Change needed to add header blocks to all Dockerfiles, similar to the
base.
Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.
Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
Is a best practice in Unix/Linux scripts to use dots
instead of source command.
Using dots will avoid issues with non BASH shells
TrivialFix
Change-Id: Ie6480a1954f853f79faffa093452715ebd9f7d90
Signed-off-by: Eduardo Gonzalez <dabarren@gmail.com>
Currently if the install_packages macro is run with an empty
package list, it will add a yum or apt-get command with no
packages listed.
This bug fix aims to omit this line when no packages have
been given, or, the operator wants to use the "_override" /
"_remove" functionality to disable all packages being
installed in a Dockerfile.
Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Change-Id: Ifaaaebfccc3adb0f2f68a35ac08e59378bc87fdb
Closes-bug: 1612446
This patchset contains customization of Dockerfile of Glance
containers
Also removed mkdir /etc/ceph as obsolete.
Change-Id: I3ba6e0d2dca1ecf72cf9f1b00e05e6955611c361
Partially-implements: blueprint third-party-plugin-support
There were some inconsistencies with pip install instructions
thoughout Kolla. We fix those here.
Additionally, we fix the virtualenv to properly use the site-packages
on the host if a library is not available in the venv.
Change-Id: Ib84d48e8826bb96060338b3fa0782620c98794a8
Related-Bug: #1524684
Closes-Bug: #1529434
Use virtualenv for installation of OpenStack projects and
dependencies to avoid conflicts with Python libraries installed
by non-OpenStack binary packages.
Change-Id: I21ecd673b2e93335b1d3dd4e279e940c9d694c3c
Implements: blueprint virtualenv
A previous commit [1] removed the glance data container. Although this
worked at the time (as evident by it passing the gate) the drop root
patches merged after the gate patch causing the glance service to
not have the proper permissions to create this needed directory
[1] I7f2f5979b01807275908699d1243756cb97d3588
Change-Id: I5044de8d348e401a50970fd77671a79d35d2d595
The drop root change for Glance highlighted the fact that we were
binding volumes from glance_data into the wrong container - it was
glance_registry whereas it should be glance_api. This would result in
all images being lost if the glance_api container happens to restart.
Also, we need a sudoers file to chown the file backend dir to the glance
user.
Change-Id: If04337045bb94b3126e48d1f5bf0ea29e20373ae
Closes-Bug: #1516729
The USER operation affects all docker commands after it. This causes a
problem with our {{ include_footer }} implementation since commands in
that footer may require elevated permissions to perform.
In the current implementation I can no longer remove my proxy settings
once the USER has been changed.
Change-Id: I9b2bab5a15f595f6d52a46c64ddf59ba5608b938
Partially-Implements: blueprint drop-root
This uses the grouping feature of sudo to limit the amount of times
the base sudo file has to be modified to only once. The container
contents always runs as the user root, except the software which is
controlled by Kolla. This software may run as root, but it has
undergone a security audit and preserves permissions of the correct
files and does not permit the glance user to write any of the
set_config.py control files.
Change-Id: Ie3cd23edcde5b408a8f66970456279a1b15028e0
Partially-Implements: blueprint drop-root
Ceph packages need to be installed in nova, glance, and cinder.
Once that is done, Ceph works like a champ!
Change-Id: I296da1d04d0c1bcb729f22e65e432d53d561b49c
backport: liberty
Closes-Bug: #1505549
Long story short, some kernels before 3.15 had an issue with using su
in a container when the network namespace was --net=host. The gate
has a 3.10 and a 3.13 kernel and has a problem with this. This changes
everything to use sudo
backport: liberty
Partially-Implements: blueprint functional-testing-gate
Change-Id: I4d79ccaa1cddffcc8393f64e7e1be2538efe33e5
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.
The start.sh is moved into /usr/local/bin/kolla_start in the container
The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.
Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.
Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.
Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295
This prepares for the RHEL OSP implementation by making the build
tool convert all binary-* into an install_type of binary and * into
an install_metatype variable substitution inside the Dockerfiles.
Further binary-* is substituted as install_name to enable proper
building only.
Change-Id: Ib681b29176eb79a3cab12ec824313fdecb6e7a5f
Partially-Implements: blueprint rhel-based-image-support
Ubuntu binary is not supported and may never be. Installing from
cloud-archive packaging is only for the current stable distros, Ubuntu
does not have a Delorean type repo. We place a fail message in the
base image to catch this and remove the messages throughout the
project.
