openstack
/
kolla
Code Issues Proposed changes
10,411 Commits 5 Branches 86 Tags 199 MiB
Commit Graph

48 Commits

Author SHA1 Message Date
Michal Nasiadka e221ac8f27 Drop elasticsearch, kibana and logstash 
Support has been dropped in kolla-ansible, the upgrade path is opensearch.

Change-Id: I6f32aacb4e0b7dd1eb7206e02425b16f5beae4f0
 2022-12-06 15:57:51 +01:00
Radosław Piliszek 2daf4331a6 Fix writable rootwrap/privsep config 
Fixes a hypothetical security issue related to privilege escalation via
rootwrap/privsep. A potential vulnerable service could previously allow
writes to its rootwrap/privsep config and thus allow for more commands
to be run with root privileges via rootwrap/privsep. For a succesful
attack, this would also require the service to allow to run arbitrary
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
been reported and thus this fix is simply strengthening the container
images against such an issue in the future.

Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a
Closes-Bug: #1874298
 2022-10-10 15:06:05 +00:00
Marcin Juszkiewicz e21aeb5ae9 flatten images a bit 
As we have one type of images now some RUN calls could be merged so we
will have less layers in resulting images.

Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0
 2022-04-21 18:53:14 +00:00
Tim Shearer 1d96a2bbe1 Adjust permissions on _extend_start files. 
Explicitly set the permissions on the kolla-toolbox kolla_extend_start
file. Also, since all extend_start files are sourced rather than
executed, the executable bits are now cleared throughout the project.

Change-Id: I5c2deb4a2e33575d57c852089f856a9acc6818d0
 2022-04-11 17:22:24 +02:00
Marcin Juszkiewicz a1510870e8 drop infra_image_prefix 
We have one install_type only now so that infra stuff is not needed
anymore.

Change-Id: I60d50ba7699d46d001eaef365fb84b0ce8e9b262
 2022-04-11 06:22:21 +00:00
Marcin Juszkiewicz 976465c448 elasticsearch: install Java first on CentOS too 
elasticsearch-oss package fails to install if we install it with Java:

INFO:kolla.common.utils.elasticsearch:could not find java; set JAVA_HOME
INFO:kolla.common.utils.elasticsearch:error: %prein(elasticsearch-oss-0:6.8.23-1.noarch) scriptlet failed, exit status 1
INFO:kolla.common.utils.elasticsearch:Error in PREIN scriptlet in rpm package elasticsearch-oss

Backport down to ussuri needed.

Change-Id: I72d7920acd8d15941c8c57a4186186212b273a38
 2022-04-04 13:37:32 +02:00
Marcin Juszkiewicz d13c41b776 Upgrade pip and friends in source images (part 2) 
New pip has nice features for detection of conflicting
requirements.

When installing from PyPI, as we do in source images, running
the latest pip+setuptools+wheel is recommended.

This change covers entries missed in I4ae3a82cc796a60450c2a35beba32972964bc5d0

Change-Id: I0d69009b8b736b59b122ad29a9a5f6a22b041513
 2022-01-25 13:21:35 +00:00
Piotr Parczewski f31fbab84f Fix Elasticsearch Curator 
Newest elasticsearch python library required by Curator does no longer
work against the last OSS version of Elasticsearch (7.10.2). Pin it
to the last known working version.

Closes-Bug: #1941073
Change-Id: Ic8f0554c95c1903640c98a7831b829c1f88f49ff
 2021-08-31 13:01:00 +02:00
Marcin Juszkiewicz ffe08baa72 docker: do not install pip again in images 
We install pip in base image so why repeat?

Change-Id: Id903880b121d87d75b7b14084b0961b9ce99deba
 2021-01-25 16:43:18 +01:00
Marcin Juszkiewicz 7db2f10019 elasticsearch-curator: drop botocore workaround 
Curator got requirements sorted out upstream and builds fine now without
hack.

This reverts curator part of https://review.opendev.org/c/openstack/kolla/+/755339/

Change-Id: Iabe5b9684a7bf0e39a7dca824e6705b5069560bf
 2020-12-11 13:00:14 +00:00
Michal Nasiadka 34460d636e curator: Add wheel to elasticsearch-curator 
Change-Id: Idf980eedcd318b88101b3a82442b9b99838fd84c
 2020-11-04 16:25:56 +00:00
Mark Goddard 78351df2cc Switch to Victoria stable branches 
This includes switching to releases of independently released projects.

