openstack/kolla
Code Issues Proposed changes
ba0b307f73
kolla/docker/base/Dockerfile.j2
Michal Nasiadka 26de85f2f4 [yoga-only]: Fix erlang versions 
According to [1] - RMQ 3.9 supports Erlang 25.2 at maximum.

Unfortunately there is no repository that provides erlang 25.2
for aarch64, so it will stay on 25.3 which proves to be bringing
some issues.

[1]: https://www.rabbitmq.com/which-erlang.html

Closes-Bug: #2025321

Change-Id: Ibfefccda9368ab46facf175024c03807d62ea1f7
2023-10-05 16:14:25 +00:00

457 lines
15 KiB
Django/Jinja
Raw Blame History

FROM {{ base_image }}:{{ base_distro_tag }}
{% block labels %}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
{% endblock %}
RUN . /etc/os-release;\
if [ "${PRETTY_NAME#{{ supported_distro_name }}}" = "$PRETTY_NAME" ]; then \
echo "Only releases \"{{ supported_distro_name }}\" are supported on {{ base_distro }}"; false; \
fi
# We use curl in this dockerfile so let configure it before first use
COPY curlrc /root/.curlrc
{% block base_lang %}
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
# fixes issues arising from ascii fallback usage
ENV LANG en_US.UTF-8
{% endblock %}
LABEL kolla_version="{{ kolla_version }}"
{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}
ENV KOLLA_BASE_DISTRO={{ base_distro }} \
KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
KOLLA_BASE_ARCH={{ base_arch }}
{# NOTE(frickler): sledgehammer workaround until pkgs are updated to build with setuptools==60.0.0 properly #}
ENV SETUPTOOLS_USE_DISTUTILS=stdlib
#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
&& cat /tmp/kolla_bashrc >> /root/.bashrc
# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
{% if base_package_type == 'rpm' %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system. This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality. I think we will :)
RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
&& sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
{% block base_dnf_conf %}
{% block base_yum_conf %}
COPY dnf.conf /etc/dnf/dnf.conf
{% endblock %}
{% endblock %}
#### BEGIN REPO ENABLEMENT
{#
Repo files not available for CentOS Stream 9:
'elasticsearch.repo', # signed with SHA1 key https://github.com/elastic/elasticsearch/issues/85876
#}
{% set base_yum_repo_files = [
'grafana.repo',
'influxdb.repo',
'mariadb.repo',
'opensearch.repo',
'proxysql.repo',
'rabbitmq_rabbitmq-server.repo',
'td.repo',
] %}
{% if base_distro == "centos" and base_distro_tag.startswith('stream8') %}
{% set base_yum_repo_files = base_yum_repo_files + [
'elasticsearch.repo',
] %}
{% endif %}
{% set base_yum_url_packages = [
] %}
{#
SHA1 keys are not supported in RHEL9: https://github.com/rpm-software-management/rpm/issues/1977
'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
#}
{% set base_yum_repo_keys = [
'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB',
'https://repo.proxysql.com/ProxySQL/repo_pub_key',
'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc',
'https://packages.treasuredata.com/GPG-KEY-td-agent',
] %}
{% if base_arch == 'x86_64' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'rabbitmq_rabbitmq-erlang.repo',
] %}
{% set base_yum_repo_keys = base_yum_repo_keys + [
'https://repos.influxdata.com/influxdb.key',
] %}
{% elif base_arch == 'aarch64' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'hrw-copr-erlang-for-rabbitmq.repo',
] %}
{% set base_yum_repo_keys = base_yum_repo_keys + [
] %}
{% endif %}
{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}
{% block base_centos_repo_overrides_post_copy %}{% endblock %}
# Install what is needed for en_US.UTF-8
{% block base_centos_distro_sync_and_languages %}
{% set base_centos_language_packages = [
'langpacks-en',
'glibc-all-langpacks'
] %}
# NOTE(hrw): this macro file drops all languages other than C.UTF-8 so horizon fails
# https://bugzilla.redhat.com/show_bug.cgi?id=1729770
RUN rm -f /etc/rpm/macros.image-language-conf \
&& {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
&& {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{%- if not loop.last %} \{% endif %}
{% endfor -%}
{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}
