FROM {{ base_image }}:{{ base_distro_tag }}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"

# We use curl in this dockerfile so let configure it before first use
COPY curlrc /root/.curlrc

{% block base_lang %}
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
# fixes issues arising from ascii fallback usage
ENV LANG en_US.UTF-8
{% endblock %}

{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %}    && {% endif -%}
    groupadd --force --gid {{ user.gid }} {{ name }} \
    && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
        {%- if not loop.last %} \{% endif -%}
{%- endfor %}

LABEL kolla_version="{{ kolla_version }}"

{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}

ENV KOLLA_BASE_DISTRO={{ base_distro }} \
    KOLLA_INSTALL_TYPE={{ install_type }} \
    KOLLA_INSTALL_METATYPE={{ install_metatype }} \
    KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
    KOLLA_BASE_ARCH={{ base_arch }}


#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
    && cat /tmp/kolla_bashrc >> /root/.bashrc

# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "

{% if base_package_type == 'rpm' %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system.  This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality.  I think we will :)

{# FIXME(mgoddard): Remove special case for CentOS 8 when CentOS 7 is no #}
{# longer supported. #}
RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \
    if [  $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ] && [ $CURRENT_DISTRO_RELEASE != 8 ]; then \
        echo "Only releases '{{ supported_distro_release }}' and '8' are supported on {{ base_distro }}"; false; \
    fi \
    && cat /tmp/kolla_bashrc >> /etc/bashrc \
    && sed -i 's|^\(override_install_langs=.*\)|# \1|' {% if distro_package_manager == 'dnf' %}/etc/dnf/dnf.conf{% else %}/etc/yum.conf{% endif %}

{% block base_yum_conf %}

{% if distro_package_manager == 'dnf' %}
COPY dnf.conf /etc/dnf/dnf.conf
{% else %}
COPY yum.conf /etc/yum.conf
{% endif %}

{% endblock %}

#### BEGIN REPO ENABLEMENT
{% set base_yum_repo_files = [
 ] %}

{% set base_yum_url_packages = [
] %}

{% set base_yum_repo_keys = [
] %}

{% if base_arch == 'x86_64' %}
    {% set base_yum_repo_files = [
        'grafana.repo',
        'influxdb.repo',
        'rabbitmq_rabbitmq-server.repo',
        'td.repo',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'crmsh.repo',
            'elasticsearch.repo',
            'opendaylight.repo',
        ] %}
    {% endif %}
    # NOTE(yoctozepto): use upstream erlang on CentOS 8
    # see https://launchpad.net/bugs/1884034
    {% if distro_package_manager == 'dnf' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'rabbitmq_rabbitmq-erlang.repo',
        ] %}
    {% endif %}

    {% set base_yum_repo_keys = [
        'https://packages.grafana.com/gpg.key',
        'https://repos.influxdata.com/influxdb.key',
        'https://packages.treasuredata.com/GPG-KEY-td-agent',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_keys = base_yum_repo_keys + [
            'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        ] %}
    {% endif %}
{% elif base_arch == 'aarch64' %}
    {% set base_yum_repo_files = [
        'grafana.repo',
        'rabbitmq_rabbitmq-server.repo',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'elasticsearch.repo',
        ] %}
    {% endif %}

    {% set base_yum_repo_keys = [
        'https://packages.grafana.com/gpg.key',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_keys = base_yum_repo_keys + [
            'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        ] %}
    {% endif %}
{% elif base_arch == 'ppc64le' %}
    {% set base_yum_repo_files = [
        'rabbitmq_rabbitmq-server.repo',
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_files = base_yum_repo_files + [
            'elasticsearch.repo',
        ] %}
    {% endif %}

    {% set base_yum_repo_keys = [
    ] %}
    # FIXME(mgoddard): Not available for CentOS 8 yet.
    {% if distro_package_manager == 'yum' %}
        {% set base_yum_repo_keys = base_yum_repo_keys + [
            'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        ] %}
    {% endif %}
{% endif %}

{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}

# NOTE(hrw): 'rabbitmq-server' is 'noarch' so we can install it on ppc64le from
# repo for other architecture.
# NOTE(mjturek): tripleo-ci overrides these repos so the file would not exist
# in that case. We test for the file's existence to avoid sed failing in that case.
{% if base_arch == 'ppc64le' %}
RUN if [[ -e /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo ]]; then \
      sed -i -e 's/\$basearch/x86_64/g' /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo; \
    fi
{% endif %}

