From 37e257913c161905f96cde8e783aaa501a4e419d Mon Sep 17 00:00:00 2001 From: Thiago da Silva Date: Fri, 3 May 2019 16:52:53 -0400 Subject: [PATCH] Add Dockerfile to build a SAIO container image Added Dockerfile and configuration files under the new `docker` directory to build a Swift All in One container image. The primary goal of this container image is to provide application developers with a Swift/S3 endpoint that can be tested against during the development cycle. Added Zuul jobs to build docker container Change-Id: Ib10975a1862a4fa8c4eeaba139837cf1f22b272a --- .dockerignore | 11 ++ .zuul.yaml | 54 +++++++++ Dockerfile | 76 +++++++++++++ docker/install_scripts/00_swift_needs.sh | 22 ++++ .../install_scripts/10_apk_install_prereqs.sh | 30 +++++ .../15_install_python_and_pip_src.sh | 56 ++++++++++ .../17_compile_liberasurecode.sh | 14 +++ .../install_scripts/20_pip_install_prereqs.sh | 31 ++++++ docker/install_scripts/50_swift_install.sh | 17 +++ .../install_scripts/60_pip_uninstall_dev.sh | 8 ++ .../install_scripts/99_apk_uninstall_dev.sh | 20 ++++ docker/install_scripts/python_test_dirs | 19 ++++ docker/rootfs/etc/cont-init.d/01_swift_logs | 4 + .../etc/cont-init.d/02_build_remakerings | 3 + docker/rootfs/etc/fix-attrs.d/logging | 2 + docker/rootfs/etc/fix-attrs.d/srv_node | 1 + docker/rootfs/etc/fix-attrs.d/swift | 4 + docker/rootfs/etc/fix-attrs.d/tmp | 1 + docker/rootfs/etc/profile | 11 ++ docker/rootfs/etc/rsyncd.conf | 23 ++++ docker/rootfs/etc/rsyslog.conf | 64 +++++++++++ docker/rootfs/etc/rsyslog.d/00-swift.conf | 16 +++ docker/rootfs/etc/rsyslog.d/50-default.conf | 68 ++++++++++++ docker/rootfs/etc/services.d/memcached/run | 3 + .../rootfs/etc/services.d/swift-account/run | 5 + .../rootfs/etc/services.d/swift-container/run | 5 + docker/rootfs/etc/services.d/swift-object/run | 4 + docker/rootfs/etc/services.d/swift-proxy/run | 5 + .../etc/socklog.rules/swift_account_server | 3 + docker/rootfs/etc/socklog.rules/swift_all | 7 ++ .../etc/socklog.rules/swift_container_server | 3 + .../etc/socklog.rules/swift_object_server | 3 + .../etc/socklog.rules/swift_proxy_server | 3 + docker/rootfs/etc/swift/account-server.conf | 25 +++++ docker/rootfs/etc/swift/container-server.conf | 27 +++++ docker/rootfs/etc/swift/object-server.conf | 26 +++++ docker/rootfs/etc/swift/proxy-server.conf | 105 ++++++++++++++++++ docker/rootfs/etc/swift/swift.conf | 17 +++ docker/rootfs/etc/swift_build/build_devices | 62 +++++++++++ .../rootfs/etc/swift_build/build_remakerings | 36 ++++++ docker/rootfs/etc/swift_build/prepare_rings | 6 + 41 files changed, 900 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100755 docker/install_scripts/00_swift_needs.sh create mode 100755 docker/install_scripts/10_apk_install_prereqs.sh create mode 100755 docker/install_scripts/15_install_python_and_pip_src.sh create mode 100755 docker/install_scripts/17_compile_liberasurecode.sh create mode 100755 docker/install_scripts/20_pip_install_prereqs.sh create mode 100755 docker/install_scripts/50_swift_install.sh create mode 100755 docker/install_scripts/60_pip_uninstall_dev.sh create mode 100755 docker/install_scripts/99_apk_uninstall_dev.sh create mode 100644 docker/install_scripts/python_test_dirs create mode 100644 docker/rootfs/etc/cont-init.d/01_swift_logs create mode 100644 docker/rootfs/etc/cont-init.d/02_build_remakerings create mode 100644 docker/rootfs/etc/fix-attrs.d/logging create mode 100644 docker/rootfs/etc/fix-attrs.d/srv_node create mode 100644 docker/rootfs/etc/fix-attrs.d/swift create mode 100644 docker/rootfs/etc/fix-attrs.d/tmp create mode 100644 docker/rootfs/etc/profile create mode 100644 docker/rootfs/etc/rsyncd.conf create mode 100644 docker/rootfs/etc/rsyslog.conf create mode 100644 docker/rootfs/etc/rsyslog.d/00-swift.conf create mode 100644 docker/rootfs/etc/rsyslog.d/50-default.conf create mode 100644 docker/rootfs/etc/services.d/memcached/run create mode 100644 docker/rootfs/etc/services.d/swift-account/run create mode 100644 docker/rootfs/etc/services.d/swift-container/run create mode 100644 docker/rootfs/etc/services.d/swift-object/run create mode 100644 docker/rootfs/etc/services.d/swift-proxy/run create mode 100644 docker/rootfs/etc/socklog.rules/swift_account_server create mode 100644 docker/rootfs/etc/socklog.rules/swift_all create mode 100644 docker/rootfs/etc/socklog.rules/swift_container_server create mode 100644 docker/rootfs/etc/socklog.rules/swift_object_server create mode 100644 docker/rootfs/etc/socklog.rules/swift_proxy_server create mode 100644 docker/rootfs/etc/swift/account-server.conf create mode 