Initial Commit

Signed-off-by: Munoz, Obed N <obed.n.munoz@intel.com>

.gitignore

@@ -0,0 +1,58 @@
+
+# Created by https://www.gitignore.io/api/emacs,vim
+
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+
+# Org-mode
+.org-id-locations
+*_archive
+
+# flymake-mode
+*_flymake.*
+
+# eshell files
+/eshell/history
+/eshell/lastdir
+
+# elpa packages
+/elpa/
+
+# reftex files
+*.rel
+
+# AUCTeX auto folder
+/auto/
+
+# cask packages
+.cask/
+dist/
+
+# Flycheck
+flycheck_*.el
+
+# server auth directory
+/server/
+
+# projectiles files
+.projectile
+
+### Vim ###
+# swap
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+# session
+Session.vim
+# temporary
+.netrwhist
+*~
+# auto-generated tag files
+tags

README.md

@@ -1 +1,13 @@
-# dockerfiles
+Clear Linux* based Docker Containers
+====================================
+
+This repository holds all the Dockerfiles for Clear Linux based containers that are hosted at:
+https://hub.docker.com/u/clearlinux/
+
+Containers
+----------
+- MariaDB
+- Keystone
+
+
+

keystone/Dockerfile

@@ -0,0 +1,23 @@
+FROM clearlinux/mariadb
+MAINTAINER obed.n.munoz@intel.com
+
+ARG swupd_args=""
+
+RUN swupd bundle-add openstack-identity openstack-python-clients  $swupd_args
+RUN rm -rf /var/lib/swupd/*
+
+# Keystone
+RUN mkdir /etc/keystone
+COPY keystone.conf /etc/keystone
+
+RUN mkdir -p /etc/nginx/ssl
+COPY keystone.wsgi.conf /etc/nginx/
+
+COPY bootstrap.sh /usr/bin
+COPY openrc /root/
+
+WORKDIR /root
+CMD '/usr/bin/bootstrap.sh'
+
+EXPOSE 5000
+EXPOSE 35357

keystone/README.md

@@ -0,0 +1,77 @@
+Keystone with SSL
+=================
+[![](https://images.microbadger.com/badges/image/clearlinux/keystone.svg)](http://microbadger.com/images/clearlinux/keystone "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/clearlinux/keystone.svg)](http://microbadger.com/images/clearlinux/keystone "Get your own version badge on microbadger.com")
+
+This provides a SSL-enabled Keystone docker container
+
+Build
+-----
+```
+    docker build -t clearlinux/keystone .
+```
+
+Or just pull it from Dockerhub
+---------------------------
+```
+    docker pull clearlinux/keystone
+```
+
+Create Keystone SSL certificates
+--------------------------------
+```
+    YOUR_HOST=`hostname -f`
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keystone_key.pem \
+                -out keystone_cert.pem -subj "/CN=$YOUR_HOST"
+```
+
+Start Keystone container
+------------------------
+```
+    YOUR_HOST=`hostname -f`
+    docker run -d -it --name keystone -p 5000:5000 -p 35357:35357 \
+		   -e IDENTITY_HOST="$YOUR_HOST" \
+		   -e COMPUTE_HOST="$YOUR_HOST" \
+		   -e KEYSTONE_DB_USER="keystone" \
+		   -e KEYSTONE_DB_PASSWORD="secret" \
+		   -e KEYSTONE_DB_NAME="keystone" \
+		   -e KEYSTONE_ADMIN_PASSWORD="secret" \
+		   -v `pwd`/keystone_cert.pem:/etc/nginx/ssl/keystone_cert.pem \
+		   -v `pwd`/keystone_key.pem:/etc/nginx/ssl/keystone_key.pem \
+		   clearlinux/keystone
+```
+
+Login into Keystone container
+------------------------------
+```
+    docker exec -it  keystone bash
+    # Inside the container
+    root@26bd2b8a8a60 /root # source openrc
+    openstack user list
+    +----------------------------------+-------+
+    | ID                               | Name  |
+    +----------------------------------+-------+
+    | 24620586335a473fb56fc2be2f6bfb53 | admin |
+    +----------------------------------+-------+
+```
+
+Environment Variables
+---------------------
+- ``IDENTITY_HOST``
+  Identity (Keystone) host
+- ``COMPUTE_HOST``
+  Compute (ciao-launcher) host
+- ``KEYSTONE_DB_USER``
+  Keystone database username
+- ``KEYSTONE_DB_PASSWORD``
+  Keystone database password
+- ``KEYSTONE_DB_NAME``
+  Keystone database name
+- ``KEYSTONE_ADMIN_PASSWORD``
+  Keystone Admin user password
+
+Extra Build ARGs
+----------------
+- ``swupd_args`` Specifies [SWUPD](https://clearlinux.org/documentation/swupdate_how_to_run_the_updater.html) flags
+
+Default build args in Docker are on: https://docs.docker.com/engine/reference/builder/#/arg

