Use common scripts

centos/Dockerfile

@@ -0,0 +1,27 @@
+FROM centos:7
+
+ENV PROJECT=neutron
+ARG DOCKER_REPO=yaodu/openstack-requirements
+ARG DOCKER_TAG=centos
+ARG WHEELS
+ARG GIT_REPO=https://github.com/openstack/${PROJECT}
+ARG GIT_REF
+ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
+ARG SCRIPTS=https://github.com/yaodu/common/archive/0.1.2.tar.gz
+
+RUN set -x \
+    && yum install --setopt=tsflags=nodocs -y python curl \
+    && curl -sSL $SCRIPTS | tar xz -C /tmp/ --strip-components=2 \
+    && /tmp/download.sh $DOCKER_REPO $DOCKER_TAG $WHEELS \
+    && /tmp/install.sh $PROJECT $GIT_REPO $GIT_REF_REPO $GIT_REF \
+    && yum install --setopt=tsflags=nodocs -y  \
+        bridge-utils \
+        conntrack-tools \
+        dnsmasq \
+        dnsmasq-utils \
+        ebtables \
+        ipset \
+        keepalived \
+        openvswitch \
+        uuid \
+    && /tmp/cleanup.sh

debian/Dockerfile

@@ -0,0 +1,31 @@
+FROM debian:jessie-slim
+
+ENV PROJECT=neutron
+ARG DOCKER_REPO=yaodu/openstack-requirements
+ARG DOCKER_TAG=latest
+ARG WHEELS
+ARG GIT_REPO=https://github.com/openstack/${PROJECT}
+ARG GIT_REF
+ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
+ARG SCRIPTS=https://github.com/yaodu/common/archive/0.1.2.tar.gz
+
+RUN set -x \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends python ca-certificates curl \
+    && curl -sSL $SCRIPTS | tar xz -C /tmp/ --strip-components=2 \
+    && /tmp/download.sh $DOCKER_REPO $DOCKER_TAG $WHEELS \
+    && /tmp/install.sh $PROJECT $GIT_REPO $GIT_REF_REPO $GIT_REF \
+    && apt-get install -y --no-install-recommends \
+        bridge-utils \
+        conntrack \
+        dnsmasq \
+        dnsmasq-utils \
+        ebtables \
+        iproute2 \
+        ipset \
+        iptables \
+        iputils-arping \
+        keepalived \
+        openvswitch-switch \
+        uuid-runtime \
+    && /tmp/cleanup.sh

dockerfiles/Dockerfile-centos

@@ -1,80 +0,0 @@
-FROM centos:7
-
-ENV PROJECT=neutron \
-    OPENSTACK_RPMS_VERSION=newton
-ARG DOCKER_REPO=yaodu/openstack-requirements
-ARG DOCKER_TAG=centos
-ARG WHEELS
-ARG GIT_REPO=https://github.com/openstack/${PROJECT}
-ARG GIT_REF
-ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
-
-RUN set -x \
-    # NOTE(Pete Birley): CentOS-OpenStack repo is only used for openvswitch
-    && curl -L https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/${OPENSTACK_RPMS_VERSION}-rdo/CentOS-OpenStack.repo > /etc/yum.repos.d/CentOS-OpenStack.repo \
-    && sed -i "s/OPENSTACK_VERSION/${OPENSTACK_RPMS_VERSION}/g" /etc/yum.repos.d/CentOS-OpenStack.repo \
-    && sed -i "/\[centos-openstack-${OPENSTACK_RPMS_VERSION}\]/s/.*/&\nincludepkgs=*openvswitch*/" /etc/yum.repos.d/CentOS-OpenStack.repo \
-    && curl -L https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/newton-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud > /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud \
-    && yum install --setopt=tsflags=nodocs -y  \
-# Project specific packages start
-        bridge-utils \
-        conntrack-tools \
-        dnsmasq \
-        dnsmasq-utils \
-        ebtables \
-        ipset \
-        keepalived \
-        sudo \
-        openvswitch \
-        python \
-        uuid \
-# Project specific packages end
-    && yum install --setopt=tsflags=nodocs -y git \
-# common install start
-    && if [ -n "$WHEELS" ]; then \
-        curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
-       else \
-        TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
-                    python -c "import sys, json; print json.load(sys.stdin)['token']") \
-        && BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
-                    python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
-        && curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
-       fi \
-    && git clone ${GIT_REPO} /tmp/${PROJECT} \
-    && if [ -n "$GIT_REF" ]; then \
-        git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
-        && git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
-       fi \
-    && mkdir /tmp/packages \
-    && tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
-    && curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
-    && python get-pip.py \
-    && rm get-pip.py \
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
-    && groupadd -g 42424 ${PROJECT} \
-    && useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
-    && mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
-    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
-# common install end
-# Project specific command block start
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
-# Setup config file structure
-    && ( cd /tmp/${PROJECT} && ./tools/generate_config_file_samples.sh ) \
-    && mv /tmp/${PROJECT}/etc/neutron.conf.sample /tmp/${PROJECT}/etc/neutron.conf \
-    && mv /tmp/${PROJECT}/etc/neutron/* /tmp/${PROJECT}/etc/ \
-    && rm -rf /tmp/${PROJECT}/etc/neutron /tmp/${PROJECT}/etc/oslo-config-generator \
-    && cp -rfv /tmp/${PROJECT}/etc/* /etc/${PROJECT}/ \
-    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
-    && mkdir -p /usr/share/neutron/rootwrap \
-    && chown -R root:root /etc/${PROJECT}/policy.json /etc/${PROJECT}/rootwrap.conf /etc/neutron/rootwrap.d /usr/share/neutron/rootwrap \
-# Setup Neutron RootWrap & sudo
-    && chmod 0640 /etc/sudoers \
-    && echo "neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon" >> /etc/sudoers \
-    && echo "Defaults!/usr/bin/neutron-rootwrap-daemon !requiretty" >> /etc/sudoers \
-    && chmod 0440 /etc/sudoers \
-# Project specific command block end
-    && yum history -y undo $(yum history list git | tail -2 | head -1 | awk '{ print $1}') \
-    && yum clean all \
-    && rm -rf /tmp/* /root/.cache \
-    && pip uninstall pip wheel -y \
-    && find / -type f -name "*.pyc" -delete

