Dramatically simplify image_build role

This does a few things: - Removes need for awx_sdist_builder image - Reorders Dockerfile steps to optimize image cache between prod and dev builds - Unifies VENV_BASE and COLLECTION_BASE in prod and dev builds
2026-01-10 15:32:07 -03:30 · 2020-12-26 13:06:29 -05:00 · 2020-12-26 13:06:29 -05:00 · ab6430e50d
commit ab6430e50d
parent 8ceb505977
7 changed files with 51 additions and 156 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,2 +1 @@
 .git
 awx/ui/node_modules
--- a/3
+++ b/3
@ -19,7 +19,8 @@ PYCURL_SSL_LIBRARY ?= openssl
 COMPOSE_TAG ?= $(GIT_BRANCH)
 COMPOSE_HOST ?= $(shell hostname)
-VENV_BASE ?= /venv
+VENV_BASE ?= /var/lib/awx/venv/
 COLLECTION_BASE ?= /var/lib/awx/vendor/awx_ansible_collections
 SCL_PREFIX ?=
 CELERY_SCHEDULE_FILE ?= /var/lib/awx/beat.db
--- a/awx/settings/development.py
+++ b/awx/settings/development.py
@ -148,7 +148,7 @@ include(optional('/etc/tower/settings.py'), scope=locals())
 include(optional('/etc/tower/conf.d/*.py'), scope=locals())
 # Installed differently in Dockerfile compared to production versions
-AWX_ANSIBLE_COLLECTIONS_PATHS = '/vendor/awx_ansible_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
 BASE_VENV_PATH = "/venv/"
 ANSIBLE_VENV_PATH = os.path.join(BASE_VENV_PATH, "ansible")
--- a/awx/settings/local_settings.py.docker_compose
+++ b/awx/settings/local_settings.py.docker_compose
@ -53,7 +53,7 @@ if "pytest" in sys.modules:
 PROJECTS_ROOT = '/var/lib/awx/projects/'
 # Location for cross-development of inventory plugins
-AWX_ANSIBLE_COLLECTIONS_PATHS = '/vendor/awx_ansible_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
 # Absolute filesystem path to the directory for job status stdout
 # This directory should not be web-accessible
--- a/installer/roles/image_build/files/Dockerfile.sdist
+++ b/installer/roles/image_build/files/Dockerfile.sdist
@ -1,22 +0,0 @@
 FROM centos:8
 RUN dnf -y update && dnf -y install epel-release && \
    dnf install -y bzip2 \
    gcc-c++ \
    gettext \
    git \
    make \
    nodejs \
    python3 \
    python3-setuptools
 # Use the distro provided npm to bootstrap our required version of node
 RUN npm install -g n && n 14.15.1 && dnf remove -y nodejs
 RUN mkdir -p /.npm && chmod g+rwx /.npm
 ENV PATH=/usr/local/n/versions/node/14.15.1/bin:$PATH
 WORKDIR "/awx"
 CMD ["make", "sdist"]
--- a/installer/roles/image_build/tasks/main.yml
+++ b/installer/roles/image_build/tasks/main.yml
@ -19,76 +19,6 @@
  delegate_to: localhost
  when: awx_official|default(false)|bool
 - name: Set sdist file name
  set_fact:
    awx_sdist_file: "awx-{{ awx_version }}.tar.gz"
 - name: AWX Distribution
  debug:
    msg: "{{ awx_sdist_file }}"
 - name: Stat distribution file
  stat:
    path: "../dist/{{ awx_sdist_file }}"
  delegate_to: localhost
  register: sdist
 - name: Clean distribution
  command: make clean
  args:
    chdir: ..
  ignore_errors: true
  when: not sdist.stat.exists
  delegate_to: localhost
 - name: Build sdist builder image
  docker_image:
    build:
      path: "{{ role_path }}/files"
      dockerfile: Dockerfile.sdist
      pull: false
      args:
        http_proxy: "{{ http_proxy | default('') }}"
        https_proxy: "{{ https_proxy | default('') }}"
        no_proxy: "{{ no_proxy | default('') }}"
    name: awx_sdist_builder
    tag: "{{ awx_version }}"
    source: 'build'
    force_source: true
  delegate_to: localhost
  when: use_container_for_build|default(true)|bool
 - name: Get current uid
  command: id -u
  register: uid
 - name: Build AWX distribution using container
  docker_container:
    env:
      http_proxy: "{{ http_proxy | default('') }}"
      https_proxy: "{{ https_proxy | default('') }}"
      no_proxy: "{{ no_proxy | default('') }}"
    image: "awx_sdist_builder:{{ awx_version }}"
    name: awx_sdist_builder
    state: started
    user: "{{ uid.stdout }}"
    detach: false
    volumes:
      - ../:/awx:Z
  delegate_to: localhost
  when: use_container_for_build|default(true)|bool
 - name: Build AWX distribution locally
  command: make sdist
  args:
    chdir: ..
  delegate_to: localhost
  when: not use_container_for_build|default(true)|bool
 - name: Set docker build base path
  set_fact:
    docker_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/docker-image"
 - name: Set awx image name
  set_fact:
    awx_image: "{{ awx_image|default('awx') }}"
@ -97,32 +27,16 @@
  template:
    src: Dockerfile.j2
    dest: ../Dockerfile
 - name: Build base awx image
  docker_image:
    build:
      path: ".."