{% block base_centos_repo_overrides_post_rpm %}{% endblock %}
{% if base_distro in ['centos', 'rocky'] %}
{% block base_centos_gpg_key_import %}
{% endblock %}
{% set base_centos_yum_repo_keys = [
] %}
{% if base_distro in ['centos', 'rocky'] %}
{% if base_distro_tag.startswith('stream9') or base_distro == 'rocky' %}
{% set base_centos_yum_repo_packages = [
'centos-release-openstack-yoga',
'centos-release-opstools',
'epel-release',
] %}
{% else %}
{% set base_centos_yum_repo_packages = [
'centos-release-nfv-extras',
'centos-release-openstack-yoga',
'centos-release-ceph-pacific',
'centos-release-nfv-openvswitch',
'centos-release-opstools',
'epel-release',
] %}
{% endif %}
{% endif %}
# We need 'dnf-plugins-core' for 'dnf config-manager'
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
'dnf-plugins-core'
] %}
{% set base_centos_yum_repos_to_enable = [
] %}
{% if base_distro in ['centos', 'rocky'] %}
{% if base_distro_tag.startswith('stream9') or base_distro == 'rocky' %}
{% set base_centos_yum_repos_to_disable = [
'centos-ceph-pacific',
'centos-nfv-openvswitch',
'centos-opstools',
'centos-rabbitmq-38',
'epel',
'opensearch-2.x',
'opensearch-dashboards-2.x',
'influxdb',
] %}
{% else %}
{% set base_centos_yum_repos_to_disable = [
'centos-advanced-virtualization',
'centos-ceph-pacific',
'centos-nfv-extras',
'centos-nfv-openvswitch',
'centos-opstools',
'centos-rabbitmq-38',
'epel',
] %}
{% endif %}
{% endif %}
{% if base_arch == 'x86_64' %}
{% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [
'influxdb',
] %}
{% endif %}
RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }}
{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %} && dnf config-manager --enable {{ repo }} {% endfor -%}
{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %} && dnf config-manager --disable {{ repo }} {% endfor -%}
{%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \
{% block base_centos_repo_overrides_post_yum %}{% endblock -%}
&& {{ macros.rpm_security_update(clean_package_cache) }}
{%- endif %}
{# Endif for base_distro centos #}
#### END REPO ENABLEMENT
{# We are back to the basic if conditional here which is:
if base_package_type == 'rpm' #}
{% block base_redhat_binary_versionlock %}{% endblock %}
{# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #}
{% set base_centos_packages = [
'ca-certificates',
'crypto-policies-scripts',
'dumb-init',
'findutils',
'hostname',
'iproute',
'iscsi-initiator-utils',
'lsof',
'lvm2',
'ncurses',
'procps-ng',
'python3',
'python3-pip',
'socat',
'sudo',
'tar',
'util-linux',
'util-linux-user',
'which'
] %}
# Install base packages
{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
{# endif for base_package_type rpm #}
{% elif base_package_type == 'deb' %}
# Customize PS1 bash shell
# - enlarge 'system users' range so 'haproxy' package will not complain
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
# - enlarge 'system groups' range so 'hacluster' user added in
# https://review.opendev.org/c/openstack/kolla/+/802671
# can be in 'haclient' group with same high uid
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
&& sed -i -e s/LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
-e s/LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive
# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
{% block base_ubuntu_package_pre %}
# curl and ca-certificates to fetch remote keys via http
# gnupg to fetch keys directly from keyserver
{% set base_ubuntu_package_pre_packages = [
'ca-certificates',
'curl',
'gnupg'
] %}
# ubuntu-cloud-keyring to install UCA packages
{% if base_distro == 'ubuntu' %}
{% set base_ubuntu_package_pre_packages = base_ubuntu_package_pre_packages + [
'ubuntu-cloud-keyring'
] %}
{% endif %}
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
{% endblock %}
{% block base_ubuntu_package_sources_list %}
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% else %}
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
{% endif %}
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
{% endblock %}
{% block base_debian_after_sources_list %}{% endblock %}
{# install Debian Openstack repos - they are not mirrored on CI #}
{% if base_distro == 'debian' %}
RUN apt update \
