From 2b6801f69f0f3662a9b0df8bc0c4a8050fc29a92 Mon Sep 17 00:00:00 2001 From: FFrog Date: Mon, 23 May 2022 16:03:37 +0800 Subject: [PATCH] add kolla queens and rocky support on openEUler 22.03 --- kolla/queens/20.03-lts-sp2/base/Dockerfile | 206 +++++++++ kolla/queens/20.03-lts-sp2/base/curlrc | 4 + kolla/queens/20.03-lts-sp2/base/kolla_bashrc | 5 + .../20.03-lts-sp2/base/openEuler-aarch64.repo | 17 + .../20.03-lts-sp2/base/openEuler-x86-64.repo | 17 + .../queens/20.03-lts-sp2/base/set_configs.py | 422 +++++++++++++++++ kolla/queens/20.03-lts-sp2/base/start.sh | 18 + kolla/queens/20.03-lts-sp2/base/sudoers | 18 + kolla/queens/20.03-lts-sp2/chrony/Dockerfile | 11 + .../20.03-lts-sp2/chrony/extend_start.sh | 16 + .../cinder/cinder-api/Dockerfile | 13 + .../cinder/cinder-api/extend_start.sh | 31 ++ .../cinder/cinder-backup/Dockerfile | 5 + .../cinder/cinder-base/Dockerfile | 16 + .../cinder/cinder-base/cinder_sudoers | 1 + .../cinder/cinder-base/extend_start.sh | 10 + .../cinder/cinder-scheduler/Dockerfile | 3 + .../cinder/cinder-volume/Dockerfile | 13 + .../cinder/cinder-volume/cinder_sudoers | 5 + .../cinder/cinder-volume/extend_start.sh | 14 + kolla/queens/20.03-lts-sp2/cron/Dockerfile | 3 + kolla/queens/20.03-lts-sp2/dnsmasq/Dockerfile | 4 + .../glance/glance-api/Dockerfile | 8 + .../glance/glance-api/extend_start.sh | 9 + .../glance/glance-base/Dockerfile | 13 + .../glance/glance-base/extend_start.sh | 10 + .../glance/glance-registry/Dockerfile | 3 + kolla/queens/20.03-lts-sp2/haproxy/Dockerfile | 13 + .../haproxy/ensure_latest_config.sh | 14 + kolla/queens/20.03-lts-sp2/horizon/Dockerfile | 25 + .../20.03-lts-sp2/horizon/extend_start.sh | 322 +++++++++++++ .../20.03-lts-sp2/ironic-inspector/Dockerfile | 14 + .../ironic-inspector/extend_start.sh | 17 + .../ironic-inspector/ironic_inspector_sudoers | 1 + .../ironic/ironic-api/Dockerfile | 11 + .../ironic/ironic-api/extend_start.sh | 21 + .../ironic/ironic-base/Dockerfile | 14 + .../ironic/ironic-base/extend_start.sh | 12 + .../ironic/ironic-base/ironic_sudoers | 1 + .../ironic/ironic-conductor/Dockerfile | 10 + .../ironic/ironic-conductor/extend_start.sh | 3 + .../ironic/ironic-conductor/iscsi_tcp_sudoers | 1 + .../ironic/ironic-pxe/Dockerfile | 14 + .../ironic/ironic-pxe/extend_start.sh | 37 ++ .../ironic/ironic-pxe/tftp-map-file | 4 + .../20.03-lts-sp2/keepalived/Dockerfile | 9 + .../20.03-lts-sp2/keepalived/check_alive.sh | 6 + .../20.03-lts-sp2/keepalived/extend_start.sh | 8 + .../keystone/keystone-base/Dockerfile | 16 + .../keystone/keystone-fernet/Dockerfile | 9 + .../keystone/keystone-fernet/extend_start.sh | 12 + .../keystone-fernet/fetch_fernet_tokens.py | 85 ++++ .../keystone-fernet/keystone_bootstrap.sh | 43 ++ .../keystone/keystone-ssh/Dockerfile | 14 + .../keystone/keystone-ssh/extend_start.sh | 16 + .../keystone/keystone/Dockerfile | 6 + .../keystone/keystone/extend_start.sh | 76 ++++ .../keystone/keystone/keystone_bootstrap.sh | 66 +++ .../20.03-lts-sp2/kolla-toolbox/Dockerfile | 32 ++ .../20.03-lts-sp2/kolla-toolbox/ansible.cfg | 3 + .../kolla-toolbox/ansible_sudoers | 1 + .../20.03-lts-sp2/kolla-toolbox/find_disks.py | 217 +++++++++ .../kolla-toolbox/kolla_keystone_service.py | 101 +++++ .../kolla-toolbox/kolla_keystone_user.py | 90 ++++ .../kolla-toolbox/kolla_sanity.py | 63 +++ kolla/queens/20.03-lts-sp2/mariadb/Dockerfile | 21 + .../20.03-lts-sp2/mariadb/extend_start.sh | 43 ++ .../20.03-lts-sp2/mariadb/mariadb_sudoers | 1 + .../mariadb/security_reset.expect | 58 +++ .../queens/20.03-lts-sp2/memcached/Dockerfile | 9 + .../20.03-lts-sp2/multipathd/Dockerfile | 7 + .../20.03-lts-sp2/multipathd/extend_start.sh | 2 + .../ironic-neutron-agent/Dockerfile | 3 + .../neutron/neutron-base/Dockerfile | 16 + .../neutron/neutron-base/extend_start.sh | 10 + .../neutron/neutron-base/neutron_sudoers | 1 + .../neutron/neutron-dhcp-agent/Dockerfile | 3 + .../neutron/neutron-l3-agent/Dockerfile | 5 + .../neutron-linuxbridge-agent/Dockerfile | 5 + .../neutron/neutron-metadata-agent/Dockerfile | 3 + .../neutron/neutron-metering-agent/Dockerfile | 5 + .../neutron-openvswitch-agent/Dockerfile | 5 + .../neutron/neutron-server/Dockerfile | 6 + .../neutron/neutron-server/extend_start.sh | 33 ++ .../neutron/neutron-sfc-agent/Dockerfile | 6 + .../neutron/neutron-sfc-agent/extend_start.sh | 8 + .../neutron/neutron-sriov-agent/Dockerfile | 5 + .../neutron-vpnaas-agent/extend_start.sh | 8 + .../20.03-lts-sp2/nova/nova-api/Dockerfile | 10 + .../nova/nova-api/extend_start.sh | 23 + .../20.03-lts-sp2/nova/nova-base/Dockerfile | 18 + .../nova/nova-base/extend_start.sh | 10 + .../20.03-lts-sp2/nova/nova-base/nova_sudoers | 1 + .../nova/nova-compute-ironic/Dockerfile | 5 + .../nova/nova-compute/Dockerfile | 10 + .../nova/nova-compute/extend_start.sh | 5 + .../nova/nova-conductor/Dockerfile | 5 + .../nova/nova-consoleauth/Dockerfile | 5 + .../nova/nova-libvirt/Dockerfile | 12 + .../nova/nova-libvirt/extend_start.sh | 24 + .../nova/nova-novncproxy/Dockerfile | 5 + .../nova/nova-placement-api/Dockerfile | 10 + .../nova/nova-placement-api/extend_start.sh | 11 + .../nova/nova-scheduler/Dockerfile | 5 + .../nova/nova-serialproxy/Dockerfile | 5 + .../nova/nova-spicehtml5proxy/Dockerfile | 5 + .../20.03-lts-sp2/nova/nova-ssh/Dockerfile | 14 + .../nova/nova-ssh/extend_start.sh | 16 + .../novajoin/novajoin-base/Dockerfile | 11 + .../novajoin/novajoin-base/extend_start.sh | 10 + .../novajoin/novajoin-notifier/Dockerfile | 2 + .../novajoin/novajoin-server/Dockerfile | 2 + .../20.03-lts-sp2/openstack-base/Dockerfile | 9 + .../prometheus/prometheus-base/Dockerfile | 11 + .../prometheus-base/extend_start.sh | 9 + .../prometheus-haproxy-exporter/Dockerfile | 10 + .../queens/20.03-lts-sp2/rabbitmq/Dockerfile | 18 + .../20.03-lts-sp2/rabbitmq/extend_start.sh | 26 ++ .../rabbitmq/rabbitmq_get_gospel_node.py | 63 +++ .../20.03-lts-sp2/trove/trove-api/Dockerfile | 8 + .../trove/trove-api/extend_start.sh | 8 + .../20.03-lts-sp2/trove/trove-base/Dockerfile | 13 + .../trove/trove-base/extend_start.sh | 10 + .../trove/trove-conductor/Dockerfile | 5 + .../trove/trove-guestagent/Dockerfile | 5 + .../trove/trove-taskmanager/Dockerfile | 5 + kolla/rocky/20.03-lts-sp2/base/Dockerfile | 212 +++++++++ kolla/rocky/20.03-lts-sp2/base/curlrc | 4 + kolla/rocky/20.03-lts-sp2/base/kolla_bashrc | 5 + .../20.03-lts-sp2/base/openEuler-aarch64.repo | 17 + .../20.03-lts-sp2/base/openEuler-x86-64.repo | 17 + kolla/rocky/20.03-lts-sp2/base/set_configs.py | 428 ++++++++++++++++++ kolla/rocky/20.03-lts-sp2/base/start.sh | 18 + kolla/rocky/20.03-lts-sp2/base/sudoers | 18 + kolla/rocky/20.03-lts-sp2/chrony/Dockerfile | 11 + .../20.03-lts-sp2/chrony/extend_start.sh | 16 + .../cinder/cinder-api/Dockerfile | 12 + .../cinder/cinder-api/extend_start.sh | 31 ++ .../cinder/cinder-backup/Dockerfile | 5 + .../cinder/cinder-base/Dockerfile | 16 + .../cinder/cinder-base/cinder_sudoers | 1 + .../cinder/cinder-base/extend_start.sh | 10 + .../cinder/cinder-scheduler/Dockerfile | 3 + .../cinder/cinder-volume/Dockerfile | 14 + .../cinder/cinder-volume/cinder_sudoers | 5 + .../cinder/cinder-volume/extend_start.sh | 14 + kolla/rocky/20.03-lts-sp2/cron/Dockerfile | 4 + kolla/rocky/20.03-lts-sp2/dnsmasq/Dockerfile | 4 + .../glance/glance-api/Dockerfile | 6 + .../glance/glance-api/extend_start.sh | 27 ++ .../glance/glance-base/Dockerfile | 13 + .../glance/glance-base/extend_start.sh | 10 + .../glance/glance-registry/Dockerfile | 3 + kolla/rocky/20.03-lts-sp2/haproxy/Dockerfile | 14 + .../haproxy/ensure_latest_config.sh | 14 + kolla/rocky/20.03-lts-sp2/horizon/Dockerfile | 25 + .../20.03-lts-sp2/horizon/extend_start.sh | 360 +++++++++++++++ .../20.03-lts-sp2/ironic-inspector/Dockerfile | 14 + .../ironic-inspector/extend_start.sh | 17 + .../ironic-inspector/ironic_inspector_sudoers | 1 + .../ironic/ironic-api/Dockerfile | 11 + .../ironic/ironic-api/extend_start.sh | 32 ++ .../ironic/ironic-base/Dockerfile | 13 + .../ironic/ironic-base/extend_start.sh | 12 + .../ironic/ironic-base/ironic_sudoers | 1 + .../ironic/ironic-conductor/Dockerfile | 10 + .../ironic/ironic-conductor/extend_start.sh | 3 + .../ironic/ironic-conductor/iscsi_tcp_sudoers | 1 + .../ironic/ironic-pxe/Dockerfile | 14 + .../ironic/ironic-pxe/extend_start.sh | 51 +++ .../ironic/ironic-pxe/tftp-map-file | 4 + .../rocky/20.03-lts-sp2/keepalived/Dockerfile | 9 + .../20.03-lts-sp2/keepalived/check_alive.sh | 6 + .../20.03-lts-sp2/keepalived/extend_start.sh | 8 + .../keystone/keystone-base/Dockerfile | 16 + .../keystone/keystone-fernet/Dockerfile | 9 + .../keystone/keystone-fernet/extend_start.sh | 12 + .../keystone-fernet/fetch_fernet_tokens.py | 85 ++++ .../keystone-fernet/keystone_bootstrap.sh | 43 ++ .../keystone/keystone-ssh/Dockerfile | 14 + .../keystone/keystone-ssh/extend_start.sh | 16 + .../keystone/keystone/Dockerfile | 7 + .../keystone/keystone/extend_start.sh | 58 +++ .../keystone/keystone/keystone_bootstrap.sh | 57 +++ .../20.03-lts-sp2/kolla-toolbox/Dockerfile | 31 ++ .../20.03-lts-sp2/kolla-toolbox/ansible.cfg | 3 + .../kolla-toolbox/ansible_sudoers | 1 + .../20.03-lts-sp2/kolla-toolbox/find_disks.py | 360 +++++++++++++++ .../kolla-toolbox/kolla_keystone_service.py | 101 +++++ .../kolla-toolbox/kolla_keystone_user.py | 90 ++++ .../kolla-toolbox/kolla_sanity.py | 63 +++ kolla/rocky/20.03-lts-sp2/mariadb/Dockerfile | 21 + .../20.03-lts-sp2/mariadb/extend_start.sh | 56 +++ .../20.03-lts-sp2/mariadb/mariadb_sudoers | 1 + .../mariadb/security_reset.expect | 58 +++ .../rocky/20.03-lts-sp2/memcached/Dockerfile | 9 + .../rocky/20.03-lts-sp2/multipathd/Dockerfile | 7 + .../20.03-lts-sp2/multipathd/extend_start.sh | 2 + .../ironic-neutron-agent/Dockerfile | 3 + .../neutron/neutron-base/Dockerfile | 16 + .../neutron/neutron-base/extend_start.sh | 10 + .../neutron/neutron-base/neutron_sudoers | 2 + .../neutron/neutron-dhcp-agent/Dockerfile | 3 + .../neutron/neutron-l3-agent/Dockerfile | 5 + .../neutron-linuxbridge-agent/Dockerfile | 5 + .../neutron/neutron-metadata-agent/Dockerfile | 3 + .../neutron/neutron-metering-agent/Dockerfile | 5 + .../neutron-openvswitch-agent/Dockerfile | 5 + .../neutron/neutron-server/Dockerfile | 6 + .../neutron/neutron-server/extend_start.sh | 39 ++ .../neutron/neutron-sfc-agent/Dockerfile | 6 + .../neutron/neutron-sfc-agent/extend_start.sh | 8 + .../neutron/neutron-sriov-agent/Dockerfile | 5 + .../neutron-vpnaas-agent/extend_start.sh | 8 + .../20.03-lts-sp2/nova/nova-api/Dockerfile | 10 + .../nova/nova-api/extend_start.sh | 34 ++ .../20.03-lts-sp2/nova/nova-base/Dockerfile | 18 + .../nova/nova-base/extend_start.sh | 10 + .../20.03-lts-sp2/nova/nova-base/nova_sudoers | 1 + .../nova/nova-compute-ironic/Dockerfile | 5 + .../nova/nova-compute/Dockerfile | 9 + .../nova/nova-compute/extend_start.sh | 5 + .../nova/nova-conductor/Dockerfile | 5 + .../nova/nova-consoleauth/Dockerfile | 5 + .../nova/nova-libvirt/Dockerfile | 16 + .../nova/nova-libvirt/extend_start.sh | 24 + .../nova/nova-novncproxy/Dockerfile | 5 + .../nova/nova-placement-api/Dockerfile | 9 + .../nova/nova-placement-api/extend_start.sh | 11 + .../nova/nova-scheduler/Dockerfile | 5 + .../nova/nova-serialproxy/Dockerfile | 5 + .../nova/nova-spicehtml5proxy/Dockerfile | 5 + .../20.03-lts-sp2/nova/nova-ssh/Dockerfile | 14 + .../nova/nova-ssh/extend_start.sh | 16 + .../novajoin/novajoin-base/Dockerfile | 11 + .../novajoin/novajoin-base/extend_start.sh | 10 + .../novajoin/novajoin-notifier/Dockerfile | 1 + .../novajoin/novajoin-server/Dockerfile | 1 + .../20.03-lts-sp2/openstack-base/Dockerfile | 9 + .../prometheus/prometheus-base/Dockerfile | 10 + .../prometheus-base/extend_start.sh | 9 + .../prometheus-haproxy-exporter/Dockerfile | 10 + kolla/rocky/20.03-lts-sp2/rabbitmq/Dockerfile | 18 + .../20.03-lts-sp2/rabbitmq/extend_start.sh | 26 ++ .../rabbitmq/rabbitmq_get_gospel_node.py | 63 +++ .../20.03-lts-sp2/trove/trove-api/Dockerfile | 8 + .../trove/trove-api/extend_start.sh | 8 + .../20.03-lts-sp2/trove/trove-base/Dockerfile | 13 + .../trove/trove-base/extend_start.sh | 10 + .../trove/trove-conductor/Dockerfile | 5 + .../trove/trove-guestagent/Dockerfile | 5 + .../trove/trove-taskmanager/Dockerfile | 5 + 252 files changed, 6216 insertions(+) create mode 100644 kolla/queens/20.03-lts-sp2/base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/base/curlrc create mode 100644 kolla/queens/20.03-lts-sp2/base/kolla_bashrc create mode 100644 kolla/queens/20.03-lts-sp2/base/openEuler-aarch64.repo create mode 100644 kolla/queens/20.03-lts-sp2/base/openEuler-x86-64.repo create mode 100644 kolla/queens/20.03-lts-sp2/base/set_configs.py create mode 100644 kolla/queens/20.03-lts-sp2/base/start.sh create mode 100644 kolla/queens/20.03-lts-sp2/base/sudoers create mode 100644 kolla/queens/20.03-lts-sp2/chrony/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/chrony/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-api/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-api/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-backup/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-volume/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/cron/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/dnsmasq/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/glance/glance-api/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/glance/glance-api/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/glance/glance-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/glance/glance-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/glance/glance-registry/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/haproxy/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/haproxy/ensure_latest_config.sh create mode 100644 kolla/queens/20.03-lts-sp2/horizon/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/horizon/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/ironic-inspector/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/ironic-inspector/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-api/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-api/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file create mode 100644 kolla/queens/20.03-lts-sp2/keepalived/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/keepalived/check_alive.sh create mode 100644 kolla/queens/20.03-lts-sp2/keepalived/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/keystone/keystone/keystone_bootstrap.sh create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible.cfg create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/find_disks.py create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py create mode 100644 kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py create mode 100644 kolla/queens/20.03-lts-sp2/mariadb/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/mariadb/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/mariadb/mariadb_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/mariadb/security_reset.expect create mode 100644 kolla/queens/20.03-lts-sp2/memcached/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/multipathd/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/multipathd/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-server/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-server/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-api/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-api/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-base/nova_sudoers create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-compute/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-compute/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-conductor/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-libvirt/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-placement-api/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-scheduler/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-ssh/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/nova/nova-ssh/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/openstack-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/rabbitmq/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/rabbitmq/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-api/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-api/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-base/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-base/extend_start.sh create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-conductor/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-guestagent/Dockerfile create mode 100644 kolla/queens/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/base/curlrc create mode 100644 kolla/rocky/20.03-lts-sp2/base/kolla_bashrc create mode 100644 kolla/rocky/20.03-lts-sp2/base/openEuler-aarch64.repo create mode 100644 kolla/rocky/20.03-lts-sp2/base/openEuler-x86-64.repo create mode 100644 kolla/rocky/20.03-lts-sp2/base/set_configs.py create mode 100644 kolla/rocky/20.03-lts-sp2/base/start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/base/sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/chrony/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/chrony/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-api/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-api/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-backup/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/cron/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/dnsmasq/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/glance/glance-api/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/glance/glance-api/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/glance/glance-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/glance/glance-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/glance/glance-registry/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/haproxy/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/haproxy/ensure_latest_config.sh create mode 100644 kolla/rocky/20.03-lts-sp2/horizon/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/horizon/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/ironic-inspector/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/ironic-inspector/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-api/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-api/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file create mode 100644 kolla/rocky/20.03-lts-sp2/keepalived/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/keepalived/check_alive.sh create mode 100644 kolla/rocky/20.03-lts-sp2/keepalived/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/keystone/keystone/keystone_bootstrap.sh create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible.cfg create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/find_disks.py create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py create mode 100644 kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py create mode 100644 kolla/rocky/20.03-lts-sp2/mariadb/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/mariadb/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/mariadb/mariadb_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/mariadb/security_reset.expect create mode 100644 kolla/rocky/20.03-lts-sp2/memcached/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/multipathd/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/multipathd/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-server/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-server/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-api/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-api/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-base/nova_sudoers create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-compute/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-compute/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-conductor/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-scheduler/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-ssh/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/nova/nova-ssh/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/openstack-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/rabbitmq/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/rabbitmq/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-api/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-api/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-base/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-base/extend_start.sh create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-conductor/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-guestagent/Dockerfile create mode 100644 kolla/rocky/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile diff --git a/kolla/queens/20.03-lts-sp2/base/Dockerfile b/kolla/queens/20.03-lts-sp2/base/Dockerfile new file mode 100644 index 0000000..9a15d18 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/Dockerfile @@ -0,0 +1,206 @@ +FROM openeuler/openeuler:20.03-lts-sp2 + +ARG ARCH + +COPY openEuler-${ARCH}.repo /etc/yum.repos.d/openEuler.repo + +RUN yum install -y shadow-utils +RUN groupadd --force --gid 42475 almanach \ + && useradd -M --shell /usr/sbin/nologin --uid 42475 --gid 42475 almanach \ + && groupadd --force --gid 42401 ansible \ + && useradd -M --shell /usr/sbin/nologin --uid 42401 --gid 42401 ansible \ + && groupadd --force --gid 42402 aodh \ + && useradd -M --shell /usr/sbin/nologin --uid 42402 --gid 42402 aodh \ + && groupadd --force --gid 42403 barbican \ + && useradd -M --shell /usr/sbin/nologin --uid 42403 --gid 42403 barbican \ + && groupadd --force --gid 42404 bifrost \ + && useradd -M --shell /usr/sbin/nologin --uid 42404 --gid 42404 bifrost \ + && groupadd --force --gid 42471 blazar \ + && useradd -M --shell /usr/sbin/nologin --uid 42471 --gid 42471 blazar \ + && groupadd --force --gid 42405 ceilometer \ + && useradd -M --shell /usr/sbin/nologin --uid 42405 --gid 42405 ceilometer \ + && groupadd --force --gid 64045 ceph \ + && useradd -M --shell /usr/sbin/nologin --uid 64045 --gid 64045 ceph \ + && groupadd --force --gid 42406 chrony \ + && useradd -M --shell /usr/sbin/nologin --uid 42406 --gid 42406 chrony \ + && groupadd --force --gid 42407 cinder \ + && useradd -M --shell /usr/sbin/nologin --uid 42407 --gid 42407 cinder \ + && groupadd --force --gid 42408 cloudkitty \ + && useradd -M --shell /usr/sbin/nologin --uid 42408 --gid 42408 cloudkitty \ + && groupadd --force --gid 42409 collectd \ + && useradd -M --shell /usr/sbin/nologin --uid 42409 --gid 42409 collectd \ + && groupadd --force --gid 42410 congress \ + && useradd -M --shell /usr/sbin/nologin --uid 42410 --gid 42410 congress \ + && groupadd --force --gid 42411 designate \ + && useradd -M --shell /usr/sbin/nologin --uid 42411 --gid 42411 designate \ + && groupadd --force --gid 42464 dragonflow \ + && useradd -M --shell /usr/sbin/nologin --uid 42464 --gid 42464 dragonflow \ + && groupadd --force --gid 42466 ec2api \ + && useradd -M --shell /usr/sbin/nologin --uid 42466 --gid 42466 ec2api \ + && groupadd --force --gid 42412 elasticsearch \ + && useradd -M --shell /usr/sbin/nologin --uid 42412 --gid 42412 elasticsearch \ + && groupadd --force --gid 42413 etcd \ + && useradd -M --shell /usr/sbin/nologin --uid 42413 --gid 42413 etcd \ + && groupadd --force --gid 42474 fluentd \ + && useradd -M --shell /usr/sbin/nologin --uid 42474 --gid 42474 fluentd \ + && groupadd --force --gid 42414 freezer \ + && useradd -M --shell /usr/sbin/nologin --uid 42414 --gid 42414 freezer \ + && groupadd --force --gid 42415 glance \ + && useradd -M --shell /usr/sbin/nologin --uid 42415 --gid 42415 glance \ + && groupadd --force --gid 42416 gnocchi \ + && useradd -M --shell /usr/sbin/nologin --uid 42416 --gid 42416 gnocchi \ + && groupadd --force --gid 42417 grafana \ + && useradd -M --shell /usr/sbin/nologin --uid 42417 --gid 42417 grafana \ + && groupadd --force --gid 42454 haproxy \ + && useradd -M --shell /usr/sbin/nologin --uid 42454 --gid 42454 haproxy \ + && groupadd --force --gid 42418 heat \ + && useradd -M --shell /usr/sbin/nologin --uid 42418 --gid 42418 heat \ + && groupadd --force --gid 42420 horizon \ + && useradd -M --shell /usr/sbin/nologin --uid 42420 --gid 42420 horizon \ + && groupadd --force --gid 42477 hugetlbfs \ + && useradd -M --shell /usr/sbin/nologin --uid 42477 --gid 42477 hugetlbfs \ + && groupadd --force --gid 42421 influxdb \ + && useradd -M --shell /usr/sbin/nologin --uid 42421 --gid 42421 influxdb \ + && groupadd --force --gid 42422 ironic \ + && useradd -M --shell /usr/sbin/nologin --uid 42422 --gid 42422 ironic \ + && groupadd --force --gid 42461 ironic-inspector \ + && useradd -M --shell /usr/sbin/nologin --uid 42461 --gid 42461 ironic-inspector \ + && groupadd --force --gid 42423 kafka \ + && useradd -M --shell /usr/sbin/nologin --uid 42423 --gid 42423 kafka \ + && groupadd --force --gid 42458 karbor \ + && useradd -M --shell /usr/sbin/nologin --uid 42458 --gid 42458 karbor \ + && groupadd --force --gid 42425 keystone \ + && useradd -M --shell /usr/sbin/nologin --uid 42425 --gid 42425 keystone \ + && groupadd --force --gid 42426 kibana \ + && useradd -M --shell /usr/sbin/nologin --uid 42426 --gid 42426 kibana \ + && groupadd --force --gid 42400 kolla \ + && useradd -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla \ + && groupadd --force --gid 42469 kuryr \ + && useradd -M --shell /usr/sbin/nologin --uid 42469 --gid 42469 kuryr \ + && groupadd --force --gid 42473 libvirt \ + && useradd -M --shell /usr/sbin/nologin --uid 42473 --gid 42473 libvirt \ + && groupadd --force --gid 42428 magnum \ + && useradd -M --shell /usr/sbin/nologin --uid 42428 --gid 42428 magnum \ + && groupadd --force --gid 42429 manila \ + && useradd -M --shell /usr/sbin/nologin --uid 42429 --gid 42429 manila \ + && groupadd --force --gid 42457 memcached \ + && useradd -M --shell /usr/sbin/nologin --uid 42457 --gid 42457 memcached \ + && groupadd --force --gid 42430 mistral \ + && useradd -M --shell /usr/sbin/nologin --uid 42430 --gid 42430 mistral \ + && groupadd --force --gid 42431 monasca \ + && useradd -M --shell /usr/sbin/nologin --uid 42431 --gid 42431 monasca \ + && groupadd --force --gid 65534 mongodb \ + && useradd -M --shell /usr/sbin/nologin --uid 42432 --gid 65534 mongodb \ + && groupadd --force --gid 42433 murano \ + && useradd -M --shell /usr/sbin/nologin --uid 42433 --gid 42433 murano \ + && groupadd --force --gid 42434 mysql \ + && useradd -M --shell /usr/sbin/nologin --uid 42434 --gid 42434 mysql \ + && groupadd --force --gid 42435 neutron \ + && useradd -M --shell /usr/sbin/nologin --uid 42435 --gid 42435 neutron \ + && groupadd --force --gid 42436 nova \ + && useradd -M --shell /usr/sbin/nologin --uid 42436 --gid 42436 nova \ + && groupadd --force --gid 42470 novajoin \ + && useradd -M --shell /usr/sbin/nologin --uid 42470 --gid 42470 novajoin \ + && groupadd --force --gid 42437 octavia \ + && useradd -M --shell /usr/sbin/nologin --uid 42437 --gid 42437 octavia \ + && groupadd --force --gid 42462 odl \ + && useradd -M --shell /usr/sbin/nologin --uid 42462 --gid 42462 odl \ + && groupadd --force --gid 42476 openvswitch \ + && useradd -M --shell /usr/sbin/nologin --uid 42476 --gid 42476 openvswitch \ + && groupadd --force --gid 42438 panko \ + && useradd -M --shell /usr/sbin/nologin --uid 42438 --gid 42438 panko \ + && groupadd --force --gid 42472 prometheus \ + && useradd -M --shell /usr/sbin/nologin --uid 42472 --gid 42472 prometheus \ + && groupadd --force --gid 42465 qdrouterd \ + && useradd -M --shell /usr/sbin/nologin --uid 42465 --gid 42465 qdrouterd \ + && groupadd --force --gid 42427 qemu \ + && useradd -M --shell /usr/sbin/nologin --uid 42427 --gid 42427 qemu \ + && groupadd --force --gid 42439 rabbitmq \ + && useradd -M --shell /usr/sbin/nologin --uid 42439 --gid 42439 rabbitmq \ + && groupadd --force --gid 42440 rally \ + && useradd -M --shell /usr/sbin/nologin --uid 42440 --gid 42440 rally \ + && groupadd --force --gid 42460 redis \ + && useradd -M --shell /usr/sbin/nologin --uid 42460 --gid 42460 redis \ + && groupadd --force --gid 42441 sahara \ + && useradd -M --shell /usr/sbin/nologin --uid 42441 --gid 42441 sahara \ + && groupadd --force --gid 42442 searchlight \ + && useradd -M --shell /usr/sbin/nologin --uid 42442 --gid 42442 searchlight \ + && groupadd --force --gid 42443 senlin \ + && useradd -M --shell /usr/sbin/nologin --uid 42443 --gid 42443 senlin \ + && groupadd --force --gid 42467 sensu \ + && useradd -M --shell /usr/sbin/nologin --uid 42467 --gid 42467 sensu \ + && groupadd --force --gid 42468 skydive \ + && useradd -M --shell /usr/sbin/nologin --uid 42468 --gid 42468 skydive \ + && groupadd --force --gid 42444 solum \ + && useradd -M --shell /usr/sbin/nologin --uid 42444 --gid 42444 solum \ + && groupadd --force --gid 42445 swift \ + && useradd -M --shell /usr/sbin/nologin --uid 42445 --gid 42445 swift \ + && groupadd --force --gid 42446 tacker \ + && useradd -M --shell /usr/sbin/nologin --uid 42446 --gid 42446 tacker \ + && groupadd --force --gid 42447 td-agent \ + && useradd -M --shell /usr/sbin/nologin --uid 42447 --gid 42447 td-agent \ + && groupadd --force --gid 42448 telegraf \ + && useradd -M --shell /usr/sbin/nologin --uid 42448 --gid 42448 telegraf \ + && groupadd --force --gid 42449 trove \ + && useradd -M --shell /usr/sbin/nologin --uid 42449 --gid 42449 trove \ + && groupadd --force --gid 42459 vitrage \ + && useradd -M --shell /usr/sbin/nologin --uid 42459 --gid 42459 vitrage \ + && groupadd --force --gid 42450 vmtp \ + && useradd -M --shell /usr/sbin/nologin --uid 42450 --gid 42450 vmtp \ + && groupadd --force --gid 42451 watcher \ + && useradd -M --shell /usr/sbin/nologin --uid 42451 --gid 42451 watcher \ + && groupadd --force --gid 42452 zaqar \ + && useradd -M --shell /usr/sbin/nologin --uid 42452 --gid 42452 zaqar \ + && groupadd --force --gid 42453 zookeeper \ + && useradd -M --shell /usr/sbin/nologin --uid 42453 --gid 42453 zookeeper \ + && groupadd --force --gid 42463 zun \ + && useradd -M --shell /usr/sbin/nologin --uid 42463 --gid 42463 zun + +ENV KOLLA_BASE_DISTRO=openeuler \ + KOLLA_INSTALL_TYPE=binary \ + KOLLA_INSTALL_METATYPE=rdo + +COPY kolla_bashrc /tmp/ +RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \ + && cat /tmp/kolla_bashrc >> /root/.bashrc + +ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ " + +RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \ + if [ $CURRENT_DISTRO_RELEASE != "20" ]; then \ + echo "Only release '20' is supported on openeuler"; false; \ + fi \ + && cat /tmp/kolla_bashrc >> /etc/bashrc \ + && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/yum.conf + +RUN yum -y install \ + tar \ + util-linux-user \ + && yum clean all \ + && rm -rf /var/cache/yum + +RUN yum -y install openEuler-rpm-config iproute iscsi-initiator-utils lvm2 python scsi-target-utils socat sudo which && yum clean all && rm -rf /var/cache/yum + +COPY set_configs.py /usr/local/bin/kolla_set_configs +COPY start.sh /usr/local/bin/kolla_start +COPY sudoers /etc/sudoers +COPY curlrc /root/.curlrc + +RUN yum -y install gcc glibc-static && yum clean all && rm -rf /var/cache/yum +RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py \ + && python get-pip.py \ + && rm get-pip.py \ + && pip --no-cache-dir install --prefix='/usr/local' dumb-init==1.1.3 \ + && chmod +x /usr/local/bin/dumb-init + +ENTRYPOINT ["dumb-init", "--single-child", "--"] + +RUN touch /usr/local/bin/kolla_extend_start \ + && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs \ + && chmod 440 /etc/sudoers \ + && mkdir -p /var/log/kolla \ + && chown :kolla /var/log/kolla \ + && chmod 2775 /var/log/kolla \ + && rm -f /tmp/kolla_bashrc + +CMD ["kolla_start"] diff --git a/kolla/queens/20.03-lts-sp2/base/curlrc b/kolla/queens/20.03-lts-sp2/base/curlrc new file mode 100644 index 0000000..903967b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/curlrc @@ -0,0 +1,4 @@ +# curl default options +--silent +--show-error +--write-out "curl (%{url_effective}): response: %{http_code}, time: %{time_total}, size: %{size_download}\n" diff --git a/kolla/queens/20.03-lts-sp2/base/kolla_bashrc b/kolla/queens/20.03-lts-sp2/base/kolla_bashrc new file mode 100644 index 0000000..09b19cc --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/kolla_bashrc @@ -0,0 +1,5 @@ +#### Custom data added by Kolla +_KBOLD="\[$(tput bold)\]" +_KRESET="\[$(tput sgr0)\]" + +PS1="${_KBOLD}(${KOLLA_SERVICE_NAME})${_KRESET}[\u@\h \W]\\$ " diff --git a/kolla/queens/20.03-lts-sp2/base/openEuler-aarch64.repo b/kolla/queens/20.03-lts-sp2/base/openEuler-aarch64.repo new file mode 100644 index 0000000..9bd9216 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/openEuler-aarch64.repo @@ -0,0 +1,17 @@ +[Everything] +name=everything +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/everything/aarch64/ +gpgcheck=0 +enabled=1 + +[EPOL] +name=EPOL +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/main/aarch64/ +gpgcheck=0 +enabled=1 + +[openstack_queens] +name=OpenStack_Queens +baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/aarch64/ +gpgcheck=0 +enabled=1 \ No newline at end of file diff --git a/kolla/queens/20.03-lts-sp2/base/openEuler-x86-64.repo b/kolla/queens/20.03-lts-sp2/base/openEuler-x86-64.repo new file mode 100644 index 0000000..57ce76b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/openEuler-x86-64.repo @@ -0,0 +1,17 @@ +[Everything] +name=everything +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/everything/x86_64/ +gpgcheck=0 +enabled=1 + +[EPOL] +name=EPOL +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/main/x86_64/ +gpgcheck=0 +enabled=1 + +[openstack_queens] +name=OpenStack_Queens +baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/x86_64/ +gpgcheck=0 +enabled=1 \ No newline at end of file diff --git a/kolla/queens/20.03-lts-sp2/base/set_configs.py b/kolla/queens/20.03-lts-sp2/base/set_configs.py new file mode 100644 index 0000000..65ce210 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/set_configs.py @@ -0,0 +1,422 @@ +#!