openstack
/
kolla
Code Issues Proposed changes
Kolla provides production-ready containers and deployment tools for operating OpenStack clouds
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8621 Commits
7 Branches
34 Tags
188 MiB
 
 
 
Tree: bdb0dbddbc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bdb0dbddbc'
${ noResults }
kolla/docker/base/Dockerfile.j2

541 lines
19 KiB
Raw Blame History Escape

FROM {{ base_image }}:{{ base_distro_tag }}
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
{% block base_lang %}
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
# fixes issues arising from ascii fallback usage
ENV LANG en_US.UTF-8
{% endblock %}
{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %} && {% endif -%}
groupadd --force --gid {{ user.gid }} {{ name }} \
&& useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
{%- if not loop.last %} \{% endif -%}
{%- endfor %}
LABEL kolla_version="{{ kolla_version }}"
{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}
ENV KOLLA_BASE_DISTRO={{ base_distro }} \
KOLLA_INSTALL_TYPE={{ install_type }} \
KOLLA_INSTALL_METATYPE={{ install_metatype }} \
KOLLA_DISTRO_PYTHON_VERSION={{ distro_python_version }} \
KOLLA_BASE_ARCH={{ base_arch }}
#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
&& cat /tmp/kolla_bashrc >> /root/.bashrc
# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
{% if base_package_type == 'rpm' %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system. This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality. I think we will :)
{# FIXME(mgoddard): Remove special case for CentOS 8 when CentOS 7 is no #}
{# longer supported. #}
RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \
if [ $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ] && [ $CURRENT_DISTRO_RELEASE != 8 ]; then \
echo "Only releases '{{ supported_distro_release }}' and '8' are supported on {{ base_distro }}"; false; \
fi \
&& cat /tmp/kolla_bashrc >> /etc/bashrc \
&& sed -i 's|^\(override_install_langs=.*\)|# \1|' {% if distro_package_manager == 'dnf' %}/etc/dnf/dnf.conf{% else %}/etc/yum.conf{% endif %}
{% block base_yum_conf %}
{% if distro_package_manager == 'dnf' %}
COPY dnf.conf /etc/dnf/dnf.conf
{% else %}
COPY yum.conf /etc/yum.conf
{% endif %}
{% endblock %}
# Install what is needed for en_US.UTF-8
{% block base_centos_distro_sync_and_languages %}
{% if distro_package_manager == 'dnf' %}
{% set base_centos_language_packages = [
'langpacks-en',
'glibc-all-langpacks'
] %}
RUN {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
&& {{ macros.rpm_security_update(clean_package_cache) }}
{% endif %}
{% endblock %}
#### BEGIN REPO ENABLEMENT
{% set base_yum_repo_files = [
] %}
{% set base_yum_url_packages = [
] %}
{% set base_yum_repo_keys = [
] %}
{% if base_arch == 'x86_64' %}
{% set base_yum_repo_files = [
'grafana.repo',
'influxdb.repo',
'rabbitmq_rabbitmq-server.repo',
'td.repo',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'crmsh.repo',
'elasticsearch.repo',
'opendaylight.repo',
] %}
{% endif %}
{% set base_yum_repo_keys = [
'https://packages.grafana.com/gpg.key',
'https://repos.influxdata.com/influxdb.key',
'https://packages.treasuredata.com/GPG-KEY-td-agent',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_yum_repo_keys = base_yum_repo_keys + [
'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
] %}
{% endif %}
{% elif base_arch == 'aarch64' %}
{% set base_yum_repo_files = [
'grafana.repo',
'rabbitmq_rabbitmq-server.repo',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'elasticsearch.repo',
] %}
{% endif %}
{% set base_yum_repo_keys = [
'https://packages.grafana.com/gpg.key',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_yum_repo_keys = base_yum_repo_keys + [
'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
] %}
{% endif %}
{% elif base_arch == 'ppc64le' %}
{% set base_yum_repo_files = [
'rabbitmq_rabbitmq-server.repo',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_yum_repo_files = base_yum_repo_files + [
'elasticsearch.repo',
] %}
{% endif %}
{% set base_yum_repo_keys = [
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_yum_repo_keys = base_yum_repo_keys + [
