kolla base目录下Dockerfile.j2分析

FROM {{ base_image }}:{{ base_distro_tag }}
MAINTAINER {{ maintainer }}

{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
{# Specifics required such as homedir or shell are configured within the service specific image #}
{%- for name, user in users | dictsort() %}
{% if loop.first -%}RUN {% else %} && {% endif -%}
groupadd --force --gid {{ user.gid }} {{ name }}
&& useradd -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
{%- if not loop.last %} {% endif -%}
{%- endfor %}
{#这是主要是增加一些用户组和用户,所有的用户已一个RUN 命令进行下发创建的#}
LABEL kolla_version="{{ kolla_version }}"
{% import "macros.j2" as macros with context %}
{% block base_header %}{% endblock %}

ENV KOLLA_BASE_DISTRO {{ base_distro }} {#引入环境变量#}
ENV KOLLA_INSTALL_TYPE {{ install_type }}
ENV KOLLA_INSTALL_METATYPE {{ install_metatype }} {#在安装模式是二进制的情况系,此处的值为rdo方式#}

#### Customize PS1 to be used with bash shell
COPY kolla_bashrc /tmp/
RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc
&& cat /tmp/kolla_bashrc >> /root/.bashrc

# PS1 var when used /bin/sh shell
ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "

{% if base_distro in [‘centos‘, ‘oraclelinux‘, ‘rhel‘] %}
# For RPM Variants, enable the correct repositories - this should all be done
# in the base image so repos are consistent throughout the system. This also
# enables to provide repo overrides at a later date in a simple fashion if we
# desire such functionality. I think we will :)

RUN CURRENT_DISTRO_RELEASE=$(awk ‘{match($0, /[0-9]+/,version)}END{print version[0]}‘ /etc/system-release);
if [ $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ]; then
echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false;
&& cat /tmp/kolla_bashrc >> /etc/bashrc
&& sed -i ‘s|^(override_install_langs=.*)|# 1|‘ /etc/yum.conf
awk ‘{match($0, /[0-9]+/,version)}END{print version[0]}‘ /etc/system-release);
这个shell脚本的作用就是来获取 /etc/system-release文件中,大版本号的值,在线上环境上执行,该命令的值为7
‘centos‘: ‘7‘,
‘rhel‘: ‘7‘,
‘oraclelinux‘: ‘7‘,
‘debian‘: ‘8‘,
‘ubuntu‘: ‘16.04‘,
supported_distro_release的值时在 create_dockerfiles函数中获取的,这个值时数字7,8,16.04三个中的一个

{% block base_yum_conf %}

RUN echo centos >> /etc/yum/vars/contentdir
{% endblock %}

{% set base_yum_repo_files = [
] %}
{%- for repo_file in base_yum_repo_files | customizable(‘yum_repo_files‘) %}
COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
{%- endfor %}

{% set base_yum_url_packages = [
{#此处是下载percona的repo yum仓库,noarch.rpm中包含有gpg-key文件,安装这个文件
] %}

{{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}

{% set base_yum_repo_keys = [
‘/etc/pki/rpm-gpg/RPM-GPG-KEY-Percona ‘,#在上一步安装过程中,这个文件已经在该目录下了
‘https://packages.elastic.co/GPG-KEY-elasticsearch‘, #实测这个文件可以直接下载下来
‘https://repos.influxdata.com/influxdb.key‘, #实测这个文件可以下载下来
] %}
{%- for key in base_yum_repo_keys | customizable(‘yum_repo_keys‘) %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{%- if not loop.last %} {% endif %}
{% endfor -%}

{% if install_metatype in [‘rdo‘, ‘mixed‘] %}

{% for cmd in rpm_setup %}
{{ cmd }}
{% endfor %}

{% endif %}
{# endif for repo setup for all RHEL except RHEL OSP #}

{#RHOS是一种openstack安装方式,是redhat openstack的缩写,猜测是redhat开发的一种安装方式#}
{% if install_metatype == ‘rhos‘ %}
# Turn on the RHOS 7.0 repo for RHOS
RUN yum-config-manager --enable rhel-7-server-rpms
&& yum-config-manager --enable rhel-7-server-openstack-7.0-rpms

