Masakari Monitors
The masakari-monitors image is built from ContainerFiles/masakari-monitors. Security patches are applied by scripts/masakari-monitors-cve-patching.sh.
This container packages the Masakari Monitors service for use in the Masakari service stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.
graph LR
A[Base image] --> B[Install packages]
B --> C[Apply CVE patches]
C --> D[Configure Masakari Monitors]
D --> E[Container ready]ContainerFile used for the build
# syntax = docker/dockerfile:1
# This Dockerfile uses multi-stage build to customize DEV and PROD images:
# https://docs.docker.com/develop/develop-images/multistage-build/
ARG VENV_TAG=3.12-latest
FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build
ARG OS_VERSION=master
ARG OS_CONSTRAINTS=master
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y \
bash \
brotli \
build-essential \
curl \
docutils-common \
gettext \
git \
libffi-dev \
libjs-sphinxdoc \
libjs-underscore \
libldap2-dev \
libpq-dev \
libsasl2-dev \
libssl-dev \
libsystemd-dev \
libxml2-dev \
libxslt1-dev \
libxslt1.1 \
pkg-config \
ssl-cert \
xmlsec1 \
python3-dev \
libvirt-dev
RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \
git+https://opendev.org/openstack/masakari-monitors.git@${OS_VERSION}#egg=masakari-monitors \
PyJWT \
libvirt-python
COPY scripts/masakari-monitors-cve-patching.sh /opt/
RUN bash /opt/masakari-monitors-cve-patching.sh
RUN find / -name '*.pyc' -delete \
&& find / -name '*.pyo' -delete \
&& find / -name '__pycache__' -delete \
&& find / -name '*.whl' -delete \
&& rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \
&& rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \
&& sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA
FROM python:3.12-slim-trixie
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="masakari-monitors"
LABEL org.opencontainers.image.description="OpenStack Service (masakari-monitors) built for the enterprise."
COPY --from=dependency_build /var/lib/openstack /var/lib/openstack
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y libxml2 libvirt0 libvirt-clients \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/* \
&& find / -name '*.pyc' -delete \
&& find / -name '*.pyo' -delete \
&& find / -name '__pycache__' -delete \
&& groupadd --system --gid 42424 masakari-monitors \
&& useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/masakari-monitors masakari-monitors \
&& mkdir -p /var/lib/openstack/etc/masakari \
&& ln -s /var/lib/openstack/etc/masakari /etc/masakari \
&& chown masakari-monitors:masakari-monitors -h /etc/masakari \
&& chown -R masakari-monitors:masakari-monitors /var/lib/openstack/etc/masakari
# Set the environment variables for the masakari-monitors venv
ENV PATH="/var/lib/openstack/bin:$PATH"
# Set the working directory
WORKDIR /var/lib/openstack
# Set the user and group to match the original build
USER 42424:42424
Build Arguments
| Argument | Default |
|---|---|
| VENV_TAG | 3.12-latest |
| CACHEBUST | 0 |
| OS_VERSION | master |
| OS_CONSTRAINTS | master |
Build Command
Dependencies
- Builds From OpenStack Virtual Environment
Container Image
The container image is available on Github Container Registry.