{% block base_centos_repo_overrides_post_copy %}{% endblock %}

# Install what is needed for en_US.UTF-8
{% block base_centos_distro_sync_and_languages %}

{% if distro_package_manager == 'dnf' %}

{% set base_centos_language_packages = [
    'langpacks-en',
    'glibc-all-langpacks'
] %}

RUN {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
    && {{ macros.rpm_security_update(clean_package_cache) }}

{% endif %}

{% endblock %}

{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}

{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
{%- if loop.first %}RUN {% else %}    && {% endif -%}
    rpm --import {{ key }}
{%- if not loop.last %} \{% endif %}
{% endfor -%}

    {% if install_metatype in ['rdo', 'mixed'] %}

{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}

{% block base_centos_repo_overrides_post_rpm %}{% endblock %}

    {% endif %}
    {# endif for repo setup for all RHEL except RHEL OSP #}

    {% if install_metatype == 'rhos' %}

{% block base_rhos_repo_enablement %}
# Turn on the RHOS 7.0 repo for RHOS
RUN yum-config-manager --enable rhel-7-server-rpms \
    && yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
{% endblock %}

    {% endif %}

    {% if base_distro == 'centos' %}

{% block base_centos_gpg_key_import %}
{% if distro_package_manager == 'dnf' %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{% else %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
{% endif %}
{% endblock %}

{% set base_centos_yum_repo_keys = [
    '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud',
    '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools',
    '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
] %}

{% set base_centos_yum_repo_packages = [
    'centos-release-nfs-ganesha28',
    'centos-release-openstack-train',
    'centos-release-opstools',
    'epel-release',
] %}

{% set base_centos_yum_repos_to_disable = [
] %}

{% if distro_package_manager == 'dnf' %}
    {% set base_centos_yum_repo_keys = base_centos_yum_repo_keys + [
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization-RDO',
    ] %}
    # We need 'dnf-plugins-core' for 'dnf config-manager'
    {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
        'dnf-plugins-core'
    ] %}
    {% set base_centos_yum_repos_to_enable = [
        'ha',
        'powertools'
    ] %}
    # NOTE(yoctozepto): use upstream rabbitmq (3.7) and erlang on CentOS 8
    # see https://launchpad.net/bugs/1884034
    {% set base_centos_yum_repos_to_disable = [
        'centos-rabbitmq-38',
        'epel',
        'epel-modular',
    ] %}
{% else %}
    {% set base_centos_yum_repo_keys = base_centos_yum_repo_keys + [
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization',
    ] %}
    {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
        'centos-release-ceph-nautilus',
        'centos-release-qemu-ev',
        'yum-plugin-priorities',
    ] %}
{% endif %}


RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }} \
{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %}
{%- if distro_package_manager == 'dnf' %}
    && dnf config-manager --enable {{ repo }} \
{% else %}
    && yum-config-manager --enable {{ repo }} \
{% endif -%}
{% endfor -%}
{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %}
{%- if distro_package_manager == 'dnf' %}
    && dnf config-manager --disable {{ repo }} \
{%- else %}
    && yum-config-manager --disable {{ repo }} \
{%- endif -%}
{%- endfor %}
{% for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') -%}
    && rpm --import {{ key }} \
{% endfor -%}
{% block base_centos_repo_overrides_post_yum -%}{% endblock -%}
    && {{ macros.rpm_security_update(clean_package_cache) }}

    {%- endif %}
    {# Endif for base_distro centos #}

    {% if base_distro == 'rhel' %}

{% block base_rhel_package_installation %}
# Enable couple required repositories for all RHEL builds
# Turn on EPEL throughout the build
RUN yum-config-manager --enable rhel-7-server-optional-rpms \
    && {{ macros.install_packages( ['yum-plugin-priorities' ], chain=True, clean=False) }} \
    {%- if install_type != 'binary' or install_metatype != 'rdo' %}
    && {{ macros.install_packages( [ 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' ], chain=True, clean=False) }} \
    && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
    {% endif -%}
    && yum-config-manager --enable rhel-7-server-extras-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
    && {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}

    {% endif %}
    {# Endif for base_distro RHEL #}

#### END REPO ENABLEMENT

{# We are back to the basic if conditional here which is:
    if base_package_type == 'rpm' #}

