openstack
/
kolla-ansible
Code Issues Proposed changes

Merge "Remove fragments of docker files"

This commit is contained in:
Jenkins 2016-11-29 17:43:15 +00:00 committed by Gerrit Code Review
parent 89dcde15ff 5b9206f449
commit 4d713a1092
18 changed files with 0 additions and 834 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

281
docker/base/Dockerfile.j2
View File

@ -1,281 +0,0 @@
FROM {{ base_image }}:{{ base_distro_tag }}
MAINTAINER {{ maintainer }}
LABEL kolla_version="{{ kolla_version }}"
{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}
{{ include_header }}
ENV KOLLA_BASE_DISTRO {{ base_distro }}
ENV KOLLA_INSTALL_TYPE {{ install_type }}
ENV KOLLA_INSTALL_METATYPE {{ install_metatype }}
#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \
&& cat /tmp/kolla_bashrc >> /root/.bashrc
# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system. This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality. I think we will :)
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
RUN if [ $(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release) != "{{ supported_distro_release }}" ]; then \
echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; \
fi \
&& cat /tmp/kolla_bashrc >> /etc/bashrc \
&& sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/yum.conf
#### BEGIN REPO ENABLEMENT
# Turns on Elasticsearch repos
{% set base_yum_repo_files = [
'elasticsearch.repo',
'kibana.yum.repo',
'MariaDB.repo',
'influxdb.repo',
'grafana.repo'
] %}
{% for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{% endfor %}
{% set base_yum_url_packages = [
'http://repo.percona.com/release/7/RPMS/x86_64/percona-release-0.1-3.noarch.rpm'
] %}
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
{% set base_yum_repo_keys = [
'http://yum.mariadb.org/RPM-GPG-KEY-MariaDB',
'/etc/pki/rpm-gpg/RPM-GPG-KEY-Percona ',
'https://packages.elastic.co/GPG-KEY-elasticsearch',
'https://repos.influxdata.com/influxdb.key',
'https://packagecloud.io/gpg.key',
'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana'
] %}
RUN true {% for key in base_yum_repo_keys | customizable('yum_repo_keys') %}&& rpm --import {{ key }} {% endfor %}
{% if install_metatype in ['rdo', 'mixed'] %}
{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}
{% endif %}
{# endif for repo setup for all RHEL except RHEL OSP #}
{% if install_metatype == 'rhos' %}
# Turn on the RHOS 7.0 repo for RHOS
RUN yum-config-manager --enable rhel-7-server-rpms \
&& yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
{% endif %}
{% if base_distro == 'centos' %}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
{% set base_centos_yum_repo_keys = [
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization'
] %}
{% set base_centos_yum_repo_packages = [
'epel-release ',
'yum-plugin-priorities',
'centos-release-ceph-jewel',
'centos-release-qemu-ev'
] %}
{{ macros.install_packages(base_centos_yum_repo_packages | customizable("yum_centos_repo_packages")) }}
RUN true \
{% for key in base_centos_yum_repo_keys | customizable('yum_centos_repo_keys') %} && rpm --import {{ key }}{% endfor %} && yum clean all
{% endif %}
{# Endif for base_distro centos #}
{% if base_distro == 'rhel' %}
{% block base_rhel_package_installation %}
# Enable couple required repositories for all RHEL builds
# Turn on EPEL throughout the build
RUN yum -y install \
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/epel-release-7-6.noarch.rpm \
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
&& yum -y install \
yum-plugin-priorities \
&& yum clean all \
&& yum-config-manager --enable rhel-7-server-optional-rpms \
&& yum-config-manager --enable rhel-7-server-extras-rpms
{% endblock %}
{% endif %}
{# Endif for base_distro RHEL #}
{% if base_distro == 'oraclelinux' %}
{% block base_oraclelinux_package_installation %}
COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo
RUN yum -y install \
tar \
yum-utils \
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/epel-release-7-6.noarch.rpm \
&& rpm -Uvh --nodeps \
http://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-mitaka/centos-release-openstack-mitaka-1-3.el7.noarch.rpm \
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-ceph-jewel-1.0-1.el7.centos.noarch.rpm \
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-qemu-ev-1.0-1.el7.noarch.rpm \
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm \
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-storage-common-1-2.el7.centos.noarch.rpm \
&& sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS-*.repo \