'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
] %}
{% endif %}
{% endif %}
{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}
# NOTE(hrw): 'rabbitmq-server' is 'noarch' so we can install it on ppc64le from
# repo for other architecture.
# NOTE(mjturek): tripleo-ci overrides these repos so the file would not exist
# in that case. We test for the file's existence to avoid sed failing in that case.
{% if base_arch == 'ppc64le' %}
RUN if [[ -e /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo ]]; then \
sed -i -e 's/\$basearch/x86_64/g' /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo; \
fi
{% endif %}
{% block base_centos_repo_overrides_post_copy %}{% endblock %}
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{%- if not loop.last %} \{% endif %}
{% endfor -%}
{% if install_metatype in ['rdo', 'mixed'] %}
{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}
{% block base_centos_repo_overrides_post_rpm %}{% endblock %}
{% endif %}
{# endif for repo setup for all RHEL except RHEL OSP #}
{% if install_metatype == 'rhos' %}
{% block base_rhos_repo_enablement %}
# Turn on the RHOS 7.0 repo for RHOS
RUN yum-config-manager --enable rhel-7-server-rpms \
&& yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
{% endblock %}
{% endif %}
{% if base_distro == 'centos' %}
{% block base_centos_gpg_key_import %}
{% if distro_package_manager == 'dnf' %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{% else %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
{% endif %}
{% endblock %}
{% set base_centos_yum_repo_keys = [
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_centos_yum_repo_keys = base_centos_yum_repo_keys + [
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools',
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization',
] %}
{% endif %}
{% set base_centos_yum_repo_packages = [
'epel-release',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
'centos-release-ceph-nautilus',
'centos-release-opstools',
'centos-release-qemu-ev',
] %}
{% endif %}
{% if distro_package_manager == 'dnf' %}
# We need 'dnf-plugins-core' for 'dnf config-manager'
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
'dnf-plugins-core'
] %}
{% set base_centos_yum_repos_to_enable = [
'PowerTools'
] %}
{% else %}
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
'yum-plugin-priorities',
] %}
{% endif %}
{% set base_centos_yum_repos_to_disable = [
'influxdb',
] %}
# FIXME(mgoddard): Not available for CentOS 8 yet.
{% if distro_package_manager == 'yum' %}
{% set base_centos_yum_repos_to_disable = base_centos_yum_repos_to_disable + [
'centos-ceph-nautilus',
'centos-nfs-ganesha28',
'centos-qemu-ev',
] %}
{% endif %}
RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }} \
{%- for repo in base_centos_yum_repos_to_enable | customizable('centos_yum_repos_to_enable') %}
{%- if distro_package_manager == 'dnf' %}
&& dnf config-manager --enable {{ repo }} \
{% else %}
&& yum-config-manager --enable {{ repo }} \
{% endif -%}
{% endfor -%}
{%- for repo in base_centos_yum_repos_to_disable | customizable('centos_yum_repos_to_disable') %}
{%- if distro_package_manager == 'dnf' %}
&& dnf config-manager --disable {{ repo }} \
{%- else %}
&& yum-config-manager --disable {{ repo }} \
{%- endif -%}
{%- endfor %}
{% for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') -%}
&& rpm --import {{ key }} \
{% endfor -%}
{% block base_centos_repo_overrides_post_yum -%}{% endblock -%}
&& {{ macros.rpm_security_update(clean_package_cache) }}
{%- endif %}
{# Endif for base_distro centos #}
{% if base_distro == 'rhel' %}
{% block base_rhel_package_installation %}
# Enable couple required repositories for all RHEL builds
# Turn on EPEL throughout the build
RUN yum-config-manager --enable rhel-7-server-optional-rpms \
