├── .gitignore ├── README.rst ├── build.sh ├── compose ├── common.env ├── compose-compute.yml ├── compose-core.yml ├── compose-opencontrail.yml └── compose-openstack.yml ├── files ├── minion-pillar.conf ├── minion.conf ├── reclass-config.yml └── service ├── pipeline.png ├── salt-base.dockerfile ├── services ├── opencontrail │ ├── opencontrail-collector.dockerfile │ ├── opencontrail-config.dockerfile │ ├── opencontrail-control.dockerfile │ ├── opencontrail-database.dockerfile │ └── opencontrail-web.dockerfile ├── openstack │ ├── cinder-controller.dockerfile │ ├── glance-server.dockerfile │ ├── heat-server.dockerfile │ ├── horizon-server.dockerfile │ ├── keystone-server.dockerfile │ ├── neutron-server.dockerfile │ ├── nova-compute.dockerfile │ └── nova-controller.dockerfile └── support │ ├── galera │ ├── cluster.cnf │ ├── docker-entrypoint.sh │ ├── galera-server.dockerfile │ └── my.cnf │ ├── libvirt │ ├── entrypoint.sh │ └── libvirt-compute.dockerfile │ ├── memcached-server.dockerfile │ ├── mysql-server.dockerfile │ └── rabbitmq-server.dockerfile └── start_openstack.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | id_rsa 3 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ========================================= 2 | Build Docker images of SaltStack formulas 3 | ========================================= 4 | 5 | Trivial but working way to build docker images using existing SaltStack 6 | formulas. 7 | 8 | Quickstart 9 | ========== 10 | 11 | Install docker, run ``./build.sh`` and see what will happen :-) 12 | 13 | Docker Compose 14 | ================ 15 | 16 | It uses host networking, so there must be replaced default ip address by local ip address on the machine. 17 | 18 | .. code-block:: bash 19 | 20 | sed -i 's,172.16.1.122,,g' compose/common.env 21 | 22 | Then start compose-core.yml, after at least 30 seconds compose-openstack.yml and finally compose-opencontrail.yml 23 | 24 | .. code-block:: bash 25 | 26 | docker-compose -f compose-openstack.yml up -d 27 | 28 | If you have issues with mysql, set ``SET GLOBAL max_connect_errors=100000;`` in mysql. 29 | 30 | Images 31 | ====== 32 | 33 | salt-base 34 | --------- 35 | 36 | Base image will setup packages repository, install Salt formulas and configure 37 | Salt and Reclass so it's possible for per-service dockerfiles to execute salt 38 | states. 39 | 40 | Main idea behind using this base image is that it will ensure that your whole 41 | infrastructure is built from the same version of formulas and metadata. 42 | 43 | You can customize most of the things here: 44 | 45 | - ``RECLASS_URL`` 46 | 47 | - URL to git repository of your reclass structure 48 | 49 | - ``RECLASS_BRANCH`` 50 | - ``REPO_URL`` 51 | 52 | - APT repository with SaltStack formula packages 53 | 54 | - ``REPO_COMPONENTS`` 55 | 56 | Per-formula 57 | ----------- 58 | 59 | Per-service (aka per-formula) docker files are living in ``services`` 60 | directory, see ``services/postfix-server.dockerfile`` as an example. 61 | 62 | Entrypoints 63 | =========== 64 | 65 | There are two supported ways for container post-creation actions (eg. database 66 | and users creation, etc.): 67 | 68 | Salt-call entrypoint 69 | -------------------- 70 | 71 | To reuse what's done in formula and avoid rewriting the code into Bash-based 72 | entrypoint, you can call salt to finalize setup. 73 | 74 | - [salt-base] will setup /sbin/service that will workaround absence of upstart 75 | and other init daemons and simply call script in /etc/init.d if present 76 | 77 | - therefore Salt service states should pass fine and start the services 78 | - if services are started fine by salt state run, it's possible to execute 79 | other actions (database creation, etc.) 80 | 81 | - [salt-base] will set ``noservices: True`` grain so formulas can recognize 82 | they are running as a part of image build and will skip all actions that 83 | require running services 84 | 85 | - [-] will generate pillar and it's top file into 86 | ``/srv/salt/pillar`` and remove reclass 87 | 88 | - so it's possible to run salt with all metadata that container needs but it 89 | will not have access to other containers' metadata 90 | 91 | - [-] will run salt states 92 | 93 | - ``/entrypoint.sh`` is generated by service formula 94 | 95 | - [-] remove ``noservices`` grain and do cleanup 96 | 97 | - [container creation] when container is created, ``/entrypoint.sh`` is 98 | executed: 99 | 100 | - replace placeholders by environment variables in 101 | ``/srv/salt/pillar/-.sls`` 102 | - run salt.highstate to finalize provisioning 103 | - stop service started by salt run 104 | - start service on foreground in docker-way, keeping container running 105 | 106 | Shell entrypoint 107 | ---------------- 108 | 109 | For services that don't need additional provisioning on container creation or 110 | where having SaltStack present in image is overhead, ``/entrypoint.sh`` can be 111 | simply generated using Jinja on salt run during image creation. 112 | 113 | In that case, Salt with it's formulas and Reclass is purged at the end of 114 | image build. 115 | 116 | Building pipeline 117 | ----------------- 118 | 119 | .. image:: pipeline.png 120 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | [[ "$DEBUG" =~ ^(True|true|1|yes)$ ]] && set -x 4 | 5 | TAG_PREFIX=${TAG_PREFIX:-tcpcloud} 6 | TAG_VERSION=${TAG_VERSION:-latest} 7 | BUILD_PATH=${*:-"salt-base.dockerfile services"} 8 | BUILD_ARGS=${BUILD_ARGS:-""} 9 | BUILD_ARGS_SALT_BASE=${BUILD_ARGS_SALT_BASE:-""} 10 | MAX_JOBS=${JOBS:-1} 11 | 12 | JOBS=() 13 | RETVAL=0 14 | 15 | build_image() { 16 | name=$(echo $(basename $1 .dockerfile) | sed 's,\.,-,g') 17 | echo "== Building $name" 18 | sed -i "s,FROM tcpcloud/\([a-z0-9_-]*\).*,FROM ${TAG_PREFIX}/\1:${TAG_VERSION},g" $1 19 | stdbuf -oL -eL docker build --no-cache -t ${TAG_PREFIX}/${name}:${TAG_VERSION} $BUILD_ARGS -f $1 . 2>&1 | stdbuf -oL -eL tee log/${name}.log 20 | } 21 | 22 | wait_jobs() { 23 | echo "== Waiting for jobs: ${JOBS[@]}" 24 | for job in ${JOBS[@]}; do 25 | wait $job 26 | done 27 | JOBS=() 28 | } 29 | 30 | cleanup() { 31 | set +e 32 | echo "== Cleaning up jobs: ${JOBS[@]}" 33 | for job in ${JOBS[@]}; do 34 | kill $job 35 | done 36 | exit $RETVAL 37 | } 38 | 39 | trap cleanup EXIT 40 | 41 | [ ! -d log ] && mkdir log || rm -f log/*.log 42 | 43 | [ ! -f files/id_rsa ] && touch files/id_rsa 44 | BUILD_ARGS="${BUILD_ARGS} ${BUILD_ARGS_SALT_BASE}" build_image salt-base.dockerfile 45 | 46 | DOCKERFILES=$(find $BUILD_PATH -name "*.dockerfile" | grep -v salt-base.dockerfile) 47 | for service in ${DOCKERFILES[@]}; do 48 | if [[ $service =~ *salt-base* ]]; then 49 | continue 50 | fi 51 | 52 | if [ ${#JOBS[@]} -ge $MAX_JOBS ]; then 53 | wait_jobs 54 | fi 55 | 56 | build_image $service & 57 | JOBS+=($!) 58 | done 59 | 60 | wait_jobs 61 | echo 62 | 63 | for log_file in log/*.log; do 64 | if [ -z "$(grep "Successfully built " $log_file 2>/dev/null)" ]; then 65 | echo "== Build of $(basename $log_file .log) failed" 1>&2 66 | RETVAL=1 67 | fi 68 | done 69 | 70 | exit $RETVAL 71 | -------------------------------------------------------------------------------- /compose/common.env: -------------------------------------------------------------------------------- 1 | HOST_IP=172.16.1.122 2 | MYSQL_SERVER_SERVICE_HOST=172.16.1.122 3 | MYSQL_SERVER_SERVICE_PORT=3306 4 | 5 | RABBITMQ_SERVER_NODE01_SERVICE_HOST=172.16.1.122 6 | RABBITMQ_SERVER_NODE01_SERVICE_PORT=5672 7 | 8 | MEMCACHED_SERVER_NODE01_SERVICE_HOST=172.16.1.122 9 | MEMCACHED_SERVER_NODE01_SERVICE_PORT=11211 10 | MEMCACHED_SERVER_NODE02_SERVICE_HOST=172.16.1.122 11 | MEMCACHED_SERVER_NODE02_SERVICE_PORT=11212 12 | MEMCACHED_SERVER_NODE03_SERVICE_HOST=172.16.1.122 13 | MEMCACHED_SERVER_NODE03_SERVICE_PORT=11213 14 | 15 | KEYSTONE_SERVER_SERVICE_HOST=172.16.1.122 16 | 17 | GLANCE_SERVER_SERVICE_HOST=172.16.1.122 18 | GLANCE_REGISTRY_HOST=172.16.1.122 19 | 20 | CINDER_CONTROLLER_SERVICE_HOST=172.16.1.122 21 | NEUTRON_SERVER_SERVICE_HOST=172.16.1.122 22 | NOVA_CONTROLLER_SERVICE_HOST=172.16.1.122 23 | 24 | OPENCONTRAIL_DATABASE_SERVICE_HOST=172.16.1.122 25 | OPENCONTRAIL_CONFIG_SERVICE_HOST=172.16.1.122 26 | OPENCONTRAIL_COLLECTOR_SERVICE_HOST=172.16.1.122 27 | OPENCONTRAIL_CONTROL_SERVICE_HOST=172.16.1.122 28 | OPENCONTRAIL_COLLECTOR_LOCAL_HOST=172.16.1.122 29 | OPENCONTRAIL_CONFIG_LOCAL_HOST=172.16.1.122 30 | OPENCONTRAIL_DATABASE_LOCAL_HOST=172.16.1.122 31 | OPENCONTRAIL_CONTROL_LOCAL_HOST=172.16.1.122 32 | NOVA_COMPUTE_LOCAL_HOST=172.16.1.122 33 | -------------------------------------------------------------------------------- /compose/compose-compute.yml: -------------------------------------------------------------------------------- 1 | libvirt: 2 | image: tcpcloud/libvirt-compute 3 | privileged: true 4 | volumes: 5 | - /var/lib/nova/instances:/var/lib/nova/instances 6 | - /lib/modules:/lib/modules 7 | - /var/lib/libvirt/:/var/lib/libvirt 8 | - /sys/fs/cgroup:/sys/fs/cgroup:rw 9 | net: host 10 | nova-compute: 11 | image: tcpcloud/nova-compute 12 | privileged: true 13 | volumes: 14 | - /var/lib/nova/instances:/var/lib/nova/instances 15 | net: host 16 | env_file: ./common.env 17 | -------------------------------------------------------------------------------- /compose/compose-core.yml: -------------------------------------------------------------------------------- 1 | openstack-mysql: 2 | image: tcpcloud/mysql-server 3 | net: host 4 | env_file: ./common.env 5 | 6 | openstack-memcached01: 7 | image: tcpcloud/memcached-server 8 | net: host 9 | env_file: ./common.env 10 | 11 | #openstack-memcached02: 12 | # image: tcpcloud/memcached-server 13 | # net: host 14 | # env_file: ./common.env 15 | # ports: 16 | # - "11212:11211" 17 | 18 | #openstack-memcached03: 19 | # image: tcpcloud/memcached-server 20 | # net: host 21 | # env_file: ./common.env 22 | # ports: 23 | # - "11213:11211" 24 | 25 | rabbitmq-server: 26 | image: tcpcloud/rabbitmq-server 27 | net: host 28 | env_file: ./common.env -------------------------------------------------------------------------------- /compose/compose-opencontrail.yml: -------------------------------------------------------------------------------- 1 | opencontrail-config: 