From b3f5062f5030dfd38dece2e94a43d22f1ba4dae3 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 30 Jun 2023 10:56:52 -0400 Subject: [PATCH 01/45] images: update fedora base images to fedora 38 Update the base images that use fedora to fedora 38. Fedora 38 has already been out some months already. Now is the perfect time to update them. Signed-off-by: John Mulligan --- images/ad-server/Containerfile.fedora | 2 +- images/client/Containerfile.fedora | 2 +- images/server/Containerfile.fedora | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/ad-server/Containerfile.fedora b/images/ad-server/Containerfile.fedora index 7e1016f8..9642a50a 100644 --- a/images/ad-server/Containerfile.fedora +++ b/images/ad-server/Containerfile.fedora @@ -1,4 +1,4 @@ -FROM registry.fedoraproject.org/fedora:37 +FROM registry.fedoraproject.org/fedora:38 ARG INSTALL_PACKAGES_FROM=default ARG SAMBA_VERSION_SUFFIX="" ARG SAMBACC_VERSION_SUFFIX="" diff --git a/images/client/Containerfile.fedora b/images/client/Containerfile.fedora index d04e0818..186efb1b 100644 --- a/images/client/Containerfile.fedora +++ b/images/client/Containerfile.fedora @@ -1,6 +1,6 @@ # Copyright 2020 Michael Adam -FROM registry.fedoraproject.org/fedora:37 +FROM registry.fedoraproject.org/fedora:38 MAINTAINER Michael Adam diff --git a/images/server/Containerfile.fedora b/images/server/Containerfile.fedora index 3676d67d..071a7bd0 100644 --- a/images/server/Containerfile.fedora +++ b/images/server/Containerfile.fedora @@ -1,4 +1,4 @@ -FROM registry.fedoraproject.org/fedora:37 +FROM registry.fedoraproject.org/fedora:38 ARG INSTALL_PACKAGES_FROM=default ARG SAMBA_VERSION_SUFFIX="" ARG SAMBACC_VERSION_SUFFIX="" From 1ef4ab1a50f62e8fb1fe8818798889cd756af934 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Jul 2023 17:59:46 +0200 Subject: [PATCH 02/45] tests: prepare fixing test-server CI workflows the TAG variables handling was messed up between the workflow file and the test script(s), causing the test-server CI checks to fail. This change prepares fixing the test runs from the worflow file by stopping the server image test script from wrongly rewriting the LOCAL_TAG variable Signed-off-by: Michael Adam --- tests/test-samba-container.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test-samba-container.sh b/tests/test-samba-container.sh index 0b9ac931..97a9d555 100755 --- a/tests/test-samba-container.sh +++ b/tests/test-samba-container.sh @@ -1,6 +1,5 @@ #!/bin/bash -LOCAL_TAG="${LOCAL_TAG:-samba-server:latest}" if [ -z "${CONTAINER_CMD}" ]; then CONTAINER_CMD=$(command -v docker || echo "") From ba8fe32796f460e8f3a6a05fb200083f405bc38e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Jul 2023 19:23:21 +0200 Subject: [PATCH 03/45] tests: improve the server test script This change improves the server container test script by adding some informational output and streamlining the error handling a bit Additionallt, it fixes some bad indentation. Update tests/test-samba-container.sh Signed-off-by: Michael Adam Co-authored-by: Anoop C S --- tests/test-samba-container.sh | 68 ++++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 20 deletions(-) diff --git a/tests/test-samba-container.sh b/tests/test-samba-container.sh index 97a9d555..e97107e8 100755 --- a/tests/test-samba-container.sh +++ b/tests/test-samba-container.sh @@ -1,43 +1,71 @@ #!/bin/bash + +echo "determining container command." if [ -z "${CONTAINER_CMD}" ]; then - CONTAINER_CMD=$(command -v docker || echo "") + CONTAINER_CMD=$(command -v docker || echo ) fi if [ -z "${CONTAINER_CMD}" ]; then - CONTAINER_CMD=$(command -v podman || echo "") + CONTAINER_CMD=$(command -v podman || echo ) fi - +if [ -z "${CONTAINER_CMD}" ]; then +echo "Error determining container command." +exit 1 +fi +echo "container command: '${CONTAINER_CMD}'." +echo "creating temporary directory." TMPDIR="$(mktemp -d)" rc=$? if [ $rc -ne 0 ]; then - echo "Error creating temporary directory" -else - CONTAINER_ID="$(${CONTAINER_CMD} run --network=none --name samba \ - --volume="${TMPDIR}":/share:Z --rm -d "${LOCAL_TAG}")" + echo "Error creating temporary directory." + exit 1 +fi +echo "temporary directory: '${TMPDIR}'" +echo "starting Samba container." +CONTAINER_ID="$(${CONTAINER_CMD} run --network=none --name samba \ + --volume="${TMPDIR}":/share:Z --rm -d "${LOCAL_TAG}")" +rc=$? + +if [ $rc -ne 0 ]; then + echo "Error running samba container" + exit 1 +fi +echo "Container started, ID: '${CONTAINER_ID}'" + +# give samba a second to come up +sleep 1 + +echo "Listing samba shares" + ${CONTAINER_CMD} exec "${CONTAINER_ID}" smbclient -U% -L 127.0.0.1 rc=$? - if [ $rc -ne 0 ]; then - echo "Error running samba container" - else - echo "Container started, ID: '${CONTAINER_ID}'" +if [ ${rc} -ne 0 ]; then + echo "Error listing samba shares" + exit 1 +fi - # give samba a second to come up - sleep 1 - ${CONTAINER_CMD} exec "${CONTAINER_ID}" smbclient -U% -L 127.0.0.1 - rc=$? +echo "stopping samba container." - if [ $rc -ne 0 ]; then - echo "Error listing samba shares" - fi - fi +${CONTAINER_CMD} kill "${CONTAINER_ID}" +rc=$? - ${CONTAINER_CMD} kill "${CONTAINER_ID}" +if [ $rc -ne 0 ]; then + echo "Error stopping samba container" + exit 1 fi +echo "samba container stopped." + + + + +echo "removing temporary directory." rm -rf "${TMPDIR}" +rc=$? + if [ $rc -eq 0 ]; then echo "Success" From 0dab2a77bd508ac8b3607fe69e50e621e4953931 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 7 Jul 2023 14:13:39 -0400 Subject: [PATCH 04/45] tests: add debugging when certain errors occur Add a _testdbg function that takes resource names after an error message, for each resource print the YAML and describe info. Signed-off-by: John Mulligan --- tests/common.sh | 18 ++++++++++++++++++ tests/test-deploy-ad-member.sh | 3 ++- tests/test-deploy-ad-server.sh | 3 ++- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/tests/common.sh b/tests/common.sh index 386ecb2b..3b252018 100755 --- a/tests/common.sh +++ b/tests/common.sh @@ -15,3 +15,21 @@ _error() { echo "$@" exit 1 } + +_errordbg() { + local errmsg="$1" + shift + echo ERROR: "$errmsg" + for resource in "$@"; do + echo "---------" + dcmd=(kubectl get -o yaml "${resource}") + echo ">" "${dcmd[@]}" + ! "${dcmd[@]}" + echo "---------" + dcmd=(kubectl describe "${resource}") + echo ">" "${dcmd[@]}" + ! "${dcmd[@]}" + done + echo "---------" + _error "$errmsg" +} diff --git a/tests/test-deploy-ad-member.sh b/tests/test-deploy-ad-member.sh index d1f5239d..eccc9385 100755 --- a/tests/test-deploy-ad-member.sh +++ b/tests/test-deploy-ad-member.sh @@ -34,7 +34,8 @@ done echo kubectl get pod echo -echo "$podstatus" | grep -q 'Running' || _error "Pod did not reach Running state" +echo "$podstatus" | grep -q 'Running' || \ + _errordbg "Pod did not reach Running state" "pod/${podname}" echo "waiting for samba to become reachable" tries=0 diff --git a/tests/test-deploy-ad-server.sh b/tests/test-deploy-ad-server.sh index 221fa3ed..21cd147e 100755 --- a/tests/test-deploy-ad-server.sh +++ b/tests/test-deploy-ad-server.sh @@ -37,7 +37,8 @@ done echo kubectl get pod echo -echo "$podstatus" | grep -q 'Running' || _error "Pod did not reach Running state" +echo "$podstatus" | grep -q 'Running' || \ + _errordbg "Pod did not reach Running state" "deployment/${AD_DEPLOYMENT_NAME}" "pod/${podname}" echo "waiting for samba to become reachable" tries=0 From f51b35f70786c1809756cd373ac97830eb542e7d Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 7 Jul 2023 14:51:14 -0400 Subject: [PATCH 05/45] tests: always specify server image name in ad test When deploying a member server the yaml was inconsistently using both images built for the test run (PR) and images pushed to quay.io. First, make the yaml use one consistent variable name for all images, then force the shell script to explicitly set those vars. Signed-off-by: John Mulligan --- tests/files/samba-domain-member-pod.yml | 13 ++++++++----- tests/test-deploy-ad-member.sh | 4 +++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/files/samba-domain-member-pod.yml b/tests/files/samba-domain-member-pod.yml index edc31846..4e27a9dc 100644 --- a/tests/files/samba-domain-member-pod.yml +++ b/tests/files/samba-domain-member-pod.yml @@ -74,10 +74,10 @@ metadata: spec: shareProcessNamespace: true containers: - - image: samba-server:$IMG_TAG + - image: $IMG_NAME # Need imagePullPolicy Never for working with local images. # Otherwise we get "ErrImagePull". - imagePullPolicy: Never + imagePullPolicy: $IMG_PULL_POLICY name: smb command: - "samba-container" @@ -109,7 +109,8 @@ spec: name: samba-state-dir - mountPath: "/run/samba/winbindd" name: samba-sockets-dir - - image: quay.io/samba.org/samba-server:$IMG_TAG + - image: $IMG_NAME + imagePullPolicy: $IMG_PULL_POLICY name: winbind command: - "samba-container" @@ -134,7 +135,8 @@ spec: - mountPath: "/run/samba/winbindd" name: samba-sockets-dir initContainers: - - image: quay.io/samba.org/samba-server:$IMG_TAG + - image: $IMG_NAME + imagePullPolicy: $IMG_PULL_POLICY name: init args: - "init" @@ -154,7 +156,8 @@ spec: name: samba-container-config - mountPath: "/var/lib/samba" name: samba-state-dir - - image: quay.io/samba.org/samba-server:$IMG_TAG + - image: $IMG_NAME + imagePullPolicy: $IMG_PULL_POLICY name: must-join args: - "must-join" diff --git a/tests/test-deploy-ad-member.sh b/tests/test-deploy-ad-member.sh index eccc9385..6a9090c7 100755 --- a/tests/test-deploy-ad-member.sh +++ b/tests/test-deploy-ad-member.sh @@ -2,11 +2,13 @@ SCRIPT_DIR="$(cd "$(dirname "${0}")" && pwd)" IMG_TAG=${IMG_TAG:-"latest"} +IMG_NAME="${SERVER_IMG:-samba-server}:${IMG_TAG}" +IMG_PULL_POLICY="${IMG_PULL_POLICY:-Never}" source "${SCRIPT_DIR}/common.sh" echo "Creating ad member pod..." -ERROR_MSG=$(IMG_TAG=${IMG_TAG} envsubst < "${MEMBER_POD_YAML}" | kubectl create -f - 2>&1 1>/dev/null) +ERROR_MSG=$(IMG_NAME="${IMG_NAME}" IMG_PULL_POLICY="${IMG_PULL_POLICY}" envsubst < "${MEMBER_POD_YAML}" | kubectl create -f - 2>&1 1>/dev/null) if [ $? -ne 0 ] ; then if [[ "${ERROR_MSG}" =~ "AlreadyExists" ]] ; then echo "pod exists already. Continuing." From 91cd9cdfaee7c6e672de2d6d90f9bce1b5aa1ddf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 7 Jun 2023 12:22:20 +0200 Subject: [PATCH 06/45] github: convert workflows to matrix with OS and arch as dimensions this expands various existing jobs into multiple jobs by expanding matrix dimensions for the base operating system (os) ang build architecture (arch). It only covers the supported opersting systems Fedora and CentOS for a start but excludes CentOS for those images that are not supported yet, i. e. ad-server images. But it can also be considered a preparation for adding CentOS to the test matrix later when we will be adding ad-server Containerfiles for centos. Co-authored-by: John Mulligan Signed-off-by: Michael Adam Signed-off-by: John Mulligan Co-authored-by: Anoop C S Signed-off-by: Anoop C S --- .github/workflows/container-image.yml | 207 +++++++++++--------------- 1 file changed, 88 insertions(+), 119 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 5b5ba428..6a318baa 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -10,10 +10,8 @@ on: env: CONTAINER_CMD: docker - jobs: - - check: + checks: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -39,100 +37,67 @@ jobs: build-server: runs-on: ubuntu-latest + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] env: BUILDAH_FORMAT: oci steps: - uses: actions/checkout@v3 - name: Build the server image - run: make build-server - - name: Upload server image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "samba-server:latest" - retention_days: 1 - build-server-centos: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Build the CentOS based server image - run: make OS_NAME=centos build-server + run: make OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-server - name: Upload server image uses: ishworkh/docker-image-artifact-upload@v1 with: - image: "samba-server:centos-latest" + image: "samba-server:${{ matrix.os }}-latest" retention_days: 1 - test-server-centos: - needs: build-server-centos - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Download server image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "samba-server:centos-latest" - - name: Test the server image - run: LOCAL_TAG=samba-server:centos-latest tests/test-samba-container.sh - build-ad-server: + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] + exclude: + - os: centos runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci steps: - uses: actions/checkout@v3 - name: Build the ad server image - run: make build-ad-server + run: make OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-ad-server - name: Upload ad server image uses: ishworkh/docker-image-artifact-upload@v1 with: - image: "samba-ad-server:latest" - retention_days: 1 - build-client-centos: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Build the centos client image - run: make OS_NAME=centos build-client - # Here we upload samba-client image to artifacts locally for consumption - # during samba-toolbox build process. - - name: Upload client image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "quay.io/samba.org/samba-client:centos-latest" + image: "samba-ad-server:${{ matrix.os}}-latest" retention_days: 1 - build-toolbox-centos: - needs: build-client-centos - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - # Download locally stored samba-client image to be used as base for building - # samba-toolbox. - - name: Download client image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "quay.io/samba.org/samba-client:centos-latest" - - name: Build the toolbox image - run: make OS_NAME=centos build-toolbox - - build-client: - runs-on: ubuntu-latest + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] env: BUILDAH_FORMAT: oci + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Build the client image - run: make build-client + - name: build the client image + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-client # Here we upload samba-client image to artifacts locally for consumption - # during samba-toolbox build process. - - name: Upload client image + # during the samba-toolbox build process. + - name: Upload the client image uses: ishworkh/docker-image-artifact-upload@v1 with: - image: "quay.io/samba.org/samba-client:latest" + image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" retention_days: 1 build-toolbox: + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] needs: build-client runs-on: ubuntu-latest env: @@ -144,11 +109,15 @@ jobs: - name: Download client image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "quay.io/samba.org/samba-client:latest" + image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" - name: Build the toolbox image - run: make build-toolbox + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-toolbox test-server: + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] needs: build-server runs-on: ubuntu-latest steps: @@ -156,55 +125,55 @@ jobs: - name: Download server image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "samba-server:latest" + image: "samba-server:${{ matrix.os }}-latest" - name: Test the server image - run: tests/test-samba-container.sh + run: LOCAL_TAG="samba-server:${{ matrix.os}}-latest" tests/test-samba-container.sh # Reminder: the nightly-server images consume nightly samba rpm builds # it is not *just* an image that gets built nightly build-nightly-server: runs-on: ubuntu-latest + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] env: BUILDAH_FORMAT: oci steps: - uses: actions/checkout@v3 - name: Build the nightly server image - run: make build-nightly-server + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-server - name: Upload nightly server image uses: ishworkh/docker-image-artifact-upload@v1 with: - image: "samba-server:nightly" - retention_days: 1 - - build-nightly-server-centos: - runs-on: ubuntu-latest - env: - BUILDAH_FORMAT: oci - steps: - - uses: actions/checkout@v3 - - name: Build the nightly server image - run: make OS_NAME=centos build-nightly-server - - name: Upload nightly server image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "samba-server:centos-nightly" + image: "samba-server:${{ matrix.os }}-nightly" retention_days: 1 build-nightly-ad-server: runs-on: ubuntu-latest + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] + exclude: + - os: centos env: BUILDAH_FORMAT: oci steps: - uses: actions/checkout@v3 - name: Build the nightly ad server image - run: make build-nightly-ad-server - - name: Upload nightly ad server image + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-ad-server + - name: Upload nightly AD server image uses: ishworkh/docker-image-artifact-upload@v1 with: - image: "samba-ad-server:nightly" + image: "samba-ad-server:${{ matrix.os }}-nightly" retention_days: 1 test-nightly-server: + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] needs: build-nightly-server runs-on: ubuntu-latest steps: @@ -212,29 +181,24 @@ jobs: - name: Download nightly server image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "samba-server:nightly" + image: "samba-server:${{ matrix.os }}-nightly" - name: Test the nightly server image - run: LOCAL_TAG=samba-server:nightly tests/test-samba-container.sh - - test-nightly-server-centos: - needs: build-nightly-server-centos - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Download nightly server image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "samba-server:centos-nightly" - - name: Test the nightly server image - run: LOCAL_TAG=samba-server:centos-nightly tests/test-samba-container.sh + run: LOCAL_TAG=samba-server:${{ matrix.os }}-nightly tests/test-samba-container.sh test-ad-server-kubernetes: + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] + exclude: + - os: centos needs: - build-ad-server - build-server - #runs-on: ubuntu-latest # need to explicitly use 20.04 to avoid problems with jq... runs-on: ubuntu-20.04 + env: + IMG_TAG: ${{ matrix.os }}-latest steps: - uses: actions/checkout@v3 - uses: nolar/setup-k3d-k3s@v1 @@ -243,28 +207,33 @@ jobs: - name: Download ad server image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "samba-ad-server:latest" + image: "samba-ad-server:${{ matrix.os }}-latest" - name: import ad server image - run: k3d image import samba-ad-server:latest + run: k3d image import samba-ad-server:${{ matrix.os }}-latest - name: Download file server image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "samba-server:latest" + image: "samba-server:${{ matrix.os }}-latest" - name: import file server image - run: k3d image import samba-server:latest + run: k3d image import samba-server:${{ matrix.os }}-latest - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh test-nightly-ad-server-kubernetes: - needs: - - build-nightly-ad-server - - build-nightly-server - #runs-on: ubuntu-latest - # need to explicitly use 20.04 to avoid problems with jq... - runs-on: ubuntu-20.04 - env: - IMG_TAG: nightly - steps: + strategy: + matrix: + os: [centos, fedora] + arch: [amd64] + exclude: + - os: centos + needs: + - build-nightly-server + - build-nightly-ad-server + # need to explicitly use 20.04 to avoid problems with jq... + runs-on: ubuntu-20.04 + env: + IMG_TAG: ${{ matrix.os }}-nightly + steps: - uses: actions/checkout@v3 - uses: nolar/setup-k3d-k3s@v1 - name: get nodes @@ -272,15 +241,15 @@ jobs: - name: Download nightly ad server image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "samba-ad-server:nightly" + image: "samba-ad-server:${{ matrix.os }}-nightly" - name: import nightly ad server image - run: k3d image import samba-ad-server:nightly + run: k3d image import samba-ad-server:${{ matrix.os }}-nightly - name: Download nightly file server image uses: ishworkh/docker-image-artifact-download@v1 with: - image: "samba-server:nightly" + image: "samba-server:${{ matrix.os }}-nightly" - name: import nightly file server image - run: k3d image import samba-server:nightly + run: k3d image import samba-server:${{ matrix.os }}-nightly - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh From 46309784bac8e9154b58f61fdb1c2870dc453512 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Jul 2023 16:59:50 -0400 Subject: [PATCH 07/45] github: add testing of opensuse builds previously, only fedora and centos builds were tested in the CI. This adds opensuse to the test matrix where appropriate Signed-off-by: Michael Adam --- .github/workflows/container-image.