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage \
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization \
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
&& yum -y install \
yum-plugin-priorities \
&& yum clean all
{% endblock %}
{% endif %}
{# Endif for base_distro oraclelinux #}
#### END REPO ENABLEMENT
{# We are back to the basic if conditional here which is:
if base_distro in ['centos', 'oraclelinux', 'rhel'] #}
{% block base_redhat_binary_versionlock %}{% endblock %}
{% if install_type == 'binary' %}
{% set base_centos_binary_packages = [
'sudo',
'which',
'python',
'lvm2',
'scsi-target-utils',
'iproute',
'iscsi-initiator-utils'
] %}
# Install base packages
{{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
{% endif %}
{# Endif for install_type binary #}
{% if install_type == 'source' %}
{% set base_centos_source_packages = [
'curl',
'sudo',
'tar',
'which',
'lvm2',
'scsi-target-utils',
'iproute',
'iscsi-initiator-utils'
] %}
# Update packages
{{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}
{% endif %}
{# endif for install type is source for RPM based distros #}
{# endif for base_distro centos,oraclelinux,rhel #}
{% elif base_distro in ['ubuntu', 'debian'] %}
RUN if [ $(awk -F '=' '/DISTRIB_RELEASE/{print $2}' /etc/lsb-release) != "{{ supported_distro_release }}" ]; then \
echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; fi
# Customize PS1 bash shell
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc
# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive
# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
# Need apt-transport-https BEFORE we replace sources.list or apt-get update wont work!
RUN apt-get update \
&& apt-get -y install --no-install-recommends apt-transport-https ca-certificates \
&& apt-get clean
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
{% set base_apt_packages = [
'apt-utils',
'curl',
'gawk',
'iproute2',
'kmod',
'lvm2',
'open-iscsi',
'python',
'sudo',
'tgt']
%}
{% if base_distro == 'ubuntu' %}
{% set base_apt_keys = [
'0xF1656F24C74CD1D8',
'0x9334a25f8507efa5',
'391A9AA2147192839E9DB0315EDB1B62EC4926EA',
'430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A',
'46095ACC8548582C1A2699A9D27D666CD88E42B4',
'58118E89F3A912897C070ADBF76221572C52609D',
'05CE15085FC09D18E99EFB22684A14CF2582E0C5',
'418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
] %}
{% elif base_distro == 'debian' %}
{% set base_apt_keys = [
'58118E89F3A912897C070ADBF76221572C52609D',
'0xcbcb082a1bb943db',
'D27D666CD88E42B4',
'05CE15085FC09D18E99EFB22684A14CF2582E0C5',
'418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
] %}
{% set base_apt_packages = base_apt_packages +
['sudo',]
%}
{% endif %}
{% block base_ubuntu_package_installation %}
RUN true \
{% for key in base_apt_keys | customizable('apt_keys') %}
&& apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }} \
{% endfor %}
&& apt-get update \
&& apt-get -y upgrade \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends {% for package in base_apt_packages | customizable('apt_packages') %}{{ package }} {% endfor %} \
&& apt-get clean
{% endblock %}
{% if base_distro == 'ubuntu' %}
RUN sed -i "s|'purelib': '\$base/local/lib/python\$py_version_short/dist-packages',|'purelib': '\$base/lib/python\$py_version_short/dist-packages',|;s|'platlib': '\$platbase/local/lib/python\$py_version_short/dist-packages',|'platlib': '\$platbase/lib/python\$py_version_short/dist-packages',|;s|'headers': '\$base/local/include/python\$py_version_short/\$dist_name',|'headers': '\$base/include/python\$py_version_short/\$dist_name',|;s|'scripts': '\$base/local/bin',|'scripts': '\$base/bin',|;s|'data' : '\$base/local',|'data' : '\$base',|" /usr/lib/python2.7/distutils/command/install.py \
&& rm -rf /usr/lib/python2.7/site-packages \
&& ln -s dist-packages /usr/lib/python2.7/site-packages
{% endif %}
{# endif for base_distro ubuntu, debian #}
{% endif %}
COPY set_configs.py /usr/local/bin/kolla_set_configs
COPY start.sh /usr/local/bin/kolla_start
COPY sudoers /etc/sudoers
COPY curlrc /root/.curlrc
RUN touch /usr/local/bin/kolla_extend_start \
&& chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs \
&& chmod 440 /etc/sudoers \
&& groupadd kolla \
&& mkdir -p /var/log/kolla \
&& chown :kolla /var/log/kolla \
&& chmod 2775 /var/log/kolla \
&& rm -f /tmp/kolla_bashrc \
&& curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.1.3/dumb-init_1.1.3_amd64 -o /usr/local/bin/dumb-init \
&& chmod +x /usr/local/bin/dumb-init
{% block base_footer %}{% endblock %}
CMD ["kolla_start"]

