ab4ba --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,55 @@ +#!/bin/sh +set -e + +# PV could be empty, make sure the directories exist +mkdir -p /var/lib/rmt/public/repo +mkdir -p /var/lib/rmt/public/suma +mkdir -p /var/lib/rmt/regsharing +mkdir -p /var/lib/rmt/tmp +# Set permissions +chown -R _rmt:nginx /var/lib/rmt + +if [ -z "${MYSQL_HOST}" ]; then + echo "MYSQL_HOST not set!" + exit 1 +fi +if [ -z "${MYSQL_PASSWORD}" ]; then + echo "MYSQL_PASSWORD not set!" + exit 1 +fi + +MYSQL_DATABASE="${MYSQL_DATABASE:-rmt}" +MYSQL_USER="${MYSQL_USER:-rmt}" + +# Create adjusted /etc/rmt.conf +echo -e "database:\n host: ${MYSQL_HOST}\n database: ${MYSQL_DATABASE}\n username: ${MYSQL_USER}\n password: ${MYSQL_PASSWORD}" > /etc/rmt.conf +echo -e " adapter: mysql2\n encoding: utf8\n timeout: 5000\n pool: 5\n" >> /etc/rmt.conf +echo -e "scc:\n username: ${SCC_USERNAME}\n password: ${SCC_PASSWORD}\n sync_systems: true\n" >> /etc/rmt.conf +echo -e "log_level:\n rails: debug" >> /etc/rmt.conf + +if [ $# -eq 0 ]; then + set -- /usr/share/rmt/bin/rails server -e production +fi + +if [ "$1" == "/usr/share/rmt/bin/rails" -a "$2" == "server" ]; then + echo "Create/migrate SUSE RMT database" + pushd /usr/share/rmt > /dev/null + /usr/share/rmt/bin/rails db:create db:migrate RAILS_ENV=production + popd > /dev/null + echo "Syncing product list" + rmt-cli sync + for PRODUCT in $SCC_PRODUCT_ENABLE + do + rmt-cli products enable $PRODUCT + done + for PRODUCT in $SCC_PRODUCT_DISABLE + do + rmt-cli products disable $PRODUCT + done + rmt-cli repos clean + echo "Executing: catatonit -- $@" + exec catatonit -- "$@" +else + echo "Executing: $@" + exec "$@" +fi diff --git a/rmt-server-image.changes b/rmt-server-image.changes new file mode 100644 index 0000000..53aa928 --- /dev/null +++ b/rmt-server-image.changes @@ -0,0 +1,89 @@ +------------------------------------------------------------------- +Mon Jul 8 08:57:27 UTC 2024 - Dmitri Popov + +- README update to include helm chart instructions + +------------------------------------------------------------------- +Tue Jun 18 17:24:16 UTC 2024 - Dirk Mueller + +- use sentence style capitalization in READMEs + +------------------------------------------------------------------- +Mon Jun 10 15:11:25 UTC 2024 - Dirk Mueller + +- update README; reduce unnecessary newlines + +------------------------------------------------------------------- +Wed Jun 5 15:13:27 UTC 2024 - Dirk Mueller + +- Don't add artifacthub labels into labelprefix section + +------------------------------------------------------------------- +Tue Jun 4 12:35:15 UTC 2024 - Alexandre Vicenzi + +- Fix grammar mistake in licensing footer + +------------------------------------------------------------------- +Fri May 17 07:41:58 UTC 2024 - Dirk Mueller + +- README updates from doc team + +------------------------------------------------------------------- +Thu May 16 13:40:35 UTC 2024 - Dirk Mueller + +- Update README from upstream + +------------------------------------------------------------------- +Tue May 7 19:07:24 UTC 2024 - Dirk Mueller + +- extend READMEs; correct eula for application images + +------------------------------------------------------------------- +Fri Apr 12 12:03:53 UTC 2024 - Dirk Mueller + +- Don't wipe everything in /var/log, only remove log files (this omits directories owned by packages) + +------------------------------------------------------------------- +Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák + +- Add initial README stub + +------------------------------------------------------------------- +Tue Jan 2 08:26:58 UTC 2024 - Dirk Mueller + +- update year to 2024 + +------------------------------------------------------------------- +Thu Sep 28 14:29:10 UTC 2023 - Dirk Mueller + +- add copyright and description header + +------------------------------------------------------------------- +Fri Jun 23 15:33:33 UTC 2023 - Dirk Mueller + +- label capitalization and related cleanups + +------------------------------------------------------------------- +Tue May 30 06:52:56 UTC 2023 - Dan Čermák + +- Add release stage and lifecycle url + +------------------------------------------------------------------- +Fri Mar 3 07:24:36 UTC 2023 - Dan Čermák + +- Add org.opencontainers.image.source label set to %SOURCEURL% + +------------------------------------------------------------------- +Wed Dec 21 14:05:30 UTC 2022 - Dirk Müller + +- BuildTag sorting and consistency fixes + +------------------------------------------------------------------- +Fri Jul 15 11:06:34 UTC 2022 - Dan Čermák + +- Increase compatibility with openSUSE + +------------------------------------------------------------------- +Tue May 3 09:03:35 UTC 2022 - Dan Čermák + +- Use set -euo pipefail in every RUN command, use ; instead of && to prevent masking failures