mirror of
https://github.com/ansible/awx.git
synced 2026-01-21 06:28:01 -03:30
0a5e9da287
* Our tests could consistently get awx jobs into a deadlocked state whenever the parallelism was high. Even podman ps would hang when the system was in this state. We don't know exactly where in runc the bug is but the deadlocks stopped happening when we changed the OCI runtime environment to crun.
266 lines
8.0 KiB
Django/Jinja
266 lines
8.0 KiB
Django/Jinja
### This file is generated from
|
|
### tools/ansible/roles/dockerfile/templates/Dockerfile.j2
|
|
###
|
|
### DO NOT EDIT
|
|
###
|
|
|
|
# Build container
|
|
FROM quay.io/centos/centos:8 as builder
|
|
|
|
ENV LANG en_US.UTF-8
|
|
ENV LANGUAGE en_US:en
|
|
ENV LC_ALL en_US.UTF-8
|
|
|
|
USER root
|
|
|
|
# Install build dependencies
|
|
RUN dnf -y module enable 'postgresql:12'
|
|
RUN dnf -y update && \
|
|
dnf -y install epel-release 'dnf-command(config-manager)' && \
|
|
dnf module -y enable 'postgresql:12' && \
|
|
dnf config-manager --set-enabled powertools && \
|
|
dnf -y install \
|
|
gcc \
|
|
gcc-c++ \
|
|
git-core \
|
|
glibc-langpack-en \
|
|
libffi-devel \
|
|
libtool-ltdl-devel \
|
|
make \
|
|
nodejs \
|
|
nss \
|
|
openldap-devel \
|
|
patch \
|
|
@postgresql:12 \
|
|
postgresql-devel \
|
|
python38-devel \
|
|
python38-pip \
|
|
python38-psycopg2 \
|
|
python38-setuptools \
|
|
swig \
|
|
unzip \
|
|
xmlsec1-devel \
|
|
xmlsec1-openssl-devel
|
|
|
|
RUN python3.8 -m ensurepip && pip3 install "virtualenv < 20"
|
|
|
|
# Install & build requirements
|
|
ADD Makefile /tmp/Makefile
|
|
RUN mkdir /tmp/requirements
|
|
ADD requirements/requirements.txt \
|
|
requirements/requirements_tower_uninstall.txt \
|
|
requirements/requirements_git.txt \
|
|
/tmp/requirements/
|
|
|
|
RUN cd /tmp && make requirements_awx
|
|
|
|
{% if (build_dev|bool) or (kube_dev|bool) %}
|
|
ADD requirements/requirements_dev.txt /tmp/requirements
|
|
RUN cd /tmp && make requirements_awx_dev
|
|
{% else %}
|
|
# Use the distro provided npm to bootstrap our required version of node
|
|
RUN npm install -g n && n 14.15.1 && dnf remove -y nodejs
|
|
|
|
# Copy source into builder, build sdist, install it into awx venv
|
|
COPY . /tmp/src/
|
|
WORKDIR /tmp/src/
|
|
RUN make sdist && \
|
|
/var/lib/awx/venv/awx/bin/pip install dist/awx-$(cat VERSION).tar.gz
|
|
{% endif %}
|
|
|
|
# Final container(s)
|
|
FROM quay.io/centos/centos:8
|
|
|
|
ENV LANG en_US.UTF-8
|
|
ENV LANGUAGE en_US:en
|
|
ENV LC_ALL en_US.UTF-8
|
|
|
|
USER root
|
|
|
|
# Install runtime requirements
|
|
RUN dnf -y module enable 'postgresql:12'
|
|
RUN dnf -y update && \
|
|
dnf -y install epel-release 'dnf-command(config-manager)' && \
|
|
dnf module -y enable 'postgresql:12' && \
|
|
dnf config-manager --set-enabled powertools && \
|
|
dnf -y install acl \
|
|
git-core \
|
|
git-lfs \
|
|
glibc-langpack-en \
|
|
krb5-workstation \
|
|
libcgroup-tools \
|
|
nginx \
|
|
@postgresql:12 \
|
|
python3-devel \
|
|
python3-libselinux \
|
|
python38-pip \
|
|
python38-psycopg2 \
|
|
python38-setuptools \
|
|
rsync \
|
|
subversion \
|
|
sudo \
|
|
vim-minimal \
|
|
which \
|
|
unzip \
|
|
xmlsec1-openssl && \
|
|
dnf -y install centos-release-stream && dnf -y install "rsyslog >= 8.1911.0" && dnf -y remove centos-release-stream && \
|
|
dnf -y clean all
|
|
|
|
RUN curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 && \
|
|
chmod 700 get_helm.sh && \
|
|
./get_helm.sh
|
|
|
|
# Install tini
|
|
RUN curl -L -o /usr/bin/tini https://github.com/krallin/tini/releases/download/v0.19.0/tini-{{ tini_architecture | default('amd64') }} && \
|
|
chmod +x /usr/bin/tini
|
|
|
|
RUN python3.8 -m ensurepip && pip3 install "virtualenv < 20" supervisor
|
|
|
|
RUN rm -rf /root/.cache && rm -rf /tmp/*
|
|
|
|
{% if (build_dev|bool) or (kube_dev|bool) %}
|
|
# Install development/test requirements
|
|
RUN dnf -y install \
|
|
crun \
|
|
gdb \
|
|
gtk3 \
|
|
gettext \
|
|
alsa-lib \
|
|
libX11-xcb \
|
|
libXScrnSaver \
|
|
strace \
|
|
vim \
|
|
nmap-ncat \
|
|
libpq-devel \
|
|
nodejs \
|
|
nss \
|
|
make \
|
|
patch \
|
|
socat \
|
|
tmux \
|
|
wget \
|
|
diffutils \
|
|
unzip && \
|
|
npm install -g n && n 14.15.1 && dnf remove -y nodejs
|
|
|
|
RUN pip3 install black git+https://github.com/coderanger/supervisor-stdout
|
|
|
|
# This package randomly fails to download.
|
|
# It is nice to have in the dev env, but not necessary.
|
|
# Add it back to the list above if the repo ever straighten up.
|
|
RUN dnf --enablerepo=debuginfo -y install python3-debuginfo || :
|
|
{% endif %}
|
|
|
|
{% if build_dev|bool %}
|
|
RUN dnf install -y podman
|
|
RUN echo -e '[engine]\ncgroup_manager = "cgroupfs"\nevents_logger = "file"\nruntime = "crun"' > /etc/containers/containers.conf
|
|
{% endif %}
|
|
|
|
# Ensure we must use fully qualified image names
|
|
# This prevents podman prompt that hangs when trying to pull unqualified images
|
|
RUN mkdir -p /etc/containers/registries.conf.d/ && echo "unqualified-search-registries = []" >> /etc/containers/registries.conf.d/force-fully-qualified-images.conf && chmod 644 /etc/containers/registries.conf.d/force-fully-qualified-images.conf
|
|
|
|
# Copy app from builder
|
|
COPY --from=builder /var/lib/awx /var/lib/awx
|
|
|
|
RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage
|
|
|
|
{%if build_dev|bool %}
|
|
COPY --from=quay.io/project-receptor/receptor:1.0.0a2 /usr/bin/receptor /usr/bin/receptor
|
|
RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \
|
|
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \
|
|
openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \
|
|
chmod 640 /etc/nginx/nginx.{csr,key,crt}
|
|
{% endif %}
|
|
|
|
# Create default awx rsyslog config
|
|
ADD tools/ansible/roles/dockerfile/files/rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf
|
|
ADD tools/ansible/roles/dockerfile/files/wait-for-migrations /usr/local/bin/wait-for-migrations
|
|
|
|
## File mappings
|
|
{% if build_dev|bool %}
|
|
ADD tools/docker-compose/launch_awx.sh /usr/bin/launch_awx.sh
