Bump up to ubuntu 22.04

> Ensure your version of systemd supports cgroupv2.
> It must be at least systemd 247. Consider upgrading any centos:7 images to centos:8.
> Containers running systemd need the following options:
> --privileged --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw.

Refs:
* docker/compose@b4b7319
* https://docs.docker.com/desktop/release-notes/#docker-desktop-430

Signed-off-by: Nobuhiro MIKI <nob@bobuhiro11.net>

Author: bobuhiro11

.github/workflows/action.yaml

@@ -7,17 +7,23 @@ on:
   pull_request:
 jobs:
   lint:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
       - name: hadolint for controller
         run: docker run -e "HADOLINT_IGNORE=DL3008" --rm -i hadolint/hadolint < controller/Dockerfile
       - name: hadolint for compute
         run: docker run -e "HADOLINT_IGNORE=DL3008" --rm -i hadolint/hadolint < compute/Dockerfile
   test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
+      - name: Install docker-compose
+        uses: ndeloof/install-compose-action@v0.0.1
+        with:
+          version: v2.17.3
+          legacy: true
+      - run: docker-compose --version
       - name: Build Images
         run: |
           docker-compose --file docker-compose.build.yaml up -d

README.md

@@ -3,7 +3,7 @@
 This project easily deploys OpenStack in docker & docker-compose.
 This is mainly for development purpose.
 
-NOTE: This is only tested on **x64 Ubuntu 20.04 machine**. It may work
+NOTE: This is only tested on **x64 Ubuntu 22.04 machine**. It may work
 on other Linux Distributions. Other CPU architectures and operating
 systems cannot be supported.
 

compute/Dockerfile

@@ -1,8 +1,8 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 EXPOSE 80 5000 8773 8774 8775 8776 9292
 ENV DEBIAN_FRONTEND=noninteractive
-ENV DEVSTACK_COMMIT=ab8e51eb49068a8c5004007c18fdfb9b1fcc0954
+ENV DEVSTACK_COMMIT=b33ec4bf1bec70f9a95af55fe47d30418c7325c2
 
 ENV OS_REGION_NAME=RegionOne
 ENV OS_PROJECT_DOMAIN_ID=default
@@ -30,13 +30,17 @@ RUN apt-get update \
     init \
     ebtables \
     jq \
+    openvswitch-switch \
   && apt-get -y clean \
   && rm -rf /var/lib/apt/lists/* \
   && curl https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /bin/wait-for-it.sh \
   && chmod a+x /bin/wait-for-it.sh \
   && useradd -s /bin/bash -d /opt/stack -m stack \
   && mkdir -p /etc/sudoers.d/ \
-  && echo "stack ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/stack
+  && echo "stack ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/stack \
+  # https://review.opendev.org/c/openstack/devstack/+/838645 \
+  && chmod +x /opt/stack \
+  && systemctl enable openvswitch-switch.service
 
 WORKDIR /opt/stack
 RUN git clone https://github.com/openstack/devstack.git \

compute/devstack.service

@@ -5,6 +5,7 @@ Description=devstack
 User=stack
 Type=oneshot
 ExecStartPre=/bin/wait-for-it.sh -h 172.28.0.2 -p 80 -t 3600
+ExecStartPre=/usr/bin/sudo /usr/bin/ovs-vsctl set-manager ptcp:6640
 ExecStart=/opt/stack/devstack/stack.sh
 ExecReload = /usr/bin/kill -HUP $MAINPID
 KillMode = process

controller/Dockerfile

@@ -1,8 +1,8 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 EXPOSE 80 5000 8773 8774 8775 8776 9292
 ENV DEBIAN_FRONTEND=noninteractive
-ENV DEVSTACK_COMMIT=ab8e51eb49068a8c5004007c18fdfb9b1fcc0954
+ENV DEVSTACK_COMMIT=b33ec4bf1bec70f9a95af55fe47d30418c7325c2
 
 ENV OS_REGION_NAME=RegionOne
 ENV OS_PROJECT_DOMAIN_ID=default
@@ -30,13 +30,17 @@ RUN apt-get update \
     init \
     ebtables \
     jq \
+    openvswitch-switch \
   && apt-get -y clean \
   && rm -rf /var/lib/apt/lists/* \
   && curl https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /bin/wait-for-it.sh \
   && chmod a+x /bin/wait-for-it.sh \
   && useradd -s /bin/bash -d /opt/stack -m stack \
   && mkdir -p /etc/sudoers.d/ \
-  && echo "stack ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/stack
+  && echo "stack ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/stack \
+  # https://review.opendev.org/c/openstack/devstack/+/838645 \
+  && chmod +x /opt/stack \
+  && systemctl enable openvswitch-switch.service
 
