Dramatically simplify image_build role

This does a few things:

- Removes need for awx_sdist_builder image
- Reorders Dockerfile steps to optimize image cache between prod and dev builds
- Unifies VENV_BASE and COLLECTION_BASE in prod and dev builds

.dockerignore

@@ -1,2 +1 @@
-.git
 awx/ui/node_modules

Makefile

@@ -19,7 +19,8 @@ PYCURL_SSL_LIBRARY ?= openssl
 COMPOSE_TAG ?= $(GIT_BRANCH)
 COMPOSE_HOST ?= $(shell hostname)
 
-VENV_BASE ?= /venv
+VENV_BASE ?= /var/lib/awx/venv/
+COLLECTION_BASE ?= /var/lib/awx/vendor/awx_ansible_collections
 SCL_PREFIX ?=
 CELERY_SCHEDULE_FILE ?= /var/lib/awx/beat.db
 

awx/settings/development.py

@@ -148,7 +148,7 @@ include(optional('/etc/tower/settings.py'), scope=locals())
 include(optional('/etc/tower/conf.d/*.py'), scope=locals())
 
 # Installed differently in Dockerfile compared to production versions
-AWX_ANSIBLE_COLLECTIONS_PATHS = '/vendor/awx_ansible_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
 
 BASE_VENV_PATH = "/venv/"
 ANSIBLE_VENV_PATH = os.path.join(BASE_VENV_PATH, "ansible")

awx/settings/local_settings.py.docker_compose

@@ -53,7 +53,7 @@ if "pytest" in sys.modules:
 PROJECTS_ROOT = '/var/lib/awx/projects/'
 
 # Location for cross-development of inventory plugins
-AWX_ANSIBLE_COLLECTIONS_PATHS = '/vendor/awx_ansible_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
 
 # Absolute filesystem path to the directory for job status stdout
 # This directory should not be web-accessible

installer/roles/image_build/files/Dockerfile.sdist

@@ -1,22 +0,0 @@
-FROM centos:8
-
-RUN dnf -y update && dnf -y install epel-release && \
-    dnf install -y bzip2 \
-    gcc-c++ \
-    gettext \
-    git \
-    make \
-    nodejs \
-    python3 \
-    python3-setuptools
-
-# Use the distro provided npm to bootstrap our required version of node
-RUN npm install -g n && n 14.15.1 && dnf remove -y nodejs
-
-RUN mkdir -p /.npm && chmod g+rwx /.npm
-
-ENV PATH=/usr/local/n/versions/node/14.15.1/bin:$PATH
-
-WORKDIR "/awx"
-
-CMD ["make", "sdist"]

installer/roles/image_build/tasks/main.yml

@@ -19,76 +19,6 @@
   delegate_to: localhost
   when: awx_official|default(false)|bool
 
-- name: Set sdist file name
-  set_fact:
-    awx_sdist_file: "awx-{{ awx_version }}.tar.gz"
-
-- name: AWX Distribution
-  debug:
-    msg: "{{ awx_sdist_file }}"
-
-- name: Stat distribution file
-  stat:
-    path: "../dist/{{ awx_sdist_file }}"
-  delegate_to: localhost
-  register: sdist
-
-- name: Clean distribution
-  command: make clean
-  args:
-    chdir: ..
-  ignore_errors: true
-  when: not sdist.stat.exists
-  delegate_to: localhost
-
-- name: Build sdist builder image
-  docker_image:
-    build:
-      path: "{{ role_path }}/files"
-      dockerfile: Dockerfile.sdist
-      pull: false
-      args:
-        http_proxy: "{{ http_proxy | default('') }}"
-        https_proxy: "{{ https_proxy | default('') }}"
-        no_proxy: "{{ no_proxy | default('') }}"
-    name: awx_sdist_builder
-    tag: "{{ awx_version }}"
-    source: 'build'
-    force_source: true
-  delegate_to: localhost
-  when: use_container_for_build|default(true)|bool
-
-- name: Get current uid
-  command: id -u
-  register: uid
-
-- name: Build AWX distribution using container
-  docker_container:
-    env:
-      http_proxy: "{{ http_proxy | default('') }}"
-      https_proxy: "{{ https_proxy | default('') }}"
-      no_proxy: "{{ no_proxy | default('') }}"
-    image: "awx_sdist_builder:{{ awx_version }}"
-    name: awx_sdist_builder
-    state: started
-    user: "{{ uid.stdout }}"
-    detach: false
-    volumes:
-      - ../:/awx:Z
-  delegate_to: localhost
-  when: use_container_for_build|default(true)|bool
-
-- name: Build AWX distribution locally
-  command: make sdist
-  args:
-    chdir: ..
-  delegate_to: localhost
-  when: not use_container_for_build|default(true)|bool
-
-- name: Set docker build base path
-  set_fact:
-    docker_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/docker-image"
-
 - name: Set awx image name
   set_fact:
     awx_image: "{{ awx_image|default('awx') }}"
@@ -97,32 +27,16 @@
   template:
     src: Dockerfile.j2
     dest: ../Dockerfile
-
-- name: Build base awx image
-  docker_image:
-    build:
-      path: ".."
-      dockerfile: Dockerfile
-      pull: false
-      args:
-        http_proxy: "{{ http_proxy | default('') }}"
-        https_proxy: "{{ https_proxy | default('') }}"
-        no_proxy: "{{ no_proxy | default('') }}"
-    name: "{{ awx_image }}"
-    tag: "{{ awx_version }}"
-    source: 'build'
-    force_source: true
   delegate_to: localhost
 