100644 docker/rootfs/etc/swift/container-server.conf create mode 100644 docker/rootfs/etc/swift/object-server.conf create mode 100644 docker/rootfs/etc/swift/proxy-server.conf create mode 100644 docker/rootfs/etc/swift/swift.conf create mode 100755 docker/rootfs/etc/swift_build/build_devices create mode 100755 docker/rootfs/etc/swift_build/build_remakerings create mode 100755 docker/rootfs/etc/swift_build/prepare_rings diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..e8bdd7d5cc --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +.tox +api-ref +cover +doc/manpages +doc/s3api +doc/source +examples +releasenotes +.stestr +test +tools diff --git a/.zuul.yaml b/.zuul.yaml index 7ddfbe796a..7190c5b740 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -311,6 +311,52 @@ tox_environment: TMPDIR: '{{ ansible_env.HOME }}/xfstmp' +# Image building jobs +- secret: + name: swift-dockerhub + data: + username: screamingfrenzy + password: !encrypted/pkcs1-oaep + - NvKH8qHFlB4sPvQHMQprl+tHb/0SxjdWnMMdzPV8ch2nwle5INlkRcZHg7tB2GEhU6iMN + x7QHeKbkb7Vt0ZqOLpXGyjZ/OIiXD+v47Ef+a+k+7nu8xXuIXWNKQGK0moYUz8A6DKn8e + 4ft67I39hoCXifSsMTUvtrz5P3wc2FleyzngOnNxbUD/UxNnbe6RdweRjZpfM4V/mWfqX + B0fdDuyFf2ws+Y7Tfic7/wnqlTshHOdEaAO2Afzie441kpJ/r3ZysAsE7QZrmU2GNQhT2 + rEmtViXu++1nun+D4nbpKUsq5RBpymK7jkffn0kNLaDNbxTWaAdiQMwUMq1Vn2dzpSGuA + TtZAmO05SOvsEkakM58328vpXvz95DUKGyZVeVVt4GNTZ3hfGDZ4nxz76VgtEPCrG3YOz + jkYiDaKBPDvRzuy71xXUaYdf7W8Ts3rJXq6KZDHl80GnlArwvyVX+KglQ5mX1EMMU+6Q3 + LYMKWB/DXKcSYwJkumQe1woZzQqgbqNRZaaxUPQv99MRvk9BZksaAFrnCPH7IAJNDI3sO + LCRmFX5Z0WqmzScAubH3+eRleKNDwBVp1VlHI+jtHRT6xtg32klPzo0FoX+iw0OFY1qpF + 7A6aHgjsCVRuKMjt0kA8QV278A+bm5ZdyWAG9CWZ1+GEl3/9IPYiXbEyW1bPFw= + +- job: + name: swift-build-image + parent: opendev-build-docker-image + description: Build SAIO docker images. + vars: &swift_image_vars + docker_images: + - context: . + repository: openstackswift/saio + +- job: + name: swift-upload-image + parent: opendev-upload-docker-image + description: Build SAIO docker images and upload to Docker Hub. + secrets: + name: docker_credentials + secret: swift-dockerhub + pass-to-parent: true + vars: *swift_image_vars + +- job: + name: swift-promote-image + parent: opendev-promote-docker-image + description: Promote previously uploaded Docker images. + secrets: + name: docker_credentials + secret: swift-dockerhub + pass-to-parent: true + vars: *swift_image_vars + - project: templates: - publish-openstack-docs-pti @@ -319,6 +365,10 @@ - release-notes-jobs-python3 check: jobs: + - swift-build-image: + irrelevant-files: + - ^(api-ref|doc|releasenotes)/.*$ + - ^test/(functional|probe)/.*$ - swift-tox-py27: irrelevant-files: - ^(api-ref|doc|releasenotes)/.*$ @@ -407,6 +457,7 @@ # using irrelevant-files). Exceptions should mainly be made for # long-running jobs, like probetests or (once they move to # in-tree definitions) dsvm jobs. + - swift-upload-image - swift-tox-py27 - swift-tox-py37 - swift-tox-func @@ -452,3 +503,6 @@ post: jobs: - publish-openstack-python-branch-tarball + promote: + jobs: + - swift-promote-image diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000000..00b16b434c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,76 @@ +################################################ +# +# Alpine 3.7 Swift-All-In-One +# +################################################ + +FROM alpine:3.7 +MAINTAINER Openstack Swift + +ENV S6_LOGGING 1 +ENV S6_VERSION 1.21.4.0 +ENV SOCKLOG_VERSION 3.0.1-1 +ENV ARCH amd64 +ENV BUILD_DIR "/tmp" +ENV ENV="/etc/profile" + +#COPY docker/install_scripts /install_scripts +COPY . /opt/swift + +ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_VERSION/s6-overlay-$ARCH.tar.gz /tmp/ +ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_VERSION/s6-overlay-$ARCH.tar.gz.sig /tmp/ +ADD https://github.com/just-containers/socklog-overlay/releases/download/v$SOCKLOG_VERSION/socklog-overlay-$ARCH.tar.gz /tmp/ + +RUN mkdir /etc/swift && \ + echo && \ + echo && \ + echo && \ + echo "================ starting swift_needs ===================" && \ + /opt/swift/docker/install_scripts/00_swift_needs.sh && \ + echo && \ + echo && \ + echo && \ + echo "================ starting apk_install_prereqs ===================" && \ + /opt/swift/docker/install_scripts/10_apk_install_prereqs.sh && \ + echo && \ + echo && \ + echo && \ + echo "================ compiling liberasurecode ===================" && \ + /opt/swift/docker/install_scripts/17_compile_liberasurecode.sh && \ + echo && \ + echo && \ + echo && \ + echo "================ starting swift_install ===================" && \ + /opt/swift/docker/install_scripts/50_swift_install.sh && \ + echo && \ + echo && \ + echo && \ + echo "================ installing s6-overlay ===================" && \ + curl https://keybase.io/justcontainers/key.asc | gpg --import && \ + gpg --verify /tmp/s6-overlay-$ARCH.tar.gz.sig /tmp/s6-overlay-$ARCH.tar.gz && \ + gunzip -c /tmp/s6-overlay-$ARCH.tar.gz | tar -xf - -C / && \ + gunzip -c /tmp/socklog-overlay-amd64.tar.gz | tar -xf - -C / && \ + rm -rf /tmp/s6-overlay* && \ + rm -rf /tmp/socklog-overlay* && \ + echo && \ + echo && \ + echo && \ + echo "================ starting pip_uninstall_dev ===================" && \ + /opt/swift/docker/install_scripts/60_pip_uninstall_dev.sh && \ + echo && \ + echo && \ + echo && \ + echo "================ starting apk_uninstall_dev ===================" && \ + /opt/swift/docker/install_scripts/99_apk_uninstall_dev.sh && \ + echo && \ + echo && \ + echo && \ + echo "================ clean up ===================" && \ + echo "TODO: cleanup" + #rm -rf /opt/swift + + +# Add Swift required configuration files +COPY docker/rootfs / + +ENTRYPOINT ["/init"] diff --git a/docker/install_scripts/00_swift_needs.sh b/docker/install_scripts/00_swift_needs.sh new file mode 100755 index 0000000000..89e737f500 --- /dev/null +++ b/docker/install_scripts/00_swift_needs.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +# adduser -D -H syslog && \ +for user in "swift"; do + id -u $user > /dev/null 2>&1 + if [ ! $? == '0' ]; then + adduser -D $user + printf "created user $user\n" + fi +done +printf "\n" +# mkdir /srv/node && \ +# mkdir /var/spool/rsyslog && \ +# chown -R swift:swift /srv/node/ && \ +for dirname in "/srv/node" "$HOME/bin" "/opt" "/var/cache/swift" " /var/log/socklog/swift" "/var/log/swift/" "/var/run/swift"; do + if [ ! -d $dirname ]; then + mkdir -p $dirname + printf "created $dirname\n" + fi +done +# mkdir -p $HOME/bin && \ +# mkdir -p /opt diff --git a/docker/install_scripts/10_apk_install_prereqs.sh b/docker/install_scripts/10_apk_install_prereqs.sh new file mode 100755 index 0000000000..58ee435a3f --- /dev/null +++ b/docker/install_scripts/10_apk_install_prereqs.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +apk add --update \ + linux-headers \ + gnupg \ + git \ + curl \ + rsync \ + memcached \ + openssl \ + openssl-dev \ + sqlite \ + sqlite-libs \ + sqlite-dev \ + xfsprogs \ + autoconf \ + automake \ + libtool \ + make \ + zlib-dev \ + g++ \ + libffi \ + libffi-dev \ + libxslt \ + libxslt-dev \ + libxml2 \ + libxml2-dev \ + python \ + python-dev \ + py-pip diff --git a/docker/install_scripts/15_install_python_and_pip_src.sh b/docker/install_scripts/15_install_python_and_pip_src.sh new file mode 100755 index 0000000000..286523db3b --- /dev/null +++ b/docker/install_scripts/15_install_python_and_pip_src.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +echo +echo +echo +echo "building python and pip" + +# export PATH=$PATH:/usr/include + +mkdir $BUILD_DIR/python27 +mkdir $BUILD_DIR/python36 + +echo +echo +echo +echo "building python 2.7.15" + +cd $BUILD_DIR/python27 +wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tgz +tar -zxvf Python-2.7.15.tgz +cd Python-2.7.15 +./configure --enable-optimizations +make +make DESTDIR=/opt/python27 install + +echo +echo +echo +echo "building python 3.6.5" + +cd $BUILD_DIR/python36 +wget https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tgz +tar -zxvf Python-3.6.5.tgz +cd Python-3.6.5 +./configure --enable-optimizations +make +make DESTDIR=/opt/python36 install + +export PATH=$PATH:/opt/python27/usr/local/bin:/opt/python36/usr/local/bin +echo "export PATH=$PATH:/opt/python27/usr/local/bin:/opt/python36/usr/local/bin" >> /etc/profile + +echo +echo +echo +echo "building pip" +wget https://bootstrap.pypa.io/get-pip.py +python ./get-pip.py + +echo +echo +echo +echo "deleting python internal test dirs" +for f in `cat /opt/swift/docker/install_scripts/python_test_dirs` ; do rm -rf $f; done + +rm -rf $BUILD_DIR/python27 +rm -rf $BUILD_DIR/python36 diff --git a/docker/install_scripts/17_compile_liberasurecode.sh b/docker/install_scripts/17_compile_liberasurecode.sh new file mode 100755 index 0000000000..c346d4898f --- /dev/null +++ b/docker/install_scripts/17_compile_liberasurecode.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Get liberasurecode +cd $BUILD_DIR +git clone https://github.com/openstack/liberasurecode.git +cd liberasurecode/ +./autogen.sh +./configure +make +#make test +make install +# cp -r /usr/local/lib /usr/lib/python3.6/site-packages/ && \ +cd $BUILD_DIR +rm -rf $BUILD_DIR/liberasurecode diff --git a/docker/install_scripts/20_pip_install_prereqs.sh b/docker/install_scripts/20_pip_install_prereqs.sh new file mode 100755 index 0000000000..fe41b3b367 --- /dev/null +++ b/docker/install_scripts/20_pip_install_prereqs.