New infra image start

infra/image/build-inventory

@@ -0,0 +1,15 @@
+[ipaserver]
+ansible-freeipa-image-builder ansible_connection=podman
+
+[ipaserver:vars]
+ipaadmin_password=SomeADMINpassword
+ipadm_password=SomeDMpassword
+ipaserver_domain=test.local
+ipaserver_realm=TEST.LOCAL
+ipaserver_setup_dns=true
+ipaserver_auto_forwarders=true
+ipaserver_no_dnssec_validation=true
+ipaserver_auto_reverse=true
+ipaserver_setup_kra=true
+ipaserver_setup_firewalld=false
+ipaclient_no_ntp=true

infra/image/build.sh

@@ -3,6 +3,9 @@
 BASEDIR="$(readlink -f "$(dirname "$0")")"
 TOPDIR="$(readlink -f "${BASEDIR}/../..")"
 
+# shellcheck disable=SC1091
+. "${BASEDIR}/shcontainer"
+# shellcheck disable=SC1091
 . "${TOPDIR}/utils/shfun"
 
 valid_distro() {
@@ -12,7 +15,7 @@ valid_distro() {
 usage() {
     local prog="${0##*/}"
     cat << EOF
-usage: ${prog} [-h] [i] distro
+usage: ${prog} [-h] [-s] distro
     ${prog} build a container image to test ansible-freeipa.
 EOF
 }
@@ -35,7 +38,7 @@ name="ansible-freeipa-image-builder"
 hostname="ipaserver.test.local"
 # Number of cpus is not available in usptream CI (Ubuntu 22.04).
 # cpus="2"
-memory="4g"
+memory="3g"
 quayname="quay.io/ansible-freeipa/upstream-tests"
 deploy_server="N"
 
@@ -56,7 +59,7 @@ distro=${1:-}
 [ -f "${BASEDIR}/dockerfile/${distro}" ] \
   || die "${distro} is not a valid distro target.\nUse one of: $(valid_distro)"
 
-[ -n "$(command -v "podman")" ] || die "podman is required."
+container_check
 
 if [ "${deploy_server}" == "Y" ]
 then
@@ -65,87 +68,50 @@ then
     deploy_playbook="${TOPDIR}/playbooks/install-server.yml"
     [ -f "${deploy_playbook}" ] || die "Can't find playbook '${deploy_playbook}'"
 
-    inventory_file="${BASEDIR}/inventory"
+    inventory_file="${BASEDIR}/build-inventory"
     [ -f "${inventory_file}" ] || die "Can't find inventory '${inventory_file}'"
 fi
 
-container_state="$(podman ps -q --all --format "{{.State}}" --filter "name=${name}")"
+container_state=$(container_get_state "${name}")
 
 tag="${distro}-base"
 server_tag="${distro}-server"
 
-# in older (as in Ubuntu 22.04) podman versions,
-# 'podman image rm --force' fails if the image
-# does not exist.
-remove_image_if_exists()
-{
-    local tag_to_remove
-    tag_to_remove="${1}"
-    if podman image exists "${tag_to_remove}"
-    then
-        log info "= Cleanup ${tag_to_remove} ="
-        podman image rm "${tag_to_remove}" --force
-        echo
-    fi
-}
-
-remove_image_if_exists "${tag}"
-[ "${deploy_server}" == "Y" ] && remove_image_if_exists "${server_tag}"
-
-
-log info "= Building ${tag} ="
-podman build -t "${tag}" -f "${BASEDIR}/dockerfile/${distro}" \
-       "${BASEDIR}"
-echo
+container_remove_image_if_exists "${tag}"
+[ "${deploy_server}" == "Y" ] && \
+    container_remove_image_if_exists "${server_tag}"
 