Projects missing stable branches:

* networking-ansible
* vmware-nsx
* vmware-nsxlib

Includes the following other change squashed to pass CI:

  elasticsearch-curator: install boto before curator

  We need to install older boto versions to get image built.

  Change https://review.opendev.org/759233

Change-Id: I6983b01daa6e577e3238f2823e6e7693d0a73c0a
Co-Authored-By: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
 2020-10-23 11:06:18 +02:00
Gaël THEROND (Fl1nt) b93c40a363 Improve pip install process for offline deployment. 
* "Use distribution-provided pip"
    * "Use python's pip module invocation method"
    * "Install pip earlier in order to avoid multiple installation"
    * "Remove pip_version variable requirement and call"

Change-Id: Id0e738044a1931f9d611a7281a48ea4a593f1cf1
Closes-bug: #1893204
 2020-09-17 13:50:15 +00:00
Marcin Juszkiewicz 90adc2b851 introduce 'infra_image_prefix' for infra images 
Defaults to 'image_prefix' for now but shows which images gets their
names changed soon.

Change-Id: I0608e8f62f28d6667b4c8753c47553e4cbf75503
 2020-07-09 23:31:42 +02:00
Sylvain Baubeau bfb7e41ed0 Upgrade Elasticsearch and Kibana to 6.x 
Start using oss tagged binaries. These binaries contain only features
that are available under the Apache 2.0 license.

Implements: blueprint elasticsearch-kibana-version-upgrade

Co-authored-by: Dincer Celik <hello@dincercelik.com>
Change-Id: I8b52b2630a72393bf4b9c7095fc67db6c36c27fa
 2020-04-09 18:03:49 +03:00
Michal Nasiadka 79c0dd49cb elasticsearch-curator: Add python3-wheel for Ubuntu 
Seems we have a broken python3 env on Ubuntu for building curator - adding
python3-wheel fixes the build issues.

Change-Id: I8f0017a22fa7b11d8c46f60008172081d7ba5bcf
 2020-03-13 16:03:33 +01:00
Christian Berendt 861f55fbfd Add block labels to all Dockerfiles 
Change-Id: I9692dda817ef134d647247431565e1b58cf9da41
 2020-03-01 17:25:58 +00:00
Marcin Juszkiewicz cf11cd6f3d Enable repos only when needed 
Disable external repositories by default and enable only when needed.

Depends-on: https://review.opendev.org/696480

Implements: blueprint repos-off-by-default

Change-Id: Icf2a8397a8349e0fe849d88d160409fd234480a9
 2019-11-29 11:38:06 +01:00
Doug Szumski 37de8920aa Add Elasticsearch Curator Docker image 
Kolla provides log aggregation, but no solution to set retention periods
for aggregated logs. It therefore accumulates log data indefinitely unless
a user manually intervenes. This change adds Elasticsearch Curator which
provides a mechanism for automating such retention periods [1].

[1] https://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html

The container contains cron to support running Curator periodically.

Change-Id: Ief2c554a64ef6cc971635d7e2a718f63c310fbf6
 2019-11-28 18:26:35 +00:00
Marcin Juszkiewicz 0383aaca7b There is no Java 8 in Debian 'buster' (part 3) 
Good to have proper Java version. Better is when JAVA_HOME is also
adjusted to point to proper directory. And to have it set proper way.

Change-Id: I0f83c3498028135751b0b887665d009e5e19410f
 2019-07-19 09:08:09 +00:00
Marcin Juszkiewicz ab679adcbf debian/ubuntu: introduce 'debian_arch' variable 
Many images have 'if x86_64 then amd64 elif aarch64 then arm64' check to
comply with Debian like architecture names in several projects.

This patch creates 'debian_arch' variable which can be used in all
Docker files (similar to 'base_arch' one).

All required images got converted to use it.

Change-Id: I9c5e6f13d6c9b24fe323408512bd5aef290111ad
 2019-02-19 11:24:45 +00:00
Alex Schultz ae1322ec10 Use base_package_type 
This change updates the docker files to use base_package_type instead
of doing specific distro checks for the rhel/deb generic cases. The
base_distro is still available and is used when a specific distro needs
a customization but if the differences are purely rpm vs deb, then the
base_package_type can be used.