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +echo "+ + + + + + + + + + upgrading pip" && \ +pip install -U pip && \ +cd /opt/swift && \ +pip install -r requirements.txt + +#echo "+ + + + + + + + + + installing pastedeploy" && \ +#pip install pastedeploy && \ +#echo "+ + + + + + + + + + installing eventlet" && \ +#pip install eventlet && \ +#echo "+ + + + + + + + + + installing greenlet" && \ +#pip install greenlet && \ +#echo "+ + + + + + + + + + installing netifaces" && \ +#pip install netifaces && \ +#echo "+ + + + + + + + + + installing setuptools" && \ +#pip install setuptools && \ +#echo "+ + + + + + + + + + installing requests" && \ +#pip install requests && \ +#echo "+ + + + + + + + + + installing six" && \ +#pip install six && \ +#echo "+ + + + + + + + + + installing cryptography" && \ +#pip install cryptography && \ +#echo "+ + + + + + + + + + installing dnspython" && \ +#pip install dnspython +#echo "+ + + + + + + + + + installing xattr" && \ +#pip install xattr +#echo "+ + + + + + + + + + installing pyeclib" && \ +#pip install pyeclib +#echo "+ + + + + + + + + + installing lxml" && \ +#pip install lxml diff --git a/docker/install_scripts/50_swift_install.sh b/docker/install_scripts/50_swift_install.sh new file mode 100755 index 0000000000..5a6ec2c6ef --- /dev/null +++ b/docker/install_scripts/50_swift_install.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +pip install -U pip && \ +cd /opt/swift && \ +pip install -r requirements.txt && \ +pip install -e . + +cp doc/saio/bin/* $HOME/bin +chmod +x $HOME/bin/* +sed -i "s/bash/sh/g" $HOME/bin/* +sed -i "s/sudo //g" $HOME/bin/* +mkdir /root/tmp +echo "export PATH=${PATH}:$HOME/bin" >> $HOME/.shrc +echo "export PYTHON_EGG_CACHE=/root/tmp" >> $HOME/.shrc +echo "export ENV=$HOME/.shrc" >> $HOME/.profile +chmod +x $HOME/.shrc +chmod +x $HOME/.profile diff --git a/docker/install_scripts/60_pip_uninstall_dev.sh b/docker/install_scripts/60_pip_uninstall_dev.sh new file mode 100755 index 0000000000..081b4292b6 --- /dev/null +++ b/docker/install_scripts/60_pip_uninstall_dev.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +echo "- - - - - - - - uninstalling simplejson" +pip uninstall --yes simplejson +echo "- - - - - - - - uninstalling pyopenssl" +pip uninstall --yes pyopenssl +echo "- - - - - - - - deleting python3-dev residue (config-3.6m-x86_64-linux-gnu)" +rm -rf /opt/usr/local/lib/python3.6/config-3.6m-x86_64-linux-gnu/ diff --git a/docker/install_scripts/99_apk_uninstall_dev.sh b/docker/install_scripts/99_apk_uninstall_dev.sh new file mode 100755 index 0000000000..34c9fc4fc4 --- /dev/null +++ b/docker/install_scripts/99_apk_uninstall_dev.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +cd / +rm -rf /build + +apk del gnupg +apk del git +apk del openssl-dev +apk del sqlite-dev +apk del autoconf +apk del automake +apk del libtool +apk del make +apk del zlib-dev +apk del g++ +apk del libffi-dev +apk del libxslt-dev +apk del libxml2-dev +apk del python-dev +rm -rf /var/cache/apk/* diff --git a/docker/install_scripts/python_test_dirs b/docker/install_scripts/python_test_dirs new file mode 100644 index 0000000000..593815e8f0 --- /dev/null +++ b/docker/install_scripts/python_test_dirs @@ -0,0 +1,19 @@ +/opt/python/usr/local/lib/python3.6//ctypes/test +/opt/python/usr/local/lib/python3.6//distutils/tests +/opt/python/usr/local/lib/python3.6//idlelib/idle_test +/opt/python/usr/local/lib/python3.6//lib2to3/tests +/opt/python/usr/local/lib/python3.6//sqlite3/test +/opt/python/usr/local/lib/python3.6//test +/opt/python/usr/local/lib/python3.6//tkinter/test +/opt/python/usr/local/lib/python2.7/bsddb/test +/opt/python/usr/local/lib/python2.7/ctypes/test +/opt/python/usr/local/lib/python2.7/distutils/tests +/opt/python/usr/local/lib/python2.7/email/test +/opt/python/usr/local/lib/python2.7/idlelib/idle_test +/opt/python/usr/local/lib/python2.7/json/tests +/opt/python/usr/local/lib/python2.7/lib-tk/test +/opt/python/usr/local/lib/python2.7/lib2to3/tests +/opt/python/usr/local/lib/python2.7/site-packages/simplejson/tests +/opt/python/usr/local/lib/python2.7/sqlite3/test +/opt/python/usr/local/lib/python2.7/test +/opt/python/usr/local/lib/python2.7/unittest/test diff --git a/docker/rootfs/etc/cont-init.d/01_swift_logs b/docker/rootfs/etc/cont-init.d/01_swift_logs new file mode 100644 index 0000000000..fcc3e4c6a8 --- /dev/null +++ b/docker/rootfs/etc/cont-init.d/01_swift_logs @@ -0,0 +1,4 @@ +#!