From c3185466aef4a070a65a48c69ce1432ff9200e37 Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Fri, 18 Dec 2020 01:06:52 +0100 Subject: [PATCH] containers: simplify Dockerfile and container build This changes the following: - Only produce one container. There is no particular benefit to supporting several different base containers, so unify on ubi as that is what we need ourselves. - Build directly from git. Now that the RPM we include in our container does not have any dependencies and only contains a couple of executables, the indirection via RPM has less value. Eventually the value will be reduced even further as we merge the entrypoint into the main binary and move dnf-json into the worker, leaving us with only a go binary. The only potential benefit might be that the build environment of RPMs is more clearly defined, but there is no real reason to believe that our mockbuild is any better than using the UBI golang build container. This simplifies the container builds, and brings us more in line with what is done in image-builder, and what is needed to deploy to openshift. --- containers/osbuild-composer/Dockerfile | 71 -------------------------- distribution/Dockerfile-ubi | 18 +++++++ schutzbot/containerbuild.sh | 60 +++------------------- 3 files changed, 24 insertions(+), 125 deletions(-) delete mode 100644 containers/osbuild-composer/Dockerfile create mode 100644 distribution/Dockerfile-ubi diff --git a/containers/osbuild-composer/Dockerfile b/containers/osbuild-composer/Dockerfile deleted file mode 100644 index d67fb365b..000000000 --- a/containers/osbuild-composer/Dockerfile +++ /dev/null @@ -1,71 +0,0 @@ -# -# osbuild-composer - Containerized OSBuild Composer -# -# This container provides a minimal fedora image with the osbuild-composer -# application installed and configured as default entrypoint. -# -# Build Arguments: -# -# * OSB_FROM -# This specifies the host image to use. It must be an RPM-based -# distribution image with all osbuild-composer requirements -# pre-installed. -# -# Example: "docker.io/library/fedora:latest" -# -# * OSB_RPMREPO -# Base URL of an RPM repository from which to install osbuild-composer -# from. -# -# Example: "https://dl01.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/" -# - -# Image arguments must be imported before `FROM`. -ARG OSB_FROM="docker.io/library/fedora:latest" - -# Prepare our host environment. -FROM "${OSB_FROM}" AS base - -# Import build parameters. -ARG OSB_RPMREPO="https://dl01.fedoraproject.org/pub/fedora/linux/releases/\$releasever/Everything/\$basearch/os/" - -# Create our state directory and use it as anchor. -WORKDIR "/var/lib/osb" - -# Create and switch into our src directory, which we use as temporary storage -# for all sources during the install. -WORKDIR "./src" - -# Install all global dependencies. -RUN \ - dnf \ - -y \ - "--repofrompath=ephemeral0,${OSB_RPMREPO}" \ - "--setopt=ephemeral0.gpgcheck=0" \ - "--setopt=ephemeral0.priority=10" \ - install "osbuild-composer-core" \ - && dnf clean all - -# Copy all our local sources, so we can access them from within the container -# build. They will be cleaned in a later step. -COPY "." "." - -# Prepare the runtime configuration and state. -RUN mkdir -p "../bin" -RUN mkdir -p "/etc/osbuild-composer/" -RUN mkdir -p "/run/osbuild-composer/" -RUN mkdir -p "/run/weldr/" -RUN mkdir -p "/var/cache/osbuild-composer/" -RUN mkdir -p "/var/cache/osbuild-worker/" -RUN mkdir -p "/var/lib/osbuild-composer/" - -# Install all required sources into the persistent directory. -RUN cp "entrypoint.py" "../bin/" - -# Leave and delete our temporary source directory. -WORKDIR ".." -RUN rm -rf "./src" - -# Prepare the runtime entrypoint and empty working directory. -WORKDIR "./workdir" -ENTRYPOINT ["python3", "../bin/entrypoint.py"] diff --git a/distribution/Dockerfile-ubi b/distribution/Dockerfile-ubi new file mode 100644 index 000000000..248fa07d4 --- /dev/null +++ b/distribution/Dockerfile-ubi @@ -0,0 +1,18 @@ +FROM registry.access.redhat.com/ubi8/go-toolset:latest AS builder +COPY . . +ENV GOFLAGS=-mod=vendor +RUN go install ./cmd/osbuild-composer/ + +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +RUN microdnf install python3 +RUN mkdir -p "/usr/libexec/osbuild-composer" +RUN mkdir -p "/etc/osbuild-composer/" +RUN mkdir -p "/run/osbuild-composer/" +RUN mkdir -p "/var/cache/osbuild-composer/" +RUN mkdir -p "/var/lib/osbuild-composer/" +COPY --from=builder /opt/app-root/src/go/bin/osbuild-composer /usr/libexec/osbuild-composer/ +COPY ./containers/osbuild-composer/entrypoint.py /opt/entrypoint.py +COPY ./dnf-json /usr/libexec/osbuild-composer/ + +EXPOSE 443 8700 +ENTRYPOINT ["python3", "/opt/entrypoint.py", "--remote-worker-api", "--composer-api"] diff --git a/schutzbot/containerbuild.sh b/schutzbot/containerbuild.sh index 47c1771b6..e3179be81 100755 --- a/schutzbot/containerbuild.sh +++ b/schutzbot/containerbuild.sh @@ -2,68 +2,20 @@ set -euo pipefail -# Query host information. echo "Query host" -ARCH=$(uname -m) COMMIT=$(git rev-parse HEAD) -# Populate our build matrix. -IMG_TAGS=( - "quay.io/osbuild/osbuild-composer:f32-${COMMIT}" - "quay.io/osbuild/osbuild-composer:f33-${COMMIT}" - "quay.io/osbuild/osbuild-composer:ubi8-${COMMIT}" -) -IMG_PATHS=( - "./containers/osbuild-composer/" - "./containers/osbuild-composer/" - "./containers/osbuild-composer/" -) -IMG_FROMS=( - "docker.io/library/fedora:32" - "docker.io/library/fedora:33" - "registry.access.redhat.com/ubi8" -) -IMG_RPMREPOS=( - "http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com/osbuild-composer/fedora-32/${ARCH}/${COMMIT}" - "http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com/osbuild-composer/fedora-33/${ARCH}/${COMMIT}" - "http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com/osbuild-composer/rhel-8.3/${ARCH}/${COMMIT}" -) -IMG_COUNT=${#IMG_TAGS[*]} - - -# Prepare host system. echo "Prepare host system" sudo dnf -y install podman -# Build the entire matrix. -echo "Build containers" +echo "Build container" -for ((i=0; i