Add one-apps submodule & Add Lithops Appliance

.gitignore

@@ -0,0 +1,4 @@
+community-apps/build
+community-apps/export
+community-apps/version
+community-apps/Makefile.local

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "one-apps"]
+	path = one-apps
+	url = https://github.com/OpenNebula/one-apps.git

appliances/service/695ab19e-23dc-11ef-a2b8-59beec9fdf86.yaml

@@ -5,7 +5,7 @@ publisher: OpenNebula Systems
 description: |-
   Appliance with preinstalled [Lithops](https://lithops-cloud.github.io/docs/) and Docker for k8s backend.
 
-  See the dedicated [documentation](https://github.com/OpenNebula/one-apps/wiki/lithops_quick).
+  See the dedicated [documentation](https://github.com/OpenNebula/marketplace-community/wiki/lithops_quick).
 short_description: Appliance with preinstalled Lithops for KVM hosts
 tags:
 - lithops

community-apps/Makefile

@@ -0,0 +1,38 @@
+# load variables and makefile config
+include Makefile.config
+
+# load possible overrides or non-free definitions
+-include Makefile.local
+
+# services
+services: $(patsubst %, packer-%, $(SERVICES))
+
+# allow individual services targets (e.g., "make service_Lithops")
+$(SERVICES):  %: packer-% ;
+
+# aliases + dependency
+packer-%: ${DIR_EXPORT}/%.qcow2
+	@${INFO} "Packer ${*} done"
+
+# run packer build for given distro or service
+${DIR_EXPORT}/%.qcow2: $(patsubst %, ${DIR_ONEAPPS}/context-linux/out/%, $(LINUX_CONTEXT_PACKAGES))
+	$(eval DISTRO_NAME := $(shell echo ${*} | sed 's/[0-9].*//'))
+	$(eval DISTRO_VER  := $(shell echo ${*} | sed 's/^.[^0-9]*\(.*\)/\1/'))
+	packer/build.sh "${DISTRO_NAME}" "${DISTRO_VER}" ${@}
+
+clean:
+	-rm -rf ${DIR_EXPORT}/*
+
+help:
+	@echo 'Usage examples:'
+	@echo '    make <service>         -- build just one service'
+	@echo
+	@echo '    make services          -- build all services'
+	@echo '    make services -j 4     -- build all services in 4 parallel tasks'
+	@echo
+	@echo 'Available services:'
+	@echo '    $(SERVICES)'
+	@echo
+
+version:
+	@echo $(VERSION)-$(RELEASE) > version

community-apps/Makefile.config

@@ -0,0 +1,27 @@
+# context version definition
+VERSION := 6.10.0
+RELEASE := 1
+
+# log
+VERBOSE         := 1
+PACKER_LOG      := 0
+PACKER_HEADLESS := true
+
+SERVICES := service_Lithops
+
+.DEFAULT_GOAL := help
+
+# default directories
+DIR_ONEAPPS := ../one-apps
+DIR_BUILD  := build
+DIR_EXPORT := export
+$(shell mkdir -p ${DIR_BUILD} ${DIR_EXPORT})
+
+# don't delete exported
+.SECONDARY: $(patsubst %, $(DIR_EXPORT)/%.qcow2, $(SERVICES))
+
+# logging func
+INFO=sh -c 'if [ $(VERBOSE) = 1 ]; then  echo [INFO] $$1; fi' INFO
+
+# export all variables
+export