/bin/sh + +s6-setuidgid swift ln -s /var/log/socklog/swift/swift_all/current /var/log/swift/all.log +s6-setuidgid swift ln -s /var/log/socklog/swift/proxy_server/current /var/log/swift/proxy_access.log diff --git a/docker/rootfs/etc/cont-init.d/02_build_remakerings b/docker/rootfs/etc/cont-init.d/02_build_remakerings new file mode 100644 index 0000000000..e49d4a911a --- /dev/null +++ b/docker/rootfs/etc/cont-init.d/02_build_remakerings @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv sh + +exec s6-setuidgid swift /etc/swift_build/prepare_rings diff --git a/docker/rootfs/etc/fix-attrs.d/logging b/docker/rootfs/etc/fix-attrs.d/logging new file mode 100644 index 0000000000..a8de639776 --- /dev/null +++ b/docker/rootfs/etc/fix-attrs.d/logging @@ -0,0 +1,2 @@ +/var/log/swift true swift 0755 0755 +/var/spool/rsyslog true syslog 0700 0700 diff --git a/docker/rootfs/etc/fix-attrs.d/srv_node b/docker/rootfs/etc/fix-attrs.d/srv_node new file mode 100644 index 0000000000..adee7ec5e8 --- /dev/null +++ b/docker/rootfs/etc/fix-attrs.d/srv_node @@ -0,0 +1 @@ +/srv/node true swift 0700 0700 diff --git a/docker/rootfs/etc/fix-attrs.d/swift b/docker/rootfs/etc/fix-attrs.d/swift new file mode 100644 index 0000000000..bf368314aa --- /dev/null +++ b/docker/rootfs/etc/fix-attrs.d/swift @@ -0,0 +1,4 @@ +/etc/swift true swift 0700 0700 +/etc/swift/mime.types true swift 0700 0700 +/var/run/swift true swift 0755 0755 +/var/cache/swift true swift 0755 0755 diff --git a/docker/rootfs/etc/fix-attrs.d/tmp b/docker/rootfs/etc/fix-attrs.d/tmp new file mode 100644 index 0000000000..8a6d27a5c0 --- /dev/null +++ b/docker/rootfs/etc/fix-attrs.d/tmp @@ -0,0 +1 @@ +/tmp true root 0700 0700 diff --git a/docker/rootfs/etc/profile b/docker/rootfs/etc/profile new file mode 100644 index 0000000000..9ad1060e20 --- /dev/null +++ b/docker/rootfs/etc/profile @@ -0,0 +1,11 @@ +export CHARSET=UTF-8 +export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/python/usr/local/bin +export PAGER=less +export PS1='\h:\w\$ ' +umask 022 + +for script in /etc/profile.d/*.sh ; do + if [ -r $script ] ; then + . $script + fi +done diff --git a/docker/rootfs/etc/rsyncd.conf b/docker/rootfs/etc/rsyncd.conf new file mode 100644 index 0000000000..2d4a1fb35d --- /dev/null +++ b/docker/rootfs/etc/rsyncd.conf @@ -0,0 +1,23 @@ +uid = swift +gid = swift +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +address = 127.0.0.1 + +[account] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/account.lock + +[container] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/container.lock + +[object] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/object.lock diff --git a/docker/rootfs/etc/rsyslog.conf b/docker/rootfs/etc/rsyslog.conf new file mode 100644 index 0000000000..fa42783dab --- /dev/null +++ b/docker/rootfs/etc/rsyslog.conf @@ -0,0 +1,64 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html +# +# Default logging rules can be found in /etc/rsyslog.d/50-default.conf + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +#$ModLoad imklog # provides kernel logging support +#$ModLoad immark # provides --MARK-- message capability + +# provides UDP syslog reception +#$ModLoad imudp +#$UDPServerRun 514 + +# provides TCP syslog reception +#$ModLoad imtcp +#$InputTCPServerRun 514 + +# Enable non-kernel facility klog messages +$KLogPermitNonKernelFacility on + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# Filter duplicated messages +$RepeatedMsgReduction on + +# Disable rate-limiting of log entries +$SystemLogRateLimitInterval 0 +$SystemLogRateLimitBurst 0 + +# +# Set the default permissions for all log files. +# +$FileOwner syslog +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 +$PrivDropToUser syslog +$PrivDropToGroup syslog + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/docker/rootfs/etc/rsyslog.d/00-swift.conf b/docker/rootfs/etc/rsyslog.d/00-swift.conf new file mode 100644 index 0000000000..00adb57258 --- /dev/null +++ b/docker/rootfs/etc/rsyslog.d/00-swift.conf @@ -0,0 +1,16 @@ +# NOTE: we used to enable UDP logging here, but we switched +# back to just unix domain socket. + +#$imjournalRatelimitInterval 60 +#$imjournalRatelimitBurst 600000 + +# *.* @127.0.0.1:514 + +# Log all Swift proxy-server access log lines (local2) to +# /var/log/swift/proxy_access.log +local2.* /var/log/swift/proxy_access.log;RSYSLOG_FileFormat + +# Log all Swift lines to /var/log/swift/all.log +# AND PREVENT FURTHER LOGGING OF THEM (eg. to /var/log/syslog) +local0.*;local2.