From b3eb6309ab232d4a4900fea7f47742ee799a7507 Mon Sep 17 00:00:00 2001 From: Jon Ervine Date: Tue, 2 Mar 2021 21:02:00 +0800 Subject: [PATCH] Added Dockerfile --- Dockerfile | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..fcb4722 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,181 @@ +# Locations - set globally to be used across stages +ARG COLLECTION_BASE="/var/lib/awx/vendor/awx_ansible_collections" + +# Build container +FROM centos:8 as builder + +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +USER root + +# Install build dependencies +RUN dnf -y module enable 'postgresql:12' +RUN dnf -y update && \ + dnf -y install epel-release 'dnf-command(config-manager)' && \ + dnf module -y enable 'postgresql:12' && \ + dnf config-manager --set-enabled powertools && \ + dnf -y install ansible \ + gcc \ + gcc-c++ \ + git-core \ + glibc-langpack-en \ + libcurl-devel \ + libffi-devel \ + libtool-ltdl-devel \ + make \ + nodejs \ + nss \ + openldap-devel \ + patch \ + @postgresql:12 \ + postgresql-devel \ + python3-devel \ + python3-pip \ + python3-psycopg2 \ + python3-setuptools \ + swig \ + unzip \ + xmlsec1-devel \ + xmlsec1-openssl-devel + +RUN python3 -m ensurepip && pip3 install "virtualenv < 20" + +# Install & build requirements +ADD Makefile /tmp/Makefile +RUN mkdir /tmp/requirements +ADD requirements/requirements_ansible.txt \ + requirements/requirements_ansible_uninstall.txt \ + requirements/requirements_ansible_git.txt \ + requirements/requirements.txt \ + requirements/requirements_tower_uninstall.txt \ + requirements/requirements_git.txt \ + requirements/collections_requirements.yml \ + /tmp/requirements/ + +RUN cd /tmp && make requirements_awx requirements_ansible_py3 +RUN cd /tmp && make requirements_collections + +# Use the distro provided npm to bootstrap our required version of node +RUN npm install -g n && n 14.15.1 && dnf remove -y nodejs + +# Copy source into builder, build sdist, install it into awx venv +COPY . /tmp/src/ +WORKDIR /tmp/src/ +RUN make sdist && \ + /var/lib/awx/venv/awx/bin/pip install dist/awx-$(cat VERSION).tar.gz + +# Final container(s) +FROM centos:8 + +ARG COLLECTION_BASE + +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +USER root + +# Install runtime requirements +RUN dnf -y module enable 'postgresql:12' +RUN dnf -y update && \ + dnf -y install epel-release 'dnf-command(config-manager)' && \ + dnf module -y enable 'postgresql:12' && \ + dnf config-manager --set-enabled powertools && \ + dnf -y install acl \ + ansible \ + bubblewrap \ + git-core \ + git-lfs \ + glibc-langpack-en \ + krb5-workstation \ + libcgroup-tools \ + nginx \ + @postgresql:12 \ + python3-devel \ + python3-libselinux \ + python3-pip \ + python3-psycopg2 \ + python3-setuptools \ + rsync \ + subversion \ + sudo \ + vim-minimal \ + which \ + unzip \ + xmlsec1-openssl && \ + dnf -y install centos-release-stream && dnf -y install "rsyslog >= 8.1911.0" && dnf -y remove centos-release-stream && \ + dnf -y clean all + +# Install kubectl +RUN curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/linux/{{ kubectl_architecture | default('amd64') }}/kubectl && \ + chmod a+x /usr/bin/kubectl + +RUN curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 && \ + chmod 700 get_helm.sh && \ + ./get_helm.sh + +# Install tini +RUN curl -L -o /usr/bin/tini https://github.com/krallin/tini/releases/download/v0.19.0/tini-{{ tini_architecture | default('amd64') }} && \ + chmod +x /usr/bin/tini + +RUN python3 -m ensurepip && pip3 install "virtualenv < 20" supervisor + +RUN rm -rf /root/.cache && rm -rf /tmp/* + +# Install OpenShift CLI +RUN cd /usr/local/bin && \ + curl -L https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz | \ + tar -xz --strip-components=1 --wildcards --no-anchored 'oc' + +# Copy app from builder +COPY --from=builder /var/lib/awx /var/lib/awx + +RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage + +# Create default awx rsyslog config +ADD tools/ansible/roles/dockerfile/files/rsyslog.conf /var/lib/awx/rsyslog/rsyslog.conf + +## File mappings +ADD tools/ansible/roles/dockerfile/files/launch_awx.sh /usr/bin/launch_awx.sh +ADD tools/ansible/roles/dockerfile/files/launch_awx_task.sh /usr/bin/launch_awx_task.sh +ADD tools/ansible/roles/dockerfile/files/settings.py /etc/tower/settings.py +ADD {{ template_dest }}/supervisor.conf /etc/supervisord.conf +ADD {{ template_dest }}/supervisor_task.conf /etc/supervisord_task.conf +ADD tools/scripts/config-watcher /usr/bin/config-watcher + +# Pre-create things we need to access +RUN for dir in \ + /var/lib/awx \ + /var/lib/awx/rsyslog \ + /var/lib/awx/rsyslog/conf.d \ + /var/run/awx-rsyslog \ + /var/log/tower \ + /var/log/nginx \ + /var/lib/postgresql \ + /var/run/supervisor \ + /var/lib/nginx ; \ + do mkdir -m 0775 -p $dir ; chmod g+rw $dir ; chgrp root $dir ; done && \ + for file in \ + /etc/passwd \ + /var/lib/awx/rsyslog/rsyslog.conf ; \ + do touch $file ; chmod g+rw $file ; chgrp root $file ; done + +# Adjust any remaining permissions +RUN chmod u+s /usr/bin/bwrap ; \ + chgrp -R root ${COLLECTION_BASE} ; \ + chmod -R g+rw ${COLLECTION_BASE} + +RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ + ln -sf /dev/stderr /var/log/nginx/error.log + +ENV HOME="/var/lib/awx" +ENV PATH="/usr/pgsql-10/bin:${PATH}" + +USER 1000 +EXPOSE 8052 + +ENTRYPOINT ["/usr/bin/tini", "--"] +CMD /usr/bin/launch_awx.sh +VOLUME /var/lib/nginx