/usr/bin/env python + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import glob +import grp +import json +import logging +import os +import pwd +import shutil +import sys + + +# TODO(rhallisey): add docstring. +logging.basicConfig() +LOG = logging.getLogger(__name__) +LOG.setLevel(logging.INFO) + + +class ExitingException(Exception): + def __init__(self, message, exit_code=1): + super(ExitingException, self).__init__(message) + self.exit_code = exit_code + + +class ImmutableConfig(ExitingException): + pass + + +class InvalidConfig(ExitingException): + pass + + +class MissingRequiredSource(ExitingException): + pass + + +class UserNotFound(ExitingException): + pass + + +class ConfigFileBadState(ExitingException): + pass + + +class ConfigFile(object): + + def __init__(self, source, dest, owner=None, perm=None, optional=False, + preserve_properties=False, merge=False): + self.source = source + self.dest = dest + self.owner = owner + self.perm = perm + self.optional = optional + self.merge = merge + self.preserve_properties = preserve_properties + + def __str__(self): + return ''.format(self.source, + self.dest) + + def _copy_file(self, source, dest): + self._delete_path(dest) + # dest endswith / means copy the to folder + LOG.info('Copying %s to %s', source, dest) + if self.merge and self.preserve_properties and os.path.islink(source): + link_target = os.readlink(source) + os.symlink(link_target, dest) + else: + shutil.copy(source, dest) + self._set_properties(source, dest) + + def _merge_directories(self, source, dest): + if os.path.isdir(source): + if os.path.lexists(dest) and not os.path.isdir(dest): + self._delete_path(dest) + if not os.path.isdir(dest): + LOG.info('Creating directory %s', dest) + os.makedirs(dest) + self._set_properties(source, dest) + + dir_content = os.listdir(source) + for to_copy in dir_content: + self._merge_directories(os.path.join(source, to_copy), + os.path.join(dest, to_copy)) + else: + self._copy_file(source, dest) + + def _delete_path(self, path): + if not os.path.lexists(path): + return + LOG.info('Deleting %s', path) + if os.path.isdir(path): + shutil.rmtree(path) + else: + os.remove(path) + + def _create_parent_dirs(self, path): + parent_path = os.path.dirname(path) + if not os.path.exists(parent_path): + os.makedirs(parent_path) + + def _set_properties(self, source, dest): + if self.preserve_properties: + self._set_properties_from_file(source, dest) + else: + self._set_properties_from_conf(dest) + + def _set_properties_from_file(self, source, dest): + shutil.copystat(source, dest) + stat = os.stat(source) + os.chown(dest, stat.st_uid, stat.st_gid) + + def _set_properties_from_conf(self, path): + config = {'permissions': + [{'owner': self.owner, 'path': path, 'perm': self.perm}]} + handle_permissions(config) + + def copy(self): + + sources = glob.glob(self.source) + + if not self.optional and not sources: + raise MissingRequiredSource('%s file is not found' % self.source) + # skip when there is no sources and optional + elif self.optional and not sources: + return + + for source in sources: + dest = self.dest + # dest endswith / means copy the into folder, + # otherwise means copy the source to dest + if dest.endswith(os.sep): + dest = os.path.join(dest, os.path.basename(source)) + if not self.merge: + self._delete_path(dest) + self._create_parent_dirs(dest) + self._merge_directories(source, dest) + + def _cmp_file(self, source, dest): + # check exsit + if (os.path.exists(source) and + not self.optional and + not os.path.exists(dest)): + return False + # check content + with open(source) as f1, open(dest) as f2: + if f1.read() != f2.read(): + LOG.error('The content of source file(%s) and' + ' dest file(%s) are not equal.', source, dest) + return False + # check perm + file_stat = os.stat(dest) + actual_perm = oct(file_stat.st_mode)[-4:] + if self.perm != actual_perm: + LOG.error('Dest file does not have expected perm: %s, actual: %s', + self.perm, actual_perm) + return False + # check owner + desired_user, desired_group = user_group(self.owner) + actual_user = pwd.getpwuid(file_stat.st_uid) + if actual_user.pw_name != desired_user: + LOG.error('Dest file does not have expected user: %s,' + ' actual: %s ', desired_user, actual_user.pw_name) + return False + actual_group = grp.getgrgid(file_stat.st_gid) + if actual_group.gr_name != desired_group: + LOG.error('Dest file does not have expected group: %s,' + ' actual: %s ', desired_group, actual_group.gr_name) + return False + return True + + def _cmp_dir(self, source, dest): + for root, dirs, files in os.walk(source): + for dir_ in dirs: + full_path = os.path.join(root, dir_) + dest_full_path = os.path.join(dest, os.path.relpath(source, + full_path)) + dir_stat = os.stat(dest_full_path) + actual_perm = oct(dir_stat.st_mode)[-4:] + if self.perm != actual_perm: + LOG.error('Dest dir does not have expected perm: %s,' + ' actual %s', self.perm, actual_perm) + return False + for file_ in files: + full_path = os.path.join(root, file_) + dest_full_path = os.path.join(dest, os.path.relpath(source, + full_path)) + if not self._cmp_file(full_path, dest_full_path): + return False + return True + + def check(self): + bad_state_files = [] + sources = glob.glob(self.source) + + if not sources and not self.optional: + raise MissingRequiredSource('%s file is not found' % self.source) + elif self.optional and not sources: + return + + for source in sources: + dest = self.dest + # dest endswith / means copy the into folder, + # otherwise means copy the source to dest + if dest.endswith(os.sep): + dest = os.path.join(dest, os.path.basename(source)) + if os.path.isdir(source) and not self._cmp_dir(source, dest): + bad_state_files.append(source) + elif not self._cmp_file(source, dest): + bad_state_files.append(source) + if len(bad_state_files) != 0: + msg = 'Following files are in bad state: %s' % bad_state_files + raise ConfigFileBadState(msg) + + +def validate_config(config): + required_keys = {'source', 'dest'} + + if 'command' not in config: + raise InvalidConfig('Config is missing required "command" key') + + # Validate config sections + for data in config.get('config_files', list()): + # Verify required keys exist. + if not data.viewkeys() >= required_keys: + message = 'Config is missing required keys: %s' % required_keys + raise InvalidConfig(message) + if ('owner' not in data or 'perm' not in data) \ + and not data.get('preserve_properties', False): + raise InvalidConfig( + 'Config needs preserve_properties or owner and perm') + + +def validate_source(data): + source = data.get('source') + + # Only check existence if no wildcard found + if '*' not in source: + if not os.path.exists(source): + if data.get('optional'): + LOG.info("%s does not exist, but is not required", source) + return False + else: + raise MissingRequiredSource( + "The source to copy does not exist: %s" % source) + + return True + + +def load_config(): + def load_from_env(): + config_raw = os.environ.get("KOLLA_CONFIG") + if config_raw is None: + return None + + # Attempt to read config + try: + return json.loads(config_raw) + except ValueError: + raise InvalidConfig('Invalid json for Kolla config') + + def load_from_file(): + config_file = os.environ.get("KOLLA_CONFIG_FILE") + if not config_file: + config_file = '/var/lib/kolla/config_files/config.json' + LOG.info("Loading config file at %s", config_file) + + # Attempt to read config file + with open(config_file) as f: + try: + return json.load(f) + except ValueError: + raise InvalidConfig( + "Invalid json file found at %s" % config_file) + except IOError as e: + raise InvalidConfig( + "Could not read file %s: %r" % (config_file, e)) + + config = load_from_env() + if config is None: + config = load_from_file() + + LOG.info('Validating config file') + validate_config(config) + return config + + +def copy_config(config): + if 'config_files' in config: + LOG.info('Copying service configuration files') + for data in config['config_files']: + config_file = ConfigFile(**data) + config_file.copy() + else: + LOG.debug('No files to copy found in config') + + LOG.info('Writing out command to execute') + LOG.debug("Command is: %s", config['command']) + # The value from the 'command' key will be written to '/run_command' + with open('/run_command', 'w+') as f: + f.write(config['command']) + + +def user_group(owner): + if ':' in owner: + user, group = owner.split(':', 1) + if not group: + group = user + else: + user, group = owner, owner + return user, group + + +def handle_permissions(config): + for permission in config.get('permissions', list()): + path = permission.get('path') + owner = permission.get('owner') + recurse = permission.get('recurse', False) + perm = permission.get('perm') + + desired_user, desired_group = user_group(owner) + uid = pwd.getpwnam(desired_user).pw_uid + gid = grp.getgrnam(desired_group).gr_gid + + def set_perms(path, uid, gid, perm): + LOG.info('Setting permission for %s', path) + if not os.path.exists(path): + LOG.warning('%s does not exist', path) + return + + try: + os.chown(path, uid, gid) + except OSError: + LOG.exception('Failed to change ownership of %s to %s:%s', + path, uid, gid) + + if perm: + # NOTE(Jeffrey4l): py3 need '0oXXX' format for octal literals, + # and py2 support such format too. + if len(perm) == 4 and perm[1] != 'o': + perm = ''.join([perm[:1], 'o', perm[1:]]) + perm = int(perm, base=0) + + try: + os.chmod(path, perm) + except OSError: + LOG.exception('Failed to set permission of %s to %s', + path, perm) + + for dest in glob.glob(path): + set_perms(dest, uid, gid, perm) + if recurse and os.path.isdir(dest): + for root, dirs, files in os.walk(dest): + for dir_ in dirs: + set_perms(os.path.join(root, dir_), uid, gid, perm) + for file_ in files: + set_perms(os.path.join(root, file_), uid, gid, perm) + + +def execute_config_strategy(config): + config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY") + LOG.info("Kolla config strategy set to: %s", config_strategy) + if config_strategy == "COPY_ALWAYS": + copy_config(config) + handle_permissions(config) + elif config_strategy == "COPY_ONCE": + if os.path.exists('/configured'): + raise ImmutableConfig( + "The config strategy prevents copying new configs", + exit_code=0) + else: + copy_config(config) + handle_permissions(config) + os.mknod('/configured') + else: + raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly') + + +def execute_config_check(config): + for data in config['config_files']: + config_file = ConfigFile(**data) + config_file.check() + + +def main(): + try: + parser = argparse.ArgumentParser() + parser.add_argument('--check', + action='store_true', + required=False, + help='Check whether the configs changed') + args = parser.parse_args() + config = load_config() + + if args.check: + execute_config_check(config) + else: + execute_config_strategy(config) + except ExitingException as e: + LOG.error("%s: %s", e.__class__.__name__, e) + return e.exit_code + except Exception: + LOG.exception('Unexpected error:') + return 2 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/kolla/queens/20.03-lts-sp2/base/start.sh b/kolla/queens/20.03-lts-sp2/base/start.sh new file mode 100644 index 0000000..34a6e53 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/start.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -o errexit +set -o xtrace + +# Processing /var/lib/kolla/config_files/config.json as root. This is necessary +# to permit certain files to be controlled by the root user which should +# not be writable by the dropped-privileged user, especially /run_command +sudo -E kolla_set_configs +CMD=$(cat /run_command) +ARGS="" + +if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then + # Run additional commands if present + . kolla_extend_start +fi + +echo "Running command: '${CMD}${ARGS:+ $ARGS}'" +exec ${CMD} ${ARGS} diff --git a/kolla/queens/20.03-lts-sp2/base/sudoers b/kolla/queens/20.03-lts-sp2/base/sudoers new file mode 100644 index 0000000..76baefc --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/base/sudoers @@ -0,0 +1,18 @@ +# The idea here is a container service adds their UID to the kolla group +# via usermod -a -G kolla . Then the kolla_start may run +# kolla_set_configs via sudo as the root user which is necessary to protect +# the immutability of the container + +# anyone in the kolla group may sudo -E (set the environment) +Defaults: %kolla setenv + +# root may run any commands via sudo as the network seervice user. This is +# neededfor database migrations of existing services which have not been +# converted to run as a non-root user, but instead do that via sudo -E glance +root ALL=(ALL) ALL + +# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the +# root user via sudo without password confirmation +%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs + +#includedir /etc/sudoers.d diff --git a/kolla/queens/20.03-lts-sp2/chrony/Dockerfile b/kolla/queens/20.03-lts-sp2/chrony/Dockerfile new file mode 100644 index 0000000..5489ee4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/chrony/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/chrony --groups kolla chrony \ + && mkdir -p /var/lib/chrony \ + && chown -R 42406:42406 /var/lib/chrony + +RUN yum -y install chrony && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/chrony/extend_start.sh b/kolla/queens/20.03-lts-sp2/chrony/extend_start.sh new file mode 100644 index 0000000..bc28e56 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/chrony/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +rm -f /var/run/chronyd.pid + +CHRONY_LOG_DIR="/var/log/kolla/chrony" +if [[ ! -d "${CHRONY_LOG_DIR}" ]]; then + mkdir -p ${CHRONY_LOG_DIR} +fi + +if [[ $(stat -c %a ${CHRONY_LOG_DIR}) != "755" ]]; then + chmod 755 /var/log/kolla/chrony +fi + +if [[ $(stat -c %U:%G ${CHRONY_LOG_DIR}) != "chrony:chrony" ]]; then + chown chrony:chrony ${CHRONY_LOG_DIR} +fi diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-api/Dockerfile b/kolla/queens/20.03-lts-sp2/cinder/cinder-api/Dockerfile new file mode 100644 index 0000000..3cc2301 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-api/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-cinder-base:queens-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi python2-keystone && yum clean all && rm -rf /var/cache/yum +RUN mkdir -p /var/www/cgi-bin/cinder \ + && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi \ + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start +RUN chmod 755 /usr/local/bin/kolla_cinder_extend_start \ + && chown -R cinder: /var/www/cgi-bin/cinder \ + && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi + diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-api/extend_start.sh b/kolla/queens/20.03-lts-sp2/cinder/cinder-api/extend_start.sh new file mode 100644 index 0000000..7fef260 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-api/extend_start.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -o errexit + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + cinder-manage db sync + exit 0 +fi + +if [[ "${!KOLLA_OSM[@]}" ]]; then + if [[ -z ${MAX_NUMBER} ]]; then + cinder-manage db online_data_migrations --max_count ${MAX_NUMBER} + else + cinder-manage db online_data_migrations + fi + exit 0 +fi + +# Assume the service runs on top of Apache when user is root +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* + else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + fi +fi diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-backup/Dockerfile b/kolla/queens/20.03-lts-sp2/cinder/cinder-backup/Dockerfile new file mode 100644 index 0000000..5192a4b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-backup/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-cinder-base:queens-20.03-lts-sp2 + +RUN yum -y install nfs-utils && yum clean all && rm -rf /var/cache/yum + +USER cinder diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-base/Dockerfile b/kolla/queens/20.03-lts-sp2/cinder/cinder-base/Dockerfile new file mode 100644 index 0000000..8629aa5 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-base/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/cinder --groups kolla cinder \ + && mkdir -p /var/lib/cinder \ + && chown -R 42407:42407 /var/lib/cinder + +RUN yum -y install ceph-common lvm2 cryptsetup openstack-cinder python2-automaton python2-oslo-vmware && yum clean all && rm -rf /var/cache/yum + +COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \ + && touch /usr/local/bin/kolla_cinder_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cinder_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers b/kolla/queens/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers new file mode 100644 index 0000000..3750f31 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers @@ -0,0 +1 @@ +cinder ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf * diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/cinder/cinder-base/extend_start.sh new file mode 100644 index 0000000..21fae59 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/cinder" ]]; then + mkdir -p /var/log/kolla/cinder +fi +if [[ $(stat -c %a /var/log/kolla/cinder) != "755" ]]; then + chmod 755 /var/log/kolla/cinder +fi + +. /usr/local/bin/kolla_cinder_extend_start diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile b/kolla/queens/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile new file mode 100644 index 0000000..339d8bd --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-cinder-base:queens-20.03-lts-sp2 + +USER cinder diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/Dockerfile b/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/Dockerfile new file mode 100644 index 0000000..e53224f --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-cinder-base:queens-20.03-lts-sp2 + +RUN yum -y install nfs-utils python2-rtslib-fb scsi-target-utils sysfsutils && yum clean all && rm -rf /var/cache/yum +RUN sed -i '1 i include /var/lib/cinder/volumes/*' /etc/tgt/tgtd.conf + +COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_volume_sudoers +COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start + +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_cinder_volume_sudoers \ + && chmod 755 /usr/local/bin/kolla_cinder_extend_start + +USER cinder diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers b/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers new file mode 100644 index 0000000..f3bec8b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers @@ -0,0 +1,5 @@ +cinder ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf * +%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /var/lib/cinder, /usr/bin/chown -R cinder\:kolla /var/lib/cinder +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /var/lib/cinder, /usr/bin/chmod 2775 /var/lib/cinder +%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /etc/iscsi, /usr/bin/chown -R cinder\:kolla /etc/iscsi +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /etc/iscsi, /usr/bin/chmod 2775 /etc/iscsi diff --git a/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh b/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh new file mode 100644 index 0000000..67e8661 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [[ $(stat -c %U:%G /var/lib/cinder) != "cinder:kolla" ]]; then + sudo chown -R cinder:kolla /var/lib/cinder +fi +if [[ $(stat -c %a /var/lib/cinder) != "2775" ]]; then + sudo chmod 2775 /var/lib/cinder +fi +if [[ $(stat -c %U:%G /etc/iscsi) != "cinder:kolla" ]]; then + sudo chown -R cinder:kolla /etc/iscsi +fi +if [[ $(stat -c %a /etc/iscsi) != "2775" ]]; then + sudo chmod 2775 /etc/iscsi +fi diff --git a/kolla/queens/20.03-lts-sp2/cron/Dockerfile b/kolla/queens/20.03-lts-sp2/cron/Dockerfile new file mode 100644 index 0000000..5e6c4cb --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/cron/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 +RUN yum -y install cronie logrotate && yum clean all && rm -rf /var/cache/yum + diff --git a/kolla/queens/20.03-lts-sp2/dnsmasq/Dockerfile b/kolla/queens/20.03-lts-sp2/dnsmasq/Dockerfile new file mode 100644 index 0000000..8ab54b8 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/dnsmasq/Dockerfile @@ -0,0 +1,4 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN yum -y install dnsmasq && yum clean all && rm -rf /var/cache/yum + diff --git a/kolla/queens/20.03-lts-sp2/glance/glance-api/Dockerfile b/kolla/queens/20.03-lts-sp2/glance/glance-api/Dockerfile new file mode 100644 index 0000000..7995831 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/glance/glance-api/Dockerfile @@ -0,0 +1,8 @@ +FROM openeuler/openeuler-binary-glance-base:queens-20.03-lts-sp2 + +RUN yum -y install qemu-img && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_glance_extend_start +RUN chmod 755 /usr/local/bin/kolla_glance_extend_start + +USER glance diff --git a/kolla/queens/20.03-lts-sp2/glance/glance-api/extend_start.sh b/kolla/queens/20.03-lts-sp2/glance/glance-api/extend_start.sh new file mode 100644 index 0000000..3d8d7f5 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/glance/glance-api/extend_start.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + glance-manage db_sync + glance-manage db_load_metadefs + exit 0 +fi diff --git a/kolla/queens/20.03-lts-sp2/glance/glance-base/Dockerfile b/kolla/queens/20.03-lts-sp2/glance/glance-base/Dockerfile new file mode 100644 index 0000000..444d8d5 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/glance/glance-base/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/glance --groups kolla glance \ + && mkdir -p /var/lib/glance \ + && chown -R 42415:42415 /var/lib/glance + +RUN yum -y install openstack-glance python2-oslo-vmware python-rados python-rbd && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_glance_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/glance/glance-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/glance/glance-base/extend_start.sh new file mode 100644 index 0000000..4f5f5ec --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/glance/glance-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/glance" ]]; then + mkdir -p /var/log/kolla/glance +fi +if [[ $(stat -c %a /var/log/kolla/glance) != "755" ]]; then + chmod 755 /var/log/kolla/glance +fi + +. /usr/local/bin/kolla_glance_extend_start diff --git a/kolla/queens/20.03-lts-sp2/glance/glance-registry/Dockerfile b/kolla/queens/20.03-lts-sp2/glance/glance-registry/Dockerfile new file mode 100644 index 0000000..af906b9 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/glance/glance-registry/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-glance-base:queens-20.03-lts-sp2 + +USER glance diff --git a/kolla/queens/20.03-lts-sp2/haproxy/Dockerfile b/kolla/queens/20.03-lts-sp2/haproxy/Dockerfile new file mode 100644 index 0000000..b648d8c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/haproxy/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/haproxy --groups kolla haproxy \ + && mkdir -p /var/lib/haproxy \ + && chown -R 42454:42454 /var/lib/haproxy + +RUN yum -y install haproxy && yum clean all && rm -rf /var/cache/yum + +RUN mkdir -p /var/lib/kolla/haproxy \ + && chown -R haproxy: /var/lib /run + +COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config +RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config diff --git a/kolla/queens/20.03-lts-sp2/haproxy/ensure_latest_config.sh b/kolla/queens/20.03-lts-sp2/haproxy/ensure_latest_config.sh new file mode 100644 index 0000000..4b84f3a --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/haproxy/ensure_latest_config.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -o errexit + +CURRENT_CONFIG_HASH=$(sha1sum /etc/haproxy/haproxy.cfg | cut -f1 -d' ') +NEW_CONFIG_HASH=$(sha1sum /var/lib/kolla/config_files/haproxy.cfg | cut -f1 -d' ') + +if [[ $CURRENT_CONFIG_HASH != $NEW_CONFIG_HASH ]]; then + changed=changed + python /usr/local/bin/kolla_set_configs + kill -USR2 $(pgrep -f /usr/sbin/haproxy-systemd-wrapper) +fi + +echo $changed diff --git a/kolla/queens/20.03-lts-sp2/horizon/Dockerfile b/kolla/queens/20.03-lts-sp2/horizon/Dockerfile new file mode 100644 index 0000000..ce78c52 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/horizon/Dockerfile @@ -0,0 +1,25 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/horizon --groups kolla horizon \ + && mkdir -p /var/lib/horizon \ + && chown -R 42420:42420 /var/lib/horizon + +RUN yum -y install gettext httpd mod_ssl mod_wsgi openstack-dashboard && yum clean all && rm -rf /var/cache/yum + +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \ + && ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python2.7/site-packages/openstack_dashboard \ + && ln -s /usr/share/openstack-dashboard/static /usr/lib/python2.7/site-packages/static \ + && chown -R horizon: /etc/openstack-dashboard /usr/share/openstack-dashboard \ + && chown -R apache: /usr/share/openstack-dashboard/static \ + && sed -i "s|WEBROOT = '/dashboard/'|WEBROOT = '/'|" /etc/openstack-dashboard/local_settings \ + && cp /usr/share/openstack-dashboard/manage.py /usr/bin/manage.py \ + && rm -f /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/?[^_]*.py* \ + && rm -f /usr/lib/python2.7/site-packages/openstack_dashboard/local/enabled/?[^_]*.py* \ + && for locale in /usr/lib/python2.7/site-packages/*/locale; do \ + (cd ${locale%/*} && /usr/bin/python /usr/bin/manage.py compilemessages) \ + done + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/horizon/extend_start.sh b/kolla/queens/20.03-lts-sp2/horizon/extend_start.sh new file mode 100644 index 0000000..58a1a76 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/horizon/extend_start.sh @@ -0,0 +1,322 @@ +#!/bin/bash + +set -o errexit + +FORCE_GENERATE="${FORCE_GENERATE}" + +if [[ ${KOLLA_INSTALL_TYPE} == "binary" ]]; then + SITE_PACKAGES="/usr/lib/python2.7/site-packages" +elif [[ ${KOLLA_INSTALL_TYPE} == "source" ]]; then + SITE_PACKAGES="/var/lib/kolla/venv/lib/python2.7/site-packages" +fi + +if [[ ${KOLLA_INSTALL_TYPE} == "source" ]] && [[ ! -f ${SITE_PACKAGES}/openstack_dashboard/local/local_settings.py ]]; then + ln -s /etc/openstack-dashboard/local_settings \ + ${SITE_PACKAGES}/openstack_dashboard/local/local_settings.py +fi + +if [[ -f /etc/openstack-dashboard/custom_local_settings ]] && [[ ! -f ${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py ]]; then + ln -s /etc/openstack-dashboard/custom_local_settings \ + ${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + MANAGE_PY="/usr/bin/python /usr/bin/manage.py" + if [[ -f "/var/lib/kolla/venv/bin/python" ]]; then + MANAGE_PY="/var/lib/kolla/venv/bin/python /var/lib/kolla/venv/bin/manage.py" + fi + $MANAGE_PY migrate --noinput + exit 0 +fi + +function config_dashboard { + ENABLE=$1 + SRC=$2 + DEST=$3 + if [[ ! -f ${SRC} ]]; then + echo "WARNING: ${SRC} is required" + elif [[ "${ENABLE}" == "yes" ]] && [[ ! -f "${DEST}" ]]; then + cp -a "${SRC}" "${DEST}" + FORCE_GENERATE="yes" + elif [[ "${ENABLE}" != "yes" ]] && [[ -f "${DEST}" ]]; then + # remove pyc pyo files too + rm -f "${DEST}" "${DEST}c" "${DEST}o" + FORCE_GENERATE="yes" + fi +} + +function config_cloudkitty_dashboard { + for file in ${SITE_PACKAGES}/cloudkittydashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_CLOUDKITTY}" \ + "${SITE_PACKAGES}/cloudkittydashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_designate_dashboard { + for file in ${SITE_PACKAGES}/designatedashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_DESIGNATE}" \ + "${SITE_PACKAGES}/designatedashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_fwaas_dashboard { + for file in ${SITE_PACKAGES}/neutron_fwaas_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_FWAAS}" \ + "${SITE_PACKAGES}/neutron_fwaas_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_freezer_ui { + for file in ${SITE_PACKAGES}/disaster_recovery/enabled/_*[^__].py; do + config_dashboard "${ENABLE_FREEZER}" \ + "${SITE_PACKAGES}/disaster_recovery/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_heat_dashboard { + for file in ${SITE_PACKAGES}/heat_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_HEAT}" \ + "${SITE_PACKAGES}/heat_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_ironic_dashboard { + for file in ${SITE_PACKAGES}/ironic_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_IRONIC}" \ + "${SITE_PACKAGES}/ironic_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_karbor_dashboard { + for file in ${SITE_PACKAGES}/karbor_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_KARBOR}" \ + "${SITE_PACKAGES}/karbor_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_magnum_dashboard { + for file in ${SITE_PACKAGES}/magnum_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MAGNUM}" \ + "${SITE_PACKAGES}/magnum_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_manila_ui { + for file in ${SITE_PACKAGES}/manila_ui/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MANILA}" \ + "${SITE_PACKAGES}/manila_ui/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_murano_dashboard { + for file in ${SITE_PACKAGES}/muranodashboard/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MURANO}" \ + "${SITE_PACKAGES}/muranodashboard/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + config_dashboard "${ENABLE_MURANO}"\ + "${SITE_PACKAGES}/muranodashboard/conf/murano_policy.json" \ + "/etc/openstack-dashboard/murano_policy.json" + + config_dashboard "${ENABLE_MURANO}"\ + "${SITE_PACKAGES}/muranodashboard/local/local_settings.d/_50_murano.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/local_settings.d/_50_murano.py" +} + +function config_mistral_dashboard { + config_dashboard "${ENABLE_MISTRAL}" \ + "${SITE_PACKAGES}/mistraldashboard/enabled/_50_mistral.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_50_mistral.py" +} + +function config_neutron_lbaas { + config_dashboard "${ENABLE_NEUTRON_LBAAS}" \ + "${SITE_PACKAGES}/neutron_lbaas_dashboard/enabled/_1481_project_ng_loadbalancersv2_panel.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1481_project_ng_loadbalancersv2_panel.py" +} + +function config_octavia_dashboard { + config_dashboard "${ENABLE_OCTAVIA}" \ + "${SITE_PACKAGES}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py" +} + +function config_sahara_dashboard { + for file in ${SITE_PACKAGES}/sahara_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SAHARA}" \ + "${SITE_PACKAGES}/sahara_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_searchlight_ui { + for file in ${SITE_PACKAGES}/searchlight_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SEARCHLIGHT}" \ + "${SITE_PACKAGES}/searchlight_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_SEARCHLIGHT}" \ + "${SITE_PACKAGES}/searchlight_ui/local_settings.d/_1001_search_settings.