ci: build magnum images (#1066)
Signed-off-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/Dockerfile b/Dockerfile
index 1cf987f..9c8e06b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,14 @@
FROM ubuntu:jammy-20240227 AS ubuntu
LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
+FROM ubuntu AS helm
+ARG TARGETOS
+ARG TARGETARCH
+ARG HELM_VERSION=3.14.0
+ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz
+RUN tar -xzf /helm.tar.gz
+RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm
+
FROM ubuntu AS ubuntu-cloud-archive
ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg
ARG RELEASE
@@ -123,3 +131,31 @@
FROM openstack-runtime AS barbican
COPY --from=barbican-build --link /var/lib/openstack /var/lib/openstack
+
+FROM alpine/git AS magnum-src
+ARG MAGNUM_GIT_REF
+ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src
+RUN git -C /src fetch --unshallow
+ARG RELEASE
+COPY patches/${RELEASE}/magnum /patches
+RUN if [ -n "$(ls -A /patches/*.patch)" ]; then git -C /src apply --verbose /patches/*; fi
+
+FROM openstack-venv-builder AS magnum-build
+COPY --from=magnum-src --link /src /src/magnum
+RUN <<EOF bash -xe
+pip3 install \
+ --constraint /upper-constraints.txt \
+ /src/magnum \
+ magnum-cluster-api==0.16.0
+EOF
+
+FROM openstack-runtime AS magnum
+RUN <<EOF bash -xe
+apt-get update -qq
+apt-get install -qq -y --no-install-recommends \
+ haproxy
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+EOF
+COPY --from=helm --link /usr/bin/helm /usr/local/bin/helm
+COPY --from=magnum-build --link /var/lib/openstack /var/lib/openstack
diff --git a/docker-bake.hcl b/docker-bake.hcl
index ea8a9be..7237361 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -52,8 +52,47 @@
}
}
+target "magnum" {
+ name = "magnum-${release.tgt}"
+
+ context = "."
+ target = "magnum"
+
+ cache-from = cache_from("magnum:${release.name}")
+ cache-to = cache_to("magnum:${release.name}")
+
+ tags = [
+ "${REGISTRY}/magnum:${release.name}",
+ "${REGISTRY}/magnum:${release.ref}"
+ ]
+
+ matrix = {
+ release = [
+ {
+ tgt = "zed",
+ name = "zed",
+ ref = "0ee979099a01ae2c8b1b5d6757897a8993e4e34c"
+ },
+ {
+ tgt = "bobcat",
+ name = "2023.2",
+ ref = "5f921a72d22d7e96fb3584c4906a39de9a085a41"
+ }
+ ]
+ }
+
+ args = {
+ RELEASE = release.name
+ BRANCH = format("stable/%s", release.name)
+ PROJECT = "magnum"
+ MAGNUM_GIT_REF = release.ref
+ }
+}
+
+
group "default" {
targets = [
- "barbican"
+ "barbican",
+ "magnum"
]
}
diff --git a/patches/2023.2/magnum/.gitkeep b/patches/2023.2/magnum/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/patches/2023.2/magnum/.gitkeep
diff --git a/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch b/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch
new file mode 100644
index 0000000..1a61a5c
--- /dev/null
+++ b/patches/zed/magnum/0000-Fix-Trust-token-scope-for-drivers.patch
@@ -0,0 +1,100 @@
+From 258fbb75be8a004d2ab092502f58508c95de6e84 Mon Sep 17 00:00:00 2001
+From: ricolin <rlin@vexxhost.com>
+Date: Fri, 21 Jul 2023 10:54:23 +0800
+Subject: [PATCH] Fix Trust token scope for drivers
+
+This fix driver token scope to make sure we use correct token
+scope from Trust.
