From e21aeb5ae955671937055baf57836120af8d4312 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Thu, 21 Apr 2022 18:21:42 +0200 Subject: [PATCH] flatten images a bit As we have one type of images now some RUN calls could be merged so we will have less layers in resulting images. Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0 --- docker/aodh/aodh-base/Dockerfile.j2 | 11 +++++------ docker/barbican/barbican-base/Dockerfile.j2 | 12 ++++++------ docker/blazar/blazar-base/Dockerfile.j2 | 9 ++++----- docker/ceilometer/ceilometer-base/Dockerfile.j2 | 12 ++++++------ docker/cinder/cinder-api/Dockerfile.j2 | 8 ++++---- docker/cinder/cinder-base/Dockerfile.j2 | 12 ++++++------ docker/cloudkitty/cloudkitty-base/Dockerfile.j2 | 10 +++++----- docker/cyborg/cyborg-base/Dockerfile.j2 | 11 +++++------ docker/designate/designate-base/Dockerfile.j2 | 12 ++++++------ .../elasticsearch-curator/Dockerfile.j2 | 8 ++++---- docker/fluentd/Dockerfile.j2 | 16 +++++++--------- docker/freezer/freezer-api/Dockerfile.j2 | 8 ++++---- docker/freezer/freezer-base/Dockerfile.j2 | 11 +++++------ docker/glance/glance-base/Dockerfile.j2 | 10 ++++------ docker/gnocchi/gnocchi-base/Dockerfile.j2 | 11 +++++------ docker/haproxy/Dockerfile.j2 | 8 ++++---- docker/heat/heat-base/Dockerfile.j2 | 9 ++++----- docker/horizon/Dockerfile.j2 | 8 ++++---- docker/ironic-inspector/Dockerfile.j2 | 16 +++++++--------- docker/ironic/ironic-base/Dockerfile.j2 | 16 +++++++--------- docker/keystone/keystone-ssh/Dockerfile.j2 | 6 +++--- docker/keystone/keystone/Dockerfile.j2 | 12 ++++++------ docker/kolla-toolbox/Dockerfile.j2 | 11 +++++------ docker/kuryr/kuryr-base/Dockerfile.j2 | 8 ++++---- docker/magnum/magnum-base/Dockerfile.j2 | 9 ++++----- docker/manila/manila-api/Dockerfile.j2 | 8 ++++---- docker/manila/manila-base/Dockerfile.j2 | 11 +++++------ docker/mariadb/mariadb-server/Dockerfile.j2 | 7 +++---- docker/masakari/masakari-base/Dockerfile.j2 | 11 ++++------- docker/masakari/masakari-monitors/Dockerfile.j2 | 9 ++++----- docker/mistral/mistral-base/Dockerfile.j2 | 9 ++++----- docker/monasca/monasca-api/Dockerfile.j2 | 8 ++++---- docker/murano/murano-base/Dockerfile.j2 | 9 ++++----- docker/neutron/neutron-base/Dockerfile.j2 | 11 +++++------ docker/neutron/neutron-server/Dockerfile.j2 | 9 +++++---- docker/nova/nova-base/Dockerfile.j2 | 16 +++++++--------- docker/nova/nova-compute/Dockerfile.j2 | 9 +++++---- docker/nova/nova-ssh/Dockerfile.j2 | 6 +++--- docker/octavia/octavia-api/Dockerfile.j2 | 9 +++++---- docker/octavia/octavia-base/Dockerfile.j2 | 9 ++++----- docker/placement/placement-base/Dockerfile.j2 | 9 ++++----- .../prometheus-blackbox-exporter/Dockerfile.j2 | 4 ++-- docker/sahara/sahara-base/Dockerfile.j2 | 11 +++++------ docker/senlin/senlin-base/Dockerfile.j2 | 9 ++++----- docker/solum/solum-base/Dockerfile.j2 | 9 ++++----- docker/swift/swift-base/Dockerfile.j2 | 13 ++++++------- docker/tacker/tacker-base/Dockerfile.j2 | 9 ++++----- docker/trove/trove-base/Dockerfile.j2 | 9 ++++----- docker/venus/venus-base/Dockerfile.j2 | 9 ++++----- docker/vitrage/vitrage-base/Dockerfile.j2 | 9 +++++---- docker/watcher/watcher-base/Dockerfile.j2 | 9 ++++----- docker/zun/zun-base/Dockerfile.j2 | 11 +++++------ docker/zun/zun-cni-daemon/Dockerfile.j2 | 11 +++++------ 53 files changed, 246 insertions(+), 281 deletions(-) diff --git a/docker/aodh/aodh-base/Dockerfile.j2 b/docker/aodh/aodh-base/Dockerfile.j2 index 2712ed721c..142b8bcf90 100644 --- a/docker/aodh/aodh-base/Dockerfile.j2 +++ b/docker/aodh/aodh-base/Dockerfile.j2 @@ -21,16 +21,15 @@ ADD aodh-base-archive /aodh-base-source '/aodh', ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start +COPY aodh_sudoers /etc/sudoers.d/kolla_aodh_sudoers + RUN ln -s aodh-base-source/* aodh \ && {{ macros.install_pip(aodh_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/aodh /var/www/cgi-bin/aodh \ && cp /aodh/aodh/api/app.wsgi /var/www/cgi-bin/aodh \ - && chown -R aodh: /etc/aodh /var/www/cgi-bin/aodh - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -COPY aodh_sudoers /etc/sudoers.d/kolla_aodh_sudoers - -RUN chmod 750 /etc/sudoers.d \ + && chown -R aodh: /etc/aodh /var/www/cgi-bin/aodh \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_aodh_sudoers \ && chmod 755 /var/www/cgi-bin/aodh \ && touch /usr/local/bin/kolla_aodh_extend_start \ diff --git a/docker/barbican/barbican-base/Dockerfile.j2 b/docker/barbican/barbican-base/Dockerfile.j2 index 07961b9ad2..f92fe9807a 100644 --- a/docker/barbican/barbican-base/Dockerfile.j2 +++ b/docker/barbican/barbican-base/Dockerfile.j2 @@ -25,16 +25,16 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD barbican-base-archive /barbican-base-source -RUN ln -s barbican-base-source/* barbican \ - && {{ macros.install_pip(barbican_base_pip_packages | customizable("pip_packages")) }} \ - && mkdir -p /etc/barbican \ - && cp -r /barbican/etc/barbican/* /etc/barbican/ \ - && chown -R barbican: /etc/barbican COPY barbican_sudoers /etc/sudoers.d/kolla_barbican_sudoers COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 750 /etc/sudoers.d \ +RUN ln -s barbican-base-source/* barbican \ + && {{ macros.install_pip(barbican_base_pip_packages | customizable("pip_packages")) }} \ + && mkdir -p /etc/barbican \ + && cp -r /barbican/etc/barbican/* /etc/barbican/ \ + && chown -R barbican: /etc/barbican \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_barbican_sudoers \ && touch /usr/local/bin/kolla_barbican_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_barbican_extend_start diff --git a/docker/blazar/blazar-base/Dockerfile.j2 b/docker/blazar/blazar-base/Dockerfile.j2 index b172c4bf41..5cd69cecfd 100644 --- a/docker/blazar/blazar-base/Dockerfile.j2 +++ b/docker/blazar/blazar-base/Dockerfile.j2 @@ -15,15 +15,14 @@ ADD blazar-base-archive /blazar-base-source '/blazar' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s blazar-base-source/* blazar \ && {{ macros.install_pip(blazar_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/blazar \ && cp -r /blazar/etc/blazar/* /etc/blazar \ - && chown -R blazar: /etc/blazar - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_blazar_extend_start \ + && chown -R blazar: /etc/blazar \ + && touch /usr/local/bin/kolla_blazar_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_blazar_extend_start {% block blazar_base_footer %}{% endblock %} diff --git a/docker/ceilometer/ceilometer-base/Dockerfile.j2 b/docker/ceilometer/ceilometer-base/Dockerfile.j2 index 85f306f525..9a4b2a7854 100644 --- a/docker/ceilometer/ceilometer-base/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-base/Dockerfile.j2 @@ -19,6 +19,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ADD ceilometer-base-archive /ceilometer-base-source ADD plugins-archive / + +COPY ceilometer_sudoers /etc/sudoers.d/kolla_ceilometer_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + # NOTE(egonzalez): Remove ceilometer from constraint or will fail. RUN ln -s ceilometer-base-source/* ceilometer \ && sed -i 's|^ceilometer===.