Kolla provides production-ready containers and deployment tools for operating OpenStack clouds
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Dockerfile.j2 16KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449
  1. FROM {{ base_image }}:{{ base_distro_tag }}
  2. LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
  3. {# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
  4. {# Specifics required such as homedir or shell are configured within the service specific image #}
  5. {%- for name, user in users | dictsort() %}
  6. {% if loop.first -%}RUN {% else %} && {% endif -%}
  7. groupadd --force --gid {{ user.gid }} {{ name }} \
  8. && useradd -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
  9. {%- if not loop.last %} \{% endif -%}
  10. {%- endfor %}
  11. LABEL kolla_version="{{ kolla_version }}"
  12. {% import "macros.j2" as macros with context %}
  13. {% block base_header %}{% endblock %}
  14. ENV KOLLA_BASE_DISTRO={{ base_distro }} \
  15. KOLLA_INSTALL_TYPE={{ install_type }} \
  16. KOLLA_INSTALL_METATYPE={{ install_metatype }}
  17. #### Customize PS1 to be used with bash shell
  18. COPY kolla_bashrc /tmp/
  19. RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
  20. && cat /tmp/kolla_bashrc >> /root/.bashrc
  21. # PS1 var when used /bin/sh shell
  22. ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
  23. {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
  24. # For RPM Variants, enable the correct repositories - this should all be done
  25. # in the base image so repos are consistent throughout the system. This also
  26. # enables to provide repo overrides at a later date in a simple fashion if we
  27. # desire such functionality. I think we will :)
  28. RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \
  29. if [ $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ]; then \
  30. echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; \
  31. fi \
  32. && cat /tmp/kolla_bashrc >> /etc/bashrc \
  33. && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/yum.conf
  34. {% block base_yum_conf %}
  35. COPY yum.conf /etc/yum.conf
  36. {% endblock %}
  37. {% if base_distro in ['centos'] %}
  38. {% set centos_contentdir = 'centos' %}
  39. {% if base_arch in ['aarch64', 'ppc64le'] %}
  40. {% set centos_contentdir = 'altarch' %}
  41. {% endif %}
  42. RUN echo {{ centos_contentdir }} >> /etc/yum/vars/contentdir
  43. {% endif %}
  44. #### BEGIN REPO ENABLEMENT
  45. {% set base_yum_repo_files = [
  46. ] %}
  47. {% set base_yum_url_packages = [
  48. ] %}
  49. {% set base_yum_repo_keys = [
  50. ] %}
  51. {% if base_arch == 'aarch64' %}
  52. {% set base_yum_repo_files = [
  53. 'aarch64-cbs.repo'
  54. ] %}
  55. {% elif base_arch == 'x86_64' %}
  56. {% set base_yum_repo_files = [
  57. 'elasticsearch.repo',
  58. 'grafana.repo',
  59. 'influxdb.repo',
  60. 'nfs_ganesha.repo',
  61. 'opendaylight.repo',
  62. 'td.repo'
  63. ] %}
  64. {% set base_yum_repo_keys = [
  65. 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
  66. 'https://repos.influxdata.com/influxdb.key',
  67. 'https://packagecloud.io/gpg.key',
  68. 'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',
  69. 'https://packages.treasuredata.com/GPG-KEY-td-agent'
  70. ] %}
  71. {% endif %}
  72. {%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
  73. COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
  74. {%- endfor %}
  75. {{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
  76. {% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
  77. {%- if loop.first %}RUN {% else %} && {% endif -%}
  78. rpm --import {{ key }}
  79. {%- if not loop.last %} \{% endif %}
  80. {% endfor -%}
  81. {% if install_metatype in ['rdo', 'mixed'] %}
  82. {% for cmd in rpm_setup %}
  83. {{ cmd }}
  84. {% endfor %}
  85. {% endif %}
  86. {# endif for repo setup for all RHEL except RHEL OSP #}
  87. {% if install_metatype == 'rhos' %}
  88. {% block base_rhos_repo_enablement %}
  89. # Turn on the RHOS 7.0 repo for RHOS
  90. RUN yum-config-manager --enable rhel-7-server-rpms \
  91. && yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
