Add Apache2 and Sudo (#2)

* Add Apache2 and Sudo * Policy.json is not supplied with Nova Source so remove command to set ownership
2017-01-16 22:05:36 +00:00 · 2017-01-16 22:05:36 +00:00 · f8ff6590c7
parent 83f3a7e545
commit f8ff6590c7
3 changed files with 66 additions and 3 deletions
--- a/dockerfiles/Dockerfile-centos
+++ b/dockerfiles/Dockerfile-centos
@ -12,6 +12,10 @@ RUN set -x \
    && yum install --setopt=tsflags=nodocs -y  \
 # Project specific packages start
        python \
+        httpd \
+        mod_ssl \
+        mod_wsgi \
+        sudo \
 # Project specific packages end
    && yum install --setopt=tsflags=nodocs -y git \
 # common install start
@ -41,9 +45,32 @@ RUN set -x \
    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
 # common install end
 # Project specific command block start
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
+    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt \
+        python-memcached \
+        pymysql \
+    && cp -rfv /tmp/${PROJECT}/etc//${PROJECT}/* /etc/${PROJECT}/ \
+    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
+    && mkdir -p /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
+    && chown -R root:root /etc/${PROJECT}/rootwrap.conf /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
+# Setup Nova RootWrap & sudo
+    && chmod 0640 /etc/sudoers \
+    && echo "${PROJECT} ALL = (root) NOPASSWD: /usr/local/bin/${PROJECT}-rootwrap-daemon /usr/local/bin/${PROJECT}-rootwrap" >> /etc/sudoers \
+    && echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap-daemon !requiretty" >> /etc/sudoers \
+    && echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap !requiretty" >> /etc/sudoers \
+    && chmod 0440 /etc/sudoers \
+# Disable default apache config:
+    && sed -i 's/^Listen 80/#Listen 80/' /etc/httpd/conf/httpd.conf \
+    && rm /etc/httpd/conf.d/* \
+# Provide compatibility with ubuntu/debian apache:
+    && ln -s /usr/sbin/httpd /usr/sbin/apache2 \
+    && mkdir -p /etc/apache2/conf-enabled \
+    && echo "IncludeOptional /etc/apache2/conf-enabled/*.conf" >> /etc/httpd/conf/httpd.conf \
+    && mkdir -p /etc/apache2/mods-available \
+    && echo "Include /etc/apache2/mods-available/*.conf" >> /etc/httpd/conf/httpd.conf \
+    && touch /etc/apache2/envvars \
 # Project specific command block end
    && yum history -y undo $(yum history list git | tail -2 | head -1 | awk '{ print $1}') \
+    && rpm -e --nodeps centos-logos \
    && yum clean all \
    && rm -rf /tmp/* /root/.cache \
    && pip uninstall pip wheel -y \
--- a/dockerfiles/Dockerfile-debian
+++ b/dockerfiles/Dockerfile-debian
@ -16,6 +16,9 @@ RUN set -x \
 # Project specific packages start
        python \
        python-rados \
+        apache2 \
+        libapache2-mod-wsgi \
+        sudo \
 # Project specific packages end
    && apt-get install -y --no-install-recommends ca-certificates curl git \
 # common install start
@ -45,7 +48,22 @@ RUN set -x \
    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
 # common install end
 # Project specific command block start
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
+    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt \
+        python-memcached \
+        pymysql \
+    && cp -rfv /tmp/${PROJECT}/etc/${PROJECT}/* /etc/${PROJECT}/ \
+    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
+    && mkdir -p /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
+    && chown -R root:root /etc/${PROJECT}/rootwrap.conf /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
+# Setup Nova RootWrap & sudo
+    && chmod 0640 /etc/sudoers \
+    && echo "${PROJECT} ALL = (root) NOPASSWD: /usr/local/bin/${PROJECT}-rootwrap-daemon /usr/local/bin/${PROJECT}-rootwrap" >> /etc/sudoers \
+    && echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap-daemon !requiretty" >> /etc/sudoers \
+    && echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap !requiretty" >> /etc/sudoers \
+    && chmod 0440 /etc/sudoers \
+# Disable default apache config:
+    && rm /etc/apache2/ports.conf /etc/apache2/sites-enabled/* /etc/apache2/sites-available/* \
+    && touch /etc/apache2/ports.conf \
 # Project specific command block end
    && apt-get purge -y --auto-remove ca-certificates curl git \
    && rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
--- a/dockerfiles/Dockerfile-ubuntu
+++ b/dockerfiles/Dockerfile-ubuntu
@ -16,6 +16,9 @@ RUN set -x \
 # Project specific packages start
        python \
        python-rados \
+        apache2 \
+        libapache2-mod-wsgi \
+        sudo \
 # Project specific packages end
    && apt-get install -y --no-install-recommends ca-certificates curl git \
 # common install start
@ -45,7 +48,22 @@ RUN set -x \
    && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
 # common install end
 # Project specific command block start
-    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
+    && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt \
+        python-memcached \
+        pymysql \
+    && cp -rfv /tmp/${PROJECT}/etc/${PROJECT}/* /etc/${PROJECT}/ \
+    && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
+    && mkdir -p /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
+    && chown -R root:root /etc/${PROJECT}/rootwrap.conf /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
+# Setup Nova RootWrap & sudo
+    && chmod 0640 /etc/sudoers \
+    && echo "${PROJECT} ALL = (root) NOPASSWD: /usr/local/bin/${PROJECT}-rootwrap-daemon /usr/local/bin/${PROJECT}-rootwrap" >> /etc/sudoers \
+    && echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap-daemon !requiretty" >> /etc/sudoers \
+    && echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap !requiretty" >> /etc/sudoers \
+    && chmod 0440 /etc/sudoers \
+# Disable default apache config:
+    && rm /etc/apache2/ports.conf /etc/apache2/sites-enabled/* /etc/apache2/sites-available/* \
+    && touch /etc/apache2/ports.conf \
 # Project specific command block end
    && apt-get purge -y --auto-remove ca-certificates curl git \
    && rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \