Reorganize both dev and prod container builds

Use only one (templated) docker file for both builds. Move to two-stage container builds in order to save space in the final image.
2026-01-10 15:32:07 -03:30 · 2020-05-12 23:37:44 -04:00 · 2020-05-12 23:37:44 -04:00 · 66245d3094
commit 66245d3094
parent a057277823
5 changed files with 165 additions and 206 deletions
--- a/.gitignore
+++ b/.gitignore
@ -35,6 +35,7 @@ rsyslog.pid
 /tower-license
 /tower-license/**
 tools/prometheus/data
+tools/docker-compose/Dockerfile

 # Tower setup playbook testing
 setup/test/roles/postgresql
--- a/1
+++ b/1
@ -652,6 +652,7 @@ docker-compose-clean: awx/projects

 # Base development image build
 docker-compose-build:
+	ansible localhost -m template -a "src=installer/roles/image_build/templates/Dockerfile.j2 dest=tools/docker-compose/Dockerfile" -e build_dev=True
 	docker build -t ansible/awx_devel -f tools/docker-compose/Dockerfile \
 		--cache-from=$(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG) .
 	docker tag ansible/awx_devel $(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG)
--- a/installer/roles/image_build/defaults/main.yml
+++ b/installer/roles/image_build/defaults/main.yml
@ -1,2 +1,3 @@
 ---
 create_preload_data: true
+build_dev: false
--- a/installer/roles/image_build/templates/Dockerfile.j2
+++ b/installer/roles/image_build/templates/Dockerfile.j2
@ -1,4 +1,14 @@
-FROM centos:8
+{% if build_dev|bool %}
+### This file is generated from
+### installer/roles/image_build/templates/Dockerfile.j2
+###
+### DO NOT EDIT
+###
+{% endif %}
+
+
+# Build container
+FROM centos:8 as builder

 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
@ -6,66 +16,44 @@ ENV LC_ALL en_US.UTF-8

 USER root

-ADD google-cloud-sdk.repo /etc/yum.repos.d/
-ADD rsyslog.repo /etc/yum.repos.d/rsyslog.repo
+# Locations
+ARG VENV_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/venv"
+ARG COLLECTION_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/vendor/awx_ansible_collections"

-# sync with installer/roles/image_build/templates/Dockerfile.j2
+# Install build dependencies
 RUN dnf -y update && \
-    dnf -y install https://github.com/krallin/tini/releases/download/v0.18.0/tini_0.18.0.rpm && \
    dnf -y install epel-release 'dnf-command(config-manager)' && \
    dnf module -y enable 'postgresql:10' && \
    dnf config-manager --set-enabled PowerTools && \
-    dnf -y install acl \
-    ansible \
-    bubblewrap \
-    curl \
-    diffutils \
-    dnf-utils \
+    dnf -y install ansible \
    gcc \
    gcc-c++ \
    gettext \
    git-core \
    glibc-langpack-en \
-    krb5-workstation \
-    kubectl \
    libcurl-devel \
    libffi-devel \
    libstdc++.so.6 \
    libtool-ltdl-devel \
-    libcgroup-tools \
    make \
-    mercurial \
-    nginx \
    nodejs \
    nss \
    openldap-devel \
-    openssh-server \
    patch \
    @postgresql:10 \
    postgresql-devel \
    python3-devel \
-    python3-libselinux \
    python3-pip \
    python3-psycopg2 \
    python3-setuptools \
-    python3-pycurl \
-    rsync \
-    rsyslog-omhttp \
-    subversion \
-    sudo \
    swig \
-    tmux \
    unzip \
-    vim-minimal \
-    which \
-    xmlsec1 \
    xmlsec1-devel \
-    xmlsec1-openssl \
    xmlsec1-openssl-devel

-RUN python3 -m ensurepip && pip3 install "virtualenv < 20" supervisor
+RUN python3 -m ensurepip && pip3 install "virtualenv < 20"

-# Install AWX + Requirements
+# Install & build requirements
 ADD Makefile /tmp/Makefile
 RUN mkdir /tmp/requirements
 ADD requirements/requirements_ansible.txt \
@ -76,63 +64,172 @@ ADD requirements/requirements_ansible.txt \
    requirements/requirements_git.txt \
    requirements/collections_requirements.yml \
    /tmp/requirements/
-RUN cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements_awx requirements_ansible_py3
-RUN cd /tmp && COLLECTION_BASE="/var/lib/awx/vendor/awx_ansible_collections" make requirements_collections

