openstack
/
kolla
Code Issues Proposed changes

refactor to pull out rpm_security_update macro 

- pulled out the repeated code from 3
  paths in base and moved it into docker/macros
- created macros.rpm_security_update
- made sure the new macro could be customized for cleanup caches
- update macro to use distro_package_manager

Change-Id: Ic79ff42d913e1cbb68be66743e4f79f0bcff47f5
This commit is contained in:
Jon Schlueter 2019-03-21 11:32:18 -04:00
parent bebfa70ad1
commit cd307fb1ab
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docker/base/Dockerfile.j2
View File

@ -156,11 +156,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
rpm --import {{ key }} \
{% endfor -%}
{%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
yum -y update --security --sec-severity=Important --sec-severity=Critical{% if clean_package_cache %} \
&& yum clean all \
&& rm -rf /var/cache/yum{% endif %}
{% endif %}
{{ macros.rpm_security_update(clean_package_cache) }}
{%- endif %}
{# Endif for base_distro centos #}
{% if base_distro == 'rhel' %}
@ -180,9 +177,7 @@ RUN yum-config-manager --enable rhel-7-server-optional-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
&& yum -y update --security --sec-severity=Important --sec-severity=Critical{% if clean_package_cache %} \
&& yum clean all \
&& rm -rf /var/cache/yum{% endif %}
&& {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}
{% endif %}
@ -210,9 +205,7 @@ RUN yum -y install \
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
&& yum -y install \
yum-plugin-priorities \
&& yum -y update --security --sec-severity=Important --sec-severity=Critical{% if clean_package_cache %} \
&& yum clean all \
&& rm -rf /var/cache/yum{% endif %}
&& {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}
{% endif %}

8
docker/macros.j2
View File

@ -15,6 +15,14 @@
{%- endif %}
{%- endmacro %}
{# Be Extra vigilant about introducing any extra whitespace at the
end of the macro for chaining purposes -#}
{% macro rpm_security_update(cleanup) -%}
{{ distro_package_manager }} -y update --security --sec-severity=Important --sec-severity=Critical
{%- if cleanup %} \
&& {{ distro_package_manager }} clean all && rm -rf /var/cache/{{ distro_package_manager }}{% endif -%}
{%- endmacro %}
{% macro sed(file='', expressions=[]) -%}
{% if file != '' and expressions|length >0 %}
RUN {% for expression in expressions %} sed -i "{{ file }}" -e "{{ expression }}" {% if not loop.last %} && {% endif %} {% endfor %}