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 6a318baa..da6c7386 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - os: [centos, fedora] + os: [centos, fedora, opensuse] arch: [amd64] env: BUILDAH_FORMAT: oci @@ -56,7 +56,7 @@ jobs: build-ad-server: strategy: matrix: - os: [centos, fedora] + os: [centos, fedora, opensuse] arch: [amd64] exclude: - os: centos @@ -76,7 +76,7 @@ jobs: build-client: strategy: matrix: - os: [centos, fedora] + os: [centos, fedora, opensuse] arch: [amd64] env: BUILDAH_FORMAT: oci @@ -96,7 +96,7 @@ jobs: build-toolbox: strategy: matrix: - os: [centos, fedora] + os: [centos, fedora, opensuse] arch: [amd64] needs: build-client runs-on: ubuntu-latest @@ -116,7 +116,7 @@ jobs: test-server: strategy: matrix: - os: [centos, fedora] + os: [centos, fedora, opensuse] arch: [amd64] needs: build-server runs-on: ubuntu-latest @@ -188,7 +188,7 @@ jobs: test-ad-server-kubernetes: strategy: matrix: - os: [centos, fedora] + os: [centos, fedora, opensuse] arch: [amd64] exclude: - os: centos From 6740e2a32ff1e650ab762cb2218b3afc7ebbb8b0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 5 Jul 2023 19:24:17 +0200 Subject: [PATCH 08/45] images: work around missing nsswitch.conf in opensuse server image Signed-off-by: Michael Adam --- images/ad-server/Containerfile.opensuse | 1 + images/server/Containerfile.opensuse | 3 +++ 2 files changed, 4 insertions(+) diff --git a/images/ad-server/Containerfile.opensuse b/images/ad-server/Containerfile.opensuse index 07273ecf..bee251ac 100644 --- a/images/ad-server/Containerfile.opensuse +++ b/images/ad-server/Containerfile.opensuse @@ -37,6 +37,7 @@ RUN zypper --non-interactive install --no-recommends \ zypper clean; RUN ln -sf /usr/share/sambacc/examples/addc.json /etc/samba/container.json RUN rm -rf /etc/samba/smb.conf +RUN cp /usr/etc/nsswitch.conf /etc/nsswitch.conf ENV SAMBACC_CONFIG="/etc/samba/container.json:/etc/samba/users.json" diff --git a/images/server/Containerfile.opensuse b/images/server/Containerfile.opensuse index b30d4c26..9e7d329f 100644 --- a/images/server/Containerfile.opensuse +++ b/images/server/Containerfile.opensuse @@ -35,6 +35,9 @@ RUN zypper --non-interactive install --no-recommends \ sambacc && \ zypper clean; RUN ln -sf /usr/share/sambacc/examples/minimal.json /etc/samba/container.json +RUN cp /usr/etc/nsswitch.conf /etc/nsswitch.conf + + VOLUME ["/share"] From ba319f8c22821eb5675933a1d6e4049f649e84fc Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 13 Jul 2023 09:42:01 -0400 Subject: [PATCH 09/45] github: make indents conform to yamllint rules Stop yamllint from emitting warnings due to the indent of parts of the container-image.yml file. Signed-off-by: John Mulligan --- .github/workflows/container-image.yml | 180 +++++++++++++------------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index da6c7386..a17113dc 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -14,13 +14,13 @@ jobs: checks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - # We need a newer version of shellcheck to avoid problems with the - # relative imports. Our scripts work on v0.7.2 and up but not the - # v0.7.0 preinstalled in the ubutnu image. We can force a local - # install by expliclity setting SHELLCHECK to `$ALT_BIN/shellcheck` - - name: Run static check tools - run: make check SHELLCHECK=$PWD/.bin/shellcheck + - uses: actions/checkout@v3 + # We need a newer version of shellcheck to avoid problems with the + # relative imports. Our scripts work on v0.7.2 and up but not the + # v0.7.0 preinstalled in the ubutnu image. We can force a local + # install by expliclity setting SHELLCHECK to `$ALT_BIN/shellcheck` + - name: Run static check tools + run: make check SHELLCHECK=$PWD/.bin/shellcheck check-commits: runs-on: ubuntu-latest @@ -44,14 +44,14 @@ jobs: env: BUILDAH_FORMAT: oci steps: - - uses: actions/checkout@v3 - - name: Build the server image - run: make OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-server - - name: Upload server image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "samba-server:${{ matrix.os }}-latest" - retention_days: 1 + - uses: actions/checkout@v3 + - name: Build the server image + run: make OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-server + - name: Upload server image + uses: ishworkh/docker-image-artifact-upload@v1 + with: + image: "samba-server:${{ matrix.os }}-latest" + retention_days: 1 build-ad-server: strategy: @@ -64,14 +64,14 @@ jobs: env: BUILDAH_FORMAT: oci steps: - - uses: actions/checkout@v3 - - name: Build the ad server image - run: make OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-ad-server - - name: Upload ad server image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "samba-ad-server:${{ matrix.os}}-latest" - retention_days: 1 + - uses: actions/checkout@v3 + - name: Build the ad server image + run: make OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-ad-server + - name: Upload ad server image + uses: ishworkh/docker-image-artifact-upload@v1 + with: + image: "samba-ad-server:${{ matrix.os}}-latest" + retention_days: 1 build-client: strategy: @@ -82,16 +82,16 @@ jobs: BUILDAH_FORMAT: oci runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: build the client image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-client - # Here we upload samba-client image to artifacts locally for consumption - # during the samba-toolbox build process. - - name: Upload the client image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" - retention_days: 1 + - uses: actions/checkout@v3 + - name: build the client image + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-client + # Here we upload samba-client image to artifacts locally for consumption + # during the samba-toolbox build process. + - name: Upload the client image + uses: ishworkh/docker-image-artifact-upload@v1 + with: + image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" + retention_days: 1 build-toolbox: strategy: @@ -103,15 +103,15 @@ jobs: env: BUILDAH_FORMAT: oci steps: - - uses: actions/checkout@v3 - # Download locally stored samba-client image to be used as base for building - # samba-toolbox. - - name: Download client image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" - - name: Build the toolbox image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-toolbox + - uses: actions/checkout@v3 + # Download locally stored samba-client image to be used as base for building + # samba-toolbox. + - name: Download client image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" + - name: Build the toolbox image + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-toolbox test-server: strategy: @@ -121,13 +121,13 @@ jobs: needs: build-server runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Download server image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "samba-server:${{ matrix.os }}-latest" - - name: Test the server image - run: LOCAL_TAG="samba-server:${{ matrix.os}}-latest" tests/test-samba-container.sh + - uses: actions/checkout@v3 + - name: Download server image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "samba-server:${{ matrix.os }}-latest" + - name: Test the server image + run: LOCAL_TAG="samba-server:${{ matrix.os}}-latest" tests/test-samba-container.sh # Reminder: the nightly-server images consume nightly samba rpm builds # it is not *just* an image that gets built nightly @@ -140,14 +140,14 @@ jobs: env: BUILDAH_FORMAT: oci steps: - - uses: actions/checkout@v3 - - name: Build the nightly server image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-server - - name: Upload nightly server image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "samba-server:${{ matrix.os }}-nightly" - retention_days: 1 + - uses: actions/checkout@v3 + - name: Build the nightly server image + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-server + - name: Upload nightly server image + uses: ishworkh/docker-image-artifact-upload@v1 + with: + image: "samba-server:${{ matrix.os }}-nightly" + retention_days: 1 build-nightly-ad-server: runs-on: ubuntu-latest @@ -160,14 +160,14 @@ jobs: env: BUILDAH_FORMAT: oci steps: - - uses: actions/checkout@v3 - - name: Build the nightly ad server image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-ad-server - - name: Upload nightly AD server image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "samba-ad-server:${{ matrix.os }}-nightly" - retention_days: 1 + - uses: actions/checkout@v3 + - name: Build the nightly ad server image + run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-ad-server + - name: Upload nightly AD server image + uses: ishworkh/docker-image-artifact-upload@v1 + with: + image: "samba-ad-server:${{ matrix.os }}-nightly" + retention_days: 1 test-nightly-server: strategy: @@ -177,13 +177,13 @@ jobs: needs: build-nightly-server runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Download nightly server image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "samba-server:${{ matrix.os }}-nightly" - - name: Test the nightly server image - run: LOCAL_TAG=samba-server:${{ matrix.os }}-nightly tests/test-samba-container.sh + - uses: actions/checkout@v3 + - name: Download nightly server image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "samba-server:${{ matrix.os }}-nightly" + - name: Test the nightly server image + run: LOCAL_TAG=samba-server:${{ matrix.os }}-nightly tests/test-samba-container.sh test-ad-server-kubernetes: strategy: @@ -200,24 +200,24 @@ jobs: env: IMG_TAG: ${{ matrix.os }}-latest steps: - - uses: actions/checkout@v3 - - uses: nolar/setup-k3d-k3s@v1 - - name: get nodes - run: kubectl get nodes - - name: Download ad server image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "samba-ad-server:${{ matrix.os }}-latest" - - name: import ad server image - run: k3d image import samba-ad-server:${{ matrix.os }}-latest - - name: Download file server image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "samba-server:${{ matrix.os }}-latest" - - name: import file server image - run: k3d image import samba-server:${{ matrix.os }}-latest - - name: run the ad-dc deployment test - run: ./tests/test-samba-ad-server-kubernetes.sh + - uses: actions/checkout@v3 + - uses: nolar/setup-k3d-k3s@v1 + - name: get nodes + run: kubectl get nodes + - name: Download ad server image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "samba-ad-server:${{ matrix.os }}-latest" + - name: import ad server image + run: k3d image import samba-ad-server:${{ matrix.os }}-latest + - name: Download file server image + uses: ishworkh/docker-image-artifact-download@v1 + with: + image: "samba-server:${{ matrix.os }}-latest" + - name: import file server image + run: k3d image import samba-server:${{ matrix.os }}-latest + - name: run the ad-dc deployment test + run: ./tests/test-samba-ad-server-kubernetes.sh test-nightly-ad-server-kubernetes: strategy: From c9499e27c31691d6bd59d4e3efcf5c37f9f25d7a Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 13 Jul 2023 11:25:14 -0400 Subject: [PATCH 10/45] github: update mergify config to match new matrix Signed-off-by: John Mulligan --- .github/mergify.yml | 56 ++++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index 0999d4b4..beb5a1e1 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -14,15 +14,25 @@ defaults: queue_rules: - name: default conditions: - - check-success=check - - check-success=build-server - - check-success=build-ad-server - - check-success=build-nightly-server - - check-success=build-nightly-ad-server - - check-success=build-client - - check-success=build-toolbox - - check-success=test-ad-server-kubernetes - - check-success=test-nightly-ad-server-kubernetes + - check-success=checks + - check-success=build-server (centos, amd64) + - check-success=build-server (fedora, amd64) + - check-success=build-server (opensuse, amd64) + - check-success=build-ad-server (fedora, amd64) + - check-success=build-ad-server (opensuse, amd64) + - check-success=build-nightly-server (centos, amd64) + - check-success=build-nightly-server (fedora, amd64) + - check-success=build-nightly-server (opensuse, amd64) + - check-success=build-nightly-ad-server (fedora, amd64) + - check-success=build-client (centos, amd64) + - check-success=build-client (fedora, amd64) + - check-success=build-client (opensuse, amd64) + - check-success=build-toolbox (centos, amd64) + - check-success=build-toolbox (fedora, amd64) + - check-success=build-toolbox (opensuse, amd64) + - check-success=test-ad-server-kubernetes (fedora, amd64) + - check-success=test-ad-server-kubernetes (opensuse, amd64) + - check-success=test-nightly-ad-server-kubernetes (fedora, amd64) - check-success=dpulls @@ -38,15 +48,25 @@ pull_request_rules: # Perform automatic merge on conditions - name: Automatic merge on approval conditions: - - check-success=check - - check-success=build-server - - check-success=build-ad-server - - check-success=build-nightly-server - - check-success=build-nightly-ad-server - - check-success=build-client - - check-success=build-toolbox - - check-success=test-ad-server-kubernetes - - check-success=test-nightly-ad-server-kubernetes + - check-success=checks + - check-success=build-server (centos, amd64) + - check-success=build-server (fedora, amd64) + - check-success=build-server (opensuse, amd64) + - check-success=build-ad-server (fedora, amd64) + - check-success=build-ad-server (opensuse, amd64) + - check-success=build-nightly-server (centos, amd64) + - check-success=build-nightly-server (fedora, amd64) + - check-success=build-nightly-server (opensuse, amd64) + - check-success=build-nightly-ad-server (fedora, amd64) + - check-success=build-client (centos, amd64) + - check-success=build-client (fedora, amd64) + - check-success=build-client (opensuse, amd64) + - check-success=build-toolbox (centos, amd64) + - check-success=build-toolbox (fedora, amd64) + - check-success=build-toolbox (opensuse, amd64) + - check-success=test-ad-server-kubernetes (fedora, amd64) + - check-success=test-ad-server-kubernetes (opensuse, amd64) + - check-success=test-nightly-ad-server-kubernetes (fedora, amd64) - check-success=dpulls - "-draft" # Contributors should set the 'do-not-merge' label if they don't want From d8fdc4f8ca2219217011b0b4504c8410cfcf58a1 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 13 Jul 2023 12:13:44 -0400 Subject: [PATCH 11/45] github: update indents to please yamllint Eliminate remaining yamllint warnings on the .github/mergify.yml file. Signed-off-by: John Mulligan --- .github/mergify.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index beb5a1e1..b2686c0e 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -82,16 +82,16 @@ pull_request_rules: # any changes requested. - "#changes-requested-reviews-by=0" - or: - # Any contributor's PR can be automerged with 2 (or more) reviews. - - "#approved-reviews-by>=2" - # A maintainer's contribution that has already aged long enough to - # earn the "priority-review" label can be merged immediately. - # The label can also be applied manually in case of an important - # bugfix, etc. - - and: - - "label=priority-review" - - "author=@maintainers" - - "#approved-reviews-by>=1" + # Any contributor's PR can be automerged with 2 (or more) reviews. + - "#approved-reviews-by>=2" + # A maintainer's contribution that has already aged long enough to + # earn the "priority-review" label can be merged immediately. + # The label can also be applied manually in case of an important + # bugfix, etc. + - and: + - "label=priority-review" + - "author=@maintainers" + - "#approved-reviews-by>=1" actions: queue: {} dismiss_reviews: {} From 89f138c27d18170fd97ecc2cb251cb5d7a0617ac Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Mon, 3 Jul 2023 11:26:09 +0530 Subject: [PATCH 12/45] workflows: Use new GitHub action with podman support https://github.com/marketplace/actions/container-image-artifact-upload https://github.com/marketplace/actions/container-image-artifact-download Signed-off-by: Anoop C S --- .github/workflows/container-image.yml | 36 ++++++++++++++++++--------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index a17113dc..6a0ee254 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -48,9 +48,10 @@ jobs: - name: Build the server image run: make OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-server - name: Upload server image - uses: ishworkh/docker-image-artifact-upload@v1 + uses: ishworkh/container-image-artifact-upload@v1.0.0 with: image: "samba-server:${{ matrix.os }}-latest" + container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 build-ad-server: @@ -68,9 +69,10 @@ jobs: - name: Build the ad server image run: make OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-ad-server - name: Upload ad server image - uses: ishworkh/docker-image-artifact-upload@v1 + uses: ishworkh/container-image-artifact-upload@v1.0.0 with: image: "samba-ad-server:${{ matrix.os}}-latest" + container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 build-client: @@ -88,9 +90,10 @@ jobs: # Here we upload samba-client image to artifacts locally for consumption # during the samba-toolbox build process. - name: Upload the client image - uses: ishworkh/docker-image-artifact-upload@v1 + uses: ishworkh/container-image-artifact-upload@v1.0.0 with: image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" + container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 build-toolbox: @@ -107,9 +110,10 @@ jobs: # Download locally stored samba-client image to be used as base for building # samba-toolbox. - name: Download client image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" + container_engine: ${{ env.CONTAINER_CMD }} - name: Build the toolbox image run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-toolbox @@ -123,9 +127,10 @@ jobs: steps: - uses: actions/checkout@v3 - name: Download server image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-server:${{ matrix.os }}-latest" + container_engine: ${{ env.CONTAINER_CMD }} - name: Test the server image run: LOCAL_TAG="samba-server:${{ matrix.os}}-latest" tests/test-samba-container.sh @@ -144,9 +149,10 @@ jobs: - name: Build the nightly server image run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-server - name: Upload nightly server image - uses: ishworkh/docker-image-artifact-upload@v1 + uses: ishworkh/container-image-artifact-upload@v1.0.0 with: image: "samba-server:${{ matrix.os }}-nightly" + container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 build-nightly-ad-server: @@ -164,9 +170,10 @@ jobs: - name: Build the nightly ad server image run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-ad-server - name: Upload nightly AD server image - uses: ishworkh/docker-image-artifact-upload@v1 + uses: ishworkh/container-image-artifact-upload@v1.0.0 with: image: "samba-ad-server:${{ matrix.os }}-nightly" + container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 test-nightly-server: @@ -179,9 +186,10 @@ jobs: steps: - uses: actions/checkout@v3 - name: Download nightly server image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-server:${{ matrix.os }}-nightly" + container_engine: ${{ env.CONTAINER_CMD }} - name: Test the nightly server image run: LOCAL_TAG=samba-server:${{ matrix.os }}-nightly tests/test-samba-container.sh @@ -205,15 +213,17 @@ jobs: - name: get nodes run: kubectl get nodes - name: Download ad server image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-ad-server:${{ matrix.os }}-latest" + container_engine: ${{ env.CONTAINER_CMD }} - name: import ad server image run: k3d image import samba-ad-server:${{ matrix.os }}-latest - name: Download file server image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-server:${{ matrix.os }}-latest" + container_engine: ${{ env.CONTAINER_CMD }} - name: import file server image run: k3d image import samba-server:${{ matrix.os }}-latest - name: run the ad-dc deployment test @@ -239,15 +249,17 @@ jobs: - name: get nodes run: kubectl get nodes - name: Download nightly ad server image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-ad-server:${{ matrix.os }}-nightly" + container_engine: ${{ env.CONTAINER_CMD }} - name: import nightly ad server image run: k3d image import samba-ad-server:${{ matrix.os }}-nightly - name: Download nightly file server image - uses: ishworkh/docker-image-artifact-download@v1 + uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-server:${{ matrix.os }}-nightly" + container_engine: ${{ env.CONTAINER_CMD }} - name: import nightly file server image run: k3d image import samba-server:${{ matrix.os }}-nightly - name: run the ad-dc deployment test From 93d1c46e32a46bd7c771b3c6e4d4936bf561991a Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 14 Jul 2023 10:46:15 -0400 Subject: [PATCH 13/45] github: fix a mergify rule that was invalid When converting the mergify yaml to match the new matrix rules in github workflow yaml, I added `build-nightly-server (opensuse, amd64)` but that's not a valid rule. Remove them. Signed-off-by: John Mulligan --- .github/mergify.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index b2686c0e..a323f15d 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -22,7 +22,6 @@ queue_rules: - check-success=build-ad-server (opensuse, amd64) - check-success=build-nightly-server (centos, amd64) - check-success=build-nightly-server (fedora, amd64) - - check-success=build-nightly-server (opensuse, amd64) - check-success=build-nightly-ad-server (fedora, amd64) - check-success=build-client (centos, amd64) - check-success=build-client (fedora, amd64) @@ -56,7 +55,6 @@ pull_request_rules: - check-success=build-ad-server (opensuse, amd64) - check-success=build-nightly-server (centos, amd64) - check-success=build-nightly-server (fedora, amd64) - - check-success=build-nightly-server (opensuse, amd64) - check-success=build-nightly-ad-server (fedora, amd64) - check-success=build-client (centos, amd64) - check-success=build-client (fedora, amd64) From 299872a7e11860b5d19919c70982932a7d9e98cc Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Thu, 13 Jul 2023 12:33:07 +0530 Subject: [PATCH 14/45] images/ad-server: Prepare for building CentOS based images Nightly builds of Samba on CentOS 9 contains AD DC components. Thus we could create images with those nightly builds based on CentOS. Therefore make changes accordingly in the install scripts. Signed-off-by: Anoop C S --- images/ad-server/install-packages.sh | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/images/ad-server/install-packages.sh b/images/ad-server/install-packages.sh index 7a40a1a7..f39200df 100755 --- a/images/ad-server/install-packages.sh +++ b/images/ad-server/install-packages.sh @@ -6,25 +6,35 @@ get_custom_repo() { url="$1" fname="$(basename "$url")" dest="/etc/yum.repos.d/${fname}" - dnf install --setopt=install_weak_deps=False -y curl + dnf install --setopt=install_weak_deps=False -y /usr/bin/curl curl -L "$url" -o "$dest" } install_packages_from="$1" samba_version_suffix="$2" install_custom_repo="$3" + +# shellcheck disable=SC1091 +OS_BASE="$(. /etc/os-release && echo "${ID}")" + case "${install_packages_from}" in samba-nightly) # unset version suffix for nightly builds samba_version_suffix="" - get_custom_repo "https://artifacts.ci.centos.org/samba/pkgs/master/fedora/samba-nightly-master.repo" + get_custom_repo "https://artifacts.ci.centos.org/samba/pkgs/master/${OS_BASE}/samba-nightly-master.repo" ;; custom-repo) get_custom_repo "${install_custom_repo}" ;; esac -dnf install --setopt=install_weak_deps=False -y \ +dnf_cmd=(dnf) +if [[ "${OS_BASE}" = centos ]]; then + dnf install -y epel-next-release + dnf_cmd+=(--enablerepo=crb) +fi + +packages=(\ findutils \ python-pip \ python3-samba \ @@ -32,7 +42,10 @@ dnf install --setopt=install_weak_deps=False -y \ tdb-tools \ "samba-dc${samba_version_suffix}" \ procps-ng \ - /usr/bin/smbclient + /usr/bin/smbclient) +"${dnf_cmd[@]}" \ + install --setopt=install_weak_deps=False -y \ + "${packages[@]}" dnf clean all rm -rf /etc/samba/smb.conf From 3fa5b6bde5df9d89284cda2286de249c89b51223 Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Thu, 13 Jul 2023 12:37:03 +0530 Subject: [PATCH 15/45] images/ad-server: Add Containerfile for CentOS flavour Adding a Containerfile for building ad-server images on CentOS 9 where we could install AD DC components from repository holding nightly builds of Samba for CentOS. Signed-off-by: Anoop C S --- images/ad-server/Containerfile.centos | 39 +++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 images/ad-server/Containerfile.centos diff --git a/images/ad-server/Containerfile.centos b/images/ad-server/Containerfile.centos new file mode 100644 index 00000000..5375b49b --- /dev/null +++ b/images/ad-server/Containerfile.centos @@ -0,0 +1,39 @@ +FROM quay.io/centos/centos:stream9 +ARG INSTALL_PACKAGES_FROM=default +ARG SAMBA_VERSION_SUFFIX="" +ARG SAMBACC_VERSION_SUFFIX="" +ARG SAMBA_SPECIFICS= +ARG INSTALL_CUSTOM_REPO= + +MAINTAINER John Mulligan + +LABEL org.opencontainers.image.title="Samba ADDC container" +LABEL org.opencontainers.image.description="Samba ADDC container" +LABEL org.opencontainers.image.vendor="Samba in Kubernetes" + +COPY install-packages.sh /usr/local/bin/install-packages.sh +RUN /usr/local/bin/install-packages.sh \ + "${INSTALL_PACKAGES_FROM}" \ + "${SAMBA_VERSION_SUFFIX}" \ + "${INSTALL_CUSTOM_REPO}" + +# If you want to install a custom version of sambacc into this image mount +# a directory containing a sambacc RPM, or a sambacc wheel, or a .repo +# file at /tmp/sambacc-dist-latest +# If the directory is empty the script automatically falls back to using +# the latest continuously built RPM from our sambacc COPR: +# https://copr.fedorainfracloud.org/coprs/phlogistonjohn/sambacc +COPY .common/install-sambacc-common.sh /usr/local/bin/install-sambacc-common.sh +COPY install-sambacc.sh /usr/local/bin/install-sambacc.sh +RUN /usr/local/bin/install-sambacc.sh \ + "/tmp/sambacc-dist-latest" \ + "${SAMBACC_VERSION_SUFFIX}" + + +ENV SAMBACC_CONFIG="/etc/samba/container.json:/etc/samba/users.json" +ENV SAMBA_CONTAINER_ID="demo" +ENV SAMBA_SPECIFICS="$SAMBA_SPECIFICS" +ENTRYPOINT ["samba-dc-container"] +CMD ["run", "--setup=provision", "--setup=populate"] + +# vim:set syntax=dockerfile: From 15d42513f85a8fcc5de6da212327403fe9273de2 Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Fri, 14 Jul 2023 15:17:40 +0530 Subject: [PATCH 16/45] github: Remove exclude for centos in nightly-ad-server jobs With the ability to build and run ad-server images based on CentOS using nightly builds of Samba, we could enable corresponding jobs by removing the exclude for 'centos' from the matrix. Signed-off-by: Anoop C S --- .github/workflows/container-image.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 6a0ee254..5e3ff426 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -161,8 +161,6 @@ jobs: matrix: os: [centos, fedora] arch: [amd64] - exclude: - - os: centos env: BUILDAH_FORMAT: oci steps: @@ -234,8 +232,6 @@ jobs: matrix: os: [centos, fedora] arch: [amd64] - exclude: - - os: centos needs: - build-nightly-server - build-nightly-ad-server From 45634e87b12ec5b5c50e67e028d397c6a1ad808a Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 25 May 2023 14:49:10 -0400 Subject: [PATCH 17/45] hack: add build-image for abstracting the hard parts of image building Add a python-based script `build-image` that takes on the complexities of how we build our images, including applying common tags and "fully-qualified image names". The script can be called from a makefile but doesn't require it. When used directly you can generate multiple image variants in one pass. Example: ``` ./hack/build-image -k server -p default -p nightly -a amd64 -a arm64 ``` Will produce four images, in short: 1. server with default packages on amd64 2. server with default packages on arm64 3. server with nightly packages on amd64 4. server with nightly packages on arm64 (all using the default distro, currently fedora) Signed-off-by: John Mulligan --- hack/build-image | 593 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 593 insertions(+) create mode 100755 hack/build-image diff --git a/hack/build-image b/hack/build-image new file mode 100755 index 00000000..11892ad4 --- /dev/null +++ b/hack/build-image @@ -0,0 +1,593 @@ +#!/usr/bin/python3 +""" +build-image - A script for building a matrix of samba container images. + +In order to cleanly implement both logic and maintain backwards compatibility +with image naming schemes already in the wild the build-image script +can be used to create "Fully Qualified Image Names" that combine the +image kind (samba-server, client, etc) and a tag that indicates all +the unique properties of the image. This includes the package source, +the base os, and the architecture. + +In addition to building the images, one can push images, list images, +and list build status files (aka buildfiles). + +Usage: + # build an image + ./hack/build-image --kind server --distro-base fedora --arch amd64 + + # print out the FQIN + ./hack/build-image --kind samba-server --distro-base fedora \\ + --arch amd64 --print + + # print out the FQIN and additional tags + ./hack/build-image --kind samba-server --distro-base fedora \\ + --arch amd64 --print-tags + + # print out the FQIN and additional tags for multiple images, with + # and without a repository base + ./hack/build-image --kind samba-server \\ + --distro-base fedora \\ + --distro-base centos \\ + --distro-base opensuse \\ + --arch amd64 \\ + --repo-base quay.io/foobar --without-repo-bases --print-tags + +""" + +import argparse +import logging +import os +import pathlib +import platform +import shlex +import shutil +import subprocess +import sys + + +logger = logging.getLogger("build-image") + +# IMAGE_KINDS - map aliases/names to canonical names for the kinds +# of images we can build +IMG_SERVER = "samba-server" +IMG_AD_SERVER = "samba-ad-server" +IMG_CLIENT = "samba-client" +IMG_TOOLBOX = "samba-toolbox" +IMAGE_KINDS = { + # short names + "server": IMG_SERVER, + "ad-server": IMG_AD_SERVER, + "client": IMG_CLIENT, + "toolbox": IMG_TOOLBOX, + # canonical names + "samba-server": IMG_SERVER, + "samba-ad-server": IMG_AD_SERVER, + "samba-client": IMG_CLIENT, + "samba-toolbox": IMG_TOOLBOX, +} + +# ARCHITECTURES - map supported arch names/alias to canonical names +AMD64 = "amd64" +ARM64 = "arm64" +ARCHITECTURES = { + # alternate names + "x86_64": AMD64, + "aarch64": ARM64, + # canonical names + "amd64": AMD64, + "arm64": ARM64, +} + +# DISTROS - list of supported distro bases +FEDORA = "fedora" +CENTOS = "centos" +OPENSUSE = "opensuse" +DISTROS = [ + FEDORA, + CENTOS, + OPENSUSE, +] + +# PACKAGE_SOURCES - list of known package sources +DEFAULT = "default" +NIGHTLY = "nightly" +PACKAGE_SOURCES = [DEFAULT, NIGHTLY] + +# SOURCE_DIRS - image source paths +# (paths are relative to common image source dir) +SOURCE_DIRS = { + IMG_SERVER: "server", + IMG_AD_SERVER: "ad-server", + IMG_CLIENT: "client", + IMG_TOOLBOX: "toolbox", +} + +DEFAULT_PKG_SOURCES = [DEFAULT] +DEFAULT_DISTRO_BASES = [FEDORA] +LATEST = "latest" +QUAL_NONE = "unqualified" +QUAL_DISTRO = "distro-qualified" + + +_DISCOVERED_CONTAINER_ENGINES = [] + + +def check_kind(kind): + """Return the canonical name for the image kind or raise a ValueError.""" + try: + return IMAGE_KINDS[kind] + except KeyError: + raise ValueError(f"invalid kind: {kind}") + + +def check_arch(arch): + """Return the canonical name for the arch or raise a ValueError.""" + try: + return ARCHITECTURES[arch] + except KeyError: + raise ValueError(f"invalid arch: {arch}") + + +def check_distro(distro): + """Return the canonical name for a distro base or raise a ValueError.""" + if distro in DISTROS: + return distro + raise ValueError(f"invalid distro: {distro}") + + +def check_pkg_source(source): + """Return the canonical name for a package source or raise a ValueError.""" + if source in PACKAGE_SOURCES: + return source + raise ValueError(f"invalid package source: {source}") + + +def check_repo_base_for(value): + """Return a tuple with a (distro_base, repo_base) pair or raise a + ValueError. + """ + if "=" not in value: + raise ValueError("expected '=' in value") + db, rb = value.split("=", 1) + db = check_distro(db) + return (db, rb) + + +def _cmd_to_str(cmd): + """Format a command for logging.""" + return " ".join(shlex.quote(arg) for arg in cmd) + + +def run(cli, cmd, capture_output=False, check=False): + """Execute a command. Wraps subprocess.run.""" + if cli.dry_run and not capture_output: + logger.info("Would run: %s", _cmd_to_str(cmd)) + return subprocess.CompletedProcess(cmd, 0) + logger.info("Running: %s", _cmd_to_str(cmd)) + return subprocess.run(cmd, capture_output=capture_output, check=check) + + +def container_engine(cli): + """Return the path to a container engine. If the container engine is not + yet known, discover it and cache the result. + """ + eng = cli.container_engine + if eng: + logger.info("Using specified container engine: %s", eng) + return eng + if _DISCOVERED_CONTAINER_ENGINES: + return _DISCOVERED_CONTAINER_ENGINES[0] + podman = shutil.which("podman") + if podman: + _DISCOVERED_CONTAINER_ENGINES.append(podman) + docker = shutil.which("docker") + if docker: + _DISCOVERED_CONTAINER_ENGINES.append(docker) + return _DISCOVERED_CONTAINER_ENGINES[0] + + +def container_build(cli, target): + """Construct and execute a command to build the target container image.""" + args = [container_engine(cli), "build"] + if target.pkg_source == NIGHTLY: + args.append("--build-arg=INSTALL_PACKAGES_FROM=samba-nightly") + # docker doesn't currently support alt. architectures + if "docker" in args[0]: + if target.arch != host_arch(): + raise RuntimeError("Docker does not support --arch") + else: + args.append(f"--arch={target.arch}") + if cli.extra_build_arg: + args.extend(cli.extra_build_arg) + for tname in target.all_names(baseless=cli.without_repo_bases): + args.append("-t") + args.append(tname) + args.append("-f") + args.append(target_containerfile(target)) + args.append(kind_source_dir(target.name)) + args = [str(a) for a in args] + run(cli, args, check=True) + + +def container_push(cli, push_name): + """Construct and execute a command to push a container image.""" + args = [container_engine(cli), "push", push_name] + run(cli, args, check=True) + + +def container_id(cli, target): + """Construct and run a command to fetch a hexidecimal id for a container + image. + """ + args = [ + container_engine(cli), + "inspect", + "-f", + "{{.Id}}", + target.image_name(), + ] + res = run(cli, args, capture_output=True, check=True) + return res.stdout.decode("utf8").strip() + + +def kind_source_dir(kind): + """Return the path to a kind's source directory.""" + return pathlib.Path("images") / SOURCE_DIRS[check_kind(kind)] + + +def target_containerfile(target): + """Return the path to a containerfile given an image target.""" + return str(kind_source_dir(target.name) / f"Containerfile.{target.distro}") + + +def host_arch(): + """Return the name of the host's native architecture.""" + return check_arch(platform.machine().lower()) + + +def default_arches(): + """Return a list of the default architectures to use for building.""" + return [host_arch()] + + +class RepoConfig: + def __init__(self, default_repo_base, distro_repo=None): + self.default = default_repo_base + self.distro_map = dict(distro_repo or []) + + def find_base(self, distro): + return self.distro_map.get(distro, self.default) + + +class TargetImage: + def __init__( + self, name, pkg_source, distro, arch, extra_tag="", *, repo_base="" + ): + self.name = name + self.pkg_source = pkg_source + self.distro = distro + self.arch = arch + self.extra_tag = extra_tag + self.repo_base = repo_base + self.additional_tags = [] + + def tag_name(self): + tag_parts = [self.pkg_source, self.distro, self.arch] + if self.extra_tag: + tag_parts.append(self.extra_tag) + tag = "-".join(tag_parts) + return tag + + def image_name(self, *, tag=None, repo_base=None): + if not tag: + tag = self.tag_name() + image_name = f"{self.name}:{tag}" + repo_base = repo_base if repo_base is not None else self.repo_base + if repo_base: + repo_base = repo_base.rstrip("/") + image_name = f"{repo_base}/{image_name}" + return image_name + + def flat_name(self): + return f"{self.name}.