Dockerfile updates for RPM installs

* Sync our Dockerfiles as much as possible with those in dist-git * Move some scripts in the RPM * Enable RPM mounts w/o depending on them in base images
openshift · May 17, 2017 · 2f7d826 · smarterclayton · Jul 31, 2017 · 2f7d826
1 parent 204ede0
commit 2f7d826
Show file tree

Hide file tree

Showing 32 changed files with 144 additions and 174 deletions.
diff --git a/Makefile b/Makefile
@@ -239,8 +239,7 @@ clean:
 #
 # Example:
 #   make release
-release: clean
-	OS_ONLY_BUILD_PLATFORMS="linux/amd64" hack/build-release.sh
+release: clean build-rpms
 	hack/build-images.sh
 	hack/extract-release.sh
 .PHONY: release
@@ -290,18 +289,6 @@ build-rpms-redistributable:
 	hack/build-rpm-release.sh
 .PHONY: build-rpms-redistributable
 
-# Build a release of OpenShift using tito for linux/amd64 and the images that depend on it.
-#
-# Args:
-#
-# Example:
-#   make release-rpms
-release-rpms: clean build-rpms-redistributable
-	hack/build-base-images.sh
-	hack/build-images.sh
-	hack/extract-release.sh
-.PHONY: release
-
 # Vendor the Origin Web Console
 #
 # Args:

diff --git a/hack/build-base-images.sh b/hack/build-base-images.sh
@@ -10,17 +10,6 @@ tag_prefix="${OS_IMAGE_PREFIX:-"openshift/origin"}"
 
 os::util::ensure::gopath_binary_exists imagebuilder
 
-# image builds require RPMs to have been built
-if [[ ! -d "${OS_LOCAL_RPMPATH}" ]]; then
-	relative_releasepath="$( os::util::repository_relative_path "${OS_LOCAL_RELEASEPATH}" )"
-	relative_binpath="$( os::util::repository_relative_path "${OS_OUTPUT_BINPATH}" )"
-	os::log::fatal "No release RPMs have been built! RPMs are necessary to build container images.
-Build them with:
-  $ OS_BUILD_ENV_PRESERVE=${relative_binpath}:${relative_releasepath} hack/env make build-rpms-redistributable"
-fi
-
-OS_BUILD_IMAGE_BASE_ARGS="${OS_BUILD_IMAGE_BASE_ARGS:-} -mount ${OS_LOCAL_RPMPATH}/:/srv/origin-local-release/"
-
 # Build the base image without the default image args
 OS_BUILD_IMAGE_ARGS="${OS_BUILD_IMAGE_BASE_ARGS-}" os::build::image "${OS_ROOT}/images/source" "${tag_prefix}-source"
 OS_BUILD_IMAGE_ARGS="${OS_BUILD_IMAGE_BASE_ARGS-}" os::build::image "${OS_ROOT}/images/base" "${tag_prefix}-base"

diff --git a/hack/build-images.sh b/hack/build-images.sh
@@ -8,15 +8,12 @@
 # origin-deployer, etc.
 STARTTIME=$(date +%s)
 source "$(dirname "${BASH_SOURCE}")/lib/init.sh"
-source "${OS_ROOT}/contrib/node/install-sdn.sh"
 
-if [[ ! -d "${OS_LOCAL_RPMPATH}" ]]; then
-	relative_rpmpath="$( os::util::repository_relative_path "${OS_LOCAL_RPMPATH}" )"
-	relative_binpath="$( os::util::repository_relative_path "${OS_OUTPUT_BINPATH}" )"
-	os::log::fatal "No release RPMs have been built! RPMs are necessary to build container images.
-Build them with:
-  $ OS_BUILD_ENV_PRESERVE=${relative_binpath}:${relative_rpmpath} hack/env make build-rpms-redistributable"
-fi
+os::util::ensure::gopath_binary_exists imagebuilder
+# image builds require RPMs to have been built
+os::build::release::check_for_rpms
+# OS_RELEASE_COMMIT is required by image-build
+os::build::detect_local_release_tars $(os::build::host_platform_friendly)
 
