Add Apache2 and Sudo (#2)
* Add Apache2 and Sudo * Policy.json is not supplied with Nova Source so remove command to set ownership
This commit is contained in:
parent
83f3a7e545
commit
f8ff6590c7
|
@ -12,6 +12,10 @@ RUN set -x \
|
|||
&& yum install --setopt=tsflags=nodocs -y \
|
||||
# Project specific packages start
|
||||
python \
|
||||
httpd \
|
||||
mod_ssl \
|
||||
mod_wsgi \
|
||||
sudo \
|
||||
# Project specific packages end
|
||||
&& yum install --setopt=tsflags=nodocs -y git \
|
||||
# common install start
|
||||
|
@ -41,9 +45,32 @@ RUN set -x \
|
|||
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
|
||||
# common install end
|
||||
# Project specific command block start
|
||||
&& pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
|
||||
&& pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt \
|
||||
python-memcached \
|
||||
pymysql \
|
||||
&& cp -rfv /tmp/${PROJECT}/etc//${PROJECT}/* /etc/${PROJECT}/ \
|
||||
&& chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
|
||||
&& mkdir -p /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
|
||||
&& chown -R root:root /etc/${PROJECT}/rootwrap.conf /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
|
||||
# Setup Nova RootWrap & sudo
|
||||
&& chmod 0640 /etc/sudoers \
|
||||
&& echo "${PROJECT} ALL = (root) NOPASSWD: /usr/local/bin/${PROJECT}-rootwrap-daemon /usr/local/bin/${PROJECT}-rootwrap" >> /etc/sudoers \
|
||||
&& echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap-daemon !requiretty" >> /etc/sudoers \
|
||||
&& echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap !requiretty" >> /etc/sudoers \
|
||||
&& chmod 0440 /etc/sudoers \
|
||||
# Disable default apache config:
|
||||
&& sed -i 's/^Listen 80/#Listen 80/' /etc/httpd/conf/httpd.conf \
|
||||
&& rm /etc/httpd/conf.d/* \
|
||||
# Provide compatibility with ubuntu/debian apache:
|
||||
&& ln -s /usr/sbin/httpd /usr/sbin/apache2 \
|
||||
&& mkdir -p /etc/apache2/conf-enabled \
|
||||
&& echo "IncludeOptional /etc/apache2/conf-enabled/*.conf" >> /etc/httpd/conf/httpd.conf \
|
||||
&& mkdir -p /etc/apache2/mods-available \
|
||||
&& echo "Include /etc/apache2/mods-available/*.conf" >> /etc/httpd/conf/httpd.conf \
|
||||
&& touch /etc/apache2/envvars \
|
||||
# Project specific command block end
|
||||
&& yum history -y undo $(yum history list git | tail -2 | head -1 | awk '{ print $1}') \
|
||||
&& rpm -e --nodeps centos-logos \
|
||||
&& yum clean all \
|
||||
&& rm -rf /tmp/* /root/.cache \
|
||||
&& pip uninstall pip wheel -y \
|
||||
|
|
|
@ -16,6 +16,9 @@ RUN set -x \
|
|||
# Project specific packages start
|
||||
python \
|
||||
python-rados \
|
||||
apache2 \
|
||||
libapache2-mod-wsgi \
|
||||
sudo \
|
||||
# Project specific packages end
|
||||
&& apt-get install -y --no-install-recommends ca-certificates curl git \
|
||||
# common install start
|
||||
|
@ -45,7 +48,22 @@ RUN set -x \
|
|||
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
|
||||
# common install end
|
||||
# Project specific command block start
|
||||
&& pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
|
||||
&& pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt \
|
||||
python-memcached \
|
||||
pymysql \
|
||||
&& cp -rfv /tmp/${PROJECT}/etc/${PROJECT}/* /etc/${PROJECT}/ \
|
||||
&& chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
|
||||
&& mkdir -p /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
|
||||
&& chown -R root:root /etc/${PROJECT}/rootwrap.conf /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
|
||||
# Setup Nova RootWrap & sudo
|
||||
&& chmod 0640 /etc/sudoers \
|
||||
&& echo "${PROJECT} ALL = (root) NOPASSWD: /usr/local/bin/${PROJECT}-rootwrap-daemon /usr/local/bin/${PROJECT}-rootwrap" >> /etc/sudoers \
|
||||
&& echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap-daemon !requiretty" >> /etc/sudoers \
|
||||
&& echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap !requiretty" >> /etc/sudoers \
|
||||
&& chmod 0440 /etc/sudoers \
|
||||
# Disable default apache config:
|
||||
&& rm /etc/apache2/ports.conf /etc/apache2/sites-enabled/* /etc/apache2/sites-available/* \
|
||||
&& touch /etc/apache2/ports.conf \
|
||||
# Project specific command block end
|
||||
&& apt-get purge -y --auto-remove ca-certificates curl git \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
|
||||
|
|
|
@ -16,6 +16,9 @@ RUN set -x \
|
|||
# Project specific packages start
|
||||
python \
|
||||
python-rados \
|
||||
apache2 \
|
||||
libapache2-mod-wsgi \
|
||||
sudo \
|
||||
# Project specific packages end
|
||||
&& apt-get install -y --no-install-recommends ca-certificates curl git \
|
||||
# common install start
|
||||
|
@ -45,7 +48,22 @@ RUN set -x \
|
|||
&& chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \
|
||||
# common install end
|
||||
# Project specific command block start
|
||||
&& pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \
|
||||
&& pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt \
|
||||
python-memcached \
|
||||
pymysql \
|
||||
&& cp -rfv /tmp/${PROJECT}/etc/${PROJECT}/* /etc/${PROJECT}/ \
|
||||
&& chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \
|
||||
&& mkdir -p /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
|
||||
&& chown -R root:root /etc/${PROJECT}/rootwrap.conf /etc/${PROJECT}/rootwrap.d /usr/share/${PROJECT}/rootwrap \
|
||||
# Setup Nova RootWrap & sudo
|
||||
&& chmod 0640 /etc/sudoers \
|
||||
&& echo "${PROJECT} ALL = (root) NOPASSWD: /usr/local/bin/${PROJECT}-rootwrap-daemon /usr/local/bin/${PROJECT}-rootwrap" >> /etc/sudoers \
|
||||
&& echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap-daemon !requiretty" >> /etc/sudoers \
|
||||
&& echo "Defaults!/usr/local/bin/${PROJECT}-rootwrap !requiretty" >> /etc/sudoers \
|
||||
&& chmod 0440 /etc/sudoers \
|
||||
# Disable default apache config:
|
||||
&& rm /etc/apache2/ports.conf /etc/apache2/sites-enabled/* /etc/apache2/sites-available/* \
|
||||
&& touch /etc/apache2/ports.conf \
|
||||
# Project specific command block end
|
||||
&& apt-get purge -y --auto-remove ca-certificates curl git \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache \
|
||||
|
|
Loading…
Reference in New Issue