5
docker/base/MariaDB.repo
View File

@ -1,5 +0,0 @@
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos7-amd64
gpgkey = http://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1

19
docker/base/apt_preferences.debian
View File

@ -1,19 +0,0 @@
Package: *
Pin: origin "nyc2.mirrors.digitalocean.com"
Pin-Priority: 500
Package: python-rtslib
Pin: release o=Debian,a=testing,n=stretch,l=Debian
Pin-Priority: 500
Package: targetcli
Pin: release o=Debian,a=testing,n=stretch,l=Debian
Pin-Priority: 500
Package: python-configshell
Pin: release o=Debian,a=testing,n=stretch,l=Debian
Pin-Priority: 500
Package: *
Pin: release o=Debian,a=testing,n=stretch,l=Debian
Pin-Priority: -1

0
docker/base/apt_preferences.ubuntu
View File

4
docker/base/curlrc
View File

@ -1,4 +0,0 @@
# curl default options
--silent
--show-error
--write-out "curl (%{url_effective}): response: %{http_code}, time: %{time_total}, size: %{size_download}\n"

9
docker/base/dpkg_reducing_disk_footprint
View File

@ -1,9 +0,0 @@
path-exclude /usr/share/doc/*
path-include /usr/share/doc/*/copyright
path-exclude /usr/share/man/*
path-exclude /usr/share/groff/*
path-exclude /usr/share/info/*
path-exclude /usr/share/lintian/*
path-exclude /usr/share/linda/*
path-exclude /usr/share/locale/*
path-include /usr/share/locale/en*

6
docker/base/elasticsearch.repo
View File

@ -1,6 +0,0 @@
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

7
docker/base/grafana.repo
View File

@ -1,7 +0,0 @@
[grafana]
name=grafana
baseurl=https://packagecloud.io/grafana/stable/el/7/$basearch
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana

6
docker/base/influxdb.repo
View File

@ -1,6 +0,0 @@
[influxdb]
name = InfluxDB Repository - RHEL $releasever
baseurl = https://repos.influxdata.com/rhel/$releasever/$basearch/stable
enabled = 1
gpgcheck = 1
gpgkey = https://repos.influxdata.com/influxdb.key

6
docker/base/kibana.yum.repo
View File

@ -1,6 +0,0 @@
[kibana-4.6]
name=Kibana repository for 4.6.x packages
baseurl=http://packages.elastic.co/kibana/4.6/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

5
docker/base/kolla_bashrc
View File

@ -1,5 +0,0 @@
#### Custom data added by Kolla
_KBOLD="\[$(tput bold)\]"
_KRESET="\[$(tput sgr0)\]"
PS1="${_KBOLD}(${KOLLA_SERVICE_NAME})${_KRESET}[\u@\h \W]\\$ "

6
docker/base/oraclelinux-extras.repo
View File

@ -1,6 +0,0 @@
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/7/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