  92. {% endblock %}
  93. {% endif %}
  94. {% if base_distro == 'centos' %}
  95. {% block base_centos_gpg_key_import %}
  96. RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  97. {% endblock %}
  98. {% set base_centos_yum_repo_keys = [
  99. '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization'
  100. ] %}
  101. {% set base_centos_yum_repo_packages = [
  102. 'centos-release-qemu-ev',
  103. 'epel-release',
  104. 'yum-plugin-priorities'
  105. ] %}
  106. {% if base_arch == 'x86_64' %}
  107. {% set base_centos_yum_repo_keys = base_centos_yum_repo_keys + [
  108. '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools',
  109. '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage'
  110. ] %}
  111. {% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
  112. 'centos-release-ceph-luminous',
  113. 'centos-release-opstools'
  114. ] %}
  115. {% endif %}
  116. {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages")) }}
  117. {% for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %}
  118. {%- if loop.first %}RUN {% else %} && {% endif -%}
  119. rpm --import {{ key }} \
  120. {% endfor -%}
  121. {%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
  122. yum -y update --security --sec-severity=Important --sec-severity=Critical \
  123. && yum clean all \
  124. && rm -rf /var/cache/yum
  125. {% endif %}
  126. {# Endif for base_distro centos #}
  127. {% if base_distro == 'rhel' %}
  128. {% block base_rhel_package_installation %}
  129. # Enable couple required repositories for all RHEL builds
  130. # Turn on EPEL throughout the build
  131. RUN yum-config-manager --enable rhel-7-server-optional-rpms \
  132. && yum -y install \
  133. yum-plugin-priorities \
  134. {% if install_type != 'binary' or install_metatype != 'rdo' %}
  135. && yum -y install \
  136. https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
  137. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
  138. {% endif %}
  139. && yum-config-manager --enable rhel-7-server-extras-rpms \
  140. && yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
  141. && yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
  142. && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
  143. && yum -y update --security --sec-severity=Important --sec-severity=Critical \
  144. && yum clean all \
  145. && rm -rf /var/cache/yum
  146. {% endblock %}
  147. {% endif %}
  148. {# Endif for base_distro RHEL #}
  149. {% if base_distro == 'oraclelinux' %}
  150. {% block base_oraclelinux_package_installation %}
  151. COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo
  152. RUN yum -y install \
  153. tar \
  154. yum-utils \
  155. https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
  156. && rpm -Uvh --nodeps \
  157. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-ceph-luminous-1.0-1.el7.centos.noarch.rpm \
  158. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-opstools-1-7.el7.centos.noarch.rpm \
  159. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-qemu-ev-1.0-2.el7.noarch.rpm \
  160. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm \
  161. http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-storage-common-1-2.el7.centos.noarch.rpm \
  162. && sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS-*.repo \
  163. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
  164. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-OpsTools \
  165. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage \
  166. && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization \
  167. && yum-config-manager --enable ol7_optional_latest ol7_addons \
  168. && yum -y install \
  169. yum-plugin-priorities \
  170. && yum -y update --security --sec-severity=Important --sec-severity=Critical \
  171. && yum clean all \
  172. && rm -rf /var/cache/yum
  173. {% endblock %}
  174. {% endif %}
  175. {# Endif for base_distro oraclelinux #}
  176. #### END REPO ENABLEMENT
  177. {# We are back to the basic if conditional here which is:
  178. if base_distro in ['centos', 'oraclelinux', 'rhel'] #}
  179. {% set base_compiler_packages = [