{self.tag_name()}" + + def __str__(self): + return self.image_name() + + def all_names(self, baseless=False): + yield self.image_name() + for tag, _ in self.additional_tags: + yield self.image_name(tag=tag) + if self.repo_base and baseless: + yield self.image_name(repo_base="") + for tag, qual in self.additional_tags: + if qual == QUAL_NONE: + continue + yield self.image_name(tag=tag, repo_base="") + + @classmethod + def parse(cls, image_name): + if "/" in image_name: + base, rest = image_name.rsplit("/", 1) + else: + base = "" + rest = image_name + iname, tag = rest.split(":", 1) + tparts = tag.split("-", 3) + if len(tparts) < 3: + raise ValueError(f"too few tag components: {tag!r}") + return cls( + iname, + check_pkg_source(tparts[0]), + check_distro(tparts[1]), + check_arch(tparts[2]), + extra_tag=(tparts[3] if len(tparts) > 3 else ""), + repo_base=base, + ) + + +def generate_images(cli): + """Given full image names or a matrix of kind/pkg_source/distro_base/arch + values generate a list of target images to build/process. + """ + images = {} + for img in cli.image or []: + images[str(img)] = img + rc = RepoConfig(cli.repo_base, cli.repo_base_for) + for kind in cli.kind or []: + for pkg_source in cli.package_source or DEFAULT_PKG_SOURCES: + for distro_base in cli.distro_base or DEFAULT_DISTRO_BASES: + for arch in cli.arch or default_arches(): + timg = TargetImage( + kind, + pkg_source, + distro_base, + arch, + extra_tag=(cli.extra_tag or ""), + repo_base=rc.find_base(distro_base), + ) + images[str(timg)] = timg + return list(images.values()) + + +def add_special_tags(img): + """Certain images have special tags. Given an image, add general (non-FQIN) + tags to that image. + """ + # Most of the policy (as opposed to mechanism) resides here where we decide + # that certain images deserve some extra special tags. Mostly this serves + # to keep us compatible with older tagging schemes from earlier versions of + # the project. + if img.distro in [FEDORA, OPENSUSE]: + if img.arch == host_arch() and img.pkg_source == DEFAULT: + img.additional_tags.append((LATEST, QUAL_NONE)) + if img.arch == host_arch() and img.pkg_source == NIGHTLY: + img.additional_tags.append((NIGHTLY, QUAL_NONE)) + if img.arch == host_arch() and img.pkg_source == "default": + img.additional_tags.append((f"{img.distro}-{LATEST}", QUAL_DISTRO)) + if img.arch == host_arch() and img.pkg_source == "nightly": + img.additional_tags.append((f"{img.distro}-{NIGHTLY}", QUAL_DISTRO)) + + +def build(cli, target): + """Command to build images.""" + build_file = pathlib.Path(f"{cli.buildfile_prefix}{target.flat_name()}") + common_src = "./images/common" + common_dst = str(kind_source_dir(target.name) / ".common") + logger.debug("Copying common tree: %r -> %r", common_src, common_dst) + shutil.copytree(common_src, common_dst, dirs_exist_ok=True) + container_build(cli, target) + cid = container_id(cli, target) + with open(build_file, "w") as fh: + fh.write(f"{cid} {target.image_name()}\n") + + +def push(cli, target): + """Command to push images.""" + if cli.push_state == "rebuild": + build(cli, target) + if cli.push_state == "exists": + try: + container_id(cli, target) + except subprocess.CalledProcessError: + build(cli, target) + + push_name = target.image_name() + for tag in target.additional_tags: + if tag in ("latest", "nightly"): + push_name = target.image_name(tag=tag) + break + if tag.endswith(("-latest", "-nightly")): + push_name = target.image_name(tag=tag) + break + container_push(cli, push_name) + + +def print_buildfile(cli, target): + """Command to print build file names.""" + build_file = pathlib.Path(f"{cli.buildfile_prefix}{target.flat_name()}") + print(build_file) + + +def print_image(_, target): + """Command to print (fqin) image names.""" + print(str(target)) + + +def print_tags(cli, target): + """Command to print fqin image and additinal tag names.""" + for idx, name in enumerate( + target.all_names(baseless=cli.without_repo_bases) + ): + prefix = "" if idx == 0 else " " + print(f"{prefix}{name}") + + +def main(): + parser = argparse.ArgumentParser() + parser.add_argument( + "--verbose", + dest="log_level", + action="store_const", + const=logging.INFO, + default=logging.WARNING, + help="Emit verbose output", + ) + parser.add_argument( + "--debug", + dest="log_level", + action="store_const", + const=logging.DEBUG, + default=logging.WARNING, + help="Emit debug level output", + ) + parser.add_argument( + "--repo-base", + "-R", + help=( + "Common container registry repository base" + " (eg. quay.io/samba.org)" + ), + ) + parser.add_argument( + "--image", + "-i", + type=TargetImage.parse, + action="append", + help="Build precisely the named image (requires a FQIN)", + ) + parser.add_argument( + "--kind", + "-k", + type=check_kind, + action="append", + help="The kind of container to build (server, ad-server, etc...)", + ) + parser.add_argument( + "--distro-base", + "-d", + type=check_distro, + action="append", + help="The name of the base OS distribution to use.", + ) + parser.add_argument( + "--repo-base-for", + "-F", + type=check_repo_base_for, + action="append", + help=( + "Assign a custom repo base given a distro base" + "(like: --repo-base-for=centos=wonky.io/smb)" + ), + ) + parser.add_argument( + "--arch", + "-a", + type=check_arch, + action="append", + help="The name of the CPU architecture to build for", + ) + parser.add_argument( + "--package-source", + "-p", + type=check_pkg_source, + action="append", + help="Source of Samba packages to use", + ) + parser.add_argument( + "--container-engine", + help=( + "Expliclty specify the path to the container engine" + " (docker, podman, ...) to use" + ), + ) + parser.add_argument( + "--extra-tag", + help="Specify an extra tag extension. Handy for developers.", + ) + parser.add_argument( + "--dry-run", action="store_true", help="Do not run build commands" + ) + parser.add_argument( + "--push-state", + choices=("exists", "rebuild"), + default="exists", + help=( + "Only push if a state is met:" + "exists - image exists; rebuild - image must be rebuilt." + ), + ) + parser.add_argument( + "--buildfile-prefix", + default=".build.", + help="Specify prefix for build status files", + ) + parser.add_argument( + "--extra-build-arg", + "-x", + action="append", + help="Extra argument to pass to container build command", + ) + parser.add_argument( + "--without-repo-bases", + "-w", + action="store_true", + help=( + "If an image has a repo base, also generate image names" + " without the repo base" + ), + ) + behaviors = parser.add_mutually_exclusive_group() + behaviors.add_argument( + "--push", + action="store_const", + dest="main_action", + const=push, + help="Push images", + ) + behaviors.add_argument( + "--print", + action="store_const", + dest="main_action", + const=print_image, + help="Print the image names selected", + ) + behaviors.add_argument( + "--print-tags", + action="store_const", + dest="main_action", + const=print_tags, + help="Print the image and additional tags selected", + ) + behaviors.add_argument( + "--print-buildfile", + action="store_const", + dest="main_action", + const=print_buildfile, + help="Print the names of build status files", + ) + cli = parser.parse_args() + + if os.environ.get("BUILD_IMAGE_DEBUG") in ("1", "yes"): + cli.log_level = logging.DEBUG + logging.basicConfig(level=cli.log_level) + + _action = cli.main_action if cli.main_action else build + imgs = [] + try: + imgs = generate_images(cli) + for img in imgs: + add_special_tags(img) + logger.info("Image %s, extra tags: %s", img, img.additional_tags) + _action(cli, img) + except subprocess.CalledProcessError as err: + logger.error("Failed command: %s", _cmd_to_str(err.cmd)) + sys.exit(err.returncode) + if not imgs: + logger.error("No images or image kinds supplied") + sys.exit(2) + + +if __name__ == "__main__": + main() From 6e9f6b26072ecd64a74da8ad3dce10c1138818d7 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 31 May 2023 17:03:26 -0400 Subject: [PATCH 18/45] Makefile: replace swathes of makefile with use of hack/build-image Signed-off-by: John Mulligan --- Makefile | 221 +++++++++---------------------------------------------- 1 file changed, 33 insertions(+), 188 deletions(-) diff --git a/Makefile b/Makefile index 4e60abcf..202f6b1a 100644 --- a/Makefile +++ b/Makefile @@ -2,31 +2,14 @@ SELF = $(lastword $(MAKEFILE_LIST)) ROOT_DIR = $(realpath $(dir $(SELF))) CONTAINER_CMD ?= -ifeq ($(CONTAINER_CMD),) - CONTAINER_CMD:=$(shell podman version >/dev/null 2>&1 && echo podman) -endif -ifeq ($(CONTAINER_CMD),) - CONTAINER_CMD:=$(shell docker version >/dev/null 2>&1 && echo docker) -endif -# handle the case where podman is present but is (defaulting) to remote and is -# not not functioning correctly. Example: mac platform but no 'podman machine' -# vms are ready -ifeq ($(CONTAINER_CMD),) - CONTAINER_CMD:=$(shell podman --version >/dev/null 2>&1 && echo podman) -ifneq ($(CONTAINER_CMD),) -$(warning podman detected but 'podman version' failed. \ - this may mean your podman is set up for remote use, but is not working) -endif -endif - -BUILD_CMD:=$(CONTAINER_CMD) build $(BUILD_OPTS) -PUSH_CMD:=$(CONTAINER_CMD) push $(PUSH_OPTS) ALT_BIN=$(CURDIR)/.bin SHELLCHECK=$(shell command -v shellcheck || echo $(ALT_BIN)/shellcheck) GITLINT=$(shell command -v gitlint || echo $(ALT_BIN)/gitlint) YAMLLINT_CMD=$(shell command -v yamllint || echo $(ALT_BIN)/yamllint) -COMMON_DIR:=images/common +BUILD_IMAGE=$(ROOT_DIR)/hack/build-image --debug --without-repo-bases + + SERVER_DIR:=images/server AD_SERVER_DIR:=images/ad-server CLIENT_DIR:=images/client @@ -47,72 +30,17 @@ AD_SERVER_SOURCES=\ CLIENT_SRC_FILE=$(CLIENT_DIR)/Containerfile.$(SRC_OS_NAME) TOOLBOX_SRC_FILE=$(TOOLBOX_DIR)/Containerfile.$(SRC_OS_NAME) - BUILDFILE_PREFIX=.build -BUILDFILE_SERVER:=$(BUILDFILE_PREFIX).server -BUILDFILE_NIGHTLY_SERVER:=$(BUILDFILE_PREFIX).nightly-server -BUILDFILE_AD_SERVER:=$(BUILDFILE_PREFIX).ad-server -BUILDFILE_NIGHTLY_AD_SERVER:=$(BUILDFILE_PREFIX).nightly-ad-server -BUILDFILE_CLIENT:=$(BUILDFILE_PREFIX).client -BUILDFILE_TOOLBOX:=$(BUILDFILE_PREFIX).toolbox -OS_PREFIX=$(addsuffix -,$(OS_NAME)) -TAG=$(OS_PREFIX)latest -NIGHTLY_TAG=$(OS_PREFIX)nightly - - -SERVER_NAME=samba-server:$(TAG) -NIGHTLY_SERVER_NAME=samba-server:$(NIGHTLY_TAG) -AD_SERVER_NAME= samba-ad-server:$(TAG) -NIGHTLY_AD_SERVER_NAME=samba-ad-server:$(NIGHTLY_TAG) -CLIENT_NAME=samba-client:$(TAG) -NIGHTLY_CLIENT_NAME=samba-client:$(NIGHTLY_TAG) -TOOLBOX_NAME=samba-toolbox:$(TAG) -NIGHTLY_TOOLBOX_NAME=samba-toolbox:$(NIGHTLY_TAG) +BUILDFILE_SERVER=$(shell $(call _BUILD_KP,server,default,--print-buildfile)) +BUILDFILE_NIGHTLY_SERVER=$(shell $(call _BUILD_KP,server,nightly,--print-buildfile)) +BUILDFILE_AD_SERVER=$(shell $(call _BUILD_KP,ad-server,default,--print-buildfile)) +BUILDFILE_NIGHTLY_AD_SERVER=$(shell $(call _BUILD_KP,ad-server,nightly,--print-buildfile)) +BUILDFILE_CLIENT=$(shell $(call _BUILD_KP,client,default,--print-buildfile)) +BUILDFILE_TOOLBOX=$(shell $(call _BUILD_KP,toolbox,default,--print-buildfile)) REPO_BASE=quay.io/samba.org/ -SERVER_REPO_NAME=$(REPO_BASE)$(SERVER_NAME) -NIGHTLY_SERVER_REPO_NAME=$(REPO_BASE)$(NIGHTLY_SERVER_NAME) -AD_SERVER_REPO_NAME=$(REPO_BASE)$(AD_SERVER_NAME) -NIGHTLY_AD_SERVER_REPO_NAME=$(REPO_BASE)$(NIGHTLY_AD_SERVER_NAME) -CLIENT_REPO_NAME=$(REPO_BASE)$(CLIENT_NAME) -NIGHTLY_CLIENT_REPO_NAME=$(REPO_BASE)$(NIGHTLY_CLIENT_NAME) -TOOLBOX_REPO_NAME=$(REPO_BASE)$(TOOLBOX_NAME) -NIGHTLY_TOOLBOX_REPO_NAME=$(REPO_BASE)$(NIGHTLY_TOOLBOX_NAME) -BUILDFILE_PREFIX=.build -BUILDFILE_SERVER=$(BUILDFILE_PREFIX).$(OS_PREFIX)server -BUILDFILE_NIGHTLY_SERVER=$(BUILDFILE_PREFIX).$(OS_PREFIX)nightly-server -BUILDFILE_AD_SERVER=$(BUILDFILE_PREFIX).$(OS_PREFIX)ad-server -BUILDFILE_NIGHTLY_AD_SERVER=$(BUILDFILE_PREFIX).$(OS_PREFIX)nightly-ad-server -BUILDFILE_CLIENT=$(BUILDFILE_PREFIX).$(OS_PREFIX)client -BUILDFILE_NIGHTLY_CLIENT=$(BUILDFILE_PREFIX).$(OS_PREFIX)nightly-client -BUILDFILE_TOOLBOX=$(BUILDFILE_PREFIX).$(OS_PREFIX)toolbox -BUILDFILE_NIGHTLY_TOOLBOX=$(BUILDFILE_PREFIX).$(OS_PREFIX)nightly-toolbox - -HOST_ARCH:=$(shell arch) -HOST_ARCH:=$(subst x86_64,amd64,$(HOST_ARCH)) -HOST_ARCH:=$(subst aarch64,arm64,$(HOST_ARCH)) - -# build_fqin is a function macro for building a "Fully Qualified Image Name". -# Usage: $(call build_fqin,,,,,[]) -# base-name: the last part of the repo name eg. 'samba-server' -# pkg-source: source for samba packages (default or nightly) -# os-name: base os name -# arch: architecture of image (amd64, arm64, etc.) -# extra: (optional) an additional unique suffix for the tag -# typically meant for use by devs building custom images -build_fqin=$(REPO_BASE)$(1):$(2)-$(3)-$(4)$(if $(5),-$(5)) - -# get_imagename is a function macro for getting only the base image name -# without the tag part. -# Usage: $(call get_imagename,) -get_imagename=$(firstword $(subst :, ,$1)) - -# get_pkgsource is a function macro that, given an images name returns -# the name of the package source. Currently only understands the -# difference between default (os packages) and nightly (SIT packages). -# Usage: $(call, get_pkgsource,) -get_pkgsource=$(if $(findstring nightly,$1),nightly,default) +_BUILD_KP=$(BUILD_IMAGE) $(if $(CONTAINER_CMD),--container-engine=$(CONTAINER_CMD)) $(BI_PREFIX_ARGS) --kind=$1 --package-source=$2 --distro-base=$(SRC_OS_NAME) --repo-base=$(REPO_BASE) $(if $(BUILD_ARCH),--arch=$(BUILD_ARCH)) $3 arch_flag=$(strip $(if $(filter docker,$(CONTAINER_CMD)),\ @@ -128,26 +56,11 @@ build: build-server build-nightly-server build-ad-server build-client \ .PHONY: debug-vars debug-vars: @echo OS_NAME: $(OS_NAME) - @echo OS_PREFIX: $(OS_PREFIX) @echo TAG: $(TAG) @echo NIGHTLY_TAG: $(NIGHTLY_TAG) @echo SERVER_NAME: $(SERVER_NAME) - @echo SERVER_REPO_NAME: $(SERVER_REPO_NAME) - @echo NIGHTLY_SERVER_REPO_NAME: $(NIGHTLY_SERVER_REPO_NAME) @echo NIGHTLY_SERVER_NAME: $(NIGHTLY_SERVER_NAME) @echo AD_SERVER_NAME: $(AD_SERVER_NAME) - @echo AD_SERVER_REPO_NAME: $(AD_SERVER_REPO_NAME) - @echo NIGHTLY_AD_SERVER_NAME: $(NIGHTLY_AD_SERVER_NAME) - @echo NIGHTLY_AD_SERVER_NAME: $(NIGHTLY_AD_SERVER_NAME) - @echo NIGHTLY_AD_SERVER_REPO_NAME: $(NIGHTLY_AD_SERVER_REPO_NAME) - @echo CLIENT_NAME: $(CLIENT_NAME) - @echo CLIENT_REPO_NAME: $(CLIENT_REPO_NAME) - @echo NIGHTLY_CLIENT_NAME: $(NIGHTLY_CLIENT_NAME) - @echo NIGHTLY_CLIENT_REPO_NAME: $(NIGHTLY_CLIENT_REPO_NAME) - @echo TOOLBOX_NAME: $(TOOLBOX_NAME) - @echo TOOLBOX_REPO_NAME: $(TOOLBOX_REPO_NAME) - @echo NIGHTLY_TOOLBOX_NAME: $(NIGHTLY_TOOLBOX_NAME) - @echo NIGHTLY_TOOLBOX_REPO_NAME: $(NIGHTLY_TOOLBOX_REPO_NAME) @echo BUILDFILE_SERVER: $(BUILDFILE_SERVER) @echo BUILDFILE_AD_SERVER: $(BUILDFILE_AD_SERVER) @@ -155,7 +68,6 @@ debug-vars: @echo BUILDFILE_NIGHTLY_SERVER: $(BUILDFILE_NIGHTLY_SERVER) @echo BUILDFILE_CLIENT: $(BUILDFILE_CLIENT) @echo BUILDFILE_TOOLBOX: $(BUILDFILE_TOOLBOX) - @echo BUILDFILE_NIGHTLY_TOOLBOX: $(BUILDFILE_NIGHTLY_TOOLBOX) @echo SERVER_SRC_FILE: $(SERVER_SRC_FILE) @echo AD_SERVER_SRC_FILE: $(AD_SERVER_SRC_FILE) @@ -168,97 +80,55 @@ debug-vars: build-server: $(BUILDFILE_SERVER) .PHONY: build-server $(BUILDFILE_SERVER): Makefile $(SERVER_SRC_FILE) $(SERVER_SOURCES) - $(MAKE) _img_build \ - BUILD_ARGS="" \ - EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)" \ - SHORT_NAME=$(SERVER_NAME) \ - REPO_NAME=$(SERVER_REPO_NAME) \ - SRC_FILE=$(SERVER_SRC_FILE) \ - DIR=$(SERVER_DIR) \ - BUILDFILE=$(BUILDFILE_SERVER) + $(call _BUILD_KP,server,default) $(EXTRA_BUILD_ARGS) push-server: build-server - $(PUSH_CMD) $(SERVER_REPO_NAME) + $(call _BUILD_KP,server,default,--push) .PHONY: push-server build-nightly-server: $(BUILDFILE_NIGHTLY_SERVER) .PHONY: build-nightly-server $(BUILDFILE_NIGHTLY_SERVER): Makefile $(SERVER_SRC_FILE) $(SERVER_SOURCES) - $(MAKE) _img_build \ - BUILD_ARGS="--build-arg=INSTALL_PACKAGES_FROM='samba-nightly'" \ - EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)" \ - SHORT_NAME=$(NIGHTLY_SERVER_NAME) \ - REPO_NAME=$(NIGHTLY_SERVER_REPO_NAME) \ - SRC_FILE=$(SERVER_SRC_FILE) \ - DIR=$(SERVER_DIR) \ - BUILDFILE=$(BUILDFILE_NIGHTLY_SERVER) + $(call _BUILD_KP,server,nightly) $(EXTRA_BUILD_ARGS) push-nightly-server: build-nightly-server - $(PUSH_CMD) $(NIGHTLY_SERVER_REPO_NAME) + $(call _BUILD_KP,server,nightly,--push) .PHONY: push-nightly-server build-ad-server: $(BUILDFILE_AD_SERVER) .PHONY: build-ad-server $(BUILDFILE_AD_SERVER): Makefile $(AD_SERVER_SRC_FILE) $(AD_SERVER_SOURCES) - $(MAKE) _img_build \ - BUILD_ARGS="" \ - EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)" \ - SHORT_NAME=$(AD_SERVER_NAME) \ - REPO_NAME=$(AD_SERVER_REPO_NAME) \ - SRC_FILE=$(AD_SERVER_SRC_FILE) \ - DIR=$(AD_SERVER_DIR) \ - BUILDFILE=$(BUILDFILE_AD_SERVER) + $(call _BUILD_KP,ad-server,default) $(EXTRA_BUILD_ARGS) push-ad-server: build-ad-server - $(PUSH_CMD) $(AD_SERVER_REPO_NAME) + $(call _BUILD_KP,ad-server,default,--push) .PHONY: push-ad-server build-nightly-ad-server: $(BUILDFILE_NIGHTLY_AD_SERVER) .PHONY: build-nightly-ad-server $(BUILDFILE_NIGHTLY_AD_SERVER): Makefile $(AD_SERVER_SRC_FILE) $(AD_SERVER_SOURCES) - $(MAKE) _img_build \ - BUILD_ARGS="--build-arg=INSTALL_PACKAGES_FROM='samba-nightly'" \ - EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)" \ - SHORT_NAME=$(NIGHTLY_AD_SERVER_NAME) \ - REPO_NAME=$(NIGHTLY_AD_SERVER_REPO_NAME) \ - SRC_FILE=$(AD_SERVER_SRC_FILE) \ - DIR=$(AD_SERVER_DIR) \ - BUILDFILE=$(BUILDFILE_NIGHTLY_AD_SERVER) + $(call _BUILD_KP,ad-server,nightly) $(EXTRA_BUILD_ARGS) push-nightly-ad-server: build-nightly-ad-server - $(PUSH_CMD) $(NIGHTLY_AD_SERVER_REPO_NAME) + $(call _BUILD_KP,ad-server,nightly,--push) .PHONY: push-nightly-ad-server build-client: $(BUILDFILE_CLIENT) .PHONY: build-client $(BUILDFILE_CLIENT): Makefile $(CLIENT_SRC_FILE) - $(MAKE) _img_build \ - BUILD_ARGS="" \ - EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)" \ - SHORT_NAME=$(CLIENT_NAME) \ - REPO_NAME=$(CLIENT_REPO_NAME) \ - SRC_FILE=$(CLIENT_SRC_FILE) \ - DIR=$(CLIENT_DIR) \ - BUILDFILE=$(BUILDFILE_CLIENT) + $(call _BUILD_KP,client,default) $(EXTRA_BUILD_ARGS) push-client: build-client - $(PUSH_CMD) $(CLIENT_REPO_NAME) + $(call _BUILD_KP,client,default,--push) .PHONY: push-client build-toolbox: $(BUILDFILE_TOOLBOX) .PHONY: build-toolbox $(BUILDFILE_TOOLBOX): Makefile $(TOOLBOX_SRC_FILE) - $(MAKE) _img_build \ - BUILD_ARGS="" \ - EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)" \ - SHORT_NAME=$(TOOLBOX_NAME) \ - REPO_NAME=$(TOOLBOX_REPO_NAME) \ - SRC_FILE=$(TOOLBOX_SRC_FILE) \ - DIR=$(TOOLBOX_DIR) \ - BUILDFILE=$(BUILDFILE_TOOLBOX) + $(call _BUILD_KP,toolbox,default) $(EXTRA_BUILD_ARGS) push-toolbox: build-toolbox - $(PUSH_CMD) $(TOOLBOX_REPO_NAME) + $(call _BUILD_KP,toolbox,default,--push) .PHONY: push-toolbox @@ -268,11 +138,15 @@ test: test-server test-nightly-server .PHONY: test test-server: build-server - CONTAINER_CMD=$(CONTAINER_CMD) LOCAL_TAG=$(SERVER_NAME) tests/test-samba-container.sh + CONTAINER_CMD=$(CONTAINER_CMD) \ + LOCAL_TAG=$(shell cat $(BUILDFILE_SERVER) |cut -d' ' -f2) \ + tests/test-samba-container.sh .PHONY: test-server -test-nightly-server: build-nightly-server - CONTAINER_CMD=$(CONTAINER_CMD) LOCAL_TAG=$(NIGHTLY_SERVER_NAME) tests/test-samba-container.sh +test-nightly-server: $(BUILDFILE_NIGHTLY_SERVER) + CONTAINER_CMD=$(CONTAINER_CMD) \ + LOCAL_TAG=$(shell cat $(BUILDFILE_NIGHTLY_SERVER) |cut -d' ' -f2) \ + tests/test-samba-container.sh .PHONY: test-nightly-server @@ -295,48 +169,19 @@ check-gitlint: $(filter $(ALT_BIN)%,$(GITLINT)) $(GITLINT) -C .gitlint --commits origin/master.. lint .PHONY: check-gitlint -# _img_build is an "internal" rule to make the building of samba-container -# images regular and more "self documenting". A makefile.foo that includes -# this Makefile can add build rules using _img_build as a building block. -# -# The following arguments are expected to be supplied when "calling" this rule: -# BUILD_ARGS: the default build arguments -# EXTRA_BUILD_ARGS: build args supplied by the user at "runtime" -# SHORT_NAME: a local name for the image -# REPO_NAME: a global name for the image -# SRC_FILE: path to the Containerfile (Dockerfile) -# DIR: path to the directory holding image contents -# BUILDFILE: path to a temporary file tracking build state -_img_build: $(DIR)/.common - $(BUILD_CMD) \ - $(BUILD_ARGS) \ - $(call arch_flag) \ - $(EXTRA_BUILD_ARGS) \ - --tag $(SHORT_NAME) \ - --tag $(REPO_NAME) \ - --tag $(call build_fqin,$(call get_imagename,$(SHORT_NAME)),$(call get_pkgsource,$(SHORT_NAME)),$(SRC_OS_NAME),$(if $(BUILD_ARCH),$(BUILD_ARCH),$(HOST_ARCH)),$(EXTRA_TAG)) \ - -f $(SRC_FILE) \ - $(DIR) - $(CONTAINER_CMD) inspect -f '{{.Id}}' $(SHORT_NAME) > $(BUILDFILE) -.PHONY: _img_build - -$(DIR)/.common: $(COMMON_DIR) - $(RM) -r $(DIR)/.common - cp -r $(COMMON_DIR) $(DIR)/.common + +### Misc. Rules ### $(ALT_BIN)/%: $(CURDIR)/hack/install-tools.sh --$* $(ALT_BIN) - - -### Misc. Rules ### - clean: clean-buildfiles clean-altbin .PHONY: clean + clean-buildfiles: $(RM) $(BUILDFILE_PREFIX)* .PHONY: clean-buildfiles + clean-altbin: $(RM) -r $(ALT_BIN) .PHONY: clean-altbin - From 4da98aa41eab146507918cae85872bd0af2a6ba4 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 31 May 2023 17:03:53 -0400 Subject: [PATCH 19/45] Makefile.opensuse: remove unnecessary bits Signed-off-by: John Mulligan --- Makefile.opensuse | 9 --------- 1 file changed, 9 deletions(-) diff --git a/Makefile.opensuse b/Makefile.opensuse index ff3bd1b3..ef71c9cf 100644 --- a/Makefile.opensuse +++ b/Makefile.opensuse @@ -1,14 +1,5 @@ include Makefile OS_NAME=opensuse -TAG=latest SERVER_SOURCES:=$(SERVER_DIR)/smb.conf -SERVER_NAME=samba-server:$(TAG) -AD_SERVER_NAME=samba-ad-server:$(TAG) -CLIENT_NAME=samba-client:$(TAG) -TOOLBOX_NAME=samba-toolbox:$(TAG) REPO_BASE=registry.opensuse.org/opensuse/ -SERVER_REPO_NAME=registry.opensuse.org/opensuse/samba-server:$(TAG) -AD_SERVER_REPO_NAME=registry.opensuse.org/opensuse/samba-ad-server:$(TAG) -CLIENT_REPO_NAME=registry.opensuse.org/opensuse/samba-client:$(TAG) -TOOLBOX_REPO_NAME=registry.opensuse.org/opensuse/samba-toolbox:$(TAG) From 56164e9d2c621525033329c142703b2b8abfb355 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 13 Jul 2023 19:09:58 -0400 Subject: [PATCH 20/45] toolbox: note an issue I found trying to build the centos toolbox The "fake" name used in the image only works if you build the container locally first or are running in our CI. Since this is not a good general solution, I put a comment here as a reminder it should be fixed later. Signed-off-by: John Mulligan --- images/toolbox/Containerfile.centos | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/toolbox/Containerfile.centos b/images/toolbox/Containerfile.centos index 40653638..974292f3 100644 --- a/images/toolbox/Containerfile.centos +++ b/images/toolbox/Containerfile.centos @@ -1,3 +1,8 @@ +# FIXME - this is not a real tag publicly available in the +# quay.io/samba.org/samba-client repository. This only works if you build +# the centos client locally first or acquire the image from a side channel. +# This needs to be converted to something public and/or configurable +# later. FROM quay.io/samba.org/samba-client:centos-latest MAINTAINER Shachar Sharon From c6afd5ce6b1f2e2ae3c883211c0df388abf7f1e2 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 18 Jul 2023 09:44:22 -0400 Subject: [PATCH 21/45] makefile: remove --debug option from build-image command This can be toggled via an env var too so there's no need to produce a lot of debug info whenever the makefile is used. Signed-off-by: John Mulligan --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 202f6b1a..199eaff2 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ ALT_BIN=$(CURDIR)/.bin SHELLCHECK=$(shell command -v shellcheck || echo $(ALT_BIN)/shellcheck) GITLINT=$(shell command -v gitlint || echo $(ALT_BIN)/gitlint) YAMLLINT_CMD=$(shell command -v yamllint || echo $(ALT_BIN)/yamllint) -BUILD_IMAGE=$(ROOT_DIR)/hack/build-image --debug --without-repo-bases +BUILD_IMAGE=$(ROOT_DIR)/hack/build-image --without-repo-bases SERVER_DIR:=images/server From 4670cd68a3f9918b8a13eef42fe577650924eb9e Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 18 Jul 2023 09:45:22 -0400 Subject: [PATCH 22/45] makefile: add build-image that more directly wraps build-image script The build-*{server,ad-server,client,toolbox} rules are good for humans and discoverability but are a bit too rigid for how we want to work with matrix builds in automation. Add a new build-image rule that more directly wraps the build-image tool and so that it becomes fairly easy to directly pass the four primary inputs to the tool (kind, package source, distro base (aka OS), and arch). Signed-off-by: John Mulligan --- Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile b/Makefile index 199eaff2..ee071e69 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ BUILDFILE_AD_SERVER=$(shell $(call _BUILD_KP,ad-server,default,--print-buildfile BUILDFILE_NIGHTLY_AD_SERVER=$(shell $(call _BUILD_KP,ad-server,nightly,--print-buildfile)) BUILDFILE_CLIENT=$(shell $(call _BUILD_KP,client,default,--print-buildfile)) BUILDFILE_TOOLBOX=$(shell $(call _BUILD_KP,toolbox,default,--print-buildfile)) +DYN_BUILDFILE=$(shell $(call _BUILD_KP,$(KIND),$(if $(PACKAGE_SOURCE),$(PACKAGE_SOURCE),default),--print-buildfile) 2>/dev/null || echo invalid) REPO_BASE=quay.io/samba.org/ @@ -77,6 +78,13 @@ debug-vars: ### Image Build and Push Rules ### +build-image: $(DYN_BUILDFILE) +.PHONY: build-image + +$(DYN_BUILDFILE): + @[ "$(KIND)" ] || (echo "KIND must be specfied"; exit 1) + $(call _BUILD_KP,$(KIND),$(if $(PACKAGE_SOURCE),$(PACKAGE_SOURCE),default)) $(EXTRA_BUILD_ARGS) + build-server: $(BUILDFILE_SERVER) .PHONY: build-server $(BUILDFILE_SERVER): Makefile $(SERVER_SRC_FILE) $(SERVER_SOURCES) From aff2001ec96ff000fbb6bbee5cf0963ee977ff4d Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 18 Jul 2023 11:02:08 -0400 Subject: [PATCH 23/45] github: use build-image make rule in ci jobs Use the build-image makefile rule in order to pass the matrix parameters by variable to the build-image script. This aligns the CI jobs better with the new script. Signed-off-by: John Mulligan --- .github/workflows/container-image.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 5e3ff426..645a3e8b 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -46,7 +46,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Build the server image - run: make OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-server + run: make KIND=server OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-image - name: Upload server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: @@ -67,7 +67,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Build the ad server image - run: make OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-ad-server + run: make KIND=ad-server OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-image - name: Upload ad server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: @@ -86,7 +86,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: build the client image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-client + run: make KIND=client OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image # Here we upload samba-client image to artifacts locally for consumption # during the samba-toolbox build process. - name: Upload the client image @@ -115,7 +115,7 @@ jobs: image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" container_engine: ${{ env.CONTAINER_CMD }} - name: Build the toolbox image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-toolbox + run: make KIND=toolbox OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image test-server: strategy: @@ -147,7 +147,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Build the nightly server image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-server + run: make KIND=server PACKAGE_SOURCE=nightly OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image - name: Upload nightly server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: @@ -166,7 +166,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Build the nightly ad server image - run: make OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-nightly-ad-server + run: make KIND=ad-server PACKAGE_SOURCE=nightly OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image - name: Upload nightly AD server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: From 8a631d957f3f7f687ac8a97655d59312b6d06ea6 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 18 Jul 2023 13:16:27 -0400 Subject: [PATCH 24/45] github: order some keys for consistency Re-order some top level keys under each job so that they're more consistent. From top-to-bottom: strategy, needs, runs-on, env, steps. Some keys are optional. Signed-off-by: John Mulligan --- .github/workflows/container-image.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 645a3e8b..859d5f70 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -36,11 +36,11 @@ jobs: run: make check-gitlint build-server: - runs-on: ubuntu-latest strategy: matrix: os: [centos, fedora, opensuse] arch: [amd64] + runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci steps: @@ -80,9 +80,9 @@ jobs: matrix: os: [centos, fedora, opensuse] arch: [amd64] + runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci - runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: build the client image @@ -137,11 +137,11 @@ jobs: # Reminder: the nightly-server images consume nightly samba rpm builds # it is not *just* an image that gets built nightly build-nightly-server: - runs-on: ubuntu-latest strategy: matrix: os: [centos, fedora] arch: [amd64] + runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci steps: @@ -156,11 +156,11 @@ jobs: retention_days: 1 build-nightly-ad-server: - runs-on: ubuntu-latest strategy: matrix: os: [centos, fedora] arch: [amd64] + runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci steps: From a6022f2efa17dc1b97efd701168edd92059f1a73 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 18 Jul 2023 13:30:54 -0400 Subject: [PATCH 25/45] github: use fqin tagging throughout the CI jobs Use the newer Fully-Qualified-Image-Name tagging scheme in the github ci actions yaml. This makes the naming of each image better match the core build parameters (kind, package source, distro base (aka OS), and arch). The major build and test targets all get an IMG_TAG env var to help organize and make the rest of the yaml structure consistent. One workaround we need to apply is to the toolbox builds as the FROM line in the dockerfiles don't match FQINs nor do they match the old scheme consistently (see #146). So we just do a little hack in that section alone to get things working correctly. Signed-off-by: John Mulligan --- .github/workflows/container-image.yml | 60 ++++++++++++++++++--------- 1 file changed, 40 insertions(+), 20 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 859d5f70..01a10c4d 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -43,6 +43,7 @@ jobs: runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci + IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Build the server image @@ -50,7 +51,7 @@ jobs: - name: Upload server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: - image: "samba-server:${{ matrix.os }}-latest" + image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 @@ -64,6 +65,7 @@ jobs: runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci + IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Build the ad server image @@ -71,7 +73,7 @@ jobs: - name: Upload ad server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: - image: "samba-ad-server:${{ matrix.os}}-latest" + image: "samba-ad-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 @@ -83,6 +85,7 @@ jobs: runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci + IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: build the client image @@ -92,7 +95,7 @@ jobs: - name: Upload the client image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: - image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" + image: "samba-client:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 @@ -105,6 +108,7 @@ jobs: runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci + IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 # Download locally stored samba-client image to be used as base for building @@ -112,8 +116,14 @@ jobs: - name: Download client image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "quay.io/samba.org/samba-client:${{ matrix.os }}-latest" + image: "samba-client:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} + # Workaround: retag the image so that the FQIN image matches the name in + # the toolbox containerfiles. + - name: Apply OS-latest tag to image (for centos) + run: ${{ env.CONTAINER_CMD }} tag samba-client:${{ env.IMG_TAG }} quay.io/samba.org/samba-client:${{ matrix.os }}-latest + - name: Apply latest tag to image (for fedora) + run: ${{ env.CONTAINER_CMD }} tag samba-client:${{ env.IMG_TAG }} quay.io/samba.org/samba-client:latest - name: Build the toolbox image run: make KIND=toolbox OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image @@ -124,15 +134,18 @@ jobs: arch: [amd64] needs: build-server runs-on: ubuntu-latest + env: + BUILDAH_FORMAT: oci + IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Download server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "samba-server:${{ matrix.os }}-latest" + image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - name: Test the server image - run: LOCAL_TAG="samba-server:${{ matrix.os}}-latest" tests/test-samba-container.sh + run: LOCAL_TAG=samba-server:${{ env.IMG_TAG }} tests/test-samba-container.sh # Reminder: the nightly-server images consume nightly samba rpm builds # it is not *just* an image that gets built nightly @@ -144,6 +157,7 @@ jobs: runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci + IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Build the nightly server image @@ -151,7 +165,7 @@ jobs: - name: Upload nightly server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: - image: "samba-server:${{ matrix.os }}-nightly" + image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 @@ -163,6 +177,7 @@ jobs: runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci + IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Build the nightly ad server image @@ -170,7 +185,7 @@ jobs: - name: Upload nightly AD server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: - image: "samba-ad-server:${{ matrix.os }}-nightly" + image: "samba-ad-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} retention_days: 1 @@ -181,15 +196,18 @@ jobs: arch: [amd64] needs: build-nightly-server runs-on: ubuntu-latest + env: + BUILDAH_FORMAT: oci + IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Download nightly server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "samba-server:${{ matrix.os }}-nightly" + image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - name: Test the nightly server image - run: LOCAL_TAG=samba-server:${{ matrix.os }}-nightly tests/test-samba-container.sh + run: LOCAL_TAG=samba-server:${{ env.IMG_TAG }} tests/test-samba-container.sh test-ad-server-kubernetes: strategy: @@ -204,7 +222,8 @@ jobs: # need to explicitly use 20.04 to avoid problems with jq... runs-on: ubuntu-20.04 env: - IMG_TAG: ${{ matrix.os }}-latest + BUILDAH_FORMAT: oci + IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - uses: nolar/setup-k3d-k3s@v1 @@ -213,17 +232,17 @@ jobs: - name: Download ad server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "samba-ad-server:${{ matrix.os }}-latest" + image: "samba-ad-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - name: import ad server image - run: k3d image import samba-ad-server:${{ matrix.os }}-latest + run: k3d image import samba-ad-server:${{ env.IMG_TAG }} - name: Download file server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "samba-server:${{ matrix.os }}-latest" + image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - name: import file server image - run: k3d image import samba-server:${{ matrix.os }}-latest + run: k3d image import samba-server:${{ env.IMG_TAG }} - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh @@ -238,7 +257,8 @@ jobs: # need to explicitly use 20.04 to avoid problems with jq... runs-on: ubuntu-20.04 env: - IMG_TAG: ${{ matrix.os }}-nightly + BUILDAH_FORMAT: oci + IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - uses: nolar/setup-k3d-k3s@v1 @@ -247,17 +267,17 @@ jobs: - name: Download nightly ad server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "samba-ad-server:${{ matrix.os }}-nightly" + image: "samba-ad-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - name: import nightly ad server image - run: k3d image import samba-ad-server:${{ matrix.os }}-nightly + run: k3d image import samba-ad-server:${{ env.IMG_TAG }} - name: Download nightly file server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: - image: "samba-server:${{ matrix.os }}-nightly" + image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - name: import nightly file server image - run: k3d image import samba-server:${{ matrix.os }}-nightly + run: k3d image import samba-server:${{ env.IMG_TAG }} - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh From 093fd32b8bbe9af85d84d031cf22fcc255a6e43d Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 18 Jul 2023 14:15:30 -0400 Subject: [PATCH 26/45] github: import images to k3d with one command Signed-off-by: John Mulligan --- .github/workflows/container-image.