1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
#!/bin/sh
set -e
if ! [ -r /etc/openstack-debian-images-updater/openstack-debian-images-updater.conf ] ; then
echo "Cannot read configuration in etc/openstack-debian-images-updater/openstack-debian-images-updater.conf"
exit 1
fi
. /etc/openstack-debian-images-updater/openstack-debian-images-updater.conf
for CREDENTIAL_FILE in $(echo ${CREDENTIAL_LIST} | tr ',' ' ') ; do
unset IMAGE_TYPE
unset RELEASES
unset OCTAVIA_IMAGE
unset MANILA_IMAGE
unset HASHICORP_VAULT_LOGIN_URL
unset HASHICORP_VAULT_ROLE_ID
unset HASHICORP_VAULT_SECRET_ID
unset HASHICORP_VAULT_TOKEN
unset HASHICORP_VAULT_SECRET_URL
unset HASHICORP_VAULT_JSON_PATH_OS_AUTH_URL
unset HASHICORP_VAULT_JSON_PATH_OS_PASSWORD
unset HASHICORP_VAULT_JSON_PATH_OS_USERNAME
. /etc/openstack-debian-images-updater/${CREDENTIAL_FILE}
if [ -n "${HASHICORP_VAULT_LOGIN_URL}" ] ; then
if [ -n "${HASHICORP_VAULT_ROLE_ID}" ] && [ "${HASHICORP_VAULT_SECRET_ID}" ] ; then
HASHICORP_VAULT_TOKEN=$(curl -s --request POST --data '{"role_id":"'${HASHICORP_VAULT_ROLE_ID}'","secret_id":"'${HASHICORP_VAULT_SECRET_ID}'"}' ${HASHICORP_VAULT_LOGIN_URL} | jq '.["auth"]["client_token"]' -r)
fi
if [ -n "${HASHICORP_VAULT_TOKEN}" ] ; then
if [ -n "${HASHICORP_VAULT_JSON_PATH_OS_AUTH_URL}" ] ; then
export OS_AUTH_URL=$(curl -s -sS -H "X-Vault-Token: ${HASHICORP_VAULT_TOKEN}" ${HASHICORP_VAULT_SECRET_URL} -H "accept: */*" | jq -r ${HASHICORP_VAULT_JSON_PATH_OS_AUTH_URL})
fi
if [ -n "${HASHICORP_VAULT_JSON_PATH_OS_PASSWORD}" ] ; then
export OS_PASSWORD=$(curl -s -sS -H "X-Vault-Token: ${HASHICORP_VAULT_TOKEN}" ${HASHICORP_VAULT_SECRET_URL} -H "accept: */*" | jq -r ${HASHICORP_VAULT_JSON_PATH_OS_PASSWORD})
fi
if [ -n "${HASHICORP_VAULT_JSON_PATH_OS_USERNAME}" ] ; then
export OS_USERNAME=$(curl -s -sS -H "X-Vault-Token: ${HASHICORP_VAULT_TOKEN}" ${HASHICORP_VAULT_SECRET_URL} -H "accept: */*" | jq -r ${HASHICORP_VAULT_JSON_PATH_OS_USERNAME})
fi
fi
fi
echo "=========> Checking if images at ${OS_AUTH_URL} need updates"
# Check for all releases
if [ -n ${RELEASES} ] ; then for RELEASE in $(echo ${RELEASES} | tr ',' ' ') ; do
echo "---> Checking for ${RELEASE} at ${OS_AUTH_URL}"
LATEST=$(curl -s ${BUILD_FARM_URL}/${RELEASE}/current/latest)
IMG_FILENAME=${LATEST}.${IMAGE_TYPE}
echo "-> Latest in build farm is ${IMG_FILENAME}"
IMAGE=$(openstack image list --property os_distro=debian --format value -c Name --name ${IMG_FILENAME})
if [ -z "${IMAGE}" ] ; then
echo "-> Needs update..."
