395 lines
13 KiB
Django/Jinja
395 lines
13 KiB
Django/Jinja
FROM {{ base_image }}:{{ base_distro_tag }}
|
|
{% block labels %}
|
|
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
|
|
{% endblock %}
|
|
|
|
RUN . /etc/os-release;\
|
|
if [ "${PRETTY_NAME#{{ supported_distro_name }}}" = "$PRETTY_NAME" ]; then \
|
|
echo "Only releases \"{{ supported_distro_name }}\" are supported on {{ base_distro }}"; false; \
|
|
fi
|
|
|
|
# We use curl in this dockerfile so let configure it before first use
|
|
COPY curlrc /root/.curlrc
|
|
|
|
{% block base_lang %}
|
|
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
|
|
# fixes issues arising from ascii fallback usage
|
|
ENV LANG en_US.UTF-8
|
|
{% endblock %}
|
|
|
|
LABEL kolla_version="{{ kolla_version }}"
|
|
|
|
{% import "macros.j2" as macros with context %}
|
|
{% block base_header %}{% endblock %}
|
|
|
|
ENV KOLLA_BASE_DISTRO={{ base_distro }} \
|
|
KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
|
|
KOLLA_BASE_ARCH={{ base_arch }}
|
|
|
|
|
|
#### Customize PS1 to be used with bash shell
|
|
COPY kolla_bashrc /tmp/
|
|
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
|
|
&& cat /tmp/kolla_bashrc >> /root/.bashrc
|
|
|
|
# PS1 var when used /bin/sh shell
|
|
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
|
|
|
|
{% if base_package_type == 'rpm' %}
|
|
# For RPM Variants, enable the correct repositories - this should all be done
|
|
# in the base image so repos are consistent throughout the system. This also
|
|
# enables to provide repo overrides at a later date in a simple fashion if we
|
|
# desire such functionality. I think we will :)
|
|
|
|
RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
|
|
&& sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
|
|
|
|
{% block base_dnf_conf %}
|
|
{% block base_yum_conf %}
|
|
|
|
COPY dnf.conf /etc/dnf/dnf.conf
|
|
|
|
{% endblock %}
|
|
{% endblock %}
|
|
|
|
#### BEGIN REPO ENABLEMENT
|
|
{% set base_yum_repo_files = [
|
|
'grafana.repo',
|
|
'influxdb.repo',
|
|
'mariadb.repo',
|
|
'opensearch.repo',
|
|
'proxysql.repo',
|
|
'rabbitmq_rabbitmq-server.repo',
|
|
'td.repo',
|
|
] %}
|
|
|
|
{% set base_yum_url_packages = [
|
|
] %}
|
|
|
|
{% set base_yum_repo_keys = [
|
|
] %}
|
|
|
|
{% if base_arch == 'x86_64' %}
|
|
{% set base_yum_repo_files = base_yum_repo_files + [
|
|
'rabbitmq_rabbitmq-erlang.repo',
|
|
] %}
|
|
|
|
{% elif base_arch == 'aarch64' %}
|
|
{% set base_yum_repo_files = base_yum_repo_files + [
|
|
'hrw-copr-erlang-for-rabbitmq.repo',
|
|
] %}
|
|
|
|
{#
|
|
SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977
|
|
'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc',
|
|
#}
|
|
{% set base_yum_repo_keys = base_yum_repo_keys + [
|
|
] %}
|
|
{% endif %}
|
|
|
|
{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
|
|
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
|
|
{%- endfor %}
|
|
|
|
{% block base_centos_repo_overrides_post_copy %}{% endblock %}
|
|
|
|
# Install what is needed for en_US.UTF-8
|
|
{% block base_centos_distro_sync_and_languages %}
|
|
|
|
{% set base_centos_language_packages = [
|
|
'langpacks-en',
|
|
'glibc-all-langpacks'
|
|
] %}
|
|
|
|
# NOTE(hrw): this macro file drops all languages other than C.UTF-8 so horizon fails
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1729770
|
|
RUN rm -f /etc/rpm/macros.image-language-conf \
|
|
&& {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
|
|
&& {{ macros.rpm_security_update(clean_package_cache) }}
|
|
|
|
{% endblock %}
|
|
|
|
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
|
|
|
|
{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
|
|
{%- if loop.first %}RUN {% else %} && {% endif -%}
|
|
rpm --import {{ key }}
|
|
{%- if not loop.last %} \{% endif %}
|
|
{% endfor -%}
|
|
|
|
{% for cmd in rpm_setup %}
|
|
{{ cmd }}
|
|
{% endfor %}
|
|
|
|
{% block base_centos_repo_overrides_post_rpm %}{% endblock %}
|
|
|
|
{% block base_centos_gpg_key_import %}
|
|
{% endblock %}
|
|
|
|
{% set base_centos_yum_repo_keys = [
|
|
] %}
|
|
|
|
{% set base_centos_yum_repo_packages = [
|
|
'centos-release-ceph-quincy',
|
|
'centos-release-nfv-openvswitch',
|
|
'centos-release-opstools',
|
|
'epel-release',
|
|
] %}
|
|
|
|
# We need 'dnf-plugins-core' for 'dnf config-manager'
|
|
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
