-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathDockerfile
More file actions
244 lines (206 loc) · 8.23 KB
/
Dockerfile
File metadata and controls
244 lines (206 loc) · 8.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
# Dockerfile for bes_core images
# This Dockerfile is intended to build a base image that will be used to build
# subsequent images for our production BES/Hyrax images. The build process is
# split into two stages, with the first stage building the BES and the second
# stage copying over the built BES and its dependencies to a slimmer base image.
ARG BUILDER_BASE_IMAGE
ARG FINAL_BASE_IMAGE
FROM ${BUILDER_BASE_IMAGE:-"rockylinux:8"} AS builder
# Sanity check that the required build argument is provided and non-empty, evn
# though a default value is provided above. We want to enforce that the value is
# always specified.
ARG BUILDER_BASE_IMAGE
RUN if [ -z "$BUILDER_BASE_IMAGE" ]; then \
echo "Error: Non-empty BUILDER_BASE_IMAGE must be specified. Exiting."; \
exit 1; \
fi
ENV BES_USER="bes_user"
ENV USER_ID=101
RUN yum update -y \
&& dnf install sudo -y \
&& dnf clean all
RUN useradd \
--user-group \
--comment "BES daemon" \
--uid ${USER_ID} \
$BES_USER \
&& echo $BES_USER ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$BES_USER
USER $BES_USER
WORKDIR "/home/$BES_USER"
# Start bes build process
ARG CONFIGURE_OPTIONS
ARG BES_BUILD_NUMBER
ENV PREFIX="/"
ENV DEPS_PREFIX="/root/install"
ENV PATH="$PREFIX/bin:$DEPS_PREFIX/deps/bin:$PATH"
ENV CPPFLAGS="-I/usr/include/tirpc"
ENV LDFLAGS="-ltirpc"
ENV LD_LIBRARY_PATH="$DEPS_PREFIX/deps/lib"
# Install the latest hyrax dependencies
ARG HYRAX_DEPENDENCIES_TARBALL
RUN --mount=from=aws_downloads,target=/tmp_mounted \
sudo tar -C "/root" -xzvf "/tmp_mounted/$HYRAX_DEPENDENCIES_TARBALL"
# Install the libdap rpms
ARG LIBDAP_RPM_FILENAME
ARG LIBDAP_DEVEL_RPM_FILENAME
RUN --mount=from=aws_downloads,target=/tmp_mounted \
echo "Installing libdap snapshot rpms: $LIBDAP_RPM_FILENAME, $LIBDAP_DEVEL_RPM_FILENAME" \
&& sudo dnf -y install "/tmp_mounted/$LIBDAP_RPM_FILENAME" \
&& sudo dnf -y install "/tmp_mounted/$LIBDAP_DEVEL_RPM_FILENAME"
# To debug what has been installed, use
# rpm -ql "$PREFIX/rpmbuild/${LIBDAP_RPM_FILENAME}"
RUN sudo chown -R $BES_USER:$BES_USER $DEPS_PREFIX \
&& sudo chmod o+x /root
# Build the BES
COPY . ./bes
RUN sudo chown -R $BES_USER:$BES_USER bes
WORKDIR bes
RUN autoreconf -fiv
RUN echo "Sanity check: CPPFLAGS=$CPPFLAGS LDFLAGS=$LDFLAGS prefix=$PREFIX" \
&& ./configure --disable-dependency-tracking \
--with-dependencies="$DEPS_PREFIX/deps" \
--prefix="$PREFIX" $CONFIGURE_OPTIONS \
--with-build=$BES_BUILD_NUMBER
RUN make -j$(nproc --ignore=1)
RUN sudo make install
# Clean up extraneous files; do it in this stage so we don't pull them over
# at the next stage
RUN sudo rm $PREFIX/lib/bes/*.a \
&& sudo rm $PREFIX/lib/bes/*.la
# Test time! We need the besdaemon to be running while we do this, so that
# we hit all the tests. In order to run the daemon, we need to update some
# permissions.
# First, support user $BES_USER running the daemon...
RUN sudo setfacl -R -m u:$BES_USER:rwx $PREFIX/var \
&& sudo setfacl -R -m u:$BES_USER:rwx $PREFIX/run \
&& sudo chown -R $BES_USER:$BES_USER $PREFIX/share/mds \
&& sudo sed -i.dist \
-e 's:=user_name:='"$BES_USER"':' \
-e 's:=group_name:='"$BES_USER"':' \
/etc/bes/bes.conf \
&& sudo touch "/var/bes.log" \
&& sudo chown -R $BES_USER:$BES_USER "/var/bes.log" \
&& echo "okay, ready to run tests"
# ...next, the daemon has to be started as root.
RUN sudo -s --preserve-env=PATH besctl start
# ...now run the tests.
ARG DIST
ENV DIST=${DIST:-el8}
RUN if [ "$DIST" == "el9" ]; then \
echo "# Warning: Skipping make check because of undiagnosed el9 errors; ref https://github.com/OPENDAP/bes/issues/1299"; \
