37 Commits

Author SHA1 Message Date
Swapnil Kulkarni (coolsvap)
59a1c8b9fb Remove hardcoded MAINTAINER in Dockerfiles
Added new option in kolla-build.conf

Change-Id: I45fe51966bcb59ea19d112281ba3d5a1ba091a56
Closes-Bug:#1514304
2015-11-23 11:03:47 +00:00
Sam Yaple
ea9d5cd067 Move USER operation after footer
The USER operation affects all docker commands after it. This causes a
problem with our {{ include_footer }} implementation since commands in
that footer may require elevated permissions to perform.

In the current implementation I can no longer remove my proxy settings
once the USER has been changed.

Change-Id: I9b2bab5a15f595f6d52a46c64ddf59ba5608b938
Partially-Implements: blueprint drop-root
2015-11-12 14:34:09 +00:00
Steven Dake
bd9e8c22d7 drop root for glance
This uses the grouping feature of sudo to limit the amount of times
the base sudo file has to be modified to only once.  The container
contents always runs as the user root, except the software which is
controlled by Kolla.  This software may run as root, but it has
undergone a security audit and preserves permissions of the correct
files and does not permit the glance user to write any of the
set_config.py control files.

Change-Id: Ie3cd23edcde5b408a8f66970456279a1b15028e0
Partially-Implements: blueprint drop-root
2015-11-09 11:00:29 -05:00
Sam Yaple
cb4e875ae1 Common start.sh
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.

The start.sh is moved into /usr/local/bin/kolla_start in the container

The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.

Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.

Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.

Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295
2015-10-06 03:30:26 +00:00
Jenkins
6a622ec82c Merge "Implement a install_type and install_metatype" 2015-09-28 10:49:53 +00:00
Steven Dake
0e99b69de4 Implement a install_type and install_metatype
This prepares for the RHEL OSP implementation by making the build
tool convert all binary-* into an install_type of binary and * into
an install_metatype variable substitution inside the Dockerfiles.
Further binary-* is substituted as install_name to enable proper
building only.

Change-Id: Ib681b29176eb79a3cab12ec824313fdecb6e7a5f
Partially-Implements: blueprint rhel-based-image-support
2015-09-28 03:16:48 -07:00
Sam Yaple
160f1cc011 remove set_configs
Change-Id: I9bb0a1fac63cc326234b0f06b1e56b43e0753279
Partially-Implements: blueprint replace-config-external
2015-09-27 13:44:50 +00:00
Sam Yaple
a1b0518b9a Fix removal of config-external
I removed the files but not the COPY commands thus breaking all of
Kolla

Change-Id: I37d3e0cb94a1ecc12971f485f953310ba8fee53c
Partially-Implements: blueprint replace-config-external
2015-09-25 20:08:40 +00:00
Sam Yaple
e2e0fd288f Remove config-external.sh
Removes config-external for all services that have been replaced in
Ansible

Change-Id: I839a14418638b977fbc1d02ba6839811b0f909ea
Partially-Implements: blueprint replace-config-external
2015-09-25 13:00:55 +00:00
rthallisey
3fa0aa2ddc Replace config-external with a JSON file for Glance
Change-Id: I14187db31a009c150424ea28b854a78c9ae3941d
Partially-Implements: blueprint replace-config-external
2015-09-18 15:19:06 -04:00
Sam Yaple
cbd42ca6e9 Move docker_templates to docker dir
Updated build.py to reflect this change.
Deprecate --template option and make it a noop.

Change-Id: I7cd98d1ee684a4c64984a49597159868152683b2
Partially-Implements: blueprint remove-docker-dir
2015-08-28 13:33:50 +00:00
Sam Yaple
13062e23e8 Restructure builds to allow more flexibility
As a restructure, nothing is changed from the original behaviour and
naming despite the file structure changing. The symlinks to build had
to be updated generating lots of "deleted" and "new_file".

The new structure is:

docker/${base_distro}/${type}/${container}

base_distro == centos, ubuntu, fedora, etc
type == source, binary, rdo

type rdo is a symlink to binary for backwards compatibility

Two new flags are added to the build-all script to support the ability
to support different base distros and a flag to support binary or source
containers.

There are several added folders that are empty to hold the directory
structure for future containers of these types.

