forked from perfsonar/debian-docker-buildmachines
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
138 lines (115 loc) · 4.72 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# perfSONAR build machine image
### Globally scoped ARG, defined here to be available to use in FROM statements
# Do we want to use a proxy?
ARG useproxy=without
# TODO: move to pS provided base OS image
# OS image to use as a base
ARG OSimage=debian:buster
FROM ${OSimage} AS pre-base
# Custom cache invalidation
ARG CACHEBUST=1
# Some sane defaults
ENV container=docker
ENV LC_ALL=C
ENV DEBIAN_FRONTEND=noninteractive
# If you want to use a proxy to speed up download both at build time and test time (docker run)
# Trick built on top of https://medium.com/@tonistiigi/advanced-multi-stage-build-patterns-6f741b852fae
FROM pre-base AS base-with-proxy
ARG proxy
ENV http_proxy=http://${proxy}
ENV https_proxy=https://${proxy}
ENV no_proxy=localhost,127.0.0.1
FROM pre-base AS base-without-proxy
ENV http_proxy=
ENV https_proxy=
ENV no_proxy=
### Systemd related setup
# TODO: should be moved to dedicated image
FROM base-${useproxy}-proxy AS ps-base-image
RUN echo "This Docker image is using proxy: ${https_proxy:-none}"
RUN apt-get clean && apt-get update
RUN /bin/bash -c 'if [[ $(dpkg --print-architecture) != "ppc64el" ]]; then\
apt-get install -y \
apt-utils \
curl \
gnupg \
systemd \
systemd-sysv ; \
else \
# Painful hack to care for an outdated ppc64el Debian repository (downgrade 2 packages) \
apt-get install -y \
--allow-downgrades \
gpgv=2.2.12-1+deb10u1 \
libssl1.1=1.1.1n-0+deb10u1 \
apt-utils \
curl \
gnupg \
systemd \
systemd-sysv ; \
fi'
# To make systemd work properly
# From https://github.com/j8r/dockerfiles/tree/master/systemd
RUN cd /lib/systemd/system/sysinit.target.wants/ \
&& ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1
# List for D9, D10, U16, U18 and U20
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
/etc/systemd/system/*.wants/* \
/lib/systemd/system/anaconda.target.wants/* \
/lib/systemd/system/basic.target.wants/* \
/lib/systemd/system/local-fs.target.wants/* \
/lib/systemd/system/plymouth* \
/lib/systemd/system/sockets.target.wants/*udev* \
/lib/systemd/system/sockets.target.wants/*initctl* \
/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
/lib/systemd/system/systemd-update-utmp*
# Shared volume needed for systemd
#VOLUME /sys/fs/cgroup
# Work around a Debian/Ubuntu Docker issue
# https://stackoverflow.com/questions/46247032/how-to-solve-invoke-rc-d-policy-rc-d-denied-execution-of-start-when-building
RUN printf '#!/bin/sh\nexit 0' > /usr/sbin/policy-rc.d
# Configure perfSONAR repository (given as argument) and GPG key
ARG REPO=perfsonar-minor-snapshot
RUN echo "Adding perfSONAR repository: $REPO"
RUN /bin/bash -c 'if [[ "${REPO##*-}" < "a" ]] ; \
# If $REPO substring is a number then we have a release repository
then curl http://downloads.perfsonar.net/debian/perfsonar-official.gpg.key | apt-key add - ; \
else curl http://downloads.perfsonar.net/debian/perfsonar-snapshot.gpg.key | apt-key add - ; \
fi'
RUN curl -o /etc/apt/sources.list.d/$REPO.list http://downloads.perfsonar.net/debian/$REPO.list
# Some APT cleanup
RUN apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Shared volume for builds and installs (will be referenced by the local APT repo)
COPY ./ps-local-repo /usr/local/bin/ps-local-repo
VOLUME /mnt/build
### Repositories configuration and build tools setup
FROM ps-base-image AS build-image
# Contrib and backport repositories are also needed for up to date build tools
RUN awk '/^deb .* (stretch|buster) main/ { print $1" "$2" "$3"-backports main contrib" }' /etc/apt/sources.list > /tmp/docker-tmp
RUN sed -i 's| main$| main contrib|' /etc/apt/sources.list
RUN cat /tmp/docker-tmp >> /etc/apt/sources.list && rm /tmp/docker-tmp
# Building and repository mgmt tools needed for the build
#TODO: Need to change stretch-backport to something that will also work with other distros
RUN apt-get update && apt-get install -y \
git-buildpackage lintian vim
# vim && \
# apt-get -t buster-backports install -y \
# lintian
# Create build user
RUN useradd -d /home/psbuild -G sudo -m -p public -s /bin/bash psbuild
RUN echo "psbuild ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/psbuild
RUN chmod 0440 /etc/sudoers.d/psbuild
# Copy build scripts
COPY ./ps-source-builder /usr/local/bin/ps-source-builder
COPY ./ps-binary-builder /usr/local/bin/ps-binary-builder
# Start systemd
CMD ["/lib/systemd/systemd"]
### Testing image setup
FROM ps-base-image AS test-image
# Copy testing script
COPY ./ps-install-tester /usr/local/bin/ps-install-tester
# Let docker know that pscheduler listens on 443
EXPOSE 443
# Start systemd
CMD ["/lib/systemd/systemd"]