79726bd9d5
Fluent Package v5 LTS will reach end of support at the end of 2025. Fluent Package v6 LTS will be supported until at least the end of 2027. This change updates the apt repository configuration and package version to use Fluent Package v6 LTS for Ubuntu, Debian and RHEL. No changes to existing Fluentd configuration files are required. Change-Id: Iaf3c4de859986629f9768563a319fe0385acff6a Signed-off-by: Piotr Milewski <vurmil@gmail.com>
352 lines
12 KiB
Django/Jinja
352 lines
12 KiB
Django/Jinja
FROM {{ base_image }}:{{ base_distro_tag }}
|
|
{% block labels %}
|
|
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
|
|
{% endblock %}
|
|
|
|
RUN . /etc/os-release;\
|
|
if [ "${PRETTY_NAME#{{ supported_distro_name }}}" = "$PRETTY_NAME" ]; then \
|
|
echo "Only releases \"{{ supported_distro_name }}\" are supported on {{ base_distro }}"; false; \
|
|
fi
|
|
|
|
# We use curl in this dockerfile so let configure it before first use
|
|
COPY curlrc /root/.curlrc
|
|
|
|
{% block base_lang %}
|
|
# NOTE(yoctozepto): use a UTF-8 (Unicode) locale like standard image installs do
|
|
# fixes issues arising from ascii fallback usage
|
|
ENV LANG en_US.UTF-8
|
|
{% endblock %}
|
|
|
|
LABEL kolla_version="{{ kolla_version }}"
|
|
|
|
{% import "macros.j2" as macros with context %}
|
|
{% block base_header %}{% endblock %}
|
|
|
|
ENV KOLLA_BASE_DISTRO={{ base_distro }} \
|
|
KOLLA_BASE_ARCH={{ base_arch }}
|
|
|
|
#### Customize PS1 to be used with bash shell
|
|
COPY kolla_bashrc /tmp/
|
|
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
|
|
&& cat /tmp/kolla_bashrc >> /root/.bashrc
|
|
|
|
# PS1 var when used /bin/sh shell
|
|
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
|
|
|
|
{% if base_package_type == 'rpm' %}
|
|
# For RPM Variants, enable the correct repositories - this should all be done
|
|
# in the base image so repos are consistent throughout the system. This also
|
|
# enables to provide repo overrides at a later date in a simple fashion if we
|
|
# desire such functionality. I think we will :)
|
|
|
|
ENV KOLLA_RPM_OVS_VERSION=3.5 \
|
|
KOLLA_RPM_OVN_VERSION=25.03
|
|
|
|
RUN cat /tmp/kolla_bashrc >> /etc/bashrc \
|
|
&& sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/dnf/dnf.conf
|
|
|
|
{% block base_dnf_conf %}
|
|
{% block base_yum_conf %}
|
|
|
|
COPY dnf.conf /etc/dnf/dnf.conf
|
|
|
|
{% endblock %}
|
|
{% endblock %}
|
|
|
|
#### BEGIN REPO ENABLEMENT
|
|
{% set base_yum_url_packages = [
|
|
] %}
|
|
|
|
{% set base_yum_repo_keys = [
|
|
] %}
|
|
|
|
{% block base_centos_repo_overrides_post_copy %}{% endblock %}
|
|
|
|
# Install what is needed for en_US.UTF-8
|
|
{% block base_centos_distro_sync_and_languages %}
|
|
|
|
{% set base_centos_language_packages = [
|
|
'langpacks-en',
|
|
'glibc-all-langpacks'
|
|
] %}
|
|
|
|
# NOTE(hrw): this macro file drops all languages other than C.UTF-8 so horizon fails
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1729770
|
|
RUN rm -f /etc/rpm/macros.image-language-conf \
|
|
&& {{ macros.install_packages(base_centos_language_packages | customizable("centos_language_packages"), chain=True, clean=False) }} \
|
|
&& {{ macros.rpm_security_update(clean_package_cache) }}
|
|
|
|
{% endblock %}
|
|
|
|
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
|
|
|
|
{% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
|
|
{%- if loop.first %}RUN {% else %} && {% endif -%}
|
|
rpm --import {{ key }}
|
|
{%- if not loop.last %} \{% endif %}
|
|
{% endfor -%}
|
|
|
|
{% for cmd in rpm_setup %}
|
|
{{ cmd }}
|
|
{% endfor %}
|
|
|
|
{% block base_centos_repo_overrides_post_rpm %}{% endblock %}
|
|
|
|
{% block base_centos_gpg_key_import %}
|
|
{% endblock %}
|
|
|
|
{% set base_centos_yum_repo_keys = [
|
|
] %}
|
|
|
|
{% set base_centos_yum_repo_packages = [
|
|
'centos-release-ceph-squid',
|
|
'centos-release-nfv-openvswitch',
|
|
'epel-release',
|
|
] %}
|
|
|
|
# We need 'dnf-plugins-core' for 'dnf config-manager'
|
|
{% set base_centos_yum_repo_packages = base_centos_yum_repo_packages + [
|
|
'dnf-plugins-core'
|
|
] %}
|
|
|
|
RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("centos_yum_repo_packages"), chain=True, clean=False) }}
|
|
|
|
{%- for key in base_centos_yum_repo_keys | customizable('centos_yum_repo_keys') %} && rpm --import {{ key }} {% endfor %} \
|
|
{% block base_centos_repo_overrides_post_yum %}{% endblock -%}
|
|
&& {{ macros.rpm_security_update(clean_package_cache) }}
|
|
|
|
{# NOTE(mnasiadka): dumb-init is only in EPEL10.1 onwards and RHEL/Rocky/clones use the same #}
|
|
{# EPEL release as the installed distro release #}
|
|
{# TODO: Remove it when Rocky 10.1 is out #}
|
|
RUN dnf config-manager --save --setopt=*.metalink="https://mirrors.fedoraproject.org/metalink?repo=epel-z-10.1&arch=\$basearch" epel
|
|
|
|
#### END REPO ENABLEMENT
|
|
|
|
{# We are back to the basic if conditional here which is:
|
|
if base_package_type == 'rpm' #}
|
|
|
|
{% block base_redhat_binary_versionlock %}{% endblock %}
|
|
|
|
{# NOTE(hrw): CentOS Stream 9 has curl-minimal, Rocky Linux 9 has curl so we do not install any #}
|
|
{% set base_centos_packages = [
|
|
'ca-certificates',
|
|
'crypto-policies-scripts',
|
|
'dumb-init',
|
|
'findutils',
|
|
'hostname',
|
|
'iproute',
|
|
'iscsi-initiator-utils',
|
|
'lsof',
|
|
'lvm2',
|
|
'ncurses',
|
|
'openssl',
|
|
'procps-ng',
|
|
'python3',
|
|
'python3-pip',
|
|
'socat',
|
|
'sudo',
|
|
'tar',
|
|
'util-linux',
|
|
'util-linux-user',
|
|
'which',
|
|
'patch'
|
|
] %}
|
|
|
|
# Install base packages
|
|
{{ macros.enable_extra_repos(['epel']) }}
|
|
{{ macros.install_packages(base_centos_packages | customizable("centos_packages") | customizable("centos_binary_packages") | customizable("centos_source_packages")) }}
|
|
|
|
{# endif for base_package_type rpm #}
|
|
{% elif base_package_type == 'deb' %}
|
|
# This will prevent questions from being asked during the install
|
|
ENV DEBIAN_FRONTEND noninteractive
|
|
|
|
# Reducing disk footprint
|
|
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
|
|
|
|
{% block base_ubuntu_package_pre %}
|
|
# curl and ca-certificates to fetch remote keys via http
|
|
# gnupg to fetch keys directly from keyserver
|
|
{% set base_ubuntu_package_pre_packages = [
|
|
'adduser',
|
|
'ca-certificates',
|
|
'curl',
|
|
'gnupg'
|
|
] %}
|
|
# ubuntu-cloud-keyring to install UCA packages
|
|
{% if base_distro == 'ubuntu' %}
|
|
{% set base_ubuntu_package_pre_packages = base_ubuntu_package_pre_packages + [
|
|
'ubuntu-cloud-keyring'
|
|
] %}
|
|
{% endif %}
|
|
{{ macros.install_packages(base_ubuntu_package_pre_packages | customizable("base_ubuntu_package_pre_packages")) }}
