• kolla base目录下Dockerfile.j2分析


    这几天在研究kolla制作镜像的流程,记录下对kolla项目中base目录Dockerfile.j2阅读过程。本质上base目录下的Dockerfile.j2文件,对是yum 源的一些配置,从而使制作镜像的流程中,
    有一个共同的基准yun源。
    FROM {{ base_image }}:{{ base_distro_tag }}
    MAINTAINER {{ maintainer }}
    
    {# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
    {# Specifics required such as homedir or shell are configured within the service specific image #}
    {%- for name, user in users | dictsort() %}
    {% if loop.first -%}RUN {% else %}    && {% endif -%}
        groupadd --force --gid {{ user.gid }} {{ name }} 
        && useradd -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
            {%- if not loop.last %} {% endif -%}
    {%- endfor %}
    {#这是主要是增加一些用户组和用户,所有的用户以一个RUN 命令进行下发创建的#}
    LABEL kolla_version="{{ kolla_version }}"
    {#已系统缓存的kolla版本进行取值,如果是用git下载的代码,那么这个值就会去成git里面缓存的代表编号#}
    {% import "macros.j2" as macros with context %}
    {% block base_header %}{% endblock %}
    
    ENV KOLLA_BASE_DISTRO {{ base_distro }} {#引入环境变量#}
    ENV KOLLA_INSTALL_TYPE {{ install_type }}
    ENV KOLLA_INSTALL_METATYPE {{ install_metatype }} {#在安装模式是二进制的情况系,此处的值为rdo方式#}
    
    #### Customize PS1 to be used with bash shell
    COPY kolla_bashrc /tmp/
    RUN cat /tmp/kolla_bashrc >> /etc/skel/.bashrc 
        && cat /tmp/kolla_bashrc >> /root/.bashrc
    
    # PS1 var when used /bin/sh shell
    ENV PS1="$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
    
    {#centos基础镜像会走这个流程分支#}
    {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
    # For RPM Variants, enable the correct repositories - this should all be done
    # in the base image so repos are consistent throughout the system.  This also
    # enables to provide repo overrides at a later date in a simple fashion if we
    # desire such functionality.  I think we will :)
    
    RUN CURRENT_DISTRO_RELEASE=$(awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release); 
        if [  $CURRENT_DISTRO_RELEASE != "{{ supported_distro_release }}" ]; then 
            echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; 
        fi 
        && cat /tmp/kolla_bashrc >> /etc/bashrc 
        && sed -i 's|^(override_install_langs=.*)|# 1|' /etc/yum.conf
    {#获取系统当前的发行版类型,是不是在支持的范围内
    awk '{match($0, /[0-9]+/,version)}END{print version[0]}' /etc/system-release);
    这个shell脚本的作用就是来获取 /etc/system-release文件中,大版本号的值,在线上环境上执行,该命令的值为7
    DISTRO_RELEASE = {
        'centos': '7',
        'rhel': '7',
        'oraclelinux': '7',
        'debian': '8',
        'ubuntu': '16.04',
    }
    supported_distro_release的值时在 create_dockerfiles函数中获取的,这个值时数字7,8,16.04三个中的一个
    #}
    
    {% block base_yum_conf %}
    
    RUN echo centos >> /etc/yum/vars/contentdir
    {#此处对yum_conf文件进行设置,从而对所有的yum仓库都有效#}
    {% endblock %}
    
    #### BEGIN REPO ENABLEMENT(实现)
    {% set base_yum_repo_files = [
        'elasticsearch.repo',
        'grafana.repo',
        'influxdb.repo',
        'kibana.yum.repo',
        'MariaDB.repo',
        'td.repo',
        'zookeeper.repo'
     ] %}
     #在不启动自定义repo的情况下,此处是生效的,如果设置自定义的repo,那么此处不生效,根据自定义的repo配置进行拷贝
    {%- for repo_file in base_yum_repo_files | customizable('yum_repo_files') %}
    COPY {{ repo_file }} /etc/yum.repos.d/{{ repo_file }}
    {%- endfor %}
    
    {% set base_yum_url_packages = [
       'http://repo.percona.com/release/7/RPMS/x86_64/percona-release-0.1-4.noarch.rpm'
       {#此处是下载percona的repo yum仓库,noarch.rpm中包含有gpg-key文件,安装这个文件
       自动把gpg-key放到规定的/etc/pki-grp目录下,percona的repo仓库也自动在/etc/repo.yum目录下
       实测这个地址有是有效的,能够找到这个文件#}
    ] %}
    
