x/snap-nova-hypervisor
Code Issues Proposed changes
snap-nova-hypervisor/snapcraft.yaml
Corey Bryant e8173abb91 Add patches to drop use of setuid and fchownat 
Drop use of setuid and fchownat as they're not covered by any current
plugs and the code isn't required because in strict mode everything runs
as root.

Change-Id: Ic4f0dd6029c869595e35adc343d55e35d50e0d33
2017-06-30 18:45:04 +00:00

263 lines
7.2 KiB
YAML
Raw Blame History

name: nova-hypervisor
version: ocata
summary: OpenStack Compute Service - KVM Hypervisor (nova)
description: |
OpenStack Nova provides a cloud computing fabric controller,
supporting a wide variety of compute technologies, including
.
libvirt (KVM, Xen, LXC and more),
LXD
Hyper-V
VMware
XenServer
OpenStack Ironic.
.
This snap provides the hypervisor component of an OpenStack
deployment, configured to use Libvirt/KVM + Open vSwitch
installed using debian packages on the hosting server.
confinement: strict
grade: devel
apps:
nova-compute:
command: snap-openstack nova-compute
daemon: simple
plugs:
- account-control
- kernel-module-control
- network
- network-bind
- network-control
- firewall-control
- hardware-observe
- libvirt
- openvswitch
nova-api-metadata:
command: snap-openstack nova-api-metadata
daemon: simple
plugs:
- account-control
- network
- network-bind
- firewall-control
neutron-openvswitch-agent:
command: snap-openstack neutron-openvswitch-agent
daemon: simple
plugs:
- account-control
- network
- network-bind
- network-control
- network-observe
- firewall-control
- process-control
- system-observe
- openvswitch
neutron-l3-agent:
command: snap-openstack neutron-l3-agent
daemon: simple
plugs:
- account-control
- network
- network-bind
- network-control
- network-observe
- firewall-control
- process-control
- system-observe
- openvswitch
neutron-dhcp-agent:
command: snap-openstack neutron-dhcp-agent
daemon: simple
plugs:
- account-control
- kernel-module-control
- network
- network-bind
- network-control
- network-observe
- process-control
- system-observe
- openvswitch
neutron-metadata-agent:
command: snap-openstack neutron-metadata-agent
daemon: simple
plugs:
- account-control
- network
- network-bind
- network-control
neutron-ovs-cleanup:
command: snap-openstack neutron-ovs-cleanup
aliases:
- neutron-ovs-cleanup
plugs:
- network
- network-control
- openvswitch
neutron-netns-cleanup:
command: snap-openstack neutron-netns-cleanup
aliases:
- neutron-netns-cleanup
plugs:
- network
- network-control
parts:
bridge-utils:
source: https://www.kernel.org/pub/linux/utils/net/bridge-utils/bridge-utils-1.6.tar.gz
plugin: autotools
conntrack-tools:
source: http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-1.4.3.tar.bz2
plugin: autotools
build-packages:
- libnetfilter-cttimeout-dev
- libnetfilter-cthelper0-dev
- libnetfilter-queue-dev
iproute2:
source: https://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-4.9.0.tar.gz
plugin: autotools
build-packages:
- bison
- flex
- libdb5.3-dev
iptables:
source: http://iptables.netfilter.org/projects/iptables/files/iptables-1.6.0.tar.bz2
plugin: autotools
build-packages:
- libnftnl-dev
configflags:
- --disable-nftables
install: |
cp --remove-destination $SNAPCRAFT_PART_INSTALL/sbin/xtables-multi $SNAPCRAFT_PART_INSTALL/bin/iptables-xml
ipset:
source: http://ipset.netfilter.org/ipset-6.30.tar.bz2
plugin: autotools
build-packages:
- libltdl-dev
- libmnl-dev
configflags:
- "--with-kmod=no"
libxml2:
source: http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz
plugin: autotools
dnsmasq:
source: http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.76.tar.xz
plugin: make
build-packages:
- libgmp-dev
- libidn11-dev
- libnetfilter-conntrack-dev
- nettle-dev
organize:
usr/local/sbin/dnsmasq: bin/dnsmasq
filesets:
bin:
- bin/dnsmasq
stage: [$bin]
prime: [$bin]
prepare: |
export SNAP_ROOT="../../../"
export SNAP_SOURCE="$SNAP_ROOT/parts/dnsmasq/build"
patch -d $SNAP_SOURCE -p1 < $SNAP_ROOT/patches/drop-setuid-from-dnsmasq.patch
dnsmasq-lease:
source: http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.76.tar.xz
plugin: make
make-parameters:
- "-C"
- "contrib/lease-tools"
build-packages:
- libgmp-dev
- libidn11-dev
- libnetfilter-conntrack-dev
- nettle-dev
artifacts:
- contrib/lease-tools/dhcp_release
- contrib/lease-tools/dhcp_release6
- contrib/lease-tools/dhcp_lease_time
organize:
contrib/lease-tools/dhcp_release: bin/dhcp_release
contrib/lease-tools/dhcp_release6: bin/dhcp_release6
contrib/lease-tools/dhcp_lease_time: bin/dhcp_lease_time
filesets:
bin:
- bin/dhcp_release
- bin/dhcp_release6
- bin/dhcp_lease_time
stage: [$bin]
prime: [$bin]
openvswitch:
source: http://openvswitch.org/releases/openvswitch-2.6.1.tar.gz
plugin: autotools
build-packages:
- libnuma-dev
- libssl-dev
- python-all
- python-setuptools
- python-six
filesets:
bin:
- bin/ovs-*ctl
- bin/ovsdb-tool
- bin/ovsdb-client
stage: [$bin]
snap: [$bin]
nova:
after:
- openvswitch
plugin: python
python-version: python2
source: http://tarballs.openstack.org/nova/nova-stable-ocata.tar.gz
python-packages:
- libvirt-python
- pymysql
- python-memcached
- http://tarballs.openstack.org/neutron/neutron-stable-ocata.tar.gz
- http://tarballs.openstack.org/nova-lxd/nova-lxd-stable-ocata.tar.gz
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt
build-packages:
- gcc
- libffi-dev
- libssl-dev
- libvirt-dev
- libxml2-dev
- libxslt1-dev
stage-packages:
- coreutils
- qemu-utils
install: |
touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/paste/__init__.py
touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/repoze/__init__.py
export SNAP_ROOT="../../../"
export SNAP_SITE_PACKAGES="$SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages"
patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/oslo-config-dirs.patch
patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/drop-setuid-from-neutron.patch
patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/drop-use-of-fchownat.patch
templates:
after: [nova]
plugin: dump
source: snap
config-nova:
after: [nova]
plugin: dump
source: http://tarballs.openstack.org/nova/nova-stable-ocata.tar.gz
filesets:
etc:
- etc/nova/*
stage: [$etc]
snap: [$etc]
config-neutron:
after: [nova]
plugin: dump
source: http://tarballs.openstack.org/neutron/neutron-stable-ocata.tar.gz
organize:
etc/*.conf: etc/neutron/
etc/*.ini: etc/neutron/
etc/*.json: etc/neutron/
etc/rootwrap.d/*: etc/neutron/rootwrap.d/
filesets:
etc:
- etc/neutron/*
stage: [$etc]
snap: [$etc]
View Git Blame Copy Permalink