In 6d55417f80384ead56e176beec9e2fc4eb162d61 cloudwatch api
has been removed from heat.
Change-Id: I70cb2aec7f262ab3a4afc383b502c6fed68ce01c
Related-Bug: #1747294
In ubuntu is not evaluating correctly
if $user == root check at extend_start.
Changing to "$(whoami)" == 'root' fixes the issue
Change-Id: I296a1f98764cdfa09650c483bc7beba53e6bdba4
Closes-Bug: #1690360
centos based images have wrong label info,
these changes fix own image's name and build-date.
Change-Id: I1d13f8f386c8db12b5fbe5f8ecbbf9e3fbb4ba1c
Closes-Bug: #1680341
The heat images got apache as part of blueprint
apache-packages-for-apis without a cleaning up. Without this step the
containers may fail to restart due to runtime files already present.
Change-Id: I55a7144caa913117f71100f757b1e601de6471a6
Closes-Bug: #1679565
Use LABEL instruction instead of MAINTAINER (deprecated) instruc-
tion as suggested by Docker's official dockerfile guide.
docs.docker.com/engine/reference/builder/#maintainer-deprecated
Closes-Bug: #1683652
Change-Id: Ie87a1ddf31aefcd0b623fd2837d78de420e76898
Debian support is not maintained in Kolla so it got a bit behind Ubuntu
one. This changeset enables Debian for all images. Jessie (even with
backports) may be too old for some images though.
Also unify distro check to ['debian', 'ubuntu'] to keep alphabetical order
like it is done for RPM distributions.
Partially-Implements: blueprint multiarch-and-arm64-containers
Change-Id: I056233fbfa277e0e2360c07c3f80d9558c554357
Some images have packages sorted alphabetically and some not.
Unify common style between all images.
Change-Id: I906ed89c10b12886665618752f525ba71d83d991
This apache module is necessary for when one wants to use TLS for the
services running over httpd.
This only addressed RHEL based systems at the moment, since there is no
such package available for Ubuntu. This requires apache2.2-common which
will carry a lot more dependencies; So I think this should be handled
and decided in a separate patch.
when installing mod_ssl in RHEL-based distributions, an ssl.conf file is
installed in the /etc/httpd/conf.d directory. This file tells httpd to
listen on port 443; however, we don't want to do this by default, since
this should be explicitly enabled by the container's configuration. This
line is thus removed from the configuration.
A release note was added, which specifies this. And the last sentence
can be removed if this is addressed for debian/ubuntu as well.
Related-Bug: #1675490
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Id6215d31547247309d43c031e163fa9e4c4ec5dc
A recent change added httpd to heat-base image without preventing it to
listen to port 80 like it is done for other images.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I52573c804bfdf729ef994012abb9d7e4c277585d
Closes-Bug: #1675308
Some projects that use Kolla docker containers (TripleO) run heat under
httpd. This patch adds the httpd package so that it exists in the
container and can optionally by used via Docker entrypoints.
As many of these projects do not require the use of Apache (it is
opt-in) at this point not all deployment frameworks support the use of
it so the existing configuration defaults have been left as-is for now.
Change-Id: I4d648c4ce4f5f6ba311bfbbf9c78e06104163c61
Partially-Implements: blueprint apache-packages-for-apis
The heat-api-cloudwatch service is used in TripleO.
Partially-Implements: blueprint containerize-tripleo
Change-Id: I98d251ea34cf7ee451b45f0b8c6873488a229c36
1. Enable customization of pip packages in source
branch of most images
2. All pip packages install uniformly through
install-pip macro, user can easily customize his
own pip command (For example using a mirror)
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Change-Id: If09582039f690fa4136e8f33200d5da15e092da7
TripleO makes use of a heat-all container for undercloud
installation. This container includes the API, Engine, and
a new heat-all launcher (included in the monolith package).
Implements: blueprint heat-all
Change-Id: If1cc3e959b63f775e15e6eeef4b54981fb3793e9
include_header and include_footer parameter is already removed, remove
them in all Dockerfiles.
Add missing footer block.
Change-Id: I90da03eb9f95a3827361d5f5ede65fde7d6be2b3
This centralizes all user and group creation into a single source. This
will fix any current and furture uid/gid mismatches (such as with
nova-libvirt).