|
|
{% endblock %}
|
|
|
|
# Customize PS1 bash shell
|
|
# - enlarge 'system users' range so 'haproxy' package will not complain
|
|
# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939470
|
|
# - enlarge 'system groups' range so 'hacluster' user added in
|
|
# https://review.opendev.org/c/openstack/kolla/+/802671
|
|
# can be in 'haclient' group with same high uid
|
|
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc \
|
|
&& sed -i -e s/#*LAST_SYSTEM_UID=999/LAST_SYSTEM_UID=59999/g \
|
|
-e s/#*LAST_SYSTEM_GID=999/LAST_SYSTEM_GID=59999/g /etc/adduser.conf
|
|
|
|
{% block base_ubuntu_package_sources_list %}
|
|
{% if base_distro == 'debian' or ( base_distro == 'ubuntu' and base_arch == 'x86_64' ) %}
|
|
RUN rm -f /etc/apt/sources.list.d/{{ base_distro }}.sources
|
|
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
|
|
{% else %}
|
|
COPY sources.list.{{ base_distro }}.{{ base_arch }} /etc/apt/sources.list
|
|
{% endif %}
|
|
COPY sources.list /etc/apt/sources.list.d/kolla-custom.list
|
|
{% endblock %}
|
|
|
|
{% block base_debian_after_sources_list %}{% endblock %}
|
|
|
|
{# install Debian Openstack repos - they are not mirrored on CI #}
|
|
{% if base_distro == 'debian' %}
|
|
|
|
RUN apt update \
|
|
&& apt install -y --no-install-recommends extrepo \
|
|
&& extrepo enable openstack_{{ openstack_release_codename | lower }} \
|
|
&& apt purge -y extrepo \
|
|
&& apt --purge autoremove -y \
|
|
&& apt clean
|
|
|
|
{% endif %}
|
|
|
|
{% block base_ubuntu_package_apt_preferences %}
|
|
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
|
|
COPY apt_preferences /etc/apt/preferences.d/kolla-custom
|
|
{% endblock %}
|
|
|
|
{% set base_apt_packages = [
|
|
'apt-utils',
|
|
'dumb-init',
|
|
'systemd-standalone-sysusers',
|
|
'gawk',
|
|
'iproute2',
|
|
'kmod',
|
|
'lsof',
|
|
'lvm2',
|
|
'netbase',
|
|
'open-iscsi',
|
|
'procps',
|
|
'python3',
|
|
'python3-pip',
|
|
'socat',
|
|
'sudo',
|
|
'tgt',
|
|
'patch'
|
|
] %}
|
|
|
|
{% set base_apt_keys = [
|
|
{'name': 'erlang-ppa', 'keyid': 'F77F1EDA57EBB1CC'},
|
|
{'name': 'rabbitmq', 'keyid': '9F4587F226208342'},
|
|
{'name': 'haproxy', 'keyid': 'CFFB779AADC995E4F350A060505D97A41C61B9CD'},
|
|
] %}
|
|
|
|
{# NOTE(hrw): type field defaults to 'asc' which is used for single keys #}
|
|
{% set base_remote_apt_keys = [
|
|
{'name': 'docker-ce', 'url': 'https://download.docker.com/linux/debian/gpg'},
|
|
{'name': 'fluentd', 'url': 'https://fluentd.cdn.cncf.io/GPG-KEY-fluent-package'},
|
|
{'name': 'grafana', 'url': 'https://rpm.grafana.com/gpg.key'},
|
|
{'name': 'influxdb', 'url': 'https://repos.influxdata.com/influxdata-archive_compat.key'},
|
|
{'name': 'mariadb', 'url': 'https://downloads.mariadb.com/MariaDB/mariadb-keyring-2019.gpg', 'type': 'gpg'},
|
|
{'name': 'opensearch', 'url': 'https://artifacts.opensearch.org/publickeys/opensearch-release.pgp'},
|
|
{'name': 'proxysql', 'url': 'https://repo.proxysql.com/ProxySQL/proxysql-3.0.x/repo_pub_key'},
|
|
] %}
|
|
|
|
{% block base_ubuntu_package_installation %}
|
|
{%- block base_ubuntu_package_key_installation %}
|
|
{% for key in base_apt_keys | customizable('apt_keys') %}
|
|
{%- if loop.first %}RUN mkdir -p /etc/kolla/apt-keys/{% endif %} \
|
|
&& gpg --keyserver hkp://keyserver.ubuntu.com:80 \
|
|
{% if env.http_proxy %} --keyserver-options "http-proxy={{ env.http_proxy }}" {% endif %}\