{% endif %}

{% if base_distro == ‘centos‘ %}

()[[email protected] /]# cd /etc/pki/rpm-gpg/
()[[email protected] rpm-gpg]# ls
RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-Debug-7 RPM-GPG-KEY-CentOS-Testing-7
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

{% set base_centos_yum_repo_keys = [
] %}
#设置centos yum源仓库包
{% set base_centos_yum_repo_packages = [
‘epel-release ‘,
] %}
()[[email protected] yum.repos.d]# ls
xxx-centos-openstack-ocata.repo xxx-ceph.repo xxx-epel.repo xxx-qemu-ev.repo
xxx-centos.repo xxx-elasticsearch.repo xxx-mariadb.repo xxx-td.repo
()[[email protected] yum.repos.d]# ls
CentOS-Ceph-Jewel.repo CentOS-Storage-common.repo xxx-centos-openstack-ocata.repo xxx-elasticsearch.repo xxx-qemu-ev.repo
CentOS-OpenStack-ocata.repo epel.repo xxx-centos.repo xxx-epel.repo xxx-td.repo
CentOS-QEMU-EV.repo epel-testing.repo xxx-ceph.repo xxx-mariadb.repo
()[[email protected] yum.repos.d]# pwd
5 yum install -y epel-release
6 ls
7 yum install yum-plugin-priorities -y
8 ls
9 yum install centos-release-openstack-ocata -y
10 ls
11 yum install centos-release-qemu-ev -y

()[[email protected] yum.repos.d]# cd /etc/pki/rpm-gpg/
()[[email protected] rpm-gpg]# ls
RPM-GPG-KEY-CentOS-Debug-7 RPM-GPG-KEY-CentOS-SIG-Storage RPM-GPG-KEY-CentOS-Testing-7
()[[email protected] rpm-gpg]# pwd

{{ macros.install_packages(base_centos_yum_repo_packages | customizable("yum_centos_repo_packages")) }}
{% for key in base_centos_yum_repo_keys | customizable(‘yum_centos_repo_keys‘) %}
{%- if loop.first %}RUN {% else %} && {% endif -%}
rpm --import {{ key }}
{% endfor -%}
{%- if base_centos_yum_repo_keys|length ==0 %}RUN {% else %} && {% endif -%}
yum clean all

{% endif %}
{# Endif for base_distro centos #}
{% if base_distro == ‘rhel‘ %}

#安装redhat的epel yum源仓库
{% block base_rhel_package_installation %}
# Enable couple required repositories for all RHEL builds
# Turn on EPEL throughout the build
#实际测试 https://dl.fedoraproject.org/pub/epel/这个网站能打开,有epel-release-latest-7.noarch.rpm包
RUN yum -y install
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
&& yum-config-manager --enable rhel-7-server-optional-rpms
&& yum -y install
&& yum clean all
&& yum-config-manager --enable rhel-7-server-extras-rpms
{% endblock %}

{% endif %}
{# Endif for base_distro RHEL #}
以下内容是对oraclelinux 基础镜像的设置
{% if base_distro == ‘oraclelinux‘ %}

{% block base_oraclelinux_package_installation %}
COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo
RUN yum -y install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm #安装epel源,实测有这个rpm包,能打开网站
&& rpm -Uvh --nodeps #如下的5个rpm在该网站都存在,这些都是repo yum仓库的压缩文件,包含了gpg-key文件
&& sed -i ‘s/$releasever/7/g‘ /etc/yum.repos.d/CentOS-*.repo #统一把repo文件中的$releasever内容更换为7
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
&& yum-config-manager --enable ol7_optional_latest ol7_addons
&& yum -y install
&& yum clean all
{% endblock %}

{% endif %}
{# Endif for base_distro oraclelinux #}

{# We are back to the basic if conditional here which is:
if base_distro in [‘centos‘, ‘oraclelinux‘, ‘rhel‘] #}
{% block base_redhat_binary_versionlock %}{% endblock %}
{% if install_type == ‘binary‘ %}
{% set base_centos_binary_packages = [
] %}
# Install base packages
{{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
{% endif %}
{# Endif for install_type binary #}

{% if install_type == ‘source‘ %}

{% set base_centos_source_packages = [
] %}
# Update packages
{{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}

{% endif %}
{# endif for install type is source for RPM based distros #}
{# endif for base_distro centos,oraclelinux,rhel #}
{% elif base_distro in [‘ubuntu‘, ‘debian‘] %}