 # Without this, the dockerregistry lacks gcs+oss storage drivers in non-cross builds.
 readonly OS_GOFLAGS_TAGS="include_gcs include_oss"
@@ -87,15 +84,10 @@ function image() {
 ln_or_cp "${OS_OUTPUT_BINPATH}/linux/amd64/hello-openshift" examples/hello-openshift/bin
 ln_or_cp "${OS_OUTPUT_BINPATH}/linux/amd64/gitserver"       examples/gitserver/bin
 
-# Copy SDN scripts into images/node
-os::provision::install-sdn "${OS_ROOT}" "${OS_OUTPUT_BINPATH}/linux/amd64" "${OS_ROOT}/images/node"
-mkdir -p images/node/conf/
-cp -pf "${OS_ROOT}/contrib/systemd/openshift-sdn-ovs.conf" images/node/conf/
-
 # determine the correct tag prefix
 tag_prefix="${OS_IMAGE_PREFIX:-"openshift/origin"}"
 
-# images that depend on scratch / centos
+# images that depend on "${tag_prefix}-source"
 image "${tag_prefix}-pod"                   images/pod
 # images that depend on "${tag_prefix}-base"
 image "${tag_prefix}"                       images/origin

diff --git a/hack/build-rpm-release.sh b/hack/build-rpm-release.sh
@@ -5,6 +5,8 @@
 # be running `hack/build-cross.sh` under the covers, so we transitively
 # consume all of the relevant envars.
 source "$(dirname "${BASH_SOURCE}")/lib/init.sh"
+os::util::ensure::system_binary_exists tito
+os::util::ensure::system_binary_exists createrepo
 os::build::setup_env
 
 if [[ "${OS_ONLY_BUILD_PLATFORMS:-}" == 'linux/amd64' ]]; then
@@ -39,7 +41,7 @@ elif [[ "${#output_directories[@]}" -gt 1 ]]; then
 			output_directory="${directory}"
 		fi
 	done
-	os::log::warn "After the tito build, more than one rpmbuild directory was found!
+	os::log::warning "After the tito build, more than one rpmbuild directory was found!
 This script will unpack the most recently modified directory: ${output_directory}"
 else
         output_directory="${output_directories[0]}"
@@ -56,24 +58,20 @@ make clean
 # migrate the tito artifacts to the Origin directory
 mkdir -p "${OS_OUTPUT}"
 mv "${tito_output_directory}"/* "${OS_OUTPUT}"
-mkdir -p "${OS_LOCAL_RELEASEPATH}/rpms"
-mv "${tito_tmp_dir}"/*src.rpm "${OS_LOCAL_RELEASEPATH}/rpms"
-mv "${tito_tmp_dir}"/*/*.rpm "${OS_LOCAL_RELEASEPATH}/rpms"
+mkdir -p "${OS_LOCAL_RPMPATH}"
+mv "${tito_tmp_dir}"/*src.rpm "${OS_LOCAL_RPMPATH}"
+mv "${tito_tmp_dir}"/*/*.rpm "${OS_LOCAL_RPMPATH}"
 
-if command -v createrepo >/dev/null 2>&1; then
-	repo_path="$( os::util::absolute_path "${OS_LOCAL_RELEASEPATH}/rpms" )"
-	createrepo "${repo_path}"
+repo_path="$( os::util::absolute_path "${OS_LOCAL_RPMPATH}" )"
+createrepo "${repo_path}"
 
-	echo "[${OS_RPM_NAME}-local-release]
+echo "[${OS_RPM_NAME}-local-release]
 baseurl = file://${repo_path}
 gpgcheck = 0
 name = OpenShift Release from Local Source
 enabled = 1
 " > "${repo_path}/${OS_RPM_NAME}-local-release.repo"
 