308
docker/base/set_configs.py
View File

@ -1,308 +0,0 @@
#!/usr/bin/env python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
import glob
import grp
import json
import logging
import os
import pwd
import shutil
import sys
# TODO(rhallisey): add docstring.
logging.basicConfig()
LOG = logging.getLogger(__name__)
LOG.setLevel(logging.INFO)
def validate_config(config):
config_files_required_keys = {'source', 'dest', 'owner', 'perm'}
permissions_required_keys = {'path', 'owner'}
if 'command' not in config:
LOG.error('Config is missing required "command" key')
sys.exit(1)
# Validate config sections
for data in config.get('config_files', list()):
# Verify required keys exist.
if not data.viewkeys() >= config_files_required_keys:
LOG.error("Config is missing required keys: %s", data)
sys.exit(1)
for data in config.get('permissions', list()):
if not data.viewkeys() >= permissions_required_keys:
LOG.error("Config is missing required keys: %s", data)
sys.exit(1)
def validate_source(data):
source = data.get('source')
# Only check existance if no wildcard found
if '*' not in source:
if not os.path.exists(source):
if data.get('optional'):
LOG.info("%s does not exist, but is not required", source)
return False
else:
LOG.error("The source to copy does not exist: %s", source)
sys.exit(1)
return True
def copy_files(data):
dest = data.get('dest')
source = data.get('source')
if os.path.exists(dest):
LOG.info("Removing existing destination: %s", dest)
if os.path.isdir(dest):
shutil.rmtree(dest)
else:
os.remove(dest)
if os.path.isdir(source):
source_path = source
dest_path = dest
else:
source_path = os.path.dirname(source)
dest_path = os.path.dirname(dest)
if not os.path.exists(dest_path):
LOG.info("Creating dest parent directory: %s", dest_path)
os.makedirs(dest_path)
if source != source_path:
# Source is file
for file in glob.glob(source):
LOG.info("Copying %s to %s", file, dest)
shutil.copy(file, dest)
else:
# Source is a directory
for src in os.listdir(source_path):
LOG.info("Copying %s to %s",
os.path.join(source_path, src), dest_path)
if os.path.isdir(os.path.join(source_path, src)):
shutil.copytree(os.path.join(source_path, src), dest_path)
else:
shutil.copy(os.path.join(source_path, src), dest_path)
def set_permissions(data):
def set_perms(file_, uid, guid, perm):
LOG.info("Setting permissions for %s", file_)
# Give config file proper perms.
try:
os.chown(file_, uid, gid)
os.chmod(file_, perm)
except OSError as e:
LOG.error("Error while setting permissions for %s: %r",
file_, repr(e))
sys.exit(1)
dest = data.get('dest')
owner = data.get('owner')
perm = int(data.get('perm'), 0)
# Check for user and group id in the environment.
try:
user = pwd.getpwnam(owner)
except KeyError:
LOG.error("The specified user does not exist: %s", owner)
sys.exit(1)
uid = user.pw_uid
gid = user.pw_gid
# Set permissions on the top level dir or file
set_perms(dest, uid, gid, perm)
if os.path.isdir(dest):
# Recursively set permissions
for root, dirs, files in os.walk(dest):
for dir_ in dirs:
set_perms(os.path.join(root, dir_), uid, gid, perm)
for file_ in files:
set_perms(os.path.join(root, file_), uid, gid, perm)
def load_config():
def load_from_env():
config_raw = os.environ.get("KOLLA_CONFIG")
if config_raw is None:
return None
# Attempt to read config
try:
return json.loads(config_raw)
except ValueError:
LOG.error('Invalid json for Kolla config')
sys.exit(1)
def load_from_file():
config_file = '/var/lib/kolla/config_files/config.json'
LOG.info("Loading config file at %s", config_file)
# Attempt to read config file
with open(config_file) as f:
try:
return json.load(f)