&& {{ macros.install_packages( ['yum-plugin-priorities' ], chain=True, clean=False) }} \
{%- if install_type != 'binary' or install_metatype != 'rdo' %}
&& {{ macros.install_packages( [ 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' ], chain=True, clean=False) }} \
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
{% endif -%}
&& yum-config-manager --enable rhel-7-server-extras-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
&& {{ macros.rpm_security_update(clean_package_cache) }}
{% endblock %}
{% endif %}
{# Endif for base_distro RHEL #}
#### END REPO ENABLEMENT
{# We are back to the basic if conditional here which is:
if base_package_type == 'rpm' #}
{% block base_redhat_binary_versionlock %}{% endblock %}
{% set base_centos_packages = [
'ca-certificates',
'curl',
'findutils',
'iproute',
'iscsi-initiator-utils',
'lvm2',
'ncurses',
'procps-ng',
'socat',
'sudo',
'tar',
'which'
] %}
{% if distro_python_version.startswith('3') %}
{% set base_centos_packages = base_centos_packages + [
'python3'
] %}
{% else %}
{% set base_centos_packages = base_centos_packages + [
'python'
] %}
{% endif %}
{% if distro_package_manager == 'dnf' %}
{% set base_centos_packages = base_centos_packages + [
'util-linux-user',
] %}
{% else %}
{% set base_centos_packages = base_centos_packages + [
'scsi-target-utils',
] %}
{% endif %}
# Install base packages
{{ macros.install_packages( base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages") ) }}
{# endif for base_package_type rpm #}
{% elif base_package_type == 'deb' %}
# Ensure lsb_release exists
{{ macros.install_packages(['lsb-release']) }}
RUN if [ $(lsb_release -r -s) != "{{ supported_distro_release }}" ]; then \
echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; fi
# Customize PS1 bash shell
# enlarge 'system users' range so 'haproxy' package will not complain
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
&& sed -i -e s/LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g /etc/adduser.conf
# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive
# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
{% block base_ubuntu_package_pre %}
# Need apt-transport-https and ca-certificates before replacing sources.list or
# apt-get update will not work if any repositories are accessed via HTTPS
{% set base_ubuntu_package_pre_packages = [
'apt-transport-https',
'ca-certificates',
'curl',
'dirmngr',
'gnupg'
] %}
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
{% endblock %}
{% block base_ubuntu_package_sources_list %}
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% else %}
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
{% endif %}
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
{% endblock %}
{% block base_ubuntu_package_apt_preferences %}
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
{% endblock %}
{% set base_apt_packages = [
'apt-utils',
'curl',
'gawk',
'iproute2',
'kmod',
'lvm2',
'netbase',
'open-iscsi',
'procps',
'python3',
'socat',
'sudo',
'tgt']
%}
{% if base_distro == 'ubuntu' %}
{# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
{# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
{# 49B07274951063870A8B7EAE7B8AA1A344C05248 -- Opendaylight Signing Key <https://launchpad.net/~odl-team> #}
{# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
{# 4D8EB5FDA37AB55F41A135203BF88A0C6A770882 -- Apache Qpid PPA Signing Key <dev@qpid.apache.org> #}
{# 901F9177AB97ACBE -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
{# A20F259AEB9C94BB -- Sensuapp (Freight) <support@hw-ops.com> #}
{# F1656F24C74CD1D8 -- MariaDB Signing Key <signing-key@mariadb.org> #}
{% set base_apt_keys = [
'391A9AA2147192839E9DB0315EDB1B62EC4926EA',
'46095ACC8548582C1A2699A9D27D666CD88E42B4',
'49B07274951063870A8B7EAE7B8AA1A344C05248',