|
|
--recv-keys {{ key.keyid }} \
|
|
&& gpg --export {{ key.keyid }} >/etc/kolla/apt-keys/{{ key.name }}.gpg
|
|
{%- if not loop.last %} \
|
|
{% endif -%}
|
|
{% endfor %}
|
|
{% for key in base_remote_apt_keys | customizable('remote_apt_keys') %}
|
|
{%- if loop.first %} RUN mkdir -p /etc/kolla/apt-keys/ {% endif %} \
|
|
&& curl {{ key.url }} -o /etc/kolla/apt-keys/{{ key.name }}.{{ key.type | default('asc') }}
|
|
{%- if not loop.last %} \
|
|
{% endif -%}
|
|
{% endfor %}
|
|
{% endblock %}
|
|
RUN apt-get --error-on=any update \
|
|
&& apt-get -y install locales \
|
|
&& sed -e "s/# $LANG UTF-8/$LANG UTF-8/g" /etc/locale.gen -i \
|
|
&& locale-gen "$LANG" \
|
|
&& apt-get -y upgrade \
|
|
&& apt-get -y dist-upgrade \
|
|
&& {{ macros.install_packages(base_apt_packages | customizable('apt_packages'), True) }} \
|
|
# NOTE: python3-pip installs dependent tzdata package and blocks mount in docker - 2091161
|
|
&& unlink /etc/localtime
|
|
|
|
{% endblock %}
|
|
|
|
{# endif base_package_type deb #}
|
|
{% endif %}
|
|
|
|
{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
|
|
{# Specifics required such as homedir or shell are configured within the service specific image #}
|
|
{%- for name, user in users | dictsort() %}
|
|
{% if loop.first -%}RUN {% else %} && {% endif -%}
|
|
groupadd --gid {{ user.gid }} {{ user.group }} \
|
|
&& useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
|
|
{%- if not loop.last %} \{% endif -%}
|
|
{%- endfor %}
|
|
|
|
{% if base_distro == 'centos' %}
|
|
RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
|
|
&& sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
|
|
{% endif %}
|
|
|
|
COPY set_configs.py /usr/local/bin/kolla_set_configs
|
|
COPY start.sh /usr/local/bin/kolla_start
|
|
COPY copy_cacerts.sh /usr/local/bin/kolla_copy_cacerts
|
|
COPY install_projects.sh /usr/local/bin/kolla_install_projects
|
|
COPY httpd_setup.sh /usr/local/bin/kolla_httpd_setup
|
|
COPY kolla_patch.sh /usr/local/bin/kolla_patch
|
|
COPY sudoers /etc/sudoers
|
|
|
|
{% if use_dumb_init %}
|
|
ENTRYPOINT ["dumb-init", "--single-child", "--"]
|
|
{% endif %}
|
|
|
|
{% if docker_healthchecks %}
|
|
{% block healthcheck_installation %}
|
|
|
|
COPY healthcheck_curl healthcheck_filemod healthcheck_listen healthcheck_port healthcheck_socket /usr/local/bin/
|
|
RUN chmod 755 /usr/local/bin/healthcheck_*
|
|
|
|
{% endblock %}
|
|
{% endif %}
|
|
|
|
RUN touch /usr/local/bin/kolla_extend_start \
|
|
&& chmod 755 /usr/local/bin/kolla_start \
|
|
/usr/local/bin/kolla_set_configs \
|
|
/usr/local/bin/kolla_copy_cacerts \
|
|
/usr/local/bin/kolla_install_projects \
|
|
/usr/local/bin/kolla_patch \
|
|
&& chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_httpd_setup \
|
|
&& chmod 440 /etc/sudoers \
|
|
&& mkdir -p /var/log/kolla \
|
|
&& chown :kolla /var/log/kolla \
|
|
&& chmod 2775 /var/log/kolla \
|
|
&& rm -f /tmp/kolla_bashrc
|
|
|
|
{% block base_pip_conf %}
|
|
# the variables like PIP_INDEX_URL, PIP_EXTRA_INDEX_URL, PIP_TRUSTED_HOST etc. should be defined here.
|
|
# ENV PIP_INDEX_URL=https://pypi.python.org/simple
|
|
# ENV PIP_TRUSTED_HOST=pypi.python.org
|
|
{% endblock %}
|
|
|
|
{{ macros.kolla_patch_sources() }}
|
|
|
|
{% block base_footer %}{% endblock %}
|
|
CMD ["kolla_start"]
|