Initial Commit of Heat Containers (#1)

* Initial Commit of Heat Containers

* Update policy.json permissions

* Update Heat initial commit to new layout

* Fix CentOS package cleanup
This commit is contained in:
Pete Birley 2017-01-12 00:18:28 +00:00 committed by Sam Yaple
parent 7e3b001f06
commit 1b3b26387f
5 changed files with 260 additions and 1 deletions

View File

@ -1 +1,51 @@
# docker-heat
# OpenStack yaodu/heat
[![Docker Automated](https://img.shields.io/docker/automated/yaodu/heat.svg)](https://hub.docker.com/r/yaodu/heat/)
Yaodu/heat is a set of Dockerfiles that builds lightweight deployment agnostic images for OpenStack Heat.
Images are built in the Docker Hub automatically on each push to the master branch to provide a continuously updated set of images based on a number of distributions. Additionally, this repo may be cloned and used to build images for OpenStack Heat either for development purposes or as part of a CI/CD workflow.
## Building locally
It's really easy to build images locally for the distro of your choice. To clone the repo and build run the following:
``` bash
$ git clone https://github.com/yaodu/docker-heat.git
$ cd ./docker-heat
$ docker build dockerfiles \
--file dockerfiles/Dockerfile-debian \
--tag yaodu/heat:latest
```
You can, of course, substitute `debian` with your distro of choice.
For more advanced building you can use docker build arguments to define:
* The git repo containing the OpenStack project the container should contain, `GIT_REPO`
* The git ref the container should use when building, `GIT_REF`
* The git repo the container should use when building from a git ref, `GIT_REF_REPO`
* The docker image name to use for the base requirements python wheels, `DOCKER_REPO`
* The docker image tag to use for the base requirements python wheels, `DOCKER_TAG`
* If present, rather than using a docker image containing OpenStack requirements a tarball will be used from the defined URL, `WHEELS`
This makes it really easy to integrate Yaodu images into your development or CI/CD workflow, for example, if you wanted to build an image from [this PS](https://review.openstack.org/#/c/213731/4) you could run:
``` bash
$ docker build dockerfiles \
--file dockerfiles/Dockerfile-ubuntu \
--tag mydockernamespace/heat-testing:213731-4 \
--build-arg GIT_REPO=http://git.openstack.org/openstack/heat.git \
--build-arg GIT_REF_REPO=http://git.openstack.org/openstack/heat.git \
--build-arg GIT_REF=refs/changes/31/213731/4
```
## Customizing
The images should contain all the required assets for running the service. But if you wish or need to customize the `yaodu/heat` image that's great! We hope to have built the images to make this as easy and flexible as possible. To do this we recommend that you perform any required customisation in a child image using a pattern similar to:
``` Dockerfile
FROM yaodu/heat:latest
MAINTAINER you@example.com
RUN set -x \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
your-awesome-binary-package \
&& rm -rf /var/lib/apt/lists/*
```

View File

@ -0,0 +1,56 @@
FROM centos:7
ENV PATH=/virtualenv/bin:${PATH} \
PROJECT=heat
ARG DOCKER_REPO=yaodu/openstack-requirements
ARG DOCKER_TAG=centos
ARG WHEELS
ARG GIT_REPO=https://github.com/openstack/${PROJECT}
ARG GIT_REF
ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
RUN set -x \
&& yum install --setopt=tsflags=nodocs -y \
# Project specific packages start
python \
# Project specific packages end
&& yum install --setopt=tsflags=nodocs -y git \
# common install start
&& if [ -n "$WHEELS" ]; then \
curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
else \
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
python -c "import sys, json; print json.load(sys.stdin)['token']") \
&& BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
&& curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
fi \
&& git clone ${GIT_REPO} /tmp/${PROJECT} \
&& if [ -n "$GIT_REF" ]; then \
git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
&& git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
fi \
&& mkdir /tmp/packages \
&& tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
&& curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
&& python get-pip.py \
&& rm get-pip.py \
&& pip install virtualenv \
&& virtualenv /virtualenv \
&& hash -r \
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
&& groupadd -g 42424 ${PROJECT} \
&& useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
&& mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
# common install end
# Project specific command block start
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
&& cp -rfv /tmp/${PROJECT}/etc/heat/* /etc/${PROJECT}/ \
&& chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
&& chown root:root /etc/${PROJECT}/policy.json \
# Project specific command block end
&& yum history -y undo $(yum history list git | tail -2 | head -1 | awk '{ print $1}') \
&& yum clean all \
&& rm -rf /tmp/* /root/.cache \
&& find / -type f \( -name "*.pyc" -o -name "pip" -o -name "easy_install" -o -name "wheel" \) -delete

