[sonic-slave]: Split user commands from generic. (#868)
In case when more than one user builds SONiC on same machine, we can keep generic part that installs all packages to slave image apart from creating user and calling user-related commands. Then generic base image will be built only once, allowing other users to build only smaller specific to them layers. Signed-off-by: marian-pritsak <marianp@mellanox.com>
This commit is contained in:
parent
97e4360d9b
commit
afbf1ee2fb
19
Makefile
19
Makefile
@ -12,7 +12,9 @@ $(shell rm -f .screen)
|
|||||||
|
|
||||||
MAKEFLAGS += -B
|
MAKEFLAGS += -B
|
||||||
|
|
||||||
SLAVE_TAG = $(shell shasum sonic-slave/Dockerfile | awk '{print substr($$1,0,11);}')
|
SLAVE_BASE_TAG = $(shell shasum sonic-slave/Dockerfile | awk '{print substr($$1,0,11);}')
|
||||||
|
SLAVE_TAG = $(shell shasum sonic-slave/Dockerfile.user | awk '{print substr($$1,0,11);}')
|
||||||
|
SLAVE_BASE_IMAGE = sonic-slave-base
|
||||||
SLAVE_IMAGE = sonic-slave-$(USER)
|
SLAVE_IMAGE = sonic-slave-$(USER)
|
||||||
|
|
||||||
DOCKER_RUN := docker run --rm=true --privileged \
|
DOCKER_RUN := docker run --rm=true --privileged \
|
||||||
@ -20,12 +22,18 @@ DOCKER_RUN := docker run --rm=true --privileged \
|
|||||||
-w /sonic \
|
-w /sonic \
|
||||||
-i$(if $(TERM),t,)
|
-i$(if $(TERM),t,)
|
||||||
|
|
||||||
|
DOCKER_BASE_BUILD = docker build --no-cache \
|
||||||
|
-t $(SLAVE_BASE_IMAGE) \
|
||||||
|
sonic-slave && \
|
||||||
|
docker tag $(SLAVE_BASE_IMAGE):latest $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG)
|
||||||
|
|
||||||
DOCKER_BUILD = docker build --no-cache \
|
DOCKER_BUILD = docker build --no-cache \
|
||||||
--build-arg user=$(USER) \
|
--build-arg user=$(USER) \
|
||||||
--build-arg uid=$(shell id -u) \
|
--build-arg uid=$(shell id -u) \
|
||||||
--build-arg guid=$(shell id -g) \
|
--build-arg guid=$(shell id -g) \
|
||||||
--build-arg hostname=$(shell echo $$HOSTNAME) \
|
--build-arg hostname=$(shell echo $$HOSTNAME) \
|
||||||
-t $(SLAVE_IMAGE) \
|
-t $(SLAVE_IMAGE) \
|
||||||
|
-f sonic-slave/Dockerfile.user \
|
||||||
sonic-slave && \
|
sonic-slave && \
|
||||||
docker tag $(SLAVE_IMAGE):latest $(SLAVE_IMAGE):$(SLAVE_TAG)
|
docker tag $(SLAVE_IMAGE):latest $(SLAVE_IMAGE):$(SLAVE_TAG)
|
||||||
|
|
||||||
@ -34,6 +42,9 @@ DOCKER_BUILD = docker build --no-cache \
|
|||||||
.DEFAULT_GOAL := all
|
.DEFAULT_GOAL := all
|
||||||
|
|
||||||
%::
|
%::
|
||||||
|
@docker inspect --type image $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) &> /dev/null || \
|
||||||
|
{ echo Image $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) not found. Building... ; \
|
||||||
|
$(DOCKER_BASE_BUILD) ; }
|
||||||
@docker inspect --type image $(SLAVE_IMAGE):$(SLAVE_TAG) &> /dev/null || \
|
@docker inspect --type image $(SLAVE_IMAGE):$(SLAVE_TAG) &> /dev/null || \
|
||||||
{ echo Image $(SLAVE_IMAGE):$(SLAVE_TAG) not found. Building... ; \
|
{ echo Image $(SLAVE_IMAGE):$(SLAVE_TAG) not found. Building... ; \
|
||||||
$(DOCKER_BUILD) ; }
|
$(DOCKER_BUILD) ; }
|
||||||
@ -49,9 +60,13 @@ DOCKER_BUILD = docker build --no-cache \
|
|||||||
$@
|
$@
|
||||||
|
|
||||||
sonic-slave-build :
|