*$||g' requirements/upper-constraints.txt \ @@ -29,12 +33,8 @@ RUN ln -s ceilometer-base-source/* ceilometer \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(ceilometer_base_plugins_pip_packages) }}; \ - fi - -COPY ceilometer_sudoers /etc/sudoers.d/kolla_ceilometer_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + fi \ + && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_ceilometer_sudoers \ && touch /usr/local/bin/kolla_ceilometer_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ceilometer_extend_start diff --git a/docker/cinder/cinder-api/Dockerfile.j2 b/docker/cinder/cinder-api/Dockerfile.j2 index aec2d674c6..ee7638356a 100644 --- a/docker/cinder/cinder-api/Dockerfile.j2 +++ b/docker/cinder/cinder-api/Dockerfile.j2 @@ -12,11 +12,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(cinder_api_packages | customizable("packages")) }} -RUN mkdir -p /var/www/cgi-bin/cinder \ - && cp -a /var/lib/kolla/venv/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi - COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start -RUN chmod 755 /usr/local/bin/kolla_cinder_extend_start \ + +RUN mkdir -p /var/www/cgi-bin/cinder \ + && cp -a /var/lib/kolla/venv/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi \ + && chmod 755 /usr/local/bin/kolla_cinder_extend_start \ && chown -R cinder: /var/www/cgi-bin/cinder \ && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi diff --git a/docker/cinder/cinder-base/Dockerfile.j2 b/docker/cinder/cinder-base/Dockerfile.j2 index cf6f728e8e..22c2d0e78c 100644 --- a/docker/cinder/cinder-base/Dockerfile.j2 +++ b/docker/cinder/cinder-base/Dockerfile.j2 @@ -36,17 +36,17 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD cinder-base-archive /cinder-base-source + +COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s cinder-base-source/* cinder \ && {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/cinder \ && cp -r /cinder/etc/cinder/* /etc/cinder/ \ && chown -R cinder: /etc/cinder \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf - -COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \ && touch /usr/local/bin/kolla_cinder_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cinder_extend_start diff --git a/docker/cloudkitty/cloudkitty-base/Dockerfile.j2 b/docker/cloudkitty/cloudkitty-base/Dockerfile.j2 index adaa18c591..b10adb4456 100644 --- a/docker/cloudkitty/cloudkitty-base/Dockerfile.j2 +++ b/docker/cloudkitty/cloudkitty-base/Dockerfile.j2 @@ -14,15 +14,15 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD cloudkitty-base-archive /cloudkitty-base-source + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s cloudkitty-base-source/* cloudkitty \ && {{ macros.install_pip(cloudkitty_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/cloudkitty \ && cp -r /cloudkitty/etc/cloudkitty/* /etc/cloudkitty/ \ - && chown -R cloudkitty: /etc/cloudkitty - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_cloudkitty_extend_start \ + && chown -R cloudkitty: /etc/cloudkitty \ + && touch /usr/local/bin/kolla_cloudkitty_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cloudkitty_extend_start {% block cloudkitty_base_footer %}{% endblock %} diff --git a/docker/cyborg/cyborg-base/Dockerfile.j2 b/docker/cyborg/cyborg-base/Dockerfile.j2 index bf0fc2be23..4b6af08118 100644 --- a/docker/cyborg/cyborg-base/Dockerfile.j2 +++ b/docker/cyborg/cyborg-base/Dockerfile.j2 @@ -15,15 +15,14 @@ ADD cyborg-base-archive /cyborg-base-source '/cyborg' ] %} -RUN ln -s cyborg-base-source/* cyborg \ - && {{ macros.install_pip(cyborg_base_pip_packages | customizable("pip_packages")) }} \ - && mkdir -p /etc/cyborg/ \ - && cp -r /cyborg/etc/cyborg/* /etc/cyborg/ - COPY extend_start.sh /usr/local/bin/kolla_extend_start COPY cyborg_sudoers /etc/sudoers.d/kolla_cyborg_sudoers -RUN chmod 750 /etc/sudoers.d \ +RUN ln -s cyborg-base-source/* cyborg \ + && {{ macros.install_pip(cyborg_base_pip_packages | customizable("pip_packages")) }} \ + && mkdir -p /etc/cyborg/ \ + && cp -r /cyborg/etc/cyborg/* /etc/cyborg/ \ + && chmod 750 /etc/sudoers.d \ && touch /usr/local/bin/kolla_cyborg_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cyborg_extend_start diff --git a/docker/designate/designate-base/Dockerfile.j2 b/docker/designate/designate-base/Dockerfile.j2 index 9163158400..405adeaa03 100644 --- a/docker/designate/designate-base/Dockerfile.j2 +++ b/docker/designate/designate-base/Dockerfile.j2 @@ -14,18 +14,18 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD designate-base-archive /designate-base-source + +COPY designate_sudoers /etc/sudoers.d/kolla_designate_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s designate-base-source/* designate \ && {{ macros.install_pip(designate_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/designate \ && cp -r /designate/etc/designate/* /etc/designate/ \ && mv /etc/designate/rootwrap.conf.sample /etc/designate/rootwrap.conf \ && chown -R designate: /etc/designate \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf - -COPY designate_sudoers /etc/sudoers.d/kolla_designate_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_designate_sudoers \ && touch /usr/local/bin/kolla_designate_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_designate_extend_start diff --git a/docker/elasticsearch/elasticsearch-curator/Dockerfile.j2 b/docker/elasticsearch/elasticsearch-curator/Dockerfile.j2 index 0ce0927a9b..98a37b3ff5 100644 --- a/docker/elasticsearch/elasticsearch-curator/Dockerfile.j2 +++ b/docker/elasticsearch/elasticsearch-curator/Dockerfile.j2 @@ -30,13 +30,13 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'elasticsearch-curator' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN {{ macros.install_pip(['pip', 'wheel', 'setuptools'], constraints=false) }} \ && {{ macros.install_pip(elasticsearch_curator_pip_packages | customizable("pip_packages"), constraints=false) }} \ && mkdir -p /etc/elasticsearch-curator \ - && chown -R elasticsearch: /etc/elasticsearch-curator - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + && chown -R elasticsearch: /etc/elasticsearch-curator \ + && chmod 644 /usr/local/bin/kolla_extend_start {% block elasticsearch_curator_base_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/fluentd/Dockerfile.j2 b/docker/fluentd/Dockerfile.j2 index 34853eedc2..f7ed124be8 100644 --- a/docker/fluentd/Dockerfile.j2 +++ b/docker/fluentd/Dockerfile.j2 @@ -31,22 +31,20 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name=fluentd_user, groups='mysql') }} +COPY