-	os::log::info "Repository file for \`yum\` or \`dnf\` placed at ${repo_path}/origin-local-release.repo
+os::log::info "Repository file for \`yum\` or \`dnf\` placed at ${repo_path}/origin-local-release.repo
 Install it with:
-  $ mv '${repo_path}/origin-local-release.repo' '/etc/yum.repos.d"
-else
-	os::log::warning "Repository file for \`yum\` or \`dnf\` could not be generated, install \`createrepo\`."
-fi
+$ mv '${repo_path}/origin-local-release.repo' '/etc/yum.repos.d"
diff --git a/hack/common.sh b/hack/common.sh
@@ -70,7 +70,7 @@ readonly -f os::build::platform_arch
 function os::build::setup_env() {
   os::util::ensure::system_binary_exists 'go'
 
-  if os::util::find::system_binary 'sha256sum' >/dev/null 2>&1; then
+  if [[ -z "$(which sha256sum)" ]]; then
     sha256sum() {
       return 0
     }
@@ -82,9 +82,9 @@ function os::build::setup_env() {
   if [[ "${TRAVIS:-}" != "true" ]]; then
     local go_version
     go_version=($(go version))
-    if [[ "${go_version[2]}" < "go1.5" ]]; then
+    if [[ "${go_version[2]}" < "go1.7" ]]; then
       os::log::fatal "Detected Go version: ${go_version[*]}.
-Origin builds require Go version 1.6 or greater."
+Origin builds require Go version 1.7 or greater."
     fi
   fi
   # For any tools that expect this to be set (it is default in golang 1.6),

diff --git a/hack/lib/build/release.sh b/hack/lib/build/release.sh
@@ -5,10 +5,10 @@
 # os::build::release::check_for_rpms checks that an RPM release has been built
 function os::build::release::check_for_rpms() {
 	if [[ ! -d "${OS_LOCAL_RPMPATH}" || ! -s "${OS_LOCAL_RELEASEPATH}/CHECKSUM" ]]; then
-		relative_rpmpath="$( os::util::repository_relative_path "${OS_LOCAL_RPMPATH}" )"
-		relative_binpath="$( os::util::repository_relative_path "${OS_OUTPUT_BINPATH}" )"
+		relative_release_path="$( os::util::repository_relative_path "${OS_LOCAL_RELEASEPATH}" )"
+		relative_bin_path="$( os::util::repository_relative_path "${OS_OUTPUT_BINPATH}" )"
 		os::log::fatal "No release RPMs have been built! RPMs are necessary to build container images.
 Build them with:
-  $ OS_BUILD_ENV_PRESERVE=${relative_binpath}:${relative_rpmpath} hack/env make build-rpms"
+  $ OS_BUILD_ENV_PRESERVE=${relative_bin_path}:${relative_release_path} hack/env make build-rpms"
 	fi
-}
+}
diff --git a/images/base/Dockerfile b/images/base/Dockerfile
@@ -6,13 +6,12 @@
 #
 FROM openshift/origin-source
 
-RUN yum clean all \
- && INSTALL_PKGS="bsdtar ceph-common device-mapper device-mapper-persistent-data e2fsprogs epel-release ethtool findutils git hostname iptables lsof nmap-ncat socat sysvinit-tools tar tree util-linux wget which xfsprogs" \
- && yum install -y ${INSTALL_PKGS} \
- && rpm -V ${INSTALL_PKGS} \
- && yum clean all \
- && mkdir -p /var/lib/origin
+RUN INSTALL_PKGS="bsdtar ceph-common device-mapper device-mapper-persistent-data e2fsprogs epel-release ethtool findutils git hostname iptables lsof nmap-ncat socat sysvinit-tools tar tree util-linux wget which xfsprogs" && \
+    yum --disablerepo=origin-local-release install -y ${INSTALL_PKGS} && \
+    rpm -V ${INSTALL_PKGS} && \
+    yum clean all && \
+    mkdir -p /var/lib/origin
 