* /var/log/swift/all.log;RSYSLOG_TraditionalFileFormat +& ~ diff --git a/docker/rootfs/etc/rsyslog.d/50-default.conf b/docker/rootfs/etc/rsyslog.d/50-default.conf new file mode 100644 index 0000000000..d8283d485d --- /dev/null +++ b/docker/rootfs/etc/rsyslog.d/50-default.conf @@ -0,0 +1,68 @@ +# Default rules for rsyslog. +# +# For more information see rsyslog.conf(5) and /etc/rsyslog.conf + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +#daemon.* -/var/log/daemon.log +#kern.* -/var/log/kern.log +#lpr.* -/var/log/lpr.log +#mail.* -/var/log/mail.log +#user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +#mail.info -/var/log/mail.info +#mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +#*.=debug;\ +# auth,authpriv.none;\ +# news.none;mail.none -/var/log/debug +#*.=info;*.=notice;*.=warn;\ +# auth,authpriv.none;\ +# cron,daemon.none;\ +# mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/xconsole diff --git a/docker/rootfs/etc/services.d/memcached/run b/docker/rootfs/etc/services.d/memcached/run new file mode 100644 index 0000000000..a6d5f994d6 --- /dev/null +++ b/docker/rootfs/etc/services.d/memcached/run @@ -0,0 +1,3 @@ +#!/usr/bin/execlineb -P + +memcached -u root -l 127.0.0.1 diff --git a/docker/rootfs/etc/services.d/swift-account/run b/docker/rootfs/etc/services.d/swift-account/run new file mode 100644 index 0000000000..f310983146 --- /dev/null +++ b/docker/rootfs/etc/services.d/swift-account/run @@ -0,0 +1,5 @@ +#!/bin/sh +source /etc/profile + +# swift-account-server /etc/swift/account-server.conf +exec s6-setuidgid swift swift-init account restart --no-daemon diff --git a/docker/rootfs/etc/services.d/swift-container/run b/docker/rootfs/etc/services.d/swift-container/run new file mode 100644 index 0000000000..0ed34dad05 --- /dev/null +++ b/docker/rootfs/etc/services.d/swift-container/run @@ -0,0 +1,5 @@ +#!/bin/sh +source /etc/profile + +# swift-container-server /etc/swift/container-server.conf +exec s6-setuidgid swift swift-init container restart --no-daemon diff --git a/docker/rootfs/etc/services.d/swift-object/run b/docker/rootfs/etc/services.d/swift-object/run new file mode 100644 index 0000000000..80f8c8d618 --- /dev/null +++ b/docker/rootfs/etc/services.d/swift-object/run @@ -0,0 +1,4 @@ +#!/bin/sh +source /etc/profile + +exec s6-setuidgid swift swift-init object restart --no-daemon diff --git a/docker/rootfs/etc/services.d/swift-proxy/run b/docker/rootfs/etc/services.d/swift-proxy/run new file mode 100644 index 0000000000..be73b5398d --- /dev/null +++ b/docker/rootfs/etc/services.d/swift-proxy/run @@ -0,0 +1,5 @@ +#!/bin/sh +source /etc/profile + +# swift-proxy-server /etc/swift/proxy-server.conf +exec s6-setuidgid swift swift-init proxy restart --no-daemon diff --git a/docker/rootfs/etc/socklog.rules/swift_account_server b/docker/rootfs/etc/socklog.rules/swift_account_server new file mode 100644 index 0000000000..7a8ddb8ea0 --- /dev/null +++ b/docker/rootfs/etc/socklog.rules/swift_account_server @@ -0,0 +1,3 @@ +- ++\local5.* +/var/log/socklog/swift/account_server diff --git a/docker/rootfs/etc/socklog.rules/swift_all b/docker/rootfs/etc/socklog.rules/swift_all new file mode 100644 index 0000000000..6ce9c899dc --- /dev/null +++ b/docker/rootfs/etc/socklog.rules/swift_all @@ -0,0 +1,7 @@ +- ++\local5.* ++\local4.* ++\local3.* ++\local2.* ++\local0.* +/var/log/socklog/swift/swift_all diff --git a/docker/rootfs/etc/socklog.rules/swift_container_server b/docker/rootfs/etc/socklog.rules/swift_container_server new file mode 100644 index 0000000000..428119e964 --- /dev/null +++ b/docker/rootfs/etc/socklog.rules/swift_container_server @@ -0,0 +1,3 @@ +- ++\local4.* +/var/log/socklog/swift/container_server diff --git a/docker/rootfs/etc/socklog.rules/swift_object_server b/docker/rootfs/etc/socklog.rules/swift_object_server new file mode 100644 index 0000000000..e2e92fe9d2 --- /dev/null +++ b/docker/rootfs/etc/socklog.rules/swift_object_server @@ -0,0 +1,3 @@ +- ++\local3.* +/var/log/socklog/swift/object_server diff --git a/docker/rootfs/etc/socklog.rules/swift_proxy_server b/docker/rootfs/etc/socklog.rules/swift_proxy_server new file mode 100644 index 0000000000..b743082168 --- /dev/null +++ b/docker/rootfs/etc/socklog.rules/swift_proxy_server @@ -0,0 +1,3 @@ +- ++\local2.