FROM {{ base_image }}:{{ base_distro_tag }}
MAINTAINER {{ maintainer }}
{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %} && {% endif -%}
groupadd --force --gid {{ user.gid }} {{ name }}
&& useradd -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
{%- if not loop.last %} {% endif -%}
{%- endfor %}
{#这是主要是增加一些用户组和用户,所有的用户以一个RUN 命令进行下发创建的#}
LABEL kolla_version="{{ kolla_version }}"
{#已系统缓存的kolla版本进行取值,如果是用git下载的代码,那么这个值就会去成git里面缓存的代表编号#}
{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}
ENV KOLLA_BASE_DISTRO {{ base_distro }} {#引入环境变量#}
ENV KOLLA_INSTALL_TYPE {{ install_type }}
ENV KOLLA_INSTALL_METATYPE {{ install_metatype }} {#在安装模式是二进制的情况系,此处的值为rdo方式#}
#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc
&& cat /tmp/kolla_bashrc >> /root/.bashrc
# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
{#centos基础镜像会走这个流程分支#}
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system. This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality. I think we will :)
RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release);
if [ $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ]; then
echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false;
fi
&& cat /tmp/kolla_bashrc >> /etc/bashrc
&& sed -i 's|^(override_install_langs=.*)|# 1|' /etc/yum.conf
{#获取系统当前的发行版类型,是不是在支持的范围内
awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release);
这个shell脚本的作用就是来获取 /etc/system-release文件中,大版本号的值,在线上环境上执行,该命令的值为7
DISTRO_RELEASE = {
'centos': '7',
'rhel': '7',
'oraclelinux': '7',
'debian': '8',
'ubuntu': '16.04',
}
supported_distro_release的值时在 create_dockerfiles函数中获取的,这个值时数字7,8,16.04三个中的一个
#}
{% block base_yum_conf %}
RUN echo centos >> /etc/yum/vars/contentdir
{#此处对yum_conf文件进行设置,从而对所有的yum仓库都有效#}
{% endblock %}
#### BEGIN REPO ENABLEMENT(实现)
{% set base_yum_repo_files = [
'elasticsearch.repo',
'grafana.repo',
'influxdb.repo',
'kibana.yum.repo',
'MariaDB.repo',
'td.repo',
'zookeeper.repo'
] %}
#在不启动自定义repo的情况下,此处是生效的,如果设置自定义的repo,那么此处不生效,根据自定义的repo配置进行拷贝
{%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}
{% set base_yum_url_packages = [
'http://repo.percona.com/release/7/RPMS/x86_64/percona-release-0.1-4.noarch.rpm'
{#此处是下载percona的repo yum仓库,noarch.rpm中包含有gpg-key文件,安装这个文件
自动把gpg-key放到规定的/etc/pki-grp目录下,percona的repo仓库也自动在/etc/repo.yum目录下
实测这个地址有是有效的,能够找到这个文件#}
] %}
{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
{#此处是引用宏文件里面的install_packages宏,进行rpm的安装#}
{#此处是获取yum_repop的gpg-key文件#}
{% set base_yum_repo_keys = [
'http://yum.mariadb.org/RPM-GPG-KEY-MariaDB',#实测这个文件可以直接下载
'/etc/pki/rpm-gpg/RPM-GPG-KEY-Percona ',#在上一步安装过程中,这个文件已经在该目录下了
'https://packages.elastic.co/GPG-KEY-elasticsearch', #实测这个文件可以直接下载下来
'https://repos.influxdata.com/influxdb.key', #实测这个文件可以下载下来
'https://packagecloud.io/gpg.key',#实测这个文件可以下载下来
'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',#实测这个地址是直接打开一个网站,网站的内容是gpp内容,而不会下载该gpg-key文件
'https://packages.treasuredata.com/GPG-KEY-td-agent'#实测这个文件可以直接下载
] %}
{#此处是把下载的gpg-key文件进行导入,为以后的rpm安装做签名准备,如果是本地yum源的话,这一步是可以不用做得,对
https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana这个GPG-KEY会有文件,最好是把该网页的内容,保存到一个GPG-KEY文件中#}
{%- for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{%- if not loop.last %} {% endif %}
{% endfor -%}
#binary安装方式install_metatype是rdo,source安装方式是mixed(混合的),centos基础镜像只有这两种方式
{% if install_metatype in ['rdo', 'mixed'] %}
{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}
{% endif %}
{# endif for repo setup for all RHEL except RHEL OSP #}
