# SPDX-License-Identifier: Apache-2.0 #!BuildTag: %%IMG_PREFIX%%ironic: #!BuildTag: %%IMG_PREFIX%%ironic: #!BuildVersion: 15.6 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base #!ArchExclusiveLine: x86_64 RUN if [ "$(uname -m)" = "x86_64" ];then \ zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \ fi #!ArchExclusiveLine: aarch64 RUN if [ "$(uname -m)" = "aarch64" ];then \ zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\ fi WORKDIR /tmp COPY prepare-efi.sh /bin/ RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh RUN /bin/prepare-efi.sh COPY --from=micro / /installroot/ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf #!ArchExclusiveLine: x86_64 RUN if [ "$(uname -m)" = "x86_64" ];then \ zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \ fi #!ArchExclusiveLine: aarch64 RUN if [ "$(uname -m)" = "aarch64" ];then \ zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \ fi # DATABASE RUN mkdir -p /installroot/var/lib/ironic && \ /installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \ zypper --installroot /installroot --non-interactive remove sqlite3 FROM micro AS final MAINTAINER SUSE LLC (https://www.suse.com/) # Define labels according to https://en.opensuse.org/Building_derived_containers LABEL org.opencontainers.image.title="SLE Openstack Ironic Container Image" LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Base Container Image." LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opencontainers.image.version="" LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle" LABEL com.suse.image-type="application" LABEL com.suse.release-stage="released" # endlabelprefix COPY --from=base /installroot / RUN set -euo pipefail; ln -s /usr/bin/python3.11 /usr/local/bin/python3; \ ln -s /usr/bin/pydoc3.11 /usr/local/bin/pydoc ENV GRUB_DIR=/tftpboot/boot/grub # workaround for mkisofs command failing RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc COPY mkisofs_wrapper /usr/bin/mkisofs RUN set -euo pipefail; chmod +x /usr/bin/mkisofs COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/ RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh; RUN mkdir -p /tftpboot RUN mkdir -p $GRUB_DIR # No need to support the Legacy BIOS boot #RUN cp /usr/share/syslinux/pxelinux.0 /tftpboot #RUN cp /usr/share/syslinux/chain.c32 /tftpboot/ # IRONIC # RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe #!ArchExclusiveLine: x86_64 RUN if [ "$(uname -m)" = "x86_64" ];then \ cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\ fi #!ArchExclusiveLine: x86_64 RUN if [ "$(uname -m)" = "aarch64" ]; then\ cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\ fi COPY --from=base /tmp/esp.img /tmp/uefi_esp.img COPY ironic.conf.j2 /etc/ironic/ COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/ COPY network-data-schema-empty.json /etc/ironic/ # DNSMASQ COPY dnsmasq.conf.j2 /etc/ # Custom httpd config, removes all but the bare minimum needed modules COPY httpd.conf.j2 /etc/httpd/conf/ COPY httpd-modules.conf /etc/httpd/conf.modules.d/ COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2 COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2 # Workaround # Removing the 010-ironic.conf file that comes with the package RUN rm /etc/ironic/ironic.conf.d/010-ironic.conf # configure non-root user and set relevant permissions RUN configure-nonroot.sh && \ rm -f /bin/configure-nonroot.sh