Skyline
The skyline image is built from ContainerFiles/skyline. It packages the RackerLabs fork of Skyline and applies security fixes with scripts/skyline-cve-patching.sh.
This container packages the Skyline service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.
graph LR
A[Base image] --> B[Install packages]
B --> C[Apply CVE patches]
C --> D[Configure Skyline]
D --> E[Container ready]ContainerFile used for the build
# syntax = docker/dockerfile:1
# This Dockerfile builds Skyline from the RackerLabs fork.
ARG VENV_TAG=3.12-latest
FROM ghcr.io/rackerlabs/genestack-images/openstack-venv:${VENV_TAG} AS dependency_build
ARG CACHEBUST=0
ARG OS_CONSTRAINTS=master
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y \
apt-utils \
gcc \
make \
nginx \
traceroute \
lsof \
iputils-ping \
vim \
git \
wget \
curl \
locales-all \
ssl-cert
RUN git clone https://github.com/rackerlabs/skyline-apiserver /opt/skyline-apiserver
RUN git clone https://github.com/rackerlabs/skyline-console /opt/skyline-console
RUN mkdir /opt/skyline-apiserver/skyline_console
RUN tar -czvf /opt/skyline-apiserver/skyline_console/skyline_console.tar.gz -C /opt/skyline-console .
RUN /var/lib/openstack/bin/pip install -U /opt/skyline-apiserver/skyline_console/skyline_console.tar.gz
RUN /var/lib/openstack/bin/pip install -r /opt/skyline-apiserver/requirements.txt -c https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt
RUN /var/lib/openstack/bin/pip install -U /opt/skyline-apiserver -c https://opendev.org/openstack/requirements/raw/branch/${OS_CONSTRAINTS}/upper-constraints.txt
COPY scripts/skyline-cve-patching.sh /opt/
RUN bash /opt/skyline-cve-patching.sh
RUN find / -name '*.pyc' -delete \
&& find / -name '*.pyo' -delete \
&& find / -name '__pycache__' -delete \
&& find / -name '*.whl' -delete \
&& rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/client.key \
&& rm -f /var/lib/openstack/lib/python*/site-packages/slapdtest/certs/server.key \
&& sed -i '/^Usage/,/^Documentation\n^-.*$/d' /var/lib/openstack/lib/python*/site-packages/*.dist-info/METADATA
FROM python:3.12-slim-trixie
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="skyline"
LABEL org.opencontainers.image.description="OpenStack Service (skyline) built for the enterprise."
COPY --from=dependency_build /var/lib/openstack /var/lib/openstack
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y nginx \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/* \
&& find / -name '*.pyc' -delete \
&& find / -name '*.pyo' -delete \
&& find / -name '__pycache__' -delete \
&& groupadd --system --gid 42424 skyline \
&& useradd --system --gid 42424 --uid 42424 --shell /sbin/nologin --create-home --home /var/lib/skyline skyline \
&& mkdir -p /var/lib/openstack/etc/skyline \
&& ln -s /var/lib/openstack/etc/skyline /etc/skyline \
&& chown skyline:skyline -h /etc/skyline \
&& chown -R skyline:skyline /var/lib/openstack/etc/skyline \
&& mkdir -p /opt/skyline-apiserver \
&& ln -s "$(/var/lib/openstack/bin/python3 -c 'import os; import skyline_apiserver as s; print(os.path.dirname(s.__file__))')" /opt/skyline-apiserver/skyline_apiserver \
&& mkdir -p /var/log/skyline \
&& chown -R skyline:skyline /var/log/skyline \
&& ln -s /var/lib/openstack/bin/gunicorn /usr/local/bin/gunicorn
ENV PATH="/var/lib/openstack/bin:$PATH"
WORKDIR /var/lib/openstack
EXPOSE 443
ENTRYPOINT ["/var/lib/openstack/bin/skyline-apiserver"]
Build Arguments
| Argument | Default |
|---|---|
| VENV_TAG | 3.12-latest |
| CACHEBUST | 0 |
| OS_CONSTRAINTS | master |
Build Command
Dependencies
- Builds From OpenStack Virtual Environment
Container Image
The container image is available on Github Container Registry.