To use a prefix other than centos-rdo- you can set PREFIX in the toplevel
directory .buildconf file

Change-Id: Ifc7bac0d827470f506c8b5c004a833da9ce13b90
2015-05-15 01:32:22 -05:00
Steven Dake
d30f69bc83 Port to icehouse
This represents making build-docker-images --release build
with the icehouse tag and causes docker-compsoe to pull from
the icehouse tag.

Partially-implements: blueprint port-kilo

Change-Id: I66b2c39abc55c0f47152dd90e696fc46b9c58f50
2015-05-06 09:58:43 -07:00
Chen Zhiwei
76c1fe6371 Change the default shell to bash
Unify the shell to bash in all Kolla scripts.

Change-Id: Ib9591b2f8f344eb88455c5e9b7ecf2164fb5960a
Implements: blueprint use-bash-shell
2015-04-27 13:26:37 +08:00
Steven Dake
a87980e5c2 Remove EXPOSE options from Dockerfiles
The EXPOSE options will create a local docker-proxy.  This is
unnecessary with --net=host mode.  The docker-proxy adds about
20 microseconds of latency.  Add documentation to the specification
to indicate where to find the ports that are exposed by the
services in case someone were to desire to add EXPOSE back to
the Dockerfiles.

Change-Id: I398e922fe096d6022a2d5985bb92498f89a5ea31
2015-04-06 20:25:18 -07:00
Martin André
056e02d0d3 Simplify wait_for calls
Rely on the the `check_for_*` functions and remove redundant
`fail_unless_*` calls.

Also change `wait_for` to exit when it is missing a required argument.

Change-Id: I90c4545691d53185556e2838303ac3df0afaf9fa
2015-04-01 16:41:52 +09:00
Martin André
34872c1c2f Allow check_for_* functions to be consumed by wait_for
In order for the `check_for_*` functions to be consumed by `wait_for`,
they should notify of their success but not exit.

As a consequence, the previous behavior is restored by the fail_unless_*
companion functions.

With this change, it is now possible to do:

    wait_for 30 1 check_for_os_service_running keystone

Change-Id: I16ddf8913027030c3ccb5487713d172904508fd6
2015-04-01 16:39:44 +09:00
Martin André
448e48a75b Cleanup leftovers after wait_for was merged into kolla-common.sh
Change-Id: I97ab671bfbdcf5434feedec617a938b30af4579b
2015-03-21 11:11:57 +09:00
Ryan Hallisey
a2dae48b87 Glance containers need to be changed so they work without kubernetes
This patch overlaps a little bit with https://review.openstack.org/#/c/162358/.
There were some additional glance config that needs to be added to run without
kubernetes.

Co-authored by: Charles Crouch (charcrou@cisco.com)
Change-Id: I1aab2f6e4a80aaf1e6c4b7fe330bcf9a7740fdc6
2015-03-10 18:04:44 -04:00
Martin André
0764fd7dea Allow changing base image
By changing the PREFIX variable in the .buildconf one is now able to
build docker images from different bases.

For example, add the following line to your .buildconf file to build
CentOS based images:

    PREFIX=centos-rdo-

Default base image is Fedora. For now only RH family is supported.

Additionally, changing the namespace either with the NAMESPACE variable
in .buildconf or via --namespace commandline option now changes the
source namespace as well from the default kollaglue one.

Implements: blueprint multi-baseos
Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: I3964cd2292789ea883a1f2d2738a5731a4fff49b
2015-03-02 14:08:06 +09:00
Martin André
7bab87f8cc Cleanup variable checks in glance-registry/start.sh
Remove redundant checks for MARIADB_SERVICE_HOST and DB_ROOT_PASSWORD
that are performed in `check_for_db`, and add missing check for
GLANCE_DB_USER.

Change-Id: Ie8194ce76274a9356dcc0b51353873d8a632c66a
2014-12-03 13:30:13 +09:00
Lars Kellogg-Stedman
277f2448e8 Update MAINTAINER in Dockerfiles to Kolla Project
Remove individual MAINTAINER information from Dockerfiles.

Change-Id: I777df5cde049599dc786176e1d5b4b9597f0b334
2014-10-22 11:11:31 -04:00
Lars Kellogg-Stedman
165307eb66 glance: cleanup; use kolla-common; exit on errors
cause glance start.sh scripts to exit on any errors (allowing kubernetes
to reschedule the pod).