|
|
'dnf-plugins-core'
|
|
] %}
|
|
{% set base_centos_yum_repos_to_enable = [
|
|
] %}
|
|
|
|
# FIXME(hrw): entries not starting with 'centos-' (and 'centos-nfv-ovs') are
|
|
# from delorean or rdo-release-* package
|
|
# https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241
|
|
{% set base_centos_yum_repos_to_disable = [
|
|
'centos-ceph-reef',
|
|
'centos-nfv-openvswitch',
|
|
'centos-opstools',
|
|
'centos9-nfv-ovs',
|
|
'centos9-opstools',
|
|
'centos9-rabbitmq',
|
|
'centos9-storage',
|
|
'epel',
|
|
'influxdb',
|
|
'opensearch-2.x',
|
|
'opensearch-dashboards-2.x',
|
|
] %}
|
|
|
|
{% if base_arch == 'aarch64' %}
|
|
|
|
{# NOTE(hrw): delorean-deps.repo may force x86-64 repos #}
|
|
|
|
RUN sed -i -e "s/x86_64/aarch64/g" /etc/yum.repos.d/delorean-deps.repo
|
|
|
|
{% endif %}
|
|
|
|
RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }}
|
|
|
|
{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %} && dnf config-manager --enable {{ repo }} {% endfor -%}
|
|
|
|
{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %} && dnf config-manager --disable {{ repo }} {% endfor -%}
|
|
|
|
{%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \
|
|
{% block base_centos_repo_overrides_post_yum %}{% endblock -%}
|
|
&& {{ macros.rpm_security_update(clean_package_cache) }}
|
|
|
|
#### END REPO ENABLEMENT
|
|
|
|
{# We are back to the basic if conditional here which is:
|
|
if base_package_type == 'rpm' #}
|
|
|
|
{% block base_redhat_binary_versionlock %}{% endblock %}
|
|
|
|
{# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #}
|
|
{% set base_centos_packages = [
|
|
'ca-certificates',
|
|
'crypto-policies-scripts',
|
|
'dumb-init',
|
|
'findutils',
|
|
'hostname',
|
|
'iproute',
|
|
'iscsi-initiator-utils',
|
|
'lsof',
|
|
'lvm2',
|
|
'ncurses',
|
|
'procps-ng',
|
|
'python3',
|
|
'python3-pip',
|
|
'socat',
|
|
'sudo',
|
|
'tar',
|
|
'util-linux',
|
|
'util-linux-user',
|
|
'which'
|
|
] %}
|
|
|
|
# Install base packages
|
|
{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
|
|
|
|
{# endif for base_package_type rpm #}
|
|
{% elif base_package_type == 'deb' %}
|
|
# This will prevent questions from being asked during the install
|
|
ENV DEBIAN_FRONTEND noninteractive
|
|
|
|
# Reducing disk footprint
|
|
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
|
|
|
|
{% block base_ubuntu_package_pre %}
|
|
# curl and ca-certificates to fetch remote keys via http
|
|
# gnupg to fetch keys directly from keyserver
|
|
{% set base_ubuntu_package_pre_packages = [
|
|
'adduser',
|
|
'ca-certificates',
|
|
'curl',
|
|
'gnupg'
|
|
] %}
|
|
# ubuntu-cloud-keyring to install UCA packages
|
|
{% if base_distro == 'ubuntu' %}
|
|
{% set base_ubuntu_package_pre_packages = base_ubuntu_package_pre_packages + [
|
|
'ubuntu-cloud-keyring'
|
|
] %}
|
|
{% endif %}
|
|
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
|
|
{% endblock %}
|
|
|
|
# Customize PS1 bash shell
|
|
# - enlarge 'system users' range so 'haproxy' package will not complain
|
|
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
|
|
# - enlarge 'system groups' range so 'hacluster' user added in
|
|
# https://review.opendev.org/c/openstack/kolla/+/802671
|
|
# can be in 'haclient' group with same high uid
|
|
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
|
|
&& sed -i -e s/#*LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
|
|
-e s/#*LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
|
|
|
|
{% block base_ubuntu_package_sources_list %}
|
|
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
|
|
RUN rm -f /etc/apt/sources.list.d/debian.sources
|
|
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
|
|
{% else %}
|
|
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
|
|
{% endif %}
|
|
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
|
|
{% endblock %}
|
|
|
|
{% block base_debian_after_sources_list %}{% endblock %}
|
|
|
|
{# install Debian Openstack repos - they are not mirrored on CI #}
|
|
{% if base_distro == 'debian' %}
|
|
|
|
RUN apt update \
|
|
&& apt install -y --no-install-recommends extrepo \
|
|
&& extrepo enable openstack_bobcat \
|
|
&& apt purge -y extrepo \
|
|
&& apt --purge autoremove -y \
|
|
&& apt clean
|
|
|
|
{% endif %}
|
|
|
|
{% block base_ubuntu_package_apt_preferences %}
|
|