2 | image: tcpcloud/opencontrail-config 3 | net: host 4 | privileged: true 5 | env_file: ./common.env 6 | 7 | opencontrail-collector: 8 | image: tcpcloud/opencontrail-collector 9 | net: host 10 | privileged: true 11 | env_file: ./common.env 12 | 13 | opencontrail-control: 14 | image: tcpcloud/opencontrail-control 15 | net: host 16 | privileged: true 17 | env_file: ./common.env -------------------------------------------------------------------------------- /compose/compose-openstack.yml: -------------------------------------------------------------------------------- 1 | openstack-keystone: 2 | image: tcpcloud/keystone-server 3 | net: host 4 | env_file: ./common.env 5 | 6 | openstack-glance-api: 7 | image: tcpcloud/glance-server 8 | net: host 9 | command: api 10 | env_file: ./common.env 11 | 12 | openstack-glance-registry: 13 | image: tcpcloud/glance-server 14 | net: host 15 | command: registry 16 | env_file: ./common.env 17 | 18 | openstack-cinder-api: 19 | image: tcpcloud/cinder-controller 20 | net: host 21 | command: api 22 | env_file: ./common.env 23 | 24 | openstack-cinder-scheduler: 25 | image: tcpcloud/cinder-controller 26 | net: host 27 | command: scheduler 28 | env_file: ./common.env 29 | 30 | openstack-nova-api: 31 | image: tcpcloud/nova-controller 32 | net: host 33 | command: api 34 | privileged: true 35 | env_file: ./common.env 36 | 37 | openstack-nova-scheduler: 38 | image: tcpcloud/nova-controller 39 | net: host 40 | command: scheduler 41 | env_file: ./common.env 42 | 43 | openstack-nova-conductor: 44 | image: tcpcloud/nova-controller 45 | net: host 46 | command: conductor 47 | env_file: ./common.env 48 | 49 | openstack-nova-cert: 50 | image: tcpcloud/nova-controller 51 | net: host 52 | command: cert 53 | env_file: ./common.env 54 | 55 | openstack-nova-consoleauth: 56 | image: tcpcloud/nova-controller 57 | net: host 58 | command: consoleauth 59 | env_file: ./common.env 60 | 61 | openstack-nova-novncproxy: 62 | image: tcpcloud/nova-controller 63 | net: host 64 | command: novncproxy 65 | env_file: ./common.env 66 | 67 | openstack-neutron-server: 68 | image: tcpcloud/neutron-server 69 | net: host 70 | command: server 71 | env_file: ./common.env 72 | 73 | opencontrail-database: 74 | image: tcpcloud/opencontrail-database 75 | privileged: true 76 | net: host 77 | env_file: ./common.env -------------------------------------------------------------------------------- /files/minion-pillar.conf: -------------------------------------------------------------------------------- 1 | file_client: local 2 | verify_env: False 3 | 4 | file_roots: 5 | base: 6 | - /usr/share/salt-formulas/env 7 | 8 | pillar_roots: 9 | base: 10 | - /srv/salt/pillar 11 | -------------------------------------------------------------------------------- /files/minion.conf: -------------------------------------------------------------------------------- 1 | file_client: local 2 | verify_env: False 3 | 4 | file_roots: 5 | base: 6 | - /usr/share/salt-formulas/env 7 | 8 | pillar_opts: False 9 | reclass: &reclass 10 | storage_type: yaml_fs 11 | inventory_base_uri: /srv/salt/reclass 12 | ext_pillar: 13 | - reclass: *reclass 14 | master_tops: 15 | reclass: *reclass 16 | -------------------------------------------------------------------------------- /files/reclass-config.yml: -------------------------------------------------------------------------------- 1 | storage_type: yaml_fs 2 | pretty_print: True 3 | output: yaml 4 | inventory_base_uri: /srv/salt/reclass 5 | -------------------------------------------------------------------------------- /files/service: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ ! -f /etc/init.d/$1 ]; then 4 | echo "/etc/init.d/$1 does not exist, not doing anything.." 5 | exit 0 6 | fi 7 | 8 | /etc/init.d/$1 $2 9 | exit $? 10 | -------------------------------------------------------------------------------- /pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tcpcloud/docker-salt/c717a33dac76966bf341dd7832afcee19063589d/pipeline.png -------------------------------------------------------------------------------- /salt-base.dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:trusty 2 | 3 | ## Build parameters 4 | ARG reclass_url=https://github.com/tcpcloud/workshop-salt-model.git 5 | ARG reclass_branch=master 6 | ARG reclass_key 7 | ARG repo_branch=nightly 8 | 9 | ## Customizable parameters 10 | ENV RECLASS_URL $reclass_url 11 | ENV RECLASS_BRANCH $reclass_branch 12 | ENV REPO_URL "http://apt.tcpcloud.eu/$repo_branch/" 13 | ENV REPO_COMPONENTS "main security extra tcp tcp-salt" 14 | 15 | ## Common 16 | ENV DEBIAN_FRONTEND noninteractive 17 | ADD files/service /usr/sbin/service 18 | RUN chmod +x /usr/sbin/service 19 | 20 | RUN apt-get update 21 | RUN apt-get install -y wget 22 | 23 | RUN echo "deb [arch=amd64] ${REPO_URL} trusty ${REPO_COMPONENTS}" > /etc/apt/sources.list 24 | RUN wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add - 25 | RUN apt-get update 26 | 27 | RUN apt-get install -y salt-minion reclass git 28 | 29 | ## Salt 30 | RUN apt-get install -y salt-formula-* 31 | ADD files/minion.conf /etc/salt/minion 32 | RUN test -d /etc/salt/minion.d || mkdir /etc/salt/minion.d 33 | RUN echo "noservices: True" > /etc/salt/grains 34 | 35 | ## Reclass 36 | ADD files/id_rsa /root/.ssh/id_rsa 37 | RUN test -s /root/.ssh/id_rsa && \ 38 | (chmod 600 /root/.ssh/id_rsa; \ 39 | host=`echo "${RECLASS_URL}"|grep -Eo 'git@[a-z0-9\-\.]