keystone/bootstrap.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+IDENTITY_HOST=$IDENTITY_HOST
+KEYSTONE_DB_USER=$KEYSTONE_DB_USER
+KEYSTONE_DB_PASSWORD=$KEYSTONE_DB_PASSWORD
+KEYSTONE_DB_NAME=$KEYSTONE_DB_NAME
+KEYSTONE_ADMIN_PASSWORD=$KEYSTONE_ADMIN_PASSWORD
+
+sed -i.bak s/IDENTITY_HOST/$IDENTITY_HOST/g /root/openrc
+sed -i.bak s/KEYSTONE_ADMIN_PASSWORD/$KEYSTONE_ADMIN_PASSWORD/g /root/openrc
+sed -i.bak s/MARIADB_HOST/$MARIADB_HOST/g /etc/keystone/keystone.conf
+sed -i.bak s/KEYSTONE_DB_USER/$KEYSTONE_DB_USER/g /etc/keystone/keystone.conf
+sed -i.bak s/KEYSTONE_DB_PASSWORD/$KEYSTONE_DB_PASSWORD/g /etc/keystone/keystone.conf
+sed -i.bak s/KEYSTONE_DB_NAME/$KEYSTONE_DB_NAME/g /etc/keystone/keystone.conf
+sed -i.bak s/IDENTITY_HOST/$IDENTITY_HOST/g /etc/nginx/keystone.wsgi.conf
+
+# MariaDB
+# Bootstrap mariadb if it hasn't been started
+if [[ ! -d /var/lib/mysql/mysql ]]; then
+    /usr/bin/mysql-systemd-start pre
+    mysqld_safe &
+    mysqladmin --silent --wait=30 ping || exit 1
+
+    # Set root user password
+    mysql -e "GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" IDENTIFIED by \"secret\" WITH GRANT OPTION;"
+
+    # Remove anonymous user access
+    mysql -e "DELETE FROM mysql.user WHERE User=\"\";"
+
+    # Remove test database
+    mysql -e "DROP DATABASE test;"
+
+    # Keystone Database and user
+    mysql -e "create database keystone;"
+    mysql -e "grant all on keystone.* to 'keystone'@'%' identified by 'secret';"
+    mysql -e "grant all on keystone.* to 'keystone'@'localhost' identified by 'secret';"
+fi
+
+# Populate keystone database
+keystone-manage db_sync
+
+# Nginx & UWSGI
+mkdir -p /run/uwsgi/keystone
+sed -i 's/uid.*/ /' /usr/share/uwsgi/keystone/{public,admin}.ini
+sed -i 's/gid.*/ /' /usr/share/uwsgi/keystone/{public,admin}.ini
+echo "logto=/var/log/uwsgi-keystone-admin.log" >> /usr/share/uwsgi/keystone/admin.ini
+echo "logto=/var/log/uwsgi-keystone-public.log" >> /usr/share/uwsgi/keystone/public.ini
+/usr/bin/uwsgi --ini /usr/share/uwsgi/keystone/admin.ini -s /run/uwsgi/keystone/admin.sock &
+/usr/bin/uwsgi --ini /usr/share/uwsgi/keystone/public.ini -s /run/uwsgi/keystone/public.sock &
+
+mkdir /var/lib/nginx
+echo "user  root;" >> /usr/share/nginx/conf/nginx.conf
+/usr/bin/nginx
+
+/usr/bin/memcached -u root &
+
+# Bootstrap keystone
+keystone-manage bootstrap --bootstrap-username admin \
+		--bootstrap-password secret \
+		--bootstrap-project-name admin \
+		--bootstrap-role-name admin \
+		--bootstrap-service-name keystone \
+		--bootstrap-admin-url "https://$IDENTITY_HOST:35357/v3" \
+		--bootstrap-public-url "https://$IDENTITY_HOST:5000/v3" \
+		--bootstrap-internal-url "https://$IDENTITY_HOST:5000/v3"
+
+source /root/openrc
+# Create 'service' project if it does not exists
+openstack project show service
+if [[ $? == 1 ]]; then
+    openstack project create --domain default --description "Service Project" service
+fi
+
+# Create 'user' role
+openstack role show user
+if [[ $? == 1 ]]; then
+    openstack role create user
+fi
+
+tail -f /var/log/*