-LABEL io.openshift.tags="openshift,base" \
-      io.k8s.display-name="OpenShift Origin CentOS 7 Base" \
-      io.k8s.description="This is the base image from which all OpenShift Origin images inherit."
+LABEL io.k8s.display-name="OpenShift Origin CentOS 7 Base" \
+      io.k8s.description="This is the base image from which all OpenShift Origin images inherit." \
+      io.openshift.tags="openshift,base"
diff --git a/images/base/Dockerfile.centos7 b/images/base/Dockerfile.centos7
@@ -1,17 +1,17 @@
 #
 # This is the base image from which all OpenShift Origin images inherit. Only packages
-# common to all downstream images should be here. Depends on Centos 7.2+
+# common to all downstream images should be here.
 #
 # The standard name for this image is openshift/origin-base
 #
-FROM centos:centos7
+FROM openshift/origin-source
 
-RUN INSTALL_PKGS="which git tar wget hostname sysvinit-tools util-linux bsdtar centos-release-openshift-origin \
-      socat ethtool device-mapper iptables tree findutils nmap-ncat e2fsprogs xfsprogs lsof device-mapper-persistent-data ceph-common" && \
-    yum install -y $INSTALL_PKGS && \
-    rpm -V $INSTALL_PKGS && \
+RUN INSTALL_PKGS="bsdtar ceph-common device-mapper device-mapper-persistent-data e2fsprogs epel-release ethtool findutils git hostname iptables lsof nmap-ncat socat sysvinit-tools tar tree util-linux wget which xfsprogs" && \
+    yum --disablerepo=origin-local-release install -y ${INSTALL_PKGS} && \
+    rpm -V ${INSTALL_PKGS} && \
     yum clean all && \
     mkdir -p /var/lib/origin
 
-LABEL io.k8s.display-name="OpenShift Origin Centos 7 Base" \
-      io.k8s.description="This is the base image from which all OpenShift Origin images inherit."
+LABEL io.k8s.display-name="OpenShift Origin CentOS 7 Base" \
+      io.k8s.description="This is the base image from which all OpenShift Origin images inherit." \
+      io.openshift.tags="openshift,base"
diff --git a/images/base/Dockerfile.rhel7 b/images/base/Dockerfile.rhel7
@@ -8,7 +8,7 @@ FROM rhel7
 
 RUN INSTALL_PKGS="which git tar wget hostname sysvinit-tools util-linux bsdtar \
       socat ethtool device-mapper iptables tree findutils nmap-ncat e2fsprogs xfsprogs lsof device-mapper-persistent-data ceph-common" && \
-    yum install -y $INSTALL_PKGS && \
+    yum --disablerepo=origin-local-release install -y $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \
     mkdir -p /var/lib/origin

diff --git a/images/builder/docker/docker-builder/Dockerfile b/images/builder/docker/docker-builder/Dockerfile
@@ -13,5 +13,6 @@
 FROM openshift/origin
 
 LABEL io.k8s.display-name="OpenShift Origin Docker Builder" \
-      io.k8s.description="This is a component of OpenShift Origin and is responsible for executing Docker image builds."
+      io.k8s.description="This is a component of OpenShift Origin and is responsible for executing Docker image builds." \
+      io.openshift.tags="openshift,builder"
 ENTRYPOINT ["/usr/bin/openshift-docker-build"]
diff --git a/images/builder/docker/sti-builder/Dockerfile b/images/builder/docker/sti-builder/Dockerfile
@@ -13,5 +13,6 @@
 FROM openshift/origin
 
 LABEL io.k8s.display-name="OpenShift Origin S2I Builder" \
-      io.k8s.description="This is a component of OpenShift Origin and is responsible for executing source-to-image (s2i) image builds."
+      io.k8s.description="This is a component of OpenShift Origin and is responsible for executing source-to-image (s2i) image builds." \
+      io.openshift.tags="openshift,sti,builder"
 ENTRYPOINT ["/usr/bin/openshift-sti-build"]
diff --git a/images/deployer/Dockerfile b/images/deployer/Dockerfile
@@ -12,9 +12,9 @@
 #
 FROM openshift/origin
 
