Manila
The manila image is built from ContainerFiles/manila. Security patches are applied by scripts/manila-cve-patching.sh.
This container packages the Manila service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.
graph LR
A[Base image] --> B[Install packages]
B --> C[Apply CVE patches]
C --> D[Configure Manila]
D --> E[Container ready]ContainerFile used for the build
# syntax = docker/dockerfile:1.4.0
# DOCKER
# This Dockerfile uses multi-stage build to customize DEV and PROD images:
# https://docs.docker.com/develop/develop-images/multistage-build/
ARG VENV_TAG=3.13-trixie-latest
ARG GHCR_URL=ghcr.io/rackerlabs
FROM ${GHCR_URL}/openstack-venv:${VENV_TAG} AS dependency_build
ARG CACHEBUST=0
ARG OS_VERSION=master
ARG OS_CONSTRAINTS=master
ARG DEBIAN_FRONTEND=noninteractive
RUN <<EOT bash
set -eux
apt-get update
apt-get upgrade -y
PACKAGES="
bash
brotli
build-essential
bzip2
cargo
curl
default-mysql-client
default-mysql-server
docutils-common
gettext
gfortran
git
gzip
libblkid1
libbz2-1.0
libbz2-dev
libc6
libcap2
liberasurecode-dev
libffi-dev
libgcc-s1
libjpeg-dev
libjs-sphinxdoc
libjs-underscore
libkrb5-dev
liblapack-dev
libldap2-dev
liblz4-1
liblzma-dev
liblzma5
libmariadb-dev
libnss3-dev
libopenblas-dev
libpcre2-dev
libpq-dev
librdkafka-dev
libsasl2-dev
libsqlite3-dev
libssl-dev
libstdc++6
libsystemd-dev
libvirt-dev
libwrap0
libxml2
libxml2-dev
libxslt1-dev
libxslt1.1
libzmq3-dev
lsb-base
netbase
nfs-common
pkg-config
postgresql-client
pypy3
pypy3-dev
python3-all
python3-all-dev
python3-dev
python3-venv
squashfs-tools
ssl-cert
ucf
uuid-dev
xmlsec1
xz-utils
zlib1g
zlib1g-dev
zopfli
zstd
"
apt-get install -y --no-install-recommends $PACKAGES
/usr/local/bin/python -m pip install --upgrade --force-reinstall pip setuptools
EOT
RUN <<-EOT
set -eux
/var/lib/openstack/bin/pip install \
--constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \
git+https://opendev.org/openstack/manila.git@${OS_VERSION}#egg=manila \
PyMySQL \
python-memcached \
uwsgi
/var/lib/openstack/bin/python -m pip install --upgrade --force-reinstall pip setuptools pyOpenSSL==25.3.0
EOT
COPY scripts/manila-cve-patching.sh /opt/
RUN bash /opt/manila-cve-patching.sh
RUN <<EOT
set -eux
find / -name '*.pyc' -delete
find / -name '*.pyo' -delete
find / -name '__pycache__' -delete
find / -name '*.whl' -delete
rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key
rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key
sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA
EOT
FROM python:3.12.12-slim-trixie
ARG DEBIAN_FRONTEND=noninteractive
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="manila"
LABEL org.opencontainers.image.description="OpenStack Service (manila) built for the enterprise."