RUN if [ $(awk -F ‘=‘ ‘/DISTRIB_RELEASE/{print $2}‘ /etc/lsb-release) != "{{ supported_distro_release }}" ]; then
echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; fi

# Customize PS1 bash shell
RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc

# This will prevent questions from being asked during the install
ENV DEBIAN_FRONTEND noninteractive

# Reducing disk footprint
COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint

{% block base_ubuntu_package_pre %}
# Need apt-transport-https and ca-certificates before replacing sources.list or
# apt-get update will not work if any repositories are accessed via HTTPS
RUN apt-get update
&& apt-get -y install --no-install-recommends apt-transport-https ca-certificates
&& apt-get clean
{% endblock %}

{% block base_ubuntu_package_sources_list %}
COPY sources.list.{{ base_distro }} /etc/apt/sources.list
{% endblock %}

{% block base_ubuntu_package_apt_preferences %}
COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
{% endblock %}

{% set base_apt_packages = [

{% if base_distro == ‘ubuntu‘ %}
{# 05CE15085FC09D18E99EFB22684A14CF2582E0C5 -- InfluxDB Packaging Service <[email protected]> #}
{# 177F4010FE56CA3336300305F1656F24C74CD1D8 -- MariaDB Signing Key <[email protected]> #}
{# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <[email protected]> #}
{# 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB -- packagecloud ops (production key) <[email protected]> #}
{# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <[email protected]> #}
{# 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -- Percona mysql Development Team (Packaging key) <[email protected]> #}
{# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <[email protected]> #}
{# 901F9177AB97ACBE -- Treasure Data, Inc (Treasure Agent Official Signing key) <[email protected]> #}
{% set base_apt_keys = [
] %}
{% elif base_distro == ‘debian‘ %}
{% set base_apt_keys = [
] %}
{% set base_apt_packages = base_apt_packages +
{% endif %}

{% block base_ubuntu_package_installation %}
{%- block base_ubuntu_package_key_installation %}
{%- for key in base_apt_keys | customizable(‘apt_keys‘) %}
{%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
{%- if not loop.last %}
{% endif -%}
{% endfor %}
{% endblock %}
RUN apt-get update
&& apt-get -y upgrade
&& apt-get -y dist-upgrade
&& apt-get -y install --no-install-recommends
{%- for package in base_apt_packages | customizable(‘apt_packages‘) %}
{{ package }}
{%- endfor %}
&& apt-get clean
{% endblock %}

{% if base_distro == ‘ubuntu‘ %}
RUN sed -i
-e "s|(‘purelib‘: ‘$base/)local/(lib/python$py_version_short/dist-packages‘,)|12|"
-e "s|(‘platlib‘: ‘$platbase/)local/(lib/python$py_version_short/dist-packages‘,)|12|"
-e "s|(‘headers‘: ‘$base/)local/(include/python$py_version_short/$dist_name‘,)|12|"
-e "s|(‘scripts‘: ‘$base/)local/(bin‘,)|12|"
-e "s|(‘data‘ : ‘$base)/local(‘,)|12|"
&& rm -rf /usr/lib/python2.7/site-packages
&& ln -s dist-packages /usr/lib/python2.7/site-packages
{% endif %}

{# endif for base_distro ubuntu, debian #}
{% endif %}
#对基础镜像的设置总共分为两部分,一类是yum类型的系统,一类是deb类型的系统,总体框架上就是一个if elseif 语句

COPY set_configs.py /usr/local/bin/kolla_set_configs
COPY start.sh /usr/local/bin/kolla_start
COPY sudoers /etc/sudoers
COPY curlrc /root/.curlrc

{% block dumb_init_installation %}
RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.1.3/dumb-init_1.1.3_amd64 -o /usr/local/bin/dumb-init
&& chmod +x /usr/local/bin/dumb-init
{% endblock %}

RUN touch /usr/local/bin/kolla_extend_start
&& chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs
&& chmod 440 /etc/sudoers
&& mkdir -p /var/log/kolla
&& chown :kolla /var/log/kolla
&& chmod 2775 /var/log/kolla
&& rm -f /tmp/kolla_bashrc

{% block base_footer %}{% endblock %}
CMD ["kolla_start"]

