Kolla provides production-ready containers and deployment tools for operating OpenStack clouds
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

473 lines
17KB

  1. FROM {{ base_image }}:{{ base_distro_tag }}
  2. LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
  3. {# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
  4. {# Specifics required such as homedir or shell are configured within the service specific image #}
  5. {%- for name, user in users | dictsort() %}
  6. {% if loop.first -%}RUN {% else %} && {% endif -%}
  7. groupadd --force --gid {{ user.gid }} {{ name }} \
  8. && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
  9. {%- if not loop.last %} \{% endif -%}
  10. {%- endfor %}
  11. LABEL kolla_version="{{ kolla_version }}"
  12. {% import "macros.j2" as macros with context %}
  13. {% block base_header %}{% endblock %}
  14. ENV KOLLA_BASE_DISTRO={{ base_distro }} \
  15. KOLLA_INSTALL_TYPE={{ install_type }} \
  16. KOLLA_INSTALL_METATYPE={{ install_metatype }} \
  17. KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
  18. KOLLA_BASE_ARCH={{ base_arch }}
  19. #### Customize PS1 to be used with bash shell
  20. COPY kolla_bashrc /tmp/
  21. RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
  22. && cat /tmp/kolla_bashrc >> /root/.bashrc
  23. # PS1 var when used /bin/sh shell
  24. ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
  25. {% if base_package_type == 'rpm' %}
  26. # For RPM Variants, enable the correct repositories - this should all be done
  27. # in the base image so repos are consistent throughout the system. This also
  28. # enables to provide repo overrides at a later date in a simple fashion if we
  29. # desire such functionality. I think we will :)
  30. RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \
  31. if [ $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ]; then \
  32. echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; \
  33. fi \
  34. && cat /tmp/kolla_bashrc >> /etc/bashrc \
  35. && sed -i 's|^\(override_install_langs=.*\)|# \1|' {% if distro_package_manager == 'dnf' %}/etc/dnf/dnf.conf{% else %}/etc/yum.conf{% endif %}
  36. {% block base_yum_conf %}
  37. {% if base_distro in ['oraclelinux'] %}
  38. {% set centos_contentdir = 'centos' %}
  39. {% if base_arch in ['aarch64', 'ppc64le'] %}
  40. {% set centos_contentdir = 'altarch' %}
  41. {% endif %}
  42. RUN echo {{ centos_contentdir }} >> /etc/yum/vars/contentdir
  43. {% endif %}
  44. {% if distro_package_manager == 'dnf' %}
  45. COPY dnf.conf /etc/dnf/dnf.conf
  46. {% else %}
  47. COPY yum.conf /etc/yum.conf
  48. {% endif %}
  49. {% endblock %}
  50. #### BEGIN REPO ENABLEMENT
  51. {% set base_yum_repo_files = [
  52. ] %}
  53. {% set base_yum_url_packages = [
  54. ] %}
  55. {% set base_yum_repo_keys = [
  56. ] %}
  57. {% if base_arch == 'x86_64' %}
  58. {% set base_yum_repo_files = [
  59. 'crmsh.repo',
  60. 'elasticsearch.repo',
  61. 'grafana.repo',
  62. 'influxdb.repo',
  63. 'opendaylight.repo',
  64. 'percona-release.repo',
  65. 'rabbitmq_rabbitmq-server.repo',
  66. 'td.repo'
  67. ] %}
  68. ## NOTE(yoctozepto): Percona keys omitted on purpose (handled via the repo file for compatibility with Zuul)
  69. {% set base_yum_repo_keys = [
  70. 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
  71. 'https://packages.grafana.com/gpg.key',
  72. 'https://repos.influxdata.com/influxdb.key',
  73. 'https://packagecloud.io/gpg.key',
  74. 'https://packages.treasuredata.com/GPG-KEY-td-agent'
  75. ] %}
  76. {% elif base_arch == 'aarch64' %}
  77. {% set base_yum_repo_files = [
  78. 'elasticsearch.repo',
  79. 'grafana.repo',
  80. 'rabbitmq_rabbitmq-server.repo'
  81. ] %}
  82. {% set base_yum_repo_keys = [
  83. 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
  84. 'https://packages.grafana.com/gpg.key',
  85. 'https://packagecloud.io/gpg.key',
  86. ] %}
  87. {% endif %}
  88. {%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
  89. COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
  90. {%- endfor %}
  91. {{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
  92. {% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
  93. {%- if loop.first %}RUN {% else %} && {% endif -%}
  94. rpm --import {{ key }}
  95. {%- if not loop.last %} \{% endif %}
  96. {% endfor -%}
  97. {% if install_metatype in ['rdo', 'mixed'] %}
