Dockerfile.scos

# Please ensure this file is kept in sync with Dockerfile.ocp
FROM quay.io/centos/centos:stream9 AS builder

WORKDIR /tmp

COPY prepare-efi.sh /bin/
RUN prepare-efi.sh centos

FROM quay.io/centos/centos:stream9

ENV PKGS_LIST=main-packages-list.okd
ARG EXTRA_PKGS_LIST

COPY ${PKGS_LIST} ${EXTRA_PKGS_LIST:-$PKGS_LIST} /tmp/
COPY prepare-image.sh prepare-ipxe.sh configure-nonroot.sh /bin/

# Configure OpenStack repos
RUN sed -E -i 's/( =.*| >=.*)//g' /tmp/${PKGS_LIST} && \
    curl -o /etc/yum.repos.d/delorean.repo https://trunk.rdoproject.org/centos9-master/puppet-passed-ci/delorean.repo && \
    curl -o /etc/yum.repos.d/delorean-deps.repo https://trunk.rdoproject.org/centos9-master/delorean-deps.repo

RUN prepare-image.sh && \
    rm -f /bin/prepare-image.sh && \
    /bin/prepare-ipxe.sh && \
    rm -f /tmp/prepare-ipxe.sh

COPY scripts/* /bin/

# IRONIC #
COPY --from=builder /tmp/esp.img /tmp/uefi_esp.img

COPY ironic-config/ironic.conf.j2 /etc/ironic/
COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 ironic-config/ipxe_config.template /tmp/

# DNSMASQ #
COPY ironic-config/dnsmasq.conf.j2 /etc/

# Custom httpd config, removes all but the bare minimum needed modules
COPY ironic-config/httpd.conf.j2 /etc/httpd/conf/
COPY ironic-config/httpd-modules.conf /etc/httpd/conf.modules.d/
COPY ironic-config/apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
COPY ironic-config/apache2-proxy.conf.j2 /etc/httpd-proxy.conf.j2
COPY ironic-config/apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2

RUN mkdir -p /var/lib/ironic && \
  sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
  dnf remove -y sqlite

# configure non-root user and set relevant permissions
RUN configure-nonroot.sh && \
  rm -f /bin/configure-nonroot.sh

ENV IS_SCOS=true