      dockerfile: Dockerfile
      pull: false
      args:
        http_proxy: "{{ http_proxy | default('') }}"
        https_proxy: "{{ https_proxy | default('') }}"
        no_proxy: "{{ no_proxy | default('') }}"
    name: "{{ awx_image }}"
    tag: "{{ awx_version }}"
    source: 'build'
    force_source: true
  delegate_to: localhost
 # Calling Docker directly because docker-py doesnt support BuildKit
 - name: Build AWX image
  command: docker build -t {{ awx_image }}:{{ awx_version }} ..
  delegate_to: localhost
  when: use_container_for_build|default(true)|bool
 - name: Tag awx images as latest
  command: "docker tag {{ item }}:{{ awx_version }} {{ item }}:latest"
  delegate_to: localhost
  with_items:
    - "{{ awx_image }}"
 - name: Clean docker base directory
  file:
    path: "{{ docker_base_path }}"
    state: absent
  when: cleanup_docker_base|default(True)|bool
  delegate_to: localhost
--- a/installer/roles/image_build/templates/Dockerfile.j2
+++ b/installer/roles/image_build/templates/Dockerfile.j2
@ -9,15 +9,11 @@
 {% endif %}
 # Locations - set globally to be used across stages
-ARG VENV_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/venv"
+ARG COLLECTION_BASE="/var/lib/awx/vendor/awx_ansible_collections"
 ARG COLLECTION_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/vendor/awx_ansible_collections"
 # Build container
 FROM centos:8 as builder
 ARG VENV_BASE
 ARG COLLECTION_BASE
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8
@ -74,16 +70,21 @@ RUN cd /tmp && make requirements_collections
 ADD requirements/requirements_dev.txt /tmp/requirements
 RUN cd /tmp && make requirements_awx_dev requirements_ansible_dev
 {% endif %}
 {% if not build_dev|bool %}
-COPY dist/{{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
+# Use the distro provided npm to bootstrap our required version of node
-RUN mkdir -p -m 755 /var/lib/awx && \
+RUN npm install -g n && n 14.15.1 && dnf remove -y nodejs
-    OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }}
+
 # Copy source into builder, build sdist, install it into awx venv
 COPY . /tmp/src/
 WORKDIR /tmp/src/
 RUN make sdist && \
    /var/lib/awx/venv/awx/bin/pip install dist/awx-$(cat VERSION).tar.gz
 {% endif %}
 # Final container(s)
 FROM centos:8
 ARG VENV_BASE
 ARG COLLECTION_BASE
 ENV LANG en_US.UTF-8
@ -92,28 +93,6 @@ ENV LC_ALL en_US.UTF-8
 USER root
 {% if build_dev|bool %}
 # Install development/test requirements
 RUN dnf -y install \
    gtk3 \
    gettext \
    alsa-lib \
    libX11-xcb \
    libXScrnSaver \
    strace \
    vim \
    nmap-ncat \
    nodejs \
    nss \
    make \
    patch \
    tmux \
    wget \
    diffutils \
    unzip && \
    npm install -g n && n 14.15.1 && dnf remove -y nodejs
 {% endif %}
 # Install runtime requirements
 RUN dnf -y update && \
    dnf -y install epel-release 'dnf-command(config-manager)' && \
@ -165,16 +144,40 @@ RUN cd /usr/local/bin && \
    curl -L https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz | \
    tar -xz --strip-components=1 --wildcards --no-anchored 'oc'
 {% if build_dev|bool %}
 # Install development/test requirements
 RUN dnf --enablerepo=debuginfo -y install \
    gdb \
    gtk3 \
    gettext \
    alsa-lib \
    libX11-xcb \
    libXScrnSaver \
    strace \
    vim \
    nmap-ncat \
    nodejs \
    nss \
    make \
    patch \
    python3-debuginfo \
    socat \
    tmux \
    wget \
    diffutils \
    unzip && \
    npm install -g n && n 14.15.1 && dnf remove -y nodejs
 {% endif %}
 # Copy app from builder
 COPY --from=builder /var/lib/awx /var/lib/awx
 {%if build_dev|bool %}
 COPY --from=builder /venv /venv
 COPY --from=builder /vendor /vendor
 RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \
        -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \
    openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \
    chmod 640 /etc/nginx/nginx.{csr,key,crt}
 {% else %}
 COPY --from=builder /var/lib/awx /var/lib/awx
 RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage
 {% endif %}
@ -223,17 +226,17 @@ RUN chmod u+s /usr/bin/bwrap ; \
 {% if build_dev|bool %}
 RUN for dir in \
-      /venv \
+      /var/lib/awx/venv \
-      /venv/awx/lib/python3.6 \
+      /var/lib/awx/venv/awx/lib/python3.6 \
      /var/lib/awx/projects \
      /var/lib/awx/rsyslog \
      /var/run/awx-rsyslog \
      /.ansible \
-      /vendor ; \
+      /var/lib/awx/vendor ; \
    do mkdir -m 0775 -p $dir ; chmod g+rw $dir ; chgrp root $dir ; done && \
    for file in \
      /var/run/nginx.pid \
-      /venv/awx/lib/python3.6/site-packages/awx.egg-link ; \
+      /var/lib/awx/venv/awx/lib/python3.6/site-packages/awx.egg-link ; \
    do touch $file ; chmod g+rw $file ; done
 {% endif %}
`@ -1,2 +1 @@`
	`.git`
	`awx/ui/node_modules`	`awx/ui/node_modules`