reduce docker image size #10743

firefart · 2018-10-04T14:25:55Z

This PR reduces the size of the built docker image.

The added chown build step created an additional layer with all gems included.

The fix moved the permission change step into the build image so the layer is omitted from the final image. This saves around 150 MB.

Image size compare

metasploit                                              dev                 89ffebea037f        5 minutes ago       400MB
metasploitframework/metasploit-framework                latest              25ef38d5eec0        2 hours ago         548MB

Layers before

note the double 153MB layer

[firefart@fedora metasploit-framework]$ docker history metasploitframework/metasploit-framework
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
25ef38d5eec0        2 hours ago         /bin/sh -c #(nop)  CMD ["./msfconsole" "-r" …   0B                  
<missing>           2 hours ago         /bin/sh -c #(nop)  ENTRYPOINT ["docker/entry…   0B                  
<missing>           2 hours ago         /bin/sh -c /usr/sbin/setcap cap_net_raw,cap_…   2.96MB              
<missing>           2 hours ago         /bin/sh -c /usr/sbin/setcap cap_net_raw,cap_…   113kB               
<missing>           2 hours ago         /bin/sh -c #(nop) WORKDIR /usr/src/metasploi…   0B                  
<missing>           2 hours ago         /bin/sh -c apk add --no-cache bash sqlite-li…   112MB               
<missing>           2 hours ago         /bin/sh -c chmod -R a+r /usr/local/bundle       153MB               
<missing>           2 hours ago         /bin/sh -c #(nop) COPY dir:b9232ba627de276bc…   80.7MB              
<missing>           2 hours ago         /bin/sh -c #(nop) COPY dir:02983983bcf771c1e…   153MB               
<missing>           2 hours ago         /bin/sh -c #(nop)  ENV NMAP_PRIVILEGED=         0B                  
<missing>           2 hours ago         /bin/sh -c #(nop)  ENV APP_HOME=/usr/src/met…   0B                  
<missing>           2 hours ago         /bin/sh -c #(nop)  LABEL maintainer=Rapid7      0B                  
<missing>           44 hours ago        /bin/sh -c #(nop)  CMD ["irb"]                  0B                  
<missing>           44 hours ago        /bin/sh -c mkdir -p "$GEM_HOME" && chmod 777…   0B                  
<missing>           44 hours ago        /bin/sh -c #(nop)  ENV PATH=/usr/local/bundl…   0B                  
<missing>           44 hours ago        /bin/sh -c #(nop)  ENV BUNDLE_PATH=/usr/loca…   0B                  
<missing>           44 hours ago        /bin/sh -c #(nop)  ENV GEM_HOME=/usr/local/b…   0B                  
<missing>           44 hours ago        /bin/sh -c set -ex   && apk add --no-cache -…   41.1MB              
<missing>           13 days ago         /bin/sh -c #(nop)  ENV BUNDLER_VERSION=1.16.5   0B                  
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV RUBYGEMS_VERSION=2.7.7   0B                  
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV RUBY_DOWNLOAD_SHA256=…   0B                  
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV RUBY_VERSION=2.5.1       0B                  
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV RUBY_MAJOR=2.5           0B                  
<missing>           3 weeks ago         /bin/sh -c mkdir -p /usr/local/etc  && {   e…   45B                 
<missing>           3 weeks ago         /bin/sh -c #(nop)  CMD ["/bin/sh"]              0B                  
<missing>           3 weeks ago         /bin/sh -c #(nop) ADD file:49f9e47e678d868d5…   4.21MB