Change-Id: Ibebbf47758a1dfc241cb04cdb12e44af77f92b55
2014-10-13 14:41:37 -04:00
Lars Kellogg-Stedman
a4069300aa correct various issues with glance images and configs
- update keystone endpoints/user on boot (to avoid problems caused by,
  e.g., a stale password or invalid endpoint urls)
- require GLANCE_DB_PASSWORD and GLANCE_KEYSTONE_PASSWORD in the
  environment, since we start multiple containers

Change-Id: I31214b81280ed34409f92e79003c1116d5737d2e
2014-10-13 09:53:56 -04:00
Lars Kellogg-Stedman
d28f83dace fix issues with glance scripts
- glance was using wrong var name for admin_password
- also missing "\" in several places, breaking multi-line crudini
  commands.
- glance was using wrong tenant name
- in the registry container, glance-manage appears to reference
  glance-api.conf
- the glance.json config file was not spawning a registry container

Change-Id: I280d1db3ed576988f2bf29ea665e1922a37f8752
2014-10-07 12:49:23 -04:00
Lars Kellogg-Stedman
3c080f9e62 renamed keystone services
This renames the keystone services so that they are named by function,
rather than port number (which would be confusing if they were running
on a different port).

Change-Id: Ibb0263a133c28a104563df431870a9effe584012
2014-10-07 11:11:19 -04:00
Lars Kellogg-Stedman
068face6fa use renamed mariadb services
This patch updates all the json files that reference the mariadb service
variables to ues the new names.

Labelling things foo-master crept into this repository from the
kubernetes guestbook example (which has redis-master and redis-slaves).
We're not running clustered software at the moment so these labels are
unnecessary.

Change-Id: I229d04c89aa13cb6cc2e1c33a0a7b21e1c6e9caa
2014-10-07 10:58:52 -04:00
Lars Kellogg-Stedman
24b6db92bc introduce a new build mechanism
This patch replaces the collection of individual "build" scripts with a
single script (tools/build-docker-image), made available as "build"
inside each image directory.

The build-docker-image script will, by default, build images tagged with
the current commit id in order to prevent developers from accidentally
stepping on each other or on release images.

Documentation in docs/image-building.md describes the script in more
detail.

Change-Id: I444d5c2256a85223f8750a0904cb4b07f18ab67f
2014-10-04 11:03:39 -04:00
Dan Radez
4592e3884f Updates to glance start scripts, db and user/role creation
- adding db sync and db creation as utf8
- fixing user and role creation

Partial-blueprint: kube-glance-container

Change-Id: I15be99f26483e490fccc23d029f39645c13c724b
2014-10-03 16:10:17 -04:00
Dan Radez
9709ae1aa5 updating build and start scripts for glance 2014-09-30 15:50:14 -04:00
Steven Dake
7bb837fc65 Add a push script for each of the separate daemons
This pushes to the docker registry.
2014-09-25 22:15:27 -07:00
Steven Dake
fd22b2346e Make build tools build with kollaglue login
Build with kollaglue login.  Then we can upload all images under
that user namespace.
2014-09-25 22:15:27 -07:00
Steven Dake
90013491e4 Fix building of glance images
The rebuild on fedora-rdo-base broke glance building
2014-09-20 20:15:56 -07:00
Steven Dake
ed602e7e65 Provide script to build docker images
Build all docker images one at a time or with one top level call
2014-09-20 18:57:08 -07:00
Steven Dake
ce94f823d4 Base images from Fedora 20 + RDO Icehouse
Previously images were based from RHEL OSP + RDO Icehouse.  This presents
a problem in that internal urls are used to access the rhel7 repositories.
For new contributors, we need something that can be accessed without special
rhel7 permissions.

mariadb and rabbitmq can from fedora
cinder, glance, keystone can from fedora-rdo-base

This patch also uses the RDO repositories from upstream.  This patch also
udpates the base fedora image with latest bits.
2014-09-20 13:49:13 -07:00
Lars Kellogg-Stedman
25cfe70226 added a bunch of glance stuff 2014-09-18 21:41:38 -04:00
Lars Kellogg-Stedman
174c301ede start work on glance image 2014-09-18 16:32:27 -04:00