-log info "= Creating ${name} ="
-podman create --privileged --name "${name}" --hostname "${hostname}" \
-    --network bridge:interface_name=eth0 --systemd true \
-    --memory "${memory}" --memory-swap -1 --no-hosts \
-    --replace "${tag}"
-echo
-
-log info "= Committing \"${quayname}:${tag}\" ="
-podman commit "${name}" "${quayname}:${tag}"
-echo
+container_build "${tag}" "${BASEDIR}/dockerfile/${distro}" "${BASEDIR}"
+container_create "${name}" "${tag}" "${hostname}" "${memory}"
+container_commit "${name}" "${quayname}:${tag}"
 
 if [ "${deploy_server}" == "Y" ]
 then
     deployed=false
 
-    log info "= Starting ${name} ="
-    [ "${container_state}" == "running" ] || podman start "${name}"
-    echo
+    [ "${container_state}" != "running" ] && container_start "${name}"
+
+    container_wait_for_journald "${name}"
 
     log info "= Deploying IPA ="
-    if ansible-playbook -i "${inventory_file}" "${deploy_playbook}"
+    if ansible-playbook -u root -i "${inventory_file}" "${deploy_playbook}"
     then
         deployed=true
     fi
     echo
 
     if $deployed; then
-        log info "= Enabling additional services ="
-        podman exec "${name}" systemctl enable fixnet
-        podman exec "${name}" systemctl enable fixipaip
+        log info "= Enabling services ="
+        container_exec "${name}" systemctl enable fixnet
+        container_exec "${name}" systemctl enable fixipaip
         echo
     fi
 
-    log info "= Stopping container ${name} ="
-    podman stop "${name}"
-    echo
+    container_stop "${name}"
 
     $deployed || die "Deployment failed"
 
-    log info "= Committing \"${quayname}:${server_tag}\" ="
-    podman commit "${name}" "${quayname}:${server_tag}"
-    echo
+    container_commit "${name}" "${quayname}:${server_tag}"
 fi
 
 log info "= DONE: Image created. ="
-
-# For tests:
-# podman start "${name}"
-# while [ -n "$(podman exec ansible-test systemctl list-jobs | grep -vi "no jobs running")" ]; do echo "waiting.."; sleep 5; done
-# # Run tests
-# podman stop "${name}"

infra/image/dockerfile/c10s

@@ -4,7 +4,6 @@ ENV container=podman
 RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
 dnf makecache; \
 dnf --assumeyes install \
-    /usr/bin/python3 \
     /usr/bin/dnf-3 \
     sudo \
     bash \
@@ -13,6 +12,19 @@ dnf --assumeyes install \
     iproute; \
 rm -rf /var/cache/dnf/;
 
+RUN (cd /lib/systemd/system/; \
+    if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
+       ln -s dbus-broker.service dbus.service; \
+    fi \
+)
+COPY system-service/container-ipa.target /lib/systemd/system/
+RUN systemctl set-default container-ipa.target
+RUN (cd /etc/systemd/system/; \
+    rm -rf multi-user.target.wants \
+	&& mkdir container-ipa.target.wants \
+	&& ln -s container-ipa.target.wants multi-user.target.wants \
+)
+
 COPY system-service/fixnet.sh /root/
 COPY system-service/fixipaip.sh /root/
 COPY system-service/fixnet.service /etc/systemd/system/

infra/image/dockerfile/c8s

@@ -7,8 +7,6 @@ sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo; \
 sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo; \
 dnf makecache; \
 dnf --assumeyes install \
-    /usr/bin/python3 \
-    /usr/bin/python3-config \
     /usr/bin/dnf-3 \
     sudo \
     bash \
@@ -18,6 +16,19 @@ dnf --assumeyes install \
 dnf clean all; \
 rm -rf /var/cache/dnf/;
 
