This code was valid for centos:8 and centos:stream8, but is not required
for centos:stream9 or rockylinux:9 which do not include this file.
Change-Id: I50f78d73afe0944dd91998ab9799fa2f36cc46a3
This patch is adding "API layer" to letsencrypt
images which is represented by set of scripts inside.
This scripts are called by kolla-ansible orchestration.
Change-Id: I61b70fb4e12ba03b96e79004e735d2ead0f52319
Replaces Certbot with Lego for certificate retrieval and renewal.
Lego includes support for DNS ACME Challenges.
Adds ssh-client to LetsEncrypt and ssh-server to HAProxy to allow both
the transfer of Let's Encrypt certificates to the HAProxy container and
to enable live updating of HAProxy certifices using the HAProxy API
exposed on the local HAProxy socket.
Implements: blueprint letsencrypt-https
Change-Id: I737e1ce5bfc37d0703879c8272a9e915084c5ca6
As we have one type of images now some RUN calls could be merged so we
will have less layers in resulting images.
Change-Id: I5178c58fbd8c65efe825dc249c0f1368ef0fe8e0
For CentOS nfv-extras repository will be used, for Ubuntu - a PPA
maintained by Vincent Bernat (Debian developer and package maintainer)..
Debian Bullseye already uses 2.2.
Change-Id: I7cd753cf66b492c75a185e365cf988cabb9c0142
Commit 109706aa8b bumped 'system' users
beyond range used by Kolla. So Debian/Ubuntu does not complain that
system users created by packages exist already on package install.
Change-Id: I9bf4b240839d46088ac668f26cf065dd5e3775c2
This change updates the docker files to use base_package_type instead
of doing specific distro checks for the rhel/deb generic cases. The
base_distro is still available and is used when a specific distro needs
a customization but if the differences are purely rpm vs deb, then the
base_package_type can be used.
Change-Id: I8d720bb185df65a0178061ccf20b1ab2265da2c5
centos based images have wrong label info,
these changes fix own image's name and build-date.
Change-Id: I1d13f8f386c8db12b5fbe5f8ecbbf9e3fbb4ba1c
Closes-Bug: #1680341
Use LABEL instruction instead of MAINTAINER (deprecated) instruc-
tion as suggested by Docker's official dockerfile guide.
docs.docker.com/engine/reference/builder/#maintainer-deprecated
Closes-Bug: #1683652
Change-Id: Ie87a1ddf31aefcd0b623fd2837d78de420e76898
Debian support is not maintained in Kolla so it got a bit behind Ubuntu
one. This changeset enables Debian for all images. Jessie (even with
backports) may be too old for some images though.
Also unify distro check to ['debian', 'ubuntu'] to keep alphabetical order
like it is done for RPM distributions.
Partially-Implements: blueprint multiarch-and-arm64-containers
Change-Id: I056233fbfa277e0e2360c07c3f80d9558c554357
include_header and include_footer parameter is already removed, remove
them in all Dockerfiles.
Add missing footer block.
Change-Id: I90da03eb9f95a3827361d5f5ede65fde7d6be2b3
This centralizes all user and group creation into a single source. This
will fix any current and furture uid/gid mismatches (such as with
nova-libvirt).
In the process, we also unify users between the distros in a standard
way. The users in the following containers change from thier defaults:
Ubuntu: _chrony user is now chrony
Ubuntu: memcache user is now memcached
All: qemu user is used for ownership and socket permissions
All uid and gid numbers are customizable via kolla-build.conf
Co-Authored-By: Kris Lindgren <klindgren@godaddy.com>
Change-Id: I120f26ab0683dc87d69727c3df8d4707e52a4543
Partially-Implements: blueprint static-uid-gid
Change needed to add header blocks to all Dockerfiles, similar to the
base.
Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.
Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
Currently if the install_packages macro is run with an empty
package list, it will add a yum or apt-get command with no
packages listed.