  98. {% for cmd in rpm_setup %}
  99. {{ cmd }}
  100. {% endfor %}
  101. {% endif %}
  102. {# endif for repo setup for all RHEL except RHEL OSP #}
  103. {% if install_metatype == 'rhos' %}
  104. {% block base_rhos_repo_enablement %}
  105. # Turn on the RHOS 7.0 repo for RHOS
  106. RUN yum-config-manager --enable rhel-7-server-rpms \
  107. && yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
  108. {% endblock %}
  109. {% endif %}
  110. {% if base_distro == 'centos' %}
  111. {% block base_centos_gpg_key_import %}
  112. RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  113. {% endblock %}
  114. {% set base_centos_yum_repo_keys = [
  115. '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools',
  116. '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
  117. '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization'
  118. ] %}
  119. {% set base_centos_yum_repo_packages = [
  120. 'centos-release-ceph-nautilus',
  121. 'centos-release-opstools',
  122. 'centos-release-qemu-ev',
  123. 'epel-release',
  124. 'yum-plugin-priorities'
  125. ] %}
  126. {% set base_centos_yum_repos_to_disable = [
  127. ] %}
  128. RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }} \
  129. {% for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') -%}
  130. && yum-config-manager --disable {{ repo }} \
  131. {% endfor -%}
  132. {% for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') -%}
  133. && rpm --import {{ key }} \
  134. {% endfor -%}
  135. && {{ macros.rpm_security_update(clean_package_cache) }}
  136. {%- endif %}
  137. {# Endif for base_distro centos #}
  138. {% if base_distro == 'rhel' %}
  139. {% block base_rhel_package_installation %}
  140. # Enable couple required repositories for all RHEL builds
  141. # Turn on EPEL throughout the build
  142. RUN yum-config-manager --enable rhel-7-server-optional-rpms \
  143. && {{ macros.install_packages( ['yum-plugin-priorities' ], chain=True, clean=False) }} \
  144. {%- if install_type != 'binary' or install_metatype != 'rdo' %}
  145. && {{ macros.install_packages( [ 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' ], chain=True, clean=False) }} \
  146. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
  147. {% endif -%}
  148. && yum-config-manager --enable rhel-7-server-extras-rpms \
  149. && yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
  150. && yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
  151. && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
  152. && {{ macros.rpm_security_update(clean_package_cache) }}
  153. {% endblock %}
  154. {% endif %}
  155. {# Endif for base_distro RHEL #}
  156. {% if base_distro == 'oraclelinux' %}
  157. {% block base_oraclelinux_package_installation %}
  158. COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo
  159. RUN {{ macros.install_packages( ['tar', 'yum-utils', 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' ], chain=True, clean=False) }} \
  160. && rpm -Uvh --nodeps \
  161. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-nfs-ganesha28-1.0-2.el7.centos.noarch.rpm \
  162. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-ceph-nautilus-1.2-2.el7.centos.noarch.rpm \
  163. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-opstools-1-8.el7.noarch.rpm \
  164. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-qemu-ev-1.0-3.el7.centos.noarch.rpm \
  165. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm \
  166. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-storage-common-2-2.el7.centos.noarch.rpm \
  167. && sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS-*.repo \
  168. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
  169. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools \
  170. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage \
  171. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization \
  172. && yum-config-manager --enable ol7_optional_latest ol7_addons \
  173. && {{ macros.install_packages( ['yum-plugin-priorities' ], chain=True, clean=False) }} \
  174. && {{ macros.rpm_security_update(clean_package_cache) }}
  175. {% endblock %}
  176. {% endif %}
  177. {# Endif for base_distro oraclelinux #}
  178. #### END REPO ENABLEMENT
  179. {# We are back to the basic if conditional here which is:
  180. if base_package_type == 'rpm' #}
  181. {% set base_compiler_packages = [
