particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cloudapi: Add optional blueprint schema to compose request

Browse source 
This adds a 'blueprint' section to the compose request. It also
restricts it so that only 'blueprint' or 'customizations' can be
included, but not both. The goal is to move to using 'blueprint' for all
customizations so that there is a single consistent interface for the
clients.

Where the openapi schemas are the same between the two they have been
shared, but a few are different. They are created with 'Blueprint*' as
their name.

This also re-adds the SSHKey schema removed by commit
bfad6d50e1, it is used by the Blueprint
Customization.
This commit is contained in:
Brian C. Lane 2023-10-18 10:58:53 -07:00 committed by Sanne Raymaekers
parent ea05f400e6
commit 5b87877109
2 changed files with 767 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

378
internal/cloudapi/v2/openapi.v2.yml
View file

@ -748,6 +748,7 @@ components:
additionalProperties: false
required:
- distribution
not: {required: ['customizations', 'blueprint']}
properties:
distribution:
type: string
@ -762,6 +763,8 @@ components:
$ref: '#/components/schemas/Customizations'
koji:
$ref: '#/components/schemas/Koji'
blueprint:
$ref: '#/components/schemas/Blueprint'
ImageRequest:
additionalProperties: false
required:
@ -920,6 +923,49 @@ components:
type: integer
module_hotfixes:
type: boolean
BlueprintRepository:
type: object
required:
- id
properties:
id:
type: string
baseurls:
type: array
items:
type: string
format: uri
example: 'https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/'
gpgkeys:
type: array
items:
type: string
metalink:
type: string
format: uri
example: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-32&arch=x86_64'
mirrorlist:
type: string
format: uri
example: 'http://mirrorlist.centos.org/?release=8-stream&arch=aarch64&repo=BaseOS'
name:
type: string
priority:
type: integer
enabled:
type: boolean
gpgcheck:
type: boolean
repo_gpgcheck:
type: boolean
sslverify:
type: boolean
filename:
type: string
module_hotfixes:
type: boolean
description: |
Disables modularity filtering for this repository.
OpenSCAP:
type: object
required:
@ -929,6 +975,17 @@ components:
type: string
tailoring:
$ref: '#/components/schemas/OpenSCAPTailoring'
BlueprintOpenSCAP:
type: object
required:
- profile_id
properties:
profile_id:
type: string
datastream:
type: string
tailoring:
$ref: '#/components/schemas/OpenSCAPTailoring'
OpenSCAPTailoring:
type: object
properties:
@ -1145,6 +1202,174 @@ components:
server_address:
type: string
format: uri
Blueprint:
type: object
required:
- name
additionalProperties: false
properties:
name:
type: string
description:
type: string
version:
type: string
example: '7.7.70'
description: A semver version number
distro:
type: string
example: 'fedora-39'
description: |
The distribution to use for the compose. If left empty the host
distro will be used.
packages:
type: array
description: Packages to be installed
items:
$ref: '#/components/schemas/Package'
modules:
type: array
description: |
An alias for packages, retained for backwards compatability
items:
$ref: '#/components/schemas/Package'
groups:
type: array
description: Package groups to be installed
items:
$ref: '#/components/schemas/PackageGroup'
containers:
type: array
description: Container images to embed into the final artfact
items:
$ref: '#/components/schemas/Container'
customizations:
$ref: '#/components/schemas/BlueprintCustomizations'
BlueprintCustomizations:
type: object
additionalProperties: false
properties:
hostname:
type: string
description: Configures the hostname
kernel:
$ref: '#/components/schemas/Kernel'
sshkey:
type: array
description: List of ssh keys
items:
$ref: '#/components/schemas/SSHKey'
user:
type: array
description: List of users to create
items:
$ref: '#/components/schemas/BlueprintUser'
group:
type: array
description: List of groups to create
items:
$ref: '#/components/schemas/Group'
timezone:
$ref: '#/components/schemas/Timezone'
locale:
$ref: '#/components/schemas/Locale'
firewall:
$ref: '#/components/schemas/BlueprintFirewall'
services:
$ref: '#/components/schemas/Services'
filesystem:
type: array
description: List of filesystem mountpoints to create
items:
$ref: '#/components/schemas/BlueprintFilesystem'
installation_device:
type: string
description: |
Name of the installation device, currently only useful for the edge-simplified-installer type
example: /dev/sda
partitioning_mode:
type: string
enum:
- raw
- lvm
- auto-lvm
default: auto-lvm
description: |
Select how the disk image will be partitioned. 'auto-lvm' will use raw unless
there are one or more mountpoints in which case it will use LVM. 'lvm' always
uses LVM, even when there are no extra mountpoints. 'raw' uses raw partitions
even when there are one or more mountpoints.
fdo:
$ref: '#/components/schemas/FDO'
openscap:
$ref: '#/components/schemas/BlueprintOpenSCAP'
ignition:
$ref: '#/components/schemas/Ignition'
directories:
type: array
description: Directories to create in the final artifact
items:
$ref: '#/components/schemas/Directory'
files:
type: array
description: Files to create in the final artifact
