Merge pull request #12797 from jvidalallende/ubi8_minimal_dockerfile

docker: reduce ubi8 images size by using ubi8-minimal as base

5 files changed, 170 insertions, 90 deletions

diff --git a/docker/ubi-8/Dockerfile b/docker/ubi-8/Dockerfile
deleted file mode 100644
index 1d1e8bdc6..000000000
--- a/docker/ubi-8/Dockerfile
+++ /dev/null
@@ -1,83 +0,0 @@
-# This stage builds an rpm from the source
-FROM registry.access.redhat.com/ubi8/ubi:8.5 as ubi-8-builder
-
-RUN dnf -y update-minimal --security --sec-severity=Important --sec-severity=Critical
-
-RUN rpm --import https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official \
-    && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os \
-    && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os \
-    && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os
-
-RUN dnf install -qy https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
-    && dnf install --enablerepo=* -qy rpm-build git autoconf pcre-devel \
-    systemd-devel automake libtool make  readline-devel  texinfo  \
-    net-snmp-devel  pkgconfig  groff pkgconfig  json-c-devel pam-devel  \
-    bison  flex  python3-pytest  c-ares-devel python3-devel python3-sphinx \
-    libcap-devel  platform-python-devel \
-    https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-2/CentOS-8-x86_64-Packages/libyang2-2.0.0.10.g2eb910e4-1.el8.x86_64.rpm \
-    https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-2/CentOS-8-x86_64-Packages/libyang2-devel-2.0.0.10.g2eb910e4-1.el8.x86_64.rpm \
-    https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-00146/CentOS-7-x86_64-Packages/librtr-0.8.0-1.el7.x86_64.rpm \
-    https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-00146/CentOS-7-x86_64-Packages/librtr-devel-0.8.0-1.el7.x86_64.rpm
-
-
-COPY . /src
-
-ARG PKGVER
-
-RUN echo '%_smp_mflags %( echo "-j$(/usr/bin/getconf _NPROCESSORS_ONLN)"; )' >> /root/.rpmmacros \
-    && cd /src \
-    && ./bootstrap.sh \
-    && ./configure \
-        --enable-rpki \
-        --enable-snmp=agentx \
-        --enable-numeric-version \
-        --with-pkg-extra-version="_palmetto_git$PKGVER" \
-    && make dist \
-    && cd / \
-    && mkdir -p /rpmbuild/{SOURCES,SPECS} \
-    && cp /src/frr*.tar.gz /rpmbuild/SOURCES \
-    && cp /src/redhat/frr.spec /rpmbuild/SPECS \
-    && rpmbuild \
-        --define "_topdir /rpmbuild" \
-        -ba /rpmbuild/SPECS/frr.spec
-
-# This stage installs frr from the rpm
-FROM registry.access.redhat.com/ubi8/ubi:8.5
-RUN dnf -y update-minimal --security --sec-severity=Important --sec-severity=Critical
-ARG FRR_IMAGE_TAG
-ARG FRR_RELEASE
-ARG FRR_NAME
-ARG FRR_VENDOR
-LABEL name=$FRR_NAME \
-      vendor=$FRR_VENDOR \
-      version=$FRR_IMAGE_TAG \
-      release=$FRR_RELEASE
-
-RUN rpm --import https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official \
-    && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os \
-    && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os
-
-RUN dnf install -qy https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
-    && mkdir -p /pkgs/rpm \
-    && dnf install --enablerepo=* -qy https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-2/CentOS-8-x86_64-Packages/libyang2-2.0.0.10.g2eb910e4-1.el8.x86_64.rpm \
-    https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-00146/CentOS-7-x86_64-Packages/librtr-0.8.0-1.el7.x86_64.rpm
-
-COPY --from=ubi-8-builder /rpmbuild/RPMS/ /pkgs/rpm/
-
-RUN dnf install -qy /pkgs/rpm/*/*.rpm \
-    && rm -rf /pkgs \
-# Own the config / PID files
-    && mkdir -p /var/run/frr \
-    && chown -R frr:frr /etc/frr /var/run/frr
-
-# Add tini because no CentOS8 package
-ENV TINI_VERSION v0.19.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
-RUN chmod +x /sbin/tini
-
-# Simple init manager for reaping processes and forwarding signals
-ENTRYPOINT ["/sbin/tini", "--"]
-
-# Default CMD starts watchfrr
-COPY docker/ubi-8/docker-start /usr/lib/frr/docker-start
-CMD ["/usr/lib/frr/docker-start"]
diff --git a/docker/ubi8-minimal/Dockerfile b/docker/ubi8-minimal/Dockerfile
new file mode 100644
index 000000000..adb04219b
--- /dev/null
+++ b/docker/ubi8-minimal/Dockerfile
@@ -0,0 +1,132 @@
+# This stage builds an rpm from the source
+ARG UBI8_MINIMAL_VERSION
+FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI8_MINIMAL_VERSION} as ubi8-minimal-builder
+
+RUN rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8
+
+ADD docker/ubi8-minimal/almalinux.repo /etc/yum.repos.d/almalinux.repo
+
+# ubi8-minimal comes with broken tzdata package installed, so we need to remove them
+# and later reinstall it again: https://bugzilla.redhat.com/show_bug.cgi?id=1668185
+RUN rpm --quiet -e --nodeps tzdata >/dev/null 2>&1
+
+RUN microdnf --disableplugin=subscription-manager --setopt=install_weak_deps=0 install \
+    autoconf \
+    automake \
+    bison \
+    c-ares-devel \
+    flex \
+    git \