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/local_settings.d/_1001_search_settings.py" + + config_dashboard "${ENABLE_SEARCHLIGHT}" \ + "${SITE_PACKAGES}/searchlight_ui/conf/searchlight_policy.json" \ + "/etc/openstack-dashboard/searchlight_policy.json" +} + +function config_senlin_dashboard { + for file in ${SITE_PACKAGES}/senlin_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SENLIN}" \ + "${SITE_PACKAGES}/senlin_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_SENLIN}" \ + "${SITE_PACKAGES}/senlin_dashboard/conf/senlin_policy.json" \ + "/etc/openstack-dashboard/senlin_policy.json" +} + +function config_solum_dashboard { + for file in ${SITE_PACKAGES}/solumdashboard/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SOLUM}" \ + "${SITE_PACKAGES}/solumdashboard/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_tacker_dashboard { + for file in ${SITE_PACKAGES}/tacker_horizon/enabled/_*[^__].py; do + config_dashboard "${ENABLE_TACKER}" \ + "${SITE_PACKAGES}/tacker_horizon/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_trove_dashboard { + for file in ${SITE_PACKAGES}/trove_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_TROVE}" \ + "${SITE_PACKAGES}/trove_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_vitrage_dashboard { + for file in ${SITE_PACKAGES}/vitrage_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_VITRAGE}" \ + "${SITE_PACKAGES}/vitrage_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_watcher_dashboard { + for file in ${SITE_PACKAGES}/watcher_dashboard/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_WATCHER}" \ + "${SITE_PACKAGES}/watcher_dashboard/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_WATCHER}" \ + "${SITE_PACKAGES}/watcher_dashboard/conf/watcher_policy.json" \ + "/etc/openstack-dashboard/watcher_policy.json" +} + +function config_zaqar_dashboard { + for file in ${SITE_PACKAGES}/zaqar_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_ZAQAR}" \ + "${SITE_PACKAGES}/zaqar_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_zun_dashboard { + for file in ${SITE_PACKAGES}/zun_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_ZUN}" \ + "${SITE_PACKAGES}/zun_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +# NOTE(jeffrey4l, niedbalski): The local_settings and custom_local_settings files +# affect django-compress behavior, so re-generate the compressed +# javascript and css if any of those setting files changed +function settings_changed { + declare -A settings=( ['/etc/openstack-dashboard/local_settings']="/var/lib/kolla/.local_settings.md5sum.txt" ['/etc/openstack-dashboard/custom_local_settings']="/var/lib/kolla/.custom_local_settings.md5sum.txt") + declare -x changed=1 + for path in "${!settings[@]}"; do + if [[ ! -f ${settings[$path]} || $(md5sum -c --status ${settings[$path]};echo $?) != 0 || ${FORCE_GENERATE} == "yes" ]]; then + changed=0 + md5sum ${path} > ${settings[$path]} + fi + done + return ${changed} +} + +config_cloudkitty_dashboard +config_designate_dashboard +config_fwaas_dashboard +config_freezer_ui +config_heat_dashboard +config_ironic_dashboard +config_karbor_dashboard +config_magnum_dashboard +config_manila_ui +config_mistral_dashboard +config_murano_dashboard +config_neutron_lbaas +config_octavia_dashboard +config_sahara_dashboard +config_searchlight_ui +config_senlin_dashboard +config_solum_dashboard +config_tacker_dashboard +config_trove_dashboard +config_vitrage_dashboard +config_watcher_dashboard +config_zaqar_dashboard +config_zun_dashboard + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi + +if settings_changed; then + if [[ "${KOLLA_INSTALL_TYPE}" == "binary" ]]; then + /usr/bin/manage.py collectstatic --noinput --clear + /usr/bin/manage.py compress --force + elif [[ "${KOLLA_INSTALL_TYPE}" == "source" ]]; then + /var/lib/kolla/venv/bin/python /var/lib/kolla/venv/bin/manage.py collectstatic --noinput --clear + /var/lib/kolla/venv/bin/python /var/lib/kolla/venv/bin/manage.py compress --force + fi +fi + +# NOTE(sbezverk) since Horizon is now storing logs in its own location, /var/log/horizon +# needs to be created if it does not exist +if [[ ! -d "/var/log/kolla/horizon" ]]; then + mkdir -p /var/log/kolla/horizon +fi + +if [[ $(stat -c %a /var/log/kolla/horizon) != "755" ]]; then + chmod 755 /var/log/kolla/horizon +fi + +if [[ -f ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store ]] && [[ $(stat -c %U ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store) != "horizon" ]]; then + chown horizon ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store +fi diff --git a/kolla/queens/20.03-lts-sp2/ironic-inspector/Dockerfile b/kolla/queens/20.03-lts-sp2/ironic-inspector/Dockerfile new file mode 100644 index 0000000..52938f4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic-inspector/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/ironic-inspector --groups kolla ironic-inspector \ + && mkdir -p /var/lib/ironic-inspector \ + && chown -R 42461:42461 /var/lib/ironic-inspector + +RUN yum -y install openstack-ironic-inspector && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 755 /usr/local/bin/kolla_extend_start \ + && chown -R ironic-inspector: /etc/ironic-inspector + +USER ironic-inspector diff --git a/kolla/queens/20.03-lts-sp2/ironic-inspector/extend_start.sh b/kolla/queens/20.03-lts-sp2/ironic-inspector/extend_start.sh new file mode 100644 index 0000000..2582b01 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic-inspector/extend_start.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +LOG_PATH=/var/log/kolla/ironic-inspector + +if [[ ! -d "${LOG_PATH}" ]]; then + mkdir -p "${LOG_PATH}" +fi +if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then + chmod 755 "${LOG_PATH}" +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade + exit 0 +fi diff --git a/kolla/queens/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers b/kolla/queens/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers new file mode 100644 index 0000000..3958468 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers @@ -0,0 +1 @@ +ironic-inspector ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf * diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-api/Dockerfile b/kolla/queens/20.03-lts-sp2/ironic/ironic-api/Dockerfile new file mode 100644 index 0000000..ce51c3b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-api/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-ironic-base:queens-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-ironic-api && yum clean all && rm -rf /var/cache/yum + +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start + +USER ironic diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-api/extend_start.sh b/kolla/queens/20.03-lts-sp2/ironic/ironic-api/extend_start.sh new file mode 100644 index 0000000..7ac9f90 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-api/extend_start.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + ironic-dbsync upgrade + exit 0 +fi + +# Assume the service runs on top of Apache when user is root +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* + else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + fi +fi diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-base/Dockerfile b/kolla/queens/20.03-lts-sp2/ironic/ironic-base/Dockerfile new file mode 100644 index 0000000..8bb0501 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-base/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/ironic --groups kolla ironic \ + && mkdir -p /var/lib/ironic \ + && chown -R 42422:42422 /var/lib/ironic + +RUN yum -y install openstack-ironic-common && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_ironic_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \ + && chown -R ironic: /etc/ironic + diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/ironic/ironic-base/extend_start.sh new file mode 100644 index 0000000..e3b1d4e --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-base/extend_start.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +LOG_PATH=/var/log/kolla/ironic + +if [[ ! -d "${LOG_PATH}" ]]; then + mkdir -p "${LOG_PATH}" +fi +if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then + chmod 755 "${LOG_PATH}" +fi + +. /usr/local/bin/kolla_ironic_extend_start diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers b/kolla/queens/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers new file mode 100644 index 0000000..3e7c843 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers @@ -0,0 +1 @@ +ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf * diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile b/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile new file mode 100644 index 0000000..1795303 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-ironic-base:queens-20.03-lts-sp2 + +RUN yum -y install ansible dosfstools e2fsprogs gdisk ipmitool openssh-clients openstack-ironic-conductor parted psmisc python2-pysnmp python2-dracclient python2-ironic-inspector-client python2-proliantutils python2-scciclient python2-sushy systemd-python util-linux xfsprogs qemu && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +COPY iscsi_tcp_sudoers /etc/sudoers.d/kolla_iscsi_tcp_sudoers +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start \ + && chmod 440 /etc/sudoers.d/kolla_iscsi_tcp_sudoers + +USER ironic diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh b/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh new file mode 100644 index 0000000..e058fad --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo modprobe iscsi_tcp diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers b/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers new file mode 100644 index 0000000..5d38ac6 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers @@ -0,0 +1 @@ +ironic ALL=(root) NOPASSWD: /usr/sbin/modprobe iscsi_tcp, /sbin/modprobe iscsi_tcp diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile b/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile new file mode 100644 index 0000000..bb37a17 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-ironic-base:queens-20.03-lts-sp2 + +ARG ARCH + +ENV ironic_arch=${ARCH} + +RUN yum -y install httpd mod_ssl mod_wsgi tftp-server grub2-efi grub2-efi-aa64-modules && yum clean all && rm -rf /var/cache/yum +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY tftp-map-file /map-file +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh b/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh new file mode 100644 index 0000000..f729798 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + chown -R ironic: /tftpboot + for pxe_file in /var/lib/tftpboot/pxelinux.0 /var/lib/tftpboot/chain.c32 /usr/lib/syslinux/pxelinux.0 \ + /usr/lib/syslinux/chain.c32 /usr/lib/PXELINUX/pxelinux.0 \ + /usr/lib/syslinux/modules/bios/chain.c32 /usr/lib/syslinux/modules/bios/ldlinux.c32; do + if [[ -e "$pxe_file" ]]; then + cp "$pxe_file" /tftpboot + fi + done + exit 0 +fi + +if [[ "${ironic_arch}" =~ aarch64 ]]; then + modules="boot chain configfile efinet ext2 fat gettext help hfsplus loadenv \ + lsefi normal part_gpt part_msdos read search search_fs_file search_fs_uuid \ + search_label terminal terminfo tftp linux" + + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + grub-mkimage -v -o /tftpboot/grubaa64.efi -O arm64-efi -p "grub" $modules + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|oraclelinux|rhel ]]; then + grub2-mkimage -v -o /tftpboot/grubaa64.efi -O arm64-efi -p "EFI/centos" $modules + fi +fi + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi diff --git a/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file b/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file new file mode 100644 index 0000000..812abe0 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file @@ -0,0 +1,4 @@ +re ^(/tftpboot/) /tftpboot/\2 +re ^/tftpboot/ /tftpboot/ +re ^(^/) /tftpboot/\1 +re ^([^/]) /tftpboot/\1 diff --git a/kolla/queens/20.03-lts-sp2/keepalived/Dockerfile b/kolla/queens/20.03-lts-sp2/keepalived/Dockerfile new file mode 100644 index 0000000..ef33c58 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keepalived/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN yum -y install hostname keepalived && yum clean all && rm -rf /var/cache/yum + +COPY check_alive.sh / + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start /check_alive.sh + diff --git a/kolla/queens/20.03-lts-sp2/keepalived/check_alive.sh b/kolla/queens/20.03-lts-sp2/keepalived/check_alive.sh new file mode 100644 index 0000000..929bb22 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keepalived/check_alive.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# This will return 0 when it successfully talks to the haproxy daemon via the socket +# Failures return 1 + +echo "show info" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock stdio > /dev/null diff --git a/kolla/queens/20.03-lts-sp2/keepalived/extend_start.sh b/kolla/queens/20.03-lts-sp2/keepalived/extend_start.sh new file mode 100644 index 0000000..e1fe5d9 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keepalived/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +modprobe ip_vs + +# Workaround for bug #1485079 +if [ -f /run/keepalived.pid ]; then + rm /run/keepalived.pid +fi diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-base/Dockerfile b/kolla/queens/20.03-lts-sp2/keystone/keystone-base/Dockerfile new file mode 100644 index 0000000..364e02c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-base/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/keystone --groups kolla keystone \ + && mkdir -p /var/lib/keystone \ + && chown -R 42425:42425 /var/lib/keystone + +RUN yum -y install httpd mod_ssl python2-mod_wsgi openstack-keystone python2-ldappool python2-keystoneclient && yum clean all && rm -rf /var/cache/yum +RUN mkdir -p /var/www/cgi-bin/keystone \ + && cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main \ + && cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \ + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +RUN chown -R keystone: /var/www/cgi-bin/keystone \ + && chmod 755 /var/www/cgi-bin/keystone/* + diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile new file mode 100644 index 0000000..d596a1f --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-keystone-base:queens-20.03-lts-sp2 + +RUN yum -y install cronie openssh-clients rsync && yum clean all && rm -rf /var/cache/yum + +COPY fetch_fernet_tokens.py /usr/bin/ +COPY keystone_bootstrap.sh /usr/local/bin/kolla_keystone_bootstrap +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_keystone_bootstrap /usr/bin/fetch_fernet_tokens.py + diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh new file mode 100644 index 0000000..cf35694 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +FERNET_SYNC=/usr/bin/fernet-node-sync.sh +FERNET_TOKEN_DIR="/etc/keystone/fernet-keys" + +if [[ -f "${FERNET_SYNC}" ]]; then + ${FERNET_SYNC} +fi + +if [[ $(stat -c %U:%G ${FERNET_TOKEN_DIR}) != "keystone:keystone" ]]; then + chown keystone:keystone ${FERNET_TOKEN_DIR} +fi diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py new file mode 100644 index 0000000..0f739e9 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py @@ -0,0 +1,85 @@ +#!/usr/bin/python + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Basically this module will fetch the fernet tokens and compare them to the +# required time constrains to determine whether the host needs to resync with +# other nodes in the cluster. + +from __future__ import print_function +import argparse +from datetime import datetime +from datetime import timedelta +import json +import os +import sys + +# Adding nosec since this fails bandit B105, 'Possible hardcoded password'. +TOKEN_PATH = '/etc/keystone/fernet-keys' # nosec + + +def json_exit(msg=None, failed=False, changed=False): + if type(msg) is not dict: + msg = {'msg': str(msg)} + msg.update({'failed': failed, 'changed': changed}) + print(json.dumps(msg)) + sys.exit() + + +def has_file(filename_path): + if not os.path.exists(filename_path): + return False + return True + + +def num_tokens(): + _, _, files = os.walk(TOKEN_PATH).next() + return len(files) + + +def tokens_populated(expected): + return num_tokens() == int(expected) + + +def token_stale(seconds, filename='0'): + max_token_age = datetime.now() - timedelta(seconds=int(seconds)) + filename_path = os.path.join(TOKEN_PATH, filename) + + if not has_file(filename_path): + return True + modified_date = datetime.fromtimestamp(os.path.getmtime(filename_path)) + return modified_date < max_token_age + + +def main(): + parser = argparse.ArgumentParser(description='''Checks to see if a fernet + token no older than a desired time.''') + parser.add_argument('-t', '--time', + help='Time in seconds for a token rotation', + required=True) + parser.add_argument('-f', '--filename', + help='Filename of token to check', + default='0') + parser.add_argument('-n', '--number', + help='Number of tokens that should exist', + required=True) + args = parser.parse_args() + + json_exit({ + 'populated': tokens_populated(args.number), + 'update_required': token_stale(args.time, args.filename), + }) + + +if __name__ == '__main__': + main() diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh new file mode 100644 index 0000000..d361767 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +USERNAME=$1 +GROUP=$2 + +function fail_json { + echo '{"failed": true, "msg": "'$1'", "changed": true}' + exit 1 +} + +function exit_json { + echo '{"failed": false, "changed": '"${changed}"'}' +} + +changed="false" +keystone_bootstrap=$(keystone-manage --config-file /etc/keystone/keystone.conf fernet_setup --keystone-user ${USERNAME} --keystone-group ${GROUP} 2>&1) +if [[ $? != 0 ]]; then + fail_json "${keystone_bootstrap}" +fi + +changed=$(echo "${keystone_bootstrap}" | awk ' + /Key repository is already initialized/ {count++} + END { + if (count == 1) changed="true"; else changed="false" + print changed + }' +) + +exit_json diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile b/kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile new file mode 100644 index 0000000..d516d29 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-keystone-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/keystone --groups kolla keystone \ + && chsh --shell /bin/bash keystone \ + && mkdir -p /var/lib/keystone \ + && chown -R 42425:42425 /var/lib/keystone + +RUN yum -y install openssh-server rsync && yum clean all && rm -rf /var/cache/yum + +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh b/kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh new file mode 100644 index 0000000..dc8f04b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +SSH_HOST_KEY_TYPES=( "rsa" "dsa" "ecdsa" "ed25519" ) + +for key_type in ${SSH_HOST_KEY_TYPES[@]}; do + KEY_PATH=/etc/ssh/ssh_host_${key_type}_key + if [[ ! -f "${KEY_PATH}" ]]; then + ssh-keygen -q -t ${key_type} -f ${KEY_PATH} -N "" + fi +done + +mkdir -p /var/lib/keystone/.ssh + +if [[ $(stat -c %U:%G /var/lib/keystone/.ssh) != "keystone:keystone" ]]; then + sudo chown keystone: /var/lib/keystone/.ssh +fi diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone/Dockerfile b/kolla/queens/20.03-lts-sp2/keystone/keystone/Dockerfile new file mode 100644 index 0000000..eb60b6f --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone/Dockerfile @@ -0,0 +1,6 @@ +FROM openeuler/openeuler-binary-keystone-base:queens-20.03-lts-sp2 + +COPY keystone_bootstrap.sh /usr/local/bin/kolla_keystone_bootstrap +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_keystone_bootstrap + diff --git a/kolla/queens/20.03-lts-sp2/keystone/keystone/extend_start.sh b/kolla/queens/20.03-lts-sp2/keystone/keystone/extend_start.sh new file mode 100644 index 0000000..8802dd9 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/keystone/keystone/extend_start.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +function kolla_kubernetes { + KUBE_TOKEN=$(&1) +if [[ $? != 0 ]]; then + fail_json "${keystone_bootstrap}" +fi + +changed=$(echo "${keystone_bootstrap}" | awk ' + /Domain default already exists, skipping creation./ || + /Project '"${PROJECT}"' already exists, skipping creation./ || + /User '"${USERNAME}"' already exists, skipping creation./ || + /Role '"${ROLE}"' exists, skipping creation./ || + /User '"${USERNAME}"' already has '"${ROLE}"' on '"${PROJECT}"'./ || + /Region '"${REGION}"' exists, skipping creation./ || + /Skipping admin endpoint as already created/ || + /Skipping internal endpoint as already created/ || + /Skipping public endpoint as already created/ {count++} + END { + if (count == 9) changed="false"; else changed="true" + print changed + }' +) + +exit_json diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/Dockerfile b/kolla/queens/20.03-lts-sp2/kolla-toolbox/Dockerfile new file mode 100644 index 0000000..ce3550c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/Dockerfile @@ -0,0 +1,32 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/ansible --groups kolla ansible \ + && mkdir -p /var/lib/ansible \ + && chown -R 42401:42401 /var/lib/ansible + +RUN yum -y install python2-crudini python2-crypto gcc gdisk git jq libffi-devel libxml2-devel libxslt-devel make mariadb mariadb-devel openssh-clients openssl-devel python-devel && yum clean all && rm -rf /var/cache/yum + +RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py \ + && python get-pip.py \ + && rm get-pip.py + +RUN pip --no-cache-dir install --upgrade virtualenv \ + && virtualenv --system-site-packages /opt/ansible + +ENV PATH /opt/ansible/bin:$PATH + +RUN pip --no-cache-dir install --upgrade ansible==2.2.0.0 "cmd2<0.9.0" mysqlclient os-client-config==1.28.0 "openstacksdk<0.18" pbr==2.0.0 pymongo python-openstackclient==3.12.0 pytz pyudev shade==1.27.1 \ + && mkdir -p /etc/ansible /usr/share/ansible \ + && echo 'localhost ansible_connection=local ansible_python_interpreter=/opt/ansible/bin/python' > /etc/ansible/hosts \ + && sed -i 's| "identity_api_version": "2.0",| "identity_api_version": "3",|' /opt/ansible/lib/python2.7/site-packages/os_client_config/defaults.json + +ENV ANSIBLE_LIBRARY /usr/share/ansible:$ANSIBLE_LIBRARY + +COPY find_disks.py kolla_keystone_service.py kolla_keystone_user.py kolla_sanity.py /usr/share/ansible/ +COPY ansible.cfg /var/lib/ansible/.ansible.cfg + +COPY ansible_sudoers /etc/sudoers.d/kolla_ansible_sudoers +RUN chmod 440 /etc/sudoers.d/kolla_ansible_sudoers + +USER ansible + diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible.cfg b/kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible.cfg new file mode 100644 index 0000000..53708de --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +remote_tmp = /tmp +log_path = /var/log/kolla/ansible.log diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible_sudoers b/kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible_sudoers new file mode 100644 index 0000000..c43917f --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/ansible_sudoers @@ -0,0 +1 @@ +ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a *, /usr/local/bin/ansible localhost -m find_disks -a * diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/find_disks.py b/kolla/queens/20.03-lts-sp2/kolla-toolbox/find_disks.py new file mode 100644 index 0000000..63f5262 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/find_disks.py @@ -0,0 +1,217 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This module has been relicensed from the source below: +# https://github.com/SamYaple/yaodu/blob/master/ansible/library/ceph_osd_list + +DOCUMENTATION = ''' +--- +module: find_disks +short_description: Return list of devices containing a specfied name or label +description: + - This will return a list of all devices with either GPT partition name + or filesystem label of the name specified. +options: + match_mode: + description: + - Label match mode, either strict or prefix + default: 'strict' + required: False + choices: [ "strict", "prefix" ] + type: str + name: + description: + - Partition name or filesystem label + required: True + type: str + aliases: [ 'partition_name' ] + use_udev: + description: + - When True, use Linux udev to read disk info such as partition labels, + uuid, etc. Some older host operating systems have issues using udev to + get the info this module needs. Set to False to fall back to more low + level commands such as blkid to retrieve this information. Most users + should not need to change this. + default: True + required: False + type: bool +author: Sam Yaple +''' + +EXAMPLES = ''' +- hosts: ceph-osd + tasks: + - name: Return all valid formated devices with the name KOLLA_CEPH_OSD + find_disks: + name: 'KOLLA_CEPH_OSD' + register: osds + +- hosts: swift-object-server + tasks: + - name: Return all valid devices with the name KOLLA_SWIFT + find_disks: + name: 'KOLLA_SWIFT' + register: swift_disks + +- hosts: swift-object-server + tasks: + - name: Return all valid devices with wildcard name 'swift_d*' + find_disks: + name: 'swift_d' match_mode: 'prefix' + register: swift_disks +''' + +import json +import pyudev +import re +import subprocess # nosec + + +PREFERRED_DEVICE_LINK_ORDER = [ + '/dev/disk/by-uuid', + '/dev/disk/by-partuuid', + '/dev/disk/by-parttypeuuid', + '/dev/disk/by-label', + '/dev/disk/by-partlabel' +] + + +def get_id_part_entry_name(dev, use_udev): + if use_udev: + dev_name = dev.get('ID_PART_ENTRY_NAME', '') + else: + part = re.sub(r'.*[^\d]', '', dev.device_node) + parent = dev.find_parent('block').device_node + # NOTE(Mech422): Need to use -i as -p truncates the partition name + out = subprocess.Popen(['/usr/sbin/sgdisk', '-i', part, # nosec + parent], + stdout=subprocess.PIPE).communicate() + match = re.search(r'Partition name: \'(\w+)\'', out[0]) + if match: + dev_name = match.group(1) + else: + dev_name = '' + return dev_name + + +def get_id_fs_uuid(dev, use_udev): + if use_udev: + id_fs_uuid = dev.get('ID_FS_UUID', '') + else: + out = subprocess.Popen(['/usr/sbin/blkid', '-o', 'export', # nosec + dev.device_node], + stdout=subprocess.PIPE).communicate() + match = re.search(r'\nUUID=([\w-]+)', out[0]) + if match: + id_fs_uuid = match.group(1) + else: + id_fs_uuid = '' + return id_fs_uuid + + +def is_dev_matched_by_name(dev, name, mode, use_udev): + if dev.get('DEVTYPE', '') == 'partition': + dev_name = get_id_part_entry_name(dev, use_udev) + else: + dev_name = dev.get('ID_FS_LABEL', '') + + if mode == 'strict': + return dev_name == name + elif mode == 'prefix': + return dev_name.startswith(name) + else: + return False + + +def find_disk(ct, name, match_mode, use_udev): + for dev in ct.list_devices(subsystem='block'): + if is_dev_matched_by_name(dev, name, match_mode, use_udev): + yield dev + + +def get_device_link(dev): + for preferred_link in PREFERRED_DEVICE_LINK_ORDER: + for link in dev.device_links: + if link.startswith(preferred_link): + return link + return dev.device_node + + +def extract_disk_info(ct, dev, name, use_udev): + if not dev: + return + kwargs = dict() + kwargs['fs_uuid'] = get_id_fs_uuid(dev, use_udev) + kwargs['fs_label'] = dev.get('ID_FS_LABEL', '') + if dev.get('DEVTYPE', '') == 'partition': + kwargs['device'] = dev.find_parent('block').device_node + kwargs['partition'] = dev.device_node + kwargs['partition_num'] = \ + re.sub(r'.*[^\d]', '', dev.device_node) + if is_dev_matched_by_name(dev, name, 'strict', use_udev): + kwargs['external_journal'] = False + # NOTE(jeffrey4l): this is only used for bootstrap osd stage and + # there is no journal partion at all. So it is OK to use + # device_node directly. + kwargs['journal'] = dev.device_node[:-1] + '2' + kwargs['journal_device'] = kwargs['device'] + kwargs['journal_num'] = 2 + else: + kwargs['external_journal'] = True + journal_name = get_id_part_entry_name(dev, use_udev) + '_J' + for journal in find_disk(ct, journal_name, 'strict', use_udev): + kwargs['journal'] = get_device_link(journal) + kwargs['journal_device'] = \ + journal.find_parent('block').device_node + kwargs['journal_num'] = \ + re.sub(r'.*[^\d]', '', journal.device_node) + break + if 'journal' not in kwargs: + # NOTE(SamYaple): Journal not found, not returning info + return + else: + kwargs['device'] = dev.device_node + yield kwargs + + +def main(): + argument_spec = dict( + match_mode=dict(required=False, choices=['strict', 'prefix'], + default='strict'), + name=dict(aliases=['partition_name'], required=True, type='str'), + use_udev=dict(required=False, default=True, type='bool') + ) + module = AnsibleModule(argument_spec) + match_mode = module.params.get('match_mode') + name = module.params.get('name') + use_udev = module.params.get('use_udev') + + try: + ret = list() + ct = pyudev.Context() + for dev in find_disk(ct, name, match_mode, use_udev): + for info in extract_disk_info(ct, dev, name, use_udev): + if info: + ret.append(info) + + module.exit_json(disks=json.dumps(ret)) + except Exception as e: + module.exit_json(failed=True, msg=repr(e)) + +# import module snippets +from ansible.module_utils.basic import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py b/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py new file mode 100644 index 0000000..ca747e7 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py @@ -0,0 +1,101 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is a barebones file needed to file a gap until Ansible 2.0. No +# error checking, no deletions, no updates. Idempotent creation only. + +# If you look closely, you will see we arent _really_ using the shade module +# we just use it to slightly abstract the authentication model. As patches land +# in upstream shade we will be able to use more of the shade module. Until then +# if we want to be 'stable' we really need to be using it as a passthrough + +import traceback + +import shade + + +def main(): + argument_spec = openstack_full_argument_spec( + description=dict(required=True, type='str'), + service_name=dict(required=True, type='str'), + service_type=dict(required=True, type='str'), + url=dict(required=True, type='str'), + interface=dict(required=True, type='str'), + endpoint_region=dict(required=True, type='str') + ) + module = AnsibleModule(argument_spec) + + try: + description = module.params.pop('description') + service_name = module.params.pop('service_name') + service_type = module.params.pop('service_type') + url = module.params.pop('url') + interface = module.params.pop('interface') + endpoint_region = module.params.pop('endpoint_region') + + changed = False + service = None + endpoint = None + + cloud = shade.operator_cloud(**module.params) + + for _service in cloud.keystone_client.services.list(): + if _service.type == service_type: + service = _service + service_description = getattr(service, 'description', None) + if service.name != service_name or \ + service_description != description: + changed = True + cloud.keystone_client.services.update( + service, + name=service_name, + description=description) + break + else: + changed = True + service = cloud.keystone_client.services.create( + name=service_name, + service_type=service_type, + description=description) + + for _endpoint in cloud.keystone_client.endpoints.list(): + if _endpoint.service_id == service.id and \ + _endpoint.interface == interface and \ + _endpoint.region == endpoint_region: + endpoint = _endpoint + if endpoint.url != url: + changed = True + cloud.keystone_client.endpoints.update( + endpoint, url=url) + break + else: + changed = True + cloud.keystone_client.endpoints.create( + service=service.id, + url=url, + interface=interface, + region=endpoint_region) + + module.exit_json(changed=changed) + except Exception: + module.exit_json(failed=True, changed=True, + msg=repr(traceback.format_exc())) + +# import module snippets +from ansible.module_utils.basic import * # noqa +from ansible.module_utils.openstack import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py b/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py new file mode 100644 index 0000000..319cf67 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py @@ -0,0 +1,90 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import traceback + +import shade + + +def main(): + argument_spec = openstack_full_argument_spec( + password=dict(required=True, type='str'), + project=dict(required=True, type='str'), + role=dict(required=True, type='str'), + user=dict(required=True, type='str') + ) + module = AnsibleModule(argument_spec) + + try: + password = module.params.pop('password') + project_name = module.params.pop('project') + role_name = module.params.pop('role') + user_name = module.params.pop('user') + + changed = False + project = None + role = None + user = None + + cloud = shade.OperatorCloud(**module.params) + + for _project in cloud.search_projects(): + if _project.name == project_name: + project = _project + + for _role in cloud.search_roles(): + if _role.name == role_name: + role = _role + + for _user in cloud.search_users(): + if _user.name == user_name: + user = _user + + if not project: + changed = True + project = cloud.create_project(project_name, + domain_id='default') + + if not role: + changed = True + role = cloud.create_role(role_name) + + if not user: + changed = True + user = cloud.create_user(user_name, + password=password, + default_project=project, + domain_id='default') + role_assignments = cloud.keystone_client.role_assignments + assignment = role_assignments.list(user=user, + project=project, + role=role) + if not assignment: + changed = True + cloud.grant_role(role, + user=user, + project=project) + + module.exit_json(changed=changed) + except Exception: + module.exit_json(failed=True, changed=True, + msg=repr(traceback.format_exc())) + +# import module snippets +from ansible.module_utils.basic import * # noqa +from ansible.module_utils.openstack import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py b/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py new file mode 100644 index 0000000..3df8d2a --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py @@ -0,0 +1,63 @@ +#!