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
|
|
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
|
|
{% endblock %}
|
|
|
|
{% set base_apt_packages = [
|
|
'apt-utils',
|
|
'dumb-init',
|
|
'gawk',
|
|
'iproute2',
|
|
'kmod',
|
|
'lsof',
|
|
'lvm2',
|
|
'netbase',
|
|
'open-iscsi',
|
|
'procps',
|
|
'python3',
|
|
'python3-pip',
|
|
'socat',
|
|
'sudo',
|
|
'tgt'
|
|
] %}
|
|
|
|
{% set base_apt_keys = [
|
|
{'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
|
|
{'name': 'rabbitmq', 'keyid': '9F4587F226208342'},
|
|
{'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
|
|
] %}
|
|
|
|
{# NOTE(hrw): type field defaults to 'asc' which is used for single keys #}
|
|
{% set base_remote_apt_keys = [
|
|
{'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'},
|
|
{'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'},
|
|
{'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
|
|
{'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'},
|
|
{'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-2.5.x/repo_pub_key'},
|
|
{'name': 'treasuredata', 'url': 'https://packages.treasuredata.com/GPG-KEY-td-agent'},
|
|
] %}
|
|
|
|
{% block base_ubuntu_package_installation %}
|
|
{%- block base_ubuntu_package_key_installation %}
|
|
{% for key in base_apt_keys | customizable('apt_keys') %}
|
|
{%- if loop.first %}RUN mkdir -p /etc/kolla/apt-keys/{% endif %} \
|
|
&& gpg --keyserver hkp://keyserver.ubuntu.com:80 \
|
|
{% if env.http_proxy %} --keyserver-options "http-proxy={{ env.http_proxy }}" {% endif %}\
|
|
--recv-keys {{ key.keyid }} \
|
|
&& gpg --export {{ key.keyid }} >/etc/kolla/apt-keys/{{ key.name }}.gpg
|
|
{%- if not loop.last %} \
|
|
{% endif -%}
|
|
{% endfor %}
|
|
{% for key in base_remote_apt_keys | customizable('remote_apt_keys') %}
|
|
{%- if loop.first %} RUN mkdir -p /etc/kolla/apt-keys/ {% endif %} \
|
|
&& curl {{ key.url }} -o /etc/kolla/apt-keys/{{ key.name }}.{{ key.type | default('asc') }}
|
|
{%- if not loop.last %} \
|
|
{% endif -%}
|
|
{% endfor %}
|
|
{% endblock %}
|
|
RUN apt-get --error-on=any update \
|
|
&& apt-get -y install locales \
|
|
&& sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
|
|
&& locale-gen "$LANG" \
|
|
&& apt-get -y upgrade \
|
|
&& apt-get -y dist-upgrade \
|
|
&& {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }}
|
|
|
|
{% endblock %}
|
|
|
|
{# endif base_package_type deb #}
|
|
{% endif %}
|
|
|
|
{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
|
|
{# Specifics required such as homedir or shell are configured within the service specific image #}
|
|
{%- for name, user in users | dictsort() %}
|
|
{% if loop.first -%}RUN {% else %} && {% endif -%}
|
|
groupadd --gid {{ user.gid }} {{ user.group }} \
|
|
&& useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
|
|
{%- if not loop.last %} \{% endif -%}
|
|
{%- endfor %}
|
|
|
|
{% if base_distro == 'centos' %}
|
|
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
|
|
&& sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
|
|
{% endif %}
|
|
|
|
COPY set_configs.py /usr/local/bin/kolla_set_configs
|
|
COPY start.sh /usr/local/bin/kolla_start
|
|
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
|
|
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
|
|
COPY sudoers /etc/sudoers
|
|
|
|
{% if use_dumb_init %}
|
|
ENTRYPOINT ["dumb-init", "--single-child", "--"]
|
|
{% endif %}
|
|
|
|
{% if docker_healthchecks %}
|
|
{% block healthcheck_installation %}
|
|
|
|
COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/
|
|
RUN chmod 755 /usr/local/bin/healthcheck_*
|
|
|
|
{% endblock %}
|
|
{% endif %}
|
|
|
|
RUN touch /usr/local/bin/kolla_extend_start \
|
|
&& chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts \
|
|
&& chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \
|
|
&& chmod 440 /etc/sudoers \
|
|
&& mkdir -p /var/log/kolla \
|
|
&& chown :kolla /var/log/kolla \
|
|
&& chmod 2775 /var/log/kolla \
|
|
&& rm -f /tmp/kolla_bashrc
|
|
|
|
{% block base_pip_conf %}
|
|
# the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here.
|
|
# ENV PIP_INDEX_URL=https://pypi.python.org/simple
|
|
# ENV PIP_TRUSTED_HOST=pypi.python.org
|
|
# ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/{{ openstack_release }}
|
|
{% endblock %}
|
|
|
|
{% block base_footer %}{% endblock %}
|
|
CMD ["kolla_start"]
|