diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | installer/roles/image_build/defaults/main.yml | 1 | ||||
| -rw-r--r-- | installer/roles/image_build/templates/Dockerfile.j2 | 231 | ||||
| -rw-r--r-- | tools/docker-compose/Dockerfile | 141 |
5 files changed, 167 insertions, 208 deletions
diff --git a/.gitignore b/.gitignore index f772abd40c..6d94544a22 100644 --- a/.gitignore +++ b/.gitignore @@ -35,6 +35,7 @@ rsyslog.pid /tower-license /tower-license/** tools/prometheus/data +tools/docker-compose/Dockerfile # Tower setup playbook testing setup/test/roles/postgresql @@ -652,6 +652,7 @@ docker-compose-clean: awx/projects # Base development image build docker-compose-build: + ansible localhost -m template -a "src=installer/roles/image_build/templates/Dockerfile.j2 dest=tools/docker-compose/Dockerfile" -e build_dev=True docker build -t ansible/awx_devel -f tools/docker-compose/Dockerfile \ --cache-from=$(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG) . docker tag ansible/awx_devel $(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG) diff --git a/installer/roles/image_build/defaults/main.yml b/installer/roles/image_build/defaults/main.yml index 3b56dcd4e4..2618c9b40d 100644 --- a/installer/roles/image_build/defaults/main.yml +++ b/installer/roles/image_build/defaults/main.yml @@ -1,2 +1,3 @@ --- create_preload_data: true +build_dev: false diff --git a/installer/roles/image_build/templates/Dockerfile.j2 b/installer/roles/image_build/templates/Dockerfile.j2 index f00ad3e791..e5f3ce05bc 100644 --- a/installer/roles/image_build/templates/Dockerfile.j2 +++ b/installer/roles/image_build/templates/Dockerfile.j2 @@ -1,4 +1,14 @@ -FROM centos:8 +{% if build_dev|bool %} +### This file is generated from +### installer/roles/image_build/templates/Dockerfile.j2 +### +### DO NOT EDIT +### +{% endif %} + + +# Build container +FROM centos:8 as builder ENV LANG en_US.UTF-8 ENV LANGUAGE en_US:en @@ -6,66 +16,44 @@ ENV LC_ALL en_US.UTF-8 USER root -ADD google-cloud-sdk.repo /etc/yum.repos.d/ -ADD rsyslog.repo /etc/yum.repos.d/rsyslog.repo +# Locations +ARG VENV_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/venv" +ARG COLLECTION_BASE="{% if not build_dev|bool %}/var/lib/awx{% endif %}/vendor/awx_ansible_collections" -# sync with installer/roles/image_build/templates/Dockerfile.j2 +# Install build dependencies RUN dnf -y update && \ - dnf -y install https://github.com/krallin/tini/releases/download/v0.18.0/tini_0.18.0.rpm && \ dnf -y install epel-release 'dnf-command(config-manager)' && \ dnf module -y enable 'postgresql:10' && \ dnf config-manager --set-enabled PowerTools && \ - dnf -y install acl \ - ansible \ - bubblewrap \ - curl \ - diffutils \ - dnf-utils \ + dnf -y install ansible \ gcc \ gcc-c++ \ gettext \ git-core \ glibc-langpack-en \ - krb5-workstation \ - kubectl \ libcurl-devel \ libffi-devel \ libstdc++.so.6 \ libtool-ltdl-devel \ - libcgroup-tools \ make \ - mercurial \ - nginx \ nodejs \ nss \ openldap-devel \ - openssh-server \ patch \ @postgresql:10 \ postgresql-devel \ python3-devel \ - python3-libselinux \ python3-pip \ python3-psycopg2 \ python3-setuptools \ - python3-pycurl \ - rsync \ - rsyslog-omhttp \ - subversion \ - sudo \ swig \ - tmux \ unzip \ - vim-minimal \ - which \ - xmlsec1 \ xmlsec1-devel \ - xmlsec1-openssl \ xmlsec1-openssl-devel -RUN python3 -m ensurepip && pip3 install "virtualenv < 20" supervisor +RUN python3 -m ensurepip && pip3 install "virtualenv < 20" -# Install AWX + Requirements +# Install & build requirements ADD Makefile /tmp/Makefile RUN mkdir /tmp/requirements ADD requirements/requirements_ansible.txt \ @@ -76,63 +64,172 @@ ADD requirements/requirements_ansible.txt \ requirements/requirements_git.txt \ requirements/collections_requirements.yml \ /tmp/requirements/ -RUN cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements_awx requirements_ansible_py3 -RUN cd /tmp && COLLECTION_BASE="/var/lib/awx/vendor/awx_ansible_collections" make requirements_collections +RUN cd /tmp && make requirements_awx requirements_ansible_py3 +RUN cd /tmp && make requirements_collections + +{% if build_dev|bool %} +ADD requirements/requirements_dev.txt /tmp/requirements +RUN cd /tmp && make requirements_awx_dev requirements_ansible_dev +{% endif %} +{% if not build_dev|bool %} COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }} -RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version && \ - OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }} && \ - ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage +RUN mkdir -p -m 755 /var/lib/awx && echo "{{ awx_version }}" > /var/lib/awx/.tower_version && \ + OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }} +{% endif %} -RUN dnf -y remove *-devel \ - gcc \ - gcc-c++ \ - nodejs +# Final container(s) +FROM centos:8 -ADD settings.py /etc/tower/settings.py -ADD supervisor.conf /supervisor.conf -ADD supervisor_task.conf /supervisor_task.conf -ADD launch_awx.sh /usr/bin/launch_awx.sh -ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh -ADD config-watcher /usr/bin/config-watcher +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +USER root + +{% if build_dev|bool %} +# Install development/test requirements +RUN dnf -y install \ + gtk3 \ + alsa-lib \ + libX11-xcb \ + libXScrnSaver \ + strace \ + vim \ + nmap-ncat \ + nodejs \ + make \ + patch && \ + npm install -g n && n 10.15.0 && dnf remove -y nodejs +{% endif %} + +# Install runtime requirements +RUN dnf -y update && \ + dnf -y install https://github.com/krallin/tini/releases/download/v0.18.0/tini_0.18.0.rpm && \ + dnf -y install epel-release 'dnf-command(config-manager)' && \ + dnf module -y enable 'postgresql:10' && \ + dnf config-manager --set-enabled PowerTools && \ + dnf -y install acl \ + ansible \ + bubblewrap \ + git-core \ + glibc-langpack-en \ + krb5-workstation \ + libcgroup-tools \ + mercurial \ + nginx \ + @postgresql:10 \ + python3-devel \ + python3-libselinux \ + python3-pip \ + python3-psycopg2 \ + python3-setuptools \ + rsync \ + subversion \ + sudo \ + tmux \ + vim-minimal \ + which \ + xmlsec1-openssl && \ + dnf -y --repofrompath gcloud,https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 \ + --setopt gcloud.gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg \ + install kubectl && \ + dnf -y install centos-release-stream && dnf -y install "rsyslog >= 8.1911.0" && dnf -y remove centos-release-stream && \ + dnf -y clean all + +RUN python3 -m ensurepip && pip3 install "virtualenv < 20" supervisor {% if build_dev|bool %}flake8{% endif %} + +RUN rm -rf /root/.cache && rm -rf /tmp/* # Install OpenShift CLI RUN cd /usr/local/bin && \ curl -L https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz | \ tar -xz --strip-components=1 --wildcards --no-anchored 'oc' -# Pre-create things that we need to write to -RUN for dir in /home/awx /var/run/supervisor /var/lib/awx /var/lib/awx/rsyslog /var/lib/awx/rsyslog/conf.d /var/run/awx-rsyslog /var/log/tower /var/log/nginx /var/lib/nginx; \ - do mkdir -p $dir; chmod -R g+rwx $dir; chgrp -R root $dir; done && \ - \ - for file in /etc/passwd /var/run/nginx.pid; \ - do touch $file; chmod -R g+rwx $file; chgrp -R root $file; done +# Copy app from builder +{%if build_dev|bool %} +COPY --from=builder /venv /venv +COPY --from=builder /vendor /vendor +RUN openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \ + -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \ + openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \ + chmod 640 /etc/nginx/nginx.