View File

@ -0,0 +1,56 @@
FROM debian:jessie
ENV PATH=/virtualenv/bin:${PATH} \
PROJECT=heat
ARG DOCKER_REPO=yaodu/openstack-requirements
ARG DOCKER_TAG=latest
ARG WHEELS
ARG GIT_REPO=https://github.com/openstack/${PROJECT}
ARG GIT_REF
ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
RUN set -x \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
# Project specific packages start
python \
# Project specific packages end
&& apt-get install -y --no-install-recommends ca-certificates curl git \
# common install start
&& if [ -n "$WHEELS" ]; then \
curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
else \
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
python -c "import sys, json; print json.load(sys.stdin)['token']") \
&& BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
&& curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
fi \
&& git clone ${GIT_REPO} /tmp/${PROJECT} \
&& if [ -n "$GIT_REF" ]; then \
git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
&& git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
fi \
&& mkdir /tmp/packages \
&& tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
&& curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
&& python get-pip.py \
&& rm get-pip.py \
&& pip install virtualenv \
&& virtualenv /virtualenv \
&& hash -r \
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
&& groupadd -g 42424 ${PROJECT} \
&& useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
&& mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
# common install end
# Project specific command block start
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
&& cp -rfv /tmp/${PROJECT}/etc/heat/* /etc/${PROJECT}/ \
&& chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
&& chown root:root /etc/${PROJECT}/policy.json \
# Project specific command block end
&& apt-get purge -y --auto-remove ca-certificates curl git \
&& rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
&& find / -type f \( -name "*.pyc" -o -name "pip" -o -name "easy_install" -o -name "wheel" \) -delete

View File

@ -0,0 +1,56 @@
FROM ubuntu:xenial
ENV PATH=/virtualenv/bin:${PATH} \
PROJECT=heat
ARG DOCKER_REPO=yaodu/openstack-requirements
ARG DOCKER_TAG=ubuntu
ARG WHEELS
ARG GIT_REPO=https://github.com/openstack/${PROJECT}
ARG GIT_REF
ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
RUN set -x \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
# Project specific packages start
python \
# Project specific packages end
&& apt-get install -y --no-install-recommends ca-certificates curl git \
# common install start
&& if [ -n "$WHEELS" ]; then \
curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
else \
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
python -c "import sys, json; print json.load(sys.stdin)['token']") \
&& BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
&& curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
fi \
&& git clone ${GIT_REPO} /tmp/${PROJECT} \
&& if [ -n "$GIT_REF" ]; then \
git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
&& git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
fi \
&& mkdir /tmp/packages \
&& tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
&& curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
&& python get-pip.py \
&& rm get-pip.py \
&& pip install virtualenv \
&& virtualenv /virtualenv \
&& hash -r \
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
&& groupadd -g 42424 ${PROJECT} \
&& useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
&& mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
# common install end
# Project specific command block start
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
&& cp -rfv /tmp/${PROJECT}/etc/heat/* /etc/${PROJECT}/ \
&& chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
&& chown root:root /etc/${PROJECT}/policy.json \
# Project specific command block end
&& apt-get purge -y --auto-remove ca-certificates curl git \
&& rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
&& find / -type f \( -name "*.pyc" -o -name "pip" -o -name "easy_install" -o -name "wheel" \) -delete

41
update.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/bash
set -x
set -e
set -u
COMMON_INSTALL=$(cat <<'END_HEREDOC'
# common install start
&& if [ -n "$WHEELS" ]; then \\\n\
curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \\\n\
else \\\n\
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \\\n\
python -c "import sys, json; print json.load(sys.stdin)['token']") \\\n\
&& BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \\\n\
python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \\\n\
&& curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \\\n\
fi \\\n\
&& git clone ${GIT_REPO} /tmp/${PROJECT} \\\n\
&& if [ -n "$GIT_REF" ]; then \\\n\
git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \\\n\
&& git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \\\n\
fi \\\n\
&& mkdir /tmp/packages \\\n\
&& tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \\\n\
&& curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \\\n\
&& python get-pip.py \\\n\
&& rm get-pip.py \\\n\
&& pip install virtualenv \\\n\
&& virtualenv /virtualenv \\\n\
&& hash -r \\\n\
&& pip install --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \\\n\
&& groupadd -g 42424 ${PROJECT} \\\n\
&& useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \\\n\
&& mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \\\n\
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \\\
END_HEREDOC
)
for repo in $(ls dockerfiles/Dockerfile-*); do
awk -i inplace -v install="${COMMON_INSTALL}" 'BEGIN {p=1} /^# common install start/ {print install; p=0} /^# common install end/ {p=1} p' ${repo}
done