This bug fix aims to omit this line when no packages have
been given, or, the operator wants to use the "_override" /
"_remove" functionality to disable all packages being
installed in a Dockerfile.
Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Change-Id: Ifaaaebfccc3adb0f2f68a35ac08e59378bc87fdb
Closes-bug: 1612446
It's impossible to drop root for the HAProxy container.
But HAProxy provides a possibility to use a chroot jail.
When attaching to the HAProxy container, we see that
the root directory is changed:
$ sudo docker exec -ti haproxy bash
(haproxy)[root@operator /]# ls -di /
259 /
Co-Authored-By: Vikram Hosakote <vhosakot@cisco.com>
Closes-Bug: #1552289
Change-Id: I9d55e9b741b8560cac53dc8b837a24a3029a4dc0
haproxy-system-wrapper is a solution for systemd from upstream. it can
handle the reload graceful.
Change-Id: I6a3d141af065e429bd1be1b7252f5c6df1fda3bb
Closes-Bug: #1559238
The time period between getting pid
of haproxy service and checking existance of
pid file is very short, if with in this period
haproxy service get reload then the race condition
occured and container get exit as extend_start.sh
script exit.
To minimize the risk of race condition, this patch
let the extend_start.sh script to try upto 3 times
before exit.
Closes-Bug: #1479888
Change-Id: I2f9b7ec832dec8d94a2cdd27ca8a212d0c65a60d
Bug #1549753 raises false alarm about haproxy to the operator and
monitoring tools even though haproxy is running fine and there is
no issue.
haproxy uses UDP datagram socket for logging and the default queue
length of 10 datagrams causes false alert messages in haproxy
logs. This patch set fixes this bug by increasing the queue length
to 128.
Test results of the fix in this patch set are at
http://paste.openstack.org/show/490302/.
Change-Id: I64fdd17cd278d51616aa0dfa4e8d2a422c8ee630
Closes-Bug: #1549753
cloud-archive contains at least version 1.5 of haproxy and that is
new enough for ssl offloading.
TrivialFix
Change-Id: Ib306e54b455430fdc9be896e8d14784ef1feb011
This brings Kolla images inline with FHS and should make finding
locations of things more consistent and reliable with the linux world
at large.
Change-Id: Iece5b4da4bace0fb8b1f41a65ab2c852ec73e6f8
Closes-Bug: #1485742
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.
The start.sh is moved into /usr/local/bin/kolla_start in the container
The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.
Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.
Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.
Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295
This prepares for the RHEL OSP implementation by making the build
tool convert all binary-* into an install_type of binary and * into
an install_metatype variable substitution inside the Dockerfiles.
Further binary-* is substituted as install_name to enable proper
building only.
Change-Id: Ib681b29176eb79a3cab12ec824313fdecb6e7a5f
Partially-Implements: blueprint rhel-based-image-support
I removed the files but not the COPY commands thus breaking all of
Kolla
Change-Id: I37d3e0cb94a1ecc12971f485f953310ba8fee53c
Partially-Implements: blueprint replace-config-external
Removes config-external for all services that have been replaced in
Ansible
Change-Id: I839a14418638b977fbc1d02ba6839811b0f909ea
Partially-Implements: blueprint replace-config-external
Add 'rhel' to list for RPM based distros. Also sort the distro
list for rpm packages for affected lines.
Change-Id: Ied4cb3e9763d6c6359f314d16185383ac3e006ed
Partially-Implements: blueprint rhel-based-image-support
This creates and moves the dependencies for Ubuntu into a common
openstack-base container. This commit shows dramatically smaller
sizes for all non-openstack containers. The Openstack container remain
the same size.
Change-Id: I2f46420d4b9edcfddda374caddcce906fc708f6c
Partially-Implements: blueprint openstack-common-container
Updated build.py to reflect this change.
Deprecate --template option and make it a noop.
Change-Id: I7cd98d1ee684a4c64984a49597159868152683b2
Partially-Implements: blueprint remove-docker-dir
Piotr Parczewski