+:'|cut -d : -f 1|cut -d '@' -f 2`; \ 40 | [ -n $host ] && ssh-keyscan $host >>/root/.ssh/known_hosts) || rm -rf /root/.ssh 41 | RUN test -d /etc/reclass || mkdir /etc/reclass 42 | ADD files/reclass-config.yml /etc/reclass/reclass-config.yml 43 | 44 | RUN git clone ${RECLASS_URL} /srv/salt/reclass -b ${RECLASS_BRANCH} 45 | RUN ln -s /usr/share/salt-formulas/reclass/service /srv/salt/reclass/classes/service 46 | 47 | # Workaround for master-less Salt with reclass 48 | RUN reclass-salt --top > /usr/share/salt-formulas/env/top.sls 49 | 50 | # Cleanup 51 | RUN apt-get autoremove --purge -y 52 | RUN apt-get clean 53 | RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* /root/.ssh 54 | -------------------------------------------------------------------------------- /services/opencontrail/opencontrail-collector.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE opencontrail 5 | ENV ROLE collector 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | # create redis supervisor entry 22 | RUN echo '[program:redis]\n\ 23 | command = /usr/bin/redis-server\n\ 24 | stdout_logfile = /var/log/redis/redis-server.log\n\ 25 | stderr_logfile = /var/log/redis/redis-server.log\n\ 26 | autorestart = true\n\ 27 | stopasgroup=true'\ 28 | > /etc/contrail/supervisord_analytics_files/redis.ini 29 | 30 | ENTRYPOINT /entrypoint.sh 31 | EXPOSE 8082 8081 32 | 33 | # Cleanup 34 | RUN apt-get autoremove --purge -y 35 | RUN apt-get clean 36 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 37 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 38 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 39 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 40 | chmod +x /usr/bin/apt-get 41 | -------------------------------------------------------------------------------- /services/opencontrail/opencontrail-config.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE opencontrail 5 | ENV ROLE config 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | # create ifmap supervisor entry 22 | RUN echo '[program:ifmap]\n\ 23 | command = /usr/bin/ifmap-server\n\ 24 | stdout_logfile = /var/log/contrail/ifmap-server.log\n\ 25 | stderr_logfile = /var/log/contrail/ifmap-server.log\n\ 26 | autorestart = true\n\ 27 | stopasgroup=true'\ 28 | > /etc/contrail/supervisord_config_files/ifmap.ini 29 | 30 | ENTRYPOINT /entrypoint.sh 31 | EXPOSE 8082 8081 32 | 33 | # Cleanup 34 | RUN apt-get autoremove --purge -y 35 | RUN apt-get clean 36 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 37 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 38 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 39 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 40 | chmod +x /usr/bin/apt-get 41 | -------------------------------------------------------------------------------- /services/opencontrail/opencontrail-control.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE opencontrail 5 | ENV ROLE control 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT /entrypoint.sh 22 | EXPOSE 8083 53 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/opencontrail/opencontrail-database.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE opencontrail 5 | ENV ROLE database 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | # create zookeeper supervisor entry 22 | RUN echo '[program:zookeeper]\n\ 23 | command = /usr/bin/java -cp /etc/zookeeper/conf:/usr/share/java/jline.jar:/usr/share/java/log4j-1.2.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/xmlParserAPIs.jar:/usr/share/java/netty.jar:/usr/share/java/slf4j-api.jar:/usr/share/java/slf4j-log4j12.jar:/usr/share/java/zookeeper.jar -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.local.only=false -Dzookeeper.log.dir=/var/log/zookeeper -Dzookeeper.root.logger=INFO,CONSOLE,ROLLINGFILE org.apache.zookeeper.server.quorum.QuorumPeerMain /etc/zookeeper/conf/zoo.cfg\n\ 24 | stdout_logfile = /var/log/zookeeper/zookeeper.out\n\ 25 | stderr_logfile = /var/log/zookeeper/zookeeper.err\n\ 26 | autorestart = true\n\ 27 | stopasgroup=true'\ 28 | > /etc/contrail/supervisord_database_files/zookeeper.ini 29 | 30 | ENTRYPOINT /entrypoint.sh 31 | EXPOSE 9160 2181 32 | 33 | # Cleanup 34 | RUN apt-get autoremove --purge -y 35 | RUN apt-get clean 36 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 37 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 38 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 39 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 40 | chmod +x /usr/bin/apt-get 41 | -------------------------------------------------------------------------------- /services/opencontrail/opencontrail-web.