/usr/bin/python + +# Copyright 2015 Intel corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is a barebones file needed to file a gap until Ansible 2.0. No +# error checking, no deletions, no updates. Idempotent creation only. + +# If you look closely, you will see we arent _really_ using the shade module +# we just use it to slightly abstract the authentication model. As patches land +# in upstream shade we will be able to use more of the shade module. Until then +# if we want to be 'stable' we really need to be using it as a passthrough + +import traceback + +import shade + + +class SanityChecks(object): + # TODO(pbourke): remove and replace with direct call to os_object + @staticmethod + def swift(cloud): + [container for container in cloud.swift_client.list()] + + +def main(): + module = AnsibleModule( + argument_spec=openstack_full_argument_spec( + password=dict(required=True, type='str'), + project=dict(required=True, type='str'), + role=dict(required=True, type='str'), + user=dict(required=True, type='str'), + service=dict(required=True, type='str'), + ) + ) + + try: + changed = True + cloud = shade.operator_cloud(**module.params) + + getattr(SanityChecks, module.params.pop("service"))(cloud) + + module.exit_json(changed=changed) + except Exception: + module.exit_json(failed=True, changed=True, + msg=repr(traceback.format_exc())) + +# import module snippets +from ansible.module_utils.basic import * # noqa +from ansible.module_utils.openstack import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/queens/20.03-lts-sp2/mariadb/Dockerfile b/kolla/queens/20.03-lts-sp2/mariadb/Dockerfile new file mode 100644 index 0000000..05188a2 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/mariadb/Dockerfile @@ -0,0 +1,21 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/mysql --groups kolla mysql \ + && mkdir -p /var/lib/mysql \ + && chown -R 42434:42434 /var/lib/mysql + +RUN yum -y install expect galera hostname mariadb-server-galera pv rsync tar mariadb mariadb-server MySQL-python python2-PyMySQL && yum clean all && rm -rf /var/cache/yum + +COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start +COPY security_reset.expect /usr/local/bin/kolla_security_reset +RUN chmod 755 /usr/local/bin/kolla_extend_start \ + && chmod 755 /usr/local/bin/kolla_security_reset \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_mariadb_sudoers \ + && rm -rf /var/lib/mysql/* + +ENTRYPOINT ["dumb-init", "--"] +CMD ["kolla_start"] + +USER mysql diff --git a/kolla/queens/20.03-lts-sp2/mariadb/extend_start.sh b/kolla/queens/20.03-lts-sp2/mariadb/extend_start.sh new file mode 100644 index 0000000..310f79c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/mariadb/extend_start.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +function bootstrap_db { + mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid & + # Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout + # NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions. + # Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid. + TIMEOUT=${DB_MAX_TIMEOUT:-60} + while [[ ! -S /var/lib/mysql/mysql.sock ]] && \ + [[ ! -S /var/run/mysqld/mysqld.sock ]] || \ + [[ ! -f /var/lib/mysql/mariadb.pid ]]; do + if [[ ${TIMEOUT} -gt 0 ]]; then + let TIMEOUT-=1 + sleep 1 + else + exit 1 + fi + done + + sudo -E kolla_security_reset + mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" + mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" + mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown +} + +# Create log directory, with appropriate permissions +if [[ ! -d "/var/log/kolla/mariadb" ]]; then + mkdir -p /var/log/kolla/mariadb +fi +if [[ $(stat -c %a /var/log/kolla/mariadb) != "755" ]]; then + chmod 755 /var/log/kolla/mariadb +fi + +# This catches all cases of the BOOTSTRAP variable being set, including empty +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + mysql_install_db + bootstrap_db + exit 0 +fi + +if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then + ARGS="${BOOTSTRAP_ARGS}" +fi diff --git a/kolla/queens/20.03-lts-sp2/mariadb/mariadb_sudoers b/kolla/queens/20.03-lts-sp2/mariadb/mariadb_sudoers new file mode 100644 index 0000000..150534e --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/mariadb/mariadb_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset diff --git a/kolla/queens/20.03-lts-sp2/mariadb/security_reset.expect b/kolla/queens/20.03-lts-sp2/mariadb/security_reset.expect new file mode 100644 index 0000000..af71463 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/mariadb/security_reset.expect @@ -0,0 +1,58 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn mysql_secure_installation +expect { + timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } + "Enter current password for root (enter for none):" +} +send "\r" +expect { + timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } + "Set root password?" +} +send "y\r" +expect { + timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } + "New password:" +} +send "$env(DB_ROOT_PASSWORD)\r" + +expect { + timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } + "Re-enter new password:" +} +send "$env(DB_ROOT_PASSWORD)\r" + +expect { + timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } + "Remove anonymous users?" +} +send "y\r" + +expect { + timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } + "Disallow root login remotely?" +} +send "n\r" + +expect { + timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } + "Remove test database and access to it?" +} +send "y\r" + +expect { + timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } + "Reload privilege tables now?" +} +send "y\r" +expect eof diff --git a/kolla/queens/20.03-lts-sp2/memcached/Dockerfile b/kolla/queens/20.03-lts-sp2/memcached/Dockerfile new file mode 100644 index 0000000..016ea77 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/memcached/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /run/memcache --groups kolla memcached \ + && mkdir -p /run/memcache \ + && chown -R 42457:42457 /run/memcache + +RUN yum -y install memcached && yum clean all && rm -rf /var/cache/yum + +USER memcached diff --git a/kolla/queens/20.03-lts-sp2/multipathd/Dockerfile b/kolla/queens/20.03-lts-sp2/multipathd/Dockerfile new file mode 100644 index 0000000..fbabb0b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/multipathd/Dockerfile @@ -0,0 +1,7 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN yum -y install device-mapper-multipath && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/multipathd/extend_start.sh b/kolla/queens/20.03-lts-sp2/multipathd/extend_start.sh new file mode 100644 index 0000000..42c145d --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/multipathd/extend_start.sh @@ -0,0 +1,2 @@ +#!/bin/bash +modprobe dm-multipath diff --git a/kolla/queens/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile new file mode 100644 index 0000000..bc1f4a4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-base/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-base/Dockerfile new file mode 100644 index 0000000..bfb5798 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-base/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/neutron --groups kolla neutron \ + && mkdir -p /var/lib/neutron \ + && chown -R 42435:42435 /var/lib/neutron + +RUN yum -y install keepalived net-tools openstack-neutron openstack-neutron-ml2 openvswitch python2-openvswitch python2-oslo-vmware && yum clean all && rm -rf /var/cache/yum + +COPY neutron_sudoers /etc/sudoers.d/kolla_neutron_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_neutron_sudoers \ + && touch /usr/local/bin/kolla_neutron_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_neutron_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/neutron/neutron-base/extend_start.sh new file mode 100644 index 0000000..12307fc --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/neutron" ]]; then + mkdir -p /var/log/kolla/neutron +fi +if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then + chmod 755 /var/log/kolla/neutron +fi + +. /usr/local/bin/kolla_neutron_extend_start diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers b/kolla/queens/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers new file mode 100644 index 0000000..ad44892 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers @@ -0,0 +1 @@ +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile new file mode 100644 index 0000000..bc1f4a4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile new file mode 100644 index 0000000..e243d6c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +RUN yum -y install libreswan && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile new file mode 100644 index 0000000..dc630d2 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +RUN yum -y install ebtables openstack-neutron-linuxbridge-agent && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile new file mode 100644 index 0000000..bc1f4a4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile new file mode 100644 index 0000000..8a0ad30 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-neutron-metering-agent && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile new file mode 100644 index 0000000..3b82c9e --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-neutron-openvswitch-agent openvswitch && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-server/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-server/Dockerfile new file mode 100644 index 0000000..3c8559d --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-server/Dockerfile @@ -0,0 +1,6 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +COPY extend_start.sh /usr/local/bin/kolla_neutron_extend_start +RUN chmod 755 /usr/local/bin/kolla_neutron_extend_start + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-server/extend_start.sh b/kolla/queens/20.03-lts-sp2/neutron/neutron-server/extend_start.sh new file mode 100644 index 0000000..a7619c5 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-server/extend_start.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + OPTS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini" + neutron-db-manage ${OPTS} upgrade head + neutron-db-manage ${OPTS} --subproject neutron-fwaas upgrade head + neutron-db-manage ${OPTS} --subproject neutron-vpnaas upgrade head + exit 0 +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP and NEUTRON_SFC_ENABLED variables are set. +# This catches all cases of the KOLLA_BOOTSTRAP and NEUTRON_SFC_ENABLED variable +# being set, including empty. +if [[ "${!NEUTRON_SFC_BOOTSTRAP[@]}" ]]; then + neutron-db-manage --subproject networking-sfc --config-file /etc/neutron/neutron.conf upgrade head + exit 0 +fi + +# Migrate database and exit if KOLLA_UPGRADE variable is set. This catches all cases +# of the KOLLA_UPGRADE variable being set, including empty. +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + if [[ "${!NEUTRON_DB_EXPAND[@]}" ]]; then + echo "Expanding database" + neutron-db-manage upgrade --expand + fi + if [[ "${!NEUTRON_DB_CONTRACT[@]}" ]]; then + echo "Contracting database" + neutron-db-manage upgrade --contract + fi + exit 0 +fi diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile new file mode 100644 index 0000000..3c8559d --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile @@ -0,0 +1,6 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +COPY extend_start.sh /usr/local/bin/kolla_neutron_extend_start +RUN chmod 755 /usr/local/bin/kolla_neutron_extend_start + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh b/kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh new file mode 100644 index 0000000..d721b4d --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + neutron-db-manage --subproject networking-sfc --config-file /etc/neutron/neutron.conf upgrade head + exit 0 +fi diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile b/kolla/queens/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile new file mode 100644 index 0000000..db35f92 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-neutron-sriov-nic-agent && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/queens/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh b/kolla/queens/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh new file mode 100644 index 0000000..40ba0b6 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf upgrade head + exit 0 +fi diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-api/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-api/Dockerfile new file mode 100644 index 0000000..ac6353c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-api/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-nova-api && yum clean all && rm -rf /var/cache/yum +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start +RUN chmod 755 /usr/local/bin/kolla_nova_extend_start + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-api/extend_start.sh b/kolla/queens/20.03-lts-sp2/nova/nova-api/extend_start.sh new file mode 100644 index 0000000..df27792 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-api/extend_start.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + nova-manage db sync + nova-manage api_db sync + nova-manage db online_data_migrations + exit 0 +fi + +# Assume the service runs on top of Apache when user is root +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* + else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + fi +fi diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-base/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-base/Dockerfile new file mode 100644 index 0000000..af56ef1 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-base/Dockerfile @@ -0,0 +1,18 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/nova --groups kolla nova \ + && usermod --append --groups qemu nova \ + && mkdir -p /var/lib/nova \ + && chown -R 42436:42436 /var/lib/nova + +RUN yum -y install bridge-utils openstack-nova-common openvswitch python2-cinderclient python2-keystoneclient edk2-aarch64 && yum clean all && rm -rf /var/cache/yum + +RUN mkdir -p /usr/share/AAVMF \ + && ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw /usr/share/AAVMF/AAVMF_CODE.fd \ + && ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw /usr/share/AAVMF/AAVMF_VARS.fd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_nova_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_nova_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/nova/nova-base/extend_start.sh new file mode 100644 index 0000000..eee0f16 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/nova" ]]; then + mkdir -p /var/log/kolla/nova +fi +if [[ $(stat -c %a /var/log/kolla/nova) != "755" ]]; then + chmod 755 /var/log/kolla/nova +fi + +. /usr/local/bin/kolla_nova_extend_start diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-base/nova_sudoers b/kolla/queens/20.03-lts-sp2/nova/nova-base/nova_sudoers new file mode 100644 index 0000000..6d73da6 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-base/nova_sudoers @@ -0,0 +1 @@ +nova ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf * diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile new file mode 100644 index 0000000..a6fb119 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install genisoimage openstack-nova-compute && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-compute/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-compute/Dockerfile new file mode 100644 index 0000000..41e9e18 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-compute/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install ceph-common device-mapper-multipath e2fsprogs genisoimage iscsi-initiator-utils nfs-utils openstack-nova-compute openvswitch parted python2-libguestfs python2-oslo-vmware python2-rtslib-fb sysfsutils xfsprogs && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start +RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \ + && rm -f /etc/machine-id + +USER nova + diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-compute/extend_start.sh b/kolla/queens/20.03-lts-sp2/nova/nova-compute/extend_start.sh new file mode 100644 index 0000000..a458625 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-compute/extend_start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [[ ! -d /var/lib/nova/instances ]]; then + mkdir -p /var/lib/nova/instances +fi diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-conductor/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-conductor/Dockerfile new file mode 100644 index 0000000..75aeb46 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-conductor/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-nova-conductor && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile new file mode 100644 index 0000000..2e61ce0 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-nova-console && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-libvirt/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-libvirt/Dockerfile new file mode 100644 index 0000000..d8197a4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-libvirt/Dockerfile @@ -0,0 +1,12 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/nova --groups kolla nova \ + && usermod --append --groups qemu nova \ + && mkdir -p /var/lib/nova \ + && chown -R 42436:42436 /var/lib/nova + +RUN yum -y install ceph-common cyrus-sasl-scram libguestfs libvirt-client libvirt-daemon libvirt-daemon-config-nwfilter libvirt-daemon-driver-nwfilter openvswitch qemu && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh b/kolla/queens/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh new file mode 100644 index 0000000..a0ccf18 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# TODO(SamYaple): Tweak libvirt.conf rather than change permissions. +# Fix permissions for libvirt +# Do not remove unless CentOS has been validated +if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:qemu /dev/kvm +fi + +# Mount xenfs for libxl to work +if [[ $(lsmod | grep xenfs) ]]; then + mount -t xenfs xenfs /proc/xen +fi + +if [[ ! -d "/var/log/kolla/libvirt" ]]; then + mkdir -p /var/log/kolla/libvirt + touch /var/log/kolla/libvirt/libvirtd.log + chmod 644 /var/log/kolla/libvirt/libvirtd.log +fi +if [[ $(stat -c %a /var/log/kolla/libvirt) != "755" ]]; then + chmod 755 /var/log/kolla/libvirt + chmod 644 /var/log/kolla/libvirt/libvirtd.log +fi diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile new file mode 100644 index 0000000..398924c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install novnc openstack-nova-novncproxy && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-placement-api/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-placement-api/Dockerfile new file mode 100644 index 0000000..d7d0ff4 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-placement-api/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-nova-placement-api && yum clean all && rm -rf /var/cache/yum +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \ + && rm -f /etc/httpd/conf.d/00-nova-placement-api.conf + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start +RUN chmod 755 /usr/local/bin/kolla_nova_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh b/kolla/queens/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh new file mode 100644 index 0000000..4596bf6 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-scheduler/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-scheduler/Dockerfile new file mode 100644 index 0000000..8c84bc2 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-scheduler/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-nova-scheduler && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile new file mode 100644 index 0000000..97fb230 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-nova-serialproxy && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile new file mode 100644 index 0000000..b17340c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN yum -y install numpy openstack-nova-spicehtml5proxy && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-ssh/Dockerfile b/kolla/queens/20.03-lts-sp2/nova/nova-ssh/Dockerfile new file mode 100644 index 0000000..e0de430 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-ssh/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-nova-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/nova --groups kolla nova \ + && chsh --shell /bin/bash nova \ + && mkdir -p /var/lib/nova \ + && chown -R 42436:42436 /var/lib/nova + +RUN yum -y install openssh-server && yum clean all && rm -rf /var/cache/yum + +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/nova/nova-ssh/extend_start.sh b/kolla/queens/20.03-lts-sp2/nova/nova-ssh/extend_start.sh new file mode 100644 index 0000000..6d52952 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/nova/nova-ssh/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +SSH_HOST_KEY_TYPES=( "rsa" "dsa" "ecdsa" "ed25519" ) + +for key_type in ${SSH_HOST_KEY_TYPES[@]}; do + KEY_PATH=/etc/ssh/ssh_host_${key_type}_key + if [[ ! -f "${KEY_PATH}" ]]; then + ssh-keygen -q -t ${key_type} -f ${KEY_PATH} -N "" + fi +done + +mkdir -p /var/lib/nova/.ssh + +if [[ $(stat -c %U:%G /var/lib/nova/.ssh) != "nova:nova" ]]; then + chown nova: /var/lib/nova/.ssh +fi diff --git a/kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile new file mode 100644 index 0000000..9be187c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/novajoin --groups kolla novajoin \ + && mkdir -p /var/lib/novajoin \ + && chown -R 42470:42470 /var/lib/novajoin + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 750 /etc/sudoers.d \ + && touch /usr/local/bin/kolla_novajoin_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_novajoin_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh new file mode 100644 index 0000000..f5b38b8 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/novajoin" ]]; then + mkdir -p /var/log/kolla/novajoin +fi +if [[ $(stat -c %a /var/log/kolla/novajoin) != "755" ]]; then + chmod 755 /var/log/kolla/novajoin +fi + +. /usr/local/bin/kolla_novajoin_extend_start diff --git a/kolla/queens/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile new file mode 100644 index 0000000..3ab26aa --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile @@ -0,0 +1,2 @@ +FROM openeuler/openeuler-binary-novajoin-base:queens-20.03-lts-sp2 + diff --git a/kolla/queens/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile new file mode 100644 index 0000000..3ab26aa --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile @@ -0,0 +1,2 @@ +FROM openeuler/openeuler-binary-novajoin-base:queens-20.03-lts-sp2 + diff --git a/kolla/queens/20.03-lts-sp2/openstack-base/Dockerfile b/kolla/queens/20.03-lts-sp2/openstack-base/Dockerfile new file mode 100644 index 0000000..d10cec5 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/openstack-base/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN yum -y install avahi-libs cups-libs fontconfig fontpackages-filesystem freetype gnutls initscripts iproute libjpeg-turbo libpng libX11 libX11-common libXau libxcb libXext libXi libxslt libyaml mailcap MySQL-python openssl python2-pyOpenSSL pyparsing python2-crypto python2-msgpack python2-cryptography python2-debtcollector python2-eventlet python2-fasteners python2-funcsigs python2-futurist python2-greenlet python2-iso8601 python2-oslo-cache python2-oslo-concurrency python2-oslo-config python2-oslo-context python2-oslo-db python2-oslo-i18n python2-oslo-log python2-oslo-messaging python2-oslo-middleware python2-oslo-policy python2-oslo-reports python2-oslo-rootwrap python2-oslo-serialization python2-oslo-service python2-oslo-utils python2-oslo-versionedobjects python2-pika python2-pika-pool python2-pyasn1 python2-PyMySQL python2-sysv-ipc python2-zake python2-alembic python2-amqp python2-barbicanclient python2-beaker python2-cachetools python2-cffi python2-cliff python2-cmd2 python2-contextlib2 python2-dateutil python2-decorator python2-designateclient python2-dogpile-cache python2-editor python2-enum34 python2-extras python2-fixtures python2-futures python2-glanceclient python2-heatclient python2-httplib2 python2-idna python2-inotify python2-ipaddress python2-ironicclient python2-jsonpatch python2-jsonpointer python2-jsonschema python2-kazoo python2-keyring python2-keystoneauth1 python2-keystoneclient python2-keystonemiddleware python2-kombu python2-linecache2 python2-logutils python2-lxml python2-mako python2-memcached python2-sqlalchemy-migrate python2-mimeparse python2-mistralclient python2-monotonic python2-netaddr python2-netifaces python2-neutronclient python2-novaclient python2-openstackclient python2-osprofiler python2-paramiko python2-paste python2-paste-deploy python2-pbr python2-ply python2-prettytable python2-psycopg2 python2-pycparser python2-PyMySQL python2-redis python2-repoze-lru python2-requests python2-retrying python2-routes python2-simplejson python2-sqlalchemy python2-sqlparse python2-stevedore python2-swiftclient python2-tempita python2-testtools python2-tooz python2-traceback2 python2-troveclient python2-unicodecsv python2-unittest2 python2-urllib3 python2-warlock python2-webob python2-wrapt PyYAML systemd-sysv tcp_wrappers-libs && yum clean all && rm -rf /var/cache/yum + +RUN printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth" | \ + openssl req -x509 -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key \ + -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config - \ + && chmod 644 /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key + diff --git a/kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile b/kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile new file mode 100644 index 0000000..082323b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/prometheus --groups kolla prometheus \ + && mkdir -p /var/lib/prometheus \ + && chown -R 42472:42472 /var/lib/prometheus + +ENV prometheus_arch=arm64 + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh new file mode 100644 index 0000000..8613330 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Create log directory, with appropriate permissions +if [[ ! -d "/var/log/kolla/prometheus" ]]; then + mkdir -p /var/log/kolla/prometheus +fi +if [[ $(stat -c %a /var/log/kolla/prometheus) != "755" ]]; then + chmod 755 /var/log/kolla/prometheus +fi diff --git a/kolla/queens/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile b/kolla/queens/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile new file mode 100644 index 0000000..5a7e841 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-prometheus-base:queens-20.03-lts-sp2 + +ENV haproxy_exporter_version=0.7.1 + +RUN curl -sSL -o /tmp/haproxy_exporter.tar.gz https://github.com/prometheus/haproxy_exporter/releases/download/v${haproxy_exporter_version}/haproxy_exporter-${haproxy_exporter_version}.linux-${prometheus_arch}.tar.gz \ + && tar xvf /tmp/haproxy_exporter.tar.gz -C /opt/ \ + && rm -f /tmp/haproxy_exporter.tar.gz \ + && ln -s /opt/haproxy_exporter* /opt/haproxy_exporter + +USER prometheus diff --git a/kolla/queens/20.03-lts-sp2/rabbitmq/Dockerfile b/kolla/queens/20.03-lts-sp2/rabbitmq/Dockerfile new file mode 100644 index 0000000..23cfec5 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/rabbitmq/Dockerfile @@ -0,0 +1,18 @@ +FROM openeuler/openeuler-binary-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/rabbitmq --groups kolla rabbitmq \ + && mkdir -p /var/lib/rabbitmq \ + && chown -R 42439:42439 /var/lib/rabbitmq + +RUN yum -y install erlang-hipe hostname rabbitmq-server && yum clean all && rm -rf /var/cache/yum + +RUN rabbitmq-plugins list | grep rabbitmq_management &>/dev/null \ + && rabbitmq-plugins enable rabbitmq_management \ + && ln -s `rpm -ql rabbitmq-server | grep cuttlefish` /usr/lib/rabbitmq/bin/cuttlefish \ + && rm -f /etc/rabbitmq/rabbitmq.config + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +COPY rabbitmq_get_gospel_node.py /usr/local/bin/rabbitmq_get_gospel_node +RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node + +USER rabbitmq diff --git a/kolla/queens/20.03-lts-sp2/rabbitmq/extend_start.sh b/kolla/queens/20.03-lts-sp2/rabbitmq/extend_start.sh new file mode 100644 index 0000000..ef28d2b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/rabbitmq/extend_start.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +: ${RABBITMQ_LOG_DIR:=/var/log/kolla/rabbitmq} + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + +# NOTE(sbezverk): In kubernetes environment, if this file exists from previous +# bootstrap, the system does not allow to overwrite it (it bootstrap files with +# permission denied error) but it allows to delete it and then recreate it. + if [[ -e "/var/lib/rabbitmq/.erlang.cookie" ]]; then + rm -f /var/lib/rabbitmq/.erlang.cookie + fi + echo "${RABBITMQ_CLUSTER_COOKIE}" > /var/lib/rabbitmq/.erlang.cookie + chmod 400 /var/lib/rabbitmq/.erlang.cookie + exit 0 +fi + +if [[ ! -d "${RABBITMQ_LOG_DIR}" ]]; then + mkdir -p ${RABBITMQ_LOG_DIR} +fi + +if [[ $(stat -c %a ${RABBITMQ_LOG_DIR}) != "755" ]]; then + chmod 755 ${RABBITMQ_LOG_DIR} +fi diff --git a/kolla/queens/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py b/kolla/queens/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py new file mode 100644 index 0000000..9f40c92 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py @@ -0,0 +1,63 @@ +#!