In the process, we also unify users between the distros in a standard
way. The users in the following containers change from thier defaults:
Ubuntu: _chrony user is now chrony
Ubuntu: memcache user is now memcached
All: qemu user is used for ownership and socket permissions
All uid and gid numbers are customizable via kolla-build.conf
Co-Authored-By: Kris Lindgren <klindgren@godaddy.com>
Change-Id: I120f26ab0683dc87d69727c3df8d4707e52a4543
Partially-Implements: blueprint static-uid-gid
Change needed to add header blocks to all Dockerfiles, similar to the
base.
Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.
Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
Is a best practice in Unix/Linux scripts to use dots
instead of source command.
Using dots will avoid issues with non BASH shells
TrivialFix
Change-Id: Ie6480a1954f853f79faffa093452715ebd9f7d90
Signed-off-by: Eduardo Gonzalez <dabarren@gmail.com>
Currently if the install_packages macro is run with an empty
package list, it will add a yum or apt-get command with no
packages listed.
This bug fix aims to omit this line when no packages have
been given, or, the operator wants to use the "_override" /
"_remove" functionality to disable all packages being
installed in a Dockerfile.
Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Change-Id: Ifaaaebfccc3adb0f2f68a35ac08e59378bc87fdb
Closes-bug: 1612446
This is not in sync with the current changes being
merged for customization
Change-Id: Ic6bbf32e2e48efef7cc0c5a3112a7fd8d09a5db6
Partially-implements: blueprint third-party-plugin-support
The --user-domain parameter is required when adding the role for
Heat. Without it, the command fails and the bootstrap
container exits early with the error message:
"No user with a name or ID of 'heat_domain_admin' exists."
Change-Id: I6f813edde3f437bca3ef521a43454146082bc5f5
Closes-bug: #1611768
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
This patchset contains customization of Dockerfile of heat containers
Change-Id: I3c2bae909ec6e8c3b0e460115ded3cc2456a212f
Partially-implements: blueprint third-party-plugin-support
heat_user_domain is what is in the docs, but more importantly it is
what we have in Liberty and will be a requirement to doing upgrades
properly.
Change-Id: I9cf53d43b4faaa5d1b0156cc50192722d2739602
Closes-Bug: #1553565
This could possibly use gold plating in how bootstrapping
operates to use shade rather than the shell in the container.
It is unclear why stack create failed prior to this patch, but
that fact hasn't changed. I think the heat domains are not setup
properly in the configuration files, meaning that the domain ID
must be created outside of Heat and registered in the configuration
file. This is covered in Bug #1553565.
Change-Id: I490d4dd68a101f388c0ecb4acab54d5eaa6e314e
Partially-Implements: blueprint kolla-upgrade
Implements: blueprint upgrade-heat
There were some inconsistencies with pip install instructions
thoughout Kolla. We fix those here.
Additionally, we fix the virtualenv to properly use the site-packages
on the host if a library is not available in the venv.
Change-Id: Ib84d48e8826bb96060338b3fa0782620c98794a8
Related-Bug: #1524684
Closes-Bug: #1529434
Use virtualenv for installation of OpenStack projects and
dependencies to avoid conflicts with Python libraries installed
by non-OpenStack binary packages.
Change-Id: I21ecd673b2e93335b1d3dd4e279e940c9d694c3c
Implements: blueprint virtualenv
The USER operation affects all docker commands after it. This causes a
problem with our {{ include_footer }} implementation since commands in
that footer may require elevated permissions to perform.
In the current implementation I can no longer remove my proxy settings
once the USER has been changed.
Change-Id: I9b2bab5a15f595f6d52a46c64ddf59ba5608b938
Partially-Implements: blueprint drop-root
the openstack-heat-common package installs the Heat UID/GID.
This is necessary pre-work for drop-root for heat services.
Change-Id: I247b0209248de144d20f5245973833be5cd8f14f
Partially-Implements: blueprint drop-root
Long story short, some kernels before 3.15 had an issue with using su
in a container when the network namespace was --net=host. The gate
has a 3.10 and a 3.13 kernel and has a problem with this. This changes
everything to use sudo
backport: liberty
Partially-Implements: blueprint functional-testing-gate
Change-Id: I4d79ccaa1cddffcc8393f64e7e1be2538efe33e5
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.
The start.sh is moved into /usr/local/bin/kolla_start in the container
The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.
Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.
Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.
Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295