openstack/kolla
Code Issues Proposed changes
a7135c9e15
kolla/docker/base/Dockerfile.j2
Roman Krček 8ae55dd0b8 Refactor dev mode 
Provides mechanism for future work to fix bug where when package file
manifest changes, the changes were not reflected in to devmode-enabled
container.

It changes the strategy of installing projects in dev mode in containers.
Instead of bind mounting the project's git repository to the venv
of the container, the repository is bind mounted to
/dev-mode/<project_name> from which the it is installed using pip
on every startup of the container using kolla_install_projects script.

Related-bug: #1814515
Change-Id: Ia1bdff87cba73587a03124ab78a56b21c6176373
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
2024-09-04 06:37:09 +00:00

399 lines
13 KiB
Django/Jinja
Raw Blame History

FROM {{ base_image }}:{{ base_distro_tag }}
{% block labels %}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
{% endblock %}
RUN . /etc/os-release;\
if [ "${PRETTY_NAME#{{ supported_distro_name }}}" = "$PRETTY_NAME" ]; then \
echo "Only releases \"{{ supported_distro_name }}\" are supported on {{ base_distro }}"; false; \
fi
# We use curl in this dockerfile so let configure it before first use
COPY curlrc /root/.curlrc
{% block base_lang %}
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
# fixes issues arising from ascii fallback usage
ENV LANG en_US.UTF-8
{% endblock %}
LABEL kolla_version="{{ kolla_version }}"
{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}
ENV KOLLA_BASE_DISTRO={{ base_distro }} \
KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
KOLLA_BASE_ARCH={{ base_arch }}
#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
&& cat /tmp/kolla_bashrc >> /root/.bashrc
# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
{% if base_package_type == 'rpm' %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system. This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality. I think we will :)
RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
&& sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
{% block base_dnf_conf %}
{% block base_yum_conf %}
COPY dnf.conf /etc/dnf/dnf.conf
{% endblock %}
{% endblock %}
#### BEGIN REPO ENABLEMENT
{% set base_yum_repo_files = [
'grafana.repo',
'influxdb.repo',
'mariadb.repo',
'opensearch.repo',
'proxysql.repo',
'rabbitmq_rabbitmq-server.repo',
'td.repo',
] %}
{% set base_yum_url_packages = [
] %}
{% set base_yum_repo_keys = [
] %}
{% if base_arch == 'x86_64' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'rabbitmq_rabbitmq-erlang.repo',
] %}
{% elif base_arch == 'aarch64' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'hrw-copr-erlang-for-rabbitmq.repo',
] %}
{#
SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977
'https://packages.erlang-solutions.com/rpm/erlang_solutions.asc',
#}
{% set base_yum_repo_keys = base_yum_repo_keys + [
] %}
{% endif %}
{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}
{% block base_centos_repo_overrides_post_copy %}{% endblock %}
# Install what is needed for en_US.UTF-8
{% block base_centos_distro_sync_and_languages %}
{% set base_centos_language_packages = [
'langpacks-en',
'glibc-all-langpacks'
] %}
# NOTE(hrw): this macro file drops all languages other than C.UTF-8 so horizon fails
# https://bugzilla.redhat.com/show_bug.cgi?id=1729770
RUN rm -f /etc/rpm/macros.image-language-conf \
&& {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
&& {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{%- if not loop.last %} \{% endif %}
{% endfor -%}
{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}
{% block base_centos_repo_overrides_post_rpm %}{% endblock %}
{% block base_centos_gpg_key_import %}
{% endblock %}
{% set base_centos_yum_repo_keys = [
] %}
{% set base_centos_yum_repo_packages = [
'centos-release-ceph-reef',
'centos-release-nfv-openvswitch',
'centos-release-opstools',
'epel-release',
] %}
# We need 'dnf-plugins-core' for 'dnf config-manager'
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
'dnf-plugins-core'
] %}
{% set base_centos_yum_repos_to_enable = [
] %}
# FIXME(hrw): entries not starting with 'centos-' (and 'centos-nfv-ovs') are
# from delorean or rdo-release-* package
# https://review.rdoproject.org/r/c/rdo-infra/ansible-role-dlrn/+/33241
{% set base_centos_yum_repos_to_disable = [
'centos-ceph-reef',
'centos-nfv-openvswitch',
'centos-opstools',
'centos9-nfv-ovs',
'centos9-opstools',
'centos9-rabbitmq',
'centos9-storage',
'epel',
'influxdb',
'opensearch-2.x',
'opensearch-dashboards-2.x',
] %}
{% if base_arch == 'aarch64' %}
{# NOTE(hrw): delorean-deps.repo may force x86-64 repos #}
RUN sed -i -e "s/x86_64/aarch64/g" /etc/yum.repos.d/delorean-deps.repo
{% endif %}
RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }}
{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %} && dnf config-manager --enable {{ repo }} {% endfor -%}
{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %} && dnf config-manager --disable {{ repo }} {% endfor -%}
{%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \
{% block base_centos_repo_overrides_post_yum %}{% endblock -%}
&& {{ macros.rpm_security_update(clean_package_cache) }}
#### END REPO ENABLEMENT
{# We are back to the basic if conditional here which is:
if base_package_type == 'rpm' #}
{% block base_redhat_binary_versionlock %}{% endblock %}
{# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #}
{% set base_centos_packages = [
'ca-certificates',
'crypto-policies-scripts',
'dumb-init',
'findutils',
'hostname',
'iproute',
'iscsi-initiator-utils',
'lsof',
'lvm2',
'ncurses',
'procps-ng',
'python3',
'python3-pip',
'socat',
'sudo',
'tar',
'util-linux',
'util-linux-user',
'which'
] %}
# Install base packages
{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
