FROM {{ base_image }}:{{ base_distro_tag }} {% block labels %} LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}" {% endblock %} RUN . /etc/os-release;\ if [ "${PRETTY_NAME#{{ supported_distro_name }}}" = "$PRETTY_NAME" ]; then \ echo "Only releases \"{{ supported_distro_name }}\" are supported on {{ base_distro }}"; false; \ fi # We use curl in this dockerfile so let configure it before first use COPY curlrc /root/.curlrc {% block base_lang %} # NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do # fixes issues arising from ascii fallback usage ENV LANG en_US.UTF-8 {% endblock %} LABEL kolla_version="{{ kolla_version }}" {% import "macros.j2" as macros with context %} {% block base_header %}{% endblock %} ENV KOLLA_BASE_DISTRO={{ base_distro }} \ KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \ KOLLA_BASE_ARCH={{ base_arch }} #### Customize PS1 to be used with bash shell COPY kolla_bashrc /tmp/ RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \ && cat /tmp/kolla_bashrc >> /root/.bashrc # PS1 var when used /bin/sh shell ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ " {% if base_package_type == 'rpm' %} # For RPM Variants, enable the correct repositories - this should all be done # in the base image so repos are consistent throughout the system. This also # enables to provide repo overrides at a later date in a simple fashion if we # desire such functionality. I think we will :) RUN cat /tmp/kolla_bashrc >> /etc/bashrc \ && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf {% block base_dnf_conf %} {% block base_yum_conf %} COPY dnf.conf /etc/dnf/dnf.conf {% endblock %} {% endblock %} #### BEGIN REPO ENABLEMENT {% set base_yum_repo_files = [ 'grafana.repo', 'influxdb.repo', 'mariadb.repo', 'opensearch.repo', 'proxysql.repo', 'rabbitmq_rabbitmq-server.repo', 'td.repo', ] %} {% set base_yum_url_packages = [ ] %} {% set base_yum_repo_keys = [ ] %} {% if base_arch == 'x86_64' %} {% set base_yum_repo_files = base_yum_repo_files + [ 'rabbitmq_rabbitmq-erlang.repo', ] %} {% elif base_arch == 'aarch64' %} {% set base_yum_repo_files = base_yum_repo_files + [ 'hrw-copr-erlang-for-rabbitmq.repo', ] %} {# SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977 'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc', #} {% set base_yum_repo_keys = base_yum_repo_keys + [ ] %} {% endif %} {%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %} COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }} {%- endfor %} {% block base_centos_repo_overrides_post_copy %}{% endblock %} # Install what is needed for en_US.UTF-8 {% block base_centos_distro_sync_and_languages %} {% set base_centos_language_packages = [ 'langpacks-en', 'glibc-all-langpacks' ] %} # NOTE(hrw): this macro file drops all languages other than C.UTF-8 so horizon fails # https://bugzilla.redhat.com/show_bug.cgi?id=1729770 RUN rm -f /etc/rpm/macros.image-language-conf \ && {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \ && {{ macros.rpm_security_update(clean_package_cache) }} {% endblock %} {{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }} {% for key in base_yum_repo_keys | customizable('yum_repo_keys') %} {%- if loop.first %}RUN {% else %} && {% endif -%} rpm --import {{ key }} {%- if not loop.last %} \{% endif %} {% endfor -%} {% for cmd in rpm_setup %} {{ cmd }} {% endfor %} {% block base_centos_repo_overrides_post_rpm %}{% endblock %} {% block base_centos_gpg_key_import %} {% endblock %} {% set base_centos_yum_repo_keys = [ ] %} {% set base_centos_yum_repo_packages = [ 'centos-release-ceph-reef', 'centos-release-nfv-openvswitch', 'centos-release-opstools', 'epel-release', ] %} # We need 'dnf-plugins-core' for 'dnf config-manager' {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [ 'dnf-plugins-core' ] %} {% set base_centos_yum_repos_to_enable = [ ] %} # FIXME(hrw): entries not starting with 'centos-' (and 'centos-nfv-ovs') are # from delorean or rdo-release-* package # https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241 {% set base_centos_yum_repos_to_disable = [ 'centos-ceph-reef', 'centos-nfv-openvswitch', 'centos-opstools', 'centos9-nfv-ovs', 'centos9-opstools', 'centos9-rabbitmq', 'centos9-storage', 'epel', 'influxdb', 'opensearch-2.x', 'opensearch-dashboards-2.x', ] %} {% if base_arch == 'aarch64' %} {# NOTE(hrw): delorean-deps.repo may force x86-64 repos #} RUN sed -i -e "s/x86_64/aarch64/g" /etc/yum.repos.d/delorean-deps.repo {% endif %} RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }} {%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %} && dnf config-manager --enable {{ repo }} {% endfor -%} {%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %} && dnf config-manager --disable {{ repo }} {% endfor -%} {%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \ {% block base_centos_repo_overrides_post_yum %}{% endblock -%} && {{ macros.rpm_security_update(clean_package_cache) }} #### END REPO ENABLEMENT {# We are back to the basic if conditional here which is: if base_package_type == 'rpm' #} {% block base_redhat_binary_versionlock %}{% endblock %} {# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #} {% set base_centos_packages = [ 'ca-certificates', 'crypto-policies-scripts', 'dumb-init', 'findutils', 'hostname', 'iproute', 'iscsi-initiator-utils', 'lsof', 'lvm2', 'ncurses', 'procps-ng', 'python3', 'python3-pip', 'socat', 'sudo', 'tar', 'util-linux', 'util-linux-user', 'which' ] %} # Install base packages {{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }} {# endif for base_package_type rpm #} {% elif base_package_type == 'deb' %} # This will prevent questions from being asked during the install ENV DEBIAN_FRONTEND