keystone/keystone.conf

@@ -0,0 +1,14 @@
+[DEFAULT]
+
+[database]
+connection = mysql+pymysql://keystone:secret@localhost/keystone
+
+[cache]
+enabled = True
+backend = oslo_cache.memcache_pool
+
+[catalog]
+caching = False
+
+[assignment]
+driver = sql

keystone/keystone.wsgi.conf

@@ -0,0 +1,77 @@
+server {
+       listen 35357 ssl;
+       server_name IDENTITY_HOST;
+       ssl_certificate /etc/nginx/ssl/keystone_cert.pem;
+       ssl_certificate_key /etc/nginx/ssl/keystone_key.pem;
+       error_log /var/log/nginx-error.log warn;
+       access_log /var/log/nginx-access.log;
+       location / {
+               include uwsgi_params;
+               uwsgi_pass unix:/run/uwsgi/keystone/admin.sock;
+               uwsgi_param SCRIPT_NAME '';
+               if ($request_method = 'OPTIONS') {
+                   add_header 'Access-Control-Allow-Origin' '*';
+                   add_header 'Access-Control-Allow-Credentials' 'true';
+                   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                   add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Subject-Token,X-Auth-Token';
+                   add_header 'Access-Control-Max-Age' 1728000;
+                   add_header 'Content-Type' 'text/plain charset=UTF-8';
+                   add_header 'Content-Length' 0;
+                   add_header 'Access-Control-Expose-Headers' 'X-Subject-Token,X-Auth-Token,Content-Type';
+                   return 204;
+               }
+               if ($request_method = 'POST') {
+                   add_header 'Access-Control-Allow-Origin' '*';
+                   add_header 'Access-Control-Allow-Credentials' 'true';
+                   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                   add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Subject-Token,X-Auth-Token';
+                   add_header 'Access-Control-Expose-Headers' 'X-Subject-Token,X-Auth-Token,Content-Type';
+               }
+               if ($request_method = 'GET') {
+                   add_header 'Access-Control-Allow-Origin' '*';
+                   add_header 'Access-Control-Allow-Credentials' 'true';
+                   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                   add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Conntent-Type,X-Subject-Token,X-Auth-Token';
+                   add_header 'Access-Control-Expose-Headers' 'X-Subject-Token,X-Auth-Token,Content-Type';
+               }
+       }
+}
+
+server {
+       listen 5000 ssl;
+       server_name IDENTITY_HOST;
+       ssl_certificate /etc/nginx/ssl/keystone_cert.pem;
+       ssl_certificate_key /etc/nginx/ssl/keystone_key.pem;
+       location / {
+               include uwsgi_params;
+               uwsgi_pass unix:/run/uwsgi/keystone/public.sock;
+               uwsgi_param SCRIPT_NAME '';
+	       error_log /var/log/nginx-error.log warn;
+	       access_log /var/log/nginx-access.log;
+               if ($request_method = 'OPTIONS') {
+                   add_header 'Access-Control-Allow-Origin' '*';
+                   add_header 'Access-Control-Allow-Credentials' 'true';
+                   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                   add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Subject-Token,X-Auth-Token';
+                   add_header 'Access-Control-Max-Age' 1728000;
+                   add_header 'Content-Type' 'text/plain charset=UTF-8';
+                   add_header 'Content-Length' 0;
+                   add_header 'Access-Control-Expose-Headers' 'X-Subject-Token,X-Auth-Token,Content-Type';
+                   return 204;
+               }
+               if ($request_method = 'POST') {
+                   add_header 'Access-Control-Allow-Origin' '*';
+                   add_header 'Access-Control-Allow-Credentials' 'true';
+                   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                   add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Subject-Token,X-Auth-Token';
+                   add_header 'Access-Control-Expose-Headers' 'X-Subject-Token,X-Auth-Token,Content-Type';
+               }
+               if ($request_method = 'GET') {
+                   add_header 'Access-Control-Allow-Origin' '*';
+                   add_header 'Access-Control-Allow-Credentials' 'true';
+                   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                   add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Conntent-Type,X-Subject-Token,X-Auth-Token';
+                   add_header 'Access-Control-Expose-Headers' 'X-Subject-Token,X-Auth-Token,Content-Type';
+               }
+       }
+}