{csr,key,crt} +{% else %} +COPY --from=builder /var/lib/awx /var/lib/awx +RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage +{% endif %} # Create default awx rsyslog config -ADD rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf - -# Fix up permissions -RUN find /var/lib/awx -not -path '/var/lib/awx/venv*' | xargs chgrp root && \ - find /var/lib/awx -not -path '/var/lib/awx/venv*' | xargs chmod g+w && \ - chgrp root /var/lib/awx/rsyslog/rsyslog.conf && \ - chmod +rx /usr/bin/launch_awx.sh && \ - chmod +rx /usr/bin/launch_awx_task.sh && \ - chmod +rx /usr/bin/config-watcher && \ - chmod u+s /usr/bin/bwrap # https://github.com/ansible/awx/issues/5224 - +ADD {% if build_dev|bool %}tools/docker-compose/{% endif %}rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf + +## File mappings +{% if build_dev|bool %} +ADD tools/docker-compose/launch_awx.sh /usr/bin/launch_awx.sh +ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage +ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link +ADD tools/docker-compose/awx.egg-info /tmp/awx.egg-info +ADD tools/docker-compose/nginx.conf /etc/nginx/nginx.conf +ADD tools/docker-compose/nginx.vh.default.conf /etc/nginx/conf.d/nginx.vh.default.conf +ADD tools/docker-compose/start_tests.sh /start_tests.sh +ADD tools/docker-compose/bootstrap_development.sh /usr/bin/bootstrap_development.sh +ADD tools/docker-compose/entrypoint.sh /entrypoint.sh +ADD tools/scripts/awx-python /usr/bin/awx-python +{% else %} +ADD launch_awx.sh /usr/bin/launch_awx.sh +ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh +ADD settings.py /etc/tower/settings.py +ADD supervisor.conf /supervisor.conf +ADD supervisor_task.conf /supervisor_task.conf +ADD config-watcher /usr/bin/config-watcher +{% endif %} + +# Pre-create directories +RUN for dir in \ + /var/lib/awx/rsyslog \ + /var/lib/awx/rsyslog/conf.d \ + /var/run/awx-rsyslog \ + /var/log/tower \ + /var/log/nginx \ + /var/lib/nginx ; \ + do mkdir -m 0755 -p $dir ; done + +# Adjust any remaining permissions +RUN chmod u+s /usr/bin/bwrap +{% if build_dev|bool %} +RUN for dir in \ + /var/lib/awx \ + /var/lib/awx/projects \ + /var/lib/awx/rsyslog \ + /var/run/awx-rsyslog \ + /.ansible \ + /vendor ; \ + do mkdir -m 0775 -p $dir ; chmod g+rwX $dir ; done && \ + for file in \ + /etc/passwd \ + /etc/supervisord.conf \ + /var/run/nginx.pid \ + /venv/awx/lib/python3.6/site-packages/awx.egg-link ; \ + do touch $file ; chmod g+rw $file ; done +{% endif %} + +{% if not build_dev|bool %} RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stderr /var/log/nginx/error.log +{% endif %} -RUN dnf -y clean all && rm -rf /root/.cache rm -rf /tmp/* - -ENV HOME=/home/awx +ENV HOME="/var/lib/awx" ENV PATH="/usr/pgsql-10/bin:${PATH}" -WORKDIR ${HOME} +{% if build_dev|bool %} +EXPOSE 8043 8013 8080 22 + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["/bin/bash"] +{% else %} USER 1000 EXPOSE 8052 ENTRYPOINT ["tini", "--"] CMD /usr/bin/launch_awx.sh - VOLUME /var/lib/nginx +{% endif %}
\ No newline at end of file diff --git a/tools/docker-compose/Dockerfile b/tools/docker-compose/Dockerfile deleted file mode 100644 index fffc62f18a..0000000000 --- a/tools/docker-compose/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -FROM centos:8 - -ARG UID=0 - -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US:en -ENV LC_ALL en_US.UTF-8 - -ADD tools/docker-compose/ansible_nightly.repo /etc/yum.repos.d/ansible_nightly.repo -ADD tools/docker-compose/google-cloud-sdk.repo /etc/yum.repos.d/ -ADD tools/docker-compose/rsyslog.repo /etc/yum.repos.d/ - -# sync with installer/roles/image_build/templates/Dockerfile.j2 -RUN dnf -y update && \ - dnf -y install https://github.com/krallin/tini/releases/download/v0.18.0/tini_0.18.0.rpm && \ - dnf -y install epel-release 'dnf-command(config-manager)' && \ - dnf module -y enable 'postgresql:10' && \ - dnf config-manager --set-enabled PowerTools && \ - dnf -y install acl \ - ansible \ - bubblewrap \ - curl \ - diffutils \ - dnf-utils \ - gcc \ - gcc-c++ \ - gettext \ - git-core \ - glibc-langpack-en \ - krb5-workstation \ - kubectl \ - libcurl-devel \ - libffi-devel \ - libstdc++.so.6 \ - libtool-ltdl-devel \ - libcgroup-tools \ - make \ - mercurial \ - nginx \ - nodejs \ - nss \ - openldap-devel \ - openssh-server \ - patch \ - @postgresql:10 \ - postgresql-devel \ - python3-devel \ - python3-libselinux \ - python3-pip \ - python3-psycopg2 \ - python3-setuptools \ - python3-pycurl \ - rsync \ - rsyslog-omhttp \ - subversion \ - sudo \ - swig \ - tmux \ - unzip \ - vim-minimal \ - which \ - xmlsec1 \ - xmlsec1-devel \ - xmlsec1-openssl \ - xmlsec1-openssl-devel - -# Dev dependencies / UI tests only, do not put in installer/roles/image_build/templates/Dockerfile.j2 -RUN dnf -y install \ - gtk3 \ - alsa-lib \ - libX11-xcb \ - libXScrnSaver \ - strace \ - vim \ - nmap-ncat - -RUN /usr/bin/ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa && \ - openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.csr \ - -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/OU=AWX Development/CN=awx.localhost" && \ - openssl x509 -req -days 365 -in /etc/nginx/nginx.csr -signkey /etc/nginx/nginx.key -out /etc/nginx/nginx.crt && \ - chmod 640 /etc/nginx/nginx.{csr,key,crt} - -RUN python3 -m ensurepip && pip3 install "virtualenv < 20" flake8 supervisor - -# Install Requirements -ADD Makefile /tmp/Makefile -RUN mkdir /tmp/requirements -ADD requirements/requirements.txt \ - requirements/requirements_git.txt \ - requirements/requirements_ansible.txt \ - requirements/requirements_ansible_git.txt \ - requirements/requirements_dev.txt \ - requirements/requirements_ansible_uninstall.txt \ - requirements/requirements_tower_uninstall.txt \ - requirements/collections_requirements.yml \ - /tmp/requirements/ -RUN mkdir -p /venv && chmod g+w /venv -RUN cd /tmp && VENV_BASE="/venv" make requirements_dev -RUN mkdir -p /vendor/awx_ansible_collections && chmod g+w /vendor/awx_ansible_collections -RUN cd /tmp && COLLECTION_BASE="/vendor/awx_ansible_collections" make requirements_collections - -# Use the distro provided npm to bootstrap our required version of node -RUN npm install -g n && n 10.15.0 && dnf remove -y nodejs - -# Install OpenShift CLI -RUN cd /usr/local/bin && \ - curl -L https://github.com/openshift/origin/releases/download/v3.9.0/openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz | \ - tar -xz --strip-components=1 --wildcards --no-anchored 'oc' - -RUN dnf -y clean all && rm -rf /root/.cache - -# https://github.com/ansible/awx/issues/5224 -RUN chmod u+s /usr/bin/bwrap - -ADD tools/docker-compose/awx.egg-link /tmp/awx.egg-link -ADD tools/docker-compose/awx-manage /usr/local/bin/awx-manage -ADD tools/docker-compose/awx.egg-info /tmp/awx.egg-info -ADD tools/docker-compose/nginx.conf /etc/nginx/nginx.conf -ADD tools/docker-compose/nginx.vh.default.conf /etc/nginx/conf.d/nginx.vh.default.conf -ADD tools/docker-compose/launch_awx.sh /usr/bin/launch_awx.sh -ADD tools/docker-compose/start_tests.sh /start_tests.sh -ADD tools/docker-compose/bootstrap_development.sh /usr/bin/bootstrap_development.sh -ADD tools/docker-compose/entrypoint.sh / -ADD tools/docker-compose/rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf -ADD tools/scripts/awx-python /usr/bin/awx-python - -# Pre-create things that we need to write to / fix up permissions -RUN for dir in /var/lib/awx /var/lib/awx/rsyslog /var/lib/awx/rsyslog/conf.d /var/run/awx-rsyslog /var/log/tower/ /var/lib/awx/projects /.ansible /var/log/nginx /var/lib/nginx /.local /vendor; \ - do mkdir -p $dir; chmod -R g+rwx $dir; chgrp -R root $dir; done && \ - \ - for file in /etc/passwd /etc/supervisord.conf /venv/awx/lib/python3.6/site-packages/awx.egg-link /var/run/nginx.pid; \ - do touch $file; chmod -R g+rwx $file; chgrp -R root $file; done - -ENV HOME /var/lib/awx -ENV PATH="/usr/local/n/versions/node/10.15.0/bin:${PATH}" -ENV PATH="/usr/pgsql-10/bin:${PATH}" - -EXPOSE 8043 8013 8080 22 - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["/bin/bash"] |