dockerfiles/Dockerfile-debian

@@ -1,78 +0,0 @@
-FROM debian:jessie
-
-ENV PROJECT=neutron
-ARG DOCKER_REPO=yaodu/openstack-requirements
-ARG DOCKER_TAG=latest
-ARG WHEELS
-ARG GIT_REPO=https://github.com/openstack/${PROJECT}
-ARG GIT_REF
-ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
-
-RUN set -x \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends \
-# Project specific packages start
-        bridge-utils \
-        conntrack \
-        dnsmasq \
-        dnsmasq-utils \
-        ebtables \
-        iproute2 \
-        ipset \
-        iptables \
-        iputils-arping \
-        keepalived \
-        sudo \
-        openvswitch-switch \
-        python \
-        uuid-runtime \
-# Project specific packages end
-    && apt-get install -y --no-install-recommends ca-certificates curl git \
-# common install start
-    && if [ -n "$WHEELS" ]; then \
-        curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
-       else \
-        TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
-                    python -c "import sys, json; print json.load(sys.stdin)['token']") \
-        && BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
-                    python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
-        && curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
-       fi \
-    && git clone ${GIT_REPO} /tmp/${PROJECT} \
-    && if [ -n "$GIT_REF" ]; then \
-        git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
-        && git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
-       fi \
-    && mkdir /tmp/packages \
-    && tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
-    && curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
-    && python get-pip.py \
-    && rm get-pip.py \
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
-    && groupadd -g 42424 ${PROJECT} \
-    && useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
-    && mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
-    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
-# common install end
-# Project specific command block start
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
-# Setup config file structure
-    && ( cd /tmp/${PROJECT} && ./tools/generate_config_file_samples.sh ) \
-    && mv /tmp/${PROJECT}/etc/neutron.conf.sample /tmp/${PROJECT}/etc/neutron.conf \
-    && mv /tmp/${PROJECT}/etc/neutron/* /tmp/${PROJECT}/etc/ \
-    && rm -rf /tmp/${PROJECT}/etc/neutron /tmp/${PROJECT}/etc/oslo-config-generator \
-    && cp -rfv /tmp/${PROJECT}/etc/* /etc/${PROJECT}/ \
-    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
-    && mkdir -p /usr/share/neutron/rootwrap \
-    && chown -R root:root /etc/${PROJECT}/policy.json /etc/${PROJECT}/rootwrap.conf /etc/neutron/rootwrap.d /usr/share/neutron/rootwrap \
-# Setup Neutron RootWrap & sudo
-    && ln -s /virtualenv/bin/neutron-rootwrap-daemon /usr/bin/neutron-rootwrap-daemon \
-    && chmod 0640 /etc/sudoers \
-    && echo "neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon" >> /etc/sudoers \
-    && echo "Defaults!/usr/bin/neutron-rootwrap-daemon !requiretty" >> /etc/sudoers \
-    && chmod 0440 /etc/sudoers \
-# Project specific command block end
-    && apt-get purge -y --auto-remove ca-certificates curl git \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
-    && pip uninstall pip wheel -y \
-    && find / -type f -name "*.pyc" -delete

