diff --git a/docker/designate/designate-api/Dockerfile.j2 b/docker/designate/designate-api/Dockerfile.j2 index b664578261..22b574e05d 100644 --- a/docker/designate/designate-api/Dockerfile.j2 +++ b/docker/designate/designate-api/Dockerfile.j2 @@ -16,6 +16,5 @@ MAINTAINER {{ maintainer }} {% block designate_api_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} USER designate diff --git a/docker/designate/designate-backend-bind9/Dockerfile.j2 b/docker/designate/designate-backend-bind9/Dockerfile.j2 index eb9adeab93..75db8ca445 100644 --- a/docker/designate/designate-backend-bind9/Dockerfile.j2 +++ b/docker/designate/designate-backend-bind9/Dockerfile.j2 @@ -9,8 +9,6 @@ MAINTAINER {{ maintainer }} {% set designate_backend_bind9_packages = ['bind'] %} {{ macros.install_packages(designate_backend_bind9_packages | customizable("packages")) }} -RUN mkdir -p /var/lib/kolla/ \ - && cp -pr /var/named /var/lib/kolla/var-named {% elif base_distro in ['ubuntu'] %} {% set designate_backend_bind9_packages = ['bind9'] %} @@ -19,8 +17,11 @@ RUN mkdir -p /var/lib/kolla/ \ {% endif %} +{% set designate_backend_bind_name = 'bind' if base_distro in ['ubuntu', 'debian'] else 'named' %} + +RUN mkdir -p /var/lib/kolla/ /var/lib/{{ designate_backend_bind_name }}/ /run/{{ designate_backend_bind_name }} \ + && chown -R root: /var/lib/{{ designate_backend_bind_name }} /run/{{ designate_backend_bind_name }} \ + && chmod 755 /run/{{ designate_backend_bind_name }} \ + {% block designate_backend_bind9_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} - -USER designate diff --git a/docker/designate/designate-base/Dockerfile.j2 b/docker/designate/designate-base/Dockerfile.j2 index 6cc36f639f..ad0727c1a2 100644 --- a/docker/designate/designate-base/Dockerfile.j2 +++ b/docker/designate/designate-base/Dockerfile.j2 @@ -48,12 +48,14 @@ RUN ln -s designate-base-source/* designate \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf {% endif %} +COPY designate_sudoers /etc/sudoers.d/kolla_designate_sudoers COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN touch /usr/local/bin/kolla_designate_extend_start \ + +RUN usermod -a -G kolla designate \ + && chmod 750 /etc/sudoers.d \ + && chmod 640 /etc/sudoers.d/kolla_designate_sudoers \ + && touch /usr/local/bin/kolla_designate_extend_start \ && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_designate_extend_start {% block designate_base_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} - -RUN usermod -a -G kolla designate diff --git a/docker/designate/designate-base/designate_sudoers b/docker/designate/designate-base/designate_sudoers new file mode 100644 index 0000000000..d06679fe21 --- /dev/null +++ b/docker/designate/designate-base/designate_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/designate-rootwrap /etc/designate/rootwrap.conf * diff --git a/docker/designate/designate-central/Dockerfile.j2 b/docker/designate/designate-central/Dockerfile.j2 index 1edf5bd457..4f8c3de620 100644 --- a/docker/designate/designate-central/Dockerfile.j2 +++ b/docker/designate/designate-central/Dockerfile.j2 @@ -19,6 +19,5 @@ RUN chmod 755 /usr/local/bin/kolla_designate_extend_start {% block designate_central_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} USER designate diff --git a/docker/designate/designate-mdns/Dockerfile.j2 b/docker/designate/designate-mdns/Dockerfile.j2 index 6028bdef4f..9819f4c8fb 100644 --- a/docker/designate/designate-mdns/Dockerfile.j2 +++ b/docker/designate/designate-mdns/Dockerfile.j2 @@ -16,6 +16,5 @@ MAINTAINER {{ maintainer }} {% block designate_mdns_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} USER designate diff --git a/docker/designate/designate-pool-manager/Dockerfile.j2 b/docker/designate/designate-pool-manager/Dockerfile.j2 index 14a4f9e4c9..6b84f8d0d0 100644 --- a/docker/designate/designate-pool-manager/Dockerfile.j2 +++ b/docker/designate/designate-pool-manager/Dockerfile.j2 @@ -33,6 +33,5 @@ MAINTAINER {{ maintainer }} {% block designate_pool_manager_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} USER designate diff --git a/docker/designate/designate-sink/Dockerfile.j2 b/docker/designate/designate-sink/Dockerfile.j2 index 6d2e6acd3f..6da2f6f90a 100644 --- a/docker/designate/designate-sink/Dockerfile.j2 +++ b/docker/designate/designate-sink/Dockerfile.j2 @@ -22,6 +22,5 @@ MAINTAINER {{ maintainer }} {% block designate_sink_footer %}{% endblock %} {% block footer %}{% endblock %} -{{ include_footer }} USER designate diff --git a/docker/designate/designate-worker/Dockerfile.j2 b/docker/designate/designate-worker/Dockerfile.j2 new file mode 100644 index 0000000000..261884e65d --- /dev/null +++ b/docker/designate/designate-worker/Dockerfile.j2 @@ -0,0 +1,37 @@ +FROM {{ namespace }}/{{ image_prefix }}designate-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% block designate_worker_header %}{% endblock %} + +{% import "macros.j2" as macros with context %} + +# The bind9 package here is only to provide the rndc binary. +{% if install_type == 'binary' %} + {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} + {% set designate_worker_packages = [ + 'bind', + 'openstack-designate-worker' + ] %} + {% elif base_distro in ['ubuntu'] %} + {% set designate_worker_packages = [ + 'bind9', + 'designate-worker' + ] %} + {% endif %} +{% elif install_type == 'source' %} + {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} + {% set designate_worker_packages = [ + 'bind' + ] %} + {% elif base_distro in ['ubuntu'] %} + {% set designate_worker_packages = [ + 'bind9' + ] %} + {% endif %} +{% endif %} +{{ macros.install_packages(designate_worker_packages | customizable("packages")) }} + +{% block designate_worker_footer %}{% endblock %} +{% block footer %}{% endblock %} + +USER designate