-LABEL io.openshift.tags="openshift,deployer" \
-      io.k8s.display-name="OpenShift Origin Deployer" \
-      io.k8s.description="This is a component of OpenShift Origin and executes the user deployment process to roll out new containers. It may be used as a base image for building your own custom deployer image."
-
+LABEL io.k8s.display-name="OpenShift Origin Deployer" \
+      io.k8s.description="This is a component of OpenShift Origin and executes the user deployment process to roll out new containers. It may be used as a base image for building your own custom deployer image." \
+      io.openshift.tags="openshift,deployer"
+# The deployer doesn't require a root user.
 USER 1001
 ENTRYPOINT ["/usr/bin/openshift-deploy"]
diff --git a/images/dockerregistry/Dockerfile b/images/dockerregistry/Dockerfile
@@ -6,17 +6,18 @@
 #
 FROM openshift/origin-base
 
-RUN INSTALL_PKGS="origin-dockerregistry" \
- && yum install -y ${INSTALL_PKGS} \
- && rpm -V ${INSTALL_PKGS} \
- && yum clean all
+RUN INSTALL_PKGS="origin-dockerregistry" && \
+    yum install -y ${INSTALL_PKGS} && \
+    rpm -V ${INSTALL_PKGS} && \
+    yum clean all
 
 COPY config.yml ${REGISTRY_CONFIGURATION_PATH}
 
-LABEL io.openshift.tags="openshift,docker,registry" \
-      io.k8s.display-name="OpenShift Container Platform Image Registry" \
-      io.k8s.description="This is a component ofOpenShift Container Platform and exposes a Docker registry that is integrated with the cluster for authentication and management."
+LABEL io.k8s.display-name="OpenShift Container Platform Image Registry" \
+      io.k8s.description="This is a component ofOpenShift Container Platform and exposes a Docker registry that is integrated with the cluster for authentication and management." \
+      io.openshift.tags="openshift,docker,registry"
 
+# The registry doesn't require a root user.
 USER 1001
 EXPOSE 5000
 VOLUME /registry

diff --git a/images/dockerregistry/Dockerfile.centos7 b/images/dockerregistry/Dockerfile.centos7
@@ -7,19 +7,21 @@
 FROM openshift/origin-base
 
 RUN INSTALL_PKGS="origin-dockerregistry" && \
-    yum install -y $INSTALL_PKGS && \
-    rpm -V $INSTALL_PKGS && \
+    yum install -y ${INSTALL_PKGS} && \
+    rpm -V ${INSTALL_PKGS} && \
     yum clean all
 
-COPY config.yml $REGISTRY_CONFIGURATION_PATH
+COPY config.yml ${REGISTRY_CONFIGURATION_PATH}
 
-LABEL io.k8s.display-name="OpenShift Origin Image Registry" \
-      io.k8s.description="This is a component of OpenShift Origin and exposes a Docker registry that is integrated with the cluster for authentication and management."
+LABEL io.k8s.display-name="OpenShift Container Platform Image Registry" \
+      io.k8s.description="This is a component ofOpenShift Container Platform and exposes a Docker registry that is integrated with the cluster for authentication and management." \
+      io.openshift.tags="openshift,docker,registry"
 
 # The registry doesn't require a root user.
 USER 1001
 EXPOSE 5000
 VOLUME /registry
-ENV REGISTRY_CONFIGURATION_PATH=/config.yml
+ENV REGISTRY_CONFIGURATION_PATH=/config.yml \
+	DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT}
 
-CMD DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT} /usr/bin/dockerregistry ${REGISTRY_CONFIGURATION_PATH}
+CMD /usr/bin/dockerregistry ${REGISTRY_CONFIGURATION_PATH}
diff --git a/images/egress/router/Dockerfile b/images/egress/router/Dockerfile
@@ -12,4 +12,8 @@ RUN INSTALL_PKGS="iproute iputils" && \
 