 WORKDIR /opt/stack
 RUN git clone https://github.com/openstack/devstack.git \

controller/devstack.service

@@ -4,6 +4,8 @@ Description=devstack
 [Service]
 User=stack
 Type=oneshot
+ExecStartPre=/bin/sleep 10
+ExecStartPre=/usr/bin/sudo /usr/bin/ovs-vsctl set-manager ptcp:6640
 ExecStart=/opt/stack/devstack/stack.sh
 ExecReload = /usr/bin/kill -HUP $MAINPID
 KillMode = process

docker-compose.build.yaml

@@ -8,8 +8,10 @@ services:
       dockerfile: controller/Dockerfile
     privileged: true
     tty: true
+    cgroup: host
     volumes:
       - '/lib/modules:/lib/modules'
+      - '/sys/fs/cgroup:/sys/fs/cgroup:rw'
     sysctls:
       net.ipv6.conf.all.disable_ipv6: 0
       net.ipv6.conf.default.disable_ipv6: 0
@@ -26,8 +28,10 @@ services:
       dockerfile: compute/Dockerfile
     privileged: true
     tty: true
+    cgroup: host
     volumes:
       - '/lib/modules:/lib/modules'
+      - '/sys/fs/cgroup:/sys/fs/cgroup:rw'
     sysctls:
       net.ipv6.conf.all.disable_ipv6: 0
       net.ipv6.conf.default.disable_ipv6: 0
@@ -44,8 +48,10 @@ services:
       dockerfile: compute/Dockerfile
     privileged: true
     tty: true
+    cgroup: host
     volumes:
       - '/lib/modules:/lib/modules'
+      - '/sys/fs/cgroup:/sys/fs/cgroup:rw'
     sysctls:
       net.ipv6.conf.all.disable_ipv6: 0
       net.ipv6.conf.default.disable_ipv6: 0

docker-compose.yaml

@@ -4,45 +4,11 @@ services:
     container_name: controller
     hostname: controller
     image: bobuhiro11/containerized-devstack-controller
+    privileged: true
     tty: true
-    security_opt:
-      - seccomp:unconfined
-      - apparmor:unconfined
-    cap_add:
-      - CHOWN
-      - DAC_OVERRIDE
-      - DAC_READ_SEARCH
-      - FOWNER
-      - FSETID
-      - IPC_LOCK
-      - IPC_OWNER
-      - KILL
-      - LEASE
-      - LINUX_IMMUTABLE
-      - MAC_ADMIN
-      - MAC_OVERRIDE
-      - MKNOD
-      - NET_ADMIN
-      - NET_BIND_SERVICE
-      - NET_BROADCAST
-      - NET_RAW
-      - SETFCAP
-      - SETGID
-      - SETPCAP
-      - SETUID
-      - SYS_ADMIN
-      - SYS_CHROOT
-      - SYS_NICE
-      - SYS_PACCT
-      - SYS_PTRACE
-      - SYS_RAWIO
-      - SYS_RESOURCE
-    tmpfs:
-      - /tmp
-      - /run
-      - /run/lock
+    cgroup: host
     volumes:
-      - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
+      - '/sys/fs/cgroup:/sys/fs/cgroup:rw'
     devices:
       - '/dev/net/tun:/dev/net/tun'
     sysctls:
@@ -57,45 +23,11 @@ services:
     container_name: compute-1
     hostname: compute-1
     image: bobuhiro11/containerized-devstack-compute-1
+    privileged: true
     tty: true
-    security_opt:
-      - seccomp:unconfined
-      - apparmor:unconfined
-    cap_add:
-      - CHOWN
-      - DAC_OVERRIDE
-      - DAC_READ_SEARCH
-      - FOWNER
-      - FSETID
-      - IPC_LOCK
-      - IPC_OWNER
-      - KILL
-      - LEASE
-      - LINUX_IMMUTABLE
-      - MAC_ADMIN
-      - MAC_OVERRIDE
-      - MKNOD
-      - NET_ADMIN
-      - NET_BIND_SERVICE
-      - NET_BROADCAST
-      - NET_RAW
-      - SETFCAP
-      - SETGID
-      - SETPCAP
-      - SETUID
-      - SYS_ADMIN
-      - SYS_CHROOT
-      - SYS_NICE
-      - SYS_PACCT
-      - SYS_PTRACE
-      - SYS_RAWIO
-      - SYS_RESOURCE
-    tmpfs:
-      - /tmp
-      - /run
-      - /run/lock
+    cgroup: host
     volumes:
-      - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
+      - '/sys/fs/cgroup:/sys/fs/cgroup:rw'
     devices:
       - '/dev/net/tun:/dev/net/tun'
     sysctls:
@@ -110,45 +42,11 @@ services:
     container_name: compute-2
     hostname: compute-2
     image: bobuhiro11/containerized-devstack-compute-2
+    privileged: true
     tty: true
-    security_opt:
-      - seccomp:unconfined
-      - apparmor:unconfined
-    cap_add:
-      - CHOWN
-      - DAC_OVERRIDE
-      - DAC_READ_SEARCH
-      - FOWNER
-      - FSETID
-      - IPC_LOCK
-      - IPC_OWNER
-      - KILL
-      - LEASE
-      - LINUX_IMMUTABLE
-      - MAC_ADMIN
-      - MAC_OVERRIDE
-      - MKNOD
-      - NET_ADMIN
-      - NET_BIND_SERVICE
-      - NET_BROADCAST
-      - NET_RAW
-      - SETFCAP
-      - SETGID
-      - SETPCAP
-      - SETUID
-      - SYS_ADMIN
-      - SYS_CHROOT
-      - SYS_NICE
-      - SYS_PACCT
-      - SYS_PTRACE
-      - SYS_RAWIO
-      - SYS_RESOURCE
-    tmpfs:
-      - /tmp
-      - /run
-      - /run/lock
+    cgroup: host
     volumes:
-      - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
+      - '/sys/fs/cgroup:/sys/fs/cgroup:rw'
     devices:
       - '/dev/net/tun:/dev/net/tun'
     sysctls: