| FROM ubuntu:jammy-20240227 AS ubuntu |
| LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere |
| |
| FROM ubuntu AS helm |
| ARG TARGETOS |
| ARG TARGETARCH |
| ARG HELM_VERSION=3.14.0 |
| ADD https://get.helm.sh/helm-v${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /helm.tar.gz |
| RUN tar -xzf /helm.tar.gz |
| RUN mv /${TARGETOS}-${TARGETARCH}/helm /usr/bin/helm |
| |
| FROM ubuntu AS ubuntu-cloud-archive |
| ADD --chmod=644 https://git.launchpad.net/ubuntu/+source/ubuntu-keyring/plain/keyrings/ubuntu-cloud-keyring.gpg /etc/apt/trusted.gpg.d/ubuntu-cloud-keyring.gpg |
| ARG RELEASE |
| RUN <<EOF bash -xe |
| source /etc/os-release |
| if [ "\${VERSION_CODENAME}" = "jammy" ]; then \ |
| if [ "${RELEASE}" = "yoga" ]; then \ |
| # NOTE: Yoga shipped with 22.04, so no need to add an extra repository. |
| echo "" > /etc/apt/sources.list.d/cloudarchive.list; \ |
| elif [ "${RELEASE}" = "zed" ]; then \ |
| echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/${RELEASE} main" > /etc/apt/sources.list.d/cloudarchive.list; \ |
| elif [ "${RELEASE}" = "2023.1" ]; then \ |
| echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/antelope main" > /etc/apt/sources.list.d/cloudarchive.list; \ |
| elif [ "${RELEASE}" = "2023.2" ]; then \ |
| echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/bobcat main" > /etc/apt/sources.list.d/cloudarchive.list; \ |
| elif [ "${RELEASE}" = "master" ]; then \ |
| echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu \${VERSION_CODENAME}-updates/caracal main" > /etc/apt/sources.list.d/cloudarchive.list; \ |
| else \ |
| echo "${RELEASE} is not supported on \${VERSION_CODENAME}"; \ |
| exit 1; \ |
| fi; \ |
| else |
| echo "Unsupported release"; \ |
| exit 1; \ |
| fi |
| EOF |
| |
| FROM alpine/git AS requirements |
| ARG BRANCH |
| ADD https://opendev.org/openstack/requirements.git#${BRANCH} /src |
| RUN <<EOF sh -xe |
| sed -i 's/cryptography===36.0.2/cryptography===42.0.4/' /src/upper-constraints.txt |
| sed -i 's/cryptography===40.0.2/cryptography===42.0.4/' /src/upper-constraints.txt |
| sed -i 's/cryptography===41.0.7/cryptography===42.0.4/' /src/upper-constraints.txt |
| sed -i 's/Django===3.2.18/Django===3.2.24/' /src/upper-constraints.txt |
| sed -i 's/Flask===2.2.3/Flask===2.2.5/' /src/upper-constraints.txt |
| sed -i 's/Jinja2===3.1.2/Jinja2===3.1.3/' /src/upper-constraints.txt |
| sed -i 's/oauthlib===3.2.0/oauthlib===3.2.2/' /src/upper-constraints.txt |
| sed -i 's/paramiko===2.11.0/paramiko===3.4.0/' /src/upper-constraints.txt |
| sed -i 's/paramiko===3.1.0/paramiko===3.4.0/' /src/upper-constraints.txt |
| sed -i 's/protobuf===4.21.5/protobuf===4.21.6/' /src/upper-constraints.txt |
| sed -i 's/pyOpenSSL===22.0.0/pyOpenSSL===24.0.0/' /src/upper-constraints.txt |
| sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===24.0.0/' /src/upper-constraints.txt |
| sed -i 's/requests===2.28.1/requests===2.31.0/' /src/upper-constraints.txt |
| sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt |
| sed -i 's/sqlparse===0.4.2/sqlparse===0.4.4/' /src/upper-constraints.txt |
| sed -i 's/urllib3===1.26.12/urllib3===1.26.18/' /src/upper-constraints.txt |
| sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt |
| sed -i 's/Werkzeug===2.2.2/Werkzeug===2.3.8/' /src/upper-constraints.txt |
| sed -i 's/Werkzeug===2.2.3/Werkzeug===2.3.8/' /src/upper-constraints.txt |
| sed -i 's/zstd===1.5.2.5/zstd===1.5.4.0/' /src/upper-constraints.txt |
| sed -i '/glance-store/d' /src/upper-constraints.txt |
| sed -i '/horizon/d' /src/upper-constraints.txt |
| EOF |
| |
| FROM ubuntu-cloud-archive AS openstack-venv-builder |
| RUN <<EOF bash -xe |
| apt-get update -qq |
| apt-get install -qq -y --no-install-recommends \ |
| build-essential \ |
| git \ |
| libldap2-dev \ |
| libpcre3-dev \ |
| libsasl2-dev \ |
| libssl-dev \ |
| lsb-release \ |
| openssh-client \ |
| python3 \ |
| python3-dev \ |
| python3-pip \ |
| python3-venv |
| EOF |
| RUN <<EOF bash -xe |
| python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack |
| EOF |
| ENV PATH=/var/lib/openstack/bin:$PATH |
| COPY --link --from=requirements /src/upper-constraints.txt /upper-constraints.txt |
| RUN <<EOF bash -xe |
| pip3 install \ |
| --constraint /upper-constraints.txt \ |
| cryptography \ |
| pymysql \ |
| python-binary-memcached \ |
| python-memcached \ |
| uwsgi |
| EOF |
| |
| FROM ubuntu-cloud-archive AS openstack-runtime |
| RUN <<EOF bash -xe |
| apt-get update -qq |
| apt-get install -qq -y --no-install-recommends \ |
| ca-certificates \ |
| libpython3.10 \ |
| lsb-release \ |
| python3-distutils \ |
| sudo |
| EOF |
| ARG PROJECT |
| ARG SHELL=/usr/sbin/nologin |
| RUN \ |
| groupadd -g 42424 ${PROJECT} && \ |
| useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s ${SHELL} -c "${PROJECT} User" ${PROJECT} && \ |
| mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} && \ |
| chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/cache/${PROJECT} |
| ENV PATH=/var/lib/openstack/bin:$PATH |
| |
| FROM alpine/git AS barbican-src |
| ARG BARBICAN_GIT_REF |
| ADD --keep-git-dir=true https://opendev.org/openstack/barbican.git#${BARBICAN_GIT_REF} /src |
| RUN git -C /src fetch --unshallow |
| |
| FROM openstack-venv-builder AS barbican-build |
| COPY --from=barbican-src --link /src /src/barbican |
| RUN <<EOF bash -xe |
| pip3 install \ |
| --constraint /upper-constraints.txt \ |
| /src/barbican \ |
| pykmip |
| EOF |
| |
| FROM openstack-runtime AS barbican |
| COPY --from=barbican-build --link /var/lib/openstack /var/lib/openstack |
| |
| FROM alpine/git AS magnum-src |
| ARG MAGNUM_GIT_REF |
| ADD --keep-git-dir=true https://opendev.org/openstack/magnum.git#${MAGNUM_GIT_REF} /src |
| RUN git -C /src fetch --unshallow |
| ARG RELEASE |
| COPY patches/${RELEASE}/magnum /patches |
| RUN if [ -n "$(ls -A /patches/*.patch)" ]; then git -C /src apply --verbose /patches/*; fi |
| |
| FROM openstack-venv-builder AS magnum-build |
| COPY --from=magnum-src --link /src /src/magnum |
| RUN <<EOF bash -xe |
| pip3 install \ |
| --constraint /upper-constraints.txt \ |
| /src/magnum \ |
| magnum-cluster-api==0.16.0 |
| EOF |
| |
| FROM openstack-runtime AS magnum |
| RUN <<EOF bash -xe |
| apt-get update -qq |
| apt-get install -qq -y --no-install-recommends \ |
| haproxy |
| apt-get clean |
| rm -rf /var/lib/apt/lists/* |
| EOF |
| COPY --from=helm --link /usr/bin/helm /usr/local/bin/helm |
| COPY --from=magnum-build --link /var/lib/openstack /var/lib/openstack |