  180. 'gcc',
  181. 'glibc-static'
  182. ] %}
  183. {% block base_redhat_binary_versionlock %}{% endblock %}
  184. {% if install_type == 'binary' %}
  185. {% set base_centos_binary_packages = [
  186. 'iproute',
  187. 'iscsi-initiator-utils',
  188. 'lvm2',
  189. 'python',
  190. 'scsi-target-utils',
  191. 'socat',
  192. 'sudo',
  193. 'which'
  194. ] %}
  195. # Install base packages
  196. {{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
  197. {% endif %}
  198. {# Endif for install_type binary #}
  199. {% if install_type == 'source' %}
  200. {% set base_centos_source_packages = [
  201. 'curl',
  202. 'iproute',
  203. 'iscsi-initiator-utils',
  204. 'lvm2',
  205. 'scsi-target-utils',
  206. 'socat',
  207. 'sudo',
  208. 'tar',
  209. 'which'
  210. ] %}
  211. # Update packages
  212. {{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}
  213. {% endif %}
  214. {# endif for install type is source for RPM based distros #}
  215. {# endif for base_distro centos,oraclelinux,rhel #}
  216. {% elif base_distro in ['debian', 'ubuntu'] %}
  217. RUN if [ $(awk -F '=' '/DISTRIB_RELEASE/{print $2}' /etc/lsb-release) != "{{ supported_distro_release }}" ]; then \
  218. echo "Only release '{{ supported_distro_release }}' is supported on {{ base_distro }}"; false; fi
  219. # Customize PS1 bash shell
  220. RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc
  221. # This will prevent questions from being asked during the install
  222. ENV DEBIAN_FRONTEND noninteractive
  223. # Reducing disk footprint
  224. COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
  225. {% block base_ubuntu_package_pre %}
  226. # Need apt-transport-https and ca-certificates before replacing sources.list or
  227. # apt-get update will not work if any repositories are accessed via HTTPS
  228. {% set base_ubuntu_package_pre_packages = [
  229. 'apt-transport-https',
  230. 'ca-certificates',
  231. 'curl',
  232. 'dirmngr',
  233. 'gnupg'
  234. ] %}
  235. {{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
  236. {% endblock %}
  237. {% block base_ubuntu_package_sources_list %}
  238. {% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
  239. COPY sources.list.{{ base_distro }} /etc/apt/sources.list
  240. {% else %}
  241. COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
  242. {% endif %}
  243. {% endblock %}
  244. {% block base_ubuntu_package_apt_preferences %}
  245. COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
  246. {% endblock %}
  247. {% set base_apt_packages = [
  248. 'apt-utils',
  249. 'curl',
  250. 'gawk',
  251. 'iproute2',
  252. 'kmod',
  253. 'lvm2',
  254. 'netbase',
  255. 'open-iscsi',
  256. 'python',
  257. 'socat',
  258. 'sudo',
  259. 'tgt']
  260. %}
  261. {% if base_distro in ['debian'] %}
  262. {% set base_apt_packages = base_apt_packages + [ 'udev/stretch-backports' ] %}
  263. {% endif %}
  264. {% set base_compiler_packages = [
  265. 'build-essential'
  266. ] %}
  267. {% if base_distro == 'ubuntu' %}
  268. {# 05CE15085FC09D18E99EFB22684A14CF2582E0C5 -- InfluxDB Packaging Service <support@influxdb.com> #}
  269. {# 177F4010FE56CA3336300305F1656F24C74CD1D8 -- MariaDB Signing Key <signing-key@mariadb.org> #}
  270. {# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
  271. {# 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB -- packagecloud ops (production key) <ops@packagecloud.io> #}
  272. {# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
  273. {# 49B07274951063870A8B7EAE7B8AA1A344C05248 -- Opendaylight Signing Key <https://launchpad.net/~odl-team> #}
  274. {# 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -- Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> #}
  275. {# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
  276. {# 4D8EB5FDA37AB55F41A135203BF88A0C6A770882 -- Apache Qpid PPA Signing Key <dev@qpid.apache.org> #}
  277. {# 901F9177AB97ACBE -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
  278. {# A20F259AEB9C94BB -- Sensuapp (Freight) <support@hw-ops.com> #}
  279. {% set base_apt_keys = [
  280. '05CE15085FC09D18E99EFB22684A14CF2582E0C5',