Change-Id: I8d720bb185df65a0178061ccf20b1ab2265da2c5
 2019-01-17 08:23:41 -07:00
Zuul 2df9e4b365 Merge "Ensure JAVA_HOME env var contains architecture" 2018-07-18 09:53:19 +00:00
Doug Szumski e1e298dc95 Ensure JAVA_HOME env var contains architecture 
During the build of the Elasticsearch image, the Dockerfile sets an
env var specifying the architecture that the image is built for. This
change ensures that this env var is correctly used in the JAVA_HOME
directory.

Closes-Bug: 1780811

Change-Id: I3eeacabafcc3855165519a739792f0570fdfd5d8
 2018-07-16 09:16:32 +01:00
Martin André 11dcd27994 Switch to headless jre 
Prefer the headless JRE wherever possible. This may be becessary to
adjust the override files for the customization of the containers where
java is installed.

Change-Id: I3479ac9e74aa9e860cf01db20bd7ab5f5cfc9c1a
 2018-07-10 16:30:56 +02:00
zhulingjie 478805680d Fix the elasticsearch start failed 
elasticsearch start failed due to the version of JAVA

Change-Id: I73d9559a74799ece7963799787337d5717649453
Closes-Bug: #1773736
 2018-05-27 15:07:08 -04:00
Marcin Juszkiewicz 35040899e4 elasticsearch: enable for Debian 
Change-Id: Ife92f910ccf76fdef48f81e09e0abde0d09b9a1a
 2018-05-15 11:03:39 +00:00
Christian Berendt 682bfd2b4a Set ES_SKIP_SET_KERNEL_PARAMETERS in elasticsearch image 
On systemd-based distributions, the installation scripts will attempt to set
kernel parameters (e.g., vm.max_map_count); you can skip this by setting the
environment variable ES_SKIP_SET_KERNEL_PARAMETERS to true.

Change-Id: Ia0e103790bfbff078308acfe300fe66b7c50ebf5
 2017-09-29 11:32:23 +02:00
Steven Dake 4607ab5e53 Remove sudo operations that are no longer necessary 
set_configs.py has logic to handle chown of directories.  Simplify
the codebase by removing these unnessary chowns.  Further the chowns
cause some forms of NFS backed storage to not work properly.

Change-Id: I8df95d06b1010778deb3e2a3065aaab26ed2eb6a
Closes-Bug: #1693973
 2017-05-26 21:40:31 -07:00
Jawon Choo 31259fa595 Override image's meta info. 
centos based images have wrong label info,
these changes fix own image's name and build-date.

Change-Id: I1d13f8f386c8db12b5fbe5f8ecbbf9e3fbb4ba1c
Closes-Bug: #1680341
 2017-05-03 11:08:17 +09:00
Chen 8c463a47a9 Use LABEL instead of MAINTAINER (deprecated) in all Dockerfile.j2 
Use LABEL instruction instead of MAINTAINER (deprecated) instruc-
tion as suggested by Docker's official dockerfile guide.
docs.docker.com/engine/reference/builder/#maintainer-deprecated

Closes-Bug: #1683652

Change-Id: Ie87a1ddf31aefcd0b623fd2837d78de420e76898
 2017-04-20 16:50:05 +09:00
Marcin Juszkiewicz 69fef5cd59 debian: enable all images enabled for Ubuntu 
Debian support is not maintained in Kolla so it got a bit behind Ubuntu
one. This changeset enables Debian for all images. Jessie (even with
backports) may be too old for some images though.

Also unify distro check to ['debian', 'ubuntu'] to keep alphabetical order
like it is done for RPM distributions.

Partially-Implements: blueprint multiarch-and-arm64-containers

Change-Id: I056233fbfa277e0e2360c07c3f80d9558c554357
 2017-04-04 22:48:18 +02:00
Eduardo Gonzalez 623e54da37 Alphabetize packages 
Some images have packages sorted alphabetically and some not.
Unify common style between all images.

Change-Id: I906ed89c10b12886665618752f525ba71d83d991
 2017-03-28 16:45:16 +01:00
Jeffrey Zhang e5903d5fa9 Remove include_header and include_footer in all Dockerfiles 
include_header and include_footer parameter is already removed, remove
them in all Dockerfiles.
Add missing footer block.