+RUN cd /tmp && make requirements_awx requirements_ansible_py3
+RUN cd /tmp && make requirements_collections
+
+{% if build_dev|bool %}
+ADD requirements/requirements_dev.txt /tmp/requirements
+RUN cd /tmp && make requirements_awx_dev requirements_ansible_dev
+{% endif %}
+{% if not build_dev|bool %}
 COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
-RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version && \
-    OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }} && \
-    ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage
+RUN mkdir -p -m 755 /var/lib/awx && echo "{{ awx_version }}" > /var/lib/awx/.tower_version && \
+    OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }}
+{% endif %}

-RUN dnf -y remove *-devel \
-    gcc \
-    gcc-c++ \
-    nodejs
+# Final container(s)
+FROM centos:8

-ADD settings.py /etc/tower/settings.py
-ADD supervisor.conf /supervisor.conf
-ADD supervisor_task.conf /supervisor_task.conf
-ADD launch_awx.sh /usr/bin/launch_awx.sh
-ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh
-ADD config-watcher /usr/bin/config-watcher
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+USER root
+
+{% if build_dev|bool %}
+# Install development/test requirements
+RUN dnf -y install \
+    gtk3 \
+    alsa-lib \
+    libX11-xcb \
+    libXScrnSaver \
+    strace \
+    vim \
+    nmap-ncat \
+    nodejs \
+    make \
+    patch && \
+    npm install -g n && n 10.15.0 && dnf remove -y nodejs
+{% endif %}
+
+# Install runtime requirements
+RUN dnf -y update && \
+    dnf -y install https://github.com/krallin/tini/releases/download/v0.18.0/tini_0.18.0.rpm && \
+    dnf -y install epel-release 'dnf-command(config-manager)' && \
+    dnf module -y enable 'postgresql:10' && \
+    dnf config-manager --set-enabled PowerTools && \
+    dnf -y install acl \
+    ansible \
+    bubblewrap \
+    git-core \
+    glibc-langpack-en \
+    krb5-workstation \
+    libcgroup-tools \
+    mercurial \
+    nginx \
+    @postgresql:10 \
+    python3-devel \
+    python3-libselinux \
+    python3-pip \
+    python3-psycopg2 \
+    python3-setuptools \
+    rsync \
+    subversion \
+    sudo \
+    tmux \
+    vim-minimal \
+    which \
+    xmlsec1-openssl && \
+    dnf -y --repofrompath gcloud,https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 \
+       --setopt gcloud.gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg \
+      install kubectl && \
+    dnf -y install centos-release-stream && dnf -y install "rsyslog >= 8.1911.0" && dnf -y remove centos-release-stream && \
+    dnf -y clean all
+
+RUN python3 -m ensurepip && pip3 install "virtualenv < 20" supervisor {% if build_dev|bool %}flake8{% endif %}
+
+RUN rm -rf /root/.cache && rm -rf /tmp/*

 # Install OpenShift CLI
 RUN cd /usr/local/bin && \
    curl -L https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz | \
    tar -xz --strip-components=1 --wildcards --no-anchored 'oc'

-# Pre-create things that we need to write to
-RUN for dir in /home/awx /var/run/supervisor /var/lib/awx /var/lib/awx/rsyslog /var/lib/awx/rsyslog/conf.d /var/run/awx-rsyslog /var/log/tower /var/log/nginx /var/lib/nginx; \
-    do mkdir -p $dir; chmod -R g+rwx $dir; chgrp -R root $dir; done && \
-    \
-    for file in /etc/passwd /var/run/nginx.pid; \
-    do touch $file; chmod -R g+rwx $file; chgrp -R root $file; done
+# Copy app from builder
+{%if build_dev|bool %}
+COPY --from=builder /venv /venv
+COPY --from=builder /vendor /vendor
+RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \
+        -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \
+    openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \
+    chmod 640 /etc/nginx/nginx.{csr,key,crt}
+{% else %}
+COPY --from=builder /var/lib/awx /var/lib/awx
+RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage
+{% endif %}

 # Create default awx rsyslog config
-ADD rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf
+ADD {% if build_dev|bool %}tools/docker-compose/{% endif %}rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf

-# Fix up permissions
-RUN find /var/lib/awx -not -path '/var/lib/awx/venv*' | xargs chgrp root && \
-    find /var/lib/awx -not -path '/var/lib/awx/venv*' | xargs chmod g+w && \
-    chgrp root /var/lib/awx/rsyslog/rsyslog.conf && \
-    chmod +rx /usr/bin/launch_awx.sh && \
-    chmod +rx /usr/bin/launch_awx_task.sh && \
-    chmod +rx /usr/bin/config-watcher && \
-    chmod u+s /usr/bin/bwrap # https://github.com/ansible/awx/issues/5224
+## File mappings
+{% if build_dev|bool %}
+ADD tools/docker-compose/launch_awx.sh /usr/bin/launch_awx.sh
+ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage
+ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link
+ADD tools/docker-compose/awx.egg-info /tmp/awx.egg-info
+ADD tools/docker-compose/nginx.conf /etc/nginx/nginx.conf
+ADD tools/docker-compose/nginx.vh.default.conf /etc/nginx/conf.d/nginx.vh.default.conf
+ADD tools/docker-compose/start_tests.sh /start_tests.sh
+ADD tools/docker-compose/bootstrap_development.sh /usr/bin/bootstrap_development.sh
+ADD tools/docker-compose/entrypoint.sh /entrypoint.sh
+ADD tools/scripts/awx-python /usr/bin/awx-python
+{% else %}
+ADD launch_awx.sh /usr/bin/launch_awx.sh
+ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh
+ADD settings.py /etc/tower/settings.py
+ADD supervisor.conf /supervisor.conf
+ADD supervisor_task.conf /supervisor_task.conf
+ADD config-watcher /usr/bin/config-watcher
+{% endif %}

+# Pre-create directories
+RUN for dir in \
+      /var/lib/awx/rsyslog \
+      /var/lib/awx/rsyslog/conf.d \
+      /var/run/awx-rsyslog \
+      /var/log/tower \
+      /var/log/nginx \
+      /var/lib/nginx ; \
+    do mkdir -m 0755 -p $dir ; done
+
+# Adjust any remaining permissions
+RUN chmod u+s /usr/bin/bwrap
+{% if build_dev|bool %}
+RUN for dir in \
+      /var/lib/awx \
+      /var/lib/awx/projects \
+      /var/lib/awx/rsyslog \
+      /var/run/awx-rsyslog \
+      /.ansible \
+      /vendor ; \
+    do mkdir -m 0775 -p $dir ; chmod g+rwX $dir ; done && \
+    for file in \
+      /etc/passwd \
+      /etc/supervisord.conf \
+      /var/run/nginx.pid \
+      /venv/awx/lib/python3.6/site-packages/awx.egg-link ; \
+    do touch $file ; chmod g+rw $file ; done
+{% endif %}
+
+{% if not build_dev|bool %}
 RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log
+{% endif %}

-RUN dnf -y clean all && rm -rf /root/.cache rm -rf /tmp/*
-
-ENV HOME=/home/awx
+ENV HOME="/var/lib/awx"
 ENV PATH="/usr/pgsql-10/bin:${PATH}"

-WORKDIR ${HOME}
+{% if build_dev|bool %}
+EXPOSE 8043 8013 8080 22
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["/bin/bash"]
+{% else %}
 USER 1000
 EXPOSE 8052

