Add Dockerfile for SCF workspace image #1174
Conversation
|
Or you can have a try the existing docker image which we created: |
There was a problem hiding this comment.
Sorry it took us a bit to get to this!
Generally okay (there are a few things that shouldn't be necessary, but I don't care enough to block merging on them). The only thing I actually care about is running as root (and consequently changing permissions on the checkout outside the docker image).
I guess this is mostly aimed at concourse? You should be able to run make vagrant-prep from a workstation and have thing work, since most "interesting" bits are run in docker.
| RUN apt-get update -y | ||
|
|
||
| # Install basics dependency | ||
| RUN apt-get install -y nginx openssh-server git-core openssh-client curl nano build-essential openssl libreadline6 libreadline6-dev curl zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config ca-certificates mercurial bzr ruby ruby-dev libxslt1-dev libpq-dev libmysqlclient-dev apt-transport-https software-properties-common dnsutils |
There was a problem hiding this comment.
I'm not sure why we need nginx, and a bunch of development libs, on in the image, but okay. (Fissile should be compiling everything inside docker containers anyway)
There was a problem hiding this comment.
OK, I will remove nginx to see if there is any tool needs it. These libs are deps such for docker, etc...
There was a problem hiding this comment.
Right, but (hopefully) docker isn't doing anything that needs tghe -dev packages… it shouldn't depend on a compiler being present :)
| RUN mkdir /opt/bcf/helm/helm-certgen && curl -L "https://github.com/SUSE/helm-certgen/releases/download/${HELM_CERTGEN_VERSION}/certgen-linux-amd64-1-0-0-1501794790-f3b21c90.tgz" | tar -zx -C /opt/bcf/helm/helm-certgen && helm plugin install /opt/bcf/helm/helm-certgen | ||
|
|
||
| # Install fissile | ||
| RUN git clone https://github.com/SUSE/fissile $GOPATH/src/github.com/SUSE/fissile && cd $GOPATH/src/github.com/SUSE/fissile && make tools && make build && mv $GOPATH/src/github.com/SUSE/fissile/build/linux-amd64/fissile /usr/local/bin/fissile |
There was a problem hiding this comment.
This should be pulled in via the prep stuff in the makefile (specifically, make ${FISSILE_BINARY}). But whatever 😄
There was a problem hiding this comment.
I try to use make all, but it fail because docker deamon is not started and ready yet.
so make docker-deps will fail... :(
There was a problem hiding this comment.
I was more thinking of doing it inside the docker image (after the mount happens); after all, hopefully we would need to bump this image less often than we bump the tools. As written, we'll need to rebuild the docker image every time we have a new fissile / configgin.
| # Install direnv | ||
| RUN git clone https://github.com/direnv/direnv $GOPATH/src/github.com/direnv/direnv && cd $GOPATH/src/github.com/direnv/direnv && make install && echo 'eval "$(direnv hook bash)"' >> ~/.bashrc | ||
|
|
||
| WORKDIR / |
There was a problem hiding this comment.
I'm a bit concerned that everything in the container would run as root (which means the files in your checkout would start being owned by root).
There was a problem hiding this comment.
Yes, every files is created by root. but I verify all works fine. root execute, generate and use everything.
Have you seen any error when using root?
There was a problem hiding this comment.
Right, nothing would go wrong for the actual build; however, as a user on a workstation you'll then need to deal with a bunch of files owned by root. (Mostly because we tend to check this out into our home directories, ~/workspace/scf/ or something like that).
This of course isn't an issue for automated CI (where everything is a throwaway volume anyway).
|
|
||
| **NOTICE** <br> | ||
| 1. You need to run Docker container with **--privileged** parameter to allow start Docker deamon in the Docker container and use volume parameter for inner docker data folder, such as: | ||
| `docker run -it --privileged --volume “/root/scf:/scf” --volume “/root/inner_docker_volume:/var/lib/docker” --name test your_org/wid:1.0.0 /bin/bash` |
There was a problem hiding this comment.
From trial and error: Just exposing the docker socket directly (--volume /var/run/docker.sock:/var/run/docker.sock) will not work, because the volume mounts will get all confused. Unless you mount with -v $PWD:$PWD instead of /scf, then thing will map correctly.
Either way, running as root makes it annoying (unless you're dealing with disposable checkouts like concourse is).
There was a problem hiding this comment.