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 01a10c4d..b5309af0 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -234,15 +234,13 @@ jobs: with: image: "samba-ad-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - - name: import ad server image - run: k3d image import samba-ad-server:${{ env.IMG_TAG }} - name: Download file server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - - name: import file server image - run: k3d image import samba-server:${{ env.IMG_TAG }} + - name: import images to k3d + run: k3d image import samba-server:${{ env.IMG_TAG }} samba-ad-server:${{ env.IMG_TAG }} - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh @@ -269,15 +267,13 @@ jobs: with: image: "samba-ad-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - - name: import nightly ad server image - run: k3d image import samba-ad-server:${{ env.IMG_TAG }} - name: Download nightly file server image uses: ishworkh/container-image-artifact-download@v1.0.0 with: image: "samba-server:${{ env.IMG_TAG }}" container_engine: ${{ env.CONTAINER_CMD }} - - name: import nightly file server image - run: k3d image import samba-server:${{ env.IMG_TAG }} + - name: import images to k3d + run: k3d image import samba-server:${{ env.IMG_TAG }} samba-ad-server:${{ env.IMG_TAG }} - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh From 181247a0438457c66a39b4bb7a0726b2926d05f7 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 09:06:56 -0400 Subject: [PATCH 27/45] github: combine nightly jobs with default jobs using matrix At this point the job definitions for build-nightly-* and test-nightly-* were nearly the same as the non-nightly counterparts. Combine the job definitions via a new matrix parameter. Signed-off-by: John Mulligan --- .github/workflows/container-image.yml | 137 ++++++-------------------- 1 file changed, 32 insertions(+), 105 deletions(-) diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index b5309af0..d406f993 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -36,18 +36,25 @@ jobs: run: make check-gitlint build-server: + # Reminder: the nightly-server images consume nightly samba rpm builds + # it is not *just* an image that gets built nightly strategy: matrix: + package_source: [default, nightly] os: [centos, fedora, opensuse] arch: [amd64] + exclude: + # there are no nightly packages for opensuse + - package_source: nightly + os: opensuse runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci - IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} + IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Build the server image - run: make KIND=server OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-image + run: make KIND=server PACKAGE_SOURCE=${{ matrix.package_source }} OS_NAME=${{ matrix.os}} BUILD_ARCH=${{ matrix.arch}} build-image - name: Upload server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: @@ -58,18 +65,24 @@ jobs: build-ad-server: strategy: matrix: + package_source: [default, nightly] os: [centos, fedora, opensuse] arch: [amd64] exclude: - - os: centos + # there are no nightly packages for opensuse + - package_source: nightly + os: opensuse + # the distro packages for centos do not include an ad-dc + - package_source: default + os: centos runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci - IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} + IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Build the ad server image - run: make KIND=ad-server OS_NAME=${{matrix.os}} BUILD_ARCH=${{matrix.arch}} build-image + run: make KIND=ad-server PACKAGE_SOURCE=${{ matrix.package_source }} OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image - name: Upload ad server image uses: ishworkh/container-image-artifact-upload@v1.0.0 with: @@ -130,13 +143,18 @@ jobs: test-server: strategy: matrix: + package_source: [default, nightly] os: [centos, fedora, opensuse] arch: [amd64] + exclude: + # there are no nightly packages for opensuse + - package_source: nightly + os: opensuse needs: build-server runs-on: ubuntu-latest env: BUILDAH_FORMAT: oci - IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} + IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - name: Download server image @@ -147,75 +165,19 @@ jobs: - name: Test the server image run: LOCAL_TAG=samba-server:${{ env.IMG_TAG }} tests/test-samba-container.sh - # Reminder: the nightly-server images consume nightly samba rpm builds - # it is not *just* an image that gets built nightly - build-nightly-server: - strategy: - matrix: - os: [centos, fedora] - arch: [amd64] - runs-on: ubuntu-latest - env: - BUILDAH_FORMAT: oci - IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} - steps: - - uses: actions/checkout@v3 - - name: Build the nightly server image - run: make KIND=server PACKAGE_SOURCE=nightly OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image - - name: Upload nightly server image - uses: ishworkh/container-image-artifact-upload@v1.0.0 - with: - image: "samba-server:${{ env.IMG_TAG }}" - container_engine: ${{ env.CONTAINER_CMD }} - retention_days: 1 - - build-nightly-ad-server: - strategy: - matrix: - os: [centos, fedora] - arch: [amd64] - runs-on: ubuntu-latest - env: - BUILDAH_FORMAT: oci - IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} - steps: - - uses: actions/checkout@v3 - - name: Build the nightly ad server image - run: make KIND=ad-server PACKAGE_SOURCE=nightly OS_NAME=${{ matrix.os }} BUILD_ARCH=${{ matrix.arch }} build-image - - name: Upload nightly AD server image - uses: ishworkh/container-image-artifact-upload@v1.0.0 - with: - image: "samba-ad-server:${{ env.IMG_TAG }}" - container_engine: ${{ env.CONTAINER_CMD }} - retention_days: 1 - - test-nightly-server: - strategy: - matrix: - os: [centos, fedora] - arch: [amd64] - needs: build-nightly-server - runs-on: ubuntu-latest - env: - BUILDAH_FORMAT: oci - IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} - steps: - - uses: actions/checkout@v3 - - name: Download nightly server image - uses: ishworkh/container-image-artifact-download@v1.0.0 - with: - image: "samba-server:${{ env.IMG_TAG }}" - container_engine: ${{ env.CONTAINER_CMD }} - - name: Test the nightly server image - run: LOCAL_TAG=samba-server:${{ env.IMG_TAG }} tests/test-samba-container.sh - test-ad-server-kubernetes: strategy: matrix: + package_source: [default, nightly] os: [centos, fedora, opensuse] arch: [amd64] exclude: - - os: centos + # there are no nightly packages for opensuse + - package_source: nightly + os: opensuse + # the distro packages for centos do not include an ad-dc + - package_source: default + os: centos needs: - build-ad-server - build-server @@ -223,7 +185,7 @@ jobs: runs-on: ubuntu-20.04 env: BUILDAH_FORMAT: oci - IMG_TAG: default-${{ matrix.os }}-${{ matrix.arch }} + IMG_TAG: ${{ matrix.package_source }}-${{ matrix.os }}-${{ matrix.arch }} steps: - uses: actions/checkout@v3 - uses: nolar/setup-k3d-k3s@v1 @@ -244,48 +206,13 @@ jobs: - name: run the ad-dc deployment test run: ./tests/test-samba-ad-server-kubernetes.sh - test-nightly-ad-server-kubernetes: - strategy: - matrix: - os: [centos, fedora] - arch: [amd64] - needs: - - build-nightly-server - - build-nightly-ad-server - # need to explicitly use 20.04 to avoid problems with jq... - runs-on: ubuntu-20.04 - env: - BUILDAH_FORMAT: oci - IMG_TAG: nightly-${{ matrix.os }}-${{ matrix.arch }} - steps: - - uses: actions/checkout@v3 - - uses: nolar/setup-k3d-k3s@v1 - - name: get nodes - run: kubectl get nodes - - name: Download nightly ad server image - uses: ishworkh/container-image-artifact-download@v1.0.0 - with: - image: "samba-ad-server:${{ env.IMG_TAG }}" - container_engine: ${{ env.CONTAINER_CMD }} - - name: Download nightly file server image - uses: ishworkh/container-image-artifact-download@v1.0.0 - with: - image: "samba-server:${{ env.IMG_TAG }}" - container_engine: ${{ env.CONTAINER_CMD }} - - name: import images to k3d - run: k3d image import samba-server:${{ env.IMG_TAG }} samba-ad-server:${{ env.IMG_TAG }} - - name: run the ad-dc deployment test - run: ./tests/test-samba-ad-server-kubernetes.sh - push: # verify it passes the test jobs first needs: - build-client - build-toolbox - test-server - - test-nightly-server - test-ad-server-kubernetes - - test-nightly-ad-server-kubernetes runs-on: ubuntu-latest if: (github.event_name == 'push' || github.event_name == 'schedule') && github.repository == 'samba-in-kubernetes/samba-container' steps: From 3bc7b97e1176ffe7dab69cf6ee9295eef2dc5f7f Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:04:56 -0400 Subject: [PATCH 28/45] github: update mergify rules to match recent changes to ci matrix This also adds (back?) missing rules pertaining to the server (non-ad) tests. Signed-off-by: John Mulligan --- .github/mergify.yml | 58 ++++++++++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 22 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index a323f15d..b3f09254 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -15,23 +15,30 @@ queue_rules: - name: default conditions: - check-success=checks - - check-success=build-server (centos, amd64) - - check-success=build-server (fedora, amd64) - - check-success=build-server (opensuse, amd64) - - check-success=build-ad-server (fedora, amd64) - - check-success=build-ad-server (opensuse, amd64) - - check-success=build-nightly-server (centos, amd64) - - check-success=build-nightly-server (fedora, amd64) - - check-success=build-nightly-ad-server (fedora, amd64) + - check-success=build-server (default, centos, amd64) + - check-success=build-server (default, fedora, amd64) + - check-success=build-server (default, opensuse, amd64) + - check-success=build-server (nightly, centos, amd64) + - check-success=build-server (nightly, fedora, amd64) + - check-success=build-ad-server (default, fedora, amd64) + - check-success=build-ad-server (default, opensuse, amd64) + - check-success=build-ad-server (nightly, centos, amd64) + - check-success=build-ad-server (nightly, fedora, amd64) - check-success=build-client (centos, amd64) - check-success=build-client (fedora, amd64) - check-success=build-client (opensuse, amd64) - check-success=build-toolbox (centos, amd64) - check-success=build-toolbox (fedora, amd64) - check-success=build-toolbox (opensuse, amd64) - - check-success=test-ad-server-kubernetes (fedora, amd64) - - check-success=test-ad-server-kubernetes (opensuse, amd64) - - check-success=test-nightly-ad-server-kubernetes (fedora, amd64) + - check-success=test-server (default, centos, amd64) + - check-success=test-server (default, fedora, amd64) + - check-success=test-server (default, opensuse, amd64) + - check-success=test-server (nightly, centos, amd64) + - check-success=test-server (nightly, fedora, amd64) + - check-success=test-ad-server-kubernetes (default, fedora, amd64) + - check-success=test-ad-server-kubernetes (default, opensuse, amd64) + - check-success=test-ad-server-kubernetes (nightly, centos, amd64) + - check-success=test-ad-server-kubernetes (nightly, fedora, amd64) - check-success=dpulls @@ -48,23 +55,30 @@ pull_request_rules: - name: Automatic merge on approval conditions: - check-success=checks - - check-success=build-server (centos, amd64) - - check-success=build-server (fedora, amd64) - - check-success=build-server (opensuse, amd64) - - check-success=build-ad-server (fedora, amd64) - - check-success=build-ad-server (opensuse, amd64) - - check-success=build-nightly-server (centos, amd64) - - check-success=build-nightly-server (fedora, amd64) - - check-success=build-nightly-ad-server (fedora, amd64) + - check-success=build-server (default, centos, amd64) + - check-success=build-server (default, fedora, amd64) + - check-success=build-server (default, opensuse, amd64) + - check-success=build-server (nightly, centos, amd64) + - check-success=build-server (nightly, fedora, amd64) + - check-success=build-ad-server (default, fedora, amd64) + - check-success=build-ad-server (default, opensuse, amd64) + - check-success=build-ad-server (nightly, centos, amd64) + - check-success=build-ad-server (nightly, fedora, amd64) - check-success=build-client (centos, amd64) - check-success=build-client (fedora, amd64) - check-success=build-client (opensuse, amd64) - check-success=build-toolbox (centos, amd64) - check-success=build-toolbox (fedora, amd64) - check-success=build-toolbox (opensuse, amd64) - - check-success=test-ad-server-kubernetes (fedora, amd64) - - check-success=test-ad-server-kubernetes (opensuse, amd64) - - check-success=test-nightly-ad-server-kubernetes (fedora, amd64) + - check-success=test-server (default, centos, amd64) + - check-success=test-server (default, fedora, amd64) + - check-success=test-server (default, opensuse, amd64) + - check-success=test-server (nightly, centos, amd64) + - check-success=test-server (nightly, fedora, amd64) + - check-success=test-ad-server-kubernetes (default, fedora, amd64) + - check-success=test-ad-server-kubernetes (default, opensuse, amd64) + - check-success=test-ad-server-kubernetes (nightly, centos, amd64) + - check-success=test-ad-server-kubernetes (nightly, fedora, amd64) - check-success=dpulls - "-draft" # Contributors should set the 'do-not-merge' label if they don't want From c4e56e1139f855a9e732f4980c62cde80e63f4e9 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:06:11 -0400 Subject: [PATCH 29/45] github: add check-commits to list of required ci jobs This will prevent mergify from auto-merging PRs with commit messages that don't meet the checks. Signed-off-by: John Mulligan --- .github/mergify.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/mergify.yml b/.github/mergify.yml index b3f09254..8a08374e 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -15,6 +15,7 @@ queue_rules: - name: default conditions: - check-success=checks + - check-success=check-commits - check-success=build-server (default, centos, amd64) - check-success=build-server (default, fedora, amd64) - check-success=build-server (default, opensuse, amd64) @@ -55,6 +56,7 @@ pull_request_rules: - name: Automatic merge on approval conditions: - check-success=checks + - check-success=check-commits - check-success=build-server (default, centos, amd64) - check-success=build-server (default, fedora, amd64) - check-success=build-server (default, opensuse, amd64) From 44e628bf30b9ac6294a93118b55d94a13bfd7a74 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:29:13 -0400 Subject: [PATCH 30/45] tests: reformat yaml file to eliminate yamllint warnings Signed-off-by: John Mulligan --- tests/files/samba-ad-server-deployment.yml | 88 +++++++++++----------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/tests/files/samba-ad-server-deployment.yml b/tests/files/samba-ad-server-deployment.yml index b83e1549..e77fa3cd 100644 --- a/tests/files/samba-ad-server-deployment.yml +++ b/tests/files/samba-ad-server-deployment.yml @@ -15,47 +15,47 @@ spec: app: samba-ad spec: containers: - - name: samba - # Pointing to locally built image, - # change here to use a registry. - image: samba-ad-server:$IMG_TAG - # Need imagePullPolicy Never for working with local images. - # Otherwise we get "ErrImagePull". - imagePullPolicy: Never - securityContext: - capabilities: - add: ["SYS_ADMIN"] - ports: - # https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage - - containerPort: 53 - name: dns - - containerPort: 135 - name: epm - protocol: TCP - - containerPort: 137 - name: netbios-ns - protocol: UDP - - containerPort: 138 - name: netbios-dgram - protocol: UDP - - containerPort: 139 - name: netbios-session - protocol: TCP - - containerPort: 389 - name: ldap - - containerPort: 445 - name: smb - protocol: TCP - - containerPort: 464 - name: kerberos - - containerPort: 636 - name: ldaps - protocol: TCP - - containerPort: 3268 - name: gc - protocol: TCP - - containerPort: 3269 - name: gc-ssl - protocol: TCP - # need 49152-65535 for dynamic RPC ports - # but currently not possible to specify ranges + - name: samba + # Pointing to locally built image, + # change here to use a registry. + image: samba-ad-server:$IMG_TAG + # Need imagePullPolicy Never for working with local images. + # Otherwise we get "ErrImagePull". + imagePullPolicy: Never + securityContext: + capabilities: + add: ["SYS_ADMIN"] + ports: + # https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage + - containerPort: 53 + name: dns + - containerPort: 135 + name: epm + protocol: TCP + - containerPort: 137 + name: netbios-ns + protocol: UDP + - containerPort: 138 + name: netbios-dgram + protocol: UDP + - containerPort: 139 + name: netbios-session + protocol: TCP + - containerPort: 389 + name: ldap + - containerPort: 445 + name: smb + protocol: TCP + - containerPort: 464 + name: kerberos + - containerPort: 636 + name: ldaps + protocol: TCP + - containerPort: 3268 + name: gc + protocol: TCP + - containerPort: 3269 + name: gc-ssl + protocol: TCP + # need 49152-65535 for dynamic RPC ports + # but currently not possible to specify ranges From 5af0c32fd628c0fc1977f03c3cb37eb6b47dc2e8 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:29:45 -0400 Subject: [PATCH 31/45] tests: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- tests/files/samba-domain-member-pod.yml | 186 ++++++++++++------------ 1 file changed, 93 insertions(+), 93 deletions(-) diff --git a/tests/files/samba-domain-member-pod.yml b/tests/files/samba-domain-member-pod.yml index 4e27a9dc..5a02311b 100644 --- a/tests/files/samba-domain-member-pod.yml +++ b/tests/files/samba-domain-member-pod.yml @@ -80,128 +80,128 @@ spec: imagePullPolicy: $IMG_PULL_POLICY name: smb command: - - "samba-container" - - "--debug-delay=1" - - "run" - - "smbd" + - "samba-container" + - "--debug-delay=1" + - "run" + - "smbd" env: - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: SAMBACC_VERSION - value: "0.1" - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: HOSTNAME + value: sambadm1 ports: - - containerPort: 445 - hostPort: 455 - protocol: TCP - name: "smb" + - containerPort: 445 + hostPort: 455 + protocol: TCP + name: "smb" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/share" - name: samba-sharedir - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/run/samba/winbindd" - name: samba-sockets-dir + - mountPath: "/share" + name: samba-sharedir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/run/samba/winbindd" + name: samba-sockets-dir - image: $IMG_NAME imagePullPolicy: $IMG_PULL_POLICY name: winbind command: - - "samba-container" - - "run" - - "winbindd" + - "samba-container" + - "run" + - "winbindd" env: - - name: SAMBACC_VERSION - value: "0.1" - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: HOSTNAME + value: sambadm1 securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/run/samba/winbindd" - name: samba-sockets-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/run/samba/winbindd" + name: samba-sockets-dir initContainers: - image: $IMG_NAME imagePullPolicy: $IMG_PULL_POLICY name: init args: - - "init" + - "init" env: - - name: SAMBACC_VERSION - value: "0.1" - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: HOSTNAME + value: sambadm1 securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir - image: $IMG_NAME imagePullPolicy: $IMG_PULL_POLICY name: must-join args: - - "must-join" - - "--files" - - "--join-file=/etc/join-data/join.json" + - "must-join" + - "--files" + - "--join-file=/etc/join-data/join.json" env: - - name: SAMBACC_VERSION - value: "0.1" - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: HOSTNAME + value: sambadm1 securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/etc/join-data" - name: samba-join-data - readOnly: true + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/etc/join-data" + name: samba-join-data + readOnly: true volumes: - - configMap: + - configMap: + name: samba-container-config name: samba-container-config - name: samba-container-config - - secret: - secretName: ad-join-secret - items: - - key: join.json - path: join.json - name: samba-join-data - - emptyDir: - medium: Memory - name: samba-sockets-dir - - emptyDir: {} - name: samba-state-dir -# Comment out the section below to skip using a PVC for the share -# - persistentVolumeClaim: -# claimName: mypvc -# name: samba-sharedir -# Uncomment the section below to use an empty dir for the share - - emptyDir: - medium: Memory - name: samba-sharedir + - secret: + secretName: ad-join-secret + items: + - key: join.json + path: join.json + name: samba-join-data + - emptyDir: + medium: Memory + name: samba-sockets-dir + - emptyDir: {} + name: samba-state-dir + # Comment out the section below to skip using a PVC for the share + # - persistentVolumeClaim: + # claimName: mypvc + # name: samba-sharedir + # Uncomment the section below to use an empty dir for the share + - emptyDir: + medium: Memory + name: samba-sharedir From 67bc504f95f2bb7c39ba91bb50983bf3a35bb99a Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:30:13 -0400 Subject: [PATCH 32/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/pv.