diff --git a/docker/cinder/cinder-base/Dockerfile.j2 b/docker/cinder/cinder-base/Dockerfile.j2 index d7ba7612ac..0f0b208948 100644 --- a/docker/cinder/cinder-base/Dockerfile.j2 +++ b/docker/cinder/cinder-base/Dockerfile.j2 @@ -44,7 +44,7 @@ RUN ln -s cinder-base-source/* cinder \ && {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/cinder \ && cp -r /cinder/etc/cinder/* /etc/cinder/ \ - && cp /etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \ + && cp /var/lib/kolla/venv/etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf \ && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \ diff --git a/docker/glance/glance-base/Dockerfile.j2 b/docker/glance/glance-base/Dockerfile.j2 index 19c8f58d38..f6cfe1b44e 100644 --- a/docker/glance/glance-base/Dockerfile.j2 +++ b/docker/glance/glance-base/Dockerfile.j2 @@ -41,7 +41,7 @@ RUN ln -s glance-base-source/* glance \ && {{ macros.install_pip(glance_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/glance \ && cp -r /glance/etc/* /etc/glance/ \ - && cp /etc/pycadf/glance_api_audit_map.conf /etc/glance/ \ + && cp /var/lib/kolla/venv/etc/pycadf/glance_api_audit_map.conf /etc/glance/ \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/glance/rootwrap.conf \ && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_glance_sudoers \ diff --git a/docker/gnocchi/gnocchi-base/Dockerfile.j2 b/docker/gnocchi/gnocchi-base/Dockerfile.j2 index 00d1abad96..f6376e8b06 100644 --- a/docker/gnocchi/gnocchi-base/Dockerfile.j2 +++ b/docker/gnocchi/gnocchi-base/Dockerfile.j2 @@ -46,7 +46,7 @@ RUN {{ macros.upper_constraints_version_change("Werkzeug", "3.0.1", "2.2.3") }} RUN ln -s gnocchi-base-source/* gnocchi \ && {{ macros.install_pip(gnocchi_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/gnocchi \ - && cp /etc/pycadf/gnocchi_api_audit_map.conf /etc/gnocchi/ \ + && cp /var/lib/kolla/venv/etc/pycadf/gnocchi_api_audit_map.conf /etc/gnocchi/ \ && chmod 750 /etc/sudoers.d \ && chmod 640 /etc/sudoers.d/kolla_gnocchi_sudoers \ && touch /usr/local/bin/kolla_gnocchi_extend_start \ diff --git a/docker/heat/heat-base/Dockerfile.j2 b/docker/heat/heat-base/Dockerfile.j2 index e3737f6187..59d6aabb86 100644 --- a/docker/heat/heat-base/Dockerfile.j2 +++ b/docker/heat/heat-base/Dockerfile.j2 @@ -27,7 +27,7 @@ RUN ln -s heat-base-source/* heat \ && {{ macros.install_pip(heat_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/heat \ && cp -r /heat/etc/heat/* /etc/heat/ \ - && cp /etc/pycadf/heat_api_audit_map.conf /etc/heat/ \ + && cp /var/lib/kolla/venv/etc/pycadf/heat_api_audit_map.conf /etc/heat/ \ && touch /usr/local/bin/kolla_heat_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_heat_extend_start diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2 index a468a2b32a..2002438c02 100644 --- a/docker/ironic/ironic-base/Dockerfile.j2 +++ b/docker/ironic/ironic-base/Dockerfile.j2 @@ -7,7 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{{ macros.configure_user(name='ironic') }} +{{ macros.configure_user(name='ironic', shell='/bin/bash') }} ADD ironic-base-archive /ironic-base-source ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers @@ -22,7 +22,7 @@ RUN ln -s ironic-base-source/* ironic \ && {{ macros.install_pip(ironic_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/ironic \ && cp -r /var/lib/kolla/venv/etc/ironic/* /etc/ironic/ \ - && cp /etc/pycadf/ironic_api_audit_map.conf /etc/ironic/ \ + && cp /var/lib/kolla/venv/etc/pycadf/ironic_api_audit_map.conf /etc/ironic/ \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf \ && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers \ diff --git a/docker/ironic/ironic-base/extend_start.sh b/docker/ironic/ironic-base/extend_start.sh index e3b1d4e2dc..dc6b05caaf 100644 --- a/docker/ironic/ironic-base/extend_start.sh +++ b/docker/ironic/ironic-base/extend_start.sh @@ -1,12 +1,22 @@ #!