From 0dd91e29a65c2c1d6325bdb786fbb73485e70638 Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Sat, 7 Apr 2018 19:11:22 -0400 Subject: [PATCH] Rename base origin images and remove unused content We drop openvswitch, rename node to origin-node, and remove system container support for anything except node. --- examples/atomic-registry/allinone/Dockerfile | 2 +- examples/atomic-registry/systemd/Dockerfile | 2 +- examples/gitserver/Dockerfile | 2 +- hack/build-local-images.py | 7 - hack/lib/constants.sh | 26 +- hack/push-release.sh | 14 + .../builder/docker/docker-builder/Dockerfile | 2 +- images/builder/docker/sti-builder/Dockerfile | 2 +- images/deployer/Dockerfile | 2 +- images/ipfailover/keepalived/Dockerfile | 2 +- images/node/Dockerfile | 16 +- images/node/Dockerfile.centos7 | 18 +- images/observe/Dockerfile | 15 - images/observe/OWNERS | 4 - images/openvswitch/.cccp.yml | 1 - images/openvswitch/Dockerfile | 25 -- images/openvswitch/OWNERS | 9 - images/openvswitch/scripts/ovs-run.sh | 15 - .../system-container/config.json.template | 321 ------------------ .../system-container/manifest.json | 7 - .../system-container/service.template | 19 -- .../system-container-wrapper.sh | 29 -- .../system-container/tmpfiles.template | 1 - images/origin/Dockerfile | 8 +- images/origin/Dockerfile.centos7 | 8 +- .../system-container/config.json.template | 290 ---------------- images/origin/system-container/manifest.json | 11 - .../origin/system-container/service.template | 18 - .../system-container-wrapper.sh | 4 - .../origin/system-container/tmpfiles.template | 2 - images/recycler/Dockerfile | 2 +- images/router/f5/Dockerfile | 2 +- images/router/haproxy/Dockerfile | 2 +- images/router/nginx/Dockerfile | 2 +- .../simple-authenticated-registry/Dockerfile | 2 - images/simple-authenticated-registry/OWNERS | 4 - .../simple-authenticated-registry/README.md | 9 - .../simple-authenticated-registry/config.yml | 14 - images/simple-authenticated-registry/htpasswd | 1 - 39 files changed, 43 insertions(+), 877 deletions(-) delete mode 100644 images/observe/Dockerfile delete mode 100644 images/observe/OWNERS delete mode 100644 images/openvswitch/.cccp.yml delete mode 100644 images/openvswitch/Dockerfile delete mode 100644 images/openvswitch/OWNERS delete mode 100755 images/openvswitch/scripts/ovs-run.sh delete mode 100644 images/openvswitch/system-container/config.json.template delete mode 100644 images/openvswitch/system-container/manifest.json delete mode 100644 images/openvswitch/system-container/service.template delete mode 100755 images/openvswitch/system-container/system-container-wrapper.sh delete mode 100644 images/openvswitch/system-container/tmpfiles.template delete mode 100644 images/origin/system-container/config.json.template delete mode 100644 images/origin/system-container/manifest.json delete mode 100644 images/origin/system-container/service.template delete mode 100755 images/origin/system-container/system-container-wrapper.sh delete mode 100644 images/origin/system-container/tmpfiles.template delete mode 100644 images/simple-authenticated-registry/Dockerfile delete mode 100644 images/simple-authenticated-registry/OWNERS delete mode 100644 images/simple-authenticated-registry/README.md delete mode 100644 images/simple-authenticated-registry/config.yml delete mode 100644 images/simple-authenticated-registry/htpasswd diff --git a/examples/atomic-registry/allinone/Dockerfile b/examples/atomic-registry/allinone/Dockerfile index 1fb031cc6b9a..64c4945356b9 100644 --- a/examples/atomic-registry/allinone/Dockerfile +++ b/examples/atomic-registry/allinone/Dockerfile @@ -1,4 +1,4 @@ -FROM openshift/origin +FROM openshift/origin-control-plane MAINTAINER Aaron Weitekamp ADD install.sh run.sh uninstall.sh /container/bin/ diff --git a/examples/atomic-registry/systemd/Dockerfile b/examples/atomic-registry/systemd/Dockerfile index 4cc2fc0d4f8f..6acc1c3cc84c 100644 --- a/examples/atomic-registry/systemd/Dockerfile +++ b/examples/atomic-registry/systemd/Dockerfile @@ -1,5 +1,5 @@ #FROM registry.access.redhat.com/openshift3/ose -FROM openshift/origin +FROM openshift/origin-control-plane LABEL name="projectatomic/atomic-registry-install" \ vendor="Project Atomic" \ diff --git a/examples/gitserver/Dockerfile b/examples/gitserver/Dockerfile index 3febf8ab8093..33a28edabe7e 100644 --- a/examples/gitserver/Dockerfile +++ b/examples/gitserver/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-gitserver # -FROM openshift/origin +FROM openshift/origin-control-plane COPY bin/gitserver /usr/bin/gitserver COPY hooks/ /var/lib/git-hooks/ diff --git a/hack/build-local-images.py b/hack/build-local-images.py index ede7caad3385..b358c0d8a75e 100755 --- a/hack/build-local-images.py +++ b/hack/build-local-images.py @@ -135,13 +135,6 @@ }, "files": {} }, - "openvswitch": { - "directory": "openvswitch", - "binaries": { - "openshift": "/usr/bin/openshift" - }, - "files": {} - }, "template-service-broker": { "directory": "template-service-broker", "binaries": { diff --git a/hack/lib/constants.sh b/hack/lib/constants.sh index 8de146e7474a..7a68505fcea4 100755 --- a/hack/lib/constants.sh +++ b/hack/lib/constants.sh @@ -37,7 +37,6 @@ readonly OS_IMAGE_COMPILE_TARGETS_LINUX=( ) readonly OS_SCRATCH_IMAGE_COMPILE_TARGETS_LINUX=( images/pod - examples/hello-openshift ) readonly OS_IMAGE_COMPILE_BINARIES=("${OS_SCRATCH_IMAGE_COMPILE_TARGETS_LINUX[@]##*/}" "${OS_IMAGE_COMPILE_TARGETS_LINUX[@]##*/}") @@ -309,9 +308,10 @@ readonly -f os::build::clean_windows_versioninfo # OS_ALL_IMAGES is the list of images built by os::build::images. readonly OS_ALL_IMAGES=( - origin - origin-base origin-pod + origin-base + origin-control-plane + origin-node origin-deployer origin-docker-builder origin-keepalived-ipfailover @@ -323,9 +323,6 @@ readonly OS_ALL_IMAGES=( origin-egress-dns-proxy origin-recycler origin-template-service-broker - hello-openshift - openvswitch - node ) # os::build::images builds all images in this repo. @@ -341,9 +338,6 @@ function os::build::images() { fi } - # Link or copy image binaries to the appropriate locations. - ln_or_cp "${OS_OUTPUT_BINPATH}/linux/amd64/hello-openshift" examples/hello-openshift/bin - # determine the correct tag prefix tag_prefix="${OS_IMAGE_PREFIX:-"openshift/origin"}" @@ -352,14 +346,14 @@ function os::build::images() { ( os::build::image "${tag_prefix}-template-service-broker" images/template-service-broker ) & # images that depend on "${tag_prefix}-base" - ( os::build::image "${tag_prefix}" images/origin ) & + ( os::build::image "${tag_prefix}-control-plane" images/origin ) & ( os::build::image "${tag_prefix}-egress-router" images/egress/router ) & ( os::build::image "${tag_prefix}-egress-http-proxy" images/egress/http-proxy ) & ( os::build::image "${tag_prefix}-egress-dns-proxy" images/egress/dns-proxy ) & for i in `jobs -p`; do wait $i; done - # images that depend on "${tag_prefix} + # images that depend on "${tag_prefix}-control-plane ( os::build::image "${tag_prefix}-haproxy-router" images/router/haproxy ) & ( os::build::image "${tag_prefix}-keepalived-ipfailover" images/ipfailover/keepalived ) & ( os::build::image "${tag_prefix}-deployer" images/deployer ) & @@ -367,16 +361,10 @@ function os::build::images() { ( os::build::image "${tag_prefix}-docker-builder" images/builder/docker/docker-builder ) & ( os::build::image "${tag_prefix}-sti-builder" images/builder/docker/sti-builder ) & ( os::build::image "${tag_prefix}-f5-router" images/router/f5 ) & - ( os::build::image "openshift/node" images/node ) & + ( os::build::image "${tag_prefix}-node" images/node ) & for i in `jobs -p`; do wait $i; done - # images that depend on "openshift/node" - ( os::build::image "openshift/openvswitch" images/openvswitch ) & - - # extra images (not part of infrastructure) - ( os::build::image "openshift/hello-openshift" examples/hello-openshift ) & - - for i in `jobs -p`; do wait $i; done + docker tag "${tag_prefix}-control-plane" "${tag_prefix}" } readonly -f os::build::images diff --git a/hack/push-release.sh b/hack/push-release.sh index 2a492fb2272f..f86f9f92cf48 100755 --- a/hack/push-release.sh +++ b/hack/push-release.sh @@ -70,6 +70,11 @@ if [[ "${OS_PUSH_BASE_REGISTRY-}" != "" || "${tag}" != "" ]]; then docker tag "openshift/${image}:${source_tag}" "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}${image}${tag}" done done + # TODO: remove in 3.11 + for tag in "${tags[@]}"; do + docker tag "openshift/origin-control-plane:${source_tag}" "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}origin${tag}" + docker tag "openshift/origin-node:${source_tag}" "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}node${tag}" + done fi for image in "${images[@]}"; do @@ -78,5 +83,14 @@ for image in "${images[@]}"; do docker push ${PUSH_OPTS} "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}${image}${tag}" done done +# TODO: remove in 3.11 +for tag in "${tags[@]}"; do + os::log::info "Pushing ${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}origin${tag}..." + docker push ${PUSH_OPTS} "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}origin${tag}" +done +for tag in "${tags[@]}"; do + os::log::info "Pushing ${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}node${tag}..." + docker push ${PUSH_OPTS} "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}node${tag}" +done ret=$?; ENDTIME=$(date +%s); echo "$0 took $(($ENDTIME - $STARTTIME)) seconds"; exit "$ret" diff --git a/images/builder/docker/docker-builder/Dockerfile b/images/builder/docker/docker-builder/Dockerfile index eeaad7a1e5da..de2341849320 100644 --- a/images/builder/docker/docker-builder/Dockerfile +++ b/images/builder/docker/docker-builder/Dockerfile @@ -10,7 +10,7 @@ # # The standard name for this image is openshift/origin-docker-builder # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin Docker Builder" \ io.k8s.description="This is a component of OpenShift Origin and is responsible for executing Docker image builds." \ diff --git a/images/builder/docker/sti-builder/Dockerfile b/images/builder/docker/sti-builder/Dockerfile index b235eaf2e3b7..beb149c1fc31 100644 --- a/images/builder/docker/sti-builder/Dockerfile +++ b/images/builder/docker/sti-builder/Dockerfile @@ -10,7 +10,7 @@ # # The standard name for this image is openshift/origin-sti-builder # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin S2I Builder" \ io.k8s.description="This is a component of OpenShift Origin and is responsible for executing source-to-image (s2i) image builds." \ diff --git a/images/deployer/Dockerfile b/images/deployer/Dockerfile index 1217f083ffd8..dd17ed36c63e 100644 --- a/images/deployer/Dockerfile +++ b/images/deployer/Dockerfile @@ -10,7 +10,7 @@ # # The standard name for this image is openshift/origin-deployer # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin Deployer" \ io.k8s.description="This is a component of OpenShift Origin and executes the user deployment process to roll out new containers. It may be used as a base image for building your own custom deployer image." \ diff --git a/images/ipfailover/keepalived/Dockerfile b/images/ipfailover/keepalived/Dockerfile index 46e447420956..c6ddb55ea698 100644 --- a/images/ipfailover/keepalived/Dockerfile +++ b/images/ipfailover/keepalived/Dockerfile @@ -3,7 +3,7 @@ # # ImageName: openshift/origin-keepalived-ipfailover # -FROM openshift/origin +FROM openshift/origin-control-plane RUN INSTALL_PKGS="kmod keepalived iproute psmisc nmap-ncat net-tools" && \ yum install -y $INSTALL_PKGS && \ diff --git a/images/node/Dockerfile b/images/node/Dockerfile index 1493e1268839..df26538247be 100644 --- a/images/node/Dockerfile +++ b/images/node/Dockerfile @@ -1,36 +1,30 @@ # -# This is an OpenShift Origin node image with integrated OpenvSwitch SDN -# If you do not require OVS SDN use the openshift/origin image instead. +# This is an OpenShift Origin node image with integrated OpenvSwitch SDN. # # This image expects to have a volume mounted at /etc/origin/node that contains # a KUBECONFIG file giving the node permission to talk to the master and a # node configuration file. # -# The standard name for this image is openshift/node +# The standard name for this image is openshift/origin-node # -FROM openshift/origin +FROM openshift/origin-control-plane COPY scripts/* /usr/local/bin/ COPY system-container/system-container-wrapper.sh /usr/local/bin/ COPY system-container/manifest.json system-container/config.json.template system-container/service.template system-container/tmpfiles.template /exports/ -RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools openvswitch \ +RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools \ libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \ binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \ iscsi-initiator-utils bind-utils" && \ yum --enablerepo=origin-local-release install -y $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum clean all && \ - mkdir -p /usr/lib/systemd/system/origin-node.service.d /usr/lib/systemd/system/docker.service.d - -# Copy the cni plugins to the host file system when they are present, so that they can be shared with cri-o -RUN if test -e /opt/cni/bin; then mkdir -p /exports/hostfs/opt/cni/bin/ && cp -r /opt/cni/bin/* /exports/hostfs/opt/cni/bin/; fi + yum clean all LABEL io.k8s.display-name="OpenShift Origin Node" \ io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN." \ io.openshift.tags="openshift,node" -VOLUME /etc/origin/node ENV KUBECONFIG=/etc/origin/node/node.kubeconfig ENTRYPOINT [ "/usr/local/bin/origin-node-run.sh" ] diff --git a/images/node/Dockerfile.centos7 b/images/node/Dockerfile.centos7 index 1493e1268839..5f21df6573e6 100644 --- a/images/node/Dockerfile.centos7 +++ b/images/node/Dockerfile.centos7 @@ -1,36 +1,26 @@ # # This is an OpenShift Origin node image with integrated OpenvSwitch SDN -# If you do not require OVS SDN use the openshift/origin image instead. # -# This image expects to have a volume mounted at /etc/origin/node that contains -# a KUBECONFIG file giving the node permission to talk to the master and a -# node configuration file. +# The standard name for this image is openshift/origin-node # -# The standard name for this image is openshift/node -# -FROM openshift/origin +FROM openshift/origin-control-plane COPY scripts/* /usr/local/bin/ COPY system-container/system-container-wrapper.sh /usr/local/bin/ COPY system-container/manifest.json system-container/config.json.template system-container/service.template system-container/tmpfiles.template /exports/ -RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools openvswitch \ +RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools \ libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \ binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \ iscsi-initiator-utils bind-utils" && \ yum --enablerepo=origin-local-release install -y $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum clean all && \ - mkdir -p /usr/lib/systemd/system/origin-node.service.d /usr/lib/systemd/system/docker.service.d - -# Copy the cni plugins to the host file system when they are present, so that they can be shared with cri-o -RUN if test -e /opt/cni/bin; then mkdir -p /exports/hostfs/opt/cni/bin/ && cp -r /opt/cni/bin/* /exports/hostfs/opt/cni/bin/; fi + yum clean all LABEL io.k8s.display-name="OpenShift Origin Node" \ io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN." \ io.openshift.tags="openshift,node" -VOLUME /etc/origin/node ENV KUBECONFIG=/etc/origin/node/node.kubeconfig ENTRYPOINT [ "/usr/local/bin/origin-node-run.sh" ] diff --git a/images/observe/Dockerfile b/images/observe/Dockerfile deleted file mode 100644 index 94d64389e26d..000000000000 --- a/images/observe/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -# -# This is the observer image for OpenShift Origin that makes it easy to script a reaction -# to changes on the cluster. It uses the `oc observe` command and expects to be run inside -# of a Kubernetes pod or have security information set via KUBECONFIG and a bind mounted -# kubeconfig file. -# -# The standard name for this image is openshift/observe -# -FROM openshift/origin - -LABEL io.k8s.display-name="OpenShift Observer" \ - io.k8s.description="This image runs the oc observe command to watch and react to changes on your cluster." -# The observer doesn't require a root user. -USER 1001 -ENTRYPOINT ["/usr/bin/oc", "observe"] diff --git a/images/observe/OWNERS b/images/observe/OWNERS deleted file mode 100644 index b0633cb94c86..000000000000 --- a/images/observe/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - smarterclayton -approvers: - - smarterclayton diff --git a/images/openvswitch/.cccp.yml b/images/openvswitch/.cccp.yml deleted file mode 100644 index 51427641bc92..000000000000 --- a/images/openvswitch/.cccp.yml +++ /dev/null @@ -1 +0,0 @@ -job-id: openvswitch diff --git a/images/openvswitch/Dockerfile b/images/openvswitch/Dockerfile deleted file mode 100644 index 8d37732700cc..000000000000 --- a/images/openvswitch/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# -# This is an openvswitch image meant to enable OpenShift OVS based SDN -# -# The standard name for this image is openshift/openvswitch -# -FROM openshift/node - -COPY scripts/* /usr/local/bin/ -RUN INSTALL_PKGS="openvswitch" && \ - yum install -y ${INSTALL_PKGS} && \ - rpm -V ${INSTALL_PKGS} && \ - yum clean all - -LABEL io.openshift.tags="openshift,openvswitch" \ - io.k8s.display-name="OpenShift Origin OpenVSwitch Daemon" \ - io.k8s.description="This is a component of OpenShift Origin and runs an