 ADD egress-router.sh /bin/egress-router.sh
 
+LABEL io.k8s.display-name="OpenShift Origin Egress Router" \
+      io.k8s.description="This is a component of OpenShift Origin and contains an egress router." \
+      io.openshift.tags="openshift,router,egress"
+
 ENTRYPOINT /bin/egress-router.sh
diff --git a/images/ipfailover/keepalived/Dockerfile b/images/ipfailover/keepalived/Dockerfile
@@ -12,7 +12,8 @@ RUN INSTALL_PKGS="kmod keepalived iproute psmisc nmap-ncat net-tools" && \
 COPY . /var/lib/ipfailover/keepalived/
 
 LABEL io.k8s.display-name="OpenShift Origin IP Failover" \
-      io.k8s.description="This is a component of OpenShift Origin and runs a clustered keepalived instance across multiple hosts to allow highly available IP addresses."
+      io.k8s.description="This is a component of OpenShift Origin and runs a clustered keepalived instance across multiple hosts to allow highly available IP addresses." \
+      io.openshift.tags="openshift,ha,ip,failover"
 EXPOSE 1985
 WORKDIR /var/lib/ipfailover
 ENTRYPOINT ["/var/lib/ipfailover/keepalived/monitor.sh"]
diff --git a/images/node/Dockerfile b/images/node/Dockerfile
@@ -8,11 +8,8 @@
 #
 # The standard name for this image is openshift/node
 #
-
 FROM openshift/origin
 
-COPY centos-paas-sig-openshift-origin36.repo /etc/yum.repos.d/
-COPY scripts/* /usr/local/bin/
 COPY system-container/system-container-wrapper.sh /usr/local/bin/
 COPY system-container/manifest.json system-container/config.json.template system-container/service.template system-container/tmpfiles.template /exports/
 
@@ -25,9 +22,9 @@ RUN INSTALL_PKGS="libmnl libnetfilter_conntrack conntrack-tools openvswitch \
     yum clean all && \
     mkdir -p /usr/lib/systemd/system/origin-node.service.d /usr/lib/systemd/system/docker.service.d
 
-LABEL io.openshift.tags="openshift,node" \
-      io.k8s.display-name="OpenShift Origin Node" \
-      io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN."
+LABEL io.k8s.display-name="OpenShift Origin Node" \
+      io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN." \
+      io.openshift.tags="openshift,node"
 
 VOLUME /etc/origin/node
 ENV KUBECONFIG=/etc/origin/node/node.kubeconfig

diff --git a/images/node/Dockerfile.centos7 b/images/node/Dockerfile.centos7
@@ -10,11 +10,10 @@
 #
 FROM openshift/origin
 
-COPY scripts/* /usr/local/bin/
-COPY system-container/system-container-wrapper.sh /usr/local/bin
+COPY system-container/system-container-wrapper.sh /usr/local/bin/
 COPY system-container/manifest.json system-container/config.json.template system-container/service.template system-container/tmpfiles.template /exports/
 
-RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools openvswitch \
+RUN INSTALL_PKGS="libmnl libnetfilter_conntrack conntrack-tools openvswitch \
       libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \
       binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \
       iscsi-initiator-utils bind-utils" && \
@@ -24,7 +23,9 @@ RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools o
     mkdir -p /usr/lib/systemd/system/origin-node.service.d /usr/lib/systemd/system/docker.service.d
 
 LABEL io.k8s.display-name="OpenShift Origin Node" \
-      io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN."
+      io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN." \
+      io.openshift.tags="openshift,node"
+
 VOLUME /etc/origin/node
 ENV KUBECONFIG=/etc/origin/node/node.kubeconfig
 

diff --git a/images/node/centos-paas-sig-openshift-origin36.repo b/images/node/centos-paas-sig-openshift-origin36.repo