&& apt install -y --no-install-recommends extrepo \
&& extrepo enable openstack_yoga \
&& apt purge -y extrepo \
&& apt --purge autoremove -y \
&& apt clean
{% endif %}
{% block base_ubuntu_package_apt_preferences %}
COPY apt_preferences.{{ base_distro }}.{{ base_arch }} /etc/apt/preferences
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
{% endblock %}
{% set base_apt_packages = [
'apt-utils',
'dumb-init',
'gawk',
'iproute2',
'kmod',
'lsof',
'lvm2',
'netbase',
'open-iscsi',
'procps',
'python3',
'python3-pip',
'socat',
'sudo',
'tgt'
] %}
{% set base_apt_keys = [
{'name': 'rabbitmq', 'keyid': '9F4587F226208342'},
{'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
] %}
{% if base_arch == "aarch64" %}
{% set base_apt_keys = base_apt_keys + [
{'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
] %}
{% else %}
{% set base_apt_keys = base_apt_keys + [
{'name': 'erlang-ppa', 'keyid': 'E495BB49CC4BBE5B'},
] %}
{% endif %}
{# NOTE(hrw): type field defaults to 'asc' which is used for single keys #}
{% set base_remote_apt_keys = [
{'name': 'elasticsearch', 'url': 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'},
{'name': 'grafana', 'url': 'https://packages.grafana.com/gpg.key'},
{'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'},
{'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
{'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'},
{'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/repo_pub_key'},
{'name': 'treasuredata', 'url': 'https://packages.treasuredata.com/GPG-KEY-td-agent'},
] %}
{% block base_ubuntu_package_installation %}
{%- block base_ubuntu_package_key_installation %}
{% for key in base_apt_keys | customizable('apt_keys') %}
{%- if loop.first %}RUN mkdir -p /etc/kolla/apt-keys/{% endif %} \
&& gpg --keyserver hkp://keyserver.ubuntu.com:80 \
{% if env.http_proxy %} --keyserver-options "http-proxy={{ env.http_proxy }}" {% endif %}\
--recv-keys {{ key.keyid }} \
&& gpg --export {{ key.keyid }} >/etc/kolla/apt-keys/{{ key.name }}.gpg
{%- if not loop.last %} \
{% endif -%}
{% endfor %}
{% for key in base_remote_apt_keys | customizable('remote_apt_keys') %}
{%- if loop.first %} RUN mkdir -p /etc/kolla/apt-keys/ {% endif %} \
&& curl {{ key.url }} -o /etc/kolla/apt-keys/{{ key.name }}.{{ key.type | default('asc') }}
{%- if not loop.last %} \
{% endif -%}
{% endfor %}
{% endblock %}
RUN apt-get update \
&& apt-get -y install locales \
&& sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
&& locale-gen "$LANG" \
&& apt-get -y upgrade \
&& apt-get -y dist-upgrade \
&& {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }}
{% endblock %}
{# endif base_package_type deb #}
{% endif %}
{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %} && {% endif -%}
groupadd --gid {{ user.gid }} {{ user.group }} \
&& useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
{%- if not loop.last %} \{% endif -%}
{%- endfor %}
{% if base_distro == 'centos' %}
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
&& sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
{% endif %}
COPY set_configs.py /usr/local/bin/kolla_set_configs
COPY start.sh /usr/local/bin/kolla_start
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
COPY sudoers /etc/sudoers
{% if use_dumb_init %}
ENTRYPOINT ["dumb-init", "--single-child", "--"]
{% endif %}
{% if docker_healthchecks %}
{% block healthcheck_installation %}
COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/
RUN chmod 755 /usr/local/bin/healthcheck_*
{% endblock %}
{% endif %}
RUN touch /usr/local/bin/kolla_extend_start \
&& chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts /usr/local/bin/kolla_httpd_setup \
&& chmod 440 /etc/sudoers \
&& mkdir -p /var/log/kolla \
&& chown :kolla /var/log/kolla \
&& chmod 2775 /var/log/kolla \
&& rm -f /tmp/kolla_bashrc
{% block base_pip_conf %}
# the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here.
# ENV PIP_INDEX_URL=https://pypi.python.org/simple
# ENV PIP_TRUSTED_HOST=pypi.python.org
# ENV UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/{{ openstack_release }}
{% endblock %}
{% block base_footer %}{% endblock %}
CMD ["kolla_start"]
View Git Blame Copy Permalink