items:
$ref: '#/components/schemas/BlueprintFile'
repositories:
type: array
description: |
Repositories to write to /etc/yum.repos.d/ in the final image. Note
that these are not used at build time.
items:
$ref: '#/components/schemas/BlueprintRepository'
fips:
type: boolean
description: Enable FIPS mode
SSHKey:
type: object
additionalProperties: false
required:
- user
- key
properties:
user:
type: string
description: User to configure the ssh key for
example: admin
key:
type: string
description: Adds the key to the user's authorized_keys file
example: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASWitkOH4U874EdsBUnytb3bwvRggHlQlbYXl7n10v9
Package:
type: object
required:
- name
additionalProperties: false
properties:
name:
type: string
example: 'tmux'
description: |
Name of the package to install. File globbing is supported,
eg. 'openssh-*'
version:
type: string
example: '3.3a'
description: |
Optional version of the package to install. If left blank the
latest available version will be used. Wildcards are supported
eg. '4.11.*'
PackageGroup:
type: object
required:
- name
additionalProperties: false
properties:
name:
type: string
example: 'anaconda-tools'
description: Package group name
Customizations:
type: object
additionalProperties: false
@ -1270,22 +1495,59 @@ components:
items:
type: string
services:
type: object
description: Firewalld services to enable or disable
additionalProperties: false
properties:
enabled:
type: array
description: List of services to enable
example: ["ftp", "ntp"]
items:
type: string
disabled:
type: array
description: List of services to disable
example: ["telnet"]
items:
type: string
$ref: '#/components/schemas/FirewallServices'
BlueprintFirewall:
type: object
description: Firewalld configuration
additionalProperties: false
properties:
ports:
type: array
description: List of ports (or port ranges) and protocols to open
example: ["22:tcp", "80:tcp", "imap:tcp"]
items:
type: string
services:
$ref: '#/components/schemas/FirewallServices'
zones:
type: array
items:
$ref: '#/components/schemas/FirewallZones'
FirewallServices:
type: object
description: Firewalld services to enable or disable
additionalProperties: false
properties:
enabled:
type: array
description: List of services to enable
example: ["ftp", "ntp"]
items:
type: string
disabled:
type: array
description: List of services to disable
example: ["telnet"]
items:
type: string
FirewallZones:
type: object
description: |
Bind a list of network sources to a zone to restrict traffic from
those sources based on the settings of the zone.
additionalProperties: false
properties:
name:
type: string
description: |
name of the zone, if left empty the sources will apply to
the default zone.
sources:
type: array
description: List of sources for the zone
items:
type: string
description: <source>[/<mask>]|<MAC>|ipset:<ipset>
Directory:
type: object
description: |
@ -1352,6 +1614,36 @@ components:
description: Ensure that the parent directories exist
example: true
default: false
BlueprintFile:
type: object
description: |
A custom file to create in the final artifact.
required:
- path
properties:
path:
type: string
description: Path to the file
example: '/etc/myfile'
mode:
type: string
description: Permissions string for the file in octal format
example: "0644"
user:
oneOf:
- type: string
- type: integer
description: Owner of the file as a uid or a user name
example: 'root'
group:
oneOf:
- type: string
- type: integer
description: Group of the file as a gid or a group name
example: 'root'
data:
type: string
description: Contents of the file as plain text
Filesystem:
type: object
required:
@ -1365,6 +1657,19 @@ components:
x-go-type: uint64
example: 2147483648
description: 'size of the filesystem in bytes'
BlueprintFilesystem:
type: object
required:
- mountpoint
- minsize
properties:
mountpoint:
type: string
example: '/var'
minsize:
x-go-type: uint64
example: 2147483648
description: 'size of the filesystem in bytes'
OSTree:
type: object
properties:
@ -1442,6 +1747,45 @@ components:
key:
type: string
example: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrGKErMYi+MMUwuHaRAJmRLoIzRf2qD2dD5z0BTx/6x"
BlueprintUser:
type: object
additionalProperties: false
required:
- name
properties:
name:
type: string
example: "user1"
description:
type: string
password:
type: string
description: |
If the password starts with $6$, $5$, or $2b$ it will be stored as
an encrypted password. Otherwise it will be treated as a plain text
password.
key:
type: string
description: ssh public key
example: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrGKErMYi+MMUwuHaRAJmRLoIzRf2qD2dD5z0BTx/6x"
home:
type: string
description: The user's home directory
shell:
type: string
description: Login shell to use
groups:
type: array
items:
type: string
example: "group1"
description: A list of additional groups to add the user to
uid:
type: integer
description: User id to use instead of the default
gid:
type: integer
description: Group id to use instead of the default
Kernel:
type: object
additionalProperties: false
@ -1557,7 +1901,7 @@ components:
type: object
additionalProperties: false
required:
- name
- name
properties:
name:
type: string