This is an automated email from the ASF dual-hosted git repository.
tysonnorris pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new b131ec1 optional debian docker images (#4949)
b131ec1 is described below
commit b131ec1c0028de2ef3ddc048ca3e96b3020bc8e7
Author: tysonnorris <[email protected]>
AuthorDate: Thu Sep 10 14:13:04 2020 -0700
optional debian docker images (#4949)
---
common/scala/Dockerfile-debian | 36 ++++++++++++
core/controller/Dockerfile-debian | 67 +++++++++++++++++++++++
core/cosmosdb/cache-invalidator/Dockerfile-debian | 34 ++++++++++++
core/invoker/Dockerfile-debian | 49 +++++++++++++++++
core/monitoring/user-events/Dockerfile-debian | 34 ++++++++++++
gradle/docker.gradle | 14 ++++-
6 files changed, 233 insertions(+), 1 deletion(-)
diff --git a/common/scala/Dockerfile-debian b/common/scala/Dockerfile-debian
new file mode 100644
index 0000000..4373a4a
--- /dev/null
+++ b/common/scala/Dockerfile-debian
@@ -0,0 +1,36 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+FROM
adoptopenjdk/openjdk11-openj9:x86_64-debian-jdk-11.0.6_10_openj9-0.18.1-slim
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+#use cloudfront + https for packages
+RUN echo 'deb https://cloudfront.debian.net/debian/ stable main\n\
+deb https://cloudfront.debian.net/debian-security/ stable/updates main'\
+> /etc/apt/sources.list
+
+RUN apt-get -y install --no-install-recommends \
+ sed curl bash && apt-get -y update && apt-get -y upgrade
+
+RUN mkdir /logs
+
+COPY transformEnvironment.sh /
+RUN chmod +x transformEnvironment.sh
+
+COPY copyJMXFiles.sh /
+RUN chmod +x copyJMXFiles.sh
diff --git a/core/controller/Dockerfile-debian
b/core/controller/Dockerfile-debian
new file mode 100644
index 0000000..f17dde8
--- /dev/null
+++ b/core/controller/Dockerfile-debian
@@ -0,0 +1,67 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+FROM scala
+
+ENV UID=1001 \
+ NOT_ROOT_USER=owuser
+ENV
SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f9863d4191a574c96e7
\
+ SWAGGER_UI_VERSION=3.6.0
+
+###################################################################################################
+# It's needed for lean mode where the controller is also an invoker
+###################################################################################################
+# If you change the docker version here, it has implications on invoker runc
support.
+# Docker server version and the invoker docker version must be the same to
enable runc usage.
+# If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible
env.
+ENV DOCKER_VERSION=18.06.3-ce
+
+RUN apt-get -y install openssl
+
+# Uncomment to fetch latest version of docker instead: RUN wget -qO-
https://get.docker.com | sh
+# Install docker client
+RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
&& \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
+ rm -f docker-${DOCKER_VERSION}.tgz && \
+ chmod +x /usr/bin/docker && \
+ chmod +x /usr/bin/docker-runc
+##################################################################################################
+
+# Install swagger-ui
+RUN curl -sSL -o swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz --no-verbose
https://github.com/swagger-api/swagger-ui/archive/v${SWAGGER_UI_VERSION}.tar.gz
&& \
+ echo "${SWAGGER_UI_DOWNLOAD_SHA256}
swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz" | sha256sum -c - && \
+ mkdir swagger-ui && \
+ tar zxf swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz -C /swagger-ui
--strip-components=2 swagger-ui-${SWAGGER_UI_VERSION}/dist && \
+ rm swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz && \
+ sed -i s#http://petstore.swagger.io/v2/swagger.json#/api/v1/api-docs#g
/swagger-ui/index.html
+
+# Copy app jars
+ADD build/distributions/controller.tar /
+
+COPY init.sh /
+RUN chmod +x init.sh
+
+RUN adduser --disabled-password --disabled-login --gecos '' --uid ${UID}
--home /home/${NOT_ROOT_USER} ${NOT_ROOT_USER}
+
+# It is possible to run as non root if you dont need invoker capabilities out
of the controller today
+# When running it as a non-root user this has implications on the standard
directory where runc stores its data.
+# The non-root user should have access on the directory and corresponding
permission to make changes on it.