/usr/bin/python + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import json +import subprocess # nosec +import traceback + + +def extract_gospel_node(term): + return term.split("@")[1].translate(None, "\'\"{},") + + +def main(): + try: + # TODO(pbourke): see if can get gospel node without requiring shell + raw_status = subprocess.check_output( + "/usr/sbin/rabbitmqctl eval 'rabbit_clusterer:status().'", + shell=True, stderr=subprocess.STDOUT # nosec: this command appears + # to require a shell to work + ) + if "Rabbit is running in cluster configuration" not in raw_status: + raise AttributeError + gospel_line = [ + line for line in raw_status.split('\n') if 'gospel' in line + ][0] + gospel_node = extract_gospel_node(gospel_line) + if not gospel_node: + raise AttributeError + except AttributeError: + result = { + 'failed': True, + 'error': raw_status, + 'changed': True + } + except Exception: + result = { + 'failed': True, + 'error': traceback.format_exc(), + 'changed': True + } + else: + result = { + 'failed': False, + 'hostname': gospel_node, + 'changed': False + } + + print(json.dumps(result)) + + +if __name__ == '__main__': + main() diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-api/Dockerfile b/kolla/queens/20.03-lts-sp2/trove/trove-api/Dockerfile new file mode 100644 index 0000000..aeeac6f --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-api/Dockerfile @@ -0,0 +1,8 @@ +FROM openeuler/openeuler-binary-trove-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-trove-api && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_trove_extend_start +RUN chmod 755 /usr/local/bin/kolla_trove_extend_start + +USER trove diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-api/extend_start.sh b/kolla/queens/20.03-lts-sp2/trove/trove-api/extend_start.sh new file mode 100644 index 0000000..76839e2 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-api/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + trove-manage db_sync + exit 0 +fi diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-base/Dockerfile b/kolla/queens/20.03-lts-sp2/trove/trove-base/Dockerfile new file mode 100644 index 0000000..4c6d49f --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-base/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-openstack-base:queens-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/trove --groups kolla trove \ + && mkdir -p /var/lib/trove \ + && chown -R 42449:42449 /var/lib/trove + +RUN yum -y install openstack-trove-common && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_trove_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_trove_extend_start + diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-base/extend_start.sh b/kolla/queens/20.03-lts-sp2/trove/trove-base/extend_start.sh new file mode 100644 index 0000000..581a83d --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/trove" ]]; then + mkdir -p /var/log/kolla/trove +fi +if [[ $(stat -c %a /var/log/kolla/trove) != "755" ]]; then + chmod 755 /var/log/kolla/trove +fi + +. /usr/local/bin/kolla_trove_extend_start diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-conductor/Dockerfile b/kolla/queens/20.03-lts-sp2/trove/trove-conductor/Dockerfile new file mode 100644 index 0000000..334e2f1 --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-conductor/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-trove-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-trove-conductor && yum clean all && rm -rf /var/cache/yum + +USER trove diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-guestagent/Dockerfile b/kolla/queens/20.03-lts-sp2/trove/trove-guestagent/Dockerfile new file mode 100644 index 0000000..dd4fc8b --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-guestagent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-trove-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-trove-guestagent && yum clean all && rm -rf /var/cache/yum + +USER trove diff --git a/kolla/queens/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile b/kolla/queens/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile new file mode 100644 index 0000000..369d19c --- /dev/null +++ b/kolla/queens/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-trove-base:queens-20.03-lts-sp2 + +RUN yum -y install openstack-trove-taskmanager && yum clean all && rm -rf /var/cache/yum + +USER trove diff --git a/kolla/rocky/20.03-lts-sp2/base/Dockerfile b/kolla/rocky/20.03-lts-sp2/base/Dockerfile new file mode 100644 index 0000000..0284353 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/Dockerfile @@ -0,0 +1,212 @@ +FROM openeuler/openeuler:20.03-lts-sp2 + +ARG ARCH + +COPY openEuler-${ARCH}.repo /etc/yum.repos.d/openEuler.repo + +RUN yum install -y shadow-utils +RUN groupadd --force --gid 42475 almanach \ + && useradd -M --shell /usr/sbin/nologin --uid 42475 --gid 42475 almanach \ + && groupadd --force --gid 42401 ansible \ + && useradd -M --shell /usr/sbin/nologin --uid 42401 --gid 42401 ansible \ + && groupadd --force --gid 42402 aodh \ + && useradd -M --shell /usr/sbin/nologin --uid 42402 --gid 42402 aodh \ + && groupadd --force --gid 42403 barbican \ + && useradd -M --shell /usr/sbin/nologin --uid 42403 --gid 42403 barbican \ + && groupadd --force --gid 42404 bifrost \ + && useradd -M --shell /usr/sbin/nologin --uid 42404 --gid 42404 bifrost \ + && groupadd --force --gid 42471 blazar \ + && useradd -M --shell /usr/sbin/nologin --uid 42471 --gid 42471 blazar \ + && groupadd --force --gid 42405 ceilometer \ + && useradd -M --shell /usr/sbin/nologin --uid 42405 --gid 42405 ceilometer \ + && groupadd --force --gid 64045 ceph \ + && useradd -M --shell /usr/sbin/nologin --uid 64045 --gid 64045 ceph \ + && groupadd --force --gid 42406 chrony \ + && useradd -M --shell /usr/sbin/nologin --uid 42406 --gid 42406 chrony \ + && groupadd --force --gid 42407 cinder \ + && useradd -M --shell /usr/sbin/nologin --uid 42407 --gid 42407 cinder \ + && groupadd --force --gid 42408 cloudkitty \ + && useradd -M --shell /usr/sbin/nologin --uid 42408 --gid 42408 cloudkitty \ + && groupadd --force --gid 42409 collectd \ + && useradd -M --shell /usr/sbin/nologin --uid 42409 --gid 42409 collectd \ + && groupadd --force --gid 42410 congress \ + && useradd -M --shell /usr/sbin/nologin --uid 42410 --gid 42410 congress \ + && groupadd --force --gid 42411 designate \ + && useradd -M --shell /usr/sbin/nologin --uid 42411 --gid 42411 designate \ + && groupadd --force --gid 42464 dragonflow \ + && useradd -M --shell /usr/sbin/nologin --uid 42464 --gid 42464 dragonflow \ + && groupadd --force --gid 42466 ec2api \ + && useradd -M --shell /usr/sbin/nologin --uid 42466 --gid 42466 ec2api \ + && groupadd --force --gid 42412 elasticsearch \ + && useradd -M --shell /usr/sbin/nologin --uid 42412 --gid 42412 elasticsearch \ + && groupadd --force --gid 42413 etcd \ + && useradd -M --shell /usr/sbin/nologin --uid 42413 --gid 42413 etcd \ + && groupadd --force --gid 42474 fluentd \ + && useradd -M --shell /usr/sbin/nologin --uid 42474 --gid 42474 fluentd \ + && groupadd --force --gid 42414 freezer \ + && useradd -M --shell /usr/sbin/nologin --uid 42414 --gid 42414 freezer \ + && groupadd --force --gid 42415 glance \ + && useradd -M --shell /usr/sbin/nologin --uid 42415 --gid 42415 glance \ + && groupadd --force --gid 42416 gnocchi \ + && useradd -M --shell /usr/sbin/nologin --uid 42416 --gid 42416 gnocchi \ + && groupadd --force --gid 42417 grafana \ + && useradd -M --shell /usr/sbin/nologin --uid 42417 --gid 42417 grafana \ + && groupadd --force --gid 42454 haproxy \ + && useradd -M --shell /usr/sbin/nologin --uid 42454 --gid 42454 haproxy \ + && groupadd --force --gid 42418 heat \ + && useradd -M --shell /usr/sbin/nologin --uid 42418 --gid 42418 heat \ + && groupadd --force --gid 42420 horizon \ + && useradd -M --shell /usr/sbin/nologin --uid 42420 --gid 42420 horizon \ + && groupadd --force --gid 42477 hugetlbfs \ + && useradd -M --shell /usr/sbin/nologin --uid 42477 --gid 42477 hugetlbfs \ + && groupadd --force --gid 42421 influxdb \ + && useradd -M --shell /usr/sbin/nologin --uid 42421 --gid 42421 influxdb \ + && groupadd --force --gid 42422 ironic \ + && useradd -M --shell /usr/sbin/nologin --uid 42422 --gid 42422 ironic \ + && groupadd --force --gid 42461 ironic-inspector \ + && useradd -M --shell /usr/sbin/nologin --uid 42461 --gid 42461 ironic-inspector \ + && groupadd --force --gid 42423 kafka \ + && useradd -M --shell /usr/sbin/nologin --uid 42423 --gid 42423 kafka \ + && groupadd --force --gid 42458 karbor \ + && useradd -M --shell /usr/sbin/nologin --uid 42458 --gid 42458 karbor \ + && groupadd --force --gid 42425 keystone \ + && useradd -M --shell /usr/sbin/nologin --uid 42425 --gid 42425 keystone \ + && groupadd --force --gid 42426 kibana \ + && useradd -M --shell /usr/sbin/nologin --uid 42426 --gid 42426 kibana \ + && groupadd --force --gid 42400 kolla \ + && useradd -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla \ + && groupadd --force --gid 42469 kuryr \ + && useradd -M --shell /usr/sbin/nologin --uid 42469 --gid 42469 kuryr \ + && groupadd --force --gid 42473 libvirt \ + && useradd -M --shell /usr/sbin/nologin --uid 42473 --gid 42473 libvirt \ + && groupadd --force --gid 42478 logstash \ + && useradd -M --shell /usr/sbin/nologin --uid 42478 --gid 42478 logstash \ + && groupadd --force --gid 42428 magnum \ + && useradd -M --shell /usr/sbin/nologin --uid 42428 --gid 42428 magnum \ + && groupadd --force --gid 42429 manila \ + && useradd -M --shell /usr/sbin/nologin --uid 42429 --gid 42429 manila \ + && groupadd --force --gid 42457 memcached \ + && useradd -M --shell /usr/sbin/nologin --uid 42457 --gid 42457 memcached \ + && groupadd --force --gid 42430 mistral \ + && useradd -M --shell /usr/sbin/nologin --uid 42430 --gid 42430 mistral \ + && groupadd --force --gid 42431 monasca \ + && useradd -M --shell /usr/sbin/nologin --uid 42431 --gid 42431 monasca \ + && groupadd --force --gid 65534 mongodb \ + && useradd -M --shell /usr/sbin/nologin --uid 42432 --gid 65534 mongodb \ + && groupadd --force --gid 42433 murano \ + && useradd -M --shell /usr/sbin/nologin --uid 42433 --gid 42433 murano \ + && groupadd --force --gid 42434 mysql \ + && useradd -M --shell /usr/sbin/nologin --uid 42434 --gid 42434 mysql \ + && groupadd --force --gid 42435 neutron \ + && useradd -M --shell /usr/sbin/nologin --uid 42435 --gid 42435 neutron \ + && groupadd --force --gid 42436 nova \ + && useradd -M --shell /usr/sbin/nologin --uid 42436 --gid 42436 nova \ + && groupadd --force --gid 42470 novajoin \ + && useradd -M --shell /usr/sbin/nologin --uid 42470 --gid 42470 novajoin \ + && groupadd --force --gid 42437 octavia \ + && useradd -M --shell /usr/sbin/nologin --uid 42437 --gid 42437 octavia \ + && groupadd --force --gid 42462 odl \ + && useradd -M --shell /usr/sbin/nologin --uid 42462 --gid 42462 odl \ + && groupadd --force --gid 42476 openvswitch \ + && useradd -M --shell /usr/sbin/nologin --uid 42476 --gid 42476 openvswitch \ + && groupadd --force --gid 42438 panko \ + && useradd -M --shell /usr/sbin/nologin --uid 42438 --gid 42438 panko \ + && groupadd --force --gid 42472 prometheus \ + && useradd -M --shell /usr/sbin/nologin --uid 42472 --gid 42472 prometheus \ + && groupadd --force --gid 42465 qdrouterd \ + && useradd -M --shell /usr/sbin/nologin --uid 42465 --gid 42465 qdrouterd \ + && groupadd --force --gid 42427 qemu \ + && useradd -M --shell /usr/sbin/nologin --uid 42427 --gid 42427 qemu \ + && groupadd --force --gid 42439 rabbitmq \ + && useradd -M --shell /usr/sbin/nologin --uid 42439 --gid 42439 rabbitmq \ + && groupadd --force --gid 42440 rally \ + && useradd -M --shell /usr/sbin/nologin --uid 42440 --gid 42440 rally \ + && groupadd --force --gid 42460 redis \ + && useradd -M --shell /usr/sbin/nologin --uid 42460 --gid 42460 redis \ + && groupadd --force --gid 42441 sahara \ + && useradd -M --shell /usr/sbin/nologin --uid 42441 --gid 42441 sahara \ + && groupadd --force --gid 42442 searchlight \ + && useradd -M --shell /usr/sbin/nologin --uid 42442 --gid 42442 searchlight \ + && groupadd --force --gid 42443 senlin \ + && useradd -M --shell /usr/sbin/nologin --uid 42443 --gid 42443 senlin \ + && groupadd --force --gid 42467 sensu \ + && useradd -M --shell /usr/sbin/nologin --uid 42467 --gid 42467 sensu \ + && groupadd --force --gid 42468 skydive \ + && useradd -M --shell /usr/sbin/nologin --uid 42468 --gid 42468 skydive \ + && groupadd --force --gid 42444 solum \ + && useradd -M --shell /usr/sbin/nologin --uid 42444 --gid 42444 solum \ + && groupadd --force --gid 42479 storm \ + && useradd -M --shell /usr/sbin/nologin --uid 42479 --gid 42479 storm \ + && groupadd --force --gid 42445 swift \ + && useradd -M --shell /usr/sbin/nologin --uid 42445 --gid 42445 swift \ + && groupadd --force --gid 42446 tacker \ + && useradd -M --shell /usr/sbin/nologin --uid 42446 --gid 42446 tacker \ + && groupadd --force --gid 42447 td-agent \ + && useradd -M --shell /usr/sbin/nologin --uid 42447 --gid 42447 td-agent \ + && groupadd --force --gid 42448 telegraf \ + && useradd -M --shell /usr/sbin/nologin --uid 42448 --gid 42448 telegraf \ + && groupadd --force --gid 42480 tempest \ + && useradd -M --shell /usr/sbin/nologin --uid 42480 --gid 42480 tempest \ + && groupadd --force --gid 42449 trove \ + && useradd -M --shell /usr/sbin/nologin --uid 42449 --gid 42449 trove \ + && groupadd --force --gid 42459 vitrage \ + && useradd -M --shell /usr/sbin/nologin --uid 42459 --gid 42459 vitrage \ + && groupadd --force --gid 42450 vmtp \ + && useradd -M --shell /usr/sbin/nologin --uid 42450 --gid 42450 vmtp \ + && groupadd --force --gid 42451 watcher \ + && useradd -M --shell /usr/sbin/nologin --uid 42451 --gid 42451 watcher \ + && groupadd --force --gid 42452 zaqar \ + && useradd -M --shell /usr/sbin/nologin --uid 42452 --gid 42452 zaqar \ + && groupadd --force --gid 42453 zookeeper \ + && useradd -M --shell /usr/sbin/nologin --uid 42453 --gid 42453 zookeeper \ + && groupadd --force --gid 42463 zun \ + && useradd -M --shell /usr/sbin/nologin --uid 42463 --gid 42463 zun + +ENV KOLLA_BASE_DISTRO=openeuler \ + KOLLA_INSTALL_TYPE=binary \ + KOLLA_INSTALL_METATYPE=rdo + +COPY kolla_bashrc /tmp/ +RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \ + && cat /tmp/kolla_bashrc >> /root/.bashrc + +ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ " + +RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \ + if [ $CURRENT_DISTRO_RELEASE != "20" ]; then \ + echo "Only release '20' is supported on openeuler"; false; \ + fi \ + && cat /tmp/kolla_bashrc >> /etc/bashrc \ + && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/yum.conf + +RUN yum -y install \ + tar \ + util-linux-user \ + && yum clean all \ + && rm -rf /var/cache/yum + +RUN yum -y install openEuler-rpm-config iproute iscsi-initiator-utils lvm2 python scsi-target-utils socat sudo which && yum clean all && rm -rf /var/cache/yum + +COPY set_configs.py /usr/local/bin/kolla_set_configs +COPY start.sh /usr/local/bin/kolla_start +COPY sudoers /etc/sudoers +COPY curlrc /root/.curlrc + +RUN yum -y install gcc glibc-static && yum clean all && rm -rf /var/cache/yum +RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py \ + && python get-pip.py \ + && rm get-pip.py \ + && pip --no-cache-dir install --prefix='/usr/local' dumb-init==1.1.3 \ + && chmod +x /usr/local/bin/dumb-init + +ENTRYPOINT ["dumb-init", "--single-child", "--"] + +RUN touch /usr/local/bin/kolla_extend_start \ + && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs \ + && chmod 440 /etc/sudoers \ + && mkdir -p /var/log/kolla \ + && chown :kolla /var/log/kolla \ + && chmod 2775 /var/log/kolla \ + && rm -f /tmp/kolla_bashrc + +CMD ["kolla_start"] diff --git a/kolla/rocky/20.03-lts-sp2/base/curlrc b/kolla/rocky/20.03-lts-sp2/base/curlrc new file mode 100644 index 0000000..903967b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/curlrc @@ -0,0 +1,4 @@ +# curl default options +--silent +--show-error +--write-out "curl (%{url_effective}): response: %{http_code}, time: %{time_total}, size: %{size_download}\n" diff --git a/kolla/rocky/20.03-lts-sp2/base/kolla_bashrc b/kolla/rocky/20.03-lts-sp2/base/kolla_bashrc new file mode 100644 index 0000000..09b19cc --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/kolla_bashrc @@ -0,0 +1,5 @@ +#### Custom data added by Kolla +_KBOLD="\[$(tput bold)\]" +_KRESET="\[$(tput sgr0)\]" + +PS1="${_KBOLD}(${KOLLA_SERVICE_NAME})${_KRESET}[\u@\h \W]\\$ " diff --git a/kolla/rocky/20.03-lts-sp2/base/openEuler-aarch64.repo b/kolla/rocky/20.03-lts-sp2/base/openEuler-aarch64.repo new file mode 100644 index 0000000..fce7f06 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/openEuler-aarch64.repo @@ -0,0 +1,17 @@ +[Everything] +name=everything +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/everything/aarch64/ +gpgcheck=0 +enabled=1 + +[EPOL] +name=EPOL +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/main/aarch64/ +gpgcheck=0 +enabled=1 + +[openstack_rocky] +name=OpenStack_Rocky +baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/rocky/aarch64/ +gpgcheck=0 +enabled=1 diff --git a/kolla/rocky/20.03-lts-sp2/base/openEuler-x86-64.repo b/kolla/rocky/20.03-lts-sp2/base/openEuler-x86-64.repo new file mode 100644 index 0000000..7218471 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/openEuler-x86-64.repo @@ -0,0 +1,17 @@ +[Everything] +name=everything +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/everything/x86_64/ +gpgcheck=0 +enabled=1 + +[EPOL] +name=EPOL +baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/main/x86_64/ +gpgcheck=0 +enabled=1 + +[openstack_rocky] +name=OpenStack_Rocky +baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/rocky/x86_64/ +gpgcheck=0 +enabled=1 diff --git a/kolla/rocky/20.03-lts-sp2/base/set_configs.py b/kolla/rocky/20.03-lts-sp2/base/set_configs.py new file mode 100644 index 0000000..5533e66 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/set_configs.py @@ -0,0 +1,428 @@ +#!/usr/bin/env python + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import glob +import grp +import json +import logging +import os +import pwd +import shutil +import sys + + +# TODO(rhallisey): add docstring. +logging.basicConfig() +LOG = logging.getLogger(__name__) +LOG.setLevel(logging.INFO) + + +class ExitingException(Exception): + def __init__(self, message, exit_code=1): + super(ExitingException, self).__init__(message) + self.exit_code = exit_code + + +class ImmutableConfig(ExitingException): + pass + + +class InvalidConfig(ExitingException): + pass + + +class MissingRequiredSource(ExitingException): + pass + + +class UserNotFound(ExitingException): + pass + + +class ConfigFileBadState(ExitingException): + pass + + +class ConfigFile(object): + + def __init__(self, source, dest, owner=None, perm=None, optional=False, + preserve_properties=False, merge=False): + self.source = source + self.dest = dest + self.owner = owner + self.perm = perm + self.optional = optional + self.merge = merge + self.preserve_properties = preserve_properties + + def __str__(self): + return ''.format(self.source, + self.dest) + + def _copy_file(self, source, dest): + self._delete_path(dest) + # dest endswith / means copy the to folder + LOG.info('Copying %s to %s', source, dest) + if self.merge and self.preserve_properties and os.path.islink(source): + link_target = os.readlink(source) + os.symlink(link_target, dest) + else: + shutil.copy(source, dest) + self._set_properties(source, dest) + + def _merge_directories(self, source, dest): + if os.path.isdir(source): + if os.path.lexists(dest) and not os.path.isdir(dest): + self._delete_path(dest) + if not os.path.isdir(dest): + LOG.info('Creating directory %s', dest) + os.makedirs(dest) + self._set_properties(source, dest) + + dir_content = os.listdir(source) + for to_copy in dir_content: + self._merge_directories(os.path.join(source, to_copy), + os.path.join(dest, to_copy)) + else: + self._copy_file(source, dest) + + def _delete_path(self, path): + if not os.path.lexists(path): + return + LOG.info('Deleting %s', path) + if os.path.isdir(path): + shutil.rmtree(path) + else: + os.remove(path) + + def _create_parent_dirs(self, path): + parent_path = os.path.dirname(path) + if not os.path.exists(parent_path): + os.makedirs(parent_path) + + def _set_properties(self, source, dest): + if self.preserve_properties: + self._set_properties_from_file(source, dest) + else: + self._set_properties_from_conf(dest) + + def _set_properties_from_file(self, source, dest): + shutil.copystat(source, dest) + stat = os.stat(source) + os.chown(dest, stat.st_uid, stat.st_gid) + + def _set_properties_from_conf(self, path): + config = {'permissions': + [{'owner': self.owner, 'path': path, 'perm': self.perm}]} + handle_permissions(config) + + def copy(self): + + sources = glob.glob(self.source) + + if not self.optional and not sources: + raise MissingRequiredSource('%s file is not found' % self.source) + # skip when there is no sources and optional + elif self.optional and not sources: + return + + for source in sources: + dest = self.dest + # dest endswith / means copy the into folder, + # otherwise means copy the source to dest + if dest.endswith(os.sep): + dest = os.path.join(dest, os.path.basename(source)) + if not self.merge: + self._delete_path(dest) + self._create_parent_dirs(dest) + self._merge_directories(source, dest) + + def _cmp_file(self, source, dest): + # check exsit + if (os.path.exists(source) and + not self.optional and + not os.path.exists(dest)): + return False + # check content + with open(source) as f1, open(dest) as f2: + if f1.read() != f2.read(): + LOG.error('The content of source file(%s) and' + ' dest file(%s) are not equal.', source, dest) + return False + # check perm + file_stat = os.stat(dest) + actual_perm = oct(file_stat.st_mode)[-4:] + if self.perm != actual_perm: + LOG.error('Dest file does not have expected perm: %s, actual: %s', + self.perm, actual_perm) + return False + # check owner + desired_user, desired_group = user_group(self.owner) + actual_user = pwd.getpwuid(file_stat.st_uid) + if actual_user.pw_name != desired_user: + LOG.error('Dest file does not have expected user: %s,' + ' actual: %s ', desired_user, actual_user.pw_name) + return False + actual_group = grp.getgrgid(file_stat.st_gid) + if actual_group.gr_name != desired_group: + LOG.error('Dest file does not have expected group: %s,' + ' actual: %s ', desired_group, actual_group.gr_name) + return False + return True + + def _cmp_dir(self, source, dest): + for root, dirs, files in os.walk(source): + for dir_ in dirs: + full_path = os.path.join(root, dir_) + dest_full_path = os.path.join(dest, os.path.relpath(source, + full_path)) + dir_stat = os.stat(dest_full_path) + actual_perm = oct(dir_stat.st_mode)[-4:] + if self.perm != actual_perm: + LOG.error('Dest dir does not have expected perm: %s,' + ' actual %s', self.perm, actual_perm) + return False + for file_ in files: + full_path = os.path.join(root, file_) + dest_full_path = os.path.join(dest, os.path.relpath(source, + full_path)) + if not self._cmp_file(full_path, dest_full_path): + return False + return True + + def check(self): + bad_state_files = [] + sources = glob.glob(self.source) + + if not sources and not self.optional: + raise MissingRequiredSource('%s file is not found' % self.source) + elif self.optional and not sources: + return + + for source in sources: + dest = self.dest + # dest endswith / means copy the into folder, + # otherwise means copy the source to dest + if dest.endswith(os.sep): + dest = os.path.join(dest, os.path.basename(source)) + if os.path.isdir(source) and not self._cmp_dir(source, dest): + bad_state_files.append(source) + elif not self._cmp_file(source, dest): + bad_state_files.append(source) + if len(bad_state_files) != 0: + msg = 'Following files are in bad state: %s' % bad_state_files + raise ConfigFileBadState(msg) + + +def validate_config(config): + required_keys = {'source', 'dest'} + + if 'command' not in config: + raise InvalidConfig('Config is missing required "command" key') + + # Validate config sections + for data in config.get('config_files', list()): + # Verify required keys exist. + if not data.viewkeys() >= required_keys: + message = 'Config is missing required keys: %s' % required_keys + raise InvalidConfig(message) + if ('owner' not in data or 'perm' not in data) \ + and not data.get('preserve_properties', False): + raise InvalidConfig( + 'Config needs preserve_properties or owner and perm') + + +def validate_source(data): + source = data.get('source') + + # Only check existence if no wildcard found + if '*' not in source: + if not os.path.exists(source): + if data.get('optional'): + LOG.info("%s does not exist, but is not required", source) + return False + else: + raise MissingRequiredSource( + "The source to copy does not exist: %s" % source) + + return True + + +def load_config(): + def load_from_env(): + config_raw = os.environ.get("KOLLA_CONFIG") + if config_raw is None: + return None + + # Attempt to read config + try: + return json.loads(config_raw) + except ValueError: + raise InvalidConfig('Invalid json for Kolla config') + + def load_from_file(): + config_file = os.environ.get("KOLLA_CONFIG_FILE") + if not config_file: + config_file = '/var/lib/kolla/config_files/config.json' + LOG.info("Loading config file at %s", config_file) + + # Attempt to read config file + with open(config_file) as f: + try: + return json.load(f) + except ValueError: + raise InvalidConfig( + "Invalid json file found at %s" % config_file) + except IOError as e: + raise InvalidConfig( + "Could not read file %s: %r" % (config_file, e)) + + config = load_from_env() + if config is None: + config = load_from_file() + + LOG.info('Validating config file') + validate_config(config) + return config + + +def copy_config(config): + if 'config_files' in config: + LOG.info('Copying service configuration files') + for data in config['config_files']: + config_file = ConfigFile(**data) + config_file.copy() + else: + LOG.debug('No files to copy found in config') + + LOG.info('Writing out command to execute') + LOG.debug("Command is: %s", config['command']) + # The value from the 'command' key will be written to '/run_command' + cmd = '/run_command' + with open(cmd, 'w+') as f: + f.write(config['command']) + # Make sure the generated file is readable by all users + try: + os.chmod(cmd, 0o644) + except OSError: + LOG.exception('Failed to set permission of %s to 0o644', cmd) + + +def user_group(owner): + if ':' in owner: + user, group = owner.split(':', 1) + if not group: + group = user + else: + user, group = owner, owner + return user, group + + +def handle_permissions(config): + for permission in config.get('permissions', list()): + path = permission.get('path') + owner = permission.get('owner') + recurse = permission.get('recurse', False) + perm = permission.get('perm') + + desired_user, desired_group = user_group(owner) + uid = pwd.getpwnam(desired_user).pw_uid + gid = grp.getgrnam(desired_group).gr_gid + + def set_perms(path, uid, gid, perm): + LOG.info('Setting permission for %s', path) + if not os.path.exists(path): + LOG.warning('%s does not exist', path) + return + + try: + os.chown(path, uid, gid) + except OSError: + LOG.exception('Failed to change ownership of %s to %s:%s', + path, uid, gid) + + if perm: + # NOTE(Jeffrey4l): py3 need '0oXXX' format for octal literals, + # and py2 support such format too. + if len(perm) == 4 and perm[1] != 'o': + perm = ''.join([perm[:1], 'o', perm[1:]]) + perm = int(perm, base=0) + + try: + os.chmod(path, perm) + except OSError: + LOG.exception('Failed to set permission of %s to %s', + path, perm) + + for dest in glob.glob(path): + set_perms(dest, uid, gid, perm) + if recurse and os.path.isdir(dest): + for root, dirs, files in os.walk(dest): + for dir_ in dirs: + set_perms(os.path.join(root, dir_), uid, gid, perm) + for file_ in files: + set_perms(os.path.join(root, file_), uid, gid, perm) + + +def execute_config_strategy(config): + config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY") + LOG.info("Kolla config strategy set to: %s", config_strategy) + if config_strategy == "COPY_ALWAYS": + copy_config(config) + handle_permissions(config) + elif config_strategy == "COPY_ONCE": + if os.path.exists('/configured'): + raise ImmutableConfig( + "The config strategy prevents copying new configs", + exit_code=0) + else: + copy_config(config) + handle_permissions(config) + os.mknod('/configured') + else: + raise InvalidConfig('KOLLA_CONFIG_STRATEGY is not set properly') + + +def execute_config_check(config): + for data in config['config_files']: + config_file = ConfigFile(**data) + config_file.check() + + +def main(): + try: + parser = argparse.ArgumentParser() + parser.add_argument('--check', + action='store_true', + required=False, + help='Check whether the configs changed') + args = parser.parse_args() + config = load_config() + + if args.check: + execute_config_check(config) + else: + execute_config_strategy(config) + except ExitingException as e: + LOG.error("%s: %s", e.__class__.__name__, e) + return e.exit_code + except Exception: + LOG.exception('Unexpected error:') + return 2 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/kolla/rocky/20.03-lts-sp2/base/start.sh b/kolla/rocky/20.03-lts-sp2/base/start.sh new file mode 100644 index 0000000..34a6e53 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/start.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -o errexit +set -o xtrace + +# Processing /var/lib/kolla/config_files/config.json as root. This is necessary +# to permit certain files to be controlled by the root user which should +# not be writable by the dropped-privileged user, especially /run_command +sudo -E kolla_set_configs +CMD=$(cat /run_command) +ARGS="" + +if [[ ! "${!KOLLA_SKIP_EXTEND_START[@]}" ]]; then + # Run additional commands if present + . kolla_extend_start +fi + +echo "Running command: '${CMD}${ARGS:+ $ARGS}'" +exec ${CMD} ${ARGS} diff --git a/kolla/rocky/20.03-lts-sp2/base/sudoers b/kolla/rocky/20.03-lts-sp2/base/sudoers new file mode 100644 index 0000000..76baefc --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/base/sudoers @@ -0,0 +1,18 @@ +# The idea here is a container service adds their UID to the kolla group +# via usermod -a -G kolla . Then the kolla_start may run +# kolla_set_configs via sudo as the root user which is necessary to protect +# the immutability of the container + +# anyone in the kolla group may sudo -E (set the environment) +Defaults: %kolla setenv + +# root may run any commands via sudo as the network seervice user. This is +# neededfor database migrations of existing services which have not been +# converted to run as a non-root user, but instead do that via sudo -E glance +root ALL=(ALL) ALL + +# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the +# root user via sudo without password confirmation +%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs + +#includedir /etc/sudoers.d diff --git a/kolla/rocky/20.03-lts-sp2/chrony/Dockerfile b/kolla/rocky/20.03-lts-sp2/chrony/Dockerfile new file mode 100644 index 0000000..3e41c36 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/chrony/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/chrony --groups kolla chrony \ + && mkdir -p /var/lib/chrony \ + && chown -R 42406:42406 /var/lib/chrony + +RUN yum -y install chrony && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/chrony/extend_start.sh b/kolla/rocky/20.03-lts-sp2/chrony/extend_start.sh new file mode 100644 index 0000000..bc28e56 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/chrony/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +rm -f /var/run/chronyd.pid + +CHRONY_LOG_DIR="/var/log/kolla/chrony" +if [[ ! -d "${CHRONY_LOG_DIR}" ]]; then + mkdir -p ${CHRONY_LOG_DIR} +fi + +if [[ $(stat -c %a ${CHRONY_LOG_DIR}) != "755" ]]; then + chmod 755 /var/log/kolla/chrony +fi + +if [[ $(stat -c %U:%G ${CHRONY_LOG_DIR}) != "chrony:chrony" ]]; then + chown chrony:chrony ${CHRONY_LOG_DIR} +fi diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-api/Dockerfile b/kolla/rocky/20.03-lts-sp2/cinder/cinder-api/Dockerfile new file mode 100644 index 0000000..a811802 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-api/Dockerfile @@ -0,0 +1,12 @@ +FROM openeuler/openeuler-binary-cinder-base:rocky-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi python2-keystone && yum clean all && rm -rf /var/cache/yum +RUN mkdir -p /var/www/cgi-bin/cinder \ + && cp -a /usr/bin/cinder-wsgi /var/www/cgi-bin/cinder/cinder-wsgi \ + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start +RUN chmod 755 /usr/local/bin/kolla_cinder_extend_start \ + && chown -R cinder: /var/www/cgi-bin/cinder \ + && chmod 755 /var/www/cgi-bin/cinder/cinder-wsgi diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-api/extend_start.sh b/kolla/rocky/20.03-lts-sp2/cinder/cinder-api/extend_start.sh new file mode 100644 index 0000000..7fef260 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-api/extend_start.