  182. 'gcc',
  183. 'glibc-static'
  184. ] %}
  185. {% block base_redhat_binary_versionlock %}{% endblock %}
  186. {% if install_type == 'binary' %}
  187. {% set base_centos_binary_packages = [
  188. 'findutils',
  189. 'iproute',
  190. 'iscsi-initiator-utils',
  191. 'lvm2',
  192. 'ncurses',
  193. 'procps-ng',
  194. 'scsi-target-utils',
  195. 'socat',
  196. 'sudo',
  197. 'which'
  198. ] %}
  199. {% if distro_python_version.startswith('3') %}
  200. {% set base_centos_binary_packages = base_centos_binary_packages + [
  201. 'python3'
  202. ] %}
  203. {% else %}
  204. {% set base_centos_binary_packages = base_centos_binary_packages + [
  205. 'python'
  206. ] %}
  207. {% endif %}
  208. # Install base packages
  209. {{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
  210. {% endif %}
  211. {# Endif for install_type binary #}
  212. {% if install_type == 'source' %}
  213. {% set base_centos_source_packages = [
  214. 'curl',
  215. 'iproute',
  216. 'iscsi-initiator-utils',
  217. 'lvm2',
  218. 'ncurses',
  219. 'procps-ng',
  220. 'scsi-target-utils',
  221. 'socat',
  222. 'sudo',
  223. 'tar',
  224. 'which'
  225. ] %}
  226. # Update packages
  227. {{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}
  228. {% endif %}
  229. {# endif for install type is source for RPM based distros #}
  230. {# endif for base_package_type rpm #}
  231. {% elif base_package_type == 'deb' %}
  232. RUN if [ $(awk -F '=' '/DISTRIB_RELEASE/{print $2}' /etc/lsb-release) != "{{ supported_distro_release }}" ]; then \
  233. echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; fi
  234. # Customize PS1 bash shell
  235. RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc
  236. # This will prevent questions from being asked during the install
  237. ENV DEBIAN_FRONTEND noninteractive
  238. # Reducing disk footprint
  239. COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
  240. {% block base_ubuntu_package_pre %}
  241. # Need apt-transport-https and ca-certificates before replacing sources.list or
  242. # apt-get update will not work if any repositories are accessed via HTTPS
  243. {% set base_ubuntu_package_pre_packages = [
  244. 'apt-transport-https',
  245. 'ca-certificates',
  246. 'curl',
  247. 'dirmngr',
  248. 'gnupg'
  249. ] %}
  250. {{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
  251. {% endblock %}
  252. {% block base_ubuntu_package_sources_list %}
  253. {% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
  254. COPY sources.list.{{ base_distro }} /etc/apt/sources.list
  255. {% else %}
  256. COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
  257. {% endif %}
  258. {% endblock %}
  259. {% block base_ubuntu_package_apt_preferences %}
  260. COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
  261. {% endblock %}
  262. {% set base_apt_packages = [
  263. 'apt-utils',
  264. 'curl',
  265. 'gawk',
  266. 'iproute2',
  267. 'kmod',
  268. 'lvm2',
  269. 'netbase',
  270. 'open-iscsi',
  271. 'procps',
  272. 'python3',
  273. 'socat',
  274. 'sudo',
  275. 'tgt']
  276. %}
  277. {% set base_compiler_packages = [
  278. 'build-essential'
  279. ] %}
  280. {% if base_distro == 'ubuntu' %}
  281. {# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
  282. {# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
  283. {# 49B07274951063870A8B7EAE7B8AA1A344C05248 -- Opendaylight Signing Key <https://launchpad.net/~odl-team> #}
  284. {# 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -- Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> #}
  285. {# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
  286. {# 4D8EB5FDA37AB55F41A135203BF88A0C6A770882 -- Apache Qpid PPA Signing Key <dev@qpid.apache.org> #}
  287. {# 901F9177AB97ACBE -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
  288. {# A20F259AEB9C94BB -- Sensuapp (Freight) <support@hw-ops.com> #}
  289. {# F1656F24C74CD1D8 -- MariaDB Signing Key <signing-key@mariadb.org> #}
  290. {% set base_apt_keys = [
  291. '391A9AA2147192839E9DB0315EDB1B62EC4926EA',
  292. '46095ACC8548582C1A2699A9D27D666CD88E42B4',
  293. '49B07274951063870A8B7EAE7B8AA1A344C05248',
  294. '4D1BB29D63D98E422B2113B19334A25F8507EFA5',
  295. '58118E89F3A912897C070ADBF76221572C52609D',
  296. '4D8EB5FDA37AB55F41A135203BF88A0C6A770882',
  297. '901F9177AB97ACBE',
  298. 'A20F259AEB9C94BB',