+#USER ${NOT_ROOT_USER}
+
+EXPOSE 8080
+CMD ["./init.sh", "0"]
diff --git a/core/cosmosdb/cache-invalidator/Dockerfile-debian
b/core/cosmosdb/cache-invalidator/Dockerfile-debian
new file mode 100644
index 0000000..3a33d27
--- /dev/null
+++ b/core/cosmosdb/cache-invalidator/Dockerfile-debian
@@ -0,0 +1,34 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+FROM scala
+
+ENV UID=1001 \
+ NOT_ROOT_USER=owuser
+
+
+# Copy app jars
+ADD build/distributions/cache-invalidator.tar /
+
+COPY init.sh /
+RUN chmod +x init.sh
+
+RUN adduser --disabled-password --disabled-login --gecos '' --uid ${UID}
--home /home/${NOT_ROOT_USER} ${NOT_ROOT_USER}
+USER ${NOT_ROOT_USER}
+
+EXPOSE 8080
+CMD ["./init.sh", "0"]
diff --git a/core/invoker/Dockerfile-debian b/core/invoker/Dockerfile-debian
new file mode 100644
index 0000000..ed205a3
--- /dev/null
+++ b/core/invoker/Dockerfile-debian
@@ -0,0 +1,49 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+FROM scala
+
+ENV UID=1001 \
+ NOT_ROOT_USER=owuser
+ ENV DOCKER_VERSION=18.06.3-ce
+# If you change the docker version here, it has implications on invoker runc
support.
+# Docker server version and the invoker docker version must be the same to
enable runc usage.
+# If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible
env.
+
+
+RUN apt-get -y install openssl
+
+# Uncomment to fetch latest version of docker instead: RUN wget -qO-
https://get.docker.com | sh
+# Install docker client
+RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
&& \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
+ rm -f docker-${DOCKER_VERSION}.tgz && \
+ chmod +x /usr/bin/docker && \
+ chmod +x /usr/bin/docker-runc
+
+ADD build/distributions/invoker.tar ./
+
+COPY init.sh /
+RUN chmod +x init.sh
+
+# When running the invoker as a non-root user this has implications on the
standard directory where runc stores its data.
+# The non-root user should have access on the directory and corresponding
permission to make changes on it.
+RUN adduser --disabled-password --disabled-login --gecos '' --uid ${UID}
--home /home/${NOT_ROOT_USER} ${NOT_ROOT_USER}
+
+EXPOSE 8080
+CMD ["./init.sh", "0"]
diff --git a/core/monitoring/user-events/Dockerfile-debian
b/core/monitoring/user-events/Dockerfile-debian
new file mode 100644
index 0000000..c53bed9
--- /dev/null
+++ b/core/monitoring/user-events/Dockerfile-debian
@@ -0,0 +1,34 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+FROM scala
+
+ENV UID=1001 \
+ NOT_ROOT_USER=owuser
+
+# Copy app jars
+ADD build/distributions/user-events.tar /
+
+COPY init.sh /
+RUN chmod +x init.sh
+
+RUN adduser --disabled-password --disabled-login --gecos '' --uid ${UID}
--home /home/${NOT_ROOT_USER} ${NOT_ROOT_USER}
+USER ${NOT_ROOT_USER}
+
+# Prometheus port
+EXPOSE 9095
+CMD ["./init.sh", "0"]
diff --git a/gradle/docker.gradle b/gradle/docker.gradle
index 4578857..52f438d 100644
--- a/gradle/docker.gradle
+++ b/gradle/docker.gradle
@@ -46,6 +46,7 @@ ext {
dockerRetries = project.hasProperty('dockerRetries') ?
dockerRetries.toInteger() : 3
dockerBinary = project.hasProperty('dockerBinary') ? [dockerBinary] :
['docker']
dockerBuildArg = ['build']
+ dockerDockerfileSuffix = ""
}
ext.dockerTaggedImageName = dockerRegistry + dockerImagePrefix + '/' +
dockerImageName + ':' + dockerImageTag
@@ -59,10 +60,21 @@ if(project.hasProperty('dockerBuildArgs')) {
}
}
+if(project.hasProperty('dockerfileSuffix')) {
+ dockerDockerfileSuffix = project.dockerfileSuffix
+}
+
task distDocker {
doLast {
def start = new Date()
- def cmd = dockerBinary + dockerBuildArg + ['-t', dockerImageName,
project.buildscript.sourceFile.getParentFile().getAbsolutePath()]
+ String dockerFileDir =
project.buildscript.sourceFile.getParentFile().getAbsolutePath()
+ String dockerFile = dockerFileDir + "/Dockerfile" +
dockerDockerfileSuffix
+ if (!new File(dockerFile).exists()){
+ println("Using default Dockerfile since '${dockerFile}' does not
exist")
+ dockerFile = dockerFileDir + "/Dockerfile"
+ }
+