OpenVSwitch daemon process." - -VOLUME /etc/openswitch -ENV HOME /root - -# files required to run as a system container -COPY system-container/system-container-wrapper.sh /usr/local/bin/ -COPY system-container/config.json.template system-container/service.template system-container/tmpfiles.template system-container/manifest.json /exports/ - -ENTRYPOINT ["/usr/local/bin/ovs-run.sh"] diff --git a/images/openvswitch/OWNERS b/images/openvswitch/OWNERS deleted file mode 100644 index 1a4f09298bcb..000000000000 --- a/images/openvswitch/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -reviewers: - - giuseppe - - sdodson - - smarterclayton - - stevekuznetsov -approvers: - - sdodson - - smarterclayton - - stevekuznetsov diff --git a/images/openvswitch/scripts/ovs-run.sh b/images/openvswitch/scripts/ovs-run.sh deleted file mode 100755 index a1a422b600eb..000000000000 --- a/images/openvswitch/scripts/ovs-run.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -eu - -function quit { - /usr/share/openvswitch/scripts/ovs-ctl stop - exit 0 -} - -trap quit SIGTERM - -/usr/share/openvswitch/scripts/ovs-ctl start --system-id=random - -while true; do sleep 5; done - diff --git a/images/openvswitch/system-container/config.json.template b/images/openvswitch/system-container/config.json.template deleted file mode 100644 index c29477dd8335..000000000000 --- a/images/openvswitch/system-container/config.json.template +++ /dev/null @@ -1,321 +0,0 @@ -{ - "ociVersion": "1.0.0", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": false, - "user": {}, - "args": [ - "/usr/local/bin/system-container-wrapper.sh" - ], - "env": [ - "container=docker", - "PKGM=yum", - "NAME=$NAME", - "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin", - "TERM=xterm" - ], - "cwd": "/", - "capabilities": { - "bounding" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "permitted" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "inheritable" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "effective" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "ambient" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ] - }, - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "noNewPrivileges": true - }, - "root": { - "path": "rootfs", - "readonly": true - }, - "mounts": [ - { - "destination": "/tmp", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "destination": "/proc", - "type": "proc", - "source": "proc" - }, - { - "type": "bind", - "source": "/run", - "destination": "/run", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/lib/modules", - "destination": "/lib/modules", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "$ORIGIN_CONFIG_DIR/openvswitch", - "destination": "/etc/openvswitch", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/etc/resolv.conf", - "destination": "/etc/resolv.conf", - "options": [ - "bind", - "ro" - ] - }, - { - "type": "bind", - "source": "/dev", - "destination": "/dev", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/sys", - "destination": "/sys", - "options": [ - "rbind", - "ro" - ] - } - ], - "hooks": {}, - "linux": { - "resources": { - "devices": [ - { - "allow": true, - "access": "rwm" - } - ] - }, - "namespaces": [ - { - "type": "mount" - } - ], - "maskedPaths": [ - "/proc/kcore", - "/proc/latency_stats", - "/proc/timer_stats", - "/proc/sched_debug" - ], - "readonlyPaths": [ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sysrq-trigger" - ] - } -} diff --git a/images/openvswitch/system-container/manifest.json b/images/openvswitch/system-container/manifest.json deleted file mode 100644 index c369586c5a83..000000000000 --- a/images/openvswitch/system-container/manifest.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "version": "1.0", - "defaultValues": { - "ORIGIN_CONFIG_DIR": "/etc/origin", - "DOCKER_SERVICE": "docker.service" - } -} diff --git a/images/openvswitch/system-container/service.template b/images/openvswitch/system-container/service.template deleted file mode 100644 index bd2439c5ede7..000000000000 --- a/images/openvswitch/system-container/service.template +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -After=${DOCKER_SERVICE} -Requires=${DOCKER_SERVICE} -PartOf=${DOCKER_SERVICE} - -[Service] -EnvironmentFile=/etc/sysconfig/$NAME -ExecStartPre=/bin/bash -c 'export -p > /run/$NAME-env' -ExecStart=$EXEC_START -ExecStop=$EXEC_STOP -SyslogIdentifier=$NAME -Restart=always -Type=notify -NotifyAccess=all -WorkingDirectory=$DESTDIR -RuntimeDirectory=${NAME} - -[Install] -WantedBy=${DOCKER_SERVICE}.service diff --git a/images/openvswitch/system-container/system-container-wrapper.sh b/images/openvswitch/system-container/system-container-wrapper.sh deleted file mode 100755 index 6266dd720c1e..000000000000 --- a/images/openvswitch/system-container/system-container-wrapper.