openstack
/
fuel-main
Code Issues Proposed changes

Use fresh CentOS in docker 

We have a number of security bugs that can be covered by
upgrading CentOS inside docker images.
That commit removed preloaded centos images in favor to
fresh one.

Change-Id: Ic83832f419d799f6d2da4da8bb517890e8ca4c0f
Closes-Bug: #1646772
This commit is contained in:
Anton Chevychalov 2017-04-06 14:19:11 +03:00
parent 50bd31e14b
commit 8df5bfb08c
5 changed files with 5 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker/astute/setup.sh
View File

@ -28,6 +28,9 @@ done
yum clean expire-cache
yum update -y
yum repolist
yum info fuel-library8.0.noarch
packages="psmisc python-editor nailgun-mcagents sysstat "
packages+="rubygem-amqp rubygem-amq-protocol rubygem-i18n rubygem-tzinfo "
packages+="rubygem-minitest rubygem-open4 rubygem-Platform rubygem-symboltable "

9
docker/module.mk
View File

@ -68,23 +68,18 @@ $(BUILD_DIR)/docker/$1.done: \
$$(ACTION.TOUCH)
endef
$(BUILD_DIR)/docker/base-images.done: \
$(BUILD_DIR)/mirror/docker/build.done
for container in $(LOCAL_MIRROR_DOCKER_BASEURL)/*.xz; do xz -dkc -T0 $$container | sudo docker load; done
$(ACTION.TOUCH)
$(BUILD_DIR)/docker/fuel-centos.done: export docker_upstream_mirror:=$(yum_upstream_repo)
$(BUILD_DIR)/docker/fuel-centos.done: \
$(BUILD_DIR)/docker/base-images.done \
$(BUILD_DIR)/mirror/centos/build.done \
$(BUILD_DIR)/packages/rpm/build.done
mkdir -p $(BUILD_DIR)/docker/
rm -rf $(BUILD_DIR)/docker/fuel-centos-build
cp -a $(SOURCE_DIR)/docker/fuel-centos-build $(BUILD_DIR)/docker/fuel-centos-build
echo "$${docker_upstream_mirror}" > $(BUILD_DIR)/docker/fuel-centos-build/upstream.repo
test -n "$(EXTRA_RPM_REPOS)" || sed -e "/_EXTRA_RPM_REPOS_/d" -i $(BUILD_DIR)/docker/fuel-centos-build/Dockerfile
sed -e "s|_CENTOS_RELEASE_|$(CENTOS_RELEASE)|g" -i $(BUILD_DIR)/docker/fuel-centos-build/Dockerfile
sed -e "s|_EXTRA_RPM_REPOS_|$(EXTRA_RPM_REPOS)|" -i $(BUILD_DIR)/docker/fuel-centos-build/Dockerfile
sudo docker build -t fuel/fuel-centos-build $(BUILD_DIR)/docker/fuel-centos-build
sudo docker build --pull -t fuel/fuel-centos-build $(BUILD_DIR)/docker/fuel-centos-build
mkdir -p $(BUILD_DIR)/docker/fuel-centos/
echo ">>> Generating fuel/centos base image..."
sudo docker -D run --name=FUEL_CENTOS_$(PRODUCT_VERSION) --net=bridge -d -i -t --privileged \

12
mirror/docker/base-images.mk
View File

@ -1,12 +0,0 @@
BASE_IMAGE_FILES:=centos.tar.xz busybox.tar.xz
MIRROR_DOCKER_BASEURL?=$(MIRROR_DOCKER)
# docker base image files
$(addprefix $(LOCAL_MIRROR_DOCKER_BASEURL)/,$(BASE_IMAGE_FILES)):
@mkdir -p $(@D)
wget -nv -O $@ $(MIRROR_DOCKER_BASEURL)/$(@F)
$(BUILD_DIR)/mirror/docker/base-images.done: \
$(addprefix $(LOCAL_MIRROR_DOCKER_BASEURL)/,$(BASE_IMAGE_FILES))
$(ACTION.TOUCH)

6
mirror/docker/module.mk
View File

@ -1,13 +1,7 @@
.PHONY: clean-docker
# This module downloads ubuntu installation images.
include $(SOURCE_DIR)/mirror/docker/base-images.mk
clean: clean-docker
clean-docker:
-sudo sh -c "docker ps -aq | xargs --no-run-if-empty docker rm -f"
-sudo sh -c "docker images | awk '/fuel|none/ { print \$$3; }' | xargs --no-run-if-empty docker rmi -f"
$(BUILD_DIR)/mirror/docker/build.done: \
$(BUILD_DIR)/mirror/docker/base-images.done
$(ACTION.TOUCH)

1
mirror/module.mk
View File

@ -15,7 +15,6 @@ include $(SOURCE_DIR)/mirror/docker/module.mk
$(BUILD_DIR)/mirror/build.done: \
$(BUILD_DIR)/mirror/centos/build.done \
$(BUILD_DIR)/mirror/ubuntu/build.done \
$(BUILD_DIR)/mirror/docker/build.done
$(ACTION.TOUCH)
$(BUILD_DIR)/mirror/make-changelog.done: $(BUILD_DIR)/mirror/build.done