Change-Id: I90da03eb9f95a3827361d5f5ede65fde7d6be2b3
 2017-02-05 10:44:48 +08:00
Sam Yaple 58eee09c15 use static uid/gid in images 
This centralizes all user and group creation into a single source. This
will fix any current and furture uid/gid mismatches (such as with
nova-libvirt).

In the process, we also unify users between the distros in a standard
way. The users in the following containers change from thier defaults:

Ubuntu: _chrony user is now chrony
Ubuntu: memcache user is now memcached
All: qemu user is used for ownership and socket permissions

All uid and gid numbers are customizable via kolla-build.conf

Co-Authored-By: Kris Lindgren <klindgren@godaddy.com>
Change-Id: I120f26ab0683dc87d69727c3df8d4707e52a4543
Partially-Implements: blueprint static-uid-gid
 2017-01-17 09:02:21 -03:00
Christian Berendt 5cd30d4914 Remove Fedora support 
Closes-bug: #1616387
Change-Id: Id97f88b9baa3d48d33ce120962450a374282d044
 2016-11-03 10:50:22 +01:00
Jenkins 982f6ff442 Merge "Merge run commands in elasticsearch container" 2016-10-17 18:35:52 +00:00
Christian Berendt 4223fdfbeb Fix log directory of Elasticsearch 
Logs should be stored in /var/log/kolla/elasticsearch.

Change-Id: If3ba4ec6ce2dbe9859ca604f0ee2df7fc4d15bd9
Closes-bug: #1634046
 2016-10-17 11:34:31 +02:00
Christian Berendt 5668427b4b Merge run commands in elasticsearch container 
TrivialFix

Change-Id: Ie7d090ad4665a3549a8072eed30ab1b820354c83
 2016-10-17 10:54:47 +02:00
Paul Bourke b41247c656 Add header blocks to all Dockerfiles 
Change needed to add header blocks to all Dockerfiles, similar to the
base.

Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.

Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
 2016-09-13 16:53:31 +01:00
Jeffrey Zhang 04d6736e89 Pin to Ubuntu 16.04 
Upgrade Ubuntu base image to Xenial

Closes-Bug: #1593599
Change-Id: I5832a729a9a4fa73c02442047c92ba088ce20db3
 2016-08-20 22:30:28 +08:00
Jeffrey Zhang f2a2b69c6a Remove the RUN directive for macros.install_packages in the Dockerfile 
TrivialFix

Change-Id: Ib2474257554e0b294bc39a658108326fcbbdbe58
 2016-08-20 13:35:09 +08:00
Shaun Smekel cecfaaf5fa Customizations for Elasticsearch 
This patchset contains customization of Dockerfile of the
Elasticsearch container.

Change-Id: Icd38897b3a7ce02ab934fea6ad88cc3381546d5e
Partially-implements: blueprint third-party-plugin-support
 2016-08-12 14:29:36 +10:00
Jeffrey Zhang 3f79e37d21 Fix the overwrite sudoers file issue 
Change-Id: I4b109f7fdc3b8e49defed26979b04ca158842e98
Closes-Bug: #1598423
 2016-07-05 05:49:13 +00:00
Swapnil Kulkarni (coolsvap) 435b21b90d Update ubuntu dockerfiles for formatting 
Change-Id: If4be00b937e14ec93443dcb7249cf17099d57cbe
Closes-Bug: #1569417
 2016-05-26 04:09:22 +00:00
Mauricio Lima 2c34214388 Remove unecessary blank lines 
TrivialFix

Change-Id: I1f03d428c380dfdbde5ef33e7ea43cbf5e9154ce
 2016-05-02 07:44:29 -04:00
Vikram Hosakote ec3baf0428 Install Elasticsearch and Kibana packages using yum/apt-get 
Test results of this patch set are at
http://paste.openstack.org/show/490450/.

Change-Id: I2957cc70fcca34706ec50a630d785f0630c3f5c0
Closes-Bug: #1553203
 2016-03-18 04:05:30 +00:00
akwasniewska 792666dd79 Added Elasticearch and its deployment. 
Part of ELK stack. Includes Dockerfiles for both Centos and Ubuntu.

Change-Id: I9f76adf084cd4f68e29326112b76ffd02b5adada
Partially-implements: blueprint central-logging-service
 2016-02-13 07:53:24 +00:00