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/kubernetes/pv.yml b/examples/kubernetes/pv.yml index 65fb1bbb..02312a86 100644 --- a/examples/kubernetes/pv.yml +++ b/examples/kubernetes/pv.yml @@ -12,4 +12,3 @@ spec: - ReadWriteOnce hostPath: path: "/mnt/pv" - From ff37e3ec9d110745acde3966610636604dd390f9 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:30:31 -0400 Subject: [PATCH 33/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/pvc.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/kubernetes/pvc.yml b/examples/kubernetes/pvc.yml index c7b32186..feac70b2 100644 --- a/examples/kubernetes/pvc.yml +++ b/examples/kubernetes/pvc.yml @@ -9,4 +9,3 @@ spec: resources: requests: storage: 1Gi - From ddfd78da5c9532322861d29e608d9c90d3406b63 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:30:40 -0400 Subject: [PATCH 34/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- .../kubernetes/samba-ad-server-deployment.yml | 78 +++++++++---------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/examples/kubernetes/samba-ad-server-deployment.yml b/examples/kubernetes/samba-ad-server-deployment.yml index 2fb657f9..6fd9c851 100644 --- a/examples/kubernetes/samba-ad-server-deployment.yml +++ b/examples/kubernetes/samba-ad-server-deployment.yml @@ -15,42 +15,42 @@ spec: app: samba-ad spec: containers: - - name: samba-ad - image: quay.io/samba.org/samba-ad-server:latest - securityContext: - capabilities: - add: ["SYS_ADMIN"] - ports: - # https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage - - containerPort: 53 - name: dns - - containerPort: 135 - name: epm - protocol: TCP - - containerPort: 137 - name: netbios-ns - protocol: UDP - - containerPort: 138 - name: netbios-dgram - protocol: UDP - - containerPort: 139 - name: netbios-session - protocol: TCP - - containerPort: 389 - name: ldap - - containerPort: 445 - name: smb - protocol: TCP - - containerPort: 464 - name: kerberos - - containerPort: 636 - name: ldaps - protocol: TCP - - containerPort: 3268 - name: gc - protocol: TCP - - containerPort: 3269 - name: gc-ssl - protocol: TCP - # need 49152-65535 for dynamic RPC ports - # but currently not possible to specify ranges + - name: samba-ad + image: quay.io/samba.org/samba-ad-server:latest + securityContext: + capabilities: + add: ["SYS_ADMIN"] + ports: + # https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage + - containerPort: 53 + name: dns + - containerPort: 135 + name: epm + protocol: TCP + - containerPort: 137 + name: netbios-ns + protocol: UDP + - containerPort: 138 + name: netbios-dgram + protocol: UDP + - containerPort: 139 + name: netbios-session + protocol: TCP + - containerPort: 389 + name: ldap + - containerPort: 445 + name: smb + protocol: TCP + - containerPort: 464 + name: kerberos + - containerPort: 636 + name: ldaps + protocol: TCP + - containerPort: 3268 + name: gc + protocol: TCP + - containerPort: 3269 + name: gc-ssl + protocol: TCP + # need 49152-65535 for dynamic RPC ports + # but currently not possible to specify ranges From 062b737032bab538f216c5cd272e1e252a89f849 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:30:46 -0400 Subject: [PATCH 35/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/samba-ctdb-dm-sset.yml | 432 ++++++++++----------- 1 file changed, 216 insertions(+), 216 deletions(-) diff --git a/examples/kubernetes/samba-ctdb-dm-sset.yml b/examples/kubernetes/samba-ctdb-dm-sset.yml index a4f9b52f..96bdec06 100644 --- a/examples/kubernetes/samba-ctdb-dm-sset.yml +++ b/examples/kubernetes/samba-ctdb-dm-sset.yml @@ -119,8 +119,8 @@ metadata: app: clustered-samba-swc spec: ports: - - port: 445 - name: smb + - port: 445 + name: smb clusterIP: None selector: app: clustered-samba-swc @@ -146,290 +146,290 @@ spec: imagePullPolicy: Always name: init args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "init" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "init" env: [] securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: import args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "import" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "import" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: must-join args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "must-join" - - "--files" - - "--join-file=/etc/join-data/join.json" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "must-join" + - "--files" + - "--join-file=/etc/join-data/join.json" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/join-data" - name: samba-join-data - readOnly: true + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/join-data" + name: samba-join-data + readOnly: true - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-migrate args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "ctdb-migrate" - - "--dest-dir=/var/lib/ctdb/persistent" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "ctdb-migrate" + - "--dest-dir=/var/lib/ctdb/persistent" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-set-node args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "ctdb-set-node" - - "--hostname=$(HOSTNAME)" - - "--take-node-number-from-hostname=after-last-dash" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "ctdb-set-node" + - "--hostname=$(HOSTNAME)" + - "--take-node-number-from-hostname=after-last-dash" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/ctdb" - name: ctdb-config + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/ctdb" + name: ctdb-config - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-must-have-node args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "ctdb-must-have-node" - - "--hostname=$(HOSTNAME)" - - "--take-node-number-from-hostname=after-last-dash" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "ctdb-must-have-node" + - "--hostname=$(HOSTNAME)" + - "--take-node-number-from-hostname=after-last-dash" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/ctdb" - name: ctdb-config + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/ctdb" + name: ctdb-config containers: - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--debug-delay=2" - - "run" - - "ctdbd" - - "--setup=smb_ctdb" - - "--setup=ctdb_config" - - "--setup=ctdb_etc" - - "--setup=ctdb_nodes" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--debug-delay=2" + - "run" + - "ctdbd" + - "--setup=smb_ctdb" + - "--setup=ctdb_config" + - "--setup=ctdb_etc" + - "--setup=ctdb_nodes" securityContext: capabilities: add: - - NET_RAW + - NET_RAW env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/volatile" - name: ctdb-volatile - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/volatile" + name: ctdb-volatile + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-manage-nodes args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "ctdb-manage-nodes" - - "--hostname=$(HOSTNAME)" - - "--take-node-number-from-hostname=after-last-dash" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "ctdb-manage-nodes" + - "--hostname=$(HOSTNAME)" + - "--take-node-number-from-hostname=after-last-dash" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: smb args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--debug-delay=12" - - "run" - - "smbd" - - "--setup=nsswitch" - - "--setup=smb_ctdb" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--debug-delay=12" + - "run" + - "smbd" + - "--setup=nsswitch" + - "--setup=smb_ctdb" ports: - - containerPort: 445 - protocol: TCP - name: "smb" + - containerPort: 445 + protocol: TCP + name: "smb" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/share" - name: samba-share-data - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/volatile" - name: ctdb-volatile - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir - - mountPath: "/run/samba/winbindd" - name: samba-sockets-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/share" + name: samba-share-data + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/volatile" + name: ctdb-volatile + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir + - mountPath: "/run/samba/winbindd" + name: samba-sockets-dir - image: quay.io/samba.org/samba-server:latest name: winbind args: - - "--config=/etc/samba-container/config.json" - - "--id=demo" - - "--debug-delay=10" - - "run" - - "winbindd" - - "--setup=nsswitch" - - "--setup=smb_ctdb" + - "--config=/etc/samba-container/config.json" + - "--id=demo" + - "--debug-delay=10" + - "run" + - "winbindd" + - "--setup=nsswitch" + - "--setup=smb_ctdb" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/volatile" - name: ctdb-volatile - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir - - mountPath: "/run/samba/winbindd" - name: samba-sockets-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/volatile" + name: ctdb-volatile + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir + - mountPath: "/run/samba/winbindd" + name: samba-sockets-dir volumes: - # /etc/ctdb - - emptyDir: {} - name: ctdb-config - # /var/lib/ctdb/persistent - - emptyDir: {} - name: ctdb-persistent - # /var/lib/ctdb/volatile - - emptyDir: {} - name: ctdb-volatile - # /var/lib/ctdb/shared - - persistentVolumeClaim: - claimName: ctdb-shared-swc - name: ctdb-shared - # /var/run/ctdb - - emptyDir: - medium: Memory - name: ctdb-sockets-dir - # /var/lib/samba - - emptyDir: {} - name: samba-state-dir - # /share - - persistentVolumeClaim: - claimName: samba-share-data-swc - name: samba-share-data - - emptyDir: - medium: Memory - name: samba-sockets-dir - - configMap: - name: samba-container-config-swc - name: samba-container-config - - secret: - secretName: ad-join-secret - items: - - key: join.json - path: join.json - name: samba-join-data + # /etc/ctdb + - emptyDir: {} + name: ctdb-config + # /var/lib/ctdb/persistent + - emptyDir: {} + name: ctdb-persistent + # /var/lib/ctdb/volatile + - emptyDir: {} + name: ctdb-volatile + # /var/lib/ctdb/shared + - persistentVolumeClaim: + claimName: ctdb-shared-swc + name: ctdb-shared + # /var/run/ctdb + - emptyDir: + medium: Memory + name: ctdb-sockets-dir + # /var/lib/samba + - emptyDir: {} + name: samba-state-dir + # /share + - persistentVolumeClaim: + claimName: samba-share-data-swc + name: samba-share-data + - emptyDir: + medium: Memory + name: samba-sockets-dir + - configMap: + name: samba-container-config-swc + name: samba-container-config + - secret: + secretName: ad-join-secret + items: + - key: join.json + path: join.json + name: samba-join-data From 36662303b4aa5156cac0b6fb0bde24c2fe1f1ee8 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:30:52 -0400 Subject: [PATCH 36/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/samba-ctdb-sset.yml | 306 ++++++++++++------------ 1 file changed, 153 insertions(+), 153 deletions(-) diff --git a/examples/kubernetes/samba-ctdb-sset.yml b/examples/kubernetes/samba-ctdb-sset.yml index b98db717..2dd1ec8f 100644 --- a/examples/kubernetes/samba-ctdb-sset.yml +++ b/examples/kubernetes/samba-ctdb-sset.yml @@ -46,8 +46,8 @@ metadata: app: clustered-samba spec: ports: - - port: 445 - name: smb + - port: 445 + name: smb clusterIP: None selector: app: clustered-samba @@ -73,218 +73,218 @@ spec: imagePullPolicy: Always name: init args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "init" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "init" env: [] securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: import args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "import" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "import" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: import-users args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "import-users" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "import-users" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-migrate args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "--skip-if-file=/var/lib/ctdb/shared/nodes" - - "ctdb-migrate" - - "--dest-dir=/var/lib/ctdb/persistent" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "--skip-if-file=/var/lib/ctdb/shared/nodes" + - "ctdb-migrate" + - "--dest-dir=/var/lib/ctdb/persistent" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-set-node args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "ctdb-set-node" - - "--hostname=$(HOSTNAME)" - - "--take-node-number-from-hostname=after-last-dash" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "ctdb-set-node" + - "--hostname=$(HOSTNAME)" + - "--take-node-number-from-hostname=after-last-dash" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/ctdb" - name: ctdb-config + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/ctdb" + name: ctdb-config - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-must-have-node args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "ctdb-must-have-node" - - "--hostname=$(HOSTNAME)" - - "--take-node-number-from-hostname=after-last-dash" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "ctdb-must-have-node" + - "--hostname=$(HOSTNAME)" + - "--take-node-number-from-hostname=after-last-dash" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/ctdb" - name: ctdb-config + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/ctdb" + name: ctdb-config containers: - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "--debug-delay=2" - - "run" - - "ctdbd" - - "--setup=smb_ctdb" - - "--setup=ctdb_config" - - "--setup=ctdb_etc" - - "--setup=ctdb_nodes" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "--debug-delay=2" + - "run" + - "ctdbd" + - "--setup=smb_ctdb" + - "--setup=ctdb_config" + - "--setup=ctdb_etc" + - "--setup=ctdb_nodes" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" volumeMounts: - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/volatile" - name: ctdb-volatile - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/volatile" + name: ctdb-volatile + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: ctdb-manage-nodes args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "ctdb-manage-nodes" - - "--hostname=$(HOSTNAME)" - - "--take-node-number-from-hostname=after-last-dash" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "ctdb-manage-nodes" + - "--hostname=$(HOSTNAME)" + - "--take-node-number-from-hostname=after-last-dash" env: - - name: SAMBACC_CTDB - value: "ctdb-is-experimental" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name + - name: SAMBACC_CTDB + value: "ctdb-is-experimental" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name volumeMounts: - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir - image: quay.io/samba.org/samba-server:latest imagePullPolicy: Always name: smb args: - - "--config=/usr/local/share/sambacc/examples/ctdb.json" - - "--id=demo" - - "--debug-delay=12" - - "run" - - "smbd" - - "--setup=users" - - "--setup=smb_ctdb" + - "--config=/usr/local/share/sambacc/examples/ctdb.json" + - "--id=demo" + - "--debug-delay=12" + - "run" + - "smbd" + - "--setup=users" + - "--setup=smb_ctdb" ports: - - containerPort: 445 - protocol: TCP - name: "smb" + - containerPort: 445 + protocol: TCP + name: "smb" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/share" - name: samba-share-data - - mountPath: "/var/lib/ctdb/shared" - name: ctdb-shared - - mountPath: "/var/lib/ctdb/persistent" - name: ctdb-persistent - - mountPath: "/var/lib/ctdb/volatile" - name: ctdb-volatile - - mountPath: "/etc/ctdb" - name: ctdb-config - - mountPath: "/var/run/ctdb" - name: ctdb-sockets-dir + - mountPath: "/share" + name: samba-share-data + - mountPath: "/var/lib/ctdb/shared" + name: ctdb-shared + - mountPath: "/var/lib/ctdb/persistent" + name: ctdb-persistent + - mountPath: "/var/lib/ctdb/volatile" + name: ctdb-volatile + - mountPath: "/etc/ctdb" + name: ctdb-config + - mountPath: "/var/run/ctdb" + name: ctdb-sockets-dir volumes: - # /etc/ctdb - - emptyDir: {} - name: ctdb-config - # /var/lib/ctdb/persistent - - emptyDir: {} - name: ctdb-persistent - # /var/lib/ctdb/volatile - - emptyDir: {} - name: ctdb-volatile - # /var/lib/ctdb/shared - - persistentVolumeClaim: - claimName: ctdb-shared - name: ctdb-shared - # /var/run/ctdb - - emptyDir: - medium: Memory - name: ctdb-sockets-dir - # /var/lib/samba - - emptyDir: {} - name: samba-state-dir - # /share - - persistentVolumeClaim: - claimName: samba-share-data - name: samba-share-data + # /etc/ctdb + - emptyDir: {} + name: ctdb-config + # /var/lib/ctdb/persistent + - emptyDir: {} + name: ctdb-persistent + # /var/lib/ctdb/volatile + - emptyDir: {} + name: ctdb-volatile + # /var/lib/ctdb/shared + - persistentVolumeClaim: + claimName: ctdb-shared + name: ctdb-shared + # /var/run/ctdb + - emptyDir: + medium: Memory + name: ctdb-sockets-dir + # /var/lib/samba + - emptyDir: {} + name: samba-state-dir + # /share + - persistentVolumeClaim: + claimName: samba-share-data + name: samba-share-data From 9b4944e5a6f16f03f2f8f5e6b74ee6a8aeaa53f3 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:30:59 -0400 Subject: [PATCH 37/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- .../kubernetes/sambadeployment.converged.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/kubernetes/sambadeployment.converged.yml b/examples/kubernetes/sambadeployment.converged.yml index fd8fc568..f9adcaf1 100644 --- a/examples/kubernetes/sambadeployment.converged.yml +++ b/examples/kubernetes/sambadeployment.converged.yml @@ -16,17 +16,17 @@ spec: app: samba spec: volumes: - - name: myvol - persistentVolumeClaim: - claimName: mypvc + - name: myvol + persistentVolumeClaim: + claimName: mypvc containers: - - name: samba - image: quay.io/samba.org/samba-server:latest - ports: - - containerPort: 445 - volumeMounts: - - mountPath: "/share" - name: myvol + - name: samba + image: quay.io/samba.org/samba-server:latest + ports: + - containerPort: 445 + volumeMounts: + - mountPath: "/share" + name: myvol --- apiVersion: v1 kind: PersistentVolumeClaim From 39854c8e609fdfd53bb17ae2bd6409fc36880a7d Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:31:06 -0400 Subject: [PATCH 38/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/sambadeployment.