kolla base目錄下Dockerfile.j2分析
這幾天在研究kolla製做鏡像的流程,記錄下對kolla項目中base目錄Dockerfile.j2閱讀過程。本質上base目錄下的Dockerfile.j2文件,對是yum 源的一些配置,從而使製做鏡像的流程中,
有一個共同的基準yun源。
FROM {{ base_image }}:{{ base_distro_tag }} MAINTAINER {{ maintainer }} {# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #} {# Specifics required such as homedir or shell are configured within the service specific image #} {%- for name, user in users | dictsort() %} {% if loop.first -%}RUN {% else %} && {% endif -%} groupadd --force --gid {{ user.gid }} {{ name }} \ && useradd -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }} {%- if not loop.last %} \{% endif -%} {%- endfor %} {#這是主要是增長一些用戶組和用戶,全部的用戶以一個RUN 命令進行下發建立的#} LABEL kolla_version="{{ kolla_version }}" {#已係統緩存的kolla版本進行取值,若是是用git下載的代碼,那麼這個值就會去成git裏面緩存的表明編號#} {% import "macros.j2" as macros with context %} {% block base_header %}{% endblock %} ENV KOLLA_BASE_DISTRO {{ base_distro }} {#引入環境變量#} ENV KOLLA_INSTALL_TYPE {{ install_type }} ENV KOLLA_INSTALL_METATYPE {{ install_metatype }} {#在安裝模式是二進制的狀況系,此處的值爲rdo方式#} #### Customize PS1 to be used with bash shell COPY kolla_bashrc /tmp/ RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc \ && cat /tmp/kolla_bashrc >> /root/.bashrc # PS1 var when used /bin/sh shell ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ " {#centos基礎鏡像會走這個流程分支#} {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} # For RPM Variants, enable the correct repositories - this should all be done # in the base image so repos are consistent throughout the system. This also # enables to provide repo overrides at a later date in a simple fashion if we # desire such functionality. I think we will :) RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); \ if [ $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ]; then \ echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; \ fi \ && cat /tmp/kolla_bashrc >> /etc/bashrc \ && sed -i 's|^\(override_install_langs=.*\)|# \1|' /etc/yum.conf {#獲取系統當前的發行版類型,是否是在支持的範圍內 awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); 這個shell腳本的做用就是來獲取 /etc/system-release文件中,大版本號的值,在線上環境上執行,該命令的值爲7 DISTRO_RELEASE = { 'centos': '7', 'rhel': '7', 'oraclelinux': '7', 'debian': '8', 'ubuntu': '16.04', } supported_distro_release的值時在 create_dockerfiles函數中獲取的,這個值時數字7,8,16.04三個中的一個 #} {% block base_yum_conf %} RUN echo centos >> /etc/yum/vars/contentdir {#此處對yum_conf文件進行設置,從而對全部的yum倉庫都有效#} {% endblock %} #### BEGIN REPO ENABLEMENT(實現) {% set base_yum_repo_files = [ 'elasticsearch.repo', 'grafana.repo', 'influxdb.repo', 'kibana.yum.repo', 'MariaDB.repo', 'td.repo', 'zookeeper.repo' ] %} #在不啓動自定義repo的狀況下,此處是生效的,若是設置自定義的repo,那麼此處不生效,根據自定義的repo配置進行拷貝 {%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %} COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }} {%- endfor %} {% set base_yum_url_packages = [ 'http://repo.percona.com/release/7/RPMS/x86_64/percona-release-0.1-4.noarch.rpm' {#此處是下載percona的repo yum倉庫,noarch.rpm中包含有gpg-key文件,安裝這個文件 自動把gpg-key放到規定的/etc/pki-grp目錄下,percona的repo倉庫也自動在/etc/repo.yum目錄下 實測這個地址有是有效的,可以找到這個文件#} ] %} {{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }} {#此處是引用宏文件裏面的install_packages宏,進行rpm的安裝#} {#此處是獲取yum_repop的gpg-key文件#} {% set base_yum_repo_keys = [ 'http://yum.mariadb.org/RPM-GPG-KEY-MariaDB',#實測這個文件能夠直接下載 '/etc/pki/rpm-gpg/RPM-GPG-KEY-Percona ',#在上一步安裝過程當中,這個文件已經在該目錄下了 'https://packages.elastic.co/GPG-KEY-elasticsearch', #實測這個文件能夠直接下載下來 'https://repos.influxdata.com/influxdb.key', #實測這個文件能夠下載下來 'https://packagecloud.io/gpg.key',#實測這個文件能夠下載下來 'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',#實測這個地址是直接打開一個網站,網站的內容是gpp內容,而不會下載該gpg-key文件 'https://packages.treasuredata.com/GPG-KEY-td-agent'#實測這個文件能夠直接下載 ] %} {#此處是把下載的gpg-key文件進行導入,爲之後的rpm安裝作簽名準備,若是是本地yum源的話,這一步是能夠不用作得,對 https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana這個GPG-KEY會有文件,最好是把該網頁的內容,保存到一個GPG-KEY文件中#} {%- for key in base_yum_repo_keys | customizable('yum_repo_keys') %} {%- if