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE opencontrail 5 | ENV ROLE web 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT /entrypoint.sh 22 | EXPOSE 8143 8080 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | 33 | # Set workdir 34 | WORKDIR /var/lib/contrail-webui/contrail-web-core -------------------------------------------------------------------------------- /services/openstack/cinder-controller.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE cinder 5 | ENV ROLE controller 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 8776 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/openstack/glance-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE glance 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 9292 9191 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/openstack/heat-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE heat 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 8000 8003 8004 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get -------------------------------------------------------------------------------- /services/openstack/horizon-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE horizon 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 80 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get -------------------------------------------------------------------------------- /services/openstack/keystone-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE keystone 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 5000 35357 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/openstack/neutron-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE neutron 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 9696 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/openstack/nova-compute.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE nova 5 | ENV ROLE compute 6 | 7 | #temporary hack 8 | RUN rm -rf /usr/share/salt-formulas/env/nova 9 | RUN git clone https://github.com/pupapaik/salt-formula-nova.git -b docker nova; mv nova/nova /usr/share/salt-formulas/env/ 10 | 11 | ## Pillar 12 | RUN mkdir -m700 /srv/salt/pillar 13 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 14 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 15 | 16 | RUN rm -rf /srv/reclass /etc/reclass 17 | ADD files/minion-pillar.conf /etc/salt/minion 18 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 19 | 20 | ## Application 21 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 22 | salt-call --local --retcode-passthrough state.sls linux || true 23 | RUN salt-call --local --retcode-passthrough state.highstate 24 | 25 | ENTRYPOINT ["/entrypoint.sh"] 26 | 27 | # Cleanup 28 | RUN apt-get autoremove --purge -y 29 | RUN apt-get clean 30 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 31 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 32 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 33 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 34 | chmod +x /usr/bin/apt-get 35 | -------------------------------------------------------------------------------- /services/openstack/nova-controller.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE nova 5 | ENV ROLE controller 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 8775 8774 8773 6080 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/support/galera/cluster.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | 3 | wsrep_provider=/usr/lib/libgalera_smm.so 4 | wsrep_cluster_address=gcomm:// 5 | binlog_format=ROW 6 | default_storage_engine=InnoDB 7 | innodb_autoinc_lock_mode=2 8 | 9 | wsrep_sst_method=xtrabackup-v2 10 | wsrep_node_address=127.0.0.1 11 | wsrep_cluster_name=galera_kubernetes 12 | wsrep_sst_auth=sstuser:changethis 13 | -------------------------------------------------------------------------------- /services/support/galera/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2015 The Kubernetes Authors All rights reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # 18 | # This script does the following: 19 | # 20 | # 1. Sets up database privileges by building an SQL script 21 | # 2. MySQL is initially started with this script a first time 22 | # 3. Modify my.cnf and cluster.cnf to reflect available nodes to join 23 | # 24 | 25 | # if NUM_NODES not passed, default to 3 26 | if [ -z "$NUM_NODES" ]; then 27 | NUM_NODES=3 28 | fi 29 | 30 | if [ "${1:0:1}" = '-' ]; then 31 | set -- mysqld "$@" 32 | fi 33 | 34 | # if the command passed is 'mysqld' via CMD, then begin processing. 35 | if [ "$1" = 'mysqld' ]; then 36 | # read DATADIR from the MySQL config 37 | DATADIR="$("$@" --verbose --help 2>/dev/null | awk '$1 == "datadir" { print $2; exit }')" 38 | 39 | # only check if system tables not created from mysql_install_db and permissions 40 | # set with initial SQL script before proceeding to build SQL script 41 | if [ ! -d "$DATADIR/mysql" ]; then 42 | # fail if user didn't supply a root password 43 | if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" ]; then 44 | echo >&2 'error: database is uninitialized and MYSQL_ROOT_PASSWORD not set' 45 | echo >&2 ' Did you forget to add -e MYSQL_ROOT_PASSWORD=... ?' 