 ENTRYPOINT ["tini", "--"]
 CMD /usr/bin/launch_awx.sh
-
 VOLUME /var/lib/nginx
+{% endif %}
--- a/tools/docker-compose/Dockerfile
+++ b/tools/docker-compose/Dockerfile
@ -1,141 +0,0 @@
-FROM centos:8
-
-ARG UID=0
-
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US:en
-ENV LC_ALL en_US.UTF-8
-
-ADD tools/docker-compose/ansible_nightly.repo /etc/yum.repos.d/ansible_nightly.repo
-ADD tools/docker-compose/google-cloud-sdk.repo /etc/yum.repos.d/
-ADD tools/docker-compose/rsyslog.repo /etc/yum.repos.d/
-
-# sync with installer/roles/image_build/templates/Dockerfile.j2
-RUN dnf -y update && \
-    dnf -y install https://github.com/krallin/tini/releases/download/v0.18.0/tini_0.18.0.rpm && \
-    dnf -y install epel-release 'dnf-command(config-manager)' && \
-    dnf module -y enable 'postgresql:10' && \
-    dnf config-manager --set-enabled PowerTools && \
-    dnf -y install acl \
-    ansible \
-    bubblewrap \
-    curl \
-    diffutils \
-    dnf-utils \
-    gcc \
-    gcc-c++ \
-    gettext \
-    git-core \
-    glibc-langpack-en \
-    krb5-workstation \
-    kubectl \
-    libcurl-devel \
-    libffi-devel \
-    libstdc++.so.6 \
-    libtool-ltdl-devel \
-    libcgroup-tools \
-    make \
-    mercurial \
-    nginx \
-    nodejs \
-    nss \
-    openldap-devel \
-    openssh-server \
-    patch \
-    @postgresql:10 \
-    postgresql-devel \
-    python3-devel \
-    python3-libselinux \
-    python3-pip \
-    python3-psycopg2 \
-    python3-setuptools \
-    python3-pycurl \
-    rsync \
-    rsyslog-omhttp \
-    subversion \
-    sudo \
-    swig \
-    tmux \
-    unzip \
-    vim-minimal \
-    which \
-    xmlsec1 \
-    xmlsec1-devel \
-    xmlsec1-openssl \
-    xmlsec1-openssl-devel
-
-# Dev dependencies / UI tests only, do not put in installer/roles/image_build/templates/Dockerfile.j2
-RUN dnf -y install \
-    gtk3 \
-    alsa-lib \
-    libX11-xcb \
-    libXScrnSaver \
-    strace \
-    vim \
-    nmap-ncat
-
-RUN /usr/bin/ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa && \
-    openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \
-        -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \
-    openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \
-    chmod 640 /etc/nginx/nginx.{csr,key,crt}
-
-RUN python3 -m ensurepip && pip3 install "virtualenv < 20" flake8 supervisor
-
-# Install Requirements
-ADD Makefile /tmp/Makefile
-RUN mkdir /tmp/requirements
-ADD requirements/requirements.txt \
-    requirements/requirements_git.txt \
-    requirements/requirements_ansible.txt \
-    requirements/requirements_ansible_git.txt \
-    requirements/requirements_dev.txt \
-    requirements/requirements_ansible_uninstall.txt \
-    requirements/requirements_tower_uninstall.txt \
-    requirements/collections_requirements.yml \
-    /tmp/requirements/
-RUN mkdir -p /venv && chmod g+w /venv
-RUN cd /tmp && VENV_BASE="/venv" make requirements_dev
-RUN mkdir -p /vendor/awx_ansible_collections && chmod g+w /vendor/awx_ansible_collections
-RUN cd /tmp && COLLECTION_BASE="/vendor/awx_ansible_collections" make requirements_collections
-
-# Use the distro provided npm to bootstrap our required version of node
-RUN npm install -g n && n 10.15.0 && dnf remove -y nodejs
-
-# Install OpenShift CLI
-RUN cd /usr/local/bin && \
-    curl -L https://github.com/openshift/origin/releases/download/v3.9.0/openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz | \
-    tar -xz --strip-components=1 --wildcards --no-anchored 'oc'
-
-RUN dnf -y clean all && rm -rf /root/.cache
-
-# https://github.com/ansible/awx/issues/5224
-RUN chmod u+s /usr/bin/bwrap
-
-ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link
-ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage
-ADD tools/docker-compose/awx.egg-info /tmp/awx.egg-info
-ADD tools/docker-compose/nginx.conf /etc/nginx/nginx.conf
-ADD tools/docker-compose/nginx.vh.default.conf /etc/nginx/conf.d/nginx.vh.default.conf
-ADD tools/docker-compose/launch_awx.sh /usr/bin/launch_awx.sh
-ADD tools/docker-compose/start_tests.sh /start_tests.sh
-ADD tools/docker-compose/bootstrap_development.sh /usr/bin/bootstrap_development.sh
-ADD tools/docker-compose/entrypoint.sh /
-ADD tools/docker-compose/rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf
-ADD tools/scripts/awx-python /usr/bin/awx-python
-
-# Pre-create things that we need to write to / fix up permissions
-RUN for dir in /var/lib/awx /var/lib/awx/rsyslog /var/lib/awx/rsyslog/conf.d /var/run/awx-rsyslog /var/log/tower/ /var/lib/awx/projects /.ansible /var/log/nginx /var/lib/nginx /.local /vendor; \
-    do mkdir -p $dir; chmod -R g+rwx $dir; chgrp -R root $dir; done && \
-    \
-    for file in /etc/passwd /etc/supervisord.conf /venv/awx/lib/python3.6/site-packages/awx.egg-link /var/run/nginx.pid; \
-    do touch $file; chmod -R g+rwx $file; chgrp -R root $file; done
-
-ENV HOME /var/lib/awx
-ENV PATH="/usr/local/n/versions/node/10.15.0/bin:${PATH}"
-ENV PATH="/usr/pgsql-10/bin:${PATH}"
-
-EXPOSE 8043 8013 8080 22
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["/bin/bash"]