fluentd_sudoers /etc/sudoers.d/kolla_fluentd_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + # NOTE(frickler): Downgrading elasticsearch gems for compatibility with OSS versions of ES {{ macros.install_packages(fluentd_packages | customizable("packages")) }} \ && td-agent-gem install elasticsearch:7.13.0 \ && td-agent-gem uninstall "elasticsearch:>7.13.0" \ && td-agent-gem uninstall "elasticsearch-api:>7.13.0" \ - && td-agent-gem uninstall "elasticsearch-transport:>7.13.0" - -COPY fluentd_sudoers /etc/sudoers.d/kolla_fluentd_sudoers - -RUN chmod 440 /etc/sudoers.d/kolla_fluentd_sudoers \ + && td-agent-gem uninstall "elasticsearch-transport:>7.13.0" \ + && chmod 440 /etc/sudoers.d/kolla_fluentd_sudoers \ && mkdir -p /etc/{{ fluentd_user }} \ && mkdir -p /var/run/{{ fluentd_user }} \ - && chown -R {{ fluentd_user }}: /etc/{{ fluentd_user }} /var/run/{{ fluentd_user }} - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + && chown -R {{ fluentd_user }}: /etc/{{ fluentd_user }} /var/run/{{ fluentd_user }} \ + && chmod 644 /usr/local/bin/kolla_extend_start {% block fluentd_plugins_install %} diff --git a/docker/freezer/freezer-api/Dockerfile.j2 b/docker/freezer/freezer-api/Dockerfile.j2 index 3e393a0de9..6a862b054a 100644 --- a/docker/freezer/freezer-api/Dockerfile.j2 +++ b/docker/freezer/freezer-api/Dockerfile.j2 @@ -18,12 +18,12 @@ ADD freezer-api-archive /freezer-api-source '/freezer-api' ] %} +COPY extend_start.sh /usr/local/bin/kolla_freezer_extend_start + RUN ln -s freezer-api-source/* freezer-api \ && {{ macros.install_pip(freezer_api_pip_packages | customizable("pip_packages")) }} \ - && cp -r /freezer-api/etc/freezer/* /etc/freezer/ - -COPY extend_start.sh /usr/local/bin/kolla_freezer_extend_start -RUN chmod 755 /usr/local/bin/kolla_freezer_extend_start + && cp -r /freezer-api/etc/freezer/* /etc/freezer/ \ + && chmod 755 /usr/local/bin/kolla_freezer_extend_start {% block freezer_api_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/freezer/freezer-base/Dockerfile.j2 b/docker/freezer/freezer-base/Dockerfile.j2 index 56d2dfa3a8..0737eae589 100644 --- a/docker/freezer/freezer-base/Dockerfile.j2 +++ b/docker/freezer/freezer-base/Dockerfile.j2 @@ -22,16 +22,15 @@ ADD freezer-base-archive /freezer-base-source '/freezer' ] %} +COPY freezer_sudoers /etc/sudoers.d/kolla_freezer_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s freezer-base-source/* freezer \ && mkdir -p /etc/freezer \ && chown -R freezer: /etc/freezer \ && {{ macros.install_pip(freezer_base_pip_packages | customizable("pip_packages")) }} \ - && cp -r /freezer/etc/* /etc/freezer - -COPY freezer_sudoers /etc/sudoers.d/kolla_freezer_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + && cp -r /freezer/etc/* /etc/freezer \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_freezer_sudoers \ && touch /usr/local/bin/kolla_freezer_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_freezer_extend_start diff --git a/docker/glance/glance-base/Dockerfile.j2 b/docker/glance/glance-base/Dockerfile.j2 index 65cfbb9400..0d17517aa5 100644 --- a/docker/glance/glance-base/Dockerfile.j2 +++ b/docker/glance/glance-base/Dockerfile.j2 @@ -34,18 +34,16 @@ ADD glance-base-archive /glance-base-source # add missing rootwrap config present in glance_store repo COPY etc/glance /etc/glance +COPY glance_sudoers /etc/sudoers.d/kolla_glance_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN ln -s glance-base-source/* glance \ && {{ macros.install_pip(glance_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/glance \ && cp -r /glance/etc/* /etc/glance/ \ && chown -R glance: /etc/glance \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/glance/rootwrap.conf - -COPY glance_sudoers /etc/sudoers.d/kolla_glance_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/glance/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_glance_sudoers \ && touch /usr/local/bin/kolla_glance_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start diff --git a/docker/gnocchi/gnocchi-base/Dockerfile.j2 b/docker/gnocchi/gnocchi-base/Dockerfile.j2 index 4a12b97bfa..9fb808dfc9 100644 --- a/docker/gnocchi/gnocchi-base/Dockerfile.j2 +++ b/docker/gnocchi/gnocchi-base/Dockerfile.j2 @@ -38,15 +38,14 @@ ADD gnocchi-base-archive /gnocchi-base-source '/gnocchi[keystone,mysql,file,ceph,s3]' ] %} -RUN ln -s gnocchi-base-source/* gnocchi \ - && {{ macros.install_pip(gnocchi_base_pip_packages | customizable("pip_packages")) }} \ - && mkdir -p /etc/gnocchi \ - && chown -R gnocchi: /etc/gnocchi - COPY extend_start.sh /usr/local/bin/kolla_extend_start COPY gnocchi_sudoers /etc/sudoers.d/kolla_gnocchi_sudoers -RUN chmod 750 /etc/sudoers.d \ +RUN ln -s gnocchi-base-source/* gnocchi \ + && {{ macros.install_pip(gnocchi_base_pip_packages | customizable("pip_packages")) }} \ + && mkdir -p /etc/gnocchi \ + && chown -R gnocchi: /etc/gnocchi \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_gnocchi_sudoers \ && touch /usr/local/bin/kolla_gnocchi_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_gnocchi_extend_start diff --git a/docker/haproxy/Dockerfile.j2 b/docker/haproxy/Dockerfile.j2 index db03f6be1b..27d4c9189a 100644 --- a/docker/haproxy/Dockerfile.j2 +++ b/docker/haproxy/Dockerfile.j2 @@ -16,11 +16,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} {{ macros.install_packages(haproxy_packages | customizable("packages")) }} -RUN mkdir -p /var/lib/kolla/haproxy \ - && chown -R haproxy: /var/lib /run - COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config -RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config + +RUN mkdir -p /var/lib/kolla/haproxy \ + && chown -R haproxy: /var/lib /run \ + && chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config {% block haproxy_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/heat/heat-base/Dockerfile.j2 b/docker/heat/heat-base/Dockerfile.j2 index ba4afaec38..be8388a6fe 100644 --- a/docker/heat/heat-base/Dockerfile.j2 +++ b/docker/heat/heat-base/Dockerfile.j2 @@ -21,15 +21,14 @@ ADD heat-base-archive /heat-base-source '/heat' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s heat-base-source/* heat \ && {{ macros.install_pip(heat_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/heat \ && cp -r /heat/etc/heat/* /etc/heat/ \ - && chown -R heat: /etc/heat - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_heat_extend_start \ + && chown -R heat: /etc/heat \ + && touch /usr/local/bin/kolla_heat_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_heat_extend_start {% block heat_base_footer %}{% endblock %} diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2 index f66b020d0d..1a2352e21d 100644 --- a/docker/horizon/Dockerfile.j2 +++ b/docker/horizon/Dockerfile.j2 @@ -44,6 +44,8 @@ ADD plugins-archive / '/plugins/*' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + # NOTE(hrw): to install horizon from unpacked sources we cannot have it in upper-constraints.txt RUN ln -s horizon-source/* horizon \ && sed -i /^horizon=/d /requirements/upper-constraints.txt \ @@ -58,10 +60,8 @@ RUN ln -s horizon-source/* horizon \ && for locale in /var/lib/kolla/venv/lib/python{{distro_python_version}}/site-packages/*/locale; do \ (cd ${locale%/*} && /var/lib/kolla/venv/bin/django-admin compilemessages) \ done \ - && chown -R horizon: /etc/openstack-dashboard - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + && chown -R horizon: /etc/openstack-dashboard \ + && chmod 644 /usr/local/bin/kolla_extend_start {% block horizon_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/ironic-inspector/Dockerfile.j2 b/docker/ironic-inspector/Dockerfile.j2 index ef0a766ecf..3b6c47c125 100644 --- a/docker/ironic-inspector/Dockerfile.j2 +++ b/docker/ironic-inspector/Dockerfile.j2 @@ -18,25 +18,23 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(ironic_inspector_packages | customizable("packages")) }} ADD ironic-inspector-archive /ironic-inspector-source +ADD ironic_inspector_sudoers /etc/sudoers.d/kolla_ironic_inspector_sudoers {% set ironic_inspector_pip_packages = [ '/ironic-inspector' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s ironic-inspector-source/* ironic-inspector \ && {{ macros.install_pip(ironic_inspector_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/ironic-inspector \ && cp /ironic-inspector/rootwrap.conf /etc/ironic-inspector/ \ && cp -r /ironic-inspector/rootwrap.d/ /etc/ironic-inspector/ \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic-inspector/rootwrap.conf - -ADD ironic_inspector_sudoers /etc/sudoers.d/kolla_ironic_inspector_sudoers -RUN chmod 750 /etc/sudoers.d \ - && chmod 440 /etc/sudoers.d/kolla_ironic_inspector_sudoers - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 644 /usr/local/bin/kolla_extend_start \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic-inspector/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_ironic_inspector_sudoers \ + && chmod 644 /usr/local/bin/kolla_extend_start \ && mkdir -p /var/lib/ironic-inspector/dhcp-hostsdir \ && chown -R ironic-inspector: /etc/ironic-inspector /var/lib/ironic-inspector diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2 index 8f7f8521e7..210e6e9051 100644 --- a/docker/ironic/ironic-base/Dockerfile.j2 +++ b/docker/ironic/ironic-base/Dockerfile.j2 @@ -10,25 +10,23 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name='ironic') }} ADD ironic-base-archive /ironic-base-source +ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers {% set ironic_base_pip_packages = [ '/ironic' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s ironic-base-source/* ironic \ && {{ macros.install_pip(ironic_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/ironic \ && cp -r /var/lib/kolla/venv/etc/ironic/* /etc/ironic/ \ && chown -R ironic: /etc/ironic \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf - -ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers -RUN chmod 750 /etc/sudoers.d \ - && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_ironic_extend_start \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers \ + && touch /usr/local/bin/kolla_ironic_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \ && chown -R ironic: /etc/ironic diff --git a/docker/keystone/keystone-ssh/Dockerfile.j2 b/docker/keystone/keystone-ssh/Dockerfile.j2 index f9bc63f508..3a44ba2ef2 100644 --- a/docker/keystone/keystone-ssh/Dockerfile.j2 +++ b/docker/keystone/keystone-ssh/Dockerfile.j2 @@ -31,10 +31,10 @@ RUN mkdir -p /var/run/sshd \ {% endif %} {{ macros.install_packages(keystone_ssh_packages | customizable("packages")) }} -RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd - COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd \ + && chmod 644 /usr/local/bin/kolla_extend_start {% block keystone_ssh_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/keystone/keystone/Dockerfile.j2 b/docker/keystone/keystone/Dockerfile.j2 index eee036be34..6f7f7d6ec7 100644 --- a/docker/keystone/keystone/Dockerfile.j2 +++ b/docker/keystone/keystone/Dockerfile.j2 @@ -7,11 +7,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -COPY keystone_bootstrap.sh /usr/local/bin/kolla_keystone_bootstrap -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start \ - && chmod 755 /usr/local/bin/kolla_keystone_bootstrap - {% if base_package_type == 'rpm' %} {% set keystone_packages = [ 'mod_auth_gssapi', @@ -29,7 +24,12 @@ ADD plugins-archive / 'requests-kerberos', ] %} -RUN if [ "$(ls /plugins)" ]; then \ +COPY keystone_bootstrap.sh /usr/local/bin/kolla_keystone_bootstrap +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 644 /usr/local/bin/kolla_extend_start \ + && chmod 755 /usr/local/bin/kolla_keystone_bootstrap \ + && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(keystone_plugins_pip_packages) }}; \ fi diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2 index 6304646582..283fd77a14 100644 --- a/docker/kolla-toolbox/Dockerfile.j2 +++ b/docker/kolla-toolbox/Dockerfile.j2 @@ -95,14 +95,13 @@ ENV ANSIBLE_LIBRARY /usr/share/ansible:$ANSIBLE_LIBRARY COPY find_disks.py /usr/share/ansible/ COPY ansible.cfg /etc/ansible/ansible.cfg -RUN chmod 644 /usr/share/ansible/find_disks.py \ - /etc/ansible/ansible.cfg - COPY ansible_sudoers /etc/sudoers.d/kolla_ansible_sudoers -RUN chmod 440 /etc/sudoers.d/kolla_ansible_sudoers - COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + +RUN chmod 644 /usr/share/ansible/find_disks.py \ + /etc/ansible/ansible.cfg \ + /usr/local/bin/kolla_extend_start \ + && chmod 440 /etc/sudoers.d/kolla_ansible_sudoers {% block kolla_toolbox_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/kuryr/kuryr-base/Dockerfile.j2 b/docker/kuryr/kuryr-base/Dockerfile.j2 index 69b1146923..b869121fe3 100644 --- a/docker/kuryr/kuryr-base/Dockerfile.j2 +++ b/docker/kuryr/kuryr-base/Dockerfile.j2 @@ -15,15 +15,15 @@ ADD kuryr-base-archive /kuryr-base-source '/kuryr-base' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + # NOTE(Jeffrey4l): remove kuryr-lib constraint in upper-constraints.txt file. # Otherwise, it will be failed. RUN ln -s kuryr-base-source/* kuryr-base \ && sed -i 's|^kuryr-lib===.