+
+Change-Id: If5b31951959c7a141dc1cae5fefcabe4ebf438b3
+(cherry picked from commit eca79453c0097b0f63019821d3c2e9ecacebf784)
+---
+
+diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
+index 1e4cf14..e7debbc 100644
+--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
++++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
+@@ -62,6 +62,11 @@
+ "password": "$TRUSTEE_PASSWORD"
+ }
+ }
++ },
++ "scope": {
++ "OS-TRUST:trust": {
++ "id": "$TRUST_ID"
++ }
+ }
+ }
+ }
+diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+index 84bf839..d28149b 100644
+--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
++++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+@@ -98,6 +98,11 @@
+ "password": "$TRUSTEE_PASSWORD"
+ }
+ }
++ },
++ "scope": {
++ "OS-TRUST:trust": {
++ "id": "$TRUST_ID"
++ }
+ }
+ }
+ }
+diff --git a/magnum/drivers/common/templates/swarm/fragments/make-cert.py b/magnum/drivers/common/templates/swarm/fragments/make-cert.py
+index bd8cbd7..258ae6a 100644
+--- a/magnum/drivers/common/templates/swarm/fragments/make-cert.py
++++ b/magnum/drivers/common/templates/swarm/fragments/make-cert.py
+@@ -161,6 +161,11 @@
+ "password": "%(trustee_password)s"
+ }
+ }
++ },
++ "scope": {
++ "OS-TRUST:trust": {
++ "id": "$(trust_id)s"
++ }
+ }
+ }
+ }
+@@ -168,6 +173,7 @@
+ params = {
+ 'trustee_user_id': config['TRUSTEE_USER_ID'],
+ 'trustee_password': config['TRUSTEE_PASSWORD'],
++ 'trust_id': config['TRUST_ID'],
+ }
+ creds = creds_str % params
+ headers = {'Content-Type': 'application/json'}
+diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
+index dc910bf..846f49b 100644
+--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
++++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
+@@ -73,6 +73,11 @@
+ "password": "$TRUSTEE_PASSWORD"
+ }
+ }
++ },
++ "scope": {
++ "OS-TRUST:trust": {
++ "id": "$TRUST_ID"
++ }
+ }
+ }
+ }
+diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
+index 8ef1128..d9191bd 100644
+--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
++++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
+@@ -104,6 +104,11 @@
+ "password": "$TRUSTEE_PASSWORD"
+ }
+ }
++ },
++ "scope": {
++ "OS-TRUST:trust": {
++ "id": "$TRUST_ID"
++ }
+ }
+ }
+ }
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index da43a0d..dfb9d58 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -101,10 +101,10 @@
local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24@sha256:b7dea5221f06f6feed7788db0ad6b024a433c8f55533bd6cc792dc2079ff9ad2
loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine@sha256:bbd46452aae30a7cc7bc438f267af812c7a2b0f3b5bcd4cc55eb99669cea3f28
loki: docker.io/grafana/loki:2.7.3@sha256:8e3abbd89173066721fa07bddfee1c1a7a8fe59bed5b00a2fa09d2b3cef8758c
- magnum_api: ghcr.io/vexxhost/atmosphere/magnum:2023.2@sha256:14fd0e901f2ebae19d03638f91ac0a11267a1c9a1b5ad1b8f80147d3f6066a29
- magnum_cluster_api_proxy: ghcr.io/vexxhost/atmosphere/magnum:2023.2@sha256:14fd0e901f2ebae19d03638f91ac0a11267a1c9a1b5ad1b8f80147d3f6066a29
- magnum_conductor: ghcr.io/vexxhost/atmosphere/magnum:2023.2@sha256:14fd0e901f2ebae19d03638f91ac0a11267a1c9a1b5ad1b8f80147d3f6066a29
- magnum_db_sync: ghcr.io/vexxhost/atmosphere/magnum:2023.2@sha256:14fd0e901f2ebae19d03638f91ac0a11267a1c9a1b5ad1b8f80147d3f6066a29
+ magnum_api: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
+ magnum_cluster_api_proxy: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
+ magnum_conductor: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
+ magnum_db_sync: registry.atmosphere.dev/library/magnum:2023.2@sha256:5cc8854c18d5590238f9bfa28b8a4c9a07e0b1c9e69e9a9874fe78fef58454ff
magnum_registry: quay.io/vexxhost/magnum-cluster-api-registry:latest@sha256:caba380e193264f047651728cbc7905e87d7eee846d8576778b5e7d824ec609d
manila_api: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c
manila_data: ghcr.io/vexxhost/atmosphere/manila:2023.2@sha256:c14e65aca5d474fede5be312ce8bdb2d8bedb9841ac138f53bad5882f3f0f31c