Factory/ironic-image/Dockerfile

# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
#!BuildVersion: 15.6

ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro

FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base

RUN set -euo pipefail; zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
RUN /bin/prepare-efi.sh

COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api

FROM micro AS final
MAINTAINER SUSE LLC (https://www.suse.com/)
# Define labels according to https://en.opensuse.org/Building_derived_containers
LABEL org.opencontainers.image.title="SLE Openstack Ironic Container Image"
LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Base Container Image."
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="24.1.2.0"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="l3"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix

COPY --from=base /installroot /

RUN set -euo pipefail; ln -s /usr/bin/python3.11 /usr/local/bin/python3; \
    ln -s /usr/bin/pydoc3.11 /usr/local/bin/pydoc

ENV GRUB_DIR=/tftpboot/boot/grub

# workaround for mkisofs command failing
RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
COPY mkisofs_wrapper /usr/bin/mkisofs
RUN set -euo pipefail; chmod +x /usr/bin/mkisofs

COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
RUN mkdir -p /tftpboot
RUN mkdir -p $GRUB_DIR

# No need to support the Legacy BIOS boot
#RUN cp /usr/share/syslinux/pxelinux.0 /tftpboot
#RUN cp /usr/share/syslinux/chain.c32 /tftpboot/

# IRONIC #
RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img

COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
COPY network-data-schema-empty.json /etc/ironic/

# DNSMASQ
COPY dnsmasq.conf.j2 /etc/

# Custom httpd config, removes all but the bare minimum needed modules
COPY httpd.conf.j2 /etc/httpd/conf/
COPY httpd-modules.conf /etc/httpd/conf.modules.d/
COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2

# IRONIC-INSPECTOR #
RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
  sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
  sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"

COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
COPY inspector-apache.conf.j2 /etc/httpd/conf.d/

# Workaround
# Removing the 010-ironic.conf file that comes with the package 
RUN rm /etc/ironic/ironic.conf.d/010-ironic.conf

# configure non-root user and set relevant permissions
RUN configure-nonroot.sh && \
  rm -f /bin/configure-nonroot.sh
init for moving Edge 3.1 images from IBS 2024-10-21 14:18:05 +02:00			`# SPDX-License-Identifier: Apache-2.0`
			`#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0`
			`#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%`
			`#!BuildVersion: 15.6`

			`ARG SLE_VERSION`
			`FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro`

			`FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base`

			`RUN set -euo pipefail; zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*`
			`WORKDIR /tmp`
			`COPY prepare-efi.sh /bin/`
			`RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh`
			`RUN /bin/prepare-efi.sh`

			`COPY --from=micro / /installroot/`
			`RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf`
			`RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api`

			`FROM micro AS final`
			`MAINTAINER SUSE LLC (https://www.suse.com/)`
			`# Define labels according to https://en.opensuse.org/Building_derived_containers`
			`LABEL org.opencontainers.image.title="SLE Openstack Ironic Container Image"`
			`LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Base Container Image."`
			`LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"`
			`LABEL org.opencontainers.image.created="%BUILDTIME%"`
			`LABEL org.opencontainers.image.vendor="SUSE LLC"`
			`LABEL org.opencontainers.image.version="24.1.2.0"`
			`LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"`
			`LABEL org.openbuildservice.disturl="%DISTURL%"`
			`LABEL com.suse.supportlevel="l3"`
			`LABEL com.suse.eula="SUSE Combined EULA February 2024"`
			`LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"`
			`LABEL com.suse.image-type="application"`
			`LABEL com.suse.release-stage="released"`
			`# endlabelprefix`

			`COPY --from=base /installroot /`

			`RUN set -euo pipefail; ln -s /usr/bin/python3.11 /usr/local/bin/python3; \`
			`ln -s /usr/bin/pydoc3.11 /usr/local/bin/pydoc`

			`ENV GRUB_DIR=/tftpboot/boot/grub`

			`# workaround for mkisofs command failing`
			`RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc`
			`COPY mkisofs_wrapper /usr/bin/mkisofs`
			`RUN set -euo pipefail; chmod +x /usr/bin/mkisofs`

			`COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/`
			`RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;`
			`RUN mkdir -p /tftpboot`
			`RUN mkdir -p $GRUB_DIR`

			`# No need to support the Legacy BIOS boot`
			`#RUN cp /usr/share/syslinux/pxelinux.0 /tftpboot`
			`#RUN cp /usr/share/syslinux/chain.c32 /tftpboot/`

			`# IRONIC #`
			`RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe`
			`RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi`
			`COPY --from=base /tmp/esp.img /tmp/uefi_esp.img`

			`COPY ironic.conf.j2 /etc/ironic/`
			`COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/`
			`COPY network-data-schema-empty.json /etc/ironic/`

			`# DNSMASQ`
			`COPY dnsmasq.conf.j2 /etc/`

			`# Custom httpd config, removes all but the bare minimum needed modules`
			`COPY httpd.conf.j2 /etc/httpd/conf/`
			`COPY httpd-modules.conf /etc/httpd/conf.modules.d/`
			`COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2`

			`# IRONIC-INSPECTOR #`
			`RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \`
			`sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \`
			`sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"`

			`COPY ironic-inspector.conf.j2 /etc/ironic-inspector/`
			`COPY inspector-apache.conf.j2 /etc/httpd/conf.d/`

			`# Workaround`
			`# Removing the 010-ironic.conf file that comes with the package`
			`RUN rm /etc/ironic/ironic.conf.d/010-ironic.conf`

			`# configure non-root user and set relevant permissions`
			`RUN configure-nonroot.sh && \`
			`rm -f /bin/configure-nonroot.sh`