*$||g' requirements/upper-constraints.txt \ && {{ macros.install_pip(kuryr_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/kuryr \ - && chown -R kuryr: /etc/kuryr - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + && chown -R kuryr: /etc/kuryr \ + && chmod 644 /usr/local/bin/kolla_extend_start {% block kuryr_base_footer %}{% endblock %} diff --git a/docker/magnum/magnum-base/Dockerfile.j2 b/docker/magnum/magnum-base/Dockerfile.j2 index 4aaa3ea2f9..4473b80d2c 100644 --- a/docker/magnum/magnum-base/Dockerfile.j2 +++ b/docker/magnum/magnum-base/Dockerfile.j2 @@ -15,16 +15,15 @@ ADD magnum-base-archive /magnum-base-source '/magnum[osprofiler]' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s magnum-base-source/* magnum \ && {{ macros.install_pip(magnum_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/magnum \ && cp -r /magnum/etc/magnum/* /etc/magnum \ && mv /etc/magnum/keystone_auth_default_policy.sample /etc/magnum/keystone_auth_default_policy.json \ - && chown -R magnum: /etc/magnum - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_magnum_extend_start \ + && chown -R magnum: /etc/magnum \ + && touch /usr/local/bin/kolla_magnum_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_magnum_extend_start {% block magnum_base_footer %}{% endblock %} diff --git a/docker/manila/manila-api/Dockerfile.j2 b/docker/manila/manila-api/Dockerfile.j2 index b5d70f9bb5..5ceb9e372d 100644 --- a/docker/manila/manila-api/Dockerfile.j2 +++ b/docker/manila/manila-api/Dockerfile.j2 @@ -11,11 +11,11 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} {{ macros.install_packages(manila_api_packages | customizable("packages")) }} -RUN mkdir -p /var/www/cgi-bin/manila \ - && cp -a /var/lib/kolla/venv/bin/manila-wsgi /var/www/cgi-bin/manila/manila-wsgi - COPY extend_start.sh /usr/local/bin/kolla_manila_extend_start -RUN chmod 755 /usr/local/bin/kolla_manila_extend_start \ + +RUN mkdir -p /var/www/cgi-bin/manila \ + && cp -a /var/lib/kolla/venv/bin/manila-wsgi /var/www/cgi-bin/manila/manila-wsgi \ + && chmod 755 /usr/local/bin/kolla_manila_extend_start \ && chown -R manila: /var/www/cgi-bin/manila \ && chmod 755 /var/www/cgi-bin/manila/manila-wsgi diff --git a/docker/manila/manila-base/Dockerfile.j2 b/docker/manila/manila-base/Dockerfile.j2 index ebaf09fceb..d484f8f0dc 100644 --- a/docker/manila/manila-base/Dockerfile.j2 +++ b/docker/manila/manila-base/Dockerfile.j2 @@ -28,17 +28,16 @@ ADD manila-base-archive /manila-base-source '/manila' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start +COPY manila_sudoers /etc/sudoers.d/kolla_manila_sudoers + RUN ln -s manila-base-source/* manila \ && {{ macros.install_pip(manila_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/manila /var/cache/manila \ && cp -r /manila/etc/manila/* /etc/manila/ \ && chown -R manila: /etc/manila /var/cache/manila \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/manila/rootwrap.conf - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -COPY manila_sudoers /etc/sudoers.d/kolla_manila_sudoers - -RUN chmod 750 /etc/sudoers.d \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/manila/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_manila_sudoers \ && touch /usr/local/bin/kolla_manila_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_manila_extend_start diff --git a/docker/mariadb/mariadb-server/Dockerfile.j2 b/docker/mariadb/mariadb-server/Dockerfile.j2 index 5418158f64..0251bbf388 100644 --- a/docker/mariadb/mariadb-server/Dockerfile.j2 +++ b/docker/mariadb/mariadb-server/Dockerfile.j2 @@ -39,8 +39,10 @@ RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers COPY extend_start.sh /usr/local/bin/kolla_extend_start COPY security_reset.expect /usr/local/bin/kolla_security_reset +COPY backup.sh /usr/local/bin/kolla_mariadb_backup.sh + RUN chmod 644 /usr/local/bin/kolla_extend_start \ - && chmod 755 /usr/local/bin/kolla_security_reset \ + && chmod 755 /usr/local/bin/kolla_security_reset /usr/local/bin/kolla_mariadb_backup.sh \ && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_mariadb_sudoers \ && rm -rf /var/lib/mysql/* @@ -49,9 +51,6 @@ RUN chmod 644 /usr/local/bin/kolla_extend_start \ RUN mkdir -p /var/run/mysqld && chown mysql /var/run/mysqld && chmod 755 /var/run/mysqld {% endif %} -COPY backup.sh /usr/local/bin/kolla_mariadb_backup.sh -RUN chmod 755 /usr/local/bin/kolla_mariadb_backup.sh - {% if docker_healthchecks %} {% block healthcheck_installation %} diff --git a/docker/masakari/masakari-base/Dockerfile.j2 b/docker/masakari/masakari-base/Dockerfile.j2 index 0388c47ae9..e0f3e3d601 100644 --- a/docker/masakari/masakari-base/Dockerfile.j2 +++ b/docker/masakari/masakari-base/Dockerfile.j2 @@ -23,24 +23,21 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(masakari_base_packages | customizable("packages")) }} -RUN mkdir -p /var/www/cgi-bin/masakari - ADD masakari-base-archive /masakari-base-source {% set masakari_base_pip_packages = [ '/masakari' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s masakari-base-source/* masakari \ && {{ macros.install_pip(masakari_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/masakari /var/www/cgi-bin/masakari \ && cp -r /masakari/etc/masakari/* /etc/masakari/ \ && chown -R masakari: /etc/masakari /var/www/cgi-bin/masakari \ - && chmod 755 /var/www/cgi-bin/masakari - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_masakari_extend_start \ + && chmod 755 /var/www/cgi-bin/masakari \ + && touch /usr/local/bin/kolla_masakari_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_masakari_extend_start {% block masakari_base_footer %}{% endblock %} diff --git a/docker/masakari/masakari-monitors/Dockerfile.j2 b/docker/masakari/masakari-monitors/Dockerfile.j2 index c6df1d0e8b..484c190ba8 100644 --- a/docker/masakari/masakari-monitors/Dockerfile.j2 +++ b/docker/masakari/masakari-monitors/Dockerfile.j2 @@ -39,14 +39,13 @@ ADD masakari-monitors-archive /masakari-monitors-source '/masakari-monitors' ] %} +COPY masakari_monitors_sudoers /etc/sudoers.d/kolla_masakari_monitors_sudoers + RUN ln -s masakari-monitors-source/* masakari-monitors \ && {{ macros.install_pip(masakari_monitors_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/masakari-monitors \ - && chown -R masakari: /etc/masakari-monitors - -COPY masakari_monitors_sudoers /etc/sudoers.d/kolla_masakari_monitors_sudoers - -RUN chmod 750 /etc/sudoers.d \ + && chown -R masakari: /etc/masakari-monitors \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_masakari_monitors_sudoers {% block masakari_monitors_footer %}{% endblock %} diff --git a/docker/mistral/mistral-base/Dockerfile.j2 b/docker/mistral/mistral-base/Dockerfile.j2 index f74463f7de..bc260660c9 100644 --- a/docker/mistral/mistral-base/Dockerfile.j2 +++ b/docker/mistral/mistral-base/Dockerfile.j2 @@ -21,6 +21,8 @@ ADD plugins-archive / '/plugins/*' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s mistral-base-source/* mistral \ && {{ macros.install_pip(mistral_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/mistral \ @@ -28,11 +30,8 @@ RUN ln -s mistral-base-source/* mistral \ && chown -R mistral: /etc/mistral \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(mistral_base_plugins_pip_packages) }}; \ - fi - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_mistral_extend_start \ + fi \ + && touch /usr/local/bin/kolla_mistral_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_mistral_extend_start {% block mistral_base_footer %}{% endblock %} diff --git a/docker/monasca/monasca-api/Dockerfile.j2 b/docker/monasca/monasca-api/Dockerfile.j2 index 5e83a6759b..56377f31c6 100644 --- a/docker/monasca/monasca-api/Dockerfile.j2 +++ b/docker/monasca/monasca-api/Dockerfile.j2 @@ -23,11 +23,11 @@ ADD monasca-api-archive /monasca-api-source '/monasca-api' ] %} -RUN ln -s monasca-api-source/* monasca-api \ - && {{ macros.install_pip(monasca_api_pip_packages | customizable("pip_packages")) }} - COPY extend_start.sh /usr/local/bin/kolla_monasca_extend_start -RUN chmod 755 /usr/local/bin/kolla_monasca_extend_start + +RUN ln -s monasca-api-source/* monasca-api \ + && {{ macros.install_pip(monasca_api_pip_packages | customizable("pip_packages")) }} \ + && chmod 755 /usr/local/bin/kolla_monasca_extend_start {% block monasca_api_footer %}{% endblock %} diff --git a/docker/murano/murano-base/Dockerfile.j2 b/docker/murano/murano-base/Dockerfile.j2 index 861553796c..ccef5135f6 100644 --- a/docker/murano/murano-base/Dockerfile.j2 +++ b/docker/murano/murano-base/Dockerfile.j2 @@ -15,6 +15,8 @@ ADD murano-base-archive /murano-base-source '/murano' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s murano-base-source/* murano \ && {{ macros.install_pip(murano_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/murano \ @@ -23,11 +25,8 @@ RUN ln -s murano-base-source/* murano \ && cd murano/meta/io.murano \ && zip -r /io.murano.zip * \ && cd /murano/meta/io.murano.applications \ - && zip -r /io.murano.applications.zip * - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_murano_extend_start \ + && zip -r /io.murano.applications.zip * \ + && touch /usr/local/bin/kolla_murano_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_murano_extend_start {% block murano_base_footer %}{% endblock %} diff --git a/docker/neutron/neutron-base/Dockerfile.j2 b/docker/neutron/neutron-base/Dockerfile.j2 index ba7cf5ff29..56f336c571 100644 --- a/docker/neutron/neutron-base/Dockerfile.j2 +++ b/docker/neutron/neutron-base/Dockerfile.j2 @@ -64,6 +64,9 @@ ADD plugins-archive / '/plugins/*' ] %} +COPY neutron_sudoers /etc/sudoers.d/kolla_neutron_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s neutron-base-source/* neutron \ && {{ macros.install_pip(neutron_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/neutron \ @@ -79,12 +82,8 @@ RUN ln -s neutron-base-source/* neutron \ cp /plugins/$neutron_plugins/etc/neutron/rootwrap.d/* /etc/neutron/rootwrap.d; \ fi; \ done; \ - fi - -COPY neutron_sudoers /etc/sudoers.d/kolla_neutron_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + fi \ + && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_neutron_sudoers \ && touch /usr/local/bin/kolla_neutron_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_neutron_extend_start diff --git a/docker/neutron/neutron-server/Dockerfile.j2 b/docker/neutron/neutron-server/Dockerfile.j2 index bde58cb265..c5fe4d78c9 100644 --- a/docker/neutron/neutron-server/Dockerfile.j2 +++ b/docker/neutron/neutron-server/Dockerfile.j2 @@ -16,13 +16,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD plugins-archive / + +COPY extend_start.sh /usr/local/bin/kolla_neutron_extend_start + RUN {{ macros.install_pip(neutron_server_pip_packages | customizable("pip_packages")) }} \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(neutron_server_plugins_pip_packages) }}; \ - fi - -COPY extend_start.sh /usr/local/bin/kolla_neutron_extend_start -RUN chmod 755 /usr/local/bin/kolla_neutron_extend_start + fi \ + && chmod 755 /usr/local/bin/kolla_neutron_extend_start {% block neutron_server_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2 index b860481fcb..c2ce048a3e 100644 --- a/docker/nova/nova-base/Dockerfile.j2 +++ b/docker/nova/nova-base/Dockerfile.j2 @@ -63,6 +63,9 @@ ADD plugins-archive / '/plugins/*' ] %} +COPY nova_sudoers /etc/sudoers.d/kolla_nova_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s nova-base-source/* nova \ && {{ macros.install_pip(nova_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/nova/ \ @@ -71,15 +74,10 @@ RUN ln -s nova-base-source/* nova \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(nova_base_plugins_pip_packages) }}; \ - fi - -COPY nova_sudoers /etc/sudoers.d/kolla_nova_sudoers -RUN chmod 750 /etc/sudoers.d \ - && chmod 440 /etc/sudoers.d/kolla_nova_sudoers - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_nova_extend_start \ + fi \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_nova_sudoers \ + && touch /usr/local/bin/kolla_nova_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_nova_extend_start {% block nova_base_footer %}{% endblock %} diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2 index 13edac23e7..b0d7327a78 100644 --- a/docker/nova/nova-compute/Dockerfile.j2 +++ b/docker/nova/nova-compute/Dockerfile.j2 @@ -96,13 +96,14 @@ RUN mkdir -p /etc/ceph \ ] %} ADD plugins-archive / + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start + RUN {{ macros.install_pip(nova_compute_pip_packages | customizable("pip_packages")) }} \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(nova_compute_plugins_pip_packages) }}; \ - fi - -COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start -RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \ + fi \ + && chmod 755 /usr/local/bin/kolla_nova_extend_start \ && rm -f /etc/machine-id {% block nova_compute_footer %}{% endblock %} diff --git a/docker/nova/nova-ssh/Dockerfile.j2 b/docker/nova/nova-ssh/Dockerfile.j2 index 8fd6b2447b..945e9489da 100644 --- a/docker/nova/nova-ssh/Dockerfile.j2 +++ b/docker/nova/nova-ssh/Dockerfile.j2 @@ -28,10 +28,10 @@ RUN mkdir -p /var/run/sshd \ {{ macros.install_packages(nova_ssh_packages | customizable("packages")) }} -RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd - COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 644 /usr/local/bin/kolla_extend_start + +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd \ + && chmod 644 /usr/local/bin/kolla_extend_start {% block nova_ssh_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/octavia/octavia-api/Dockerfile.j2 b/docker/octavia/octavia-api/Dockerfile.j2 index f22b74f712..da63ece59c 100644 --- a/docker/octavia/octavia-api/Dockerfile.j2 +++ b/docker/octavia/octavia-api/Dockerfile.j2 @@ -15,14 +15,15 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD plugins-archive / + +COPY extend_start.sh /usr/local/bin/kolla_octavia_extend_start + RUN if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(octavia_api_plugins_pip_packages) }} ; \ - fi + fi \ + && chmod 755 /usr/local/bin/kolla_octavia_extend_start {{ macros.install_packages(octavia_api_packages | customizable("packages")) }} -COPY extend_start.sh /usr/local/bin/kolla_octavia_extend_start -RUN chmod 755 /usr/local/bin/kolla_octavia_extend_start - {% block octavia_api_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/octavia/octavia-base/Dockerfile.j2 b/docker/octavia/octavia-base/Dockerfile.j2 index 010326531e..bb4b2245da 100644 --- a/docker/octavia/octavia-base/Dockerfile.j2 +++ b/docker/octavia/octavia-base/Dockerfile.j2 @@ -22,15 +22,14 @@ ADD octavia-base-archive /octavia-base-source '/octavia' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s /octavia-base-source/* octavia \ && {{ macros.install_pip(octavia_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/octavia \ && cp -r /octavia/etc/* /etc/octavia/ \ - && chown -R octavia: /etc/octavia - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_octavia_extend_start \ + && chown -R octavia: /etc/octavia \ + && touch /usr/local/bin/kolla_octavia_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_octavia_extend_start {% block octavia_base_footer %}{% endblock %} diff --git a/docker/placement/placement-base/Dockerfile.j2 b/docker/placement/placement-base/Dockerfile.j2 index cc6ccc2af3..ff3892fbd7 100644 --- a/docker/placement/placement-base/Dockerfile.j2 +++ b/docker/placement/placement-base/Dockerfile.j2 @@ -30,15 +30,14 @@ ADD plugins-archive / '/placement' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s placement-base-source/* placement \ && {{ macros.install_pip(placement_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/placement/ \ && cp -r /placement/etc/placement/* /etc/placement/ \ - && chown -R placement: /etc/placement/ - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_placement_extend_start \ + && chown -R placement: /etc/placement/ \ + && touch /usr/local/bin/kolla_placement_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_placement_extend_start {% block placement_base_footer %}{% endblock %} diff --git a/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 b/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 index 66a2b32ab2..f94c9b4b14 100644 --- a/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 +++ b/docker/prometheus/prometheus-blackbox-exporter/Dockerfile.j2 @@ -28,8 +28,8 @@ ARG blackbox_exporter_url=https://github.com/prometheus/blackbox_exporter/releas RUN curl -o /tmp/blackbox_exporter.tar.gz ${blackbox_exporter_url} \ && tar xvf /tmp/blackbox_exporter.tar.gz -C /opt/ \ && rm -f /tmp/blackbox_exporter.tar.gz \ - && ln -s /opt/blackbox_exporter* /opt/blackbox_exporter -RUN setcap cap_net_raw+ep /opt/blackbox_exporter/blackbox_exporter + && ln -s /opt/blackbox_exporter* /opt/blackbox_exporter \ + && setcap cap_net_raw+ep /opt/blackbox_exporter/blackbox_exporter {% endblock %} {% block prometheus_blackbox_exporter_footer %}{% endblock %} diff --git a/docker/sahara/sahara-base/Dockerfile.j2 b/docker/sahara/sahara-base/Dockerfile.j2 index fae76be4da..af60f20229 100644 --- a/docker/sahara/sahara-base/Dockerfile.j2 +++ b/docker/sahara/sahara-base/Dockerfile.j2 @@ -26,6 +26,9 @@ ADD plugins-archive / '/plugins/*', ] %} +COPY sahara_sudoers /etc/sudoers.d/kolla_sahara_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s sahara-base-source/* sahara \ && {{ macros.install_pip(sahara_base_pip_packages | customizable("pip_packages")) }} \ && if [ "$(ls /plugins)" ]; then \ @@ -34,12 +37,8 @@ RUN ln -s sahara-base-source/* sahara \ && mkdir -p /etc/sahara \ && cp -r /sahara/etc/sahara/* /etc/sahara/ \ && chown -R sahara: /etc/sahara \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/sahara/rootwrap.conf - -COPY sahara_sudoers /etc/sudoers.d/kolla_sahara_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/sahara/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_sahara_sudoers \ && touch /usr/local/bin/kolla_sahara_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_sahara_extend_start diff --git a/docker/senlin/senlin-base/Dockerfile.j2 b/docker/senlin/senlin-base/Dockerfile.j2 index 69c4934f81..463a7a3fef 100644 --- a/docker/senlin/senlin-base/Dockerfile.j2 +++ b/docker/senlin/senlin-base/Dockerfile.j2 @@ -15,15 +15,14 @@ ADD senlin-base-archive /senlin-base-source '/senlin' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s senlin-base-source/* senlin \ && {{ macros.install_pip(senlin_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/senlin \ && cp -r /senlin/etc/senlin/* /etc/senlin \ - && chown -R senlin: /etc/senlin - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_senlin_extend_start \ + && chown -R senlin: /etc/senlin \ + && touch /usr/local/bin/kolla_senlin_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_senlin_extend_start {% block senlin_base_footer %}{% endblock %} diff --git a/docker/solum/solum-base/Dockerfile.j2 b/docker/solum/solum-base/Dockerfile.j2 index 11e55d9a96..8bad55fe3c 100644 --- a/docker/solum/solum-base/Dockerfile.j2 +++ b/docker/solum/solum-base/Dockerfile.j2 @@ -15,15 +15,14 @@ ADD solum-base-archive /solum-base-source '/solum' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s solum-base-source/* solum \ && {{ macros.install_pip(solum_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/solum \ && cp -r /solum/etc/solum/* /etc/solum/ \ - && chown -R solum: /etc/solum - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_solum_extend_start \ + && chown -R solum: /etc/solum \ + && touch /usr/local/bin/kolla_solum_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_solum_extend_start {% block solum_base_footer %}{% endblock %} diff --git a/docker/swift/swift-base/Dockerfile.j2 b/docker/swift/swift-base/Dockerfile.j2 index 98e10a2e65..c3365578c5 100644 --- a/docker/swift/swift-base/Dockerfile.j2 +++ b/docker/swift/swift-base/Dockerfile.j2 @@ -30,17 +30,16 @@ ADD swift-base-archive /swift-base-source '/swift' ] %} -RUN ln -s swift-base-source/* swift \ - && {{ macros.install_pip(swift_base_pip_packages | customizable("pip_packages")) }} \ - && mkdir -p /etc/swift /var/cache/swift /var/lock/swift \ - && cp -r /swift/etc/* /etc/swift/ \ - && chown -R swift: /etc/swift /var/cache/swift /var/lock/swift - COPY swift-rootwrap /var/lib/kolla/venv/bin/swift-rootwrap COPY rootwrap.conf /etc/swift/rootwrap.conf COPY swift_sudoers /etc/sudoers.d/kolla_swift_sudoers -RUN chmod 755 /var/lib/kolla/venv/bin/swift-rootwrap \ +RUN ln -s swift-base-source/* swift \ + && {{ macros.install_pip(swift_base_pip_packages | customizable("pip_packages")) }} \ + && mkdir -p /etc/swift /var/cache/swift /var/lock/swift \ + && cp -r /swift/etc/* /etc/swift/ \ + && chown -R swift: /etc/swift /var/cache/swift /var/lock/swift \ + && chmod 755 /var/lib/kolla/venv/bin/swift-rootwrap \ && chmod 644 /etc/swift/rootwrap.conf \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/swift/rootwrap.conf \ && chmod 750 /etc/sudoers.d \ diff --git a/docker/tacker/tacker-base/Dockerfile.j2 b/docker/tacker/tacker-base/Dockerfile.j2 index bce2af931a..f9f526f6de 100644 --- a/docker/tacker/tacker-base/Dockerfile.j2 +++ b/docker/tacker/tacker-base/Dockerfile.j2 @@ -21,6 +21,8 @@ ADD plugins-archive / '/plugins/*' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s tacker-base-source/* tacker \ && {{ macros.install_pip(tacker_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/tacker \ @@ -28,11 +30,8 @@ RUN ln -s tacker-base-source/* tacker \ && chown -R tacker: /etc/tacker \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(tacker_base_plugins_pip_packages) }}; \ - fi - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_tacker_extend_start \ + fi \ + && touch /usr/local/bin/kolla_tacker_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_tacker_extend_start {% block tacker_base_footer %}{% endblock %} diff --git a/docker/trove/trove-base/Dockerfile.j2 b/docker/trove/trove-base/Dockerfile.j2 index 92baa56408..af3bde5300 100644 --- a/docker/trove/trove-base/Dockerfile.j2 +++ b/docker/trove/trove-base/Dockerfile.j2 @@ -15,15 +15,14 @@ ADD trove-base-archive /trove-base-source '/trove' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s trove-base-source/* trove \ && {{ macros.install_pip(trove_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/trove \ && cp -r /trove/etc/trove/* /etc/trove/ \ - && chown -R trove: /etc/trove - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_trove_extend_start \ + && chown -R trove: /etc/trove \ + && touch /usr/local/bin/kolla_trove_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_trove_extend_start {% block trove_base_footer %}{% endblock %} diff --git a/docker/venus/venus-base/Dockerfile.j2 b/docker/venus/venus-base/Dockerfile.j2 index 1b192d401e..8137644987 100644 --- a/docker/venus/venus-base/Dockerfile.j2 +++ b/docker/venus/venus-base/Dockerfile.j2 @@ -15,15 +15,14 @@ ADD venus-base-archive /venus-base-source '/venus' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s venus-base-source/* venus \ && {{ macros.install_pip(venus_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/venus \ && cp -r /venus/etc/venus/* /etc/venus/ \ - && chown -R venus: /etc/venus - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_venus_extend_start \ + && chown -R venus: /etc/venus \ + && touch /usr/local/bin/kolla_venus_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_venus_extend_start {% block venus_base_footer %}{% endblock %} diff --git a/docker/vitrage/vitrage-base/Dockerfile.j2 b/docker/vitrage/vitrage-base/Dockerfile.j2 index 2e4b14e526..aaa1dd55d6 100644 --- a/docker/vitrage/vitrage-base/Dockerfile.j2 +++ b/docker/vitrage/vitrage-base/Dockerfile.j2 @@ -28,15 +28,16 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ] %} ADD vitrage-base-archive /vitrage-base-source + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s vitrage-base-source/* vitrage \ && {{ macros.install_pip(vitrage_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/vitrage /var/www/cgi-bin/vitrage \ && cp -r /vitrage/etc/vitrage/* /etc/vitrage/ \ && cp /vitrage/vitrage/api/app.wsgi /var/www/cgi-bin/vitrage \ - && chown -R vitrage: /etc/vitrage /var/www/cgi-bin/vitrage - -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN touch /usr/local/bin/kolla_vitrage_extend_start \ + && chown -R vitrage: /etc/vitrage /var/www/cgi-bin/vitrage \ + && touch /usr/local/bin/kolla_vitrage_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_vitrage_extend_start {% block vitrage_base_footer %}{% endblock %} diff --git a/docker/watcher/watcher-base/Dockerfile.j2 b/docker/watcher/watcher-base/Dockerfile.j2 index c4feea2bc8..aae288e565 100644 --- a/docker/watcher/watcher-base/Dockerfile.j2 +++ b/docker/watcher/watcher-base/Dockerfile.j2 @@ -16,15 +16,14 @@ ADD watcher-base-archive /watcher-base-source '/watcher' ] %} +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s watcher-base-source/* watcher \ && {{ macros.install_pip(watcher_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/watcher \ && cp -r /watcher/etc/watcher/* /etc/watcher/ \ - && chown -R watcher: /etc/watcher - -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN touch /usr/local/bin/kolla_watcher_extend_start \ + && chown -R watcher: /etc/watcher \ + && touch /usr/local/bin/kolla_watcher_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_watcher_extend_start {% block watcher_base_footer %}{% endblock %} diff --git a/docker/zun/zun-base/Dockerfile.j2 b/docker/zun/zun-base/Dockerfile.j2 index e8dd808da9..41b022dab4 100644 --- a/docker/zun/zun-base/Dockerfile.j2 +++ b/docker/zun/zun-base/Dockerfile.j2 @@ -35,18 +35,17 @@ ADD zun-base-archive /zun-base-source '/zun' ] %} +COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + RUN ln -s zun-base-source/* zun \ && {{ macros.install_pip(zun_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/zun /var/www/cgi-bin/zun \ && cp -r /zun/etc/zun/* /etc/zun/ \ && cp /zun/zun/api/app.wsgi /var/www/cgi-bin/zun \ && chown -R zun: /etc/zun /var/www/cgi-bin/zun \ - && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/zun/rootwrap.conf - -COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers -COPY extend_start.sh /usr/local/bin/kolla_extend_start - -RUN chmod 750 /etc/sudoers.d \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/zun/rootwrap.conf \ + && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_zun_sudoers \ && touch /usr/local/bin/kolla_zun_extend_start \ && chmod 755 /var/www/cgi-bin/zun \ diff --git a/docker/zun/zun-cni-daemon/Dockerfile.j2 b/docker/zun/zun-cni-daemon/Dockerfile.j2 index fee32b2fbc..8263514430 100644 --- a/docker/zun/zun-cni-daemon/Dockerfile.j2 +++ b/docker/zun/zun-cni-daemon/Dockerfile.j2 @@ -23,17 +23,16 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% endif %} {{ macros.install_packages(zun_cni_daemon_packages | customizable("packages")) }} -COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers - -RUN chmod 750 /etc/sudoers.d \ - && chmod 640 /etc/sudoers.d/kolla_zun_sudoers - {% block zun_cni_daemon_version %} ARG zun_cni_daemon_version=0.7.1 ARG zun_cni_daemon_url=https://github.com/containernetworking/plugins/releases/download/v${zun_cni_daemon_version}/cni-plugins-amd64-v${zun_cni_daemon_version}.tgz {% endblock %} -RUN curl -o /tmp/cni-plugins.tgz ${zun_cni_daemon_url} \ +COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers + +RUN chmod 750 /etc/sudoers.d \ + && chmod 640 /etc/sudoers.d/kolla_zun_sudoers \ + && curl -o /tmp/cni-plugins.tgz ${zun_cni_daemon_url} \ && tar -C /opt -xzvf /tmp/cni-plugins.tgz ./loopback \ && rm -f /tmp/cni-plugins.tgz