From 3f138e899cc9a507d2a3d66921149fa7f0bfb6f5 Mon Sep 17 00:00:00 2001 From: Joe LeVeque Date: Wed, 30 Jan 2019 23:05:52 -0800 Subject: [PATCH] Define a base Docker image and config-engine docker image based on Debian Stretch (#2076) * Build a Docker base image based on Debian Stretch * Build a config-engine Docker image based on Stretch * Do not install socat from Debian repo * Add changes that were made to docker-base since this PR was opened --- .gitignore | 2 + dockers/docker-base-stretch/Dockerfile.j2 | 79 +++++++++++++++++++ dockers/docker-base-stretch/LICENSE | 13 +++ dockers/docker-base-stretch/dpkg_01_drop | 22 ++++++ dockers/docker-base-stretch/etc/rsyslog.conf | 69 ++++++++++++++++ .../etc/rsyslog.d/supervisor.conf | 9 +++ .../etc/supervisor/supervisord.conf | 33 ++++++++ .../no_install_recommend_suggest | 5 ++ dockers/docker-base-stretch/root/.vimrc | 2 + dockers/docker-base-stretch/sources.list | 8 ++ .../Dockerfile.j2 | 47 +++++++++++ rules/docker-base-stretch.mk | 18 +++++ rules/docker-config-engine-stretch.mk | 8 ++ 13 files changed, 315 insertions(+) create mode 100644 dockers/docker-base-stretch/Dockerfile.j2 create mode 100644 dockers/docker-base-stretch/LICENSE create mode 100644 dockers/docker-base-stretch/dpkg_01_drop create mode 100644 dockers/docker-base-stretch/etc/rsyslog.conf create mode 100644 dockers/docker-base-stretch/etc/rsyslog.d/supervisor.conf create mode 100644 dockers/docker-base-stretch/etc/supervisor/supervisord.conf create mode 100644 dockers/docker-base-stretch/no_install_recommend_suggest create mode 100644 dockers/docker-base-stretch/root/.vimrc create mode 100644 dockers/docker-base-stretch/sources.list create mode 100644 dockers/docker-config-engine-stretch/Dockerfile.j2 create mode 100644 rules/docker-base-stretch.mk create mode 100644 rules/docker-config-engine-stretch.mk diff --git a/.gitignore b/.gitignore index fb7ccac93d..e75c54cd42 100644 --- a/.gitignore +++ b/.gitignore @@ -47,7 +47,9 @@ src/thrift/* # Autogenerated Dockerfiles dockers/docker-base/Dockerfile +dockers/docker-base-stretch/Dockerfile dockers/docker-config-engine/Dockerfile +dockers/docker-config-engine-stretch/Dockerfile dockers/docker-database/Dockerfile dockers/docker-dhcp-relay/Dockerfile dockers/docker-fpm-frr/Dockerfile diff --git a/dockers/docker-base-stretch/Dockerfile.j2 b/dockers/docker-base-stretch/Dockerfile.j2 new file mode 100644 index 0000000000..eafbad8e6a --- /dev/null +++ b/dockers/docker-base-stretch/Dockerfile.j2 @@ -0,0 +1,79 @@ +FROM debian:stretch + +# Clean documentation in FROM image +RUN find /usr/share/doc -depth \( -type f -o -type l \) ! -name copyright | xargs rm || true + +# Clean doc directories that are empty or only contain empty directories +RUN while [ -n "$(find /usr/share/doc -depth -type d -empty -print -exec rmdir {} +)" ]; do :; done +RUN rm -rf \ + /usr/share/man/* \ + /usr/share/groff/* \ + /usr/share/info/* \ + /usr/share/lintian/* \ + /usr/share/linda/* \ + /var/cache/man/* \ + /usr/share/locale/* + +# Make apt-get non-interactive +ENV DEBIAN_FRONTEND=noninteractive + +# Configure data sources for apt/dpkg +COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"] +COPY ["sources.list", "/etc/apt/sources.list"] +COPY ["no_install_recommend_suggest", "/etc/apt/apt.conf.d"] +RUN apt-get update + +# Pre-install fundamental packages +RUN apt-get -y install \ + less \ + perl \ + procps \ + python \ + rsyslog \ + vim-tiny + +COPY ["etc/rsyslog.conf", "/etc/rsyslog.conf"] +COPY ["etc/rsyslog.d/*", "/etc/rsyslog.d/"] +COPY ["root/.vimrc", "/root/.vimrc"] + +# Install dependencies of supervisor +RUN apt-get -y install python-pkg-resources python-meld3 + +RUN mkdir -p /etc/supervisor +RUN mkdir -p /var/log/supervisor + +COPY ["etc/supervisor/supervisord.conf", "/etc/supervisor/"] + +RUN apt-get -y purge \ + exim4 \ + exim4-base \ + exim4-config \ + exim4-daemon-light + +{% if docker_base_stretch_debs.strip() -%} +# Copy built Debian packages +{%- for deb in docker_base_stretch_debs.split(' ') %} +COPY debs/{{ deb }} debs/ +{%- endfor %} + +# Install built Debian packages and implicitly install their dependencies +{%- for deb in docker_base_stretch_debs.split(' ') %} +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt debs/{{ deb }} +{%- endfor %} +{%- endif %} + +{% if docker_base_stretch_dbgs.strip() -%} +# Install common debug-packages +{%- for dbg_pkg in docker_base_stretch_dbgs.split(' ') %} +RUN apt-get -y install {{ dbg_pkg }} +{%- endfor %} +{% else %} +RUN ln /usr/bin/vim.tiny /usr/bin/vim +{%- endif %} + +# Clean up apt +# Remove /var/lib/apt/lists/*, could be obsoleted for derived images +RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y +RUN rm -rf /var/lib/apt/lists/* + +RUN rm -rf /tmp/* diff --git a/dockers/docker-base-stretch/LICENSE b/dockers/docker-base-stretch/LICENSE new file mode 100644 index 0000000000..03d8f31e51 --- /dev/null +++ b/dockers/docker-base-stretch/LICENSE @@ -0,0 +1,13 @@ +Copyright 2016 Microsoft, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/dockers/docker-base-stretch/dpkg_01_drop b/dockers/docker-base-stretch/dpkg_01_drop new file mode 100644 index 0000000000..e75ef31471 --- /dev/null +++ b/dockers/docker-base-stretch/dpkg_01_drop @@ -0,0 +1,22 @@ +## Drop unnecessary files +## ref: https://wiki.ubuntu.com/ReducingDiskFootprint + +## Documentation +path-exclude /usr/share/doc/* +# we need to keep copyright files for legal reasons +path-include /usr/share/doc/*/copyright +path-exclude /usr/share/man/* +path-exclude /usr/share/groff/* +path-exclude /usr/share/info/* +# lintian stuff is small, but really unnecessary +path-exclude /usr/share/lintian/* +path-exclude /usr/share/linda/* + +## Translations +path-exclude /usr/share/locale/* + +## Landscape +path-exclude /usr/share/pyshared/twisted/test* +path-exclude /usr/lib/python*/dist-packages/twisted/test* +path-exclude /usr/share/pyshared/twisted/*/test* +path-exclude /usr/lib/python*/dist-packages/twisted/*/test* diff --git a/dockers/docker-base-stretch/etc/rsyslog.conf b/dockers/docker-base-stretch/etc/rsyslog.conf new file mode 100644 index 0000000000..40c7463afa --- /dev/null +++ b/dockers/docker-base-stretch/etc/rsyslog.conf @@ -0,0 +1,69 @@ +# +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +#$ModLoad imklog # provides kernel logging support +#$ModLoad immark # provides --MARK-- message capability + +# provides UDP syslog reception +#$ModLoad imudp +#$UDPServerRun 514 + +# provides TCP syslog reception +#$ModLoad imtcp +#$InputTCPServerRun 514 + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# Set remote syslog server +template (name="ForwardFormatInContainer" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%") +*.