{% set base_compiler_packages = [
    'gcc',
    'glibc-static'
] %}

{% block base_redhat_binary_versionlock %}{% endblock %}
    {% if install_type == 'binary' %}
{% set base_centos_binary_packages = [
        'ca-certificates',
        'findutils',
        'iproute',
        'iscsi-initiator-utils',
        'lvm2',
        'ncurses',
        'procps-ng',
        'socat',
        'sudo',
        'which'
] %}
{% if distro_python_version.startswith('3') %}
{% set base_centos_binary_packages = base_centos_binary_packages + [
        'python3',
        'python3-pip'
] %}
{% else %}
{% set base_centos_binary_packages = base_centos_binary_packages + [
        'python',
        'python-pip'
] %}
{% endif %}
{% if distro_package_manager == 'dnf' %}
    {% set base_centos_binary_packages = base_centos_binary_packages + [
        'util-linux-user',
    ] %}
{% else %}
    {% set base_centos_binary_packages = base_centos_binary_packages + [
        'scsi-target-utils',
    ] %}
{% endif %}

# Install base packages
{{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
    {% endif %}
    {# Endif for install_type binary #}

    {% if install_type == 'source' %}

{% set base_centos_source_packages = [
    'ca-certificates',
    'curl',
    'iproute',
    'iscsi-initiator-utils',
    'lvm2',
    'ncurses',
    'procps-ng',
    'socat',
    'sudo',
    'tar',
    'which'
] %}
{% if distro_python_version.startswith('3') %}
{% set base_centos_source_packages = base_centos_source_packages + [
        'python3',
        'python3-pip'
] %}
{% else %}
{% set base_centos_source_packages = base_centos_source_packages + [
        'python',
        'python-pip'
] %}
{% endif %}
{% if distro_package_manager == 'dnf' %}
    {% set base_centos_source_packages = base_centos_source_packages + [
        'util-linux-user',
    ] %}
{% else %}
    {% set base_centos_source_packages = base_centos_source_packages + [
        'scsi-target-utils',
    ] %}
{% endif %}
# Update packages
{{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}

    {% endif %}
    {# endif for install type is source for RPM based distros #}
{# endif for base_package_type rpm #}
{% elif base_package_type == 'deb' %}
# Ensure lsb_release exists
{{ macros.install_packages(['lsb-release']) }}

RUN if [ $(lsb_release -r -s) != "{{ supported_distro_release }}" ]; then \
        echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; fi

# Customize PS1 bash shell
# enlarge 'system users' range so 'haproxy' package will not complain
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
    && sed -i -e s/LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g /etc/adduser.conf

# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive

# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint

{% block base_ubuntu_package_pre %}
# Need apt-transport-https and ca-certificates before replacing sources.list or
# apt-get update will not work if any repositories are accessed via HTTPS
{% set base_ubuntu_package_pre_packages = [
    'apt-transport-https',
    'ca-certificates',
    'curl',
    'dirmngr',
    'gnupg'
] %}
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
{% endblock %}

{% block base_ubuntu_package_sources_list %}
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% else %}
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
{% endif %}
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
{% endblock %}

{% block base_ubuntu_package_apt_preferences %}
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
{% endblock %}

{% set base_apt_packages = [
   'apt-utils',
   'curl',
   'gawk',
   'iproute2',
   'kmod',
   'lvm2',
   'netbase',
   'open-iscsi',
   'procps',
   'python3',
   'python3-pip',
   'socat',
   'sudo',
   'tgt']
%}

{% set base_compiler_packages = [
    'build-essential'
] %}

{% if base_distro == 'ubuntu' %}
    {# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
    {# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
    {# 49B07274951063870A8B7EAE7B8AA1A344C05248 -- Opendaylight Signing Key <https://launchpad.net/~odl-team> #}
    {# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
    {# 4D8EB5FDA37AB55F41A135203BF88A0C6A770882 -- Apache Qpid PPA Signing Key <dev@qpid.apache.org> #}
    {# 901F9177AB97ACBE                         -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
    {# A20F259AEB9C94BB                         -- Sensuapp (Freight) <support@hw-ops.com> #}
    {# F1656F24C74CD1D8                         -- MariaDB Signing Key <signing-key@mariadb.org> #}
    {% set base_apt_keys = [
      '391A9AA2147192839E9DB0315EDB1B62EC4926EA',
      '46095ACC8548582C1A2699A9D27D666CD88E42B4',
      '49B07274951063870A8B7EAE7B8AA1A344C05248',
      '58118E89F3A912897C070ADBF76221572C52609D',
      '4D8EB5FDA37AB55F41A135203BF88A0C6A770882',
      '901F9177AB97ACBE',
      'A20F259AEB9C94BB',
      'F1656F24C74CD1D8',
    ] %}
    {% set remote_apt_keys = [
      'https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey',
      'https://packages.grafana.com/gpg.key',
      'https://repos.influxdata.com/influxdb.key'
    ] %}
{% elif base_distro == 'debian' %}
    {% set base_apt_keys = [
      '46095ACC8548582C1A2699A9D27D666CD88E42B4',
    ] %}
    {% set remote_apt_keys = [
      'https://download.docker.com/linux/debian/gpg',
      'https://packages.grafana.com/gpg.key',
      'http://buster-train.debian.net/debian/dists/pubkey.gpg',
      'https://packages.treasuredata.com/GPG-KEY-td-agent',
      'https://obs.linaro.org/repos/home:/marcin.juszkiewicz/debian-buster/Release.key',
    ] %}
    {% set base_apt_packages = base_apt_packages +
      ['sudo',]
    %}
{% endif %}