/bin/bash LOG_PATH=/var/log/kolla/ironic +METRICS_PATH=/var/lib/ironic-metrics if [[ ! -d "${LOG_PATH}" ]]; then mkdir -p "${LOG_PATH}" fi +if [[ ! -d "${METRICS_PATH}" ]]; then + sudo mkdir -p "${METRICS_PATH}" +fi if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then chmod 755 "${LOG_PATH}" fi +if [[ $(stat -c %U:%G "${METRICS_PATH}") != "ironic:ironic" ]]; then + sudo chown ironic:ironic "${METRICS_PATH}" +fi +if [[ $(stat -c %a "${METRICS_PATH}") != "2775" ]]; then + sudo chmod 2775 "${METRICS_PATH}" +fi . /usr/local/bin/kolla_ironic_extend_start diff --git a/docker/ironic/ironic-base/ironic_sudoers b/docker/ironic/ironic-base/ironic_sudoers index 3e7c843f39..1a3f32e1af 100644 --- a/docker/ironic/ironic-base/ironic_sudoers +++ b/docker/ironic/ironic-base/ironic_sudoers @@ -1 +1,4 @@ ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf * +ironic ALL = (root) NOPASSWD: /bin/mkdir -p /var/lib/ironic-metrics, /usr/bin/mkdir -p /var/lib/ironic-metrics +ironic ALL = (root) NOPASSWD: /bin/chown ironic\:ironic /var/lib/ironic-metrics, /usr/bin/chown ironic\:ironic /var/lib/ironic-metrics +ironic ALL = (root) NOPASSWD: /bin/chmod 2755 /var/lib/ironic-metrics, /usr/bin/chmod 2775 /var/lib/ironic-metrics diff --git a/docker/neutron/neutron-base/Dockerfile.j2 b/docker/neutron/neutron-base/Dockerfile.j2 index d437a83498..40015e4956 100644 --- a/docker/neutron/neutron-base/Dockerfile.j2 +++ b/docker/neutron/neutron-base/Dockerfile.j2 @@ -74,7 +74,7 @@ RUN ln -s neutron-base-source/* neutron \ && mkdir -p /etc/neutron \ && cp -r /neutron/etc/* /etc/neutron/ \ && cp -r /neutron/etc/neutron/* /etc/neutron/ \ - && cp /etc/pycadf/neutron_api_audit_map.conf /etc/neutron/ \ + && cp /var/lib/kolla/venv/etc/pycadf/neutron_api_audit_map.conf /etc/neutron/ \ && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf \ && if [ "$(ls /plugins)" ]; then \ diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2 index 8f42da4e74..8768c446d4 100644 --- a/docker/nova/nova-base/Dockerfile.j2 +++ b/docker/nova/nova-base/Dockerfile.j2 @@ -70,7 +70,7 @@ RUN ln -s nova-base-source/* nova \ && {{ macros.install_pip(nova_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/nova/ \ && cp -r /nova/etc/nova/* /etc/nova/ \ - && cp /etc/pycadf/nova_api_audit_map.conf /etc/nova/ \ + && cp /var/lib/kolla/venv/etc/pycadf/nova_api_audit_map.conf /etc/nova/ \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf \ && if [ "$(ls /plugins)" ]; then \ {{ macros.install_pip(nova_base_plugins_pip_packages) }}; \ diff --git a/docker/openstack-base/Dockerfile.j2 b/docker/openstack-base/Dockerfile.j2 index af6492377d..8cb8a97b70 100644 --- a/docker/openstack-base/Dockerfile.j2 +++ b/docker/openstack-base/Dockerfile.j2 @@ -137,7 +137,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build 'pika', 'prettytable', 'psutil', - '/plugins/pycadf*', + 'pycadf', 'pymysql', 'pyngus', 'pyparsing', @@ -186,9 +186,6 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build ADD openstack-base-archive /openstack-base-source ADD plugins-archive / -RUN mkdir -p /etc/pycadf \ - && cp /plugins/pycadf*/etc/pycadf/* /etc/pycadf/ - RUN ln -s openstack-base-source/* /requirements \ {# NOTE(mnasiadka): Remove ovs from upper-constraints.txt because python3-openvswitch diff --git a/docker/swift/swift-base/Dockerfile.j2 b/docker/swift/swift-base/Dockerfile.j2 index 975eed9c6e..a460d59d9a 100644 --- a/docker/swift/swift-base/Dockerfile.j2 +++ b/docker/swift/swift-base/Dockerfile.j2 @@ -37,7 +37,7 @@ RUN ln -s swift-base-source/* swift \ && {{ macros.install_pip(swift_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/swift /var/cache/swift /var/lock/swift \ && cp -r /swift/etc/* /etc/swift/ \ - && cp /etc/pycadf/swift_api_audit_map.conf /etc/swift/ \ + && cp /var/lib/kolla/venv/etc/pycadf/swift_api_audit_map.conf /etc/swift/ \ && chown -R swift: /var/cache/swift /var/lock/swift \ && chmod 750 /etc/sudoers.d \ && chmod 440 /etc/sudoers.d/kolla_swift_sudoers \ diff --git a/docker/trove/trove-base/Dockerfile.j2 b/docker/trove/trove-base/Dockerfile.j2 index be98dbb4ba..2a3c188805 100644 --- a/docker/trove/trove-base/Dockerfile.j2 +++ b/docker/trove/trove-base/Dockerfile.j2 @@ -21,7 +21,7 @@ RUN ln -s trove-base-source/* trove \ && {{ macros.install_pip(trove_base_pip_packages | customizable("pip_packages")) }} \ && mkdir -p /etc/trove \ && cp -r /trove/etc/trove/* /etc/trove/ \ - && cp /etc/pycadf/trove_api_audit_map.conf /etc/trove/ \ + && cp /var/lib/kolla/venv/etc/pycadf/trove_api_audit_map.conf /etc/trove/ \ && touch /usr/local/bin/kolla_trove_extend_start \ && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_trove_extend_start diff --git a/kolla/common/sources.py b/kolla/common/sources.py index e8da29f620..4488cad01f 100644 --- a/kolla/common/sources.py +++ b/kolla/common/sources.py @@ -15,10 +15,6 @@ 'type': 'url', 'location': ('$tarballs_base/openstack/requirements/' 'requirements-${openstack_branch}.tar.gz')}, - 'openstack-base-plugin-pycadf': { - 'type': 'url', - 'location': ('$tarballs_base/openstack/pycadf/' - 'pycadf-4.0.1.tar.gz')}, 'aodh-base': { 'type': 'url', 'location': ('$tarballs_base/openstack/aodh/'