FROM centos:7 ENV PROJECT=neutron \ OPENSTACK_RPMS_VERSION=newton ARG DOCKER_REPO=yaodu/openstack-requirements ARG DOCKER_TAG=centos ARG WHEELS ARG GIT_REPO=https://github.com/openstack/${PROJECT} ARG GIT_REF ARG GIT_REF_REPO=https://git.openstack.org/openstack/${PROJECT} RUN set -x \ # NOTE(Pete Birley): CentOS-OpenStack repo is only used for openvswitch && curl -L https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/${OPENSTACK_RPMS_VERSION}-rdo/CentOS-OpenStack.repo > /etc/yum.repos.d/CentOS-OpenStack.repo \ && sed -i "s/OPENSTACK_VERSION/${OPENSTACK_RPMS_VERSION}/g" /etc/yum.repos.d/CentOS-OpenStack.repo \ && sed -i "/\[centos-openstack-${OPENSTACK_RPMS_VERSION}\]/s/.*/&\nincludepkgs=*openvswitch*/" /etc/yum.repos.d/CentOS-OpenStack.repo \ && curl -L https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/newton-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud > /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud \ && yum install --setopt=tsflags=nodocs -y \ # Project specific packages start bridge-utils \ conntrack-tools \ dnsmasq \ dnsmasq-utils \ ebtables \ ipset \ keepalived \ sudo \ openvswitch \ python \ uuid \ # Project specific packages end && yum install --setopt=tsflags=nodocs -y git \ # common install start && if [ -n "$WHEELS" ]; then \ curl -sSL ${WHEELS} > /tmp/wheels.tar.gz; \ else \ TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKER_REPO}:pull" | \ python -c "import sys, json; print json.load(sys.stdin)['token']") \ && BLOB=$(curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/manifests/${DOCKER_TAG} | \ python -c "import sys, json; print json.load(sys.stdin)['fsLayers'][0]['blobSum']") \ && curl -sSL -H "Authorization: Bearer ${TOKEN}" https://registry.hub.docker.com/v2/${DOCKER_REPO}/blobs/${BLOB} > /tmp/wheels.tar.gz; \ fi \ && git clone ${GIT_REPO} /tmp/${PROJECT} \ && if [ -n "$GIT_REF" ]; then \ git --git-dir /tmp/${PROJECT}/.git fetch ${GIT_REF_REPO} ${GIT_REF} \ && git --git-dir /tmp/${PROJECT}/.git checkout FETCH_HEAD; \ fi \ && mkdir /tmp/packages \ && tar xf /tmp/wheels.tar.gz -C /tmp/packages/ --strip-components=2 root/packages \ && curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \ && python get-pip.py \ && rm get-pip.py \ && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt /tmp/${PROJECT} \ && groupadd -g 42424 ${PROJECT} \ && useradd -u 42424 -g ${PROJECT} -M -d /var/lib/${PROJECT} -s /usr/sbin/nologin -c "${PROJECT} user" ${PROJECT} \ && mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \ && chown ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} \ # common install end # Project specific command block start && pip install --no-cache-dir --no-index --no-compile --find-links /tmp/packages --constraint /tmp/packages/upper-constraints.txt python-memcached pymysql \ # Setup config file structure && ( cd /tmp/${PROJECT} && ./tools/generate_config_file_samples.sh ) \ && mv /tmp/${PROJECT}/etc/neutron.conf.sample /tmp/${PROJECT}/etc/neutron.conf \ && mv /tmp/${PROJECT}/etc/neutron/* /tmp/${PROJECT}/etc/ \ && rm -rf /tmp/${PROJECT}/etc/neutron /tmp/${PROJECT}/etc/oslo-config-generator \ && cp -rfv /tmp/${PROJECT}/etc/* /etc/${PROJECT}/ \ && chown -R ${PROJECT}:${PROJECT} /etc/${PROJECT} \ && mkdir -p /usr/share/neutron/rootwrap \ && chown -R root:root /etc/${PROJECT}/policy.json /etc/${PROJECT}/rootwrap.conf /etc/neutron/rootwrap.d /usr/share/neutron/rootwrap \ # Setup Neutron RootWrap & sudo && ln -s /virtualenv/bin/neutron-rootwrap-daemon /usr/bin/neutron-rootwrap-daemon \ && chmod 0640 /etc/sudoers \ && echo "neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon" >> /etc/sudoers \ && echo "Defaults!/usr/bin/neutron-rootwrap-daemon !requiretty" >> /etc/sudoers \ && chmod 0440 /etc/sudoers \ # Project specific command block end && yum history -y undo $(yum history list git | tail -2 | head -1 | awk '{ print $1}') \ && yum clean all \ && rm -rf /tmp/* /root/.cache \ && pip uninstall pip wheel -y \ && find / -type f -name "*.pyc" -delete