sonic-slave-build :
|
||||||
@$(DOCKER_BUILD)
|
$(DOCKER_BASE_BUILD)
|
||||||
|
$(DOCKER_BUILD)
|
||||||
|
|
||||||
sonic-slave-bash :
|
sonic-slave-bash :
|
||||||
|
@docker inspect --type image $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) &> /dev/null || \
|
||||||
|
{ echo Image $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) not found. Building... ; \
|
||||||
|
$(DOCKER_BASE_BUILD) ; }
|
||||||
@docker inspect --type image $(SLAVE_IMAGE):$(SLAVE_TAG) &> /dev/null || \
|
@docker inspect --type image $(SLAVE_IMAGE):$(SLAVE_TAG) &> /dev/null || \
|
||||||
{ echo Image $(SLAVE_IMAGE):$(SLAVE_TAG) not found. Building... ; \
|
{ echo Image $(SLAVE_IMAGE):$(SLAVE_TAG) not found. Building... ; \
|
||||||
$(DOCKER_BUILD) ; }
|
$(DOCKER_BUILD) ; }
|
||||||
|
@ -254,31 +254,3 @@ RUN add-apt-repository \
|
|||||||
RUN apt-get update
|
RUN apt-get update
|
||||||
RUN apt-get install -y docker-ce=17.03.2~ce-0~debian-jessie
|
RUN apt-get install -y docker-ce=17.03.2~ce-0~debian-jessie
|
||||||
RUN echo "DOCKER_OPTS=\"--experimental\"" >> /etc/default/docker
|
RUN echo "DOCKER_OPTS=\"--experimental\"" >> /etc/default/docker
|
||||||
|
|
||||||
# Add user
|
|
||||||
ARG user
|
|
||||||
ARG uid
|
|
||||||
ARG guid
|
|
||||||
ARG hostname
|
|
||||||
|
|
||||||
ENV BUILD_HOSTNAME $hostname
|
|
||||||
ENV USER $user
|
|
||||||
|
|
||||||
RUN groupadd -f -r -g $guid g$user
|
|
||||||
|
|
||||||
RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash
|
|
||||||
|
|
||||||
RUN gpasswd -a $user docker
|
|
||||||
|
|
||||||
# Config git for stg
|
|
||||||
RUN su $user -c "git config --global user.name $user"
|
|
||||||
RUN su $user -c "git config --global user.email $user@contoso.com"
|
|
||||||
|
|
||||||
COPY sonic-jenkins-id_rsa.pub /var/$user/.ssh/authorized_keys2
|
|
||||||
RUN chown $user /var/$user/.ssh -R
|
|
||||||
RUN chmod go= /var/$user/.ssh -R
|
|
||||||
|
|
||||||
# Add user to sudoers
|
|
||||||
RUN echo "$user ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers
|
|
||||||
|
|
||||||
USER $user
|
|
||||||
|
29
sonic-slave/Dockerfile.user
Normal file
29
sonic-slave/Dockerfile.user
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
FROM sonic-slave-base
|
||||||
|
|
||||||
|
# Add user
|
||||||
|
ARG user
|
||||||
|
ARG uid
|
||||||
|
ARG guid
|
||||||
|
ARG hostname
|
||||||
|
|
||||||
|
ENV BUILD_HOSTNAME $hostname
|
||||||
|
ENV USER $user
|
||||||
|
|
||||||
|
RUN groupadd -f -r -g $guid g$user
|
||||||
|
|
||||||
|
RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash
|
||||||
|
|
||||||
|
RUN gpasswd -a $user docker
|
||||||
|
|
||||||
|
# Config git for stg
|
||||||
|
RUN su $user -c "git config --global user.name $user"
|
||||||
|
RUN su $user -c "git config --global user.email $user@contoso.com"
|
||||||
|
|
||||||
|
COPY sonic-jenkins-id_rsa.pub /var/$user/.ssh/authorized_keys2
|
||||||
|
RUN chown $user /var/$user/.ssh -R
|
||||||
|
RUN chmod go= /var/$user/.ssh -R
|
||||||
|
|
||||||
|
# Add user to sudoers
|
||||||
|
RUN echo "$user ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers
|
||||||
|
|
||||||
|
USER $user
|
Loading…
Reference in New Issue
Block a user