diff --git a/docker/barbican/barbican-api/Dockerfile.j2 b/docker/barbican/barbican-api/Dockerfile.j2 new file mode 100644 index 0000000000..a15cbf52e6 --- /dev/null +++ b/docker/barbican/barbican-api/Dockerfile.j2 @@ -0,0 +1,24 @@ +FROM {{ namespace }}/{{ image_prefix }}barbican-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% import "macros.j2" as macros with context %} + +{% if install_type == 'binary' %} + {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} + {% set barbican_api_packages = ['openstack-barbican-api'] %} + {% elif base_distro in ['ubuntu'] %} + {% set barbican_api_packages = ['barbican-api'] %} + {% endif %} + +{{ macros.install_packages(barbican_api_packages | customizable("packages")) }} + +{% endif %} + +COPY extend_start.sh /usr/local/bin/kolla_barbican_extend_start + +RUN chmod 755 /usr/local/bin/kolla_barbican_extend_start + +{% block barbican_api_footer %}{% endblock %} +{% block footer %}{% endblock %} + +USER barbican diff --git a/docker/barbican/barbican-api/extend_start.sh b/docker/barbican/barbican-api/extend_start.sh new file mode 100755 index 0000000000..c541d0343e --- /dev/null +++ b/docker/barbican/barbican-api/extend_start.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases +# of the KOLLA_BOOTSTRAP variable being set, including empty. +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + barbican-db-manage upgrade + exit 0 +fi diff --git a/docker/barbican/barbican-base/Dockerfile.j2 b/docker/barbican/barbican-base/Dockerfile.j2 new file mode 100644 index 0000000000..4843ffee0f --- /dev/null +++ b/docker/barbican/barbican-base/Dockerfile.j2 @@ -0,0 +1,43 @@ +FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% import "macros.j2" as macros with context %} + +{% if install_type == 'binary' %} + {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} + {% set barbican_base_packages = ['openstack-barbican-common'] %} + {% elif base_distro in ['ubuntu'] %} + {% set barbican_base_packages = ['barbican-common'] %} + {% endif %} + +{{ macros.install_packages(barbican_base_packages | customizable("packages")) }} + +{% elif install_type == 'source' %} + {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} + {% set barbican_base_packages = ['uwsgi-plugin-python'] %} + {% elif base_distro in ['ubuntu'] %} + {% set barbican_base_packages = ['uwsgi-plugin-python'] %} + {% endif %} + +{{ macros.install_packages(barbican_base_packages | customizable("packages")) }} + +ADD barbican-base-archive /barbican-base-source +RUN ln -s barbican-base-source/* barbican \ + && useradd --user-group barbican \ + && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt pastedeploy uwsgi MySQL-python python-barbicanclient /barbican \ + && mkdir -p /etc/barbican /var/log/barbican /home/barbican /var/lib/barbican \ + && cp -r /barbican/etc/barbican/* /etc/barbican/ \ + && chown -R barbican: /etc/barbican /var/log/barbican /home/barbican /var/lib/barbican + +{% endif %} + +COPY barbican_sudoers /etc/sudoers.d/kolla_barbican_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN usermod -a -G kolla barbican \ + && chmod 750 /etc/sudoers.d \ + && chmod 640 /etc/sudoers.d/kolla_barbican_sudoers \ + && touch /usr/local/bin/kolla_barbican_extend_start \ + && chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_barbican_extend_start + +{% block barbican_base_footer %}{% endblock %} diff --git a/docker/barbican/barbican-base/barbican_sudoers b/docker/barbican/barbican-base/barbican_sudoers new file mode 100644 index 0000000000..26ae4710ea --- /dev/null +++ b/docker/barbican/barbican-base/barbican_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican\: /var/lib/barbican/, /bin/chown -R barbican\: /var/lib/barbican/ diff --git a/docker/barbican/barbican-base/extend_start.sh b/docker/barbican/barbican-base/extend_start.sh new file mode 100755 index 0000000000..16b41ad09c --- /dev/null +++ b/docker/barbican/barbican-base/extend_start.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# Create log dir for Barbican logs +LOG_DIR="/var/log/kolla/barbican" +if [[ ! -d "${LOG_DIR}" ]]; then + mkdir -p ${LOG_DIR} +fi +if [[ $(stat -c %U:%G ${LOG_DIR}) != "barbican:kolla" ]]; then + chown barbican:kolla ${LOG_DIR} +fi +if [[ $(stat -c %a ${LOG_DIR}) != "755" ]]; then + chmod 755 ${LOG_DIR} +fi + +. /usr/local/bin/kolla_barbican_extend_start diff --git a/docker/barbican/barbican-keystone-listener/Dockerfile.j2 b/docker/barbican/barbican-keystone-listener/Dockerfile.j2 new file mode 100644 index 0000000000..d25d144f31 --- /dev/null +++ b/docker/barbican/barbican-keystone-listener/Dockerfile.j2 @@ -0,0 +1,20 @@ +FROM {{ namespace }}/{{ image_prefix }}barbican-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% import "macros.j2" as macros with context %} + +{% if install_type == 'binary' %} + {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} + {% set barbican_keystone_listener_packages = ['openstack-barbican-keystone-listener'] %} + {% elif base_distro in ['ubuntu'] %} + {% set barbican_keystone_listener_packages = ['barbican-keystone-listener'] %} + {% endif %} + +{{ macros.install_packages(barbican_keystone_listener_packages | customizable("packages")) }} + +{% endif %} + +{% block barbican_keystone_listener_footer %}{% endblock %} +{% block footer %}{% endblock %} + +USER barbican diff --git a/docker/barbican/barbican-worker/Dockerfile.j2 b/docker/barbican/barbican-worker/Dockerfile.j2 new file mode 100644 index 0000000000..1d648ce254 --- /dev/null +++ b/docker/barbican/barbican-worker/Dockerfile.j2 @@ -0,0 +1,20 @@ +FROM {{ namespace }}/{{ image_prefix }}barbican-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% import "macros.j2" as macros with context %} + +{% if install_type == 'binary' %} + {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} + {% set barbican_worker_packages = ['openstack-barbican-worker'] %} + {% elif base_distro in ['ubuntu'] %} + {% set barbican_worker_packages = ['barbican-worker'] %} + {% endif %} + +{{ macros.install_packages(barbican_worker_packages | customizable("packages")) }} + +{% endif %} + +{% block barbican_worker_footer %}{% endblock %} +{% block footer %}{% endblock %} + +USER barbican diff --git a/kolla/common/config.py b/kolla/common/config.py index 9de8a8198b..855805a703 100644 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -173,6 +173,10 @@ SOURCES = { 'type': 'url', 'location': ('http://tarballs.openstack.org/aodh/' 'aodh-master.tar.gz')}, + 'barbican-base': { + 'type': 'url', + 'location': ('http://tarballs.openstack.org/barbican/' + 'barbican-master.tar.gz')}, 'bifrost-base': { 'type': 'url', 'location': ('http://tarballs.openstack.org/bifrost/'