+# Calling Docker directly because docker-py doesnt support BuildKit
+- name: Build AWX image
+  command: docker build -t {{ awx_image }}:{{ awx_version }} ..
+  delegate_to: localhost
+  when: use_container_for_build|default(true)|bool
+
 - name: Tag awx images as latest
   command: "docker tag {{ item }}:{{ awx_version }} {{ item }}:latest"
   delegate_to: localhost
   with_items:
     - "{{ awx_image }}"
-
-- name: Clean docker base directory
-  file:
-    path: "{{ docker_base_path }}"
-    state: absent
-  when: cleanup_docker_base|default(True)|bool
-  delegate_to: localhost

installer/roles/image_build/templates/Dockerfile.j2

@@ -9,15 +9,11 @@
 {% endif %}
 
 # Locations - set globally to be used across stages
-ARG VENV_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/venv"
-ARG COLLECTION_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/vendor/awx_ansible_collections"
+ARG COLLECTION_BASE="/var/lib/awx/vendor/awx_ansible_collections"
 
 # Build container
 FROM centos:8 as builder
 
-ARG VENV_BASE
-ARG COLLECTION_BASE
-
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8
@@ -74,16 +70,21 @@ RUN cd /tmp && make requirements_collections
 ADD requirements/requirements_dev.txt /tmp/requirements
 RUN cd /tmp && make requirements_awx_dev requirements_ansible_dev
 {% endif %}
+
 {% if not build_dev|bool %}
-COPY dist/{{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
-RUN mkdir -p -m 755 /var/lib/awx && \
-    OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }}
+# Use the distro provided npm to bootstrap our required version of node
+RUN npm install -g n && n 14.15.1 && dnf remove -y nodejs
+
+# Copy source into builder, build sdist, install it into awx venv
+COPY . /tmp/src/
+WORKDIR /tmp/src/
+RUN make sdist && \
+    /var/lib/awx/venv/awx/bin/pip install dist/awx-$(cat VERSION).tar.gz
 {% endif %}
 
 # Final container(s)
 FROM centos:8
 
-ARG VENV_BASE
 ARG COLLECTION_BASE
 
 ENV LANG en_US.UTF-8
@@ -92,28 +93,6 @@ ENV LC_ALL en_US.UTF-8
 
 USER root
 
-{% if build_dev|bool %}
-# Install development/test requirements
-RUN dnf -y install \
-    gtk3 \
-    gettext \
-    alsa-lib \
-    libX11-xcb \
-    libXScrnSaver \
-    strace \
-    vim \
-    nmap-ncat \
-    nodejs \
-    nss \
-    make \
-    patch \
-    tmux \
-    wget \
-    diffutils \
-    unzip && \
-    npm install -g n && n 14.15.1 && dnf remove -y nodejs
-{% endif %}
-
 # Install runtime requirements
 RUN dnf -y update && \
     dnf -y install epel-release 'dnf-command(config-manager)' && \
@@ -165,16 +144,40 @@ RUN cd /usr/local/bin && \
     curl -L https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz | \
     tar -xz --strip-components=1 --wildcards --no-anchored 'oc'
 
+{% if build_dev|bool %}
+# Install development/test requirements
+RUN dnf --enablerepo=debuginfo -y install \
+    gdb \
+    gtk3 \
+    gettext \
+    alsa-lib \
+    libX11-xcb \
+    libXScrnSaver \
+    strace \
+    vim \
+    nmap-ncat \
+    nodejs \
+    nss \
+    make \
+    patch \
+    python3-debuginfo \
+    socat \
+    tmux \
+    wget \
+    diffutils \
+    unzip && \
+    npm install -g n && n 14.15.1 && dnf remove -y nodejs
+{% endif %}
+
 # Copy app from builder
+COPY --from=builder /var/lib/awx /var/lib/awx
+
 {%if build_dev|bool %}
-COPY --from=builder /venv /venv
-COPY --from=builder /vendor /vendor
 RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \
         -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \
     openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \
     chmod 640 /etc/nginx/nginx.{csr,key,crt}
 {% else %}
-COPY --from=builder /var/lib/awx /var/lib/awx
 RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage
 {% endif %}
 
@@ -223,17 +226,17 @@ RUN chmod u+s /usr/bin/bwrap ; \
 
 {% if build_dev|bool %}
 RUN for dir in \
-      /venv \
-      /venv/awx/lib/python3.6 \
+      /var/lib/awx/venv \
+      /var/lib/awx/venv/awx/lib/python3.6 \
       /var/lib/awx/projects \
       /var/lib/awx/rsyslog \
       /var/run/awx-rsyslog \
       /.ansible \
-      /vendor ; \
+      /var/lib/awx/vendor ; \
     do mkdir -m 0775 -p $dir ; chmod g+rw $dir ; chgrp root $dir ; done && \
     for file in \
       /var/run/nginx.pid \
-      /venv/awx/lib/python3.6/site-packages/awx.egg-link ; \
+      /var/lib/awx/venv/awx/lib/python3.6/site-packages/awx.egg-link ; \
     do touch $file ; chmod g+rw $file ; done
 {% endif %}