community-apps/appliances/Lithops/appliance.sh

@@ -0,0 +1,254 @@
+# ---------------------------------------------------------------------------- #
+# Copyright 2024, OpenNebula Project, OpenNebula Systems                  #
+#                                                                              #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may      #
+# not use this file except in compliance with the License. You may obtain      #
+# a copy of the License at                                                     #
+#                                                                              #
+# http://www.apache.org/licenses/LICENSE-2.0                                   #
+#                                                                              #
+# Unless required by applicable law or agreed to in writing, software          #
+# distributed under the License is distributed on an "AS IS" BASIS,            #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.     #
+# See the License for the specific language governing permissions and          #
+# limitations under the License.                                               #
+# ---------------------------------------------------------------------------- #
+set -o errexit -o pipefail
+
+
+# List of contextualization parameters
+ONE_SERVICE_PARAMS=(
+    'ONEAPP_LITHOPS_BACKEND'            'configure'  'Lithops compute backend'                                          'O|text'
+    'ONEAPP_LITHOPS_STORAGE'            'configure'  'Lithops storage backend'                                          'O|text'
+    'ONEAPP_MINIO_ENDPOINT'             'configure'  'Lithops storage backend MinIO endpoint URL'                       'O|text'
+    'ONEAPP_MINIO_ACCESS_KEY_ID'        'configure'  'Lithops storage backend MinIO account user access key'            'O|text'
+    'ONEAPP_MINIO_SECRET_ACCESS_KEY'    'configure'  'Lithops storage backend MinIO account user secret access key'     'O|text'
+    'ONEAPP_MINIO_BUCKET'              'configure'  'Lithops storage backend MinIO existing bucket'                    'O|text'
+    'ONEAPP_MINIO_ENDPOINT_CERT'        'configure'  'Lithops storage backend MinIO endpoint certificate'               'O|text64'
+)
+
+
+### Appliance metadata ###############################################
+
+# Appliance metadata
+ONE_SERVICE_NAME='Service Lithops - KVM'
+ONE_SERVICE_VERSION='3.4.0'   #latest
+ONE_SERVICE_BUILD=$(date +%s)
+ONE_SERVICE_SHORT_DESCRIPTION='Appliance with preinstalled Lithops for KVM hosts'
+ONE_SERVICE_DESCRIPTION=$(cat <<EOF
+Appliance with preinstalled Lithops v3.4.0.
+
+By default, it uses localhost both for Compute and Storage Backend.
+
+To configure MinIO as Storage Backend use the parameter ONEAPP_LITHOPS_STORAGE=minio
+with ONEAPP_MINIO_ENDPOINT, ONEAPP_MINIO_ACCESS_KEY_ID and ONEAPP_MINIO_SECRET_ACCESS_KEY.
+These parameters values have to point to a valid and reachable MinIO server endpoint.
+
+The parameter ONEAPP_MINIO_BUCKET and ONEAPP_MINIO_ENDPOINT_CERT are optional.
+- ONEAPP_MINIO_BUCKET points to an existing bucket in the MinIO server. If the bucket does not exist or if the
+parameter is empty, the MinIO server will generate a bucket automatically.
+- ONEAPP_MINIO_ENDPOINT_CERT is necessary when using self-signed certificates on the MinIO server. This is the
+certificate for the CA on the MinIO server. If the CA certificate exists, script will skip it,
+if one would want to update the CA certificate from context, first delete previous ca.crt file.
+EOF
+)
+ONE_SERVICE_RECONFIGURABLE=true
+
+### Contextualization defaults #######################################
+
+ONEAPP_LITHOPS_BACKEND="${ONEAPP_LITHOPS_BACKEND:-localhost}"
+ONEAPP_LITHOPS_STORAGE="${ONEAPP_LITHOPS_STORAGE:-localhost}"
+
+### Globals ##########################################################
+
+DEP_PKGS="python3-pip"
+DEP_PIP="boto3"
+LITHOPS_VERSION="3.4.0"
+DOCKER_VERSION="5:26.1.3-1~ubuntu.22.04~jammy"
+
+###############################################################################
+###############################################################################
+###############################################################################
+
+#
+# service implementation
+#
+
+service_cleanup()
+{
+    :
+}
+
+service_install()
+{
+    # ensuring that the setup directory exists
+    #TODO: move to service
+    mkdir -p "$ONE_SERVICE_SETUP_DIR"
+    export DEBIAN_FRONTEND=noninteractive
+
+    # packages
+    install_deps ${DEP_PKGS} ${DEP_PIP}
+
+    # docker
+    install_docker
+
+    # Lithops
+    install_lithops
+
+    # create Lithops config file in /etc/lithops
+    create_lithops_config
+
+    # service metadata
+    create_one_service_metadata
+
+    # cleanup
+    postinstall_cleanup
+
+    msg info "INSTALLATION FINISHED"
+
+    return 0
+}
+
+service_configure()
+{
+    # update Lithops config file if non-default options are set
+    update_lithops_config
+
+    local_ca_folder="/usr/local/share/ca-certificates/minio"
+    if [[ ! -z "${ONEAPP_MINIO_ENDPOINT_CERT}" ]] && [[ ! -f "${local_ca_folder}/ca.crt" ]]; then
+        msg info "Adding trust CA for MinIO endpoint"
+
+        if [[ ! -d "${local_ca_folder}" ]]; then
+            msg info "Create folder ${local_ca_folder}"
+            mkdir "${local_ca_folder}"
+        fi
+
+        msg info "Create CA file and update certificates"
+        echo ${ONEAPP_MINIO_ENDPOINT_CERT} | base64 --decode >> ${local_ca_folder}/ca.crt
+        update-ca-certificates
+    fi
+
+    return 0
+}
+
+service_bootstrap()
+{
+    update_lithops_config
+    return 0
+}
+
+###############################################################################
+###############################################################################
+###############################################################################
+
+#
+# functions
+#
+
+install_deps()
+{
+    msg info "Run apt-get update"
+    apt-get update
+
+    msg info "Install required packages for Lithops"
+    if ! apt-get install -y "${1}" ; then
+        msg error "Package(s) installation failed: ${1}"
+        exit 1
+    fi
+
+    msg info "Install pip dependencies"
+    if ! pip install "${2}" ; then
+        msg error "Python pip dependencies installation failed"
+        exit 1
+    fi
+}
+
+install_docker()
+{
+    msg info "Add Docker official GPG key"
+    install -m 0755 -d /etc/apt/keyrings
+
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+
+    chmod a+r /etc/apt/keyrings/docker.asc
+
+    msg info "Add Docker repository to apt sources"
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+        $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+        sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+    apt update
+
+    msg info "Install Docker Engine"
+    if ! apt-get install -y docker-ce=$DOCKER_VERSION docker-ce-cli=$DOCKER_VERSION containerd.io docker-buildx-plugin docker-compose-plugin ; then
+        msg error "Docker installation failed"
+        exit 1
+    fi
+}
+
+install_lithops()
+{
+    msg info "Install Lithops from pip"
+    if ! pip install lithops==${LITHOPS_VERSION} ; then
+        msg error "Error installing Lithops"
+        exit 1
+    fi
+
+    msg info "Create /etc/lithops folder"
+    mkdir /etc/lithops
+}
+
+create_lithops_config()
+{
+    msg info "Create default config file"
+    cat > /etc/lithops/config <<EOF
+lithops:
+  backend: localhost
+  storage: localhost
+
+# Start Compute Backend configuration
+# End Compute Backend configuration
+
+# Start Storage Backend configuration
+# End Storage Backend configuration
+EOF
+}
+
+update_lithops_config(){
+    msg info "Update compute and storage backend modes"
+    sed -i "s/backend: .*/backend: ${ONEAPP_LITHOPS_BACKEND}/g" /etc/lithops/config
+    sed -i "s/storage: .*/storage: ${ONEAPP_LITHOPS_STORAGE}/g" /etc/lithops/config
+
+    if [[ ${ONEAPP_LITHOPS_STORAGE} = "localhost" ]]; then
+        msg info "Edit config file for localhost Storage Backend"
+        sed -i -ne "/# Start Storage/ {p;" -e ":a; n; /# End Storage/ {p; b}; ba}; p" /etc/lithops/config
+    elif [[ ${ONEAPP_LITHOPS_STORAGE} = "minio" ]]; then
+        msg info "Edit config file for MinIO Storage Backend"
+        if ! check_minio_attrs; then
+            echo
+            msg error "MinIO configuration failed"
+            msg info "You have to provide endpoint, access key id and secrec access key to configure MinIO storage backend"
+            exit 1
+        else
+            msg info "Adding MinIO configuration to /etc/lithops/config"
+            sed -i -ne "/# Start Storage/ {p; iminio:\n  endpoint: ${ONEAPP_MINIO_ENDPOINT}\n  access_key_id: ${ONEAPP_MINIO_ACCESS_KEY_ID}\n  secret_access_key: ${ONEAPP_MINIO_SECRET_ACCESS_KEY}\n  storage_bucket: ${ONEAPP_MINIO_BUCKET}" -e ":a; n; /# End Storage/ {p; b}; ba}; p" /etc/lithops/config
+        fi
+    fi
+}
+
+check_minio_attrs()
+{
+    [[ -z "$ONEAPP_MINIO_ENDPOINT" ]] && return 1
+    [[ -z "$ONEAPP_MINIO_ACCESS_KEY_ID" ]] && return 1
+    [[ -z "$ONEAPP_MINIO_SECRET_ACCESS_KEY" ]] && return 1
+
+    return 0
+}
+
+postinstall_cleanup()
+{
+    msg info "Delete cache and stored packages"
+    apt-get autoclean
+    apt-get autoremove
+    rm -rf /var/lib/apt/lists/*
+}
+