noninteractive # Reducing disk footprint COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint {% block base_ubuntu_package_pre %} # curl and ca-certificates to fetch remote keys via http # gnupg to fetch keys directly from keyserver {% set base_ubuntu_package_pre_packages = [ 'adduser', 'ca-certificates', 'curl', 'gnupg' ] %} # ubuntu-cloud-keyring to install UCA packages {% if base_distro == 'ubuntu' %} {% set base_ubuntu_package_pre_packages = base_ubuntu_package_pre_packages + [ 'ubuntu-cloud-keyring' ] %} {% endif %} {{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }} {% endblock %} # Customize PS1 bash shell # - enlarge 'system users' range so 'haproxy' package will not complain # see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470 # - enlarge 'system groups' range so 'hacluster' user added in # https://review.opendev.org/c/openstack/kolla/+/802671 # can be in 'haclient' group with same high uid RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \ && sed -i -e s/#*LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \ -e s/#*LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf {% block base_ubuntu_package_sources_list %} {% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %} RUN rm -f /etc/apt/sources.list.d/debian.sources COPY sources.list.{{ base_distro }} /etc/apt/sources.list {% else %} COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list {% endif %} COPY sources.list /etc/apt/sources.list.d/kolla-custom.list {% endblock %} {% block base_debian_after_sources_list %}{% endblock %} {# install Debian Openstack repos - they are not mirrored on CI #} {% if base_distro == 'debian' %} RUN apt update \ && apt install -y --no-install-recommends extrepo \ && extrepo enable openstack_caracal \ && apt purge -y extrepo \ && apt --purge autoremove -y \ && apt clean {% endif %} {% block base_ubuntu_package_apt_preferences %} COPY apt_preferences.{{ base_distro }} /etc/apt/preferences COPY apt_preferences /etc/apt/preferences.d/kolla-custom {% endblock %} {% set base_apt_packages = [ 'apt-utils', 'dumb-init', 'gawk', 'iproute2', 'kmod', 'lsof', 'lvm2', 'netbase', 'open-iscsi', 'procps', 'python3', 'python3-pip', 'socat', 'sudo', 'tgt' ] %} {% set base_apt_keys = [ {'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'}, {'name': 'rabbitmq', 'keyid': '9F4587F226208342'}, {'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'}, ] %} {# NOTE(hrw): type field defaults to 'asc' which is used for single keys #} {% set base_remote_apt_keys = [ {'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'}, {'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'}, {'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'}, {'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'}, {'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-2.6.x/repo_pub_key'}, {'name': 'treasuredata', 'url': 'https://packages.treasuredata.com/GPG-KEY-td-agent'}, ] %} {% block base_ubuntu_package_installation %} {%- block base_ubuntu_package_key_installation %} {% for key in base_apt_keys | customizable('apt_keys') %} {%- if loop.first %}RUN mkdir -p /etc/kolla/apt-keys/{% endif %} \ && gpg --keyserver hkp://keyserver.ubuntu.com:80 \ {% if env.http_proxy %} --keyserver-options "http-proxy={{ env.http_proxy }}" {% endif %}\ --recv-keys {{ key.keyid }} \ && gpg --export {{ key.keyid }} >/etc/kolla/apt-keys/{{ key.name }}.gpg {%- if not loop.last %} \ {% endif -%} {% endfor %} {% for key in base_remote_apt_keys | customizable('remote_apt_keys') %} {%- if loop.first %} RUN mkdir -p /etc/kolla/apt-keys/ {% endif %} \ && curl {{ key.url }} -o /etc/kolla/apt-keys/{{ key.name }}.{{ key.type | default('asc') }} {%- if not loop.last %} \ {% endif -%} {% endfor %} {% endblock %} RUN apt-get --error-on=any update \ && apt-get -y install locales \ && sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \ && locale-gen "$LANG" \ && apt-get -y upgrade \ && apt-get -y dist-upgrade \ && {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }} {% endblock %} {# endif base_package_type deb #} {% endif %} {# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #} {# Specifics required such as homedir or shell are configured within the service specific image #} {%- for name, user in users | dictsort() %} {% if loop.first -%}RUN {% else %} && {% endif -%} groupadd --gid {{ user.gid }} {{ user.group }} \ && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }} {%- if not loop.last %} \{% endif -%} {%- endfor %} {% if base_distro == 'centos' %} RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \ && sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf {% endif %} COPY set_configs.py /usr/local/bin/kolla_set_configs COPY start.sh /usr/local/bin/kolla_start COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup COPY sudoers /etc/sudoers {% if use_dumb_init %} ENTRYPOINT ["dumb-init", "--single-child", "--"] {% endif %} {% if docker_healthchecks %} {% block healthcheck_installation %} COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/ RUN chmod 755 /usr/local/bin/healthcheck_* {% endblock %} {% endif %} RUN touch /usr/local/bin/kolla_extend_start \ && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \ && chmod 440 /etc/sudoers \ && mkdir -p /var/log/kolla \ && chown :kolla /var/log/kolla \ && chmod 2775 /var/log/kolla \ && rm -f /tmp/kolla_bashrc {% block base_pip_conf %} # the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here. # ENV PIP_INDEX_URL=https://pypi.python.org/simple # ENV PIP_TRUSTED_HOST=pypi.python.org # ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/{{ openstack_release }} {% endblock %} {% block base_footer %}{% endblock %} CMD ["kolla_start"]