except ValueError:
LOG.error("Invalid json file found at %s", config_file)
sys.exit(1)
except IOError as e:
LOG.error("Could not read file %s: %r", config_file, e)
sys.exit(1)
config = load_from_env()
if config is None:
config = load_from_file()
LOG.info('Validating config file')
validate_config(config)
return config
def copy_config(config):
if 'config_files' in config:
LOG.info('Copying service configuration files')
for data in config['config_files']:
if validate_source(data):
copy_files(data)
set_permissions(data)
else:
LOG.debug('No files to copy found in config')
LOG.info('Writing out command to execute')
LOG.debug("Command is: %s", config['command'])
# The value from the 'command' key will be written to '/run_command'
with open('/run_command', 'w+') as f:
f.write(config['command'])
def handle_permissions(config):
for permission in config.get('permissions', list()):
path = permission.get('path')
owner = permission.get('owner')
recurse = permission.get('recurse', False)
if ':' in owner:
user, group = owner.split(':', 1)
if not group:
group = user
else:
user, group = owner, owner
uid = pwd.getpwnam(user).pw_uid
gid = grp.getgrnam(group).gr_gid
def set_perms(path, uid, gid):
LOG.info('Setting permission for %s', path)
os.chown(path, uid, gid)
for dest in glob.glob(path):
set_perms(dest, uid, gid)
if recurse and os.path.isdir(dest):
for root, dirs, files in os.walk(dest):
for dir_ in dirs:
set_perms(os.path.join(root, dir_), uid, gid)
for file_ in files:
set_perms(os.path.join(root, file_), uid, gid)
def execute_config_strategy():
config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
LOG.info("Kolla config strategy set to: %s", config_strategy)
config = load_config()
if config_strategy == "COPY_ALWAYS":
copy_config(config)
handle_permissions(config)
elif config_strategy == "COPY_ONCE":
if os.path.exists('/configured'):
LOG.info("The config strategy prevents copying new configs")
sys.exit(0)
else:
copy_config(config)
handle_permissions(config)
os.mknod('/configured')
else:
LOG.error('KOLLA_CONFIG_STRATEGY is not set properly')
sys.exit(1)
def execute_config_check():
config = load_config()
for config_file in config.get('config_files', {}):
source = config_file.get('source')
dest = config_file.get('dest')
perm = config_file.get('perm')
owner = config_file.get('owner')
optional = config_file.get('optional', False)
if not os.path.exists(dest):
if optional:
LOG.info('Dest file does not exist, but is optional: %s',
dest)
return
else:
LOG.error('Dest file does not exist and is: %s', dest)
sys.exit(1)
# check content
with open(source) as fp1, open(dest) as fp2:
if fp1.read() != fp2.read():
LOG.error('The content of source file(%s) and'
' dest file(%s) are not equal.', source, dest)
sys.exit(1)
# check perm
file_stat = os.stat(dest)
actual_perm = oct(file_stat.st_mode)[-4:]
if perm != actual_perm:
LOG.error('Dest file does not have expected perm: %s, actual: %s',
perm, actual_perm)
sys.exit(1)
# check owner
actual_user = pwd.getpwuid(file_stat.st_uid)
if actual_user.pw_name != owner:
LOG.error('Dest file does not have expected user: %s, actual: %s ',
owner, actual_user.pw_name)
sys.exit(1)
LOG.info('The config files are in the expected state')
def main():
parser = argparse.ArgumentParser()
parser.add_argument('--check',
action='store_true',
required=False,
help='Check whether the configs changed')
conf = parser.parse_args()
if conf.check:
execute_config_check()
else:
execute_config_strategy()
return 0
if __name__ == "__main__":
try:
exit_code = main()
except Exception:
exit_code = 1
LOG.exception('Unexpected error:')
sys.exit(exit_code)