* action(type="omfwd" target="127.0.0.1" port="514" protocol="udp" Template="ForwardFormatInContainer") + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# Define a custom template +$template SONiCFileFormat,"%TIMESTAMP%.%timestamp:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" +$ActionFileDefaultTemplate SONiCFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + +# +# Suppress duplicate messages and report "message repeated n times" +# +$RepeatedMsgReduction on + +############### +#### RULES #### +############### diff --git a/dockers/docker-base-stretch/etc/rsyslog.d/supervisor.conf b/dockers/docker-base-stretch/etc/rsyslog.d/supervisor.conf new file mode 100644 index 0000000000..7c7a64d7af --- /dev/null +++ b/dockers/docker-base-stretch/etc/rsyslog.d/supervisor.conf @@ -0,0 +1,9 @@ +$ModLoad imfile + +$InputFileName /var/log/supervisor/supervisord.log +$InputFileTag supervisord +$InputFileStateFile state-supervisor +$InputFileSeverity info +$InputFileFacility local0 +$InputFilePersistStateInterval 1 +$InputRunFileMonitor diff --git a/dockers/docker-base-stretch/etc/supervisor/supervisord.conf b/dockers/docker-base-stretch/etc/supervisor/supervisord.conf new file mode 100644 index 0000000000..351cc06fc0 --- /dev/null +++ b/dockers/docker-base-stretch/etc/supervisor/supervisord.conf @@ -0,0 +1,33 @@ +; supervisor config file + +[unix_http_server] +file=/var/run/supervisor.sock ; (the path to the socket file) +chmod=0700 ; sockef file mode (default 0700) +username=dummy +password=dummy + +[supervisord] +logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) +pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) +user=root + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket +username=dummy +password=dummy + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = /etc/supervisor/conf.d/*.conf diff --git a/dockers/docker-base-stretch/no_install_recommend_suggest b/dockers/docker-base-stretch/no_install_recommend_suggest new file mode 100644 index 0000000000..b5bca577de --- /dev/null +++ b/dockers/docker-base-stretch/no_install_recommend_suggest @@ -0,0 +1,5 @@ +# Instruct apt-get to NOT install "recommended" or "suggested" packages by +# default when installing a package. + +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/dockers/docker-base-stretch/root/.vimrc b/dockers/docker-base-stretch/root/.vimrc new file mode 100644 index 0000000000..5c1ba8a04f --- /dev/null +++ b/dockers/docker-base-stretch/root/.vimrc @@ -0,0 +1,2 @@ +" enable vim features +set nocompatible diff --git a/dockers/docker-base-stretch/sources.list b/dockers/docker-base-stretch/sources.list new file mode 100644 index 0000000000..b1ce507a44 --- /dev/null +++ b/dockers/docker-base-stretch/sources.list @@ -0,0 +1,8 @@ +## Debian mirror on Microsoft Azure +## Ref: http://debian-archive.trafficmanager.net/ + +deb http://debian-archive.trafficmanager.net/debian/ stretch main contrib non-free +deb-src http://debian-archive.trafficmanager.net/debian/ stretch main contrib non-free +deb