Sorry, I didn't understand it well. What is the error?
--volume “/root/scf:/scf”, these are the folder on your machine: docker container folder.
And docker socket is?
There was a problem hiding this comment.
I was attempting to not need to start a separate docker inside the container (instead, using the host docker). This gets rid of the need for a /var/lib/docker mount. Hence mounting /var/run/docker.sock into the container too. But that's more me playing with the thing than something we actually need.
|
We plan use it for concourse and our daily development. I think it is faster and can develop and make build anywhere :) |
There was a problem hiding this comment.
FWIW, on a workstation (where your user has access to docker) you should be able to run make vagrant-prep / make helm / make kube just fine; make run would probably fail because we don't have anything set up to transfer the built images somewhere that the kubernetes cluster can pull (unless you make publish first).
| RUN apt-get update -y | ||
|
|
||
| # Install basics dependency | ||
| RUN apt-get install -y nginx openssh-server git-core openssh-client curl nano build-essential openssl libreadline6 libreadline6-dev curl zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config ca-certificates mercurial bzr ruby ruby-dev libxslt1-dev libpq-dev libmysqlclient-dev apt-transport-https software-properties-common dnsutils |
There was a problem hiding this comment.
Right, but (hopefully) docker isn't doing anything that needs tghe -dev packages… it shouldn't depend on a compiler being present :)
| RUN mkdir /opt/bcf/helm/helm-certgen && curl -L "https://github.com/SUSE/helm-certgen/releases/download/${HELM_CERTGEN_VERSION}/certgen-linux-amd64-1-0-0-1501794790-f3b21c90.tgz" | tar -zx -C /opt/bcf/helm/helm-certgen && helm plugin install /opt/bcf/helm/helm-certgen | ||
|
|
||
| # Install fissile | ||
| RUN git clone https://github.com/SUSE/fissile $GOPATH/src/github.com/SUSE/fissile && cd $GOPATH/src/github.com/SUSE/fissile && make tools && make build && mv $GOPATH/src/github.com/SUSE/fissile/build/linux-amd64/fissile /usr/local/bin/fissile |
There was a problem hiding this comment.
I was more thinking of doing it inside the docker image (after the mount happens); after all, hopefully we would need to bump this image less often than we bump the tools. As written, we'll need to rebuild the docker image every time we have a new fissile / configgin.
| # Install direnv | ||
| RUN git clone https://github.com/direnv/direnv $GOPATH/src/github.com/direnv/direnv && cd $GOPATH/src/github.com/direnv/direnv && make install && echo 'eval "$(direnv hook bash)"' >> ~/.bashrc | ||
|
|
||
| WORKDIR / |
There was a problem hiding this comment.
Right, nothing would go wrong for the actual build; however, as a user on a workstation you'll then need to deal with a bunch of files owned by root. (Mostly because we tend to check this out into our home directories, ~/workspace/scf/ or something like that).
This of course isn't an issue for automated CI (where everything is a throwaway volume anyway).
|
|
||
| **NOTICE** <br> | ||
| 1. You need to run Docker container with **--privileged** parameter to allow start Docker deamon in the Docker container and use volume parameter for inner docker data folder, such as: | ||
| `docker run -it --privileged --volume “/root/scf:/scf” --volume “/root/inner_docker_volume:/var/lib/docker” --name test your_org/wid:1.0.0 /bin/bash` |
There was a problem hiding this comment.
I was attempting to not need to start a separate docker inside the container (instead, using the host docker). This gets rid of the need for a /var/lib/docker mount. Hence mounting /var/run/docker.sock into the container too. But that's more me playing with the thing than something we actually need.
|
Hi @mook-as Sorry, We are still using the old Dockerfile to build image continully. I will verify if build process works fine after refine by your suggestion in next milestone. It may take more time. I will update here if I have any news. Thanks! |
Hi,
Our team are using SCF in our workspace, but one vagrant VM is not enough for a team. We would like to have own workspace and integrate with CI tools. I extract required tools from Vagrant VM and create a Dockerfile.
We have verified the Docker image can work fine as SCF workspace. such as develop, create images, etc...
We also verified it in CI tools such as Concourse, it also works fine (Only need about 50mins to create SCF images). Please take a look if it is valuable.
Submitter: zhangtbj@cn.ibm.com (Jordan) and shenxh@cn.ibm.com (Xiao Hua)
Thanks a lot!