  299. 'F1656F24C74CD1D8',
  300. ] %}
  301. {% set remote_apt_keys = [
  302. 'https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey',
  303. 'https://packages.grafana.com/gpg.key',
  304. 'https://repos.influxdata.com/influxdb.key'
  305. ] %}
  306. {% elif base_distro == 'debian' %}
  307. {% set base_apt_keys = [
  308. '46095ACC8548582C1A2699A9D27D666CD88E42B4',
  309. '4D1BB29D63D98E422B2113B19334A25F8507EFA5',
  310. ] %}
  311. {% set remote_apt_keys = [
  312. 'https://download.docker.com/linux/debian/gpg',
  313. 'https://packages.grafana.com/gpg.key'
  314. ] %}
  315. {% set base_apt_packages = base_apt_packages +
  316. ['sudo',]
  317. %}
  318. {% endif %}
  319. {% block base_ubuntu_package_installation %}
  320. {%- block base_ubuntu_package_key_installation %}
  321. {% for key in base_apt_keys | customizable('apt_keys') %}
  322. {%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --no-tty --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
  323. {%- if not loop.last %} \
  324. {% endif -%}
  325. {% endfor %}
  326. {% for key in remote_apt_keys | customizable('remote_apt_keys') %}
  327. {%- if loop.first %} RUN {% else %} && {% endif %}curl -L {{ key }} | apt-key add -
  328. {%- if not loop.last %} \
  329. {% endif -%}
  330. {% endfor %}
  331. {% endblock %}
  332. RUN apt-get update \
  333. && apt-get -y upgrade \
  334. && apt-get -y dist-upgrade \
  335. && apt-get -y install --no-install-recommends \
  336. {%- for package in base_apt_packages | customizable('apt_packages') %}
  337. {{ package }} \
  338. {%- endfor %}
  339. && apt-get clean \
  340. && rm -rf /var/lib/apt/lists/*
  341. {% endblock %}
  342. # FIXME(mgoddard): Some images, including Horizon, depend on Ubuntu having a
  343. # site-packages directory.
  344. #{% if base_distro == 'ubuntu' %}
  345. #RUN sed -i \
  346. # -e "s|\('purelib': '\$base/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
  347. # -e "s|\('platlib': '\$platbase/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
  348. # -e "s|\('headers': '\$base/\)local/\(include/python\$py_version_short/\$dist_name',\)|\1\2|" \
  349. # -e "s|\('scripts': '\$base/\)local/\(bin',\)|\1\2|" \
  350. # -e "s|\('data' : '\$base\)/local\(',\)|\1\2|" \
  351. # /usr/lib/python{{ distro_python_version }}/distutils/command/install.py \
  352. # && rm -rf /usr/lib/python{{ distro_python_version }}/site-packages \
  353. # && ln -s dist-packages /usr/lib/{{ distro_python_version }}/site-packages
  354. #{% endif %}
  355. {# endif base_package_type deb #}
  356. {% endif %}
  357. {% if base_distro == 'centos' or base_distro == 'rhel' %}
  358. RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
  359. {% endif %}
  360. COPY set_configs.py /usr/local/bin/kolla_set_configs
  361. {% if distro_python_version.startswith('3') %}
  362. RUN sed -i -e "s+#\!/usr/bin/env python+#\!/usr/bin/env python3+g" /usr/local/bin/kolla_set_configs
  363. {% endif %}
  364. COPY start.sh /usr/local/bin/kolla_start
  365. COPY sudoers /etc/sudoers
  366. COPY curlrc /root/.curlrc
  367. {% if use_dumb_init %}
  368. {% block dumb_init_installation %}
  369. {% if base_arch == 'x86_64' %}
  370. RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_{{debian_arch}} -o /usr/local/bin/dumb-init \
  371. && chmod +x /usr/local/bin/dumb-init
  372. {% else %}
  373. {{ macros.install_packages(base_compiler_packages) }}
  374. {% set dumb_init_package_name = "dumb-init_1.2.2-1.1_" + debian_arch + ".deb" %}
  375. RUN curl -sSL http://deb.debian.org/debian/pool/main/d/dumb-init/{{dumb_init_package_name}} -o {{dumb_init_package_name}} \
  376. && ar -x {{dumb_init_package_name}} data.tar.xz \
  377. && tar xf data.tar.xz ./usr/bin/dumb-init \
  378. && install -d -m 0755 /usr/local/bin \
  379. && mv usr/bin/dumb-init /usr/local/bin/dumb-init \
  380. && rm data.tar.xz {{dumb_init_package_name}}
  381. {% endif %}
  382. {% endblock %}
  383. ENTRYPOINT ["dumb-init", "--single-child", "--"]
  384. {% endif %}
  385. RUN touch /usr/local/bin/kolla_extend_start \
  386. && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs \
  387. && chmod 440 /etc/sudoers \
  388. && mkdir -p /var/log/kolla \
  389. && chown :kolla /var/log/kolla \
  390. && chmod 2775 /var/log/kolla \
  391. && rm -f /tmp/kolla_bashrc
  392. {% block base_footer %}{% endblock %}
  393. CMD ["kolla_start"]