    {{ macros.install_packages(base_yum_url_packages | customizable("yum_url_packages")) }}
    {#此处是引用宏文件里面的install_packages宏,进行rpm的安装#}
    
    {#此处是获取yum_repop的gpg-key文件#}
    {% set base_yum_repo_keys = [
        'http://yum.mariadb.org/RPM-GPG-KEY-MariaDB',#实测这个文件可以直接下载
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-Percona ',#在上一步安装过程中,这个文件已经在该目录下了
        'https://packages.elastic.co/GPG-KEY-elasticsearch', #实测这个文件可以直接下载下来
        'https://repos.influxdata.com/influxdb.key', #实测这个文件可以下载下来
        'https://packagecloud.io/gpg.key',#实测这个文件可以下载下来
        'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',#实测这个地址是直接打开一个网站,网站的内容是gpp内容,而不会下载该gpg-key文件
        'https://packages.treasuredata.com/GPG-KEY-td-agent'#实测这个文件可以直接下载
    ] %}
    {#此处是把下载的gpg-key文件进行导入,为以后的rpm安装做签名准备,如果是本地yum源的话,这一步是可以不用做得,对
    https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana这个GPG-KEY会有文件,最好是把该网页的内容,保存到一个GPG-KEY文件中#}
    {%- for key in base_yum_repo_keys | customizable('yum_repo_keys') %}
    {%- if loop.first %}RUN {% else %}    && {% endif -%}
        rpm --import {{ key }}
    {%- if not loop.last %} {% endif %}
    {% endfor -%}
    
    #binary安装方式install_metatype是rdo,source安装方式是mixed(混合的),centos基础镜像只有这两种方式
        {% if install_metatype in ['rdo', 'mixed'] %}
    
    {% for cmd in rpm_setup %}
    {{ cmd }}
    {% endfor %}
    
        {% endif %}
        {# endif for repo setup for all RHEL except RHEL OSP #}
    
     {#RHOS是一种openstack安装方式,是redhat openstack的缩写,猜测是redhat开发的一种安装方式#}
        {% if install_metatype == 'rhos' %}
    #对于centos系统来说,这个是可以rhos的内容是可以注释掉的
    # Turn on the RHOS 7.0 repo for RHOS
    RUN yum-config-manager --enable rhel-7-server-rpms 
        && yum-config-manager --enable rhel-7-server-openstack-7.0-rpms
    
        {% endif %}
    
    #如下的内容都是对centos基础镜像进行设置的
    #************************************
        {% if base_distro == 'centos' %}
    
    {#默认情况下,安装完centos系统以后,在/etc/pki/rpm-gpg/目录下只会有如下的gpg-key
    ()[root@4059a1c2f42c /]# cd /etc/pki/rpm-gpg/
    ()[root@4059a1c2f42c rpm-gpg]# ls
    RPM-GPG-KEY-CentOS-7  RPM-GPG-KEY-CentOS-Debug-7  RPM-GPG-KEY-CentOS-Testing-7
    #}
    RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    
    {% set base_centos_yum_repo_keys = [
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud',#这三个key实际查看是没有这三个gpk-key的
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage',
        '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization'
    ] %}
    #设置centos yum源仓库包
    {% set base_centos_yum_repo_packages = [
        'epel-release ',
        'yum-plugin-priorities',#
        'centos-release-ceph-jewel',执行完centos-release-openstack-ocata以后,在执行这个命令,提示已经安装
        'centos-release-openstack-ocata',
        'centos-release-qemu-ev'
    ] %}
    #安装上一步的base_centos_yum_repo_packages的repo仓库
    为执行安装命令之前的内容
    ()[root@4059a1c2f42c yum.repos.d]# ls
    xxx-centos-openstack-ocata.repo  xxx-ceph.repo           xxx-epel.repo     xxx-qemu-ev.repo
    xxx-centos.repo                  xxx-elasticsearch.repo  xxx-mariadb.repo  xxx-td.repo
    执行完安装命令以后
    ()[root@4059a1c2f42c yum.repos.d]# ls
    CentOS-Ceph-Jewel.repo       CentOS-Storage-common.repo  xxx-centos-openstack-ocata.repo  xxx-elasticsearch.repo  xxx-qemu-ev.repo
    CentOS-OpenStack-ocata.repo  epel.repo                   xxx-centos.repo                  xxx-epel.repo           xxx-td.repo
    CentOS-QEMU-EV.repo          epel-testing.repo           xxx-ceph.repo                    xxx-mariadb.repo
    ()[root@4059a1c2f42c yum.repos.d]# pwd
    执行的命令
        5  yum install -y epel-release
        6  ls
        7  yum install yum-plugin-priorities -y
        8  ls
        9  yum install centos-release-openstack-ocata -y
       10  ls
       11  yum install centos-release-qemu-ev -y
    
