Skip to content

Horizon

The horizon image is built from ContainerFiles/horizon. Security patches are applied by scripts/horizon-cve-patching.sh.

This container packages the Horizon service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.

graph LR
    A[Base image] --> B[Install packages]
    B --> C[Apply CVE patches]
    C --> D[Configure Horizon]
    D --> E[Container ready]
    Apache --> A
ContainerFile used for the build 
# syntax = docker/dockerfile:1
# This Dockerfile uses multi-stage build to customize DEV and PROD images:
# https://docs.docker.com/develop/develop-images/multistage-build/

ARG VENV_TAG=3.12-latest
FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build
ARG CACHEBUST=0
ARG OS_VERSION=master
ARG OS_CONSTRAINTS=master
RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update && apt-get upgrade -y \
  && apt-get install --no-install-recommends -y \
                                             bash \
                                             brotli \
                                             build-essential \
                                             curl \
                                             docutils-common \
                                             gettext \
                                             git \
                                             libffi-dev \
                                             libjs-sphinxdoc \
                                             libjs-underscore \
                                             libldap2-dev \
                                             libpq-dev \
                                             libsasl2-dev \
                                             libssl-dev \
                                             libsystemd-dev \
                                             libxml2-dev \
                                             libxslt1-dev \
                                             libxslt1.1 \
                                             node-less \
                                             npm \
                                             pkg-config \
                                             ssl-cert \
                                             xmlsec1
RUN curl -so /tmp/upper-constraints.txt https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt
RUN sed -i '/^horizon.*/d' /tmp/upper-constraints.txt
RUN sed -i '/^pyScss.*/d' /tmp/upper-constraints.txt
RUN /var/lib/openstack/bin/pip install --constraint /tmp/upper-constraints.txt \
                                       git+https://opendev.org/openstack/horizon.git@${OS_VERSION}#egg=horizon \
                                       git+https://opendev.org/openstack/adjutant-ui@${OS_CONSTRAINTS}#egg=adjutant-ui \
                                       git+https://opendev.org/openstack/designate-dashboard@${OS_CONSTRAINTS}#egg=designate_dashboard \
                                       git+https://opendev.org/openstack/cloudkitty-dashboard.git@${OS_VERSION}#egg=cloudkitty_dashboard \
                                       git+https://opendev.org/openstack/heat-dashboard@${OS_CONSTRAINTS}#egg=heat_dashboard \
                                       git+https://opendev.org/openstack/ironic-ui@${OS_CONSTRAINTS}#egg=ironic-ui \
                                       git+https://opendev.org/openstack/magnum-ui@${OS_CONSTRAINTS}#egg=magnum-ui \
                                       git+https://opendev.org/openstack/manila-ui.git@${OS_CONSTRAINTS}#egg=manila-ui \
                                       git+https://opendev.org/openstack/masakari-dashboard@${OS_CONSTRAINTS}#egg=masakari_dashboard \
                                       git+https://opendev.org/openstack/mistral-dashboard.git@${OS_CONSTRAINTS}#egg=mistral-dashboard \
                                       git+https://opendev.org/openstack/neutron-vpnaas-dashboard@${OS_CONSTRAINTS}#egg=neutron_vpnaas_dashboard \
                                       git+https://opendev.org/openstack/neutron-fwaas-dashboard@${OS_CONSTRAINTS}#egg=neutron_fwaas_dashboard \
                                       git+https://opendev.org/openstack/octavia-dashboard@${OS_CONSTRAINTS}#egg=octavia_dashboard \
                                       PyMySQL \
                                       pymemcache \
                                       python-memcached
COPY scripts/horizon-cve-patching.sh /opt/
RUN bash /opt/horizon-cve-patching.sh
RUN find / -name '*.pyc' -delete \
  && find / -name '*.pyo' -delete \
  && find / -name '__pycache__' -delete \
  && find / -name '*.whl' -delete \
  && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \
  && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key

FROM ghcr.io/rackerlabs/genestack-images/apache:latest
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="horizon"
LABEL org.opencontainers.image.description="OpenStack Service (Horizon) built for the enterprise."
COPY --from=dependency_build /var/lib/openstack /var/lib/openstack
RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update && apt-get upgrade -y \
  && apt-get install --no-install-recommends -y gettext \
  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
  && apt-get clean -y \
  && rm -rf /var/lib/apt/lists/* \
  && find / -name '*.pyc' -delete \
  && find / -name '*.pyo' -delete \
  && find / -name '__pycache__' -delete \
  && groupadd --system --gid 42424 horizon \
  && useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/horizon horizon \
  && mkdir -p /var/lib/openstack/etc/horizon \
  && ln -s /var/lib/openstack/etc/horizon /etc/horizon \
  && chown horizon:horizon -h /etc/horizon \
  && chown -R horizon:horizon /var/lib/openstack/etc/horizon
ENV PATH="/var/lib/openstack/bin:$PATH"
WORKDIR /var/lib/openstack
USER 42424:42424
ENTRYPOINT ["/usr/sbin/apache2ctl"]

Build Arguments

Argument Default
VENV_TAG 3.12-latest
CACHEBUST 0
OS_VERSION master
OS_CONSTRAINTS master
Build Command 
docker build \
--build-arg VENV_TAG=3.12-latest \
--build-arg CACHEBUST=0 \
--build-arg OS_VERSION=master \
--build-arg OS_CONSTRAINTS=master \
-f ContainerFiles/horizon \
-t horizon:local \
.

Dependencies

Container Image

The container image is available on Github Container Registry.