'58118E89F3A912897C070ADBF76221572C52609D',
'4D8EB5FDA37AB55F41A135203BF88A0C6A770882',
'901F9177AB97ACBE',
'A20F259AEB9C94BB',
'F1656F24C74CD1D8',
] %}
{% set remote_apt_keys = [
'https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey',
'https://packages.grafana.com/gpg.key',
'https://repos.influxdata.com/influxdb.key'
] %}
{% elif base_distro == 'debian' %}
{% set base_apt_keys = [
'46095ACC8548582C1A2699A9D27D666CD88E42B4',
] %}
{% set remote_apt_keys = [
'https://download.docker.com/linux/debian/gpg',
'https://packages.grafana.com/gpg.key',
'http://buster-train.debian.net/debian/dists/pubkey.gpg',
'https://packages.treasuredata.com/GPG-KEY-td-agent',
] %}
{% set base_apt_packages = base_apt_packages +
['sudo',]
%}
{% endif %}
{% block base_ubuntu_package_installation %}
{%- block base_ubuntu_package_key_installation %}
{% for key in base_apt_keys | customizable('apt_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --no-tty --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
{%- if not loop.last %} \
{% endif -%}
{% endfor %}
{% for key in remote_apt_keys | customizable('remote_apt_keys') %}
{%- if loop.first %} RUN {% else %} && {% endif %}curl -L {{ key }} | apt-key add -
{%- if not loop.last %} \
{% endif -%}
{% endfor %}
{% endblock %}
RUN apt-get update \
&& apt-get -y install locales \
&& sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
&& locale-gen "$LANG" \
&& apt-get -y upgrade \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends \
{%- for package in base_apt_packages | customizable('apt_packages') %}
{{ package }} \
{%- endfor %}
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
{% endblock %}
# FIXME(mgoddard): Some images, including Horizon, depend on Ubuntu having a
# site-packages directory.
#{% if base_distro == 'ubuntu' %}
#RUN sed -i \
# -e "s|\('purelib': '\$base/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
# -e "s|\('platlib': '\$platbase/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
# -e "s|\('headers': '\$base/\)local/\(include/python\$py_version_short/\$dist_name',\)|\1\2|" \
# -e "s|\('scripts': '\$base/\)local/\(bin',\)|\1\2|" \
# -e "s|\('data' : '\$base\)/local\(',\)|\1\2|" \
# /usr/lib/python{{ distro_python_version }}/distutils/command/install.py \
# && rm -rf /usr/lib/python{{ distro_python_version }}/site-packages \
# && ln -s dist-packages /usr/lib/{{ distro_python_version }}/site-packages
#{% endif %}
{# endif base_package_type deb #}
{% endif %}
{% if base_distro == 'centos' or base_distro == 'rhel' %}
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
{% endif %}
COPY set_configs.py /usr/local/bin/kolla_set_configs
{% if distro_python_version.startswith('3') %}
RUN sed -i -e "s+#\!/usr/bin/env python+#\!/usr/bin/env python3+g" /usr/local/bin/kolla_set_configs
{% endif %}
COPY start.sh /usr/local/bin/kolla_start
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
COPY sudoers /etc/sudoers
COPY curlrc /root/.curlrc
{% if use_dumb_init %}
{% block dumb_init_installation %}
RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_{{debian_arch}} -o /usr/local/bin/dumb-init \
&& chmod +x /usr/local/bin/dumb-init
{% endblock %}
ENTRYPOINT ["dumb-init", "--single-child", "--"]
{% endif %}
{% if docker_healthchecks %}
{% block healthcheck_installation %}
COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/
RUN chmod 755 /usr/local/bin/healthcheck_*
{% endblock %}
{% endif %}
RUN touch /usr/local/bin/kolla_extend_start \
&& chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs /usr/local/bin/kolla_copy_cacerts /usr/local/bin/kolla_httpd_setup \
&& chmod 440 /etc/sudoers \
&& mkdir -p /var/log/kolla \
&& chown :kolla /var/log/kolla \
&& chmod 2775 /var/log/kolla \
&& rm -f /tmp/kolla_bashrc
{% block base_footer %}{% endblock %}
CMD ["kolla_start"]