loop.first %}RUN {% else %} && {% endif -%} rpm --import {{ key }} {%- if not loop.last %} \{% endif %} {% endfor -%} #binary安裝方式install_metatype是rdo,source安裝方式是mixed(混合的),centos基礎鏡像只有這兩種方式 {% if install_metatype in ['rdo', 'mixed'] %} {% for cmd in rpm_setup %} {{ cmd }} {% endfor %} {% endif %} {# endif for repo setup for all RHEL except RHEL OSP #} {#RHOS是一種openstack安裝方式,是redhat openstack的縮寫,猜想是redhat開發的一種安裝方式#} {% if install_metatype == 'rhos' %} #對於centos系統來講,這個是能夠rhos的內容是能夠註釋掉的 # Turn on the RHOS 7.0 repo for RHOS RUN yum-config-manager --enable rhel-7-server-rpms \ && yum-config-manager --enable rhel-7-server-openstack-7.0-rpms {% endif %} #以下的內容都是對centos基礎鏡像進行設置的 #************************************ {% if base_distro == 'centos' %} {#默認狀況下,安裝完centos系統之後,在/etc/pki/rpm-gpg/目錄下只會有以下的gpg-key ()[root@4059a1c2f42c /]# cd /etc/pki/rpm-gpg/ ()[root@4059a1c2f42c rpm-gpg]# ls RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-Debug-7 RPM-GPG-KEY-CentOS-Testing-7 #} RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 {% set base_centos_yum_repo_keys = [ '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud',#這三個key實際查看是沒有這三個gpk-key的 '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage', '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization' ] %} #設置centos yum源倉庫包 {% set base_centos_yum_repo_packages = [ 'epel-release ', 'yum-plugin-priorities',# 'centos-release-ceph-jewel',執行完centos-release-openstack-ocata之後,在執行這個命令,提示已經安裝 'centos-release-openstack-ocata', 'centos-release-qemu-ev' ] %} #安裝上一步的base_centos_yum_repo_packages的repo倉庫 爲執行安裝命令以前的內容 ()[root@4059a1c2f42c yum.repos.d]# ls xxx-centos-openstack-ocata.repo xxx-ceph.repo xxx-epel.repo xxx-qemu-ev.repo xxx-centos.repo xxx-elasticsearch.repo xxx-mariadb.repo xxx-td.repo 執行完安裝命令之後 ()[root@4059a1c2f42c yum.repos.d]# ls CentOS-Ceph-Jewel.repo CentOS-Storage-common.repo xxx-centos-openstack-ocata.repo xxx-elasticsearch.repo xxx-qemu-ev.repo CentOS-OpenStack-ocata.repo epel.repo xxx-centos.repo xxx-epel.repo xxx-td.repo CentOS-QEMU-EV.repo epel-testing.repo xxx-ceph.repo xxx-mariadb.repo ()[root@4059a1c2f42c yum.repos.d]# pwd 執行的命令 5 yum install -y epel-release 6 ls 7 yum install yum-plugin-priorities -y 8 ls 9 yum install centos-release-openstack-ocata -y 10 ls 11 yum install centos-release-qemu-ev -y /etc/pki/rpm-gpg目錄下的變化 ()[root@4059a1c2f42c yum.repos.d]# cd /etc/pki/rpm-gpg/ ()[root@4059a1c2f42c rpm-gpg]# ls RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-SIG-Cloud RPM-GPG-KEY-CentOS-SIG-Virtualization RPM-GPG-KEY-EPEL-7 RPM-GPG-KEY-CentOS-Debug-7 RPM-GPG-KEY-CentOS-SIG-Storage RPM-GPG-KEY-CentOS-Testing-7 ()[root@4059a1c2f42c rpm-gpg]# pwd /etc/pki/rpm-gpg {{ macros.install_packages(base_centos_yum_repo_packages | customizable("yum_centos_repo_packages")) }} {% for key in base_centos_yum_repo_keys | customizable('yum_centos_repo_keys') %} {%- if loop.first %}RUN {% else %} && {% endif -%} rpm --import {{ key }} \ {% endfor -%} {%- if base_centos_yum_repo_keys|length ==0 %}RUN {% else %} && {% endif -%} yum clean all {% endif %} {# Endif for base_distro centos #} #****************************************** #以下內容是對redhat基礎鏡像的設置 {% if base_distro == 'rhel' %} #安裝redhat的epel yum源倉庫 {% block base_rhel_package_installation %} # Enable couple required repositories for all RHEL builds # Turn on EPEL throughout the build #實際測試 https://dl.fedoraproject.org/pub/epel/這個網站能打開,有epel-release-latest-7.noarch.rpm包 RUN yum -y install \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \ && yum-config-manager --enable rhel-7-server-optional-rpms \ && yum -y install \ yum-plugin-priorities \ && yum clean all \ && yum-config-manager --enable rhel-7-server-extras-rpms {% endblock %} {% endif %} {# Endif for base_distro RHEL #} #******************************************* 如下內容是對oraclelinux 基礎鏡像的設置 {% if base_distro == 'oraclelinux' %} {% block base_oraclelinux_package_installation %} #拷貝base目錄下的oraclelinux-extras.repo文件到容器/etc/yum.repos.d/中 COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo RUN yum -y install \ tar \ yum-utils \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ #安裝epel源,實測有這個rpm包,能打開網站 && rpm -Uvh --nodeps \#以下的5個rpm在該網站都存在,這些都是repo yum倉庫的壓縮文件,包含了gpg-key文件 http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-openstack-ocata-1-2.el7.noarch.rpm \ http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-ceph-jewel-1.0-1.el7.centos.noarch.rpm \ http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-qemu-ev-1.0-2.el7.noarch.rpm \ http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm \ http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-storage-common-1-2.el7.centos.noarch.rpm \ && sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS-*.repo \ #統一把repo文件中的$releasever內容更換爲7 && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \ && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage \ && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization \ && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud \ && yum-config-manager --enable ol7_optional_latest ol7_addons \ && yum -y install \ yum-plugin-priorities \ && yum clean all {% endblock %} {% endif %} {# Endif for base_distro oraclelinux #} #http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/這個網站能打開, #************************************* #### END REPO ENABLEMENT {# We are back to the basic if conditional here which is: #咱們回到基本的if條件這裏是 if base_distro in ['centos', 'oraclelinux', 'rhel'] #} {% block base_redhat_binary_versionlock %}{% endblock %} {% if install_type == 'binary' %} {% set base_centos_binary_packages = [ 'sudo', 'which', 'python', 'lvm2', 'scsi-target-utils', 'iproute', 'iscsi-initiator-utils' ] %} # Install base packages {{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }} {% endif %} {# Endif for install_type binary #} {% if install_type == 'source' %} {% set base_centos_source_packages = [ 'curl', 'sudo', 'tar', 'which', 'lvm2', 'scsi-target-utils', 'iproute', 'iscsi-initiator-utils' ] %} # Update packages {{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }} {% endif %} {# endif for install type is source for RPM based distros #} {# endif for base_distro centos,oraclelinux,rhel #} #******************************************************************************** #如下是對基礎鏡像發佈版本是ubantu,debian的設置 {% elif base_distro in ['ubuntu', 'debian'] %} #判斷系統的發行版本號是否符合要求 RUN if [ $(awk -F '=' '/DISTRIB_RELEASE/{print $2}' /etc/lsb-release) != "{{ supported_distro_release }}" ]; then \ echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; fi # Customize PS1 bash shell RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc # This will prevent questions from being asked during the install ENV DEBIAN_FRONTEND noninteractive # Reducing disk footprint COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint {% block base_ubuntu_package_pre %} # Need apt-transport-https and ca-certificates before replacing sources.list or # apt-get update will not work if any repositories are accessed via HTTPS #安裝https及認證包,從而支持https RUN apt-get update \ && apt-get -y install --no-install-recommends apt-transport-https ca-certificates \ && apt-get clean {% endblock %} {% block base_ubuntu_package_sources_list %} #拷貝base目錄下的sources.list.debian或者sources.list.ubuntu COPY sources.list.{{ base_distro }} /etc/apt/sources.list {% endblock %} {% block base_ubuntu_package_apt_preferences %} #拷貝base目錄下的apt_preferences.debian,apt_preferences.ubuntu COPY apt_preferences.