46 | exit 1 47 | fi 48 | 49 | # mysql_install_db installs system tables 50 | echo 'Running mysql_install_db ...' 51 | mysql_install_db --datadir="$DATADIR" 52 | echo 'Finished mysql_install_db' 53 | 54 | # this script will be run once when MySQL first starts to set up 55 | # prior to creating system tables and will ensure proper user permissions 56 | tempSqlFile='/tmp/mysql-first-time.sql' 57 | cat > "$tempSqlFile" <<-EOSQL 58 | DELETE FROM mysql.user ; 59 | CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; 60 | GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; 61 | EOSQL 62 | 63 | if [ "$MYSQL_DATABASE" ]; then 64 | echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" >> "$tempSqlFile" 65 | fi 66 | 67 | if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then 68 | echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" >> "$tempSqlFile" 69 | 70 | if [ "$MYSQL_DATABASE" ]; then 71 | echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" >> "$tempSqlFile" 72 | fi 73 | fi 74 | 75 | # Add SST (Single State Transfer) user if Clustering is turned on 76 | if [ -n "$GALERA_CLUSTER" ]; then 77 | # this is the Single State Transfer user (SST, initial dump or xtrabackup user) 78 | WSREP_SST_USER=${WSREP_SST_USER:-"sst"} 79 | if [ -z "$WSREP_SST_PASSWORD" ]; then 80 | echo >&2 'error: Galera cluster is enabled and WSREP_SST_PASSWORD is not set' 81 | echo >&2 ' Did you forget to add -e WSREP_SST__PASSWORD=... ?' 82 | exit 1 83 | fi 84 | # add single state transfer (SST) user privileges 85 | echo "CREATE USER '${WSREP_SST_USER}'@'localhost' IDENTIFIED BY '${WSREP_SST_PASSWORD}';" >> "$tempSqlFile" 86 | echo "GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '${WSREP_SST_USER}'@'localhost';" >> "$tempSqlFile" 87 | fi 88 | 89 | echo 'FLUSH PRIVILEGES ;' >> "$tempSqlFile" 90 | 91 | # Add the SQL file to mysqld's command line args 92 | set -- "$@" --init-file="$tempSqlFile" 93 | fi 94 | 95 | chown -R mysql:mysql "$DATADIR" 96 | fi 97 | 98 | # if cluster is turned on, then proceed to build cluster setting strings 99 | # that will be interpolated into the config files 100 | if [ -n "$GALERA_CLUSTER" ]; then 101 | # this is the Single State Transfer user (SST, initial dump or xtrabackup user) 102 | WSREP_SST_USER=${WSREP_SST_USER:-"sst"} 103 | if [ -z "$WSREP_SST_PASSWORD" ]; then 104 | echo >&2 'error: database is uninitialized and WSREP_SST_PASSWORD not set' 105 | echo >&2 ' Did you forget to add -e WSREP_SST_PASSWORD=xxx ?' 106 | exit 1 107 | fi 108 | 109 | # user/password for SST user 110 | sed -i -e "s|^wsrep_sst_auth=sstuser:changethis|wsrep_sst_auth=${WSREP_SST_USER}:${WSREP_SST_PASSWORD}|" /etc/mysql/conf.d/cluster.cnf 111 | 112 | # set nodes own address 113 | WSREP_NODE_ADDRESS=`ip addr show | grep -E '^[ ]*inet' | grep -m1 global | awk '{ print $2 }' | sed -e 's/\/.*//'` 114 | if [ -n "$WSREP_NODE_ADDRESS" ]; then 115 | sed -i -e "s|^wsrep_node_address=.*$|wsrep_node_address=${WSREP_NODE_ADDRESS}|" /etc/mysql/conf.d/cluster.cnf 116 | fi 117 | 118 | # if the string is not defined or it only is 'gcomm://', this means bootstrap 119 | if [ -z "$WSREP_CLUSTER_ADDRESS" -o "$WSREP_CLUSTER_ADDRESS" == "gcomm://" ]; then 120 | # if empty, set to 'gcomm://' 121 | # NOTE: this list does not imply membership. 122 | # It only means "obtain SST and join from one of these..." 123 | if [ -z "$WSREP_CLUSTER_ADDRESS" ]; then 124 | WSREP_CLUSTER_ADDRESS="gcomm://" 125 | fi 126 | 127 | # loop through number of nodes 128 | for NUM in `seq 1 $NUM_NODES`; do 129 | NODE_SERVICE_HOST="PXC_NODE${NUM}_SERVICE_HOST" 130 | 131 | # if set 132 | if [ -n "${!NODE_SERVICE_HOST}" ]; then 133 | # if not its own IP, then add it 134 | if [ $(expr "$HOSTNAME" : "pxc-node${NUM}") -eq 0 ]; then 135 | # if not the first bootstrap node add comma 136 | if [ $WSREP_CLUSTER_ADDRESS != "gcomm://" ]; then 137 | WSREP_CLUSTER_ADDRESS="${WSREP_CLUSTER_ADDRESS}," 138 | fi 139 | # append 140 | # if user specifies USE_IP, use that 141 | if [ -n "${USE_IP}" ]; then 142 | WSREP_CLUSTER_ADDRESS="${WSREP_CLUSTER_ADDRESS}"${!NODE_SERVICE_HOST} 143 | # otherwise use DNS 144 | else 145 | WSREP_CLUSTER_ADDRESS="${WSREP_CLUSTER_ADDRESS}pxc-node${NUM}" 146 | fi 147 | fi 148 | fi 149 | done 150 | fi 151 | 152 | # WSREP_CLUSTER_ADDRESS is now complete and will be interpolated into the 153 | # cluster address string (wsrep_cluster_address) in the cluster 154 | # configuration file, cluster.cnf 155 | if [ -n "$WSREP_CLUSTER_ADDRESS" -a "$WSREP_CLUSTER_ADDRESS" != "gcomm://" ]; then 156 | sed -i -e "s|^wsrep_cluster_address=gcomm://|wsrep_cluster_address=${WSREP_CLUSTER_ADDRESS}|" /etc/mysql/conf.d/cluster.cnf 157 | fi 158 | fi 159 | 160 | # random server ID needed 161 | sed -i -e "s/^server\-id=.*$/server-id=${RANDOM}/" /etc/mysql/my.cnf 162 | 163 | salt-call --local --retcode-passthrough state.sls mysql 164 | 165 | # finally, start mysql 166 | exec "$@" 167 | -------------------------------------------------------------------------------- /services/support/galera/galera-server.dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2016 The Kubernetes Authors All rights reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FROM tcpcloud/salt-base 16 | 17 | ## Overridable parameters 18 | ENV SERVICE mysql 19 | ENV ROLE server 20 | 21 | ## Pillar 22 | RUN mkdir -m700 /srv/salt/pillar 23 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 24 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 25 | 26 | RUN rm -rf /srv/reclass /etc/reclass 27 | ADD files/minion-pillar.conf /etc/salt/minion 28 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 29 | 30 | # add our user and group first to make sure their IDs get assigned 31 | # consistently, regardless of whatever dependencies get added 32 | RUN groupadd -r mysql && useradd -r -g mysql mysql 33 | 34 | ENV PERCONA_XTRADB_VERSION 5.6 35 | ENV MYSQL_VERSION 5.6 36 | ENV TERM linux 37 | 38 | RUN apt-get update 39 | RUN DEBIAN_FRONTEND=noninteractive apt-get install -y perl --no-install-recommends && rm -rf /var/lib/apt/lists/* 40 | 41 | RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A 42 | 43 | RUN echo "deb http://repo.percona.com/apt trusty main" > /etc/apt/sources.list.d/percona.list 44 | RUN echo "deb-src http://repo.percona.com/apt trusty main" >> /etc/apt/sources.list.d/percona.list 45 | 46 | # the "/var/lib/mysql" stuff here is because the mysql-server 47 | # postinst doesn't have an explicit way to disable the 48 | # mysql_install_db codepath besides having a database already 49 | # "configured" (ie, stuff in /var/lib/mysql/mysql) 50 | # also, we set debconf keys to make APT a little quieter 51 | RUN { \ 52 | echo percona-server-server-5.6 percona-server-server/data-dir select ''; \ 53 | echo percona-server-server-5.6 percona-server-server/root_password password ''; \ 54 | } | debconf-set-selections \ 55 | && apt-get update && DEBIAN_FRONTEND=nointeractive apt-get install -y gettext-base percona-xtradb-cluster-client-"${MYSQL_VERSION}" \ 56 | percona-xtradb-cluster-common-"${MYSQL_VERSION}" percona-xtradb-cluster-server-"${MYSQL_VERSION}" \ 57 | && rm -rf /var/lib/apt/lists/* \ 58 | && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql && chown -R mysql:mysql /var/lib/mysql 59 | 60 | VOLUME /var/lib/mysql 61 | 62 | RUN salt-call --local --retcode-passthrough state.highstate 63 | 64 | COPY services/support/galera/my.cnf /etc/mysql/my.cnf 65 | COPY services/support/galera/cluster.cnf /etc/mysql/conf.d/cluster.cnf 66 | 67 | COPY services/support/galera/docker-entrypoint.sh /entrypoint.sh 68 | ENTRYPOINT ["/entrypoint.sh"] 69 | 70 | EXPOSE 3306 4444 4567 4568 71 | CMD ["mysqld"] 72 | 73 | RUN rm -f /etc/salt/grains 74 | RUN apt-get autoremove --purge -y 75 | RUN apt-get clean 76 | RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 77 | -------------------------------------------------------------------------------- /services/support/galera/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port=3306 3 | socket=/var/run/mysqld/mysqld.sock 4 | 5 | [mysqld_safe] 6 | socket=/var/run/mysqld/mysqld.sock 7 | nice=0 8 | 9 | [mysqld] 10 | user=mysql 11 | pid-file=/var/run/mysqld/mysqld.pid 12 | socket=/var/run/mysqld/mysqld.sock 13 | port=3306 14 | basedir=/usr 15 | datadir=/var/lib/mysql 16 | tmpdir=/tmp 17 | lc-messages-dir=/usr/share/mysql 18 | skip-external-locking 19 | 20 | key_buffer=16M 21 | max_allowed_packet=16M 22 | thread_stack=192K 23 | thread_cache_size=8 24 | 25 | myisam-recover=BACKUP 26 | #max_connections=100 27 | query_cache_limit=1M 28 | query_cache_size=16M 29 | slow_query_log=1 30 | slow_query_log_file=/var/log/mysql/mysql-slow.log 31 | long_query_time=2 32 | log-queries-not-using-indexes 33 | 34 | server-id=12345 35 | log_bin=/var/log/mysql/mysql-bin.log 36 | expire_logs_days=4 37 | max_binlog_size=100M 38 | 39 | default_storage_engine=InnoDB 40 | innodb_file_per_table 41 | innodb_log_file_size=100M 42 | innodb_log_buffer_size=10M 43 | innodb_log_files_in_group=2 44 | innodb_buffer_pool_instances=4 45 | innodb_buffer_pool_size=100M 46 | 47 | [mysqldump] 48 | quick 49 | quote-names 50 | max_allowed_packet=16M 51 | 52 | [isamchk] 53 | key_buffer=16M 54 | 55 | !includedir /etc/mysql/conf.d/ 56 | -------------------------------------------------------------------------------- /services/support/libvirt/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | chmod 666 /dev/kvm 3 | exec "$@" 4 | -------------------------------------------------------------------------------- /services/support/libvirt/libvirt-compute.dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04.3 2 | MAINTAINER mhenkel@juniper.net 3 | 4 | RUN apt-get -qqy update && apt-get install -y --no-install-recommends \ 5 | libvirt-bin \ 6 | libvirt0 \ 7 | python-libvirt \ 8 | qemu-kvm \ 9 | && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 10 | 11 | COPY services/support/libvirt/entrypoint.sh / 12 | 13 | ENTRYPOINT ["/entrypoint.sh"] 14 | RUN echo "listen_tls = 0" >> /etc/libvirt/libvirtd.conf; \ 15 | echo 'listen_tcp = 1' >> /etc/libvirt/libvirtd.conf; \ 16 | echo 'tls_port = "16514"' >> /etc/libvirt/libvirtd.conf; \ 17 | echo 'tcp_port = "16509"' >> /etc/libvirt/libvirtd.conf; \ 18 | echo 'auth_tcp = "none"' >> /etc/libvirt/libvirtd.conf 19 | 20 | RUN mkdir -p /var/lib/libvirt/images/ 21 | VOLUME [ "/sys/fs/cgroup" ] 22 | RUN echo 'clear_emulator_capabilities = 0' >> /etc/libvirt/qemu.conf; \ 23 | echo 'user = "root"' >> /etc/libvirt/qemu.conf; \ 24 | echo 'group = "root"' >> /etc/libvirt/qemu.conf; \ 25 | echo 'cgroup_device_acl = [' >> /etc/libvirt/qemu.conf; \ 26 | echo ' "/dev/null", "/dev/full", "/dev/zero",'>> /etc/libvirt/qemu.conf; \ 27 | echo ' "/dev/random", "/dev/urandom",'>> /etc/libvirt/qemu.conf; \ 28 | echo ' "/dev/ptmx", "/dev/kvm", "/dev/kqemu",'>> /etc/libvirt/qemu.conf; \ 29 | echo ' "/dev/rtc", "/dev/hpet", "/dev/net/tun",'>> /etc/libvirt/qemu.conf; \ 30 | echo ']'>> /etc/libvirt/qemu.conf 31 | 32 | CMD ["/usr/sbin/libvirtd","-l"] 33 | -------------------------------------------------------------------------------- /services/support/memcached-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE memcached 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --id=${SERVICE}-${ROLE} --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --id=${SERVICE}-${ROLE} --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --id=${SERVICE}-${ROLE} --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 11211 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/support/mysql-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE mysql 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 3306 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /services/support/rabbitmq-server.dockerfile: -------------------------------------------------------------------------------- 1 | FROM tcpcloud/salt-base 2 | 3 | ## Overridable parameters 4 | ENV SERVICE rabbitmq 5 | ENV ROLE server 6 | 7 | ## Pillar 8 | RUN mkdir -m700 /srv/salt/pillar 9 | RUN echo "base:\n ${SERVICE}-${ROLE}:\n - ${SERVICE}-${ROLE}" > /srv/salt/pillar/top.sls 10 | RUN reclass-salt --pillar ${SERVICE}-${ROLE} > /srv/salt/pillar/${SERVICE}-${ROLE}.sls 11 | 12 | RUN rm -rf /srv/reclass /etc/reclass 13 | ADD files/minion-pillar.conf /etc/salt/minion 14 | RUN echo "id: ${SERVICE}-${ROLE}" >> /etc/salt/minion 15 | 16 | ## Application 17 | RUN salt-call --local --retcode-passthrough state.show_top | grep -- '- linux' 2>&1 >/dev/null && \ 18 | salt-call --local --retcode-passthrough state.sls linux || true 19 | RUN salt-call --local --retcode-passthrough state.highstate 20 | 21 | ENTRYPOINT ["/entrypoint.sh"] 22 | EXPOSE 5672 15672 23 | 24 | # Cleanup 25 | RUN apt-get autoremove --purge -y 26 | RUN apt-get clean 27 | RUN rm -rf /etc/salt/grains /etc/salt/grains.d/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/salt/* 28 | # Dirty hack to avoid running apt-get update during entrypoint's Salt run 29 | RUN mv /usr/bin/apt-get /usr/bin/apt-get.orig && \ 30 | echo "#!/bin/sh\nexit 0" > /usr/bin/apt-get && \ 31 | chmod +x /usr/bin/apt-get 32 | -------------------------------------------------------------------------------- /start_openstack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | get_docker_ip() { 4 | docker inspect --format '{{ .NetworkSettings.IPAddress }}' "$1" 5 | } 6 | 7 | ## Support services 8 | echo "Starting openstack-mysql.." 9 | docker run -d --name openstack-mysql tcpcloud/mysql-server 10 | 11 | for i in {1..3}; do 12 | echo "Starting openstack-memcached0${i}.." 13 | docker run -d --name openstack-memcached0$i tcpcloud/memcached-server 14 | done 15 | 16 | echo "Starting openstack-rabbitmq.." 17 | docker run -d --name openstack-rabbitmq tcpcloud/rabbitmq-server 18 | 19 | # Useless sleep, how I like it.. :-) 20 | # (to ensure support services are running) 21 | sleep 60 22 | 23 | cat << EOF >> /tmp/env_file.sh 24 | MYSQL_SERVER_SERVICE_HOST=$(get_docker_ip openstack-mysql) 25 | MYSQL_SERVER_SERVICE_PORT=3306 26 | 27 | RABBITMQ_NODE_SERVICE_HOST=$(get_docker_ip openstack-rabbitmq) 28 | RABBITMQ_NODE_SERVICE_PORT=3306 29 | 30 | MEMCACHED_SERVER_NODE01_SERVICE_HOST=$(get_docker_ip openstack-memcached01) 31 | MEMCACHED_SERVER_NODE01_SERVICE_PORT=11211 32 | MEMCACHED_SERVER_NODE02_SERVICE_HOST=$(get_docker_ip openstack-memcached02) 33 | MEMCACHED_SERVER_NODE02_SERVICE_PORT=11211 34 | MEMCACHED_SERVER_NODE03_SERVICE_HOST=$(get_docker_ip openstack-memcached03) 35 | MEMCACHED_SERVER_NODE03_SERVICE_PORT=11211 36 | EOF 37 | 38 | ## Keystone 39 | echo "Starting openstack-keystone.." 40 | docker run -d --name openstack-keystone --env-file /tmp/env_file.sh tcpcloud/keystone-server 41 | echo "KEYSTONE_SERVER_SERVICE_HOST=$(get_docker_ip openstack-keystone)" >>/tmp/env_file.sh 42 | 43 | sleep 60 44 | 45 | ## Glance 46 | echo "Starting openstack-glance-registry.." 47 | docker run -d --name openstack-glance-registry --env-file /tmp/env_file.sh tcpcloud/glance-server registry 48 | echo "GLANCE_REGISTRY_HOST=$(get_docker_ip openstack-glance-registry)" >>/tmp/env_file.sh 49 | 50 | echo "Starting openstack-glance-api.." 51 | docker run -d --name openstack-glance-api --env-file /tmp/env_file.sh tcpcloud/glance-server api 52 | 53 | rm -f /tmp/env_file.sh 54 | --------------------------------------------------------------------------------