sonic-buildimage/sonic-slave-stretch/Dockerfile.user
Greg Paussa 48c77f85a1 [build] Add option to avoid Docker base image :latest tag (#3124)
Define slave_base_tag_ref variable in Makefile.work containing
specific base image tag to use, rather than always defaulting
to :latest.

Add an ARG command before FROM statement in Dockerfile.user
for sonic-slave and sonic-slave-stretch. ARG variable defaults
to latest if slave_base_tag_ref not specified in Makefile.work.

The presumption to always refer to the :latest tagged Docker base
image when creating the user image causes problems in a shared
build server environment, where the most recently created base
image (i.e. the current :latest tag) may not be compatible with
the current build. For example, different users working in
different branches may all be sharing the same build server.

Signed-off-by: Greg Paussa greg.paussa@broadcom.com

- What I did
Added a DOCKER_AVOID_BASE_TAG_LATEST build option to rules/config that forces the Docker user image creation to refer to its base image by a specific tag rather than rely on the :latest tag. This is needed in a shared build server environment where builds from different developers and/or different SONiC branches all converge on the same Docker daemon instance running on the build server. The :latest tag is always assigned to the most recent base image built, which might not correspond to the base image needed for a particular build, thus causing various build errors that mostly manifest as missing Debian packages or package version mismatches.

NOTE TO REVIEWERS: This PR relies on Docker support of "ARG before FROM," which was first introduced in Docker version 17.05.1-ce. Although there is no mention of a minimum required Docker version for the build server in the SONiC Building Guide pages, please consider whether it is reasonable to assume that Docker 17.05.1-ce or later must be used for SONiC build hosts before approving this PR.

- How I did it
Added an ARG before the FROM statement at the top of the sonic-slave/Dockerfile.user and sonic-slave-stretch/Dockerfile.user files. The ARG variable defaults to latest, but can be overridden in Makefile.work to reference the SLAVE_BASE_TAG so that it refers to the specific, matching base image for the build. This override is activated by un-commenting the DOCKER_AVOID_BASE_TAG_LATEST = y line in rules/config.
2019-07-13 12:43:45 -07:00

31 lines
677 B
Docker

ARG slave_base_tag_ref=latest
FROM sonic-slave-stretch-base:${slave_base_tag_ref}
# Add user
ARG user
ARG uid
ARG guid
ARG hostname
ENV BUILD_HOSTNAME $hostname
ENV USER $user
RUN groupadd -f -r -g $guid g$user
RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash
RUN gpasswd -a $user docker
# Config git for stg
RUN su $user -c "git config --global user.name $user"
RUN su $user -c "git config --global user.email $user@contoso.com"
COPY sonic-jenkins-id_rsa.pub /var/$user/.ssh/authorized_keys2
RUN chown $user /var/$user/.ssh -R
RUN chmod go= /var/$user/.ssh -R
# Add user to sudoers
RUN echo "$user ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers
USER $user