* +/var/log/socklog/swift/proxy_server diff --git a/docker/rootfs/etc/swift/account-server.conf b/docker/rootfs/etc/swift/account-server.conf new file mode 100644 index 0000000000..d8e95f73b7 --- /dev/null +++ b/docker/rootfs/etc/swift/account-server.conf @@ -0,0 +1,25 @@ +[DEFAULT] +devices = /srv/node/ +bind_ip = 127.0.0.1 +bind_port = 6002 +workers = 2 +mount_check = false +log_facility = LOG_LOCAL5 + +[pipeline:main] +pipeline = healthcheck recon account-server + +[app:account-server] +use = egg:swift#account + +[filter:recon] +use = egg:swift#recon + +[filter:healthcheck] +use = egg:swift#healthcheck + +[account-replicator] + +[account-auditor] + +[account-reaper] diff --git a/docker/rootfs/etc/swift/container-server.conf b/docker/rootfs/etc/swift/container-server.conf new file mode 100644 index 0000000000..db99c43d38 --- /dev/null +++ b/docker/rootfs/etc/swift/container-server.conf @@ -0,0 +1,27 @@ +[DEFAULT] +devices = /srv/node/ +bind_ip = 127.0.0.1 +bind_port = 6001 +workers = 2 +mount_check = false +log_facility = LOG_LOCAL4 + +[pipeline:main] +pipeline = healthcheck recon container-server + +[app:container-server] +use = egg:swift#container + +[filter:recon] +use = egg:swift#recon + +[filter:healthcheck] +use = egg:swift#healthcheck + +[container-replicator] + +[container-updater] + +[container-auditor] + +[container-sync] diff --git a/docker/rootfs/etc/swift/object-server.conf b/docker/rootfs/etc/swift/object-server.conf new file mode 100644 index 0000000000..3dc66aa610 --- /dev/null +++ b/docker/rootfs/etc/swift/object-server.conf @@ -0,0 +1,26 @@ +[DEFAULT] +devices = /srv/node/ +bind_ip = 127.0.0.1 +bind_port = 6000 +workers = 2 +mount_check = false +log_facility = LOG_LOCAL3 + +[pipeline:main] +pipeline = healthcheck recon object-server + +[app:object-server] +use = egg:swift#object + +[filter:recon] +use = egg:swift#recon + +[filter:healthcheck] +use = egg:swift#healthcheck + + +[object-replicator] + +[object-updater] + +[object-auditor] diff --git a/docker/rootfs/etc/swift/proxy-server.conf b/docker/rootfs/etc/swift/proxy-server.conf new file mode 100644 index 0000000000..56eb8b0b23 --- /dev/null +++ b/docker/rootfs/etc/swift/proxy-server.conf @@ -0,0 +1,105 @@ +[DEFAULT] +bind_ip = 0.0.0.0 +bind_port = 8080 +log_address = /dev/log +log_facility = LOG_LOCAL2 +log_headers = false +log_level = DEBUG +log_name = proxy-server +user = swift + +[pipeline:main] +pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats bulk tempurl ratelimit tempauth staticweb copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:proxy-logging] +use = egg:swift#proxy_logging + +[filter:bulk] +use = egg:swift#bulk + +[filter:ratelimit] +use = egg:swift#ratelimit + +[filter:crossdomain] +use = egg:swift#crossdomain + +[filter:dlo] +use = egg:swift#dlo + +[filter:slo] +use = egg:swift#slo + +[filter:container_sync] +use = egg:swift#container_sync +current = //saio/saio_endpoint + +[filter:s3api] +use = egg:swift#s3api +# Add this filter to your pipeline if you want to test with the S3 protocol. +s3_acl = yes +dns_compliant_bucket_names = no +check_bucket_owner = yes + +[filter:tempurl] +use = egg:swift#tempurl + +[filter:tempauth] +use = egg:swift#tempauth +user_admin_admin = admin .admin .reseller_admin +user_test_tester = testing .admin +user_test_tester2 = testing2 .admin +user_test_tester3 = testing3 +user_test2_tester2 = testing2 .admin + +[filter:staticweb] +use = egg:swift#staticweb + +[filter:account-quotas] +use = egg:swift#account_quotas + +[filter:container-quotas] +use = egg:swift#container_quotas + +[filter:cache] +use = egg:swift#memcache + +[filter:gatekeeper] +use = egg:swift#gatekeeper + +[filter:versioned_writes] +use = egg:swift#versioned_writes +allow_versioned_writes = true + +[filter:copy] +use = egg:swift#copy + +[filter:listing_formats] +use = egg:swift#listing_formats + +[filter:symlink] +use = egg:swift#symlink + +# To enable, add the s3api middleware to the pipeline before tempauth +[filter:s3api] +use = egg:swift#s3api + +# Example to create root secret: `openssl rand -base64 32` +[filter:keymaster] +use = egg:swift#keymaster +encryption_root_secret = changeme/changeme/changeme/changeme/change/= + +# To enable use of encryption add both middlewares to pipeline, example: +# keymaster encryption proxy-logging proxy-server +[filter:encryption] +use = egg:swift#encryption + +[app:proxy-server] +use = egg:swift#proxy +allow_account_management = true +account_autocreate = true diff --git a/docker/rootfs/etc/swift/swift.conf b/docker/rootfs/etc/swift/swift.conf new file mode 100644 index 0000000000..129a5d98a2 --- /dev/null +++ b/docker/rootfs/etc/swift/swift.conf @@ -0,0 +1,17 @@ +[swift-hash] +# random unique strings that can never change (DO NOT LOSE) +swift_hash_path_prefix = bd08f643f5663c4ec607 +swift_hash_path_suffix = f423bf7ab663888fe832 + +[storage-policy:0] +name = 1replica +default = true +policy_type = replication + +# [storage-policy:1] +# name = EC42 +# policy_type = erasure_coding +# ec_type = liberasurecode_rs_vand +# ec_num_data_fragments = 4 +# ec_num_parity_fragments = 2 +# ec_object_segment_size = 1048576 diff --git a/docker/rootfs/etc/swift_build/build_devices b/docker/rootfs/etc/swift_build/build_devices new file mode 100755 index 0000000000..90f1c9e6af --- /dev/null +++ b/docker/rootfs/etc/swift_build/build_devices @@ -0,0 +1,62 @@ +#!