[build] Add option to avoid Docker base image :latest tag (#3124)

Define slave_base_tag_ref variable in Makefile.work containing
specific base image tag to use, rather than always defaulting
to :latest.

Add an ARG command before FROM statement in Dockerfile.user
for sonic-slave and sonic-slave-stretch. ARG variable defaults
to latest if slave_base_tag_ref not specified in Makefile.work.

The presumption to always refer to the :latest tagged Docker base
image when creating the user image causes problems in a shared
build server environment, where the most recently created base
image (i.e. the current :latest tag) may not be compatible with
the current build. For example, different users working in
different branches may all be sharing the same build server.

Signed-off-by: Greg Paussa greg.paussa@broadcom.com

- What I did
Added a DOCKER_AVOID_BASE_TAG_LATEST build option to rules/config that forces the Docker user image creation to refer to its base image by a specific tag rather than rely on the :latest tag. This is needed in a shared build server environment where builds from different developers and/or different SONiC branches all converge on the same Docker daemon instance running on the build server. The :latest tag is always assigned to the most recent base image built, which might not correspond to the base image needed for a particular build, thus causing various build errors that mostly manifest as missing Debian packages or package version mismatches.

NOTE TO REVIEWERS: This PR relies on Docker support of "ARG before FROM," which was first introduced in Docker version 17.05.1-ce. Although there is no mention of a minimum required Docker version for the build server in the SONiC Building Guide pages, please consider whether it is reasonable to assume that Docker 17.05.1-ce or later must be used for SONiC build hosts before approving this PR.

- How I did it
Added an ARG before the FROM statement at the top of the sonic-slave/Dockerfile.user and sonic-slave-stretch/Dockerfile.user files. The ARG variable defaults to latest, but can be overridden in Makefile.work to reference the SLAVE_BASE_TAG so that it refers to the specific, matching base image for the build. This override is activated by un-commenting the DOCKER_AVOID_BASE_TAG_LATEST = y line in rules/config.
This commit is contained in:
Greg Paussa 2019-07-13 15:43:45 -04:00 committed by lguohan
parent 6a99dd81be
commit 48c77f85a1
3 changed files with 19 additions and 8 deletions

View File

@ -42,6 +42,16 @@ ifeq ($(USER), root)
$(error Add your user account to docker group and use your user account to make. root or sudo are not supported!) $(error Add your user account to docker group and use your user account to make. root or sudo are not supported!)
endif endif
# Check for minimum Docker version on build host
# Note: Using the greater of CE (17.05.0) and EE (17.06.1) versions that support ARG before FROM
docker_min := 17.06.1
docker_min_ver := $(shell echo "$(docker_min)" | awk -F. '{printf("%d%03d%03d\n",$$1,$$2,$$3);}' 2>/dev/null)
docker_ver := $(shell docker info 2>/dev/null | grep -i "server version" | cut -d' ' -f3 | awk -F. '{printf("%d%03d%03d\n",$$1,$$2,$$3);}' 2>/dev/null)
docker_is_valid := $(shell if [ $(docker_ver) -lt $(docker_min_ver) ] ; then echo "0"; else echo "1"; fi)
ifeq (0,$(docker_is_valid))
$(error SONiC requires Docker version $(docker_min) or later)
endif
# Remove lock file in case previous run was forcefully stopped # Remove lock file in case previous run was forcefully stopped
$(shell rm -f .screen) $(shell rm -f .screen)
@ -91,21 +101,20 @@ ifeq ($(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD), y)
endif endif
DOCKER_BASE_BUILD = docker build --no-cache \ DOCKER_BASE_BUILD = docker build --no-cache \
-t $(SLAVE_BASE_IMAGE) \ -t $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) \
--build-arg http_proxy=$(http_proxy) \ --build-arg http_proxy=$(http_proxy) \
--build-arg https_proxy=$(https_proxy) \ --build-arg https_proxy=$(https_proxy) \
$(SLAVE_DIR) && \ $(SLAVE_DIR)
docker tag $(SLAVE_BASE_IMAGE):latest $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG)
DOCKER_BUILD = docker build --no-cache \ DOCKER_BUILD = docker build --no-cache \
--build-arg user=$(USER) \ --build-arg user=$(USER) \
--build-arg uid=$(shell id -u) \ --build-arg uid=$(shell id -u) \
--build-arg guid=$(shell id -g) \ --build-arg guid=$(shell id -g) \
--build-arg hostname=$(shell echo $$HOSTNAME) \ --build-arg hostname=$(shell echo $$HOSTNAME) \
-t $(SLAVE_IMAGE) \ --build-arg slave_base_tag_ref=$(SLAVE_BASE_TAG) \
-t $(SLAVE_IMAGE):$(SLAVE_TAG) \
-f $(SLAVE_DIR)/Dockerfile.user \ -f $(SLAVE_DIR)/Dockerfile.user \
$(SLAVE_DIR) && \ $(SLAVE_DIR)
docker tag $(SLAVE_IMAGE):latest $(SLAVE_IMAGE):$(SLAVE_TAG)
SONIC_BUILD_INSTRUCTION := make \ SONIC_BUILD_INSTRUCTION := make \
-f slave.mk \ -f slave.mk \

View File

@ -1,4 +1,5 @@
FROM sonic-slave-stretch-base ARG slave_base_tag_ref=latest
FROM sonic-slave-stretch-base:${slave_base_tag_ref}
# Add user # Add user
ARG user ARG user

View File

@ -1,4 +1,5 @@
FROM sonic-slave-base ARG slave_base_tag_ref=latest
FROM sonic-slave-base:${slave_base_tag_ref}
# Add user # Add user
ARG user ARG user