An additional fail message is placed to catch all other things.
Change-Id: Id2953f503ebd42226f6a08e75979ae56511c40f7
Implements: blueprint install-from-ubuntu
This implements all the openstack pieces needed to make ceph work.
DocImpact
Change-Id: I1d24476a966602cf955e5ef872b0efb01319894a
Partially-Implements: blueprint ceph-container
Implements: blueprint kolla-live-migration
I removed the files but not the COPY commands thus breaking all of
Kolla
Change-Id: I37d3e0cb94a1ecc12971f485f953310ba8fee53c
Partially-Implements: blueprint replace-config-external
Removes config-external for all services that have been replaced in
Ansible
Change-Id: I839a14418638b977fbc1d02ba6839811b0f909ea
Partially-Implements: blueprint replace-config-external
Glance now depends on python-castellan and python-cryptography but
the package is not in the package depends list.
Change-Id: I8ba8c191572b0c7f51df5948a2951d9a7e0aead4
Closes-Bug: #1492641
Add 'rhel' to list for RPM based distros. Also sort the distro
list for rpm packages for affected lines.
Change-Id: Ied4cb3e9763d6c6359f314d16185383ac3e006ed
Partially-Implements: blueprint rhel-based-image-support
Currently we cannot import source archives with names different
than expected by hardcoded line in Dockerfiles. This worked well
for Openstack services' tarballs where we expected SERVICE-* root
folder after extraction or kanaka-noVNC for nova-novncproxy docker.
The latter fails if one tries to clone or get tarball under other
names. This fix allows any archive (tar,tgz,zip) or repo name to be
imported into dockerfile.
Change-Id: I869a6a19afaf0e93925572746c22b7589b6600c9
Closes-Bug: #1491415
This creates and moves the dependencies for Ubuntu into a common
openstack-base container. This commit shows dramatically smaller
sizes for all non-openstack containers. The Openstack container remain
the same size.
Change-Id: I2f46420d4b9edcfddda374caddcce906fc708f6c
Partially-Implements: blueprint openstack-common-container
We can, and should, figure out the filename dynamically rather than
hardcode that value in build.ini since it is not actually a
configurable paramater.
Change-Id: I496d6555e9fa356ab09e62063fd707f43ed08121
Closes-Bug: #1490386
Updated build.py to reflect this change.
Deprecate --template option and make it a noop.
Change-Id: I7cd98d1ee684a4c64984a49597159868152683b2
Partially-Implements: blueprint remove-docker-dir
It should be in docker/{centos,fedora,...}/binary/glance/glance-data
and not directly at the root of docker directory.
Change-Id: I9c4c260ef14f9b367dc86ccfb1a66d764d58ae01
Closes-Bug: #1468596
Glance images were originally intended to be stored on the host (see
container Dockerfile) but the compose file was not doing this. The
right thing is to use a data container for image content.
Closes-bug: #1465401
Change-Id: I02d2aab2913356939d98b8c18f9e788ae6d901af
Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
As a restructure, nothing is changed from the original behaviour and
naming despite the file structure changing. The symlinks to build had
to be updated generating lots of "deleted" and "new_file".
The new structure is:
docker/${base_distro}/${type}/${container}
base_distro == centos, ubuntu, fedora, etc
type == source, binary, rdo
type rdo is a symlink to binary for backwards compatibility
Two new flags are added to the build-all script to support the ability
to support different base distros and a flag to support binary or source
containers.
There are several added folders that are empty to hold the directory
structure for future containers of these types.
To use a prefix other than centos-rdo- you can set PREFIX in the toplevel
directory .buildconf file
Change-Id: Ifc7bac0d827470f506c8b5c004a833da9ce13b90
Glance has two undefined dependencies. Without installing these
dependencies out of band, glance will not operate.
Change-Id: I096881467d8e0022d58e6c6f745e610d9332dd82
Partially-Implements: blueprint port-kilo
This represents making build-docker-images --release build
with the icehouse tag and causes docker-compsoe to pull from
the icehouse tag.
Partially-implements: blueprint port-kilo
Change-Id: I66b2c39abc55c0f47152dd90e696fc46b9c58f50
For some reason glance sometimes fails to permanently find keystone
while other services do find keystone. The host also has full access
to keystone. Change wait_for to fail_unless.
This could be a docker bug, a wait_for bug, or some other problem.
Change-Id: I02d611d65b7ffddb9c27101fd60e2a8b7cc25658