rm -f ${IMG_FILENAME}
IMAGE_VERSION=$(curl -s ${BUILD_FARM_URL}/${RELEASE}/current/current_point_release)
if echo ${IMAGE_VERSION} | grep -q '~' ; then
echo "Not released Debian"
else
MINOR_VERSION=$(curl -s ${BUILD_FARM_URL}/${RELEASE}/current/current_minor_version)
IMAGE_VERSION="${IMAGE_VERSION}.${MINOR_VERSION}"
fi
wget ${BUILD_FARM_URL}/${RELEASE}/current/${IMG_FILENAME}
openstack image create \
--container-format bare \
--disk-format ${IMAGE_TYPE} \
--property hw_disk_bus=scsi \
--property hw_scsi_model=virtio-scsi \
--property os_type=linux \
--property os_distro=debian \
--property os_version=${IMAGE_VERSION} \
--file ${IMG_FILENAME} \
--public \
${IMG_FILENAME}
rm -f ${IMG_FILENAME}
else
echo "-> Image already present"
fi
done ; fi
# Check for the Octavia Amphora
if [ -n "${OCTAVIA_IMAGE}" ] ; then
echo "---> Checking for octavia image ${OCTAVIA_IMAGE} at ${OS_AUTH_URL}"
LATEST=$(curl -s ${BUILD_FARM_URL}/octavia/${OCTAVIA_IMAGE}/current/latest)
IMG_FILENAME=${LATEST}.${IMAGE_TYPE}
echo "-> Latest in build farm is ${IMG_FILENAME}"
IMAGE=$(openstack image list --tag amphora --format value -c Name)
if [ "${IMAGE}" != "${IMG_FILENAME}" ] ; then
echo "-> Octavia image needs update..."
wget ${BUILD_FARM_URL}/octavia/${OCTAVIA_IMAGE}/current/${IMG_FILENAME}
openstack image create \
--container-format bare \
--disk-format ${IMAGE_TYPE} \
--property hw_disk_bus=scsi \
--property hw_scsi_model=virtio-scsi \
--property os_type=linux \
--property os_distro=debian \
--property os_version=${IMAGE_VERSION} \
--tag amphora \
--file ${IMG_FILENAME} \
${IMG_FILENAME}
rm -f ${IMG_FILENAME}
if [ -n "${IMAGE}" ] ; then
openstack image unset --tag amphora ${IMAGE}
fi
else
echo "-> Octavia image up-to-date"
fi
fi
# Check for an update to the Manila image
if [ -n "${MANILA_IMAGE}" ] ; then
set -x
echo "---> Checking for Manila image ${MANILA_IMAGE} at ${OS_AUTH_URL}"
LATEST=$(curl -s ${BUILD_FARM_URL}/manila/${MANILA_IMAGE}/current/latest)
IMG_FILENAME=${LATEST}.${IMAGE_TYPE}
LATEST_SHA512SUM=$(curl -s ${BUILD_FARM_URL}/manila/${MANILA_IMAGE}/current/SHA512SUMS | grep ${IMG_FILENAME} | awk '{print $1}')
echo "-> Latest in build farm is ${IMG_FILENAME} with checksum ${LATEST_SHA512SUM}"
DEPLOYMENT_SHA512SUM=$(openstack image show manila-service-image --format json -c properties | jq -r '.["properties"]["os_hash_value"]' || true)
if [ "${DEPLOYMENT_SHA512SUM}" != "${LATEST_SHA512SUM}" ] ; then
wget ${BUILD_FARM_URL}/manila/${MANILA_IMAGE}/current/${IMG_FILENAME}
# Delete all of the images called "manila-service-image".
for IMAGE_ID_TO_DELETE in $(openstack image list --name manila-service-image --format value -c ID) ; do
echo "-> Deleting image $ID"
openstack image delete $IMAGE_ID_TO_DELETE || true
done
openstack image create \
--container-format bare \
--disk-format ${IMAGE_TYPE} \
--property hw_disk_bus=scsi \
--property hw_scsi_model=virtio-scsi \
--property os_type=linux \
--property os_distro=debian \
--property os_version=${IMAGE_VERSION} \
--file ${IMG_FILENAME} \
manila-service-image
rm -f ${IMG_FILENAME}
fi
fi
done
|