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -o errexit + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + cinder-manage db sync + exit 0 +fi + +if [[ "${!KOLLA_OSM[@]}" ]]; then + if [[ -z ${MAX_NUMBER} ]]; then + cinder-manage db online_data_migrations --max_count ${MAX_NUMBER} + else + cinder-manage db online_data_migrations + fi + exit 0 +fi + +# Assume the service runs on top of Apache when user is root +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* + else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + fi +fi diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-backup/Dockerfile b/kolla/rocky/20.03-lts-sp2/cinder/cinder-backup/Dockerfile new file mode 100644 index 0000000..357ca8d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-backup/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-cinder-base:rocky-20.03-lts-sp2 + +RUN yum -y install nfs-utils && yum clean all && rm -rf /var/cache/yum + +USER cinder diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/Dockerfile new file mode 100644 index 0000000..2919e7b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/cinder --groups kolla cinder \ + && mkdir -p /var/lib/cinder \ + && chown -R 42407:42407 /var/lib/cinder + +RUN yum -y install ceph-common lvm2 cryptsetup openstack-cinder python2-automaton python2-oslo-vmware && yum clean all && rm -rf /var/cache/yum + +COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \ + && touch /usr/local/bin/kolla_cinder_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_cinder_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers b/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers new file mode 100644 index 0000000..3750f31 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/cinder_sudoers @@ -0,0 +1 @@ +cinder ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf * diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/extend_start.sh new file mode 100644 index 0000000..21fae59 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/cinder" ]]; then + mkdir -p /var/log/kolla/cinder +fi +if [[ $(stat -c %a /var/log/kolla/cinder) != "755" ]]; then + chmod 755 /var/log/kolla/cinder +fi + +. /usr/local/bin/kolla_cinder_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile b/kolla/rocky/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile new file mode 100644 index 0000000..102c6de --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-scheduler/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-cinder-base:rocky-20.03-lts-sp2 + +USER cinder diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/Dockerfile b/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/Dockerfile new file mode 100644 index 0000000..bf01dd6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-cinder-base:rocky-20.03-lts-sp2 + +RUN yum -y install nfs-utils nvmetcli python2-rtslib-fb scsi-target-utils sysfsutils && yum clean all && rm -rf /var/cache/yum + +RUN sed -i '1 i include /var/lib/cinder/volumes/*' /etc/tgt/tgtd.conf + +COPY cinder_sudoers /etc/sudoers.d/kolla_cinder_volume_sudoers +COPY extend_start.sh /usr/local/bin/kolla_cinder_extend_start + +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_cinder_volume_sudoers \ + && chmod 755 /usr/local/bin/kolla_cinder_extend_start + +USER cinder diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers b/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers new file mode 100644 index 0000000..f3bec8b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/cinder_sudoers @@ -0,0 +1,5 @@ +cinder ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/cinder-rootwrap /etc/cinder/rootwrap.conf * +%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /var/lib/cinder, /usr/bin/chown -R cinder\:kolla /var/lib/cinder +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /var/lib/cinder, /usr/bin/chmod 2775 /var/lib/cinder +%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /etc/iscsi, /usr/bin/chown -R cinder\:kolla /etc/iscsi +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /etc/iscsi, /usr/bin/chmod 2775 /etc/iscsi diff --git a/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh b/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh new file mode 100644 index 0000000..67e8661 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cinder/cinder-volume/extend_start.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [[ $(stat -c %U:%G /var/lib/cinder) != "cinder:kolla" ]]; then + sudo chown -R cinder:kolla /var/lib/cinder +fi +if [[ $(stat -c %a /var/lib/cinder) != "2775" ]]; then + sudo chmod 2775 /var/lib/cinder +fi +if [[ $(stat -c %U:%G /etc/iscsi) != "cinder:kolla" ]]; then + sudo chown -R cinder:kolla /etc/iscsi +fi +if [[ $(stat -c %a /etc/iscsi) != "2775" ]]; then + sudo chmod 2775 /etc/iscsi +fi diff --git a/kolla/rocky/20.03-lts-sp2/cron/Dockerfile b/kolla/rocky/20.03-lts-sp2/cron/Dockerfile new file mode 100644 index 0000000..588c703 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/cron/Dockerfile @@ -0,0 +1,4 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN yum -y install cronie logrotate && yum clean all && rm -rf /var/cache/yum + diff --git a/kolla/rocky/20.03-lts-sp2/dnsmasq/Dockerfile b/kolla/rocky/20.03-lts-sp2/dnsmasq/Dockerfile new file mode 100644 index 0000000..c113a9b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/dnsmasq/Dockerfile @@ -0,0 +1,4 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN yum -y install dnsmasq && yum clean all && rm -rf /var/cache/yum + diff --git a/kolla/rocky/20.03-lts-sp2/glance/glance-api/Dockerfile b/kolla/rocky/20.03-lts-sp2/glance/glance-api/Dockerfile new file mode 100644 index 0000000..8ac90cb --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/glance/glance-api/Dockerfile @@ -0,0 +1,6 @@ +FROM openeuler/openeuler-binary-glance-base:rocky-20.03-lts-sp2 + +COPY extend_start.sh /usr/local/bin/kolla_glance_extend_start +RUN chmod 755 /usr/local/bin/kolla_glance_extend_start + +USER glance diff --git a/kolla/rocky/20.03-lts-sp2/glance/glance-api/extend_start.sh b/kolla/rocky/20.03-lts-sp2/glance/glance-api/extend_start.sh new file mode 100644 index 0000000..3363539 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/glance/glance-api/extend_start.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + glance-manage db_sync + glance-manage db_load_metadefs + exit 0 +fi + +# Migrate database and exit if KOLLA_UPGRADE variable is set. This catches all cases +# of the KOLLA_UPGRADE variable being set, including empty. +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + if [[ "${!GLANCE_DB_EXPAND[@]}" ]]; then + echo "Expanding database" + glance-manage db expand + fi + if [[ "${!GLANCE_DB_MIGRATE[@]}" ]]; then + echo "Migrating database" + glance-manage db migrate + fi + if [[ "${!GLANCE_DB_CONTRACT[@]}" ]]; then + echo "Contracting database" + glance-manage db contract + fi + exit 0 +fi diff --git a/kolla/rocky/20.03-lts-sp2/glance/glance-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/glance/glance-base/Dockerfile new file mode 100644 index 0000000..0d13a7f --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/glance/glance-base/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/glance --groups kolla glance \ + && mkdir -p /var/lib/glance \ + && chown -R 42415:42415 /var/lib/glance + +RUN yum -y install openstack-glance python2-oslo-vmware python-rados python-rbd && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_glance_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/glance/glance-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/glance/glance-base/extend_start.sh new file mode 100644 index 0000000..4f5f5ec --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/glance/glance-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/glance" ]]; then + mkdir -p /var/log/kolla/glance +fi +if [[ $(stat -c %a /var/log/kolla/glance) != "755" ]]; then + chmod 755 /var/log/kolla/glance +fi + +. /usr/local/bin/kolla_glance_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/glance/glance-registry/Dockerfile b/kolla/rocky/20.03-lts-sp2/glance/glance-registry/Dockerfile new file mode 100644 index 0000000..ffa585a --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/glance/glance-registry/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-glance-base:rocky-20.03-lts-sp2 + +USER glance diff --git a/kolla/rocky/20.03-lts-sp2/haproxy/Dockerfile b/kolla/rocky/20.03-lts-sp2/haproxy/Dockerfile new file mode 100644 index 0000000..67a3456 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/haproxy/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/haproxy --groups kolla haproxy \ + && mkdir -p /var/lib/haproxy \ + && chown -R 42454:42454 /var/lib/haproxy + +RUN yum -y install haproxy && yum clean all && rm -rf /var/cache/yum + +RUN mkdir -p /var/lib/kolla/haproxy \ + && chown -R haproxy: /var/lib /run + +COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config +RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config + diff --git a/kolla/rocky/20.03-lts-sp2/haproxy/ensure_latest_config.sh b/kolla/rocky/20.03-lts-sp2/haproxy/ensure_latest_config.sh new file mode 100644 index 0000000..4b84f3a --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/haproxy/ensure_latest_config.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -o errexit + +CURRENT_CONFIG_HASH=$(sha1sum /etc/haproxy/haproxy.cfg | cut -f1 -d' ') +NEW_CONFIG_HASH=$(sha1sum /var/lib/kolla/config_files/haproxy.cfg | cut -f1 -d' ') + +if [[ $CURRENT_CONFIG_HASH != $NEW_CONFIG_HASH ]]; then + changed=changed + python /usr/local/bin/kolla_set_configs + kill -USR2 $(pgrep -f /usr/sbin/haproxy-systemd-wrapper) +fi + +echo $changed diff --git a/kolla/rocky/20.03-lts-sp2/horizon/Dockerfile b/kolla/rocky/20.03-lts-sp2/horizon/Dockerfile new file mode 100644 index 0000000..54cfa21 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/horizon/Dockerfile @@ -0,0 +1,25 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/horizon --groups kolla horizon \ + && mkdir -p /var/lib/horizon \ + && chown -R 42420:42420 /var/lib/horizon + +RUN yum -y install gettext httpd mod_ssl mod_wsgi openstack-dashboard && yum clean all && rm -rf /var/cache/yum + +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \ + && ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python2.7/site-packages/openstack_dashboard \ + && ln -s /usr/share/openstack-dashboard/static /usr/lib/python2.7/site-packages/static \ + && chown -R horizon: /etc/openstack-dashboard /usr/share/openstack-dashboard \ + && chown -R apache: /usr/share/openstack-dashboard/static \ + && sed -i "s|WEBROOT = '/dashboard/'|WEBROOT = '/'|" /etc/openstack-dashboard/local_settings \ + && cp /usr/share/openstack-dashboard/manage.py /usr/bin/manage.py \ + && rm -f /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/?[^_]*.py* \ + && rm -f /usr/lib/python2.7/site-packages/openstack_dashboard/local/enabled/?[^_]*.py* \ + && for locale in /usr/lib/python2.7/site-packages/*/locale; do \ + (cd ${locale%/*} && /usr/bin/python /usr/bin/manage.py compilemessages) \ + done + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/horizon/extend_start.sh b/kolla/rocky/20.03-lts-sp2/horizon/extend_start.sh new file mode 100644 index 0000000..a689cd9 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/horizon/extend_start.sh @@ -0,0 +1,360 @@ +#!/bin/bash + +set -o errexit + +FORCE_GENERATE="${FORCE_GENERATE}" +HASH_PATH=/var/lib/kolla/.settings.md5sum.txt + +if [[ ${KOLLA_INSTALL_TYPE} == "binary" ]]; then + SITE_PACKAGES="/usr/lib/python2.7/site-packages" +elif [[ ${KOLLA_INSTALL_TYPE} == "source" ]]; then + SITE_PACKAGES="/var/lib/kolla/venv/lib/python2.7/site-packages" +fi + +if [[ ${KOLLA_INSTALL_TYPE} == "source" ]] && [[ ! -f ${SITE_PACKAGES}/openstack_dashboard/local/local_settings.py ]]; then + ln -s /etc/openstack-dashboard/local_settings \ + ${SITE_PACKAGES}/openstack_dashboard/local/local_settings.py +fi + +if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then + CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py" + if [[ ${KOLLA_INSTALL_TYPE} == "binary" ]] && [[ "${KOLLA_BASE_DISTRO}" =~ ubuntu ]]; then + CUSTOM_SETTINGS_FILE="/usr/share/openstack-dashboard/openstack_dashboard/local/custom_local_settings.py" + fi + + if [[ ! -L ${CUSTOM_SETTINGS_FILE} ]]; then + ln -s /etc/openstack-dashboard/custom_local_settings ${CUSTOM_SETTINGS_FILE} + fi +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + MANAGE_PY="/usr/bin/python /usr/bin/manage.py" + if [[ -f "/var/lib/kolla/venv/bin/python" ]]; then + MANAGE_PY="/var/lib/kolla/venv/bin/python /var/lib/kolla/venv/bin/manage.py" + fi + $MANAGE_PY migrate --noinput + exit 0 +fi + +function config_dashboard { + ENABLE=$1 + SRC=$2 + DEST=$3 + if [[ ! -f ${SRC} ]]; then + echo "WARNING: ${SRC} is required" + elif [[ "${ENABLE}" == "yes" ]] && [[ ! -f "${DEST}" ]]; then + cp -a "${SRC}" "${DEST}" + FORCE_GENERATE="yes" + elif [[ "${ENABLE}" != "yes" ]] && [[ -f "${DEST}" ]]; then + # remove pyc pyo files too + rm -f "${DEST}" "${DEST}c" "${DEST}o" + FORCE_GENERATE="yes" + fi +} + +function config_blazar_dashboard { + for file in ${SITE_PACKAGES}/blazar_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_BLAZAR}" \ + "${SITE_PACKAGES}/blazar_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_cloudkitty_dashboard { + for file in ${SITE_PACKAGES}/cloudkittydashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_CLOUDKITTY}" \ + "${SITE_PACKAGES}/cloudkittydashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_congress_dashboard { + for file in ${SITE_PACKAGES}/congress_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_CONGRESS}" \ + "${SITE_PACKAGES}/congress_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_designate_dashboard { + for file in ${SITE_PACKAGES}/designatedashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_DESIGNATE}" \ + "${SITE_PACKAGES}/designatedashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_fwaas_dashboard { + for file in ${SITE_PACKAGES}/neutron_fwaas_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_FWAAS}" \ + "${SITE_PACKAGES}/neutron_fwaas_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_freezer_ui { + for file in ${SITE_PACKAGES}/disaster_recovery/enabled/_*[^__].py; do + config_dashboard "${ENABLE_FREEZER}" \ + "${SITE_PACKAGES}/disaster_recovery/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_heat_dashboard { + for file in ${SITE_PACKAGES}/heat_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_HEAT}" \ + "${SITE_PACKAGES}/heat_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_ironic_dashboard { + for file in ${SITE_PACKAGES}/ironic_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_IRONIC}" \ + "${SITE_PACKAGES}/ironic_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_karbor_dashboard { + for file in ${SITE_PACKAGES}/karbor_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_KARBOR}" \ + "${SITE_PACKAGES}/karbor_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_magnum_dashboard { + for file in ${SITE_PACKAGES}/magnum_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MAGNUM}" \ + "${SITE_PACKAGES}/magnum_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_manila_ui { + for file in ${SITE_PACKAGES}/manila_ui/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MANILA}" \ + "${SITE_PACKAGES}/manila_ui/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_murano_dashboard { + for file in ${SITE_PACKAGES}/muranodashboard/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_MURANO}" \ + "${SITE_PACKAGES}/muranodashboard/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + config_dashboard "${ENABLE_MURANO}"\ + "${SITE_PACKAGES}/muranodashboard/conf/murano_policy.json" \ + "/etc/openstack-dashboard/murano_policy.json" + + config_dashboard "${ENABLE_MURANO}"\ + "${SITE_PACKAGES}/muranodashboard/local/local_settings.d/_50_murano.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/local_settings.d/_50_murano.py" +} + +function config_mistral_dashboard { + config_dashboard "${ENABLE_MISTRAL}" \ + "${SITE_PACKAGES}/mistraldashboard/enabled/_50_mistral.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_50_mistral.py" +} + +function config_neutron_lbaas { + config_dashboard "${ENABLE_NEUTRON_LBAAS}" \ + "${SITE_PACKAGES}/neutron_lbaas_dashboard/enabled/_1481_project_ng_loadbalancersv2_panel.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1481_project_ng_loadbalancersv2_panel.py" +} + +function config_neutron_vpnaas_dashboard { + config_dashboard "${ENABLE_NEUTRON_VPNAAS}" \ + "${SITE_PACKAGES}/neutron_vpnaas_dashboard/enabled/_7100_project_vpn_panel.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_7100_project_vpn_panel.py" +} + +function config_octavia_dashboard { + config_dashboard "${ENABLE_OCTAVIA}" \ + "${SITE_PACKAGES}/octavia_dashboard/enabled/_1482_project_load_balancer_panel.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/_1482_project_load_balancer_panel.py" +} + +function config_sahara_dashboard { + for file in ${SITE_PACKAGES}/sahara_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SAHARA}" \ + "${SITE_PACKAGES}/sahara_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_searchlight_ui { + for file in ${SITE_PACKAGES}/searchlight_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SEARCHLIGHT}" \ + "${SITE_PACKAGES}/searchlight_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_SEARCHLIGHT}" \ + "${SITE_PACKAGES}/searchlight_ui/local_settings.d/_1001_search_settings.py" \ + "${SITE_PACKAGES}/openstack_dashboard/local/local_settings.d/_1001_search_settings.py" + + config_dashboard "${ENABLE_SEARCHLIGHT}" \ + "${SITE_PACKAGES}/searchlight_ui/conf/searchlight_policy.json" \ + "/etc/openstack-dashboard/searchlight_policy.json" +} + +function config_senlin_dashboard { + for file in ${SITE_PACKAGES}/senlin_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SENLIN}" \ + "${SITE_PACKAGES}/senlin_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_SENLIN}" \ + "${SITE_PACKAGES}/senlin_dashboard/conf/senlin_policy.json" \ + "/etc/openstack-dashboard/senlin_policy.json" +} + +function config_solum_dashboard { + for file in ${SITE_PACKAGES}/solumdashboard/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_SOLUM}" \ + "${SITE_PACKAGES}/solumdashboard/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_tacker_dashboard { + for file in ${SITE_PACKAGES}/tacker_horizon/enabled/_*[^__].py; do + config_dashboard "${ENABLE_TACKER}" \ + "${SITE_PACKAGES}/tacker_horizon/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_trove_dashboard { + for file in ${SITE_PACKAGES}/trove_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_TROVE}" \ + "${SITE_PACKAGES}/trove_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_vitrage_dashboard { + for file in ${SITE_PACKAGES}/vitrage_dashboard/enabled/_*[^__].py; do + config_dashboard "${ENABLE_VITRAGE}" \ + "${SITE_PACKAGES}/vitrage_dashboard/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_watcher_dashboard { + for file in ${SITE_PACKAGES}/watcher_dashboard/local/enabled/_*[^__].py; do + config_dashboard "${ENABLE_WATCHER}" \ + "${SITE_PACKAGES}/watcher_dashboard/local/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done + + config_dashboard "${ENABLE_WATCHER}" \ + "${SITE_PACKAGES}/watcher_dashboard/conf/watcher_policy.json" \ + "/etc/openstack-dashboard/watcher_policy.json" +} + +function config_zaqar_dashboard { + for file in ${SITE_PACKAGES}/zaqar_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_ZAQAR}" \ + "${SITE_PACKAGES}/zaqar_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +function config_zun_dashboard { + for file in ${SITE_PACKAGES}/zun_ui/enabled/_*[^__].py; do + config_dashboard "${ENABLE_ZUN}" \ + "${SITE_PACKAGES}/zun_ui/enabled/${file##*/}" \ + "${SITE_PACKAGES}/openstack_dashboard/local/enabled/${file##*/}" + done +} + +# Regenerate the compressed javascript and css if any configuration files have +# changed. Use a static modification date when generating the tarball +# so that we only trigger on content changes. +function settings_bundle { + tar -cf- --mtime=1970-01-01 \ + /etc/openstack-dashboard/local_settings \ + /etc/openstack-dashboard/custom_local_settings \ + /etc/openstack-dashboard/local_settings.d 2> /dev/null +} + +function settings_changed { + changed=1 + + if [[ ! -f $HASH_PATH ]] || ! settings_bundle | md5sum -c --status $HASH_PATH || [[ $FORCE_GENERATE == yes ]]; then + changed=0 + fi + + return ${changed} +} + +config_blazar_dashboard +config_cloudkitty_dashboard +config_congress_dashboard +config_designate_dashboard +config_fwaas_dashboard +config_freezer_ui +config_heat_dashboard +config_ironic_dashboard +config_karbor_dashboard +config_magnum_dashboard +config_manila_ui +config_mistral_dashboard +config_murano_dashboard +config_neutron_lbaas +config_neutron_vpnaas_dashboard +config_octavia_dashboard +config_sahara_dashboard +config_searchlight_ui +config_senlin_dashboard +config_solum_dashboard +config_tacker_dashboard +config_trove_dashboard +config_vitrage_dashboard +config_watcher_dashboard +config_zaqar_dashboard +config_zun_dashboard + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi + +if settings_changed; then + if [[ "${KOLLA_INSTALL_TYPE}" == "binary" ]]; then + /usr/bin/manage.py collectstatic --noinput --clear + /usr/bin/manage.py compress --force + elif [[ "${KOLLA_INSTALL_TYPE}" == "source" ]]; then + /var/lib/kolla/venv/bin/python /var/lib/kolla/venv/bin/manage.py collectstatic --noinput --clear + /var/lib/kolla/venv/bin/python /var/lib/kolla/venv/bin/manage.py compress --force + fi + settings_bundle | md5sum > $HASH_PATH +fi + +# NOTE(sbezverk) since Horizon is now storing logs in its own location, /var/log/horizon +# needs to be created if it does not exist +if [[ ! -d "/var/log/kolla/horizon" ]]; then + mkdir -p /var/log/kolla/horizon +fi + +if [[ $(stat -c %a /var/log/kolla/horizon) != "755" ]]; then + chmod 755 /var/log/kolla/horizon +fi + +if [[ -f ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store ]] && [[ $(stat -c %U ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store) != "horizon" ]]; then + chown horizon ${SITE_PACKAGES}/openstack_dashboard/local/.secret_key_store +fi diff --git a/kolla/rocky/20.03-lts-sp2/ironic-inspector/Dockerfile b/kolla/rocky/20.03-lts-sp2/ironic-inspector/Dockerfile new file mode 100644 index 0000000..ab3737b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic-inspector/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/ironic-inspector --groups kolla ironic-inspector \ + && mkdir -p /var/lib/ironic-inspector \ + && chown -R 42461:42461 /var/lib/ironic-inspector + +RUN yum -y install openstack-ironic-inspector && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 755 /usr/local/bin/kolla_extend_start \ + && chown -R ironic-inspector: /etc/ironic-inspector + +USER ironic-inspector diff --git a/kolla/rocky/20.03-lts-sp2/ironic-inspector/extend_start.sh b/kolla/rocky/20.03-lts-sp2/ironic-inspector/extend_start.sh new file mode 100644 index 0000000..2582b01 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic-inspector/extend_start.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +LOG_PATH=/var/log/kolla/ironic-inspector + +if [[ ! -d "${LOG_PATH}" ]]; then + mkdir -p "${LOG_PATH}" +fi +if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then + chmod 755 "${LOG_PATH}" +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade + exit 0 +fi diff --git a/kolla/rocky/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers b/kolla/rocky/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers new file mode 100644 index 0000000..3958468 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic-inspector/ironic_inspector_sudoers @@ -0,0 +1 @@ +ironic-inspector ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf * diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-api/Dockerfile b/kolla/rocky/20.03-lts-sp2/ironic/ironic-api/Dockerfile new file mode 100644 index 0000000..8915535 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-api/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-ironic-base:rocky-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-ironic-api && yum clean all && rm -rf /var/cache/yum + +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start + +USER ironic diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-api/extend_start.sh b/kolla/rocky/20.03-lts-sp2/ironic/ironic-api/extend_start.sh new file mode 100644 index 0000000..ebe85b8 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-api/extend_start.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + ironic-dbsync upgrade + ironic-dbsync online_data_migrations + exit 0 +fi + +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + ironic-dbsync upgrade + exit 0 +fi + +if [[ "${!KOLLA_OSM[@]}" ]]; then + ironic-dbsync online_data_migrations + exit 0 +fi + +# Assume the service runs on top of Apache when user is root +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* + else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + fi +fi diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/Dockerfile new file mode 100644 index 0000000..2cad496 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/ironic --groups kolla ironic \ + && mkdir -p /var/lib/ironic \ + && chown -R 42422:42422 /var/lib/ironic + +RUN yum -y install openstack-ironic-common && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_ironic_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_ironic_extend_start \ + && chown -R ironic: /etc/ironic diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/extend_start.sh new file mode 100644 index 0000000..e3b1d4e --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/extend_start.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +LOG_PATH=/var/log/kolla/ironic + +if [[ ! -d "${LOG_PATH}" ]]; then + mkdir -p "${LOG_PATH}" +fi +if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then + chmod 755 "${LOG_PATH}" +fi + +. /usr/local/bin/kolla_ironic_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers b/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers new file mode 100644 index 0000000..3e7c843 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-base/ironic_sudoers @@ -0,0 +1 @@ +ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf * diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile b/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile new file mode 100644 index 0000000..1e37bb6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-ironic-base:rocky-20.03-lts-sp2 + +RUN yum -y install ansible dosfstools e2fsprogs gdisk ipmitool openssh-clients openstack-ironic-conductor openstack-ironic-staging-drivers parted psmisc python2-pysnmp python2-dracclient python2-ironic-inspector-client python2-proliantutils python2-scciclient python2-sushy systemd-python util-linux xfsprogs qemu && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +COPY iscsi_tcp_sudoers /etc/sudoers.d/kolla_iscsi_tcp_sudoers +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start \ + && chmod 440 /etc/sudoers.d/kolla_iscsi_tcp_sudoers + +USER ironic diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh b/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh new file mode 100644 index 0000000..e058fad --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/extend_start.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo modprobe iscsi_tcp diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers b/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers new file mode 100644 index 0000000..5d38ac6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-conductor/iscsi_tcp_sudoers @@ -0,0 +1 @@ +ironic ALL=(root) NOPASSWD: /usr/sbin/modprobe iscsi_tcp, /sbin/modprobe iscsi_tcp diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile b/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile new file mode 100644 index 0000000..a79ee95 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-ironic-base:rocky-20.03-lts-sp2 + +ARG ARCH + +ENV ironic_arch=${ARCH} + +RUN yum -y install httpd mod_ssl mod_wsgi tftp-server grub2-efi grub2-efi-aa64-modules && yum clean all && rm -rf /var/cache/yum +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY tftp-map-file /map-file +COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start +RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh b/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh new file mode 100644 index 0000000..0ba57a8 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/extend_start.sh @@ -0,0 +1,51 @@ +#!/bin/bash + + +function prepare_pxe { + chown -R ironic: /tftpboot + for pxe_file in /var/lib/tftpboot/pxelinux.0 /var/lib/tftpboot/chain.c32 /usr/lib/syslinux/pxelinux.0 \ + /usr/lib/syslinux/chain.c32 /usr/lib/PXELINUX/pxelinux.0 \ + /usr/lib/syslinux/modules/bios/chain.c32 /usr/lib/syslinux/modules/bios/ldlinux.c32; do + if [[ -e "$pxe_file" ]]; then + cp "$pxe_file" /tftpboot + fi + done +} + +function prepare_ipxe { + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + cp /usr/lib/ipxe/{undionly.kpxe,ipxe.efi} /tftpboot + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|oraclelinux|rhel ]]; then + cp /usr/share/ipxe/{undionly.kpxe,ipxe.efi} /tftpboot + fi +} + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + prepare_pxe + prepare_ipxe + exit 0 +fi + +if [[ "${ironic_arch}" =~ aarch64 ]]; then + modules="boot chain configfile efinet ext2 fat gettext help hfsplus loadenv \ + lsefi normal part_gpt part_msdos read search search_fs_file search_fs_uuid \ + search_label terminal terminfo tftp linux" + + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + grub-mkimage -v -o /tftpboot/grubaa64.efi -O arm64-efi -p "grub" $modules + elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|oraclelinux|rhel ]]; then + grub2-mkimage -v -o /tftpboot/grubaa64.efi -O arm64-efi -p "EFI/centos" $modules + fi +fi + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi diff --git a/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file b/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file new file mode 100644 index 0000000..812abe0 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/ironic/ironic-pxe/tftp-map-file @@ -0,0 +1,4 @@ +re ^(/tftpboot/) /tftpboot/\2 +re ^/tftpboot/ /tftpboot/ +re ^(^/) /tftpboot/\1 +re ^([^/]) /tftpboot/\1 diff --git a/kolla/rocky/20.03-lts-sp2/keepalived/Dockerfile b/kolla/rocky/20.03-lts-sp2/keepalived/Dockerfile new file mode 100644 index 0000000..1183e4b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keepalived/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN yum -y install hostname keepalived && yum clean all && rm -rf /var/cache/yum + +COPY check_alive.sh / + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start /check_alive.sh + diff --git a/kolla/rocky/20.03-lts-sp2/keepalived/check_alive.sh b/kolla/rocky/20.03-lts-sp2/keepalived/check_alive.sh new file mode 100644 index 0000000..929bb22 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keepalived/check_alive.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# This will return 0 when it successfully talks to the haproxy daemon via the socket +# Failures return 1 + +echo "show info" | socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock stdio > /dev/null diff --git a/kolla/rocky/20.03-lts-sp2/keepalived/extend_start.sh b/kolla/rocky/20.03-lts-sp2/keepalived/extend_start.sh new file mode 100644 index 0000000..e1fe5d9 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keepalived/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +modprobe ip_vs + +# Workaround for bug #1485079 +if [ -f /run/keepalived.pid ]; then + rm /run/keepalived.pid +fi diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/keystone/keystone-base/Dockerfile new file mode 100644 index 0000000..28d5271 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-base/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/keystone --groups kolla keystone \ + && mkdir -p /var/lib/keystone \ + && chown -R 42425:42425 /var/lib/keystone + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-keystone python2-ldappool python2-keystoneclient && yum clean all && rm -rf /var/cache/yum +RUN mkdir -p /var/www/cgi-bin/keystone \ + && cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main \ + && cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \ + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +RUN chown -R keystone: /var/www/cgi-bin/keystone \ + && chmod 755 /var/www/cgi-bin/keystone/* + diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile new file mode 100644 index 0000000..0862a2d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-keystone-base:rocky-20.03-lts-sp2 + +RUN yum -y install cronie openssh-clients rsync && yum clean all && rm -rf /var/cache/yum + +COPY fetch_fernet_tokens.py /usr/bin/ +COPY keystone_bootstrap.sh /usr/local/bin/kolla_keystone_bootstrap +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_keystone_bootstrap /usr/bin/fetch_fernet_tokens.py + diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh new file mode 100644 index 0000000..cf35694 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/extend_start.