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -source /run/$NAME-env - -MAINPID=`sed -n -e "/^PPid/ s|PPid:\t||p" /proc/$$/status` - -# openvswitch 2.4 has no systemd-notify support, so add it here. -# Workaround for a bug in systemd-notify 219. Whenever used with --pid, systemd-notify 219 -# sends an incorrect packet to $NOTIFY_SOCKET and the process hangs. -# Newer versions of systemd-notify don't have this issue, and also this change in runc, -# even if addressing another issue: https://github.com/opencontainers/runc/pull/1308 -# will ensure once it gets in a release that the notify events are properly propagated. -if test -n ${NOTIFY_SOCKET-}; then - /usr/share/openvswitch/scripts/ovs-ctl status - while /usr/share/openvswitch/scripts/ovs-ctl status | grep -q "not running"; do - sleep 1 - done - ps aux | grep $MAINPID - python - << EOF -import socket -import os -s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) -e = os.getenv('NOTIFY_SOCKET') -s.connect(e) -s.sendall('MAINPID=%i\nREADY=1\n' % $MAINPID) -s.close() -EOF -fi & - -exec /usr/local/bin/ovs-run.sh diff --git a/images/openvswitch/system-container/tmpfiles.template b/images/openvswitch/system-container/tmpfiles.template deleted file mode 100644 index 426dcc6b590a..000000000000 --- a/images/openvswitch/system-container/tmpfiles.template +++ /dev/null @@ -1 +0,0 @@ -d /etc/origin/openvswitch - - - - - diff --git a/images/origin/Dockerfile b/images/origin/Dockerfile index 264a963577b8..8070bf2a7d62 100644 --- a/images/origin/Dockerfile +++ b/images/origin/Dockerfile @@ -2,16 +2,10 @@ # This is the official OpenShift Origin image. It has as its entrypoint the OpenShift # all-in-one binary. # -# While this image can be used for a simple node it does not support OVS based -# SDN or storage plugins required for EBS, GCE, Gluster, Ceph, or iSCSI volume -# management. For those features please use 'openshift/node' -# -# The standard name for this image is openshift/origin +# The standard name for this image is openshift/origin-control-plane # FROM openshift/origin-base -COPY system-container/system-container-wrapper.sh /usr/local/bin/ -COPY system-container/config.json.template system-container/manifest.json system-container/service.template system-container/tmpfiles.template /exports/ RUN INSTALL_PKGS="origin" && \ yum --enablerepo=origin-local-release install -y ${INSTALL_PKGS} && \ rpm -V ${INSTALL_PKGS} && \ diff --git a/images/origin/Dockerfile.centos7 b/images/origin/Dockerfile.centos7 index 264a963577b8..8070bf2a7d62 100644 --- a/images/origin/Dockerfile.centos7 +++ b/images/origin/Dockerfile.centos7 @@ -2,16 +2,10 @@ # This is the official OpenShift Origin image. It has as its entrypoint the OpenShift # all-in-one binary. # -# While this image can be used for a simple node it does not support OVS based -# SDN or storage plugins required for EBS, GCE, Gluster, Ceph, or iSCSI volume -# management. For those features please use 'openshift/node' -# -# The standard name for this image is openshift/origin +# The standard name for this image is openshift/origin-control-plane # FROM openshift/origin-base -COPY system-container/system-container-wrapper.sh /usr/local/bin/ -COPY system-container/config.json.template system-container/manifest.json system-container/service.template system-container/tmpfiles.template /exports/ RUN INSTALL_PKGS="origin" && \ yum --enablerepo=origin-local-release install -y ${INSTALL_PKGS} && \ rpm -V ${INSTALL_PKGS} && \ diff --git a/images/origin/system-container/config.json.template b/images/origin/system-container/config.json.template deleted file mode 100644 index 88074456b125..000000000000 --- a/images/origin/system-container/config.json.template +++ /dev/null @@ -1,290 +0,0 @@ -{ - "ociVersion": "1.0.0", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": false, - "user": {}, - "args": [ - "/usr/local/bin/system-container-wrapper.sh" - ], - "env": [ - "container=docker", - "PKGM=yum", - "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin", - "HOME=/root", - "NAME=$NAME", - "COMMAND=$COMMAND", - "OPENSHIFT_CONTAINERIZED=true", - "KUBECONFIG=/var/lib/origin/openshift.local.config/master/admin.kubeconfig", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm" - ], - "cwd": "/var/lib/origin", - "capabilities": { - "bounding" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "permitted" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "inheritable" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "effective" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "ambient" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ] - }, - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "noNewPrivileges": true - }, - "root": { - "path": "rootfs", - "readonly": true - }, - "mounts": [ - { - "destination": "/proc", - "type": "proc", - "source": "proc" - }, - { - "destination": "/dev", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "destination": "/dev/pts", - "type": "devpts", - "source": "devpts", - "options": [ - "nosuid", - "noexec", - "newinstance", - "ptmxmode=0666", - "mode=0620", - "gid=5" - ] - }, - { - "destination": "/dev/shm", - "type": "tmpfs", - "source": "shm", - "options": [ - "nosuid", - "noexec", - "nodev", - "mode=1777", - "size=65536k" - ] - }, - { - "destination": "/dev/mqueue", - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - { - "destination": "/sys", - "type": "sysfs", - "source": "sysfs", - "options": [ - "nosuid", - "noexec", - "nodev", - "ro" - ] - }, - { - "destination": "/sys/fs/cgroup", - "type": "cgroup", - "source": "cgroup", - "options": [ - "nosuid", - "noexec", - "nodev", - "relatime", - "ro" - ] - }, - { - "type": "bind", - "source": "/etc/resolv.conf", - "destination": "/etc/resolv.conf", - "options": [ - "rbind", - "ro" - ] - }, - { - "type": "bind", - "source": "$ORIGIN_CONFIG_DIR", - "destination": "/etc/origin", - "options": [ - "bind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/etc/pki", - "destination": "/etc/pki", - "options": [ - "bind", - "ro" - ] - }, - { - "type": "bind", - "source": "$ORIGIN_DATA_DIR", - "destination": "/var/lib/origin", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "destination": "/tmp", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "type": "bind", - "source": "/var/log", - "destination": "/var/log", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/var/run", - "destination": "/var/run", - "options": [ - "rbind", - "rw", - "mode=755" - ] - } - ], - "hooks": {}, - "linux": { - "resources": { - "devices": [ - { - "allow": false, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 5, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 3, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 9, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 8, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 5, - "minor": 0, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 5, - "minor": 1, - "access": "rwm" - }, - { - "allow": false, - "type": "c", - "major": 10, - "minor": 229, - "access": "rwm" - } - ] - }, - "namespaces": [ - { - "type": "mount" - } - ], - "maskedPaths": [ - "/proc/kcore", - "/proc/latency_stats", - "/proc/timer_stats", - "/proc/sched_debug" - ], - "readonlyPaths": [ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger" - ] - } -} diff --git a/images/origin/system-container/manifest.json b/images/origin/system-container/manifest.json deleted file mode 100644 index 7b87e0c0913f..000000000000 --- a/images/origin/system-container/manifest.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "version": "1.0", - "defaultValues": { - "COMMAND": "", - "ORIGIN_CONFIG_DIR": "/etc/origin", - "ORIGIN_DATA_DIR": "/var/lib/origin", - "ETCD_SERVICE": "etcd.service", - "NODE_SERVICE": "atomic-openshift-node.service", - "DOCKER_SERVICE": "docker.service" - } -} diff --git a/images/origin/system-container/service.template b/images/origin/system-container/service.template deleted file mode 100644 index f2d5271d0728..000000000000 --- a/images/origin/system-container/service.template +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -After=network-online.target -After=${ETCD_SERVICE} -Before=${NODE_SERVICE} - -[Service] -EnvironmentFile=-/etc/sysconfig/$NAME -ExecStartPre=/bin/bash -c 'export -p > /run/$NAME-env' -ExecStart=$EXEC_START -ExecStop=$EXEC_STOP -SyslogIdentifier=$NAME -Restart=always -RestartSec=5s -WorkingDirectory=$DESTDIR -RuntimeDirectory=${NAME} - -[Install] -WantedBy=${DOCKER_SERVICE} diff --git a/images/origin/system-container/system-container-wrapper.sh b/images/origin/system-container/system-container-wrapper.sh deleted file mode 100755 index 0e1d2ee6ccb7..000000000000 --- a/images/origin/system-container/system-container-wrapper.