dockerfiles/Dockerfile-ubuntu

@@ -1,78 +0,0 @@
-FROM ubuntu:xenial
-
-ENV PROJECT=neutron
-ARG DOCKER_REPO=yaodu/openstack-requirements
-ARG DOCKER_TAG=ubuntu
-ARG WHEELS
-ARG GIT_REPO=https://github.com/openstack/${PROJECT}
-ARG GIT_REF
-ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
-
-RUN set -x \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends \
-# Project specific packages start
-        bridge-utils \
-        conntrack \
-        dnsmasq \
-        dnsmasq-utils \
-        ebtables \
-        iproute2 \
-        ipset \
-        iptables \
-        iputils-arping \
-        keepalived \
-        sudo \
-        openvswitch-switch \
-        python \
-        uuid-runtime \
-# Project specific packages end
-    && apt-get install -y --no-install-recommends ca-certificates curl git \
-# common install start
-    && if [ -n "$WHEELS" ]; then \
-        curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \
-       else \
-        TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \
-                    python -c "import sys, json; print json.load(sys.stdin)['token']") \
-        && BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \
-                    python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \
-        && curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \
-       fi \
-    && git clone ${GIT_REPO} /tmp/${PROJECT} \
-    && if [ -n "$GIT_REF" ]; then \
-        git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \
-        && git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \
-       fi \
-    && mkdir /tmp/packages \
-    && tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \
-    && curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
-    && python get-pip.py \
-    && rm get-pip.py \
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \
-    && groupadd -g 42424 ${PROJECT} \
-    && useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \
-    && mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
-    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
-# common install end
-# Project specific command block start
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
-# Setup config file structure
-    && ( cd /tmp/${PROJECT} && ./tools/generate_config_file_samples.sh ) \
-    && mv /tmp/${PROJECT}/etc/neutron.conf.sample /tmp/${PROJECT}/etc/neutron.conf \
-    && mv /tmp/${PROJECT}/etc/neutron/* /tmp/${PROJECT}/etc/ \
-    && rm -rf /tmp/${PROJECT}/etc/neutron /tmp/${PROJECT}/etc/oslo-config-generator \
-    && cp -rfv /tmp/${PROJECT}/etc/* /etc/${PROJECT}/ \
-    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
-    && mkdir -p /usr/share/neutron/rootwrap \
-    && chown -R root:root /etc/${PROJECT}/policy.json /etc/${PROJECT}/rootwrap.conf /etc/neutron/rootwrap.d /usr/share/neutron/rootwrap \
-# Setup Neutron RootWrap & sudo
-    && ln -s /virtualenv/bin/neutron-rootwrap-daemon /usr/bin/neutron-rootwrap-daemon \
-    && chmod 0640 /etc/sudoers \
-    && echo "neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon" >> /etc/sudoers \
-    && echo "Defaults!/usr/bin/neutron-rootwrap-daemon !requiretty" >> /etc/sudoers \
-    && chmod 0440 /etc/sudoers \
-# Project specific command block end
-    && apt-get purge -y --auto-remove ca-certificates curl git \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
-    && pip uninstall pip wheel -y \
-    && find / -type f -name "*.pyc" -delete

ubuntu/Dockerfile

@@ -0,0 +1,31 @@
+FROM ubuntu:xenial
+
+ENV PROJECT=neutron
+ARG DOCKER_REPO=yaodu/openstack-requirements
+ARG DOCKER_TAG=ubuntu
+ARG WHEELS
+ARG GIT_REPO=https://github.com/openstack/${PROJECT}
+ARG GIT_REF
+ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT}
+ARG SCRIPTS=https://github.com/yaodu/common/archive/0.1.2.tar.gz
+
+RUN set -x \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends python ca-certificates curl \
+    && curl -sSL $SCRIPTS | tar xz -C /tmp/ --strip-components=2 \
+    && /tmp/download.sh $DOCKER_REPO $DOCKER_TAG $WHEELS \
+    && /tmp/install.sh $PROJECT $GIT_REPO $GIT_REF_REPO $GIT_REF \
+    && apt-get install -y --no-install-recommends \
+        bridge-utils \
+        conntrack \
+        dnsmasq \
+        dnsmasq-utils \
+        ebtables \
+        iproute2 \
+        ipset \
+        iptables \
+        iputils-arping \
+        keepalived \
+        openvswitch-switch \
+        uuid-runtime \
+    && /tmp/cleanup.sh