OvS
The ovs image is built from ContainerFiles/ovs. This image has no dedicated CVE script; security updates are included during the build.
This container packages the Ovs service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.
graph LR
A[Base image] --> B[Install packages]
B --> C[Apply CVE patches]
C --> D[Configure Ovs]
D --> E[Container ready]
E --> LibvirtContainerFile used for the build
# syntax = docker/dockerfile:1
# This Dockerfile uses multi-stage build to customize DEV and PROD images:
# https://docs.docker.com/develop/develop-images/multistage-build/
ARG VENV_TAG=3.12-latest
FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build
ARG OVS_VERSION=main
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y \
dh-autoreconf \
bash \
brotli \
build-essential \
curl \
docutils-common \
gettext \
git \
libffi-dev \
libjs-sphinxdoc \
libjs-underscore \
libldap2-dev \
libpq-dev \
libsasl2-dev \
libssl-dev \
libsystemd-dev \
libxml2-dev \
libxslt1-dev \
libxslt1.1 \
pkg-config \
ssl-cert \
xmlsec1 \
libcap-ng-dev \
libbpf-dev \
libxdp-dev \
libnuma-dev
RUN git clone --branch ${OVS_VERSION} https://github.com/openvswitch/ovs /opt/ovs
WORKDIR /opt/ovs
RUN ./boot.sh
RUN ./configure --sysconfdir=/etc --localstatedir=/var
RUN PROC="$([ nproc > 4 ] && echo 4 || nproc)" make -j $PROC && make install
FROM python:3.12-slim-trixie
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="ovs"
LABEL org.opencontainers.image.description="OVS built for the enterprise."
COPY --from=dependency_build /usr/local /usr/local
COPY --from=dependency_build /etc/openvswitch /etc/openvswitch
COPY --from=dependency_build /var/lib/openvswitch /var/lib/openvswitch
COPY --from=dependency_build /var/lib/openstack /var/lib/openstack
COPY --from=dependency_build /lib/x86_64-linux-gnu/libbpf* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libcap-ng* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libcrypto* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libelf* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libnuma* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libssl* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libxdp* /lib/x86_64-linux-gnu/
COPY --from=dependency_build /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y iproute2 \
iptables \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /etc/ssh/ssh_host_*_key \
&& find / -name '*.pyc' -delete \
&& find / -name '*.pyo' -delete \
&& find / -name '__pycache__' -delete
ENV PATH="/usr/local/bin:/usr/local/sbin:$PATH"
Build Arguments
| Argument | Default |
|---|---|
| VENV_TAG | 3.12-latest |
| OVS_VERSION | main |
Build Command
Dependencies
- Builds From OpenStack Virtual Environment
Container Image
The container image is available on Github Container Registry.