+    groff \
+    json-c-devel \
+    libcap-devel \
+    libssh-devel \
+    libtool \
+    make \
+    net-snmp-devel \
+    openssl \
+    pam-devel  \
+    pcre-devel \
+    pkgconfig \
+    platform-python-devel \
+    python3-devel \
+    python3-pytest \
+    python3-sphinx \
+    readline-devel \
+    rpm-build \
+    systemd-devel \
+    texinfo \
+    tzdata \
+    && microdnf --disableplugin=subscription-manager clean all
+
+RUN curl -sSL -o /tmp/libyang2.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-2.0.7-1.el8.x86_64.rpm \
+    && rpm -i /tmp/libyang2.rpm \
+    && rm -f /tmp/libyang2.rpm
+
+RUN curl -sSL -o /tmp/libyang2-devel.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-devel-2.0.7-1.el8.x86_64.rpm \
+    && rpm -i /tmp/libyang2-devel.rpm \
+    && rm -f /tmp/libyang2-devel.rpm
+
+RUN curl -sSL -o /tmp/librtr.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-0.8.0-1.el8.x86_64.rpm \
+    && rpm -i /tmp/librtr.rpm \
+    && rm -f /tmp/librtr.rpm
+
+RUN curl -sSL -o /tmp/librtr-devel.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-devel-0.8.0-1.el8.x86_64.rpm \
+    && rpm -i /tmp/librtr-devel.rpm \
+    && rm -f /tmp/librtr-devel.rpm
+
+COPY . /src
+
+ARG PKGVER
+
+RUN echo '%_smp_mflags %( echo "-j$(/usr/bin/getconf _NPROCESSORS_ONLN)"; )' >> /root/.rpmmacros \
+    && cd /src \
+    && ./bootstrap.sh \
+    && ./configure \
+        --enable-rpki \
+        --enable-snmp=agentx \
+        --enable-numeric-version \
+        --with-pkg-extra-version="_git$PKGVER" \
+    && make dist \
+    && cd / \
+    && mkdir -p /rpmbuild/{SOURCES,SPECS} \
+    && cp /src/frr*.tar.gz /rpmbuild/SOURCES \
+    && cp /src/redhat/frr.spec /rpmbuild/SPECS \
+    && rpmbuild \
+        --define "_topdir /rpmbuild" \
+        -ba /rpmbuild/SPECS/frr.spec
+
+# This stage installs frr from the rpm
+FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI8_MINIMAL_VERSION}
+ARG FRR_IMAGE_TAG
+ARG FRR_RELEASE
+ARG FRR_NAME
+ARG FRR_VENDOR
+LABEL name=$FRR_NAME \
+      vendor=$FRR_VENDOR \
+      version=$FRR_IMAGE_TAG \
+      release=$FRR_RELEASE
+
+ADD docker/ubi8-minimal/almalinux.repo /etc/yum.repos.d/almalinux.repo
+
+RUN rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8
+
+RUN microdnf --disableplugin=subscription-manager --setopt=install_weak_deps=0 install \
+    c-ares \
+    initscripts \
+    net-snmp-agent-libs \
+    net-snmp-libs \
+    openssl \
+    python3 \
+    shadow-utils \
+    systemd \
+    && microdnf --disableplugin=subscription-manager clean all
+
+RUN curl -sSL -o /tmp/libyang2.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-2.0.7-1.el8.x86_64.rpm \
+    && rpm -i /tmp/libyang2.rpm \
+    && rm -f /tmp/libyang2.rpm
+
+RUN curl -sSL -o /tmp/librtr.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-0.8.0-1.el8.x86_64.rpm \
+    && rpm -i /tmp/librtr.rpm \
+    && rm -f /tmp/librtr.rpm
+
+COPY --from=ubi8-minimal-builder /rpmbuild/RPMS/ /pkgs/rpm/
+
+# Install packages and create FRR files and folders. Be sure to own the config / PID files
+RUN rpm -i /pkgs/rpm/x86_64/*.rpm \
+    && rm -rf /pkgs \
+    && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \
+    && mkdir -p /var/run/frr \
+    && chown -R frr:frr /etc/frr /var/run/frr
+
+# There is no package for tini, add it manually
+ENV TINI_VERSION v0.19.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
+RUN chmod +x /sbin/tini
+
+# Simple init manager for reaping processes and forwarding signals
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Default CMD starts watchfrr
+COPY docker/ubi8-minimal/docker-start /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]
diff --git a/docker/ubi8-minimal/almalinux.repo b/docker/ubi8-minimal/almalinux.repo
new file mode 100644
index 000000000..9b9877b18
--- /dev/null
+++ b/docker/ubi8-minimal/almalinux.repo
@@ -0,0 +1,23 @@
+[AlmaLinux - baseos]
+name=AlmaLinux $releasever - BaseOS
+mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
+# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
+enabled=1
+gpgcheck=1
+countme=1
+
+[AlmaLinux - appstream]
+name=AlmaLinux $releasever - AppStream
+mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
+# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
+enabled=1
+gpgcheck=1
+countme=1
+
+[AlmaLinux - powertools]
+name=AlmaLinux $releasever - PowerTools
+mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/powertools
+# baseurl=https://repo.almalinux.org/almalinux/$releasever/PowerTools/$basearch/os/
+enabled=1
+gpgcheck=1
+countme=1
diff --git a/docker/ubi-8/build.sh b/docker/ubi8-minimal/build.sh
index 021663689..2aa45c9bf 100755
--- a/docker/ubi-8/build.sh
+++ b/docker/ubi8-minimal/build.sh
@@ -5,37 +5,45 @@ set -e
 ##
 # Package version needs to be decimal
 ##
-DISTRO=ubi-8
+DISTRO=ubi8-minimal
+
+UBI8_MINIMAL_VERSION=$1
+if [ -z "$UBI8_MINIMAL_VERSION" ]; then
+	UBI8_MINIMAL_VERSION="latest"
+fi
 