http://debian-archive.trafficmanager.net/debian-security/ stretch/updates main contrib non-free +deb-src http://debian-archive.trafficmanager.net/debian-security/ stretch/updates main contrib non-free +deb http://debian-archive.trafficmanager.net/debian/ stretch-backports main contrib non-free diff --git a/dockers/docker-config-engine-stretch/Dockerfile.j2 b/dockers/docker-config-engine-stretch/Dockerfile.j2 new file mode 100644 index 0000000000..3fe8f4d3e1 --- /dev/null +++ b/dockers/docker-config-engine-stretch/Dockerfile.j2 @@ -0,0 +1,47 @@ +FROM docker-base-stretch + +## Make apt-get non-interactive +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update + +# Dependencies for sonic-cfggen +RUN apt-get install -y python-lxml python-yaml python-bitarray python-pip python-dev python-natsort python-setuptools + +RUN pip install --upgrade pip + +RUN pip install netaddr ipaddr jinja2 pyangbind==0.5.10 + +{% if docker_config_engine_stretch_debs.strip() %} +COPY \ +{% for deb in docker_config_engine_stretch_debs.split(' ') -%} +debs/{{ deb }}{{' '}} +{%- endfor -%} +debs/ +{%- endif -%} + +{% if docker_config_engine_stretch_debs.strip() %} +RUN dpkg -i \ +{% for deb in docker_config_engine_stretch_debs.split(' ') -%} +debs/{{ deb }}{{' '}} +{%- endfor %} +{%- endif -%} + +{% if docker_config_engine_stretch_whls.strip() %} +COPY \ +{% for whl in docker_config_engine_stretch_whls.split(' ') -%} +python-wheels/{{ whl }}{{' '}} +{%- endfor -%} +python-wheels/ +{%- endif -%} + +{% if docker_config_engine_stretch_whls.strip() %} +RUN pip install \ +{% for whl in docker_config_engine_stretch_whls.split(' ') -%} +python-wheels/{{ whl }}{{' '}} +{%- endfor %} +{%- endif -%} + +## Clean up +RUN apt-get remove -y python-pip python-dev; apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y +RUN rm -rf /debs /python-wheels diff --git a/rules/docker-base-stretch.mk b/rules/docker-base-stretch.mk new file mode 100644 index 0000000000..f894ec30f5 --- /dev/null +++ b/rules/docker-base-stretch.mk @@ -0,0 +1,18 @@ +# Docker base image (based on Debian Stretch) + +DOCKER_BASE_STRETCH = docker-base-stretch.gz +$(DOCKER_BASE_STRETCH)_PATH = $(DOCKERS_PATH)/docker-base-stretch +$(DOCKER_BASE_STRETCH)_DEPENDS += $(SUPERVISOR) +$(DOCKER_BASE_STRETCH)_DEPENDS += $(SOCAT) + +ifeq ($(INSTALL_DEBUG_TOOLS),y) +GDB = gdb +GDBSERVER = gdbserver +VIM = vim +OPENSSH = openssh-client +SSHPASS = sshpass +STRACE = strace +$(DOCKER_BASE_STRETCH)_DBG_PACKAGES += $(GDB) $(GDBSERVER) $(VIM) $(OPENSSH) $(SSHPASS) $(STRACE) +endif + +SONIC_DOCKER_IMAGES += $(DOCKER_BASE_STRETCH) diff --git a/rules/docker-config-engine-stretch.mk b/rules/docker-config-engine-stretch.mk new file mode 100644 index 0000000000..bfded68081 --- /dev/null +++ b/rules/docker-config-engine-stretch.mk @@ -0,0 +1,8 @@ +# docker image for sonic config engine + +DOCKER_CONFIG_ENGINE_STRETCH = docker-config-engine-stretch.gz +$(DOCKER_CONFIG_ENGINE_STRETCH)_PATH = $(DOCKERS_PATH)/docker-config-engine-stretch +$(DOCKER_CONFIG_ENGINE_STRETCH)_PYTHON_WHEELS += $(SWSSSDK_PY2) +$(DOCKER_CONFIG_ENGINE_STRETCH)_PYTHON_WHEELS += $(SONIC_CONFIG_ENGINE) +$(DOCKER_CONFIG_ENGINE_STRETCH)_LOAD_DOCKERS += $(DOCKER_BASE_STRETCH) +SONIC_DOCKER_IMAGES += $(DOCKER_CONFIG_ENGINE_STRETCH)