Nova

The nova image is built from ContainerFiles/nova. Security patches are applied by scripts/nova-cve-patching.sh.

This container packages the Nova service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.

graph LR
    A[Base image] --> B[Install packages]
    B --> C[Apply CVE patches]
    C --> D[Configure Nova]
    D --> E[Container ready]
    Libguestfs --> A

ContainerFile used for the build

# syntax = docker/dockerfile:1
# This Dockerfile uses multi-stage build to customize DEV and PROD images:
# https://docs.docker.com/develop/develop-images/multistage-build/

ARG BUILT_TAG=v1.56.1-latest
FROM ghcr.io/rackerlabs/genestack-images/libguestfs:${BUILT_TAG} AS dependency_build
ARG OS_VERSION=master
ARG OS_CONSTRAINTS=master
ARG NOVNC_VERSION=master
RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update && apt-get upgrade -y \
  && apt-get install --no-install-recommends -y \
                                             bash \
                                             brotli \
                                             build-essential \
                                             curl \
                                             dh-autoreconf \
                                             docutils-common \
                                             gettext \
                                             gir1.2-glib-2.0 \
                                             git \
                                             libcairo2-dev \
                                             libffi-dev \
                                             libgirepository1.0-dev \
                                             libjs-sphinxdoc \
                                             libjs-underscore \
                                             libldap2-dev \
                                             libpq-dev \
                                             libsasl2-dev \
                                             libssl-dev \
                                             libsystemd-dev \
                                             libxml2-dev \
                                             libvirt-dev \
                                             libxslt1-dev \
                                             libxslt1.1 \
                                             pkg-config \
                                             python3-dev \
                                             ssl-cert \
                                             xmlsec1
RUN /var/lib/openstack/bin/pip install --constraint https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt \
                                       git+https://opendev.org/openstack/nova.git@${OS_VERSION}#egg=nova \
                                       git+https://opendev.org/openstack/blazar-nova.git@${OS_VERSION}#egg=blazar-nova \
                                       PyMySQL \
                                       libvirt-python \
                                       novnc \
                                       python-memcached \
                                       websockify \
                                       uwsgi

RUN git clone --branch ${NOVNC_VERSION} https://github.com/novnc/noVNC /usr/share/novnc
RUN rm -rf /usr/share/novnc/.git
RUN cp -v /usr/share/novnc/vnc_lite.html /usr/share/novnc/vnc_auto.html

COPY scripts/nova-cve-patching.sh /opt/
RUN bash /opt/nova-cve-patching.sh

RUN find / -name '*.pyc' -delete \
  && find / -name '*.pyo' -delete \
  && find / -name '__pycache__' -delete \
  && find / -name '*.whl' -delete \
  && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \
  && rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \
  && sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/PyJWT-*.dist-info/METADATA


FROM ghcr.io/rackerlabs/genestack-images/libguestfs:${BUILT_TAG}
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="nova"
LABEL org.opencontainers.image.description="OpenStack Service (nova) built for the enterprise."
COPY --from=dependency_build /var/lib/openstack /var/lib/openstack
COPY --from=dependency_build /usr/share/novnc /usr/share/novnc
RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update && apt-get upgrade -y \
  && apt-get install --no-install-recommends -y dosfstools \
                                                cryptsetup \
                                                genisoimage \
                                                gir1.2-libosinfo-1.0 \
                                                iptables \
                                                kpartx \
                                                ksmtuned \
                                                libgirepository-1.0-1 \
                                                libguestfs0 \
                                                libosinfo-bin \
                                                libxml2 \
                                                multipath-tools \
                                                netcat-openbsd \
                                                nfs-common \
                                                nvme-cli \
                                                lsscsi \
                                                open-iscsi \
                                                ovmf \
                                                sysfsutils \
                                                sudo \
                                                ssh \
  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
  && apt-get clean -y \
  && rm -rf /var/lib/apt/lists/* \
  && rm -rf /etc/ssh/ssh_host_*_key \
  && find / -name '*.pyc' -delete \
  && find / -name '*.pyo' -delete \
  && find / -name '__pycache__' -delete \
  && groupadd --system --gid 42424 nova \
  && useradd --system --gid 42424 --uid 42424 --shell /bin/bash --create-home --home /var/lib/nova nova \
  && mkdir -p /var/lib/openstack/etc/nova \
  && ln -s /var/lib/openstack/etc/nova /etc/nova \
  && chown nova:nova -h /etc/nova \
  && chown -R nova:nova /var/lib/openstack/etc/nova
# Set the environment variables for the nova venv
ENV PATH="/var/lib/openstack/bin:$PATH"
# Set the working directory
WORKDIR /var/lib/openstack
# Set the user and group to match the original build
USER 42424:42424
# Set the entrypoint to the nova-manage command
ENTRYPOINT ["/var/lib/openstack/bin/nova-manage"]

Build Arguments

Argument	Default
BUILT_TAG	v1.56.1-latest
OS_VERSION	master
OS_CONSTRAINTS	master
NOVNC_VERSION	master

Build Command

docker build \
--build-arg BUILT_TAG=v1.56.1-latest \
--build-arg OS_VERSION=master \
--build-arg OS_CONSTRAINTS=master \
--build-arg NOVNC_VERSION=master \
-f ContainerFiles/nova \
-t nova:local \
.

Dependencies

• Builds From LibguestFS

Container Image

The container image is available on Github Container Registry.