kolla/docker/zun/zun-base/Dockerfile.j2
Hongbin Lu 570a6120be Add /var/lib/kolla/venv/bin to Zun exec_dirs
This is necessary for rootwrap/privsep to work properly

Change-Id: I128fb04a5ddeb77428697d33e2015158bc74738f
2018-09-30 16:14:31 +00:00

70 lines
2.2 KiB
Django/Jinja

FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
{% block zun_base_header %}{% endblock %}
{% import "macros.j2" as macros with context %}
{{ macros.configure_user(name='zun') }}
{% if install_type == 'binary' %}
RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
&& /bin/false
{% elif install_type == 'source' %}
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
{% set zun_base_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'python2-ldappool'
] %}
{{ macros.install_packages(zun_base_packages | customizable("packages")) }}
RUN mkdir -p /var/www/cgi-bin/zun \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['debian', 'ubuntu'] %}
{% set zun_base_packages = [
'apache2',
'libapache2-mod-wsgi',
'python-ldappool'
] %}
{{ macros.install_packages(zun_base_packages | customizable("packages")) }}
RUN mkdir -p /var/www/cgi-bin/zun \
&& echo > /etc/apache2/ports.conf
{% endif %}
ADD zun-base-archive /zun-base-source
{% set zun_base_pip_packages = [
'/zun'
] %}
RUN ln -s zun-base-source/* zun \
&& {{ macros.install_pip(zun_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/zun /var/www/cgi-bin/zun \
&& cp -r /zun/etc/zun/* /etc/zun/ \
&& cp /zun/zun/api/app.wsgi /var/www/cgi-bin/zun \
&& chown -R zun: /etc/zun /var/www/cgi-bin/zun \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/zun/rootwrap.conf
{% endif %}
COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 750 /etc/sudoers.d \
&& chmod 640 /etc/sudoers.d/kolla_zun_sudoers \
&& touch /usr/local/bin/kolla_zun_extend_start \
&& chmod 755 /var/www/cgi-bin/zun \
&& chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_zun_extend_start
{% block zun_base_footer %}{% endblock %}