{#RHOS是一种openstack安装方式,是redhat openstack的缩写,猜测是redhat开发的一种安装方式#}
{% if install_metatype == 'rhos' %}
#对于centos系统来说,这个是可以rhos的内容是可以注释掉的
# Turn on the RHOS 7.0 repo for RHOS
RUN yum-config-manager --enable rhel-7-server-rpms
&& yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
{% endif %}
#如下的内容都是对centos基础镜像进行设置的
#************************************
{% if base_distro == 'centos' %}
{#默认情况下,安装完centos系统以后,在/etc/pki/rpm-gpg/目录下只会有如下的gpg-key
()[root@4059a1c2f42c /]# cd /etc/pki/rpm-gpg/
()[root@4059a1c2f42c rpm-gpg]# ls
RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-Debug-7 RPM-GPG-KEY-CentOS-Testing-7
#}
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
{% set base_centos_yum_repo_keys = [
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud',#这三个key实际查看是没有这三个gpk-key的
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization'
] %}
#设置centos yum源仓库包
{% set base_centos_yum_repo_packages = [
'epel-release ',
'yum-plugin-priorities',#
'centos-release-ceph-jewel',执行完centos-release-openstack-ocata以后,在执行这个命令,提示已经安装
'centos-release-openstack-ocata',
'centos-release-qemu-ev'
] %}
#安装上一步的base_centos_yum_repo_packages的repo仓库
为执行安装命令之前的内容
()[root@4059a1c2f42c yum.repos.d]# ls
xxx-centos-openstack-ocata.repo xxx-ceph.repo xxx-epel.repo xxx-qemu-ev.repo
xxx-centos.repo xxx-elasticsearch.repo xxx-mariadb.repo xxx-td.repo
执行完安装命令以后
()[root@4059a1c2f42c yum.repos.d]# ls
CentOS-Ceph-Jewel.repo CentOS-Storage-common.repo xxx-centos-openstack-ocata.repo xxx-elasticsearch.repo xxx-qemu-ev.repo
CentOS-OpenStack-ocata.repo epel.repo xxx-centos.repo xxx-epel.repo xxx-td.repo
CentOS-QEMU-EV.repo epel-testing.repo xxx-ceph.repo xxx-mariadb.repo
()[root@4059a1c2f42c yum.repos.d]# pwd
执行的命令
5 yum install -y epel-release
6 ls
7 yum install yum-plugin-priorities -y
8 ls
9 yum install centos-release-openstack-ocata -y
10 ls
11 yum install centos-release-qemu-ev -y
/etc/pki/rpm-gpg目录下的变化
()[root@4059a1c2f42c yum.repos.d]# cd /etc/pki/rpm-gpg/
()[root@4059a1c2f42c rpm-gpg]# ls
RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-SIG-Cloud RPM-GPG-KEY-CentOS-SIG-Virtualization RPM-GPG-KEY-EPEL-7
RPM-GPG-KEY-CentOS-Debug-7 RPM-GPG-KEY-CentOS-SIG-Storage RPM-GPG-KEY-CentOS-Testing-7
()[root@4059a1c2f42c rpm-gpg]# pwd
/etc/pki/rpm-gpg
{{ macros.install_packages(base_centos_yum_repo_packages | customizable("yum_centos_repo_packages")) }}
{% for key in base_centos_yum_repo_keys | customizable('yum_centos_repo_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{% endfor -%}
{%- if base_centos_yum_repo_keys|length ==0 %}RUN {% else %} && {% endif -%}
yum clean all
{% endif %}
{# Endif for base_distro centos #}
#******************************************
#如下内容是对redhat基础镜像的设置
{% if base_distro == 'rhel' %}
#安装redhat的epel yum源仓库
{% block base_rhel_package_installation %}
# Enable couple required repositories for all RHEL builds
# Turn on EPEL throughout the build
#实际测试 https://dl.fedoraproject.org/pub/epel/这个网站能打开,有epel-release-latest-7.noarch.rpm包
RUN yum -y install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
&& yum-config-manager --enable rhel-7-server-optional-rpms
&& yum -y install
yum-plugin-priorities
&& yum clean all
&& yum-config-manager --enable rhel-7-server-extras-rpms
{% endblock %}
{% endif %}
{# Endif for base_distro RHEL #}
#*******************************************
以下内容是对oraclelinux 基础镜像的设置
{% if base_distro == 'oraclelinux' %}
{% block base_oraclelinux_package_installation %}