/usr/bin/with-contenv sh + +cd /etc/swift +DEV_SIZE="1GB" +# POLICIES="object container account" +MY_STORAGE_TYPE=${STORAGE_TYPE:-"internal_dirs"} +MY_DEVICE_COUNT=${DEVICE_COUNT:-6} + +echo "[[ checking --privileged ]]" +ip link add dummy0 type dummy >/dev/null +if [[ $? -eq 0 ]]; then + PRIVILEGED=true + # clean the dummy0 link + ip link delete dummy0 >/dev/null +else + PRIVILEGED=false +fi + +echo "storage type is $MY_STORAGE_TYPE. container is privileged? $PRIVILEGED" + +echo "[[ checking what to use as storage devices ]]" +DEVICE_LIST="" +if [[ $MY_STORAGE_TYPE == "external_devices" ]]; then + DEVICE_LIST=$(ls /dev/ | grep -i "swift-d") + MY_DEVICE_COUNT=$(wc -w $DEVICE_LIST) + echo " using external device. devices found: $DEVICE_LIST" +elif [[ $MY_DEVICE_COUNT -le 0 ]]; then + echo "Device count must be greater than 0" + exit -1 +else + for i in $(seq 0 $(( MY_DEVICE_COUNT-1 ))); do + DEVICE_LIST="$DEVICE_LIST swift-d$i" + done + # echo " using internal devices. devices to create: $DEVICE_LIST" +fi + +if [[ $MY_STORAGE_TYPE == "internal_devices" ]]; then + for device in $DEVICE_LIST; do + truncate -s $DEV_SIZE /dev/$device; + echo " created storage device /dev/swift-d$i of $DEV_SIZE"; + done +fi + +export PATH=$PATH:/opt/python/usr/local/bin/ + +echo "[[ creating directories ]]" +for dir in $DEVICE_LIST; do + mkdir -p /srv/node/$dir; + echo " created /srv/node/$dir"; +done + +if [[ $MY_STORAGE_TYPE == "internal_devices" ]] || [[ $MY_STORAGE_TYPE == "external_devices" ]]; then + echo "[[ formating and mounting storage devices ]] " + for device in $DEVICE_LIST; do + # truncate -s $DEV_SIZE /dev/swift-d$i; + # echo "created storage device /dev/swift-d$i of $DEV_SIZE"; + mkfs.xfs -f -L D$i -i size=512 /dev/$device; + echo " created XFS file system on device /dev/$device"; + mount -t xfs -o noatime,nodiratime,logbufs=8 /dev/$device /srv/node/$device; + echo " mounted /dev/$device as /srv/node/$device"; + done +fi diff --git a/docker/rootfs/etc/swift_build/build_remakerings b/docker/rootfs/etc/swift_build/build_remakerings new file mode 100755 index 0000000000..da1c842dbc --- /dev/null +++ b/docker/rootfs/etc/swift_build/build_remakerings @@ -0,0 +1,36 @@ +#!/usr/bin/with-contenv sh + +POLICIES="object container account" + +for p in $POLICIES; do + echo "swift-ring-builder $p.builder create 10 1 1" > /etc/swift/remakerings.$p; + echo "started /etc/swift/remakerings.$p with 'swift-ring-build create'" +done + + +for drive in `ls /srv/node/ | grep 'swift-d'`; do + echo "swift-ring-builder object.builder add r1z1-127.0.0.1:6000/$drive 1" >> /etc/swift/remakerings.object + echo "pushed command to add r1z1-127.0.0.1:6000/$drive to /etc/swift/remakerings.object" + echo "swift-ring-builder container.builder add r1z1-127.0.0.1:6001/$drive 1" >> /etc/swift/remakerings.container + echo "pushed command to add r1z1-127.0.0.1:6001/$drive to /etc/swift/remakerings.container" + echo "swift-ring-builder account.builder add r1z1-127.0.0.1:6002/$drive 1" >> /etc/swift/remakerings.account + echo "pushed command to add r1z1-127.0.0.1:6002/$drive to /etc/swift/remakerings.account" +done + +for p in $POLICIES; do + echo "swift-ring-builder $p.builder rebalance" >> /etc/swift/remakerings.$p; + echo "pushed command to rebalance ring into /etc/swift/remakerings.$p" +done + +echo "rm -f *.builder *.ring.gz backups/*.builder backups/*.ring.gz" > /etc/swift/remakerings +echo "created umbrella /etc/swift/remakerings, with deleting all ring files" + +for p in $POLICIES; do + cat /etc/swift/remakerings.$p >> /etc/swift/remakerings; + echo "pushed /etc/swift/remakerings.$p to /etc/swift/remakerings" + rm -f /etc/swift/remakerings.$p; + echo "deleted /etc/swift/remakerings.$p" +done + +chmod +x /etc/swift/remakerings +echo "made remaketings executable (+x)" diff --git a/docker/rootfs/etc/swift_build/prepare_rings b/docker/rootfs/etc/swift_build/prepare_rings new file mode 100755 index 0000000000..7b951ff223 --- /dev/null +++ b/docker/rootfs/etc/swift_build/prepare_rings @@ -0,0 +1,6 @@ +#!/usr/bin/with-contenv sh + +/etc/swift_build/build_devices +/etc/swift_build/build_remakerings +cd /etc/swift +/etc/swift/remakerings