diff options
Diffstat (limited to 'build/docker')
-rw-r--r-- | build/docker/Dockerfile | 37 | ||||
-rw-r--r-- | build/docker/Makefile | 33 | ||||
-rw-r--r-- | build/docker/README | 25 | ||||
-rwxr-xr-x | build/docker/runcontext | 124 | ||||
-rw-r--r-- | build/docker/ubuntu-builder/enable_dockerx2 | 20 | ||||
-rwxr-xr-x | build/docker/ubuntu-builder/setcontext | 20 |
6 files changed, 259 insertions, 0 deletions
diff --git a/build/docker/Dockerfile b/build/docker/Dockerfile new file mode 100644 index 000000000..f3d122db9 --- /dev/null +++ b/build/docker/Dockerfile @@ -0,0 +1,37 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +FROM ubuntu:14.04 +ENV http_proxy INSERT_HTTP_PROXY +ENV https_proxy INSERT_HTTPS_PROXY +ENV no_proxy INSERT_NO_PROXY + +RUN apt-get update +RUN apt-get install -y software-properties-common python-software-properties \ + make python-setuptools python-all dpkg-dev debhelper \ + fuseiso git genisoimage bind9-host wget curl lintian tmux lxc iptables \ + ca-certificates sudo apt-utils lsb-release dosfstools debmirror + +RUN echo "ALL ALL=NOPASSWD: ALL" > /etc/sudoers.d/open-sudo +RUN echo "Defaults env_keep += \"ftp_proxy http_proxy https_proxy no_proxy RSYNC_PROXY RSYNC_CONNECT_PROG npm_config_registry\"" > /etc/sudoers.d/keep-proxies +# Keeping PWD is needed to build as root +RUN echo "Defaults env_keep += \"PWD\"" > /etc/sudoers.d/keep-pwd +RUN chmod 0440 /etc/sudoers.d/open-sudo +RUN chmod 0440 /etc/sudoers.d/keep-proxies +RUN chmod 0440 /etc/sudoers.d/keep-pwd +RUN chmod 4755 /bin/fusermount + +ADD ./setcontext /root/setcontext +RUN chmod +x /root/setcontext +ADD ./enable_dockerx2 /root/enable_dockerx2 +RUN chmod +x /root/enable_dockerx2 + +VOLUME /var/lib/docker diff --git a/build/docker/Makefile b/build/docker/Makefile new file mode 100644 index 000000000..a2434447a --- /dev/null +++ b/build/docker/Makefile @@ -0,0 +1,33 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +SHELL = /bin/bash +FILES = $(wildcard ubuntu-builder/*) runcontext + +.PHONY: all +all: .docker + +.docker: $(FILES) + cp Dockerfile ubuntu-builder/Dockerfile + # Only add proxy ENVs where set in host - needed to pull the base Ubuntu image + test -n "${http_proxy}" && sed -i "s;INSERT_HTTP_PROXY;${http_proxy};" ubuntu-builder/Dockerfile || exit 0 + test -n "${https_proxy}" && sed -i "s;INSERT_HTTPS_PROXY;${https_proxy};" ubuntu-builder/Dockerfile || exit 0 + test -n "${no_proxy}" && sed -i "s;INSERT_NO_PROXY;${no_proxy};" ubuntu-builder/Dockerfile || exit 0 + test -n "${HTTP_PROXY}" && sed -i "s;INSERT_HTTP_PROXY;${HTTP_PROXY};" ubuntu-builder/Dockerfile || exit 0 + test -n "${HTTPS_PROXY}" && sed -i "s;INSERT_HTTPS_PROXY;${HTTPS_PROXY};" ubuntu-builder/Dockerfile || exit 0 + test -n "${NO_PROXY}" && sed -i "s;INSERT_NO_PROXY;${NO_PROXY};" ubuntu-builder/Dockerfile || exit 0 + sed -i '/INSERT_/d' ubuntu-builder/Dockerfile + /usr/bin/docker build --rm=true --no-cache=true -t opnfv.org/ubuntu-builder:14.04 ubuntu-builder + /usr/bin/docker tag -f opnfv.org/ubuntu-builder:14.04 opnfv.org/ubuntu-builder + touch .docker + +.PHONY: clean +clean: + rm -f .docker ubuntu-builder/Dockerfile diff --git a/build/docker/README b/build/docker/README new file mode 100644 index 000000000..e5ccdfab6 --- /dev/null +++ b/build/docker/README @@ -0,0 +1,25 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +The makefile on this level is used for *creating* the Docker image +used for building in Ubuntu 12.04 context. + +There are two requirements before running make on this level: + +1. You need to have Docker installed on your system + +2. If in a corporate network, make sure to have a valid DNS config in + your /etc/default/docker, e.g: + + DOCKER_OPTS=" --dns=8.8.8.8 --dns=8.8.8.4" + +The top level makefile will refer to the "runcontext" file in order to +run the build process as the current user with the current working +directory available to the container. diff --git a/build/docker/runcontext b/build/docker/runcontext new file mode 100755 index 000000000..f9065a01f --- /dev/null +++ b/build/docker/runcontext @@ -0,0 +1,124 @@ +#!