#拷贝base目录下的oraclelinux-extras.repo文件到容器/etc/yum.repos.d/中
COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo
RUN yum -y install
tar
yum-utils
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm #安装epel源,实测有这个rpm包,能打开网站
&& rpm -Uvh --nodeps #如下的5个rpm在该网站都存在,这些都是repo yum仓库的压缩文件,包含了gpg-key文件
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-openstack-ocata-1-2.el7.noarch.rpm
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-ceph-jewel-1.0-1.el7.centos.noarch.rpm
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-qemu-ev-1.0-2.el7.noarch.rpm
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm
http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-storage-common-1-2.el7.centos.noarch.rpm
&& sed -i 's/$releasever/7/g' /etc/yum.repos.d/CentOS-*.repo #统一把repo文件中的$releasever内容更换为7
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
&& yum-config-manager --enable ol7_optional_latest ol7_addons
&& yum -y install
yum-plugin-priorities
&& yum clean all
{% endblock %}
{% endif %}
{# Endif for base_distro oraclelinux #}
#http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/这个网站能打开,
#*************************************
#### END REPO ENABLEMENT
{# We are back to the basic if conditional here which is:
#我们回到基本的if条件这里是
if base_distro in ['centos', 'oraclelinux', 'rhel'] #}
{% block base_redhat_binary_versionlock %}{% endblock %}
{% if install_type == 'binary' %}
{% set base_centos_binary_packages = [
'sudo',
'which',
'python',
'lvm2',
'scsi-target-utils',
'iproute',
'iscsi-initiator-utils'
] %}
# Install base packages
{{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
{% endif %}
{# Endif for install_type binary #}
{% if install_type == 'source' %}
{% set base_centos_source_packages = [
'curl',
'sudo',
'tar',
'which',
'lvm2',
'scsi-target-utils',
'iproute',
'iscsi-initiator-utils'
] %}
# Update packages
{{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}
{% endif %}
{# endif for install type is source for RPM based distros #}
{# endif for base_distro centos,oraclelinux,rhel #}
#********************************************************************************
#以下是对基础镜像发布版本是ubantu,debian的设置
{% elif base_distro in ['ubuntu', 'debian'] %}
#判断系统的发行版本号是否符合要求
RUN if [ $(awk -F '=' '/DISTRIB_RELEASE/{print $2}' /etc/lsb-release) != "{{ supported_distro_release }}" ]; then
echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; fi
# Customize PS1 bash shell
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc
# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive
# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
{% block base_ubuntu_package_pre %}
# Need apt-transport-https and ca-certificates before replacing sources.list or
# apt-get update will not work if any repositories are accessed via HTTPS
#安装https及认证包,从而支持https
RUN apt-get update
&& apt-get -y install --no-install-recommends apt-transport-https ca-certificates
&& apt-get clean
{% endblock %}
{% block base_ubuntu_package_sources_list %}
#拷贝base目录下的sources.list.debian或者sources.list.ubuntu
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% endblock %}
{% block base_ubuntu_package_apt_preferences %}
#拷贝base目录下的apt_preferences.debian,apt_preferences.ubuntu
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
{% endblock %}
{% set base_apt_packages = [
'apt-utils',
'curl',
'gawk',
'iproute2',
'kmod',
'lvm2',
'open-iscsi',
'python',
'sudo',
'tgt']
%}
{% if base_distro == 'ubuntu' %}
#对ubantu系统的key进行设置
{# 05CE15085FC09D18E99EFB22684A14CF2582E0C5 -- InfluxDB Packaging Service <support@influxdb.com> #}
