16 Commits

Author SHA1 Message Date
Jawon Choo
31259fa595 Override image's meta info.
centos based images have wrong label info,
these changes fix own image's name and build-date.

Change-Id: I1d13f8f386c8db12b5fbe5f8ecbbf9e3fbb4ba1c
Closes-Bug: #1680341
2017-05-03 11:08:17 +09:00
Chen
8c463a47a9 Use LABEL instead of MAINTAINER (deprecated) in all Dockerfile.j2
Use LABEL instruction instead of MAINTAINER (deprecated) instruc-
tion as suggested by Docker's official dockerfile guide.
docs.docker.com/engine/reference/builder/#maintainer-deprecated

Closes-Bug: #1683652

Change-Id: Ie87a1ddf31aefcd0b623fd2837d78de420e76898
2017-04-20 16:50:05 +09:00
Marcin Juszkiewicz
69fef5cd59 debian: enable all images enabled for Ubuntu
Debian support is not maintained in Kolla so it got a bit behind Ubuntu
one. This changeset enables Debian for all images. Jessie (even with
backports) may be too old for some images though.

Also unify distro check to ['debian', 'ubuntu'] to keep alphabetical order
like it is done for RPM distributions.

Partially-Implements: blueprint multiarch-and-arm64-containers

Change-Id: I056233fbfa277e0e2360c07c3f80d9558c554357
2017-04-04 22:48:18 +02:00
Eduardo Gonzalez
623e54da37 Alphabetize packages
Some images have packages sorted alphabetically and some not.
Unify common style between all images.

Change-Id: I906ed89c10b12886665618752f525ba71d83d991
2017-03-28 16:45:16 +01:00
Juan Antonio Osorio Robles
9df58642c6 RHEL: Add mod_ssl for services running over httpd
This apache module is necessary for when one wants to use TLS for the
services running over httpd.

This only addressed RHEL based systems at the moment, since there is no
such package available for Ubuntu. This requires apache2.2-common which
will carry a lot more dependencies; So I think this should be handled
and decided in a separate patch.

when installing mod_ssl in RHEL-based distributions, an ssl.conf file is
installed in the /etc/httpd/conf.d directory. This file tells httpd to
listen on port 443; however, we don't want to do this by default, since
this should be explicitly enabled by the container's configuration. This
line is thus removed from the configuration.

A release note was added, which specifies this. And the last sentence
can be removed if this is addressed for debian/ubuntu as well.

Related-Bug: #1675490
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: Id6215d31547247309d43c031e163fa9e4c4ec5dc
2017-03-27 14:52:45 +03:00
Chao Guo
961224c6cf Use install-pip macro in most source images
1. Enable customization of pip packages in source
branch of most images
2. All pip packages install uniformly through
install-pip macro, user can easily customize his
own pip command (For example using a mirror)

Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Change-Id: If09582039f690fa4136e8f33200d5da15e092da7
2017-02-17 08:49:32 -03:00
zhubingbing
0d4befa418 remove /var/log/apache on keystone dockerfile
Change-Id: Ie32a0dba2c4d482570605f1eea78eca086fe04cf
2017-01-20 06:45:10 +00:00
Sam Yaple
58eee09c15 use static uid/gid in images
This centralizes all user and group creation into a single source. This
will fix any current and furture uid/gid mismatches (such as with
nova-libvirt).

In the process, we also unify users between the distros in a standard
way. The users in the following containers change from thier defaults:

Ubuntu: _chrony user is now chrony
Ubuntu: memcache user is now memcached
All: qemu user is used for ownership and socket permissions

All uid and gid numbers are customizable via kolla-build.conf

Co-Authored-By: Kris Lindgren <klindgren@godaddy.com>
Change-Id: I120f26ab0683dc87d69727c3df8d4707e52a4543
Partially-Implements: blueprint static-uid-gid
2017-01-17 09:02:21 -03:00
Jeffrey Zhang
6ef486fbff Remove footer block and variable in *-base images
Change-Id: I39aa88489f744f779150695f3f55ef80d42e1c61
Closes-Bug: #1653247
2017-01-05 22:05:29 +08:00
Jenkins
d69ab19701 Merge "Remove Fedora support" 2016-11-04 13:39:07 +00:00
Jeffrey Zhang
7de2e5202b Fix keystone image building issue
wsgi.py file is remove in O. should move to keystone-wsgi-admin and
keystone-wsgi-public script.

TrivialFix

Change-Id: If86c407fd208adc5be6df54ac05dc39ee1cf757e
2016-11-03 16:56:47 +00:00
Christian Berendt
5cd30d4914 Remove Fedora support
Closes-bug: #1616387
Change-Id: Id97f88b9baa3d48d33ce120962450a374282d044
2016-11-03 10:50:22 +01:00
Christian Berendt
bedca5b35e Fix keystone fernet file exchange via ssh
* install openssh client in keystone-fernet container
* install rsync in keystone-ssh container
* fix syntax issue in ssh configuration
* copy ssh configuration into keystone-fernet container
* copy id_rsa.pub into keystone-ssh container
* copy id_rsa into keystone-fernet container
* use full path to ssh binary in used scripts
* add missing newlines at EOF
* when using type source set /var/lib/keystone as home
  directory for the user keystone

Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Id6b41030056a69f6516a054beb2fc0e08226e876
Closes-bug: #1623013
2016-10-12 16:29:34 +00:00
Paul Bourke
893f14812d Allow operators to customise keystone source install
TrivialFix

Change-Id: I5fb6e2b72e56e018ed640811a9f4d1d77a3efb11
2016-09-16 11:11:32 +01:00
Paul Bourke
b41247c656 Add header blocks to all Dockerfiles
Change needed to add header blocks to all Dockerfiles, similar to the
base.

Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.

Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
2016-09-13 16:53:31 +01:00
Shaun Smekel
524868c632 Add dockerfiles for keystone fernet
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.

The Ansible component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support
2016-08-25 20:13:02 +10:00