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +FERNET_SYNC=/usr/bin/fernet-node-sync.sh +FERNET_TOKEN_DIR="/etc/keystone/fernet-keys" + +if [[ -f "${FERNET_SYNC}" ]]; then + ${FERNET_SYNC} +fi + +if [[ $(stat -c %U:%G ${FERNET_TOKEN_DIR}) != "keystone:keystone" ]]; then + chown keystone:keystone ${FERNET_TOKEN_DIR} +fi diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py new file mode 100644 index 0000000..0c7e13e --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/fetch_fernet_tokens.py @@ -0,0 +1,85 @@ +#!/usr/bin/python + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Basically this module will fetch the fernet tokens and compare them to the +# required time constrains to determine whether the host needs to resync with +# other nodes in the cluster. + +from __future__ import print_function +import argparse +from datetime import datetime +from datetime import timedelta +import json +import os +import sys + +# Adding nosec since this fails bandit B105, 'Possible hardcoded password'. +TOKEN_PATH = '/etc/keystone/fernet-keys' # nosec + + +def json_exit(msg=None, failed=False, changed=False): + if type(msg) is not dict: + msg = {'msg': str(msg)} + msg.update({'failed': failed, 'changed': changed}) + print(json.dumps(msg)) + sys.exit() + + +def has_file(filename_path): + if not os.path.exists(filename_path): + return False + return True + + +def num_tokens(): + _, _, files = os.walk(TOKEN_PATH).next() + return len(files) + + +def tokens_populated(expected): + return num_tokens() >= int(expected) + + +def token_stale(seconds, filename='0'): + max_token_age = datetime.now() - timedelta(seconds=int(seconds)) + filename_path = os.path.join(TOKEN_PATH, filename) + + if not has_file(filename_path): + return True + modified_date = datetime.fromtimestamp(os.path.getmtime(filename_path)) + return modified_date < max_token_age + + +def main(): + parser = argparse.ArgumentParser(description='''Checks to see if a fernet + token no older than a desired time.''') + parser.add_argument('-t', '--time', + help='Time in seconds for a token rotation', + required=True) + parser.add_argument('-f', '--filename', + help='Filename of token to check', + default='0') + parser.add_argument('-n', '--number', + help='Minimum number of tokens that should exist', + required=True) + args = parser.parse_args() + + json_exit({ + 'populated': tokens_populated(args.number), + 'update_required': token_stale(args.time, args.filename), + }) + + +if __name__ == '__main__': + main() diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh new file mode 100644 index 0000000..d361767 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-fernet/keystone_bootstrap.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +USERNAME=$1 +GROUP=$2 + +function fail_json { + echo '{"failed": true, "msg": "'$1'", "changed": true}' + exit 1 +} + +function exit_json { + echo '{"failed": false, "changed": '"${changed}"'}' +} + +changed="false" +keystone_bootstrap=$(keystone-manage --config-file /etc/keystone/keystone.conf fernet_setup --keystone-user ${USERNAME} --keystone-group ${GROUP} 2>&1) +if [[ $? != 0 ]]; then + fail_json "${keystone_bootstrap}" +fi + +changed=$(echo "${keystone_bootstrap}" | awk ' + /Key repository is already initialized/ {count++} + END { + if (count == 1) changed="true"; else changed="false" + print changed + }' +) + +exit_json diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile b/kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile new file mode 100644 index 0000000..89a8172 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-keystone-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/keystone --groups kolla keystone \ + && chsh --shell /bin/bash keystone \ + && mkdir -p /var/lib/keystone \ + && chown -R 42425:42425 /var/lib/keystone + +RUN yum -y install openssh-server rsync && yum clean all && rm -rf /var/cache/yum + +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh b/kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh new file mode 100644 index 0000000..dc8f04b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone-ssh/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +SSH_HOST_KEY_TYPES=( "rsa" "dsa" "ecdsa" "ed25519" ) + +for key_type in ${SSH_HOST_KEY_TYPES[@]}; do + KEY_PATH=/etc/ssh/ssh_host_${key_type}_key + if [[ ! -f "${KEY_PATH}" ]]; then + ssh-keygen -q -t ${key_type} -f ${KEY_PATH} -N "" + fi +done + +mkdir -p /var/lib/keystone/.ssh + +if [[ $(stat -c %U:%G /var/lib/keystone/.ssh) != "keystone:keystone" ]]; then + sudo chown keystone: /var/lib/keystone/.ssh +fi diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone/Dockerfile b/kolla/rocky/20.03-lts-sp2/keystone/keystone/Dockerfile new file mode 100644 index 0000000..45cfab3 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone/Dockerfile @@ -0,0 +1,7 @@ +FROM openeuler/openeuler-binary-keystone-base:rocky-20.03-lts-sp2 + +COPY keystone_bootstrap.sh /usr/local/bin/kolla_keystone_bootstrap +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_keystone_bootstrap + +RUN yum -y install mod_auth_gssapi python2-requests-kerberos && yum clean all && rm -rf /var/cache/yum diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone/extend_start.sh b/kolla/rocky/20.03-lts-sp2/keystone/keystone/extend_start.sh new file mode 100644 index 0000000..0d8d3bc --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone/extend_start.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi + +# Create log dir for Keystone logs +KEYSTONE_LOG_DIR="/var/log/kolla/keystone" +if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then + mkdir -p ${KEYSTONE_LOG_DIR} +fi +if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then + chown keystone:kolla ${KEYSTONE_LOG_DIR} +fi +if [ ! -f "${KEYSTONE_LOG_DIR}/keystone.log" ]; then + touch ${KEYSTONE_LOG_DIR}/keystone.log +fi +if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}/keystone.log) != "keystone:keystone" ]]; then + chown keystone:keystone ${KEYSTONE_LOG_DIR}/keystone.log +fi +if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then + chmod 755 ${KEYSTONE_LOG_DIR} +fi + +EXTRA_KEYSTONE_MANAGE_ARGS=${EXTRA_KEYSTONE_MANAGE_ARGS-} +# Upgrade and exit if KOLLA_UPGRADE variable is set. This catches all cases +# of the KOLLA_UPGRADE variable being set, including empty. +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + # TODO(duonghq): check doctor result here + # TODO: find reason why doctor failed in gate + # sudo -H -u keystone keystone-manage doctor + sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync --expand + sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync --migrate + exit 0 +fi + +# Contract database and exit if KOLLA_FINISH_UPGRADE variable is set. +# This catches all cases of the KOLLA_FINISH_UPGRADE variable being set, +# including empty. +if [[ "${!KOLLA_FINISH_UPGRADE[@]}" ]]; then + sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync --contract + exit 0 +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + sudo -H -u keystone keystone-manage ${EXTRA_KEYSTONE_MANAGE_ARGS} db_sync + exit 0 +fi + +ARGS="-DFOREGROUND" diff --git a/kolla/rocky/20.03-lts-sp2/keystone/keystone/keystone_bootstrap.sh b/kolla/rocky/20.03-lts-sp2/keystone/keystone/keystone_bootstrap.sh new file mode 100644 index 0000000..e37e383 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/keystone/keystone/keystone_bootstrap.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +set -o pipefail + +# NOTE(SamYaple): Kolla needs to wraps `keystone-manage bootstrap` to ensure +# any change is reported correctly for idempotency. This script will exit with +# valid json that can be parsed with information about if the task has failed +# and if anything changed. + +USERNAME=$1 +PASSWORD=$2 +if [ -z "$PASSWORD" ]; then + # Avoid having the password always come in via CLI (which makes + # it show up in things like ara) + PASSWORD="$OS_BOOTSTRAP_PASSWORD" +fi +PROJECT=$3 +ROLE=$4 +ADMIN_URL=$5 +INTERNAL_URL=$6 +PUBLIC_URL=$7 +REGION=$8 + +function fail_json { + echo '{"failed": true, "msg": "'$1'", "changed": true}' + exit 1 +} + +function exit_json { + echo '{"failed": false, "changed": '"${changed}"'}' +} + +changed="false" +# NOTE(mgoddard): pipe through cat -v to remove unprintable control characters +# which prevent JSON decoding. +keystone_bootstrap=$(keystone-manage bootstrap --bootstrap-username "${USERNAME}" --bootstrap-password "${PASSWORD}" --bootstrap-project-name "${PROJECT}" --bootstrap-role-name "${ROLE}" --bootstrap-admin-url "${ADMIN_URL}" --bootstrap-internal-url "${INTERNAL_URL}" --bootstrap-public-url "${PUBLIC_URL}" --bootstrap-service-name "keystone" --bootstrap-region-id "${REGION}" 2>&1 | cat -v) +if [[ $? != 0 ]]; then + fail_json "${keystone_bootstrap}" +fi + +changed=$(echo "${keystone_bootstrap}" | awk ' + /Domain default already exists, skipping creation./ || + /Project '"${PROJECT}"' already exists, skipping creation./ || + /User '"${USERNAME}"' already exists, skipping creation./ || + /Role '"${ROLE}"' exists, skipping creation./ || + /User '"${USERNAME}"' already has '"${ROLE}"' on '"${PROJECT}"'./ || + /Region '"${REGION}"' exists, skipping creation./ || + /Skipping admin endpoint as already created/ || + /Skipping internal endpoint as already created/ || + /Skipping public endpoint as already created/ {count++} + END { + if (count == 9) changed="false"; else changed="true" + print changed + }' +) + +exit_json diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/Dockerfile b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/Dockerfile new file mode 100644 index 0000000..8623dbd --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/Dockerfile @@ -0,0 +1,31 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/ansible --groups kolla ansible \ + && mkdir -p /var/lib/ansible \ + && chown -R 42401:42401 /var/lib/ansible + +RUN yum -y install python2-crudini gcc gdisk git jq libffi-devel libxml2-devel libxslt-devel make mariadb mariadb-devel openssh-clients openssl-devel python-devel && yum clean all && rm -rf /var/cache/yum + +RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py \ + && python get-pip.py \ + && rm get-pip.py + +RUN pip --no-cache-dir install --upgrade virtualenv \ + && virtualenv --system-site-packages /opt/ansible + +ENV PATH /opt/ansible/bin:$PATH + +RUN pip --no-cache-dir install --upgrade openstacksdk==0.41.0 ansible==2.2.0.0 "cmd2<0.9.0" influxdb mysqlclient os-client-config==1.29.0 pbr==4.0.0 pymongo python-openstackclient==3.14.0 pytz pyudev shade==1.27.1 \ + && mkdir -p /etc/ansible /usr/share/ansible \ + && echo 'localhost ansible_connection=local ansible_python_interpreter=/opt/ansible/bin/python' > /etc/ansible/hosts \ + && sed -i 's| "identity_api_version": "2.0",| "identity_api_version": "3",|' /opt/ansible/lib/python2.7/site-packages/os_client_config/defaults.json + +ENV ANSIBLE_LIBRARY /usr/share/ansible:$ANSIBLE_LIBRARY + +COPY find_disks.py kolla_keystone_service.py kolla_keystone_user.py kolla_sanity.py /usr/share/ansible/ +COPY ansible.cfg /var/lib/ansible/.ansible.cfg + +COPY ansible_sudoers /etc/sudoers.d/kolla_ansible_sudoers +RUN chmod 440 /etc/sudoers.d/kolla_ansible_sudoers + +USER ansible diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible.cfg b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible.cfg new file mode 100644 index 0000000..53708de --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +remote_tmp = /tmp +log_path = /var/log/kolla/ansible.log diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible_sudoers b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible_sudoers new file mode 100644 index 0000000..c43917f --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/ansible_sudoers @@ -0,0 +1 @@ +ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a *, /usr/local/bin/ansible localhost -m find_disks -a * diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/find_disks.py b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/find_disks.py new file mode 100644 index 0000000..5b33882 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/find_disks.py @@ -0,0 +1,360 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This module has been relicensed from the source below: +# https://github.com/SamYaple/yaodu/blob/master/ansible/library/ceph_osd_list + +DOCUMENTATION = ''' +--- +module: find_disks +short_description: Return list of devices containing a specfied name or label +description: + - This will return a list of all devices with either GPT partition name + or filesystem label of the name specified. +options: + match_mode: + description: + - Label match mode, either strict or prefix + default: 'strict' + required: False + choices: [ "strict", "prefix" ] + type: str + name: + description: + - Partition name or filesystem label + required: True + type: str + aliases: [ 'partition_name' ] + use_udev: + description: + - When True, use Linux udev to read disk info such as partition labels, + uuid, etc. Some older host operating systems have issues using udev to + get the info this module needs. Set to False to fall back to more low + level commands such as blkid to retrieve this information. Most users + should not need to change this. + default: True + required: False + type: bool +author: Sam Yaple +''' + +EXAMPLES = ''' +- hosts: ceph-osd + tasks: + - name: Return all valid formated devices with the name KOLLA_CEPH_OSD + find_disks: + name: 'KOLLA_CEPH_OSD' + register: osds + +- hosts: swift-object-server + tasks: + - name: Return all valid devices with the name KOLLA_SWIFT + find_disks: + name: 'KOLLA_SWIFT' + register: swift_disks + +- hosts: swift-object-server + tasks: + - name: Return all valid devices with wildcard name 'swift_d*' + find_disks: + name: 'swift_d' match_mode: 'prefix' + register: swift_disks +''' + +import json +import pyudev +import re +import subprocess # nosec + + +PREFERRED_DEVICE_LINK_ORDER = [ + '/dev/disk/by-uuid', + '/dev/disk/by-partuuid', + '/dev/disk/by-parttypeuuid', + '/dev/disk/by-label', + '/dev/disk/by-partlabel' +] + + +def get_id_part_entry_name(dev, use_udev): + if use_udev: + dev_name = dev.get('ID_PART_ENTRY_NAME', '') + else: + part = re.sub(r'.*[^\d]', '', dev.device_node) + parent = dev.find_parent('block').device_node + # NOTE(Mech422): Need to use -i as -p truncates the partition name + out = subprocess.Popen(['/usr/sbin/sgdisk', '-i', part, # nosec + parent], + stdout=subprocess.PIPE).communicate() + match = re.search(r'Partition name: \'(\w+)\'', out[0]) + if match: + dev_name = match.group(1) + else: + dev_name = '' + return dev_name + + +def get_id_fs_uuid(dev, use_udev): + if use_udev: + id_fs_uuid = dev.get('ID_FS_UUID', '') + else: + out = subprocess.Popen(['/usr/sbin/blkid', '-o', 'export', # nosec + dev.device_node], + stdout=subprocess.PIPE).communicate() + match = re.search(r'\nUUID=([\w-]+)', out[0]) + if match: + id_fs_uuid = match.group(1) + else: + id_fs_uuid = '' + return id_fs_uuid + + +def is_dev_matched_by_name(dev, name, mode, use_udev): + if dev.get('DEVTYPE', '') == 'partition': + dev_name = get_id_part_entry_name(dev, use_udev) + else: + dev_name = dev.get('ID_FS_LABEL', '') + + if mode == 'strict': + return dev_name == name + elif mode == 'prefix': + return dev_name.startswith(name) + else: + return False + + +def find_disk(ct, name, match_mode, use_udev): + for dev in ct.list_devices(subsystem='block'): + if is_dev_matched_by_name(dev, name, match_mode, use_udev): + yield dev + + +def get_device_link(dev): + for preferred_link in PREFERRED_DEVICE_LINK_ORDER: + for link in dev.device_links: + if link.startswith(preferred_link): + return link + return dev.device_node + + +def extract_disk_info(ct, dev, name, use_udev): + if not dev: + return + kwargs = dict() + kwargs['fs_uuid'] = get_id_fs_uuid(dev, use_udev) + kwargs['fs_label'] = dev.get('ID_FS_LABEL', '') + if dev.get('DEVTYPE', '') == 'partition': + kwargs['partition_label'] = name + kwargs['device'] = dev.find_parent('block').device_node + kwargs['partition'] = dev.device_node + kwargs['partition_num'] = \ + re.sub(r'.*[^\d]', '', dev.device_node) + if is_dev_matched_by_name(dev, name, 'strict', use_udev): + kwargs['external_journal'] = False + # NOTE(jeffrey4l): this is only used for bootstrap osd stage and + # there is no journal partion at all. So it is OK to use + # device_node directly. + kwargs['journal'] = dev.device_node[:-1] + '2' + kwargs['journal_device'] = kwargs['device'] + kwargs['journal_num'] = 2 + else: + kwargs['external_journal'] = True + journal_name = get_id_part_entry_name(dev, use_udev) + '_J' + for journal in find_disk(ct, journal_name, 'strict', use_udev): + kwargs['journal'] = get_device_link(journal) + kwargs['journal_device'] = \ + journal.find_parent('block').device_node + kwargs['journal_num'] = \ + re.sub(r'.*[^\d]', '', journal.device_node) + break + if 'journal' not in kwargs: + # NOTE(SamYaple): Journal not found, not returning info + return + else: + kwargs['device'] = dev.device_node + yield kwargs + + +def extract_disk_info_bs(ct, dev, name, use_udev): + if not dev: + return + kwargs = dict(bs_blk_label='', bs_blk_device='', bs_db_label='', + bs_db_device='', bs_wal_label='', bs_wal_device='', + bs_wal_partition_num='', bs_db_partition_num='', + bs_blk_partition_num='', partition='', partition_label='', + partition_num='', device='', partition_usage='') + kwargs['fs_uuid'] = get_id_fs_uuid(dev, use_udev) + kwargs['fs_label'] = dev.get('ID_FS_LABEL', '') + + if dev.get('DEVTYPE', '') == 'partition': + actual_name = get_id_part_entry_name(dev, use_udev) + + if (('BOOTSTRAP_BS' in name or 'DATA_BS' in name) + and name in actual_name): + if actual_name.endswith("_B"): + kwargs['partition_usage'] = 'block' + kwargs['bs_blk_partition_num'] = \ + re.sub(r'.*[^\d]', '', dev.device_node) + kwargs['bs_blk_device'] = dev.find_parent('block').device_node + kwargs['bs_blk_label'] = actual_name + return kwargs + if actual_name.endswith("_D"): + kwargs['partition_usage'] = 'block.db' + kwargs['bs_db_partition_num'] = \ + re.sub(r'.*[^\d]', '', dev.device_node) + kwargs['bs_db_device'] = dev.find_parent('block').device_node + kwargs['bs_db_label'] = actual_name + return kwargs + if actual_name.endswith("_W"): + kwargs['partition_usage'] = 'block.wal' + kwargs['bs_wal_partition_num'] = \ + re.sub(r'.*[^\d]', '', dev.device_node) + kwargs['bs_wal_device'] = dev.find_parent('block').device_node + kwargs['bs_wal_label'] = actual_name + return kwargs + if '_BS' in actual_name: + kwargs['partition_usage'] = 'osd' + kwargs['partition'] = dev.find_parent('block').device_node + kwargs['partition_label'] = actual_name + kwargs['partition_num'] = \ + re.sub(r'.*[^\d]', '', dev.device_node) + kwargs['device'] = dev.find_parent('block').device_node + return kwargs + return 0 + + +def nb_of_osd(disks): + osd_info = dict() + osd_info['block_label'] = list() + nb_of_osds = 0 + for item in disks: + if item['partition_usage'] == 'osd': + osd_info['block_label'].append(item['partition_label']) + nb_of_osds += 1 + osd_info['nb_of_osd'] = nb_of_osds + return osd_info + + +def combine_info(disks): + info = list() + osds = nb_of_osd(disks) + osd_id = 0 + while osd_id < osds['nb_of_osd']: + final = dict() + idx = 0 + idx_osd = idx_blk = idx_wal = idx_db = -1 + for item in disks: + if (item['partition_usage'] == 'osd' and + item['partition_label'] == osds['block_label'][osd_id]): + idx_osd = idx + elif (item['partition_usage'] == 'block' and + item['bs_blk_label'] == + osds['block_label'][osd_id] + "_B"): + idx_blk = idx + elif (item['partition_usage'] == 'block.wal' and + item['bs_wal_label'] == + osds['block_label'][osd_id] + "_W"): + idx_wal = idx + elif (item['partition_usage'] == 'block.db' and + item['bs_db_label'] == + osds['block_label'][osd_id] + "_D"): + idx_db = idx + idx = idx + 1 + + # write the information of block.db and block.wal to block item + # if block.db and block.wal are found + if idx_blk != -1: + disks[idx_osd]['bs_blk_device'] = disks[idx_blk]['bs_blk_device'] + disks[idx_osd]['bs_blk_label'] = disks[idx_blk]['bs_blk_label'] + disks[idx_osd]['bs_blk_partition_num'] = \ + disks[idx_blk]['bs_blk_partition_num'] + disks[idx_blk]['partition_usage'] = '' + if idx_wal != -1: + disks[idx_osd]['bs_wal_device'] = disks[idx_wal]['bs_wal_device'] + disks[idx_osd]['bs_wal_partition_num'] = \ + disks[idx_wal]['bs_wal_partition_num'] + disks[idx_osd]['bs_wal_label'] = disks[idx_wal]['bs_wal_label'] + disks[idx_wal]['partition_usage'] = '' + if idx_db != -1: + disks[idx_osd]['bs_db_device'] = disks[idx_db]['bs_db_device'] + disks[idx_osd]['bs_db_partition_num'] = \ + disks[idx_db]['bs_db_partition_num'] + disks[idx_osd]['bs_db_label'] = disks[idx_db]['bs_db_label'] + disks[idx_db]['partition_usage'] = '' + + final['fs_uuid'] = disks[idx_osd]['fs_uuid'] + final['fs_label'] = disks[idx_osd]['fs_label'] + final['bs_blk_device'] = disks[idx_osd]['bs_blk_device'] + final['bs_blk_label'] = disks[idx_osd]['bs_blk_label'] + final['bs_blk_partition_num'] = disks[idx_osd]['bs_blk_partition_num'] + final['bs_db_device'] = disks[idx_osd]['bs_db_device'] + final['bs_db_partition_num'] = disks[idx_osd]['bs_db_partition_num'] + final['bs_db_label'] = disks[idx_osd]['bs_db_label'] + final['bs_wal_device'] = disks[idx_osd]['bs_wal_device'] + final['bs_wal_partition_num'] = disks[idx_osd]['bs_wal_partition_num'] + final['bs_wal_label'] = disks[idx_osd]['bs_wal_label'] + final['device'] = disks[idx_osd]['device'] + final['partition'] = disks[idx_osd]['partition'] + final['partition_label'] = disks[idx_osd]['partition_label'] + final['partition_num'] = disks[idx_osd]['partition_num'] + final['external_journal'] = False + final['journal'] = '' + final['journal_device'] = '' + final['journal_num'] = 0 + + info.append(final) + disks[idx_osd]['partition_usage'] = '' + osd_id += 1 + + return info + + +def main(): + argument_spec = dict( + match_mode=dict(required=False, choices=['strict', 'prefix'], + default='strict'), + name=dict(aliases=['partition_name'], required=True, type='str'), + use_udev=dict(required=False, default=True, type='bool') + ) + module = AnsibleModule(argument_spec) + match_mode = module.params.get('match_mode') + name = module.params.get('name') + use_udev = module.params.get('use_udev') + + try: + ret = list() + ct = pyudev.Context() + for dev in find_disk(ct, name, match_mode, use_udev): + if '_BS' in name: + info = extract_disk_info_bs(ct, dev, name, use_udev) + if info: + ret.append(info) + else: + for info in extract_disk_info(ct, dev, name, use_udev): + if info: + ret.append(info) + + if '_BS' in name and len(ret) > 0: + ret = combine_info(ret) + + module.exit_json(disks=json.dumps(ret)) + except Exception as e: + module.exit_json(failed=True, msg=repr(e)) + +# import module snippets +from ansible.module_utils.basic import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py new file mode 100644 index 0000000..ca747e7 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_service.py @@ -0,0 +1,101 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is a barebones file needed to file a gap until Ansible 2.0. No +# error checking, no deletions, no updates. Idempotent creation only. + +# If you look closely, you will see we arent _really_ using the shade module +# we just use it to slightly abstract the authentication model. As patches land +# in upstream shade we will be able to use more of the shade module. Until then +# if we want to be 'stable' we really need to be using it as a passthrough + +import traceback + +import shade + + +def main(): + argument_spec = openstack_full_argument_spec( + description=dict(required=True, type='str'), + service_name=dict(required=True, type='str'), + service_type=dict(required=True, type='str'), + url=dict(required=True, type='str'), + interface=dict(required=True, type='str'), + endpoint_region=dict(required=True, type='str') + ) + module = AnsibleModule(argument_spec) + + try: + description = module.params.pop('description') + service_name = module.params.pop('service_name') + service_type = module.params.pop('service_type') + url = module.params.pop('url') + interface = module.params.pop('interface') + endpoint_region = module.params.pop('endpoint_region') + + changed = False + service = None + endpoint = None + + cloud = shade.operator_cloud(**module.params) + + for _service in cloud.keystone_client.services.list(): + if _service.type == service_type: + service = _service + service_description = getattr(service, 'description', None) + if service.name != service_name or \ + service_description != description: + changed = True + cloud.keystone_client.services.update( + service, + name=service_name, + description=description) + break + else: + changed = True + service = cloud.keystone_client.services.create( + name=service_name, + service_type=service_type, + description=description) + + for _endpoint in cloud.keystone_client.endpoints.list(): + if _endpoint.service_id == service.id and \ + _endpoint.interface == interface and \ + _endpoint.region == endpoint_region: + endpoint = _endpoint + if endpoint.url != url: + changed = True + cloud.keystone_client.endpoints.update( + endpoint, url=url) + break + else: + changed = True + cloud.keystone_client.endpoints.create( + service=service.id, + url=url, + interface=interface, + region=endpoint_region) + + module.exit_json(changed=changed) + except Exception: + module.exit_json(failed=True, changed=True, + msg=repr(traceback.format_exc())) + +# import module snippets +from ansible.module_utils.basic import * # noqa +from ansible.module_utils.openstack import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py new file mode 100644 index 0000000..319cf67 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_keystone_user.py @@ -0,0 +1,90 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import traceback + +import shade + + +def main(): + argument_spec = openstack_full_argument_spec( + password=dict(required=True, type='str'), + project=dict(required=True, type='str'), + role=dict(required=True, type='str'), + user=dict(required=True, type='str') + ) + module = AnsibleModule(argument_spec) + + try: + password = module.params.pop('password') + project_name = module.params.pop('project') + role_name = module.params.pop('role') + user_name = module.params.pop('user') + + changed = False + project = None + role = None + user = None + + cloud = shade.OperatorCloud(**module.params) + + for _project in cloud.search_projects(): + if _project.name == project_name: + project = _project + + for _role in cloud.search_roles(): + if _role.name == role_name: + role = _role + + for _user in cloud.search_users(): + if _user.name == user_name: + user = _user + + if not project: + changed = True + project = cloud.create_project(project_name, + domain_id='default') + + if not role: + changed = True + role = cloud.create_role(role_name) + + if not user: + changed = True + user = cloud.create_user(user_name, + password=password, + default_project=project, + domain_id='default') + role_assignments = cloud.keystone_client.role_assignments + assignment = role_assignments.list(user=user, + project=project, + role=role) + if not assignment: + changed = True + cloud.grant_role(role, + user=user, + project=project) + + module.exit_json(changed=changed) + except Exception: + module.exit_json(failed=True, changed=True, + msg=repr(traceback.format_exc())) + +# import module snippets +from ansible.module_utils.basic import * # noqa +from ansible.module_utils.openstack import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py new file mode 100644 index 0000000..3df8d2a --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/kolla-toolbox/kolla_sanity.py @@ -0,0 +1,63 @@ +#!/usr/bin/python + +# Copyright 2015 Intel corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is a barebones file needed to file a gap until Ansible 2.0. No +# error checking, no deletions, no updates. Idempotent creation only. + +# If you look closely, you will see we arent _really_ using the shade module +# we just use it to slightly abstract the authentication model. As patches land +# in upstream shade we will be able to use more of the shade module. Until then +# if we want to be 'stable' we really need to be using it as a passthrough + +import traceback + +import shade + + +class SanityChecks(object): + # TODO(pbourke): remove and replace with direct call to os_object + @staticmethod + def swift(cloud): + [container for container in cloud.swift_client.list()] + + +def main(): + module = AnsibleModule( + argument_spec=openstack_full_argument_spec( + password=dict(required=True, type='str'), + project=dict(required=True, type='str'), + role=dict(required=True, type='str'), + user=dict(required=True, type='str'), + service=dict(required=True, type='str'), + ) + ) + + try: + changed = True + cloud = shade.operator_cloud(**module.params) + + getattr(SanityChecks, module.params.pop("service"))(cloud) + + module.exit_json(changed=changed) + except Exception: + module.exit_json(failed=True, changed=True, + msg=repr(traceback.format_exc())) + +# import module snippets +from ansible.module_utils.basic import * # noqa +from ansible.module_utils.openstack import * # noqa +if __name__ == '__main__': + main() diff --git a/kolla/rocky/20.03-lts-sp2/mariadb/Dockerfile b/kolla/rocky/20.03-lts-sp2/mariadb/Dockerfile new file mode 100644 index 0000000..27562af --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/mariadb/Dockerfile @@ -0,0 +1,21 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/mysql --groups kolla mysql \ + && mkdir -p /var/lib/mysql \ + && chown -R 42434:42434 /var/lib/mysql + +RUN yum -y install expect galera hostname mariadb-server-galera pv rsync tar mariadb mariadb-server MySQL-python python2-PyMySQL && yum clean all && rm -rf /var/cache/yum + +COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start +COPY security_reset.expect /usr/local/bin/kolla_security_reset +RUN chmod 755 /usr/local/bin/kolla_extend_start \ + && chmod 755 /usr/local/bin/kolla_security_reset \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_mariadb_sudoers \ + && rm -rf /var/lib/mysql/* + +ENTRYPOINT ["dumb-init", "--"] +CMD ["kolla_start"] + +USER mysql diff --git a/kolla/rocky/20.03-lts-sp2/mariadb/extend_start.sh b/kolla/rocky/20.03-lts-sp2/mariadb/extend_start.sh new file mode 100644 index 0000000..88be89d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/mariadb/extend_start.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +function bootstrap_db { + mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid & + # Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout + # NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions. + # Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid. + TIMEOUT=${DB_MAX_TIMEOUT:-60} + while [[ ! -S /var/lib/mysql/mysql.sock ]] && \ + [[ ! -S /var/run/mysqld/mysqld.sock ]] || \ + [[ ! -f /var/lib/mysql/mariadb.pid ]]; do + if [[ ${TIMEOUT} -gt 0 ]]; then + let TIMEOUT-=1 + sleep 1 + else + exit 1 + fi + done + + sudo -E kolla_security_reset + mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" + mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;" + mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown +} + +# Create log directory, with appropriate permissions +if [[ ! -d "/var/log/kolla/mariadb" ]]; then + mkdir -p /var/log/kolla/mariadb +fi +if [[ $(stat -c %a /var/log/kolla/mariadb) != "755" ]]; then + chmod 755 /var/log/kolla/mariadb +fi + +# This catches all cases of the BOOTSTRAP variable being set, including empty +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + mysql_install_db + bootstrap_db + exit 0 +fi + +# This catches all cases of the KOLLA_UPGRADE variable being set, including empty +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + # The mysql_upgrade command treats any directories under /var/lib/mysql as + # databases. Somehow we can end up with a .pki directory, which causes the + # command to fail with this error: + # Incorrect database name '#mysql50#.pki' when selecting the database + # There doesn't seem to be anything in the directory, so remove it. + rm -rf /var/lib/mysql/.pki + + mysql_upgrade --user=root --password="${DB_ROOT_PASSWORD}" + exit 0 +fi + +if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then + ARGS="${BOOTSTRAP_ARGS}" +fi diff --git a/kolla/rocky/20.03-lts-sp2/mariadb/mariadb_sudoers b/kolla/rocky/20.03-lts-sp2/mariadb/mariadb_sudoers new file mode 100644 index 0000000..150534e --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/mariadb/mariadb_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset diff --git a/kolla/rocky/20.03-lts-sp2/mariadb/security_reset.expect b/kolla/rocky/20.03-lts-sp2/mariadb/security_reset.expect new file mode 100644 index 0000000..6d2755e --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/mariadb/security_reset.expect @@ -0,0 +1,58 @@ +#!