ARG NOVA_TSS_USER=tss
ARG NOVA_TSS_UID=42434
ARG NOVA_TSS_GID=42434
COPY --from=dependency_build /var/lib/openstack /var/lib/openstack
RUN <<EOT
set -eux
apt-get update
apt-get upgrade -y
RUNTIME_PACKAGES="
adduser
apt
base-files
base-passwd
bash
bind9-host
bind9-libs
bridge-utils
brotli
bsdutils
bzip2
ca-certificates
coreutils
curl
dash
debconf
debianutils
default-mysql-client
default-mysql-server
diffutils
distro-info-data
dpkg
e2fsprogs
findutils
gettext
gpgv
grep
gzip
hostname
init-system-helpers
iproute2
libacl1
libapparmor1
libapt-pkg7.0
libattr1
libaudit-common
libaudit1
libblkid1
libbz2-1.0
libc-bin
libc6
libcap-ng0
libcap2
libcom-err2
libcrypt1
libdb5.3
libdebconfclient0
libexpat1
libext2fs2
libffi-dev
libffi8
libgcc-s1
libgcrypt20
libgmp10
libgnutls30
libgpg-error0
libgssapi-krb5-2
libhogweed6
libicu76
libidn2-0
libjson-c5
libk5crypto3
libkeyutils1
libkrb5-3
libkrb5support0
libldap2-dev
liblmdb0
liblz4-1
liblzma5
libmariadb-dev-compat
libmaxminddb0
libmount1
libncurses6
libncursesw6
libnettle8
libnghttp2-14
libnsl2
libp11-kit0
libpam-modules
libpam-modules-bin
libpam-runtime
libpam0g
libpcre2-8-0
libproc2-0
libpsl5
libpython3-stdlib
libreadline8
libsasl2-dev
libseccomp2
libselinux1
libsemanage-common
libsemanage2
libsepol2
libsmartcols1
libsqlite3-0
libss2
libssl-dev
libssl3
libssl3t64
libstdc++6
libsystemd-dev
libsystemd0
libtasn1-6
libtinfo6
libtirpc3
libudev1
libunistring5
libuuid1
libuv1
libvirt-dev
libwrap0
libxml2
libxml2-dev
libxslt1.1
libxxhash0
libzstd1
login
logsave
lsb-base
mariadb-client-core
mariadb-server
mawk
media-types
mount
ncurses-bin
netbase
nfs-common
openssl
openvswitch-switch
passwd
perl-base
pkg-config
postgresql-client
procps
python3
python3-distutils-extra
python3-minimal
python3-pip-whl
python3-setuptools-whl
python3-venv
sed
sensible-utils
squashfs-tools
ssl-cert
sudo-ldap
sysvinit-utils
tar
ucf
usrmerge
util-linux
uuid-dev
wget
xmlsec1
xz-utils
zlib1g
zopfli
zstd
"
apt-get install -y --no-install-recommends $RUNTIME_PACKAGES
/usr/local/bin/python -m pip install --upgrade --force-reinstall pip setuptools pyOpenSSL==25.3.0
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false
apt-get clean -y
rm -rf /var/lib/apt/lists/*
find / -name '*.pyc' -delete
find / -name '*.pyo' -delete
find / -name '__pycache__' -delete
groupadd --system --gid 42424 manila
useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/manila manila
mkdir -p /var/lib/manila/tmp
mkdir -p /var/lib/openstack/etc/manila
ln -s /var/lib/openstack/etc/manila /etc/manila
chown manila:manila -h /etc/manila
chown -R manila:manila /var/lib/openstack/etc/manila
chown -R manila:manila /var/lib/manila
groupadd --system --gid $NOVA_TSS_GID $NOVA_TSS_USER
useradd --system --gid $NOVA_TSS_GID --uid $NOVA_TSS_UID --shell /sbin/nologin -c 'Nova tss user' $NOVA_TSS_USER
EOT
# Set the environment variables for the manila venv
ENV PATH="/var/lib/openstack/bin:$PATH"
# Set the working directory
WORKDIR /var/lib/openstack
# Set the user and group to match the original build
USER 42424:42424
# Set the entrypoint to the manila-manage command
ENTRYPOINT ["/var/lib/openstack/bin/manila-manage"]
Build Arguments
| Argument | Default |
|---|---|
| VENV_TAG | 3.12-latest |
| CACHEBUST | 0 |
| OS_VERSION | master |
| OS_CONSTRAINTS | master |
Build Command
Dependencies
- Builds From OpenStack Virtual Environment
Container Image
The container image is available on Github Container Registry.