58eee09c15
This centralizes all user and group creation into a single source. This will fix any current and furture uid/gid mismatches (such as with nova-libvirt). In the process, we also unify users between the distros in a standard way. The users in the following containers change from thier defaults: Ubuntu: _chrony user is now chrony Ubuntu: memcache user is now memcached All: qemu user is used for ownership and socket permissions All uid and gid numbers are customizable via kolla-build.conf Co-Authored-By: Kris Lindgren <klindgren@godaddy.com> Change-Id: I120f26ab0683dc87d69727c3df8d4707e52a4543 Partially-Implements: blueprint static-uid-gid
56 lines
2.1 KiB
Django/Jinja
56 lines
2.1 KiB
Django/Jinja
{% macro install_packages(packages) -%}
|
|
{% if packages is defined and packages|length > 0 -%}
|
|
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] -%}
|
|
RUN yum -y install {{ packages | join(' ') }} && yum clean all
|
|
{%- elif base_distro in ['ubuntu', 'debian'] -%}
|
|
{#-
|
|
debian_package_install is a utility method to build up an appropriate
|
|
set of commands to install packages in a debian-based environment that
|
|
may include URL links to a .deb package (e.g, heka)
|
|
-#}
|
|
RUN {{ debian_package_install(packages) }}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
{%- endmacro %}
|
|
|
|
|
|
{% macro install_pip(packages) %}
|
|
RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt {% for package in packages %}{{ package }} {% endfor %}
|
|
{% endmacro %}
|
|
|
|
|
|
{% macro configure_user(name, groups=None, shell=None, homedir=None) %}
|
|
{% set user=users[name] %}
|
|
{%- if not homedir %}
|
|
{% set homedir='/var/lib/' + name %}
|
|
{%- endif %}
|
|
RUN usermod --append --home {{ homedir }} --groups kolla {{ name }} \
|
|
{%- if groups %}
|
|
&& usermod --append --groups {{ groups }} {{ name }} \
|
|
{%- endif %}
|
|
{%- if shell %}
|
|
&& chsh --shell {{ shell }} {{ name }} \
|
|
{%- endif %}
|
|
&& mkdir -p {{ homedir }} \
|
|
&& chown -R {{ user.uid }}:{{ user.gid }} {{ homedir }}
|
|
{% endmacro %}
|
|
|
|
|
|
{% macro ubuntu_trove_bug_1651852() %}
|
|
{# NOTE(SamYaple): The postinst script breaks because it calls getenv instead of getent #}
|
|
{# TODO(SamYaple): Remove once issue is fixed -- https://bugs.launchpad.net/ubuntu/+source/openstack-trove/+bug/1651852 #}
|
|
RUN apt-get -y install --no-install-recommends trove-common \
|
|
|| sed -i 's/getenv/getent/g' /var/lib/dpkg/info/trove-common.postinst \
|
|
&& apt-get -y install -f \
|
|
&& apt-get clean
|
|
{% endmacro %}
|
|
|
|
|
|
{% macro debian_haproxy_existing_user_fix() %}
|
|
{# NOTE(SamYaple): The postinst script breaks if the user 'haproxy' already exists #}
|
|
RUN apt-get -y install --no-install-recommends haproxy \
|
|
|| sed -i '/^adduser/,+1 d' /var/lib/dpkg/info/haproxy.postinst \
|
|
&& apt-get -y install -f \
|
|
&& apt-get clean
|
|
{% endmacro %}
|