/bin/bash +set -e +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# + +############################################################################ +# BEGIN of Exit handlers +# + +do_exit () { + CID=`cat $CID_FILE </dev/null` + rm -f $CID_FILE + rm -rf $CONTEXT_DIR + set +e + docker kill $CID > /dev/null 2>&1 + docker rm -f $CID > /dev/null 2>&1 + docker rmi -f $IID > /dev/null 2>&1 + set -e +} + +# +# End of Exit handlers +############################################################################ + +trap do_exit SIGINT SIGTERM EXIT + +context=$1 +shift +USER_ID=`id -u` +USER=`whoami` +GROUP_ID=`id -g` + +GITROOT=`git rev-parse --show-toplevel` +CID_FILE=`mktemp -u -t runcontext.XXXXXXXXXX` +CONTEXT_DIR=`mktemp -d ${GITROOT}/.docker_contextXXXXXX` + +# If RSYNC_CONNECT_PROG is used, we need to copy all of +# the SSH structure, should one of the keys need to be +# used. +if [ -n "$RSYNC_CONNECT_PROG" -a -x $HOME/.ssh ]; then + cp -rp $HOME/.ssh $CONTEXT_DIR + rm -f $CONTEXT_DIR/.ssh/known_hosts +else + mkdir $CONTEXT_DIR/.ssh +fi + +# Disable verification of unknown keys +cat >> $CONTEXT_DIR/.ssh/config <<EOF +StrictHostKeyChecking=no +EOF + +cat > $CONTEXT_DIR/Dockerfile <<EOF +FROM $context +$(env | egrep -i 'proxy|rsync' | sed 's/^/ENV /' | sed 's/=/ /') +RUN date || date +COPY .ssh $HOME/.ssh +RUN chown -R $USER_ID:$GROUP_ID $HOME/.ssh +RUN chown -R $USER_ID:$GROUP_ID $HOME +RUN chmod 700 $HOME/.ssh +RUN /root/setcontext $USER $USER_ID $GROUP_ID $HOME +EOF + +res=`docker build -q --force-rm $CONTEXT_DIR` +IID=`echo $res | sed 's/.* //'` + +# Handle proxy settings passed to the context +if env | grep -iq .*proxy; then + envfile="$(readlink -f $(dirname $0)/..)/environment.mk" + + test -n "$HTTP_PROXY" && my_http_proxy=$HTTP_PROXY + test -n "$http_proxy" && my_http_proxy=$http_proxy + + test -n "$HTTPS_PROXY" && my_https_proxy=$HTTPS_PROXY + test -n "$https_proxy" && my_https_proxy=$https_proxy + + test -n "$NO_PROXY" && my_no_proxy=$NO_PROXY + test -n "$no_proxy" && my_no_proxy=$no_proxy + + # Make sure to add the Docker socket in no_proxy + if [ -n "$my_no_proxy" ]; then + my_no_proxy+=",/var/run/docker.sock" + else + my_no_proxy="/var/run/docker.sock" + fi + + echo "Creating $envfile" + echo "# This file is automatically generated by runcontext, do not edit!" > $envfile + test -n "$my_http_proxy" && echo "export http_proxy=$my_http_proxy" >> $envfile + test -n "$my_https_proxy" && echo "export https_proxy=$my_https_proxy" >> $envfile + test -n "$my_no_proxy" && echo "export no_proxy=$my_no_proxy" >> $envfile + test -n "$RSYNC_PROXY" && echo "export RSYNC_PROXY=$RSYNC_PROXY" >> $envfile + test -n "$RSYNC_CONNECT_PROG" && echo "export RSYNC_CONNECT_PROG=$RSYNC_CONNECT_PROG" >> $envfile + echo "export npm_config_registry=http://registry.npmjs.org/" >> $envfile +else + echo "No need to generate environment.mk" + rm -f $envfile +fi + +# Evaluate the need for bind mounting the cache directory +if [ -n "$CACHEBASE" ]; then + if echo $CACHEBASE | grep -q '^file://'; then + CACHEMOUNT="-v $(echo $CACHEBASE | sed 's;file://;;'):$(echo $CACHEBASE | sed 's;file://;;')" + fi +fi + +RUN_CONTEXT_OPT="--cidfile $CID_FILE --privileged=true --rm -e HOME=$HOME -e CACHEDEBUG -e CACHETRANSPORT -e CACHEMAXAGE -e CACHEBASE -u $USER_ID:$GROUP_ID -w $PWD -v $GITROOT:$GITROOT $CACHEMOUNT" + +# Passing "debug" puts up an interactive bash shell +if [ "$1" == "debug" ]; then + echo command: docker run ${RUN_CONTEXT_OPT} $IID bash + docker run -i -t ${RUN_CONTEXT_OPT} $IID bash +else + echo command: docker run ${RUN_CONTEXT_OPT} $IID $@ + docker run -t ${RUN_CONTEXT_OPT} $IID $@ +fi + diff --git a/build/docker/ubuntu-builder/enable_dockerx2 b/build/docker/ubuntu-builder/enable_dockerx2 new file mode 100644 index 000000000..1511c70ea --- /dev/null +++ b/build/docker/ubuntu-builder/enable_dockerx2 @@ -0,0 +1,20 @@ +#!/bin/sh +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# +# Needed to expose underlying cgroups to container +echo "running x2" > /x2 +mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup +mount -t securityfs none /sys/kernel/security + +for mnt in $(cut -d: -f2 /proc/1/cgroup); do + mkdir /sys/fs/cgroup/$mnt + mount -n -t cgroup -o $mnt cgroup /sys/fs/cgroup/$mnt +done diff --git a/build/docker/ubuntu-builder/setcontext b/build/docker/ubuntu-builder/setcontext new file mode 100755 index 000000000..bc28994a9 --- /dev/null +++ b/build/docker/ubuntu-builder/setcontext @@ -0,0 +1,20 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# +SETUSER=$1 +SETUID=$2 +SETGID=$3 +SETHOME=$4 + +getent group $SETUSER || /usr/sbin/groupadd --gid $SETGID $SETUSER +getent passwd $SETUSER || /usr/sbin/adduser --system --uid=$SETUID --gid=$SETGID --home $SETHOME --shell /bin/bash $SETUSER +/usr/sbin/usermod -a -G fuse $SETUSER +exit 0 |