|
|
ADD tools/docker-compose/nginx.conf /etc/nginx/nginx.conf
|
|
ADD tools/docker-compose/nginx.vh.default.conf /etc/nginx/conf.d/nginx.vh.default.conf
|
|
ADD tools/docker-compose/start_tests.sh /start_tests.sh
|
|
ADD tools/docker-compose/bootstrap_development.sh /usr/bin/bootstrap_development.sh
|
|
ADD tools/docker-compose/entrypoint.sh /entrypoint.sh
|
|
{% else %}
|
|
ADD tools/ansible/roles/dockerfile/files/launch_awx.sh /usr/bin/launch_awx.sh
|
|
ADD tools/ansible/roles/dockerfile/files/launch_awx_task.sh /usr/bin/launch_awx_task.sh
|
|
ADD tools/ansible/roles/dockerfile/files/settings.py /etc/tower/settings.py
|
|
ADD {{ template_dest }}/supervisor.conf /etc/supervisord.conf
|
|
ADD {{ template_dest }}/supervisor_task.conf /etc/supervisord_task.conf
|
|
ADD tools/scripts/config-watcher /usr/bin/config-watcher
|
|
{% endif %}
|
|
{% if (build_dev|bool) or (kube_dev|bool) %}
|
|
ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link
|
|
ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage
|
|
ADD tools/scripts/awx-python /usr/bin/awx-python
|
|
{% endif %}
|
|
|
|
# Pre-create things we need to access
|
|
RUN for dir in \
|
|
/var/lib/awx \
|
|
/var/lib/awx/rsyslog \
|
|
/var/lib/awx/rsyslog/conf.d \
|
|
/var/lib/awx/.local/share/containers/storage \
|
|
/var/run/awx-rsyslog \
|
|
/var/log/tower \
|
|
/var/log/nginx \
|
|
/var/lib/postgresql \
|
|
/var/run/supervisor \
|
|
/var/run/receptor \
|
|
/var/lib/nginx ; \
|
|
do mkdir -m 0775 -p $dir ; chmod g+rw $dir ; chgrp root $dir ; done && \
|
|
for file in \
|
|
/etc/subuid \
|
|
/etc/subgid \
|
|
/etc/group \
|
|
/etc/passwd \
|
|
/var/lib/awx/rsyslog/rsyslog.conf ; \
|
|
do touch $file ; chmod g+rw $file ; chgrp root $file ; done
|
|
|
|
{% if (build_dev|bool) or (kube_dev|bool) %}
|
|
RUN for dir in \
|
|
/var/lib/awx/venv \
|
|
/var/lib/awx/venv/awx/bin \
|
|
/var/lib/awx/venv/awx/lib/python3.8 \
|
|
/var/lib/awx/venv/awx/lib/python3.8/site-packages \
|
|
/var/lib/awx/projects \
|
|
/var/lib/awx/rsyslog \
|
|
/var/run/awx-rsyslog \
|
|
/.ansible \
|
|
/var/lib/awx/vendor ; \
|
|
do mkdir -m 0775 -p $dir ; chmod g+rw $dir ; chgrp root $dir ; done && \
|
|
for file in \
|
|
/var/run/nginx.pid \
|
|
/var/lib/awx/venv/awx/lib/python3.8/site-packages/awx.egg-link ; \
|
|
do touch $file ; chmod g+rw $file ; done
|
|
{% endif %}
|
|
|
|
{% if not build_dev|bool %}
|
|
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
|
|
ln -sf /dev/stderr /var/log/nginx/error.log
|
|
{% endif %}
|
|
|
|
ENV HOME="/var/lib/awx"
|
|
ENV PATH="/usr/pgsql-10/bin:${PATH}"
|
|
|
|
{% if build_dev|bool %}
|
|
ENV PATH="/var/lib/awx/venv/awx/bin/:${PATH}"
|
|
|
|
EXPOSE 8043 8013 8080 22
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
CMD ["/bin/bash"]
|
|
{% else %}
|
|
USER 1000
|
|
EXPOSE 8052
|
|
|
|
ENTRYPOINT ["/usr/bin/tini", "--"]
|
|
CMD /usr/bin/launch_awx.sh
|
|
VOLUME /var/lib/nginx
|
|
VOLUME /var/lib/awx/.local/share/containers/storage
|
|
{% endif %}
|