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -source /run/$NAME-env - -exec /usr/bin/openshift start master $COMMAND --config=${CONFIG_FILE} $OPTIONS diff --git a/images/origin/system-container/tmpfiles.template b/images/origin/system-container/tmpfiles.template deleted file mode 100644 index 7e4c301b0ae5..000000000000 --- a/images/origin/system-container/tmpfiles.template +++ /dev/null @@ -1,2 +0,0 @@ -d $ORIGIN_CONFIG_DIR - - - - - -d $ORIGIN_DATA_DIR - - - - - diff --git a/images/recycler/Dockerfile b/images/recycler/Dockerfile index f05098fe2250..b6dde511d21c 100644 --- a/images/recycler/Dockerfile +++ b/images/recycler/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-recycler # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin Volume Recycler" \ io.k8s.description="This is a component of OpenShift Origin and is used to prepare persistent volumes for reuse after they are deleted." \ diff --git a/images/router/f5/Dockerfile b/images/router/f5/Dockerfile index 0d402bf76971..c6fedc756d82 100644 --- a/images/router/f5/Dockerfile +++ b/images/router/f5/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-f5-router # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin F5 Router" \ io.k8s.description="This is a component of OpenShift Origin and programs a BigIP F5 router to expose services within the cluster." \ diff --git a/images/router/haproxy/Dockerfile b/images/router/haproxy/Dockerfile index f4cf037e1bc7..e56ac0a75ea1 100644 --- a/images/router/haproxy/Dockerfile +++ b/images/router/haproxy/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-haproxy-router # -FROM openshift/origin +FROM openshift/origin-control-plane RUN INSTALL_PKGS="haproxy18" && \ yum install -y $INSTALL_PKGS && \ diff --git a/images/router/nginx/Dockerfile b/images/router/nginx/Dockerfile index 5aebfb560ce5..8f27f0ba5756 100644 --- a/images/router/nginx/Dockerfile +++ b/images/router/nginx/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-nginx-router # -FROM openshift/origin +FROM openshift/origin-control-plane RUN INSTALL_PKGS="nginx" && \ yum install -y "epel-release" && \ diff --git a/images/simple-authenticated-registry/Dockerfile b/images/simple-authenticated-registry/Dockerfile deleted file mode 100644 index a581444d60f4..000000000000 --- a/images/simple-authenticated-registry/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM registry:2 -COPY config.yml htpasswd /etc/docker/registry/ diff --git a/images/simple-authenticated-registry/OWNERS b/images/simple-authenticated-registry/OWNERS deleted file mode 100644 index b0633cb94c86..000000000000 --- a/images/simple-authenticated-registry/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - smarterclayton -approvers: - - smarterclayton diff --git a/images/simple-authenticated-registry/README.md b/images/simple-authenticated-registry/README.md deleted file mode 100644 index 37b21f5ac394..000000000000 --- a/images/simple-authenticated-registry/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Simple authenticated registry image - -This directory will build a Docker registry image that is configured for -BASIC authentication with user `user` and password `password` on port -5000. Intended for testing authenticated registry support. - -Build with - - docker build . diff --git a/images/simple-authenticated-registry/config.yml b/images/simple-authenticated-registry/config.yml deleted file mode 100644 index 39a7b288cbc3..000000000000 --- a/images/simple-authenticated-registry/config.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: 0.1 -log: - level: debug -http: - addr: :5000 -storage: - cache: - layerinfo: inmemory - filesystem: - rootdirectory: /var/lib/registry -auth: - htpasswd: - realm: test - path: /etc/docker/registry/htpasswd diff --git a/images/simple-authenticated-registry/htpasswd b/images/simple-authenticated-registry/htpasswd deleted file mode 100644 index 816cb35409a6..000000000000 --- a/images/simple-authenticated-registry/htpasswd +++ /dev/null @@ -1 +0,0 @@ -user:$2y$05$O0dGHfbGPK.8x5IWCYown.W1.8mOa5XrJUYZstk6fGOvYicbQbgCu