{# 177F4010FE56CA3336300305F1656F24C74CD1D8 -- MariaDB Signing Key <signing-key@mariadb.org> #}
{# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
{# 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB -- packagecloud ops (production key) <ops@packagecloud.io> #}
{# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
{# 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -- Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> #}
{# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
{# 901F9177AB97ACBE -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
{% set base_apt_keys = [
'05CE15085FC09D18E99EFB22684A14CF2582E0C5',
'177F4010FE56CA3336300305F1656F24C74CD1D8',
'391A9AA2147192839E9DB0315EDB1B62EC4926EA',
'418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
'46095ACC8548582C1A2699A9D27D666CD88E42B4',
'4D1BB29D63D98E422B2113B19334A25F8507EFA5',
'58118E89F3A912897C070ADBF76221572C52609D',
'901F9177AB97ACBE',
] %}
{% elif base_distro == 'debian' %}
{% set base_apt_keys = [
'58118E89F3A912897C070ADBF76221572C52609D',
'0xcbcb082a1bb943db',
'D27D666CD88E42B4',
'05CE15085FC09D18E99EFB22684A14CF2582E0C5',
'418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
'901F9177AB97ACBE',
] %}
{% set base_apt_packages = base_apt_packages +
['sudo',]
%}
{% endif %}
#对ubantu系统包的安装
{% block base_ubuntu_package_installation %}
{%- block base_ubuntu_package_key_installation %}
#对key的导入
{%- for key in base_apt_keys | customizable('apt_keys') %}
{%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
{%- if not loop.last %}
{% endif -%}
{% endfor %}
{% endblock %}
#在ubantu下,对包的安装
RUN apt-get update
&& apt-get -y upgrade
&& apt-get -y dist-upgrade
&& apt-get -y install --no-install-recommends
{%- for package in base_apt_packages | customizable('apt_packages') %}
{{ package }}
{%- endfor %}
&& apt-get clean
{% endblock %}
{% if base_distro == 'ubuntu' %}
RUN sed -i
-e "s|('purelib': '$base/)local/(lib/python$py_version_short/dist-packages',)|12|"
-e "s|('platlib': '$platbase/)local/(lib/python$py_version_short/dist-packages',)|12|"
-e "s|('headers': '$base/)local/(include/python$py_version_short/$dist_name',)|12|"
-e "s|('scripts': '$base/)local/(bin',)|12|"
-e "s|('data' : '$base)/local(',)|12|"
/usr/lib/python2.7/distutils/command/install.py
&& rm -rf /usr/lib/python2.7/site-packages
&& ln -s dist-packages /usr/lib/python2.7/site-packages
{% endif %}
{# endif for base_distro ubuntu, debian #}
{% endif %}
#****************************************
#对基础镜像的设置总共分为两部分,一类是yum类型的系统,一类是deb类型的系统,总体框架上就是一个if elseif 语句
COPY set_configs.py /usr/local/bin/kolla_set_configs
COPY start.sh /usr/local/bin/kolla_start
COPY sudoers /etc/sudoers
COPY curlrc /root/.curlrc
{% block dumb_init_installation %}
#实际测试https://github.com/Yelp/dumb-init/releases/download/v1.1.3/这个网站是不存在的,这些需要进行实际的设置
#容器初始化工具-Dumb-Init
#容器化环境中,往往直接运行应用程序,而缺少初始化系统(如systemd、sysvinit等)。
#这可能需要应用程序来处理系统信号,接管子进程,进而导致容器无法停止、产生僵尸进程等问题。
#dumb-init旨在模拟初始化系统功能,避免上述问题的发生
RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.1.3/dumb-init_1.1.3_amd64 -o /usr/local/bin/dumb-init
&& chmod +x /usr/local/bin/dumb-init
{% endblock %}
RUN touch /usr/local/bin/kolla_extend_start
&& chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs
&& chmod 440 /etc/sudoers
&& mkdir -p /var/log/kolla
&& chown :kolla /var/log/kolla
&& chmod 2775 /var/log/kolla
&& rm -f /tmp/kolla_bashrc
{% block base_footer %}{% endblock %}
CMD ["kolla_start"]