keystone/openrc

@@ -0,0 +1,9 @@
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=KEYSTONE_ADMIN_PASSWORD
+export OS_AUTH_URL=https://IDENTITY_HOST:35357/v3
+export OS_IDENTITY_API_VERSION=3
+export OS_IMAGE_API_VERSION=2
+export OS_CACERT=/etc/nginx/ssl/keystone_cert.pem

keystone/start.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+docker rm -f keystone
+
+YOUR_HOST=onmunoz-arch.zpn.intel.com
+
+rm *.pem
+
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keystone_key.pem \
+	-out keystone_cert.pem -subj "/CN=$YOUR_HOST"
+
+docker run -d -it --name keystone -p 5000:5000 -p 35357:35357 \
+       -e MARIADB_HOST="$YOUR_HOST" \
+       -e IDENTITY_HOST="$YOUR_HOST" \
+       -e COMPUTE_HOST="$YOUR_HOST" \
+       -e KEYSTONE_DB_USER="keystone" \
+       -e KEYSTONE_DB_PASSWORD="secret" \
+       -e KEYSTONE_DB_NAME="keystone" \
+       -e KEYSTONE_ADMIN_PASSWORD="secret" \
+       -v `pwd`/keystone_cert.pem:/etc/nginx/ssl/keystone_cert.pem \
+       -v `pwd`/keystone_key.pem:/etc/nginx/ssl/keystone_key.pem \
+       clearlinux/keystone
+
+#docker logs -f keystone

mariadb/Dockerfile

@@ -0,0 +1,18 @@
+FROM clearlinux
+MAINTAINER leoswaldo.macias@intel.com
+
+ARG swupd_args
+
+RUN swupd bundle-add database-mariadb $swupd_args
+RUN rm -rf /var/lib/swupd/*
+
+RUN mkdir /etc/mariadb
+COPY my.cnf /etc/mariadb
+
+RUN mkdir /var/lib/mysql
+VOLUME /var/lib/mysql
+
+COPY bootstrap.sh /usr/bin
+CMD '/usr/bin/bootstrap.sh'
+
+EXPOSE 3306

mariadb/README.md

@@ -0,0 +1,38 @@
+MariaDB
+=======
+[![](https://images.microbadger.com/badges/image/clearlinux/mariadb.svg)](http://microbadger.com/images/clearlinux/mariadb "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/clearlinux/mariadb.svg)](http://microbadger.com/images/clearlinux/mariadb "Get your own version badge on microbadger.com")
+
+This provides a Clear Linux* MariaDB
+
+Build
+-----
+```
+    docker build -t clearlinux/mariadb .
+```
+
+Or just pull it from Dockerhub
+---------------------------
+```
+    docker pull clearlinux/mariadb
+```
+
+Start MariaDB Container
+-----------------------
+```
+    YOUR_HOST=`hostname -f`
+    docker run --name mariadb -p 3306:3306 -e MYSQL_ROOT_PASSWORD=secret -d clearlinux/mariadb
+    # Test it
+    mysql -uroot -h $YOUR_HOST -psecret -e "show databases;"
+```
+
+Environment Variables
+---------------------
+- ``MYSQL_ROOT_PASSWORD`` specifies MariaDB root password
+
+
+Extra Build ARGs
+----------------
+- ``swupd_args`` Specifies [SWUPD](https://clearlinux.org/documentation/swupdate_how_to_run_the_updater.html) flags
+
+Default build args in Docker are on: https://docs.docker.com/engine/reference/builder/#/arg

mariadb/bootstrap.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+set -x
+
+MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
+
+# Bootstrap mariadb if it hasn't been started
+if [[ ! -d /var/lib/mysql/mysql ]]; then
+    /usr/bin/mysql-systemd-start pre
+    mysqld_safe &
+    mysqladmin --silent --wait=30 ping || exit 1
+
+    # Set root user password
+    mysql -e "GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" IDENTIFIED by \"$MYSQL_ROOT_PASSWORD\" WITH GRANT OPTION;"
+
+    # Remove anonymous user access
+    mysql -e "DELETE FROM mysql.user WHERE User=\"\";"
+
+    # Remove test database
+    mysql -e "DROP DATABASE test;"
+
+    mysqladmin shutdown
+fi
+
+mysqld_safe &
+
+tail -f /var/lib/mysql/*err

mariadb/my.cnf

@@ -0,0 +1,2 @@
+[mysqld]
+user=root