    /etc/pki/rpm-gpg目录下的变化
    ()[root@4059a1c2f42c yum.repos.d]# cd /etc/pki/rpm-gpg/
    ()[root@4059a1c2f42c rpm-gpg]# ls
    RPM-GPG-KEY-CentOS-7        RPM-GPG-KEY-CentOS-SIG-Cloud    RPM-GPG-KEY-CentOS-SIG-Virtualization  RPM-GPG-KEY-EPEL-7
    RPM-GPG-KEY-CentOS-Debug-7  RPM-GPG-KEY-CentOS-SIG-Storage  RPM-GPG-KEY-CentOS-Testing-7
    ()[root@4059a1c2f42c rpm-gpg]# pwd
    /etc/pki/rpm-gpg
    
    {{ macros.install_packages(base_centos_yum_repo_packages | customizable("yum_centos_repo_packages")) }}
    {% for key in base_centos_yum_repo_keys | customizable('yum_centos_repo_keys') %}
        {%- if loop.first %}RUN {% else %}    && {% endif -%}
        rpm --import {{ key }} 
    {% endfor -%}
    {%- if base_centos_yum_repo_keys|length ==0 %}RUN {% else %}    && {% endif -%}
        yum clean all
    
        {% endif %}
        {# Endif for base_distro centos #}
    #******************************************
    #如下内容是对redhat基础镜像的设置
        {% if base_distro == 'rhel' %}
    
    #安装redhat的epel yum源仓库
    {% block base_rhel_package_installation %}
    # Enable couple required repositories for all RHEL builds
    # Turn on EPEL throughout the build
    #实际测试 https://dl.fedoraproject.org/pub/epel/这个网站能打开,有epel-release-latest-7.noarch.rpm包
    RUN yum -y install 
            https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
        && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 
        && yum-config-manager --enable rhel-7-server-optional-rpms 
        && yum -y install 
               yum-plugin-priorities 
        && yum clean all 
        && yum-config-manager --enable rhel-7-server-extras-rpms
    {% endblock %}
    
        {% endif %}
        {# Endif for base_distro RHEL #}
    #*******************************************
    以下内容是对oraclelinux 基础镜像的设置
        {% if base_distro == 'oraclelinux' %}
    
    {% block base_oraclelinux_package_installation %}
    #拷贝base目录下的oraclelinux-extras.repo文件到容器/etc/yum.repos.d/中
    COPY oraclelinux-extras.repo /etc/yum.repos.d/oraclelinux-extras.repo
    RUN yum -y install 
            tar 
            yum-utils 
            https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm  #安装epel源,实测有这个rpm包,能打开网站
        && rpm -Uvh --nodeps #如下的5个rpm在该网站都存在,这些都是repo yum仓库的压缩文件,包含了gpg-key文件
            http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-openstack-ocata-1-2.el7.noarch.rpm 
            http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-ceph-jewel-1.0-1.el7.centos.noarch.rpm 
            http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-qemu-ev-1.0-2.el7.noarch.rpm 
            http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-virt-common-1-1.el7.centos.noarch.rpm 
            http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/centos-release-storage-common-1-2.el7.centos.noarch.rpm 
        && sed -i 's/$releasever/7/g' /etc/yum.repos.d/CentOS-*.repo  #统一把repo文件中的$releasever内容更换为7
        && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 
        && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage 
        && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization 
        && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud 
        && yum-config-manager --enable ol7_optional_latest ol7_addons 
        && yum -y install 
               yum-plugin-priorities 
        && yum clean all
    {% endblock %}
    
        {% endif %}
        {# Endif for base_distro oraclelinux #}
    #http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/这个网站能打开,
    #*************************************
    #### END REPO ENABLEMENT
    
    {# We are back to the basic if conditional here which is:
    #我们回到基本的if条件这里是
        if base_distro in ['centos', 'oraclelinux', 'rhel'] #}
    {% block base_redhat_binary_versionlock %}{% endblock %}
        {% if install_type == 'binary' %}
    {% set base_centos_binary_packages = [
            'sudo',
            'which',
            'python',
            'lvm2',
            'scsi-target-utils',
            'iproute',
            'iscsi-initiator-utils'
    ] %}
    # Install base packages
    {{ macros.install_packages( base_centos_binary_packages | customizable("centos_binary_packages")) }}
        {% endif %}
        {# Endif for install_type binary #}
    
        {% if install_type == 'source' %}
    
    {% set base_centos_source_packages = [
        'curl',
        'sudo',
        'tar',
        'which',
        'lvm2',
        'scsi-target-utils',
        'iproute',
        'iscsi-initiator-utils'
    ] %}
    # Update packages
    {{ macros.install_packages( base_centos_source_packages | customizable("centos_source_packages")) }}
    
        {% endif %}
        {# endif for install type is source for RPM based distros #}
    {# endif for base_distro centos,oraclelinux,rhel #}
    #********************************************************************************
    #以下是对基础镜像发布版本是ubantu,debian的设置
    {% elif base_distro in ['ubuntu', 'debian'] %}
    
    #判断系统的发行版本号是否符合要求
    RUN if [ $(awk -F '=' '/DISTRIB_RELEASE/{print $2}' /etc/lsb-release) != "{{ supported_distro_release }}" ]; then 
            echo "Only supported {{ supported_distro_release }} release on {{ base_distro }}"; false; fi
    
    # Customize PS1 bash shell
    RUN cat /tmp/kolla_bashrc >> /etc/bash.bashrc
    
    # This will prevent questions from being asked during the install
    ENV DEBIAN_FRONTEND noninteractive
    
    # Reducing disk footprint
    COPY dpkg_reducing_disk_footprint /etc/dpkg/dpkg.cfg.d/dpkg_reducing_disk_footprint
    
    {% block base_ubuntu_package_pre %}
    # Need apt-transport-https and ca-certificates before replacing sources.list or
    # apt-get update will not work if any repositories are accessed via HTTPS
    #安装https及认证包,从而支持https
    RUN apt-get update 
        && apt-get -y install --no-install-recommends apt-transport-https ca-certificates 
        && apt-get clean
    {% endblock %}
    
    {% block base_ubuntu_package_sources_list %}
    #拷贝base目录下的sources.list.debian或者sources.list.ubuntu
    COPY sources.list.{{ base_distro }} /etc/apt/sources.list
    {% endblock %}
    
    {% block base_ubuntu_package_apt_preferences %}
    #拷贝base目录下的apt_preferences.debian,apt_preferences.ubuntu
    COPY apt_preferences.{{ base_distro }} /etc/apt/preferences
    {% endblock %}
    
    {% set base_apt_packages = [
       'apt-utils',
       'curl',
       'gawk',
       'iproute2',
       'kmod',
       'lvm2',
       'open-iscsi',
       'python',
       'sudo',
       'tgt']
    %}
    
    {% if base_distro == 'ubuntu' %}
    #对ubantu系统的key进行设置
        {# 05CE15085FC09D18E99EFB22684A14CF2582E0C5 -- InfluxDB Packaging Service <support@influxdb.com> #}
        {# 177F4010FE56CA3336300305F1656F24C74CD1D8 -- MariaDB Signing Key <signing-key@mariadb.org> #}
        {# 391A9AA2147192839E9DB0315EDB1B62EC4926EA -- Canonical Cloud Archive Signing Key <ftpmaster@canonical.com> #}
        {# 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB -- packagecloud ops (production key) <ops@packagecloud.io> #}
        {# 46095ACC8548582C1A2699A9D27D666CD88E42B4 -- Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org> #}
        {# 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -- Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> #}
        {# 58118E89F3A912897C070ADBF76221572C52609D -- Docker Release Tool (releasedocker) <docker@docker.com> #}
        {# 901F9177AB97ACBE                         -- Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com> #}
        {% set base_apt_keys = [
          '05CE15085FC09D18E99EFB22684A14CF2582E0C5',
          '177F4010FE56CA3336300305F1656F24C74CD1D8',
          '391A9AA2147192839E9DB0315EDB1B62EC4926EA',
          '418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
          '46095ACC8548582C1A2699A9D27D666CD88E42B4',
          '4D1BB29D63D98E422B2113B19334A25F8507EFA5',
          '58118E89F3A912897C070ADBF76221572C52609D',
          '901F9177AB97ACBE',
        ] %}
    {% elif base_distro == 'debian' %}
        {% set base_apt_keys = [
          '58118E89F3A912897C070ADBF76221572C52609D',
          '0xcbcb082a1bb943db',
          'D27D666CD88E42B4',
          '05CE15085FC09D18E99EFB22684A14CF2582E0C5',
          '418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB',
          '901F9177AB97ACBE',
        ] %}
        {% set base_apt_packages = base_apt_packages +
          ['sudo',]
        %}
    {% endif %}
    