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/kubernetes/sambadeployment.yml b/examples/kubernetes/sambadeployment.yml index 6133b06d..d37875e2 100644 --- a/examples/kubernetes/sambadeployment.yml +++ b/examples/kubernetes/sambadeployment.yml @@ -15,14 +15,14 @@ spec: app: samba spec: volumes: - - name: myvol - persistentVolumeClaim: - claimName: mypvc + - name: myvol + persistentVolumeClaim: + claimName: mypvc containers: - - name: samba - image: quay.io/samba.org/samba-server:latest - ports: - - containerPort: 445 - volumeMounts: - - mountPath: "/share" - name: myvol + - name: samba + image: quay.io/samba.org/samba-server:latest + ports: + - containerPort: 445 + volumeMounts: + - mountPath: "/share" + name: myvol From 8ce913b13b4f6a5deedfefe092745cf2c43abf95 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:31:14 -0400 Subject: [PATCH 39/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/sambadmpod.yml | 186 ++++++++++++++--------------- 1 file changed, 93 insertions(+), 93 deletions(-) diff --git a/examples/kubernetes/sambadmpod.yml b/examples/kubernetes/sambadmpod.yml index 58e0109e..14d12f69 100644 --- a/examples/kubernetes/sambadmpod.yml +++ b/examples/kubernetes/sambadmpod.yml @@ -101,125 +101,125 @@ spec: - image: quay.io/samba.org/samba-server:latest name: smb command: - - "samba-container" - - "--debug-delay=1" - - "run" - - "smbd" + - "samba-container" + - "--debug-delay=1" + - "run" + - "smbd" env: - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: SAMBACC_VERSION - value: "0.1" - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: HOSTNAME + value: sambadm1 ports: - - containerPort: 445 - hostPort: 455 - protocol: TCP - name: "smb" + - containerPort: 445 + hostPort: 455 + protocol: TCP + name: "smb" securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/share" - name: samba-sharedir - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/run/samba/winbindd" - name: samba-sockets-dir + - mountPath: "/share" + name: samba-sharedir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/run/samba/winbindd" + name: samba-sockets-dir - image: quay.io/samba.org/samba-server:latest name: winbind command: - - "samba-container" - - "run" - - "winbindd" + - "samba-container" + - "run" + - "winbindd" env: - - name: SAMBACC_VERSION - value: "0.1" - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: HOSTNAME + value: sambadm1 securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/run/samba/winbindd" - name: samba-sockets-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/run/samba/winbindd" + name: samba-sockets-dir initContainers: - image: quay.io/samba.org/samba-server:latest name: init args: - - "init" + - "init" env: - - name: SAMBACC_VERSION - value: "0.1" - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: HOSTNAME + value: sambadm1 securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir - image: quay.io/samba.org/samba-server:latest name: must-join args: - - "must-join" - - "--files" - - "--join-file=/etc/join-data/join.json" + - "must-join" + - "--files" + - "--join-file=/etc/join-data/join.json" env: - - name: SAMBACC_VERSION - value: "0.1" - - name: SAMBACC_CONFIG - value: /etc/samba-container/config.json - - name: SAMBA_CONTAINER_ID - value: sambadm1 - - name: HOSTNAME - value: sambadm1 + - name: SAMBACC_VERSION + value: "0.1" + - name: SAMBACC_CONFIG + value: /etc/samba-container/config.json + - name: SAMBA_CONTAINER_ID + value: sambadm1 + - name: HOSTNAME + value: sambadm1 securityContext: allowPrivilegeEscalation: true volumeMounts: - - mountPath: "/etc/samba-container" - name: samba-container-config - - mountPath: "/var/lib/samba" - name: samba-state-dir - - mountPath: "/etc/join-data" - name: samba-join-data - readOnly: true + - mountPath: "/etc/samba-container" + name: samba-container-config + - mountPath: "/var/lib/samba" + name: samba-state-dir + - mountPath: "/etc/join-data" + name: samba-join-data + readOnly: true volumes: - - configMap: + - configMap: + name: samba-container-config name: samba-container-config - name: samba-container-config - - secret: - secretName: ad-join-secret - items: - - key: join.json - path: join.json - name: samba-join-data - - emptyDir: - medium: Memory - name: samba-sockets-dir - - emptyDir: {} - name: samba-state-dir -# Comment out the section below to skip using a PVC for the share - - persistentVolumeClaim: - claimName: mypvc - name: samba-sharedir -# Uncomment the section below to use an empty dir for the share -# - emptyDir: -# medium: Memory -# name: samba-sharedir + - secret: + secretName: ad-join-secret + items: + - key: join.json + path: join.json + name: samba-join-data + - emptyDir: + medium: Memory + name: samba-sockets-dir + - emptyDir: {} + name: samba-state-dir + # Comment out the section below to skip using a PVC for the share + - persistentVolumeClaim: + claimName: mypvc + name: samba-sharedir + # Uncomment the section below to use an empty dir for the share + # - emptyDir: + # medium: Memory + # name: samba-sharedir From 543fc1705caa82d4a50dc8c1d2ff451e2b9fb0d4 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 19 Jul 2023 10:31:20 -0400 Subject: [PATCH 40/45] examples: reformat yaml file to remove yamllint warnings Signed-off-by: John Mulligan --- examples/kubernetes/sambapod.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/kubernetes/sambapod.yml b/examples/kubernetes/sambapod.yml index 842287fc..99f02594 100644 --- a/examples/kubernetes/sambapod.yml +++ b/examples/kubernetes/sambapod.yml @@ -16,4 +16,3 @@ spec: volumeMounts: - mountPath: "/share" name: myvol - From 54f1dadbd7bfc326d5a9c0161bce2c1fa8bf9b70 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 21 Jul 2023 09:42:41 -0400 Subject: [PATCH 41/45] gitlint: ignore body lines that are footnotes Ignore lines that start like `[1]: ` or `[2]: ` such that we can have long text like URLs in the commits without triggering other gitlint body rules. Signed-off-by: John Mulligan --- .gitlint | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.gitlint b/.gitlint index abc756b6..d76f8eb0 100644 --- a/.gitlint +++ b/.gitlint @@ -30,6 +30,9 @@ ignore-merge-commits=true # Enable debug mode (prints more output). Disabled by default. # debug=true +# Enable search regex and remove warning message. +regex-style-search=true + # Enable community contributed rules # See http://jorisroovers.github.io/gitlint/contrib_rules for details # contrib=contrib-body-requires-signed-off-by @@ -106,11 +109,16 @@ regex=^.* # Use 'all' to ignore all rules # ignore=T1,body-min-length -# [ignore-body-lines] +[ignore-body-lines] # Ignore certain lines in a commit body that match a regex. # E.g. Ignore all lines that start with 'Co-Authored-By' # regex=^Co-Authored-By +# ignore lines that are "footnotes", that start like `[1]: ` or `[2]: ` and so on +# this will make it easy to put long urls in commit messages without +# triggering gitlint body rules +regex=^\[[0-9]+\]:? + + # This is a contrib rule - a community contributed rule. These are disabled by default. # You need to explicitly enable them one-by-one by adding them to the "contrib" option # under [general] section above. From 193bfe89704dac5d97516c9c58c94ba16daa059a Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Mon, 24 Jul 2023 10:21:58 -0400 Subject: [PATCH 42/45] hack: fix --push option to build-image Late in the development of `build-image` I made additional_tags a list of tuples rather than a list of strings in order to make filtering simpler but `push` function was never updated to match. This quick fix gets `--push` mode working again. Signed-off-by: John Mulligan --- hack/build-image | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/build-image b/hack/build-image index 11892ad4..6237fdcf 100755 --- a/hack/build-image +++ b/hack/build-image @@ -394,7 +394,7 @@ def push(cli, target): build(cli, target) push_name = target.image_name() - for tag in target.additional_tags: + for tag, _ in target.additional_tags: if tag in ("latest", "nightly"): push_name = target.image_name(tag=tag) break From f5374a8491b1f046aeef6610157431d2e26a59f4 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 2 Aug 2023 16:03:39 -0400 Subject: [PATCH 43/45] docs: add release process document Signed-off-by: John Mulligan --- docs/release-process.md | 132 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 docs/release-process.md diff --git a/docs/release-process.md b/docs/release-process.md new file mode 100644 index 00000000..f3a570ab --- /dev/null +++ b/docs/release-process.md @@ -0,0 +1,132 @@ +# samba-container Release Process + +## Preparation + +The samba-container project has a dedicated branch, called `release`, for +release versions. This is done to update certain files which control +dependencies and versioning. Tags are applied directly to this branch +and only this branch. + + +### Tagging + +Prior to tagging, check out the `release` branch and merge `master` into it. +Example: + +``` +git checkout master +git pull --ff-only +git checkout release +git pull --ff-only +git merge master +# resolve any conflicts +``` + +Now we need to "pin" the appropriate versions of samba and sambacc so that only +explicitly specified versions of those packages will be included on release +branch builds. Set `SAMBA_VERSION_SUFFIX` and `SAMBACC_VERSION_SUFFIX` in the +container files in `images/`. Currently, only the fedora based images are +included in the release. Thus you must set those variables in the fedora +container files for server and ad-server. Commit these changes to the `release` +branch. Currently, there is no PR process for release branches so make the +commits directly to the `release` branch and push them. This implies that +releases must be managed by users with the rights to push directly to the +project's release branch. + +At this point, an optional but recommended step is to do a test build before +tagging. Run `make build-ad-server build-server build-client build-toolbox`. +You do not need to build the nightly package variants or other OS bases as +these are not part of the released images. You can push the images to quay.io +under your own repos to perform a early security scan as well. + +If you are happy with the content of the `release` branch, tag it. Example: + +``` +git checkout release +git tag -a -m 'Release v0.3' v0.3 +``` + +This creates an annotated tag. Release tags must be annotated tags. + +### Build + +Using the tagged `release` branch, the container images for release will be +built. It is very important to ensure that base images are up-to-date. +It is very important to ensure that you perform the next set of steps with +clean new builds and do not use cached images. To accomplish both tasks it +is recommended to purge your local container engine of cached images +(Example: `podman image rm --all`). You should have no images named like +`quay.io/samba.org` in your local cache. + +Build the images from scratch. Example: +``` +make build-ad-server build-server build-client build-toolbox +``` + +For each image that was just built, apply a temporary pre-release tag +to it. Example: +``` +for img_name in ad-server server client toolbox ; do + podman tag quay.io/samba.org/samba-${img_name}:{latest,v0.3pre1} +done +``` + +Log into quay.io. Push the images to quay.io using the temporary tag. Example: +``` +for img_name in ad-server server client toolbox ; do + podman push quay.io/samba.org/samba-${img_name}:v0.3pre1 +done +``` + +Wait for the security scan to complete. There shouldn't be any issues if you +properly updated the base images before building. If there are issues and you +are sure you used the newest base images, check the base images on quay.io and +make sure that the number of issues are identical. The security scan can take +some time, while it runs you may want to do other things. + + +## GitHub Release + +When you are satisfied that the tagged version is suitable for release, you +can push the tag to the public repo: +``` +git push --follow-tags +``` + +Draft a new set of release notes. Select the recently pushed tag. Start with +the auto-generated release notes from GitHub (activate the `Generate release +notes` button/link). Add an introductory section (see previous notes for an +example). Add a "Highlights" section if there are any notable features or fixes +in the release. The Highlights section can be skipped if the content of the +release is unremarkable (e.g. few changes occurred since the previous release). + +Because this is a container based release we do not provide any build artifacts +on GitHub (beyond the sources automatically provided there). Instead we add +a Downloads section that notes the exact tags and digests that the images can +be found at on quay.io. + +Use the following partial snippet as an example: +``` +Images built for this release can be obtained from the quay.io image registry. + +### samba-server +* By tag: quay.io/samba.org/samba-server:v0.3 +* By digest: quay.io/samba.org/samba-server@sha256:09c867343af39b237230f94a734eacc8313f2330c7d934994522ced46b740715 +### samba-ad-server +* By tag: quay.io/samba.org/samba-ad-server:v0.3 +* By digest: quay.io/samba.org/samba-ad-server@sha256:a1d901f44be2af5a516b21e45dbd6ebd2f64500dfbce112886cdce09a5c3cbd5 +``` +... and so on for each image that was pushed earlier + +The tag is pretty obvious - it should match the image tag (minus any pre-release +marker). You can get the digest from the tag using the quay.io UI (do not use +any local digest hashes). Click on the SHA256 link and then copy the full +manifest hash using the UI widget that appears. + +Perform a final round of reviews, as needed, for the release notes and then +publish the release. + +Once the release notes are drafted and then either immediately before or after +publishing them, use the quay.io UI to copy each pre-release tag to the "latest" +tag and a final "vX.Y" tag. Delete the temporary pre-release tags using the +quay.io UI as they are no longer needed. From 0c7d6d991c60f1c41d4b28da0ccc2764cc60e496 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 10 Aug 2023 18:05:10 -0400 Subject: [PATCH 44/45] common: install sambacc extra packages from local dir if present The install-sambacc-common.sh script retains the method of installing sambacc RPMs (and even python wheels) from earlier build processes even though it's not the default install method now. It still is useful when developing sambacc features. Now, sambacc has extra packages that mainly act to provide python extras for features like yaml, toml and jsonschema validation. Install these files if the are present but retain the logic that there should only be on "main" sambacc rpm. Signed-off-by: John Mulligan --- images/common/install-sambacc-common.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/images/common/install-sambacc-common.sh b/images/common/install-sambacc-common.sh index 215ac366..bccdb26b 100644 --- a/images/common/install-sambacc-common.sh +++ b/images/common/install-sambacc-common.sh @@ -12,6 +12,7 @@ install_sambacc() { local wheels=() local rpmfiles=() + local rpmextras=() local repofiles=() for artifact in "${artifacts[@]}" ; do if [[ ${artifact} =~ sambacc.*\.whl$ ]]; then @@ -20,6 +21,9 @@ install_sambacc() { if [[ ${artifact} =~ python.?-sambacc-.*\.noarch\.rpm$ ]]; then rpmfiles+=("${artifact}") fi + if [[ ${artifact} =~ python.?-sambacc+.*\.noarch\.rpm$ ]]; then + rpmextras+=("${artifact}") + fi if [[ ${artifact} =~ sambacc.*\.repo$ ]]; then repofiles+=("${artifact}") fi @@ -59,7 +63,7 @@ install_sambacc() { container_json_file="/usr/local/share/sambacc/examples/${DEFAULT_JSON_FILE}" ;; install-rpm) - dnf install -y "${rpmfiles[0]}" + dnf install -y "${rpmfiles[0]}" "${rpmextras[@]}" dnf clean all container_json_file="/usr/share/sambacc/examples/${DEFAULT_JSON_FILE}" ;; From dac24461d91fc65c89792f21a1ad84866f7daabf Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Thu, 10 Aug 2023 18:47:08 -0400 Subject: [PATCH 45/45] docs: start a developers guide with a tip on sambacc builds Start a developers guide document by documenting a process I use to test out development branches of sambacc in a proper samba-container image. Signed-off-by: John Mulligan --- docs/development.md | 100 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 docs/development.md diff --git a/docs/development.md b/docs/development.md new file mode 100644 index 00000000..b7756fd6 --- /dev/null +++ b/docs/development.md @@ -0,0 +1,100 @@ +# Development Guide + + +## Building samba containers with unreleased sambacc code + +Changes to `sambacc` are validated by a suite of unit tests to ensure a minium +level of quality, but that is often not enough to fully validate a +work-in-progress feature, especially one that needs to interact with components +from Samba in complex ways. One may want to try out an unreleased branch of +sambacc code as part of a samba container image. Two methods of doing this are: +* Build sambacc RPMs and put them in a yum/dnf repo +* Customize the Containerfile to use a sambacc build stage + +Both methods make use of the sambacc build image. The files needed to build the +image are part of the [sambacc +repo](https://github.com/samba-in-kubernetes/sambacc) and already-created +images are available at quay.io: +[quay.io/samba.org/sambacc](https://quay.io/repository/samba.org/sambacc). + +### RPMs + +One can build rpms using the sambacc test-and-build container. +In this example we assume you have a git checkout of sambacc as the +local path. Create a new directory to store build artifacts in: +``` +mkdir -p _build +``` + +Then run the container command like follows: +``` +podman run -v $PWD:/var/tmp/build/sambacc -v $PWD/_build:/srv/dist/:z -e SAMBACC_DISTNAME=dev quay.io/samba.org/sambacc:latest +``` + +Breaking it down, we're mounting the current dir at `/var/tmp/build/sambacc`, +mounting the build dir at `/srv/dist` and telling the build container +to store artifacts under the "distribution name" of `dev`. This should +result in rpms, whl files and other artifacts in `_build/dev`. You can +name your "dist" anything. + +Now you have a directory with rpms in it you can run `createrepo` on them +and/or publish them on the web. Managing the rpms is an exercise left to the +reader. + +To get them into a samba-container image, like the samba-server or +samba-ad-server image, we need to get or create a repo file pointing to the +repo hosting your rpms. The repo file must be saved into the build container at +a path named like `/tmp/sambacc-dist-latest/sambacc*.repo`, so that the +`install-sambacc.sh` script that is run during the image build can find it. + +Typically this means modifying the Containerfile. Here's an example modification +to the `images/server/Containerfile.fedora` file: +``` +COPY .common/install-sambacc-common.sh /usr/local/bin/install-sambacc-common.sh +COPY install-sambacc.sh /usr/local/bin/install-sambacc.sh +# Add an ADD command to copy our repofile into the build +ADD https://my-cool-repo.example.org/mystuff/sambacc.repo /tmp/sambacc-dist-latest +RUN /usr/local/bin/install-sambacc.sh \ + "/tmp/sambacc-dist-latest" \ + "${SAMBACC_VERSION_SUFFIX}" +``` + +Now build the image the usual way. It should contain your specific sambacc rpms. + + +### Build Stage + +Rather than building the sambacc RPMs and creating a repo for them, the build +steps can be combined by modifying the `Containerfile`s to add a specific build +stage. First add the build stage to the top of the Containerfile: +``` +# --- new stuff --- +FROM quay.io/samba.org/sambacc:latest AS sccbuilder +ARG SAMBACC_VER=my-cool-branch +ARG SAMBACC_REPO=https://github.com/example-user/sambacc +RUN SAMBACC_DISTNAME=latest \ + /usr/local/bin/build.sh ${SAMBACC_VER} ${SAMBACC_REPO} +# --- end new stuff --- + +FROM registry.fedoraproject.org/fedora:38 +``` + +The variables `SAMBACC_VER` and `SAMBACC_REPO` can be overridden on the command +line so you don't have to keep modifying the Containerfile to set them, unless +you want to. `SAMBACC_VER` takes a git ref and that can be a barnch name or a +commit hash. Using a commit hash can be handy to avoid caching issues. + +Next, we need to make a modification to the RUN command that executes +`install-sambacc.sh`: +``` +# add the --mount argument to map the dist dir of the sccbuilder +# container to the /tmp/sambacc-dist-latest dir in the current build +# container. +RUN --mount=type=bind,from=sccbuilder,source=/srv/dist/latest,destination=/tmp/sambacc-dist-latest bash -x /usr/local/bin/install-sambacc.sh \ + "/tmp/sambacc-dist-latest" \ + "${SAMBACC_VERSION_SUFFIX}" +``` + +Very old versions of podman and docker may not support `--mount`. As an +alternative, you can add a `COPY` command to copy the rpms from one container +to the other.