Layers after

[firefart@fedora metasploit-framework]$ docker history metasploit:dev
IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT
89ffebea037f        About a minute ago   /bin/sh -c #(nop)  CMD ["./msfconsole" "-r" …   0B                  
08d8098b9f3b        About a minute ago   /bin/sh -c #(nop)  ENTRYPOINT ["docker/entry…   0B                  
dcfeb66dfdf3        About a minute ago   /bin/sh -c #(nop) WORKDIR /usr/src/metasploi…   0B                  
5c6833e021d5        About a minute ago   /bin/sh -c /usr/sbin/setcap cap_net_raw,cap_…   2.96MB              
25cb57b8f2b6        About a minute ago   /bin/sh -c /usr/sbin/setcap cap_net_raw,cap_…   113kB               
455bc67dc720        About a minute ago   /bin/sh -c apk add --no-cache bash sqlite-li…   112MB               
39347bb84d1b        About a minute ago   /bin/sh -c #(nop) COPY dir:beb5fb14d2c31a203…   80.6MB              
665d267939ed        About a minute ago   /bin/sh -c #(nop) COPY dir:42578ebf5704fd493…   159MB               
0cc13939fd58        4 hours ago          /bin/sh -c #(nop)  ENV NMAP_PRIVILEGED=         0B                  
ef77dfd81d35        4 hours ago          /bin/sh -c #(nop)  ENV APP_HOME=/usr/src/met…   0B                  
f31afa5646d4        4 hours ago          /bin/sh -c #(nop)  LABEL maintainer=Rapid7      0B                  
5e8ccf287c4d        44 hours ago         /bin/sh -c #(nop)  CMD ["irb"]                  0B                  
<missing>           44 hours ago         /bin/sh -c mkdir -p "$GEM_HOME" && chmod 777…   0B                  
<missing>           44 hours ago         /bin/sh -c #(nop)  ENV PATH=/usr/local/bundl…   0B                  
<missing>           44 hours ago         /bin/sh -c #(nop)  ENV BUNDLE_PATH=/usr/loca…   0B                  
<missing>           44 hours ago         /bin/sh -c #(nop)  ENV GEM_HOME=/usr/local/b…   0B                  
<missing>           44 hours ago         /bin/sh -c set -ex   && apk add --no-cache -…   41.1MB              
<missing>           13 days ago          /bin/sh -c #(nop)  ENV BUNDLER_VERSION=1.16.5   0B                  
<missing>           3 weeks ago          /bin/sh -c #(nop)  ENV RUBYGEMS_VERSION=2.7.7   0B                  
<missing>           3 weeks ago          /bin/sh -c #(nop)  ENV RUBY_DOWNLOAD_SHA256=…   0B                  
<missing>           3 weeks ago          /bin/sh -c #(nop)  ENV RUBY_VERSION=2.5.1       0B                  
<missing>           3 weeks ago          /bin/sh -c #(nop)  ENV RUBY_MAJOR=2.5           0B                  
<missing>           3 weeks ago          /bin/sh -c mkdir -p /usr/local/etc  && {   e…   45B                 
<missing>           3 weeks ago          /bin/sh -c #(nop)  CMD ["/bin/sh"]              0B                  
<missing>           3 weeks ago          /bin/sh -c #(nop) ADD file:49f9e47e678d868d5…   4.21MB

busterb · 2018-10-05T15:38:42Z

Nice improvement, thanks!

busterb · 2018-10-05T15:40:00Z

Release Notes

The official Metasploit docker image is now 150MB smaller than before.

reduce docker image size

30423b3

firefart added enhancement newbie-friendly easy labels Oct 4, 2018

busterb self-assigned this Oct 5, 2018

busterb merged commit 30423b3 into rapid7:master Oct 5, 2018

busterb added a commit that referenced this pull request Oct 5, 2018

Land #10743, reduce docker image size by merging layers

241e8e9

msjenkins-r7 pushed a commit that referenced this pull request Oct 5, 2018

Land #10743, reduce docker image size by merging layers

3f7a5d8

firefart deleted the docker branch October 5, 2018 18:18

gdavidson-r7 added the rn-enhancement release notes enhancement label Oct 23, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

reduce docker image size #10743

reduce docker image size #10743

firefart commented Oct 4, 2018

busterb commented Oct 5, 2018

busterb commented Oct 5, 2018

reduce docker image size #10743

reduce docker image size #10743

Conversation

firefart commented Oct 4, 2018

Image size compare

Layers before

Layers after

busterb commented Oct 5, 2018

busterb commented Oct 5, 2018

Release Notes