/usr/bin/expect -f + +if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10} +spawn mysql_secure_installation +expect { + timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } + "Enter current password for root (enter for none):" +} +send "\r" +expect { + timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } + "Set root password?" +} +send "y\r" +expect { + timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } + "New password:" +} +send "$env(DB_ROOT_PASSWORD)\r" + +expect { + timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } + "Re-enter new password:" +} +send "$env(DB_ROOT_PASSWORD)\r" + +expect { + timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } + "Remove anonymous users?" +} +send "y\r" + +expect { + timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } + "Disallow root login remotely?" +} +send "n\r" + +expect { + timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } + "Remove test database and access to it?" +} +send "y\r" + +expect { + timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } + "Reload privilege tables now?" +} +send "y\r" +expect eof diff --git a/kolla/rocky/20.03-lts-sp2/memcached/Dockerfile b/kolla/rocky/20.03-lts-sp2/memcached/Dockerfile new file mode 100644 index 0000000..ba2116d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/memcached/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /run/memcache --groups kolla memcached \ + && mkdir -p /run/memcache \ + && chown -R 42457:42457 /run/memcache + +RUN yum -y install memcached && yum clean all && rm -rf /var/cache/yum + +USER memcached diff --git a/kolla/rocky/20.03-lts-sp2/multipathd/Dockerfile b/kolla/rocky/20.03-lts-sp2/multipathd/Dockerfile new file mode 100644 index 0000000..58808f9 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/multipathd/Dockerfile @@ -0,0 +1,7 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN yum -y install device-mapper-multipath && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/multipathd/extend_start.sh b/kolla/rocky/20.03-lts-sp2/multipathd/extend_start.sh new file mode 100644 index 0000000..42c145d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/multipathd/extend_start.sh @@ -0,0 +1,2 @@ +#!/bin/bash +modprobe dm-multipath diff --git a/kolla/rocky/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile new file mode 100644 index 0000000..141d10b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/networking-baremetal/ironic-neutron-agent/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/Dockerfile new file mode 100644 index 0000000..d67847b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/neutron --groups kolla neutron \ + && mkdir -p /var/lib/neutron \ + && chown -R 42435:42435 /var/lib/neutron + +RUN yum -y install keepalived net-tools radvd openstack-neutron openstack-neutron-ml2 openvswitch python2-networking-baremetal python2-openvswitch python2-oslo-vmware && yum clean all && rm -rf /var/cache/yum + +COPY neutron_sudoers /etc/sudoers.d/kolla_neutron_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_neutron_sudoers \ + && touch /usr/local/bin/kolla_neutron_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_neutron_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/extend_start.sh new file mode 100644 index 0000000..12307fc --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/neutron" ]]; then + mkdir -p /var/log/kolla/neutron +fi +if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then + chmod 755 /var/log/kolla/neutron +fi + +. /usr/local/bin/kolla_neutron_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers b/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers new file mode 100644 index 0000000..c6459ab --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-base/neutron_sudoers @@ -0,0 +1,2 @@ +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile new file mode 100644 index 0000000..141d10b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-dhcp-agent/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile new file mode 100644 index 0000000..5ac0091 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-l3-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +RUN yum -y install libreswan && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile new file mode 100644 index 0000000..3313dfa --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-linuxbridge-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +RUN yum -y install ebtables openstack-neutron-linuxbridge && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile new file mode 100644 index 0000000..141d10b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-metadata-agent/Dockerfile @@ -0,0 +1,3 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile new file mode 100644 index 0000000..4e4248c --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-metering-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-neutron-metering-agent && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile new file mode 100644 index 0000000..dfbae77 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-openvswitch-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-neutron-openvswitch openvswitch && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-server/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-server/Dockerfile new file mode 100644 index 0000000..d653c5d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-server/Dockerfile @@ -0,0 +1,6 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +COPY extend_start.sh /usr/local/bin/kolla_neutron_extend_start +RUN chmod 755 /usr/local/bin/kolla_neutron_extend_start + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-server/extend_start.sh b/kolla/rocky/20.03-lts-sp2/neutron/neutron-server/extend_start.sh new file mode 100644 index 0000000..e3335fb --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-server/extend_start.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + OPTS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini" + neutron-db-manage ${OPTS} --subproject neutron upgrade head + neutron-db-manage ${OPTS} --subproject neutron-fwaas upgrade head + neutron-db-manage ${OPTS} --subproject neutron-vpnaas upgrade head + exit 0 +fi + +# Bootstrap and exit if KOLLA_BOOTSTRAP and NEUTRON_SFC_ENABLED variables are set. +# This catches all cases of the KOLLA_BOOTSTRAP and NEUTRON_SFC_ENABLED variable +# being set, including empty. +if [[ "${!NEUTRON_SFC_BOOTSTRAP[@]}" ]]; then + neutron-db-manage --subproject networking-sfc --config-file /etc/neutron/neutron.conf upgrade head + exit 0 +fi + +# Migrate database and exit if KOLLA_UPGRADE variable is set. This catches all cases +# of the KOLLA_UPGRADE variable being set, including empty. +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + if [[ "${!NEUTRON_DB_EXPAND[@]}" ]]; then + DB_ACTION="--expand" + echo "Expanding database" + fi + if [[ "${!NEUTRON_DB_CONTRACT[@]}" ]]; then + DB_ACTION="--contract" + echo "Contracting database" + fi + + if [[ "${!NEUTRON_ROLLING_UPGRADE_SERVICES[@]}" ]]; then + for service in ${NEUTRON_ROLLING_UPGRADE_SERVICES}; do + neutron-db-manage --subproject $service upgrade $DB_ACTION + done + fi + exit 0 +fi diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile new file mode 100644 index 0000000..d653c5d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/Dockerfile @@ -0,0 +1,6 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +COPY extend_start.sh /usr/local/bin/kolla_neutron_extend_start +RUN chmod 755 /usr/local/bin/kolla_neutron_extend_start + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh b/kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh new file mode 100644 index 0000000..d721b4d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-sfc-agent/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + neutron-db-manage --subproject networking-sfc --config-file /etc/neutron/neutron.conf upgrade head + exit 0 +fi diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile b/kolla/rocky/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile new file mode 100644 index 0000000..58accdb --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-sriov-agent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-neutron-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-neutron-sriov-nic-agent && yum clean all && rm -rf /var/cache/yum + +USER neutron diff --git a/kolla/rocky/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh b/kolla/rocky/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh new file mode 100644 index 0000000..40ba0b6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/neutron/neutron-vpnaas-agent/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf upgrade head + exit 0 +fi diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-api/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-api/Dockerfile new file mode 100644 index 0000000..f860363 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-api/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-nova-api && yum clean all && rm -rf /var/cache/yum +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start +RUN chmod 755 /usr/local/bin/kolla_nova_extend_start + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-api/extend_start.sh b/kolla/rocky/20.03-lts-sp2/nova/nova-api/extend_start.sh new file mode 100644 index 0000000..428d894 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-api/extend_start.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + nova-manage api_db sync + nova-manage db sync + nova-manage db online_data_migrations + exit 0 +fi + +if [[ "${!KOLLA_UPGRADE[@]}" ]]; then + nova-manage api_db sync + nova-manage db sync + exit 0 +fi + +if [[ "${!KOLLA_OSM[@]}" ]]; then + nova-manage db online_data_migrations + exit 0 +fi + +# Assume the service runs on top of Apache when user is root +if [[ "$(whoami)" == 'root' ]]; then + # NOTE(pbourke): httpd will not clean up after itself in some cases which + # results in the container not being able to restart. (bug #1489676, 1557036) + if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* + else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* + fi +fi diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-base/Dockerfile new file mode 100644 index 0000000..d78796e --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-base/Dockerfile @@ -0,0 +1,18 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/nova --groups kolla nova \ + && usermod --append --groups qemu nova \ + && mkdir -p /var/lib/nova \ + && chown -R 42436:42436 /var/lib/nova + +RUN yum -y install bridge-utils openstack-nova-common openvswitch python2-cinderclient python2-keystoneclient edk2-aarch64 && yum clean all && rm -rf /var/cache/yum + +RUN mkdir -p /usr/share/AAVMF \ + && ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw /usr/share/AAVMF/AAVMF_CODE.fd \ + && ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw /usr/share/AAVMF/AAVMF_VARS.fd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_nova_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_nova_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/nova/nova-base/extend_start.sh new file mode 100644 index 0000000..eee0f16 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/nova" ]]; then + mkdir -p /var/log/kolla/nova +fi +if [[ $(stat -c %a /var/log/kolla/nova) != "755" ]]; then + chmod 755 /var/log/kolla/nova +fi + +. /usr/local/bin/kolla_nova_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-base/nova_sudoers b/kolla/rocky/20.03-lts-sp2/nova/nova-base/nova_sudoers new file mode 100644 index 0000000..6d73da6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-base/nova_sudoers @@ -0,0 +1 @@ +nova ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf * diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile new file mode 100644 index 0000000..0f951da --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-compute-ironic/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install genisoimage nvme-cli openstack-nova-compute && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-compute/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-compute/Dockerfile new file mode 100644 index 0000000..fed7348 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-compute/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install ceph-common device-mapper-multipath e2fsprogs genisoimage iscsi-initiator-utils nfs-utils nvme-cli openstack-nova-compute openvswitch parted python2-libguestfs python2-oslo-vmware python2-rtslib-fb sysfsutils xfsprogs qemu-block-rbd && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start +RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \ + && rm -f /etc/machine-id + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-compute/extend_start.sh b/kolla/rocky/20.03-lts-sp2/nova/nova-compute/extend_start.sh new file mode 100644 index 0000000..a458625 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-compute/extend_start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [[ ! -d /var/lib/nova/instances ]]; then + mkdir -p /var/lib/nova/instances +fi diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-conductor/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-conductor/Dockerfile new file mode 100644 index 0000000..a71f9e2 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-conductor/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-nova-conductor && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile new file mode 100644 index 0000000..ba030be --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-consoleauth/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-nova-console && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/Dockerfile new file mode 100644 index 0000000..42b10e3 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/Dockerfile @@ -0,0 +1,16 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/nova --groups kolla nova \ + && usermod --append --groups qemu nova \ + && mkdir -p /var/lib/nova \ + && chown -R 42436:42436 /var/lib/nova + +RUN yum -y install ceph-common cyrus-sasl-scram libguestfs libvirt-client libvirt-daemon libvirt-daemon-config-nwfilter libvirt-daemon-driver-nwfilter openvswitch qemu-block-rbd qemu edk2-aarch64 && yum clean all && rm -rf /var/cache/yum + +RUN mkdir -p /usr/share/AAVMF \ + && ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw /usr/share/AAVMF/AAVMF_CODE.fd \ + && ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw /usr/share/AAVMF/AAVMF_VARS.fd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh b/kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh new file mode 100644 index 0000000..a0ccf18 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-libvirt/extend_start.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# TODO(SamYaple): Tweak libvirt.conf rather than change permissions. +# Fix permissions for libvirt +# Do not remove unless CentOS has been validated +if [[ -c /dev/kvm ]]; then + chmod 660 /dev/kvm + chown root:qemu /dev/kvm +fi + +# Mount xenfs for libxl to work +if [[ $(lsmod | grep xenfs) ]]; then + mount -t xenfs xenfs /proc/xen +fi + +if [[ ! -d "/var/log/kolla/libvirt" ]]; then + mkdir -p /var/log/kolla/libvirt + touch /var/log/kolla/libvirt/libvirtd.log + chmod 644 /var/log/kolla/libvirt/libvirtd.log +fi +if [[ $(stat -c %a /var/log/kolla/libvirt) != "755" ]]; then + chmod 755 /var/log/kolla/libvirt + chmod 644 /var/log/kolla/libvirt/libvirtd.log +fi diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile new file mode 100644 index 0000000..a333431 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-novncproxy/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install novnc openstack-nova-novncproxy && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/Dockerfile new file mode 100644 index 0000000..165cc57 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install httpd mod_ssl mod_wsgi openstack-nova-placement-api && yum clean all && rm -rf /var/cache/yum +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \ + && rm -f /etc/httpd/conf.d/00-nova-placement-api.conf + +COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start +RUN chmod 755 /usr/local/bin/kolla_nova_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh b/kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh new file mode 100644 index 0000000..4596bf6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-placement-api/extend_start.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# NOTE(pbourke): httpd will not clean up after itself in some cases which +# results in the container not being able to restart. (bug #1489676, 1557036) +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + # Loading Apache2 ENV variables + . /etc/apache2/envvars + rm -rf /var/run/apache2/* +else + rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* +fi diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-scheduler/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-scheduler/Dockerfile new file mode 100644 index 0000000..fba2ccc --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-scheduler/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-nova-scheduler && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile new file mode 100644 index 0000000..646aef6 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-serialproxy/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-nova-serialproxy && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile new file mode 100644 index 0000000..ea8d5e7 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-spicehtml5proxy/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN yum -y install numpy openstack-nova-spicehtml5proxy && yum clean all && rm -rf /var/cache/yum + +USER nova diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-ssh/Dockerfile b/kolla/rocky/20.03-lts-sp2/nova/nova-ssh/Dockerfile new file mode 100644 index 0000000..a19879d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-ssh/Dockerfile @@ -0,0 +1,14 @@ +FROM openeuler/openeuler-binary-nova-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/nova --groups kolla nova \ + && chsh --shell /bin/bash nova \ + && mkdir -p /var/lib/nova \ + && chown -R 42436:42436 /var/lib/nova + +RUN yum -y install openssh-server && yum clean all && rm -rf /var/cache/yum + +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/nova/nova-ssh/extend_start.sh b/kolla/rocky/20.03-lts-sp2/nova/nova-ssh/extend_start.sh new file mode 100644 index 0000000..6d52952 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/nova/nova-ssh/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +SSH_HOST_KEY_TYPES=( "rsa" "dsa" "ecdsa" "ed25519" ) + +for key_type in ${SSH_HOST_KEY_TYPES[@]}; do + KEY_PATH=/etc/ssh/ssh_host_${key_type}_key + if [[ ! -f "${KEY_PATH}" ]]; then + ssh-keygen -q -t ${key_type} -f ${KEY_PATH} -N "" + fi +done + +mkdir -p /var/lib/nova/.ssh + +if [[ $(stat -c %U:%G /var/lib/nova/.ssh) != "nova:nova" ]]; then + chown nova: /var/lib/nova/.ssh +fi diff --git a/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile new file mode 100644 index 0000000..10743bd --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/Dockerfile @@ -0,0 +1,11 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/novajoin --groups kolla novajoin \ + && mkdir -p /var/lib/novajoin \ + && chown -R 42470:42470 /var/lib/novajoin + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 750 /etc/sudoers.d \ + && touch /usr/local/bin/kolla_novajoin_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_novajoin_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh new file mode 100644 index 0000000..f5b38b8 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/novajoin" ]]; then + mkdir -p /var/log/kolla/novajoin +fi +if [[ $(stat -c %a /var/log/kolla/novajoin) != "755" ]]; then + chmod 755 /var/log/kolla/novajoin +fi + +. /usr/local/bin/kolla_novajoin_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile new file mode 100644 index 0000000..094aac7 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-notifier/Dockerfile @@ -0,0 +1 @@ +FROM openeuler/openeuler-binary-novajoin-base:rocky-20.03-lts-sp2 diff --git a/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile new file mode 100644 index 0000000..094aac7 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/novajoin/novajoin-server/Dockerfile @@ -0,0 +1 @@ +FROM openeuler/openeuler-binary-novajoin-base:rocky-20.03-lts-sp2 diff --git a/kolla/rocky/20.03-lts-sp2/openstack-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/openstack-base/Dockerfile new file mode 100644 index 0000000..60167eb --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/openstack-base/Dockerfile @@ -0,0 +1,9 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN yum -y install avahi-libs cups-libs fontconfig fontpackages-filesystem freetype gnutls initscripts iproute libjpeg-turbo libpng libX11 libX11-common libXau libxcb libXext libXi libxslt libyaml mailcap MySQL-python openssl python2-pyOpenSSL pyparsing python2-crypto python2-msgpack python2-cryptography python2-debtcollector python2-eventlet python2-fasteners python2-funcsigs python2-futurist python2-greenlet python2-iso8601 python2-oslo-cache python2-oslo-concurrency python2-oslo-config python2-oslo-context python2-oslo-db python2-oslo-i18n python2-oslo-log python2-oslo-messaging python2-oslo-middleware python2-oslo-policy python2-oslo-reports python2-oslo-rootwrap python2-oslo-serialization python2-oslo-service python2-oslo-utils python2-oslo-versionedobjects python2-pika python2-pika-pool python2-pyasn1 python2-PyMySQL python2-sysv-ipc python2-zake python2-alembic python2-amqp python2-barbicanclient python2-beaker python2-cachetools python2-cffi python2-cliff python2-cmd2 python2-contextlib2 python2-dateutil python2-decorator python2-designateclient python2-dogpile-cache python2-editor python2-enum34 python2-extras python2-fixtures python2-futures python2-glanceclient python2-heatclient python2-httplib2 python2-idna python2-inotify python2-ipaddress python2-ironicclient python2-jsonpatch python2-jsonpointer python2-jsonschema python2-kazoo python2-keyring python2-keystoneauth1 python2-keystoneclient python2-keystonemiddleware python2-kombu python2-linecache2 python2-logutils python2-lxml python2-mako python2-memcached python2-sqlalchemy-migrate python2-mimeparse python2-mistralclient python2-monotonic python2-netaddr python2-netifaces python2-neutronclient python2-novaclient python2-openstackclient python2-osprofiler python2-paramiko python2-paste python2-paste-deploy python2-pbr python2-ply python2-prettytable python2-psycopg2 python2-pycparser python2-PyMySQL python2-redis python2-repoze-lru python2-requests python2-retrying python2-routes python2-simplejson python2-sqlalchemy python2-sqlparse python2-stevedore python2-swiftclient python2-tempita python2-testtools python2-tooz python2-traceback2 python2-troveclient python2-unicodecsv python2-unittest2 python2-urllib3 python2-warlock python2-webob python2-wrapt PyYAML systemd-sysv tcp_wrappers-libs && yum clean all && rm -rf /var/cache/yum + +RUN printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth" | \ + openssl req -x509 -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key \ + -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config - \ + && chmod 644 /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key + diff --git a/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile new file mode 100644 index 0000000..9f123c9 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/prometheus --groups kolla prometheus \ + && mkdir -p /var/lib/prometheus \ + && chown -R 42472:42472 /var/lib/prometheus + +ENV prometheus_arch=arm64 + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh new file mode 100644 index 0000000..8613330 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-base/extend_start.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Create log directory, with appropriate permissions +if [[ ! -d "/var/log/kolla/prometheus" ]]; then + mkdir -p /var/log/kolla/prometheus +fi +if [[ $(stat -c %a /var/log/kolla/prometheus) != "755" ]]; then + chmod 755 /var/log/kolla/prometheus +fi diff --git a/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile b/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile new file mode 100644 index 0000000..06683c3 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/prometheus/prometheus-haproxy-exporter/Dockerfile @@ -0,0 +1,10 @@ +FROM openeuler/openeuler-binary-prometheus-base:rocky-20.03-lts-sp2 + +ENV haproxy_exporter_version=0.7.1 + +RUN curl -sSL -o /tmp/haproxy_exporter.tar.gz https://github.com/prometheus/haproxy_exporter/releases/download/v${haproxy_exporter_version}/haproxy_exporter-${haproxy_exporter_version}.linux-${prometheus_arch}.tar.gz \ + && tar xvf /tmp/haproxy_exporter.tar.gz -C /opt/ \ + && rm -f /tmp/haproxy_exporter.tar.gz \ + && ln -s /opt/haproxy_exporter* /opt/haproxy_exporter + +USER prometheus diff --git a/kolla/rocky/20.03-lts-sp2/rabbitmq/Dockerfile b/kolla/rocky/20.03-lts-sp2/rabbitmq/Dockerfile new file mode 100644 index 0000000..a42f539 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/rabbitmq/Dockerfile @@ -0,0 +1,18 @@ +FROM openeuler/openeuler-binary-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/rabbitmq --groups kolla rabbitmq \ + && mkdir -p /var/lib/rabbitmq \ + && chown -R 42439:42439 /var/lib/rabbitmq + +RUN yum -y install erlang-hipe hostname rabbitmq-server && yum clean all && rm -rf /var/cache/yum + +RUN rabbitmq-plugins list | grep rabbitmq_management &>/dev/null \ + && rabbitmq-plugins enable rabbitmq_management \ + && ln -s `rpm -ql rabbitmq-server | grep cuttlefish` /usr/lib/rabbitmq/bin/cuttlefish \ + && rm -f /etc/rabbitmq/rabbitmq.config + +COPY extend_start.sh /usr/local/bin/kolla_extend_start +COPY rabbitmq_get_gospel_node.py /usr/local/bin/rabbitmq_get_gospel_node +RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node + +USER rabbitmq diff --git a/kolla/rocky/20.03-lts-sp2/rabbitmq/extend_start.sh b/kolla/rocky/20.03-lts-sp2/rabbitmq/extend_start.sh new file mode 100644 index 0000000..ef28d2b --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/rabbitmq/extend_start.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +: ${RABBITMQ_LOG_DIR:=/var/log/kolla/rabbitmq} + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + +# NOTE(sbezverk): In kubernetes environment, if this file exists from previous +# bootstrap, the system does not allow to overwrite it (it bootstrap files with +# permission denied error) but it allows to delete it and then recreate it. + if [[ -e "/var/lib/rabbitmq/.erlang.cookie" ]]; then + rm -f /var/lib/rabbitmq/.erlang.cookie + fi + echo "${RABBITMQ_CLUSTER_COOKIE}" > /var/lib/rabbitmq/.erlang.cookie + chmod 400 /var/lib/rabbitmq/.erlang.cookie + exit 0 +fi + +if [[ ! -d "${RABBITMQ_LOG_DIR}" ]]; then + mkdir -p ${RABBITMQ_LOG_DIR} +fi + +if [[ $(stat -c %a ${RABBITMQ_LOG_DIR}) != "755" ]]; then + chmod 755 ${RABBITMQ_LOG_DIR} +fi diff --git a/kolla/rocky/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py b/kolla/rocky/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py new file mode 100644 index 0000000..9f40c92 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/rabbitmq/rabbitmq_get_gospel_node.py @@ -0,0 +1,63 @@ +#!/usr/bin/python + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import json +import subprocess # nosec +import traceback + + +def extract_gospel_node(term): + return term.split("@")[1].translate(None, "\'\"{},") + + +def main(): + try: + # TODO(pbourke): see if can get gospel node without requiring shell + raw_status = subprocess.check_output( + "/usr/sbin/rabbitmqctl eval 'rabbit_clusterer:status().'", + shell=True, stderr=subprocess.STDOUT # nosec: this command appears + # to require a shell to work + ) + if "Rabbit is running in cluster configuration" not in raw_status: + raise AttributeError + gospel_line = [ + line for line in raw_status.split('\n') if 'gospel' in line + ][0] + gospel_node = extract_gospel_node(gospel_line) + if not gospel_node: + raise AttributeError + except AttributeError: + result = { + 'failed': True, + 'error': raw_status, + 'changed': True + } + except Exception: + result = { + 'failed': True, + 'error': traceback.format_exc(), + 'changed': True + } + else: + result = { + 'failed': False, + 'hostname': gospel_node, + 'changed': False + } + + print(json.dumps(result)) + + +if __name__ == '__main__': + main() diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-api/Dockerfile b/kolla/rocky/20.03-lts-sp2/trove/trove-api/Dockerfile new file mode 100644 index 0000000..6180d05 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-api/Dockerfile @@ -0,0 +1,8 @@ +FROM openeuler/openeuler-binary-trove-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-trove-api && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_trove_extend_start +RUN chmod 755 /usr/local/bin/kolla_trove_extend_start + +USER trove diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-api/extend_start.sh b/kolla/rocky/20.03-lts-sp2/trove/trove-api/extend_start.sh new file mode 100644 index 0000000..76839e2 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-api/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + trove-manage db_sync + exit 0 +fi diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-base/Dockerfile b/kolla/rocky/20.03-lts-sp2/trove/trove-base/Dockerfile new file mode 100644 index 0000000..e66b5bb --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-base/Dockerfile @@ -0,0 +1,13 @@ +FROM openeuler/openeuler-binary-openstack-base:rocky-20.03-lts-sp2 + +RUN usermod --append --home /var/lib/trove --groups kolla trove \ + && mkdir -p /var/lib/trove \ + && chown -R 42449:42449 /var/lib/trove + +RUN yum -y install openstack-trove-common && yum clean all && rm -rf /var/cache/yum + +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN touch /usr/local/bin/kolla_trove_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_trove_extend_start + diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-base/extend_start.sh b/kolla/rocky/20.03-lts-sp2/trove/trove-base/extend_start.sh new file mode 100644 index 0000000..581a83d --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-base/extend_start.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [[ ! -d "/var/log/kolla/trove" ]]; then + mkdir -p /var/log/kolla/trove +fi +if [[ $(stat -c %a /var/log/kolla/trove) != "755" ]]; then + chmod 755 /var/log/kolla/trove +fi + +. /usr/local/bin/kolla_trove_extend_start diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-conductor/Dockerfile b/kolla/rocky/20.03-lts-sp2/trove/trove-conductor/Dockerfile new file mode 100644 index 0000000..8839393 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-conductor/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-trove-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-trove-conductor && yum clean all && rm -rf /var/cache/yum + +USER trove diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-guestagent/Dockerfile b/kolla/rocky/20.03-lts-sp2/trove/trove-guestagent/Dockerfile new file mode 100644 index 0000000..0e1bd75 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-guestagent/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-trove-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-trove-guestagent && yum clean all && rm -rf /var/cache/yum + +USER trove diff --git a/kolla/rocky/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile b/kolla/rocky/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile new file mode 100644 index 0000000..bcb6f41 --- /dev/null +++ b/kolla/rocky/20.03-lts-sp2/trove/trove-taskmanager/Dockerfile @@ -0,0 +1,5 @@ +FROM openeuler/openeuler-binary-trove-base:rocky-20.03-lts-sp2 + +RUN yum -y install openstack-trove-taskmanager && yum clean all && rm -rf /var/cache/yum + +USER trove -- Gitee