    
    #对ubantu系统包的安装
    {% block base_ubuntu_package_installation %}
        {%- block base_ubuntu_package_key_installation %}
        #对key的导入
            {%- for key in base_apt_keys | customizable('apt_keys') %}
                {%- if loop.first %}RUN {% else %} && {% endif %}apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 {{ key }}
                {%- if not loop.last %} 
                {% endif -%}
            {% endfor %}
        {% endblock %}
    #在ubantu下,对包的安装
    RUN apt-get update 
        && apt-get -y upgrade 
        && apt-get -y dist-upgrade 
        && apt-get -y install --no-install-recommends 
        {%- for package in base_apt_packages | customizable('apt_packages') %}
            {{ package }} 
        {%- endfor %}
        && apt-get clean
    {% endblock %}
    
    {% if base_distro == 'ubuntu' %}
    RUN sed -i 
            -e "s|('purelib': '$base/)local/(lib/python$py_version_short/dist-packages',)|12|" 
            -e "s|('platlib': '$platbase/)local/(lib/python$py_version_short/dist-packages',)|12|" 
            -e "s|('headers': '$base/)local/(include/python$py_version_short/$dist_name',)|12|" 
            -e "s|('scripts': '$base/)local/(bin',)|12|" 
            -e "s|('data'   : '$base)/local(',)|12|" 
            /usr/lib/python2.7/distutils/command/install.py 
        && rm -rf /usr/lib/python2.7/site-packages 
        && ln -s dist-packages /usr/lib/python2.7/site-packages
    {% endif %}
    
    {# endif for base_distro ubuntu, debian #}
    {% endif %}
    #****************************************
    #对基础镜像的设置总共分为两部分,一类是yum类型的系统,一类是deb类型的系统,总体框架上就是一个if elseif 语句
    
    COPY set_configs.py /usr/local/bin/kolla_set_configs
    COPY start.sh /usr/local/bin/kolla_start
    COPY sudoers /etc/sudoers
    COPY curlrc /root/.curlrc
    
    {% block dumb_init_installation %}
    #实际测试https://github.com/Yelp/dumb-init/releases/download/v1.1.3/这个网站是不存在的,这些需要进行实际的设置
    #容器初始化工具-Dumb-Init
    #容器化环境中,往往直接运行应用程序,而缺少初始化系统(如systemd、sysvinit等)。
    #这可能需要应用程序来处理系统信号,接管子进程,进而导致容器无法停止、产生僵尸进程等问题。
    #dumb-init旨在模拟初始化系统功能,避免上述问题的发生
    RUN curl -sSL https://github.com/Yelp/dumb-init/releases/download/v1.1.3/dumb-init_1.1.3_amd64 -o /usr/local/bin/dumb-init 
        && chmod +x /usr/local/bin/dumb-init
    {% endblock %}
    
    RUN touch /usr/local/bin/kolla_extend_start 
        && chmod 755 /usr/local/bin/kolla_start /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_set_configs 
        && chmod 440 /etc/sudoers 
        && mkdir -p /var/log/kolla 
        && chown :kolla /var/log/kolla 
        && chmod 2775 /var/log/kolla 
        && rm -f /tmp/kolla_bashrc
    
    {% block base_footer %}{% endblock %}
    CMD ["kolla_start"]
  • 相关阅读:
    facebook's HipHop for PHP: Move Fast
    使用Linux(CentOS)搭建SVN服务器全攻略
    PHP内置的预定义常量大全
    用PHP纯手工打造会动的多帧GIF图片验证码
    PHP的unset究竟会不会释放内存?
    请远离include_once和require_once
    真希望能夠統一一下接口
    Linux下同步网络时间
    mongo 报connect@src/mongo/shell/mongo.js:251:13错误的解决方式
    spring Aop实现防止重复提交
  • 原文地址:https://www.cnblogs.com/potato-chip/p/9588912.html
Copyright © 2020-2023  润新知