{% block base_ubuntu_package_installation %}
    {%- block base_ubuntu_package_key_installation %}
        {% for key in base_apt_keys | customizable('apt_keys') %}
            {%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --no-tty --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
            {%- if not loop.last %} \
            {% endif -%}
        {% endfor %}
        {% for key in remote_apt_keys | customizable('remote_apt_keys') %}
            {%- if loop.first %} RUN {% else %} && {% endif %}curl -L {{ key }} | apt-key add -
            {%- if not loop.last %} \
            {% endif -%}
        {% endfor %}
    {% endblock %}
RUN apt-get update \
    && apt-get -y install locales \
    && sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
    && locale-gen "$LANG" \
    && apt-get -y upgrade \
    && apt-get -y dist-upgrade \
    && apt-get -y install --no-install-recommends \
    {%- for package in base_apt_packages | customizable('apt_packages') %}
        {{ package }} \
    {%- endfor %}
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
{% endblock %}

# FIXME(mgoddard): Some images, including Horizon, depend on Ubuntu having a
# site-packages directory.
#{% if base_distro == 'ubuntu' %}
#RUN sed -i \
#        -e "s|\('purelib': '\$base/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
#        -e "s|\('platlib': '\$platbase/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
#        -e "s|\('headers': '\$base/\)local/\(include/python\$py_version_short/\$dist_name',\)|\1\2|" \
#        -e "s|\('scripts': '\$base/\)local/\(bin',\)|\1\2|" \
#        -e "s|\('data'   : '\$base\)/local\(',\)|\1\2|" \
#        /usr/lib/python{{ distro_python_version }}/distutils/command/install.py \
#    && rm -rf /usr/lib/python{{ distro_python_version }}/site-packages \
#    && ln -s dist-packages /usr/lib/{{ distro_python_version }}/site-packages
#{% endif %}

{# endif base_package_type deb #}
{% endif %}

{% if base_distro == 'centos' or base_distro == 'rhel' %}
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
    && sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
{% endif %}

COPY set_configs.py /usr/local/bin/kolla_set_configs
{% if distro_python_version.startswith('3') %}
RUN sed -i -e "s+#\!/usr/bin/env python+#\!/usr/bin/env python3+g" /usr/local/bin/kolla_set_configs
{% endif %}
COPY start.sh /usr/local/bin/kolla_start
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
COPY sudoers /etc/sudoers

{% if use_dumb_init %}

{% block dumb_init_installation %}
{% if base_arch == 'x86_64' %}

RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_{{debian_arch}} -o /usr/local/bin/dumb-init \
    && chmod +x /usr/local/bin/dumb-init

{% else %}

{{ macros.install_packages(base_compiler_packages) }}

{% set dumb_init_package_name = "dumb-init_1.2.2-1.1_" + debian_arch + ".deb" %}

RUN curl -sSL http://deb.debian.org/debian/pool/main/d/dumb-init/{{dumb_init_package_name}} -o {{dumb_init_package_name}} \
    && ar -x {{dumb_init_package_name}} data.tar.xz \
    && tar xf data.tar.xz ./usr/bin/dumb-init \
    && install -d -m 0755 /usr/local/bin \
    && mv usr/bin/dumb-init /usr/local/bin/dumb-init \
    && rm data.tar.xz {{dumb_init_package_name}}

{% endif %}
{% endblock %}

ENTRYPOINT ["dumb-init", "--single-child", "--"]

{% endif %}

RUN touch /usr/local/bin/kolla_extend_start \
    && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts /usr/local/bin/kolla_httpd_setup \
    && chmod 440 /etc/sudoers \
    && mkdir -p /var/log/kolla \
    && chown :kolla /var/log/kolla \
    && chmod 2775 /var/log/kolla \
    && rm -f /tmp/kolla_bashrc

{% block base_footer %}{% endblock %}
CMD ["kolla_start"]