  281. '177F4010FE56CA3336300305F1656F24C74CD1D8',
  282. '391A9AA2147192839E9DB0315EDB1B62EC4926EA',
  283. '418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
  284. '46095ACC8548582C1A2699A9D27D666CD88E42B4',
  285. '49B07274951063870A8B7EAE7B8AA1A344C05248',
  286. '4D1BB29D63D98E422B2113B19334A25F8507EFA5',
  287. '58118E89F3A912897C070ADBF76221572C52609D',
  288. '4D8EB5FDA37AB55F41A135203BF88A0C6A770882',
  289. '901F9177AB97ACBE',
  290. 'A20F259AEB9C94BB'
  291. ] %}
  292. {% set remote_apt_keys = [
  293. ] %}
  294. {% elif base_distro == 'debian' %}
  295. {% set base_apt_keys = [
  296. '58118E89F3A912897C070ADBF76221572C52609D',
  297. '0xcbcb082a1bb943db',
  298. 'D27D666CD88E42B4',
  299. '05CE15085FC09D18E99EFB22684A14CF2582E0C5',
  300. '418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
  301. '901F9177AB97ACBE',
  302. ] %}
  303. {% set remote_apt_keys = [
  304. 'http://obs.linaro.org/ERP:/18.06/Debian_9/Release.key',
  305. 'https://bintray.com/user/downloadSubjectPublicKey?username=bintray',
  306. 'https://download.docker.com/linux/debian/gpg'
  307. ] %}
  308. {% set base_apt_packages = base_apt_packages +
  309. ['sudo',]
  310. %}
  311. {% endif %}
  312. {% block base_ubuntu_package_installation %}
  313. {%- block base_ubuntu_package_key_installation %}
  314. {% for key in base_apt_keys | customizable('apt_keys') %}
  315. {%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
  316. {%- if not loop.last %} \
  317. {% endif -%}
  318. {% endfor %}
  319. {% for key in remote_apt_keys | customizable('remote_apt_keys') %}
  320. {%- if loop.first %} RUN {% else %} && {% endif %}curl {{ key }} | apt-key add -
  321. {%- if not loop.last %} \
  322. {% endif -%}
  323. {% endfor %}
  324. {% endblock %}
  325. RUN apt-get update \
  326. && apt-get -y upgrade \
  327. && apt-get -y dist-upgrade \
  328. && apt-get -y install --no-install-recommends \
  329. {%- for package in base_apt_packages | customizable('apt_packages') %}
  330. {{ package }} \
  331. {%- endfor %}
  332. && apt-get clean \
  333. && rm -rf /var/lib/apt/lists/*
  334. {% endblock %}
  335. {% if base_distro == 'ubuntu' %}
  336. RUN sed -i \
  337. -e "s|\('purelib': '\$base/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
  338. -e "s|\('platlib': '\$platbase/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \
  339. -e "s|\('headers': '\$base/\)local/\(include/python\$py_version_short/\$dist_name',\)|\1\2|" \
  340. -e "s|\('scripts': '\$base/\)local/\(bin',\)|\1\2|" \
  341. -e "s|\('data' : '\$base\)/local\(',\)|\1\2|" \
  342. /usr/lib/python2.7/distutils/command/install.py \
  343. && rm -rf /usr/lib/python2.7/site-packages \
  344. && ln -s dist-packages /usr/lib/python2.7/site-packages
  345. {% endif %}
  346. {# endif for base_distro debian, ubuntu #}
  347. {% endif %}
  348. COPY set_configs.py /usr/local/bin/kolla_set_configs
  349. COPY start.sh /usr/local/bin/kolla_start
  350. COPY sudoers /etc/sudoers
  351. COPY curlrc /root/.curlrc
  352. {% block dumb_init_installation %}
  353. {% if base_arch == 'x86_64' %}
  354. RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.1.3/dumb-init_1.1.3_amd64 -o /usr/local/bin/dumb-init \
  355. && chmod +x /usr/local/bin/dumb-init \
  356. && sed -i 's|#!|#!/usr/local/bin/dumb-init |' /usr/local/bin/kolla_start
  357. {% else %}
  358. {{ macros.install_packages(base_compiler_packages) }}
  359. RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
  360. && python get-pip.py \
  361. && rm get-pip.py \
  362. && pip --no-cache-dir install --prefix='/usr/local' dumb-init==1.1.3 \
  363. && chmod +x /usr/local/bin/dumb-init \
  364. && sed -i 's|#!|#!/usr/local/bin/dumb-init |' /usr/local/bin/kolla_start
  365. {% endif %}
  366. {% endblock %}
  367. RUN touch /usr/local/bin/kolla_extend_start \
  368. && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs \
  369. && chmod 440 /etc/sudoers \
  370. && mkdir -p /var/log/kolla \
  371. && chown :kolla /var/log/kolla \
  372. && chmod 2775 /var/log/kolla \
  373. && rm -f /tmp/kolla_bashrc
  374. {% block base_footer %}{% endblock %}
  375. CMD ["kolla_start"]