community-apps/packer/build.sh

@@ -0,0 +1 @@
+../../one-apps/packer/build.sh

community-apps/packer/service_Lithops/81-configure-ssh.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# Configures critical settings for OpenSSH server.
+
+exec 1>&2
+set -eux -o pipefail
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "PasswordAuthentication no" }
+/^[#\s]*PasswordAuthentication\s/ { $0 = update; found = 1 }
+{ print }
+ENDFILE { if (!found) print update }
+EOF
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "PermitRootLogin without-password" }
+/^[#\s]*PermitRootLogin\s/ { $0 = update; found = 1 }
+{ print }
+ENDFILE { if (!found) print update }
+EOF
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "UseDNS no" }
+/^[#\s]*UseDNS\s/ { $0 = update; found = 1 }
+{ print }
+ENDFILE { if (!found) print update }
+EOF
+
+sync

community-apps/packer/service_Lithops/82-configure-context.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+# Configure and enable service context.
+
+exec 1>&2
+set -eux -o pipefail
+
+mv /etc/one-appliance/net-90-service-appliance /etc/one-context.d/
+mv /etc/one-appliance/net-99-report-ready      /etc/one-context.d/
+
+chown root:root /etc/one-context.d/*
+chmod u=rwx,go=rx /etc/one-context.d/*
+
+sync