+RUN (cd /lib/systemd/system/; \
+    if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
+       ln -s dbus-broker.service dbus.service; \
+    fi \
+)
+COPY system-service/container-ipa.target /lib/systemd/system/
+RUN systemctl set-default container-ipa.target
+RUN (cd /etc/systemd/system/; \
+    rm -rf multi-user.target.wants \
+	&& mkdir container-ipa.target.wants \
+	&& ln -s container-ipa.target.wants multi-user.target.wants \
+)
+
 COPY system-service/fixnet.sh /root/
 COPY system-service/fixipaip.sh /root/
 COPY system-service/fixnet.service /etc/systemd/system/

infra/image/dockerfile/c9s

@@ -4,7 +4,6 @@ ENV container=podman
 RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
 dnf makecache; \
 dnf --assumeyes install \
-    /usr/bin/python3 \
     /usr/bin/dnf-3 \
     sudo \
     bash \
@@ -13,6 +12,19 @@ dnf --assumeyes install \
     iproute; \
 rm -rf /var/cache/dnf/;
 
+RUN (cd /lib/systemd/system/; \
+    if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
+       ln -s dbus-broker.service dbus.service; \
+    fi \
+)
+COPY system-service/container-ipa.target /lib/systemd/system/
+RUN systemctl set-default container-ipa.target
+RUN (cd /etc/systemd/system/; \
+    rm -rf multi-user.target.wants \
+	&& mkdir container-ipa.target.wants \
+	&& ln -s container-ipa.target.wants multi-user.target.wants \
+)
+
 COPY system-service/fixnet.sh /root/
 COPY system-service/fixipaip.sh /root/
 COPY system-service/fixnet.service /etc/systemd/system/

infra/image/dockerfile/fedora-latest

@@ -15,6 +15,19 @@ dnf --assumeyes install \
 dnf clean all; \
 rm -rf /var/cache/dnf/;
 
+RUN (cd /lib/systemd/system/; \
+    if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
+       ln -s dbus-broker.service dbus.service; \
+    fi \
+)
+COPY system-service/container-ipa.target /lib/systemd/system/
+RUN systemctl set-default container-ipa.target
+RUN (cd /etc/systemd/system/; \
+    rm -rf multi-user.target.wants \
+	&& mkdir container-ipa.target.wants \
+	&& ln -s container-ipa.target.wants multi-user.target.wants \
+)
+
 COPY system-service/fixnet.sh /root/
 COPY system-service/fixipaip.sh /root/
 COPY system-service/fixnet.service /etc/systemd/system/

infra/image/dockerfile/fedora-rawhide

@@ -16,6 +16,19 @@ dnf --assumeyes install \
 dnf clean all; \
 rm -rf /var/cache/dnf/;
 
+RUN (cd /lib/systemd/system/; \
+    if [ -e dbus-broker.service ] && [ ! -e dbus.service ]; then \
+       ln -s dbus-broker.service dbus.service; \
+    fi \
+)
+COPY system-service/container-ipa.target /lib/systemd/system/
+RUN systemctl set-default container-ipa.target
+RUN (cd /etc/systemd/system/; \
+    rm -rf multi-user.target.wants \
+	&& mkdir container-ipa.target.wants \
+	&& ln -s container-ipa.target.wants multi-user.target.wants \
+)
+
 COPY system-service/fixnet.sh /root/
 COPY system-service/fixipaip.sh /root/
 COPY system-service/fixnet.service /etc/systemd/system/

infra/image/inventory

@@ -1,15 +1,6 @@
 [ipaserver]
-ansible-freeipa-image-builder ansible_connection=podman ansible_python_interpreter=/usr/bin/python3
+ansible-freeipa-tests ansible_connection=podman
 
 [ipaserver:vars]
 ipaadmin_password=SomeADMINpassword
 ipadm_password=SomeDMpassword
-ipaserver_domain=test.local
-ipaserver_realm=TEST.LOCAL
-ipaserver_setup_dns=true
-ipaserver_auto_forwarders=true
-ipaserver_no_dnssec_validation=true
-ipaserver_auto_reverse=true
-ipaserver_setup_kra=true
-ipaserver_setup_firewalld=false
-ipaclient_no_ntp=true