5752c7eb0b
When built with the binary install type (at least on CentOS), Ironic inspector fails to start and the container remains in a restarting state. The log file shows that it is failing to execute iptables, and analysis found that this was due to an incorrect rootwrap configuration. The RDO ironic inspector RPM expects Ironic inspector to be run as the ironic-inspector user, however Kolla uses the ironic user. This means that neither of the packaged ironic nor ironic-inspector sudoers configuration files works for us. Kolla currently installs a sudoers file pointing to the rootwrap script in the virtualenv of the source install, but of course this only makes sense for source installs, and should not be installed for binary installs. This change adds a second sudoers file that will work for the binary install type, and installs the correct sudoers file for the install type. Change-Id: I8ecd0b658b8df8f38ddf717fa9443d4dc2896984 Closes-Bug: #1624457
56 lines
1.9 KiB
Django/Jinja
56 lines
1.9 KiB
Django/Jinja
FROM {{ namespace }}/{{ image_prefix }}ironic-base:{{ tag }}
|
|
MAINTAINER {{ maintainer }}
|
|
|
|
{% block ironic_inspector_header %}{% endblock %}
|
|
|
|
{% import "macros.j2" as macros with context %}
|
|
|
|
{% if install_type == 'binary' %}
|
|
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
|
|
{% set ironic_inspector_packages = ['openstack-ironic-inspector'] %}
|
|
{% elif base_distro in ['ubuntu'] %}
|
|
{% set ironic_inspector_packages = [
|
|
'ironic-inspector',
|
|
'iptables'
|
|
] %}
|
|
{% endif %}
|
|
|
|
{{ macros.install_packages(ironic_inspector_packages | customizable("packages")) }}
|
|
|
|
COPY ironic_sudoers_binary /etc/sudoers.d/kolla_ironic_inspector_sudoers
|
|
|
|
{% elif install_type == 'source' %}
|
|
{% if base_distro in ['ubuntu'] %}
|
|
{% set ironic_inspector_packages = ['iptables'] %}
|
|
{% endif %}
|
|
|
|
{{ macros.install_packages(ironic_inspector_packages | customizable("packages")) }}
|
|
|
|
ADD ironic-inspector-archive /ironic-inspector-source
|
|
|
|
{% set ironic_inspector_pip_packages = [
|
|
'/ironic-inspector'
|
|
] %}
|
|
|
|
RUN ln -s ironic-inspector-source/* ironic-inspector \
|
|
&& mv /etc/ironic /etc/ironic-inspector \
|
|
&& {{ macros.install_pip(ironic_inspector_pip_packages | customizable("pip_packages")) }} \
|
|
&& cp /ironic-inspector/rootwrap.conf /etc/ironic-inspector/ \
|
|
&& cp -r /ironic-inspector/rootwrap.d/ /etc/ironic-inspector/ \
|
|
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic-inspector/rootwrap.conf
|
|
|
|
COPY ironic_sudoers_source /etc/sudoers.d/kolla_ironic_inspector_sudoers
|
|
|
|
{% endif %}
|
|
|
|
COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
|
|
|
|
RUN chmod 750 /etc/sudoers.d \
|
|
&& chmod 440 /etc/sudoers.d/kolla_ironic_inspector_sudoers \
|
|
&& chmod 755 /usr/local/bin/kolla_ironic_extend_start
|
|
|
|
{% block ironic_inspector_footer %}{% endblock %}
|
|
{% block footer %}{% endblock %}
|
|
|
|
USER ironic
|