{# endif for base_package_type rpm #}
{% elif base_package_type == 'deb' %}
# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive
# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
{% block base_ubuntu_package_pre %}
# curl and ca-certificates to fetch remote keys via http
# gnupg to fetch keys directly from keyserver
{% set base_ubuntu_package_pre_packages = [
'adduser',
'ca-certificates',
'curl',
'gnupg'
] %}
# ubuntu-cloud-keyring to install UCA packages
{% if base_distro == 'ubuntu' %}
{% set base_ubuntu_package_pre_packages = base_ubuntu_package_pre_packages + [
'ubuntu-cloud-keyring'
] %}
{% endif %}
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
{% endblock %}
# Customize PS1 bash shell
# - enlarge 'system users' range so 'haproxy' package will not complain
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
# - enlarge 'system groups' range so 'hacluster' user added in
# https://review.opendev.org/c/openstack/kolla/+/802671
# can be in 'haclient' group with same high uid
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
&& sed -i -e s/#*LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
-e s/#*LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
{% block base_ubuntu_package_sources_list %}
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
RUN rm -f /etc/apt/sources.list.d/debian.sources
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% else %}
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
{% endif %}
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
{% endblock %}
{% block base_debian_after_sources_list %}{% endblock %}
{# install Debian Openstack repos - they are not mirrored on CI #}
{% if base_distro == 'debian' %}
RUN apt update \
&& apt install -y --no-install-recommends extrepo \
&& extrepo enable openstack_caracal \
&& apt purge -y extrepo \
&& apt --purge autoremove -y \
&& apt clean
{% endif %}
{% block base_ubuntu_package_apt_preferences %}
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
{% endblock %}
{% set base_apt_packages = [
'apt-utils',
'dumb-init',
'gawk',
'iproute2',
'kmod',
'lsof',
'lvm2',
'netbase',
'open-iscsi',
'procps',
'python3',
'python3-pip',
'socat',
'sudo',
'tgt'
] %}
{% set base_apt_keys = [
{'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
{'name': 'rabbitmq', 'keyid': '9F4587F226208342'},
{'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
] %}
{# NOTE(hrw): type field defaults to 'asc' which is used for single keys #}
{% set base_remote_apt_keys = [
{'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'},
{'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'},
{'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
{'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'},
{'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-2.6.x/repo_pub_key'},
{'name': 'treasuredata', 'url': 'https://packages.treasuredata.com/GPG-KEY-td-agent'},
] %}
{% block base_ubuntu_package_installation %}
{%- block base_ubuntu_package_key_installation %}
{% for key in base_apt_keys | customizable('apt_keys') %}
{%- if loop.first %}RUN mkdir -p /etc/kolla/apt-keys/{% endif %} \
&& gpg --keyserver hkp://keyserver.ubuntu.com:80 \
{% if env.http_proxy %} --keyserver-options "http-proxy={{ env.http_proxy }}" {% endif %}\
--recv-keys {{ key.keyid }} \
&& gpg --export {{ key.keyid }} >/etc/kolla/apt-keys/{{ key.name }}.gpg
{%- if not loop.last %} \
{% endif -%}
{% endfor %}
{% for key in base_remote_apt_keys | customizable('remote_apt_keys') %}
{%- if loop.first %} RUN mkdir -p /etc/kolla/apt-keys/ {% endif %} \
&& curl {{ key.url }} -o /etc/kolla/apt-keys/{{ key.name }}.{{ key.type | default('asc') }}
{%- if not loop.last %} \
{% endif -%}
{% endfor %}
{% endblock %}
RUN apt-get --error-on=any update \
&& apt-get -y install locales \
&& sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
&& locale-gen "$LANG" \
&& apt-get -y upgrade \
&& apt-get -y dist-upgrade \
&& {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }}
{% endblock %}
{# endif base_package_type deb #}
{% endif %}
{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %} && {% endif -%}
groupadd --gid {{ user.gid }} {{ user.group }} \
&& useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
{%- if not loop.last %} \{% endif -%}
{%- endfor %}
{% if base_distro == 'centos' %}
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
&& sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
{% endif %}
COPY set_configs.py /usr/local/bin/kolla_set_configs
COPY start.sh /usr/local/bin/kolla_start
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
COPY install_projects.sh /usr/local/bin/kolla_install_projects
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
COPY sudoers /etc/sudoers
{% if use_dumb_init %}
ENTRYPOINT ["dumb-init", "--single-child", "--"]
{% endif %}
{% if docker_healthchecks %}
{% block healthcheck_installation %}
COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/
RUN chmod 755 /usr/local/bin/healthcheck_*
{% endblock %}
{% endif %}
RUN touch /usr/local/bin/kolla_extend_start \
&& chmod 755 /usr/local/bin/kolla_start \
/usr/local/bin/kolla_set_configs \
/usr/local/bin/kolla_copy_cacerts \
/usr/local/bin/kolla_install_projects \
&& chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \
&& chmod 440 /etc/sudoers \
&& mkdir -p /var/log/kolla \
&& chown :kolla /var/log/kolla \
&& chmod 2775 /var/log/kolla \
&& rm -f /tmp/kolla_bashrc
{% block base_pip_conf %}
# the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here.
# ENV PIP_INDEX_URL=https://pypi.python.org/simple
# ENV PIP_TRUSTED_HOST=pypi.python.org
# ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/{{ openstack_release }}
{% endblock %}
{% block base_footer %}{% endblock %}
CMD ["kolla_start"]
View Git Blame Copy Permalink