{{ base_distro }} /etc/apt/preferences {% endblock %} {% set base_apt_packages = [ 'apt-utils', 'curl', 'gawk', 'iproute2', 'kmod', 'lvm2', 'open-iscsi', 'python', 'sudo', 'tgt'] %} {% if base_distro == 'ubuntu' %} #對ubantu系統的key進行設置 {# 05CE15085FC09D18E99EFB22684A14CF2582E0C5 -- InfluxDB Packaging Service <support@influxdb.com> #} {# 177F4010FE56CA3336300305F1656F24C74CD1D8 -- MariaDB Signing Key <signing-key@mariadb.org> #} {# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #} {# 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB -- packagecloud ops (production key) <ops@packagecloud.io> #} {# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #} {# 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -- Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> #} {# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #} {# 901F9177AB97ACBE -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #} {% set base_apt_keys = [ '05CE15085FC09D18E99EFB22684A14CF2582E0C5', '177F4010FE56CA3336300305F1656F24C74CD1D8', '391A9AA2147192839E9DB0315EDB1B62EC4926EA', '418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB', '46095ACC8548582C1A2699A9D27D666CD88E42B4', '4D1BB29D63D98E422B2113B19334A25F8507EFA5', '58118E89F3A912897C070ADBF76221572C52609D', '901F9177AB97ACBE', ] %} {% elif base_distro == 'debian' %} {% set base_apt_keys = [ '58118E89F3A912897C070ADBF76221572C52609D', '0xcbcb082a1bb943db', 'D27D666CD88E42B4', '05CE15085FC09D18E99EFB22684A14CF2582E0C5', '418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB', '901F9177AB97ACBE', ] %} {% set base_apt_packages = base_apt_packages + ['sudo',] %} {% endif %} #對ubantu系統包的安裝 {% block base_ubuntu_package_installation %} {%- block base_ubuntu_package_key_installation %} #對key的導入 {%- for key in base_apt_keys | customizable('apt_keys') %} {%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }} {%- if not loop.last %} \ {% endif -%} {% endfor %} {% endblock %} #在ubantu下,對包的安裝 RUN apt-get update \ && apt-get -y upgrade \ && apt-get -y dist-upgrade \ && apt-get -y install --no-install-recommends \ {%- for package in base_apt_packages | customizable('apt_packages') %} {{ package }} \ {%- endfor %} && apt-get clean {% endblock %} {% if base_distro == 'ubuntu' %} RUN sed -i \ -e "s|\('purelib': '\$base/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \ -e "s|\('platlib': '\$platbase/\)local/\(lib/python\$py_version_short/dist-packages',\)|\1\2|" \ -e "s|\('headers': '\$base/\)local/\(include/python\$py_version_short/\$dist_name',\)|\1\2|" \ -e "s|\('scripts': '\$base/\)local/\(bin',\)|\1\2|" \ -e "s|\('data' : '\$base\)/local\(',\)|\1\2|" \ /usr/lib/python2.7/distutils/command/install.py \ && rm -rf /usr/lib/python2.7/site-packages \ && ln -s dist-packages /usr/lib/python2.7/site-packages {% endif %} {# endif for base_distro ubuntu, debian #} {% endif %} #**************************************** #對基礎鏡像的設置總共分爲兩部分,一類是yum類型的系統,一類是deb類型的系統,整體框架上就是一個if elseif 語句 COPY set_configs.py /usr/local/bin/kolla_set_configs COPY start.sh /usr/local/bin/kolla_start COPY sudoers /etc/sudoers COPY curlrc /root/.curlrc {% block dumb_init_installation %} #實際測試https://github.com/Yelp/dumb-init/releases/download/v1.1.3/這個網站是不存在的,這些須要進行實際的設置 #容器初始化工具-Dumb-Init #容器化環境中,每每直接運行應用程序,而缺乏初始化系統(如systemd、sysvinit等)。 #這可能須要應用程序來處理系統信號,接管子進程,進而致使容器沒法中止、產生殭屍進程等問題。 #dumb-init旨在模擬初始化系統功能,避免上述問題的發生 RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.1.3/dumb-init_1.1.3_amd64 -o /usr/local/bin/dumb-init \ && chmod +x /usr/local/bin/dumb-init {% endblock %} RUN touch /usr/local/bin/kolla_extend_start \ && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs \ && chmod 440 /etc/sudoers \ && mkdir -p /var/log/kolla \ && chown :kolla /var/log/kolla \ && chmod 2775 /var/log/kolla \ && rm -f /tmp/kolla_bashrc {% block base_footer %}{% endblock %} CMD ["kolla_start"]
相關文章
- 1. OpenStack Kolla源碼分析–Ansible
- 2. 管理2000+Docker鏡像,Kolla是如何作到的
- 3. Inside Kolla - 05 從 tools 目錄開始
- 4. kolla-ansible解析
- 5. Ussuri版Kolla-ansbile源碼分析
- 6. uboot目錄分析
- 7. BASE和ACID對比分析
- 8. Kolla 讓 OpenStack 部署更貼心
- 9. nginx源碼分析_目錄分析(二)
- 10. kolla管理openstack容器
- 更多相關文章...
- • Mozilla 項目 - 瀏覽器信息
- • Spring目錄結構和基礎JAR包介紹 - Spring教程
- • Git五分鐘教程
- • 算法總結-二分查找法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