 GITREV="$2"
 if [ -z "$GITREV" ];then
 	GITREV="$(git rev-parse --short=10 HEAD)"
 fi
 
-FRR_IMAGE_TAG="$1"
+FRR_IMAGE_TAG="$3"
 if [ -z $FRR_IMAGE_TAG ];then
-	FRR_IMAGE_TAG="frr:ubi-8-$GITREV"
+	FRR_IMAGE_TAG="frr:ubi8-minimal-$GITREV"
 fi
 PKGVER="$(printf '%u\n' 0x$GITREV)"
 
-FRR_RELEASE="$3"
+FRR_RELEASE="$4"
 if [ -z $FRR_RELEASE ];then
 	FRR_RELEASE=$(git describe --tags --abbrev=0)
 fi
 
-FRR_NAME=$4
+FRR_NAME=$5
 if [ -z $FRR_NAME ];then
 	FRR_NAME=frr
 fi
 
-FRR_VENDOR=$5
+FRR_VENDOR=$6
 if [ -z $FRR_VENDOR ];then
 	FRR_VENDOR=frr
 fi
 
+DOCKERFILE_PATH="$(dirname $(realpath $0))/Dockerfile"
+
 docker build \
 	--cache-from="frr:$DISTRO-builder-$GITREV" \
-	--file=docker/$DISTRO/Dockerfile \
+	--file="$DOCKERFILE_PATH" \
+	--build-arg="UBI8_MINIMAL_VERSION=$UBI8_MINIMAL_VERSION" \
 	--build-arg="PKGVER=$PKGVER" \
 	--build-arg="FRR_IMAGE_TAG=$FRR_IMAGE_TAG" \
 	--build-arg="FRR_RELEASE=$FRR_RELEASE" \
diff --git a/docker/ubi-8/docker-start b/docker/ubi8-minimal/docker-start
index d954142ab..d954142ab 100755
--- a/docker/ubi-8/docker-start
+++ b/docker/ubi8-minimal/docker-start