else \
make check -j$(nproc --ignore=1); \
fi
# ...and turn off the besdaemon. We want to turn this on/off regardless of
# whether we run the tests
RUN sudo -s --preserve-env=PATH besctl stop
RUN cat libdap4-snapshot | cut -d ' ' -f 1 | sed 's/libdap4-//' > libdap_VERSION
#####
##### Final layer: libdap + hyrax-dependencies + bes
#####
FROM ${FINAL_BASE_IMAGE:-rockylinux:8} AS bes_core
ARG FINAL_BASE_IMAGE
RUN if [ -z "$FINAL_BASE_IMAGE" ]; then \
echo "Error: Non-empty FINAL_BASE_IMAGE must be specified. Exiting."; \
exit 1; \
fi
# Duplicated from installation above, this time on a slimmer base image...
# Install the libdap rpms
ARG LIBDAP_RPM_FILENAME
RUN --mount=from=aws_downloads,target=/tmp_mounted \
yum update -y \
&& dnf install sudo which procps libicu acl chkconfig -y \
&& echo "Installing libdap snapshot rpms: $LIBDAP_RPM_FILENAME" \
&& dnf -y install "/tmp_mounted/$LIBDAP_RPM_FILENAME" \
&& dnf clean all
ENV BES_USER="bes_user"
ENV USER_ID=101
ENV PREFIX="/"
ENV DEPS_PREFIX="/root/install"
ENV PATH="$PREFIX/bin:$DEPS_PREFIX/deps/bin:$PATH"
RUN useradd \
--user-group \
--comment "BES daemon" \
--uid ${USER_ID} \
$BES_USER \
&& echo $BES_USER ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$BES_USER
# Install the latest hyrax dependencies
ARG HYRAX_DEPENDENCIES_TARBALL
RUN --mount=from=aws_downloads,target=/tmp_mounted \
sudo tar -C "/root" -xzvf "/tmp_mounted/$HYRAX_DEPENDENCIES_TARBALL"
RUN sudo chown -R $BES_USER:$BES_USER $DEPS_PREFIX \
&& sudo chmod o+x /root
USER $BES_USER
WORKDIR "/home/$BES_USER"
COPY --from=builder /home/$BES_USER/bes/bes_VERSION bes_VERSION
COPY --from=builder /home/$BES_USER/bes/libdap_VERSION libdap_VERSION
COPY --from=builder $DEPS_PREFIX $DEPS_PREFIX
# Copy over everything installed in the builder image.
# This is a little ham-fisted, but seems to be at least sufficient
# (if not particularly elegant!).
COPY --from=builder /etc/bes /etc/bes
COPY --from=builder /usr/lib /usr/lib
COPY --from=builder /run/bes /run/bes
COPY --from=builder /share/bes /usr/share/bes
COPY --from=builder /share/hyrax /usr/share/hyrax
COPY --from=builder /include/bes /include/bes
COPY --from=builder /etc/rc.d/init.d/besd /etc/rc.d/init.d/besd
COPY --from=builder /bin/bes* /bin
# NB: Last line of multi-file docker copy is destination
COPY --from=builder \
/usr/bin/bes* \
/usr/bin/*dmrpp* \
/usr/bin/ingest* \
/usr/bin/dap-config \
/usr/bin/dmr_memory_cache \
/usr/bin/get_hdf_side_car \
/usr/bin/getdap \
/usr/bin/getdap4 \
/usr/bin/hyraxctl \
/usr/bin/localBesGetDap \
/usr/bin/populateMDS \
/usr/bin/reduce_mdf \
/usr/bin/
RUN sudo setfacl -R -m u:$BES_USER:rwx /var/run \
&& sudo setfacl -R -m u:$BES_USER:rwx /run \
&& sudo setfacl -R -m u:$BES_USER:rwx /usr/share
################################################################
# Set up besdaemon
USER root
# Adapted from bes/spec.all_static.in in RPM creation.
# The four *.pem substitutions may be unnecessary, as those *.pem files may be
# vestigial substitutions for a build process past. See HYRAX-2075.
RUN sed -i.dist \
-e 's:=.*/bes.log:=/var/log/bes/bes.log:' \
-e 's:=.*/lib/bes:=/usr/lib/bes:' \
-e 's:=.*/share/bes:=/usr/share/bes:' \
-e 's:=.*/share/hyrax:=/usr/share/hyrax:' \
-e 's:=/full/path/to/serverside/certificate/file.pem:=/etc/pki/bes/cacerts/file.pem:' \
-e 's:=/full/path/to/serverside/key/file.pem:=/etc/pki/bes/public/file.pem:' \
-e 's:=/full/path/to/clientside/certificate/file.pem:=/etc/pki/bes/cacerts/file.pem:' \
-e 's:=/full/path/to/clientside/key/file.pem:=/etc/pki/bes/public/file.pem:' \
-e 's:=user_name:='"$BES_USER"':' \
-e 's:=group_name:='"$BES_USER"':' \
/etc/bes/bes.conf \
&& mkdir -p "/var/log/bes/" \
&& touch "/var/log/bes/bes.log" \
&& chown -R $BES_USER:$BES_USER "/var/log/bes/"
# Start besd service at boot
RUN chkconfig --add besd \
&& ldconfig \
&& chkconfig --list | grep besd
# Confirm that the besd service starts at boot
RUN echo "besdaemon is here: $(which besdaemon)" \
&& echo "whoami: $(whoami)" \
&& BESD_COUNT=$(chkconfig --list | grep besd) \
&& if [ -z "$BESD_COUNT" ]; then \
echo "Error: besd service not configured to run on startup. Exiting."; \
exit 1; \
fi
# Sanity-check versions, and that the besctl can be started and stopped without failing
RUN echo "BES_VERSION (from bes_VERSION) is $(cat bes_VERSION)" \
&& echo "LIBDAP_VERSION (from libdap_VERSION) is $(cat libdap_VERSION)" \
&& besctl start \
&& besctl stop
ENTRYPOINT [ "/bin/bash" ]
CMD ["-"]