32
docker/base/sources.list.debian
View File

@ -1,32 +0,0 @@
# Default repos
deb http://httpredir.debian.org/debian jessie main
# jessie-backports
deb http://httpredir.debian.org/debian jessie-backports main contrib
# jessie-updates, previously known as 'volatile'
deb http://httpredir.debian.org/debian jessie-updates main
# debian security updates
deb http://security.debian.org jessie/updates main
# need some packages from testing not available in stable
deb http://httpredir.debian.org/debian stretch main
# Ceph repo
deb http://download.ceph.com/debian-jewel/ jessie main
# Maria DB repo
deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.0/debian jessie main
# Kibana repo
deb http://packages.elastic.co/kibana/4.6/debian stable main
# docker
deb http://apt.dockerproject.org/repo debian-jessie main
# InfluxDB repo
deb https://repos.influxdata.com/debian jessie stable
# Grafana repo
deb https://packagecloud.io/grafana/stable/debian/ jessie main

32
docker/base/sources.list.ubuntu
View File

@ -1,32 +0,0 @@
# Default repos
deb http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ xenial-security main restricted universe multiverse
# Backports have a lower priority and must be explicitly installed to be used
deb http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
# We need to add the Newton repo for the updated packages they provide. The main
# ones are qemu, libvirt, and openvswitch.
deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main
# MariaDB 10.0 repo
deb http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.0/ubuntu xenial main
# Percona repo (for xtrabackup)
deb http://repo.percona.com/apt xenial main
# Elastic repo
deb http://packages.elastic.co/elasticsearch/2.x/debian stable main
# Kibana repo
deb http://packages.elastic.co/kibana/4.6/debian stable main
# Docker repo
deb http://apt.dockerproject.org/repo ubuntu-xenial main
# InfluxDB repo
deb https://repos.influxdata.com/ubuntu xenial stable
# Grafana repo
deb https://packagecloud.io/grafana/stable/debian/ jessie main

24
docker/base/start.sh
View File

@ -1,24 +0,0 @@
#!/usr/local/bin/dumb-init /bin/bash
set -o errexit
# Wait for the log socket
if [[ ! "${!SKIP_LOG_SETUP[@]}" && -e /var/lib/kolla/heka ]]; then
while [[ ! -S /var/lib/kolla/heka/log ]]; do
sleep 1
done
fi
# Processing /var/lib/kolla/config_files/config.json as root. This is necessary
# to permit certain files to be controlled by the root user which should
# not be writable by the dropped-privileged user, especially /run_command
sudo -E kolla_set_configs
CMD=$(cat /run_command)
ARGS=""
if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then
# Run additional commands if present
. kolla_extend_start
fi
echo "Running command: '${CMD}${ARGS:+ $ARGS}'"
exec ${CMD} ${ARGS}

18
docker/base/sudoers
View File

@ -1,18 +0,0 @@
# The idea here is a container service adds their UID to the kolla group
# via usermod -a -G kolla <uid>. Then the kolla_start may run
# kolla_set_configs via sudo as the root user which is necessary to protect
# the immutability of the container
# anyone in the kolla group may sudo -E (set the environment)
Defaults: %kolla setenv
# root may run any commands via sudo as the network seervice user. This is
# neededfor database migrations of existing services which have not been
# converted to run as a non-root user, but instead do that via sudo -E glance
root ALL=(ALL) ALL
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
# root user via sudo without password confirmation
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs, /usr/bin/install
#includedir /etc/sudoers.d

66
tests/test_set_config.py
View File

@ -1,66 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import imp
import json
import mock
import os.path
import sys
from oslotest import base
# nasty: to import set_config (not a part of the kolla package)
this_dir = os.path.dirname(sys.modules[__name__].__file__)
set_configs_file = os.path.abspath(
os.path.join(this_dir, '..',
'docker', 'base', 'set_configs.py'))
set_configs = imp.load_source('set_configs', set_configs_file)
class LoadFromFile(base.BaseTestCase):
def test_load_ok(self):
in_config = json.dumps({'command': '/bin/true',
'config_files': {}})
mo = mock.mock_open(read_data=in_config)
with mock.patch.object(set_configs, 'open', mo):
config = set_configs.load_config()
set_configs.copy_config(config)
self.assertEqual([
mock.call('/var/lib/kolla/config_files/config.json'),
mock.call().__enter__(),
mock.call().read(),
mock.call().__exit__(None, None, None),
mock.call('/run_command', 'w+'),
mock.call().__enter__(),
mock.call().write(u'/bin/true'),
mock.call().__exit__(None, None, None)], mo.mock_calls)
class LoadFromEnv(base.BaseTestCase):
def test_load_ok(self):
in_config = json.dumps({'command': '/bin/true',
'config_files': {}})
mo = mock.mock_open()
with mock.patch.object(set_configs, 'open', mo):
with mock.patch.dict('os.environ', {'KOLLA_CONFIG': in_config}):
config = set_configs.load_config()
set_configs.copy_config(config)
self.assertEqual([mock.call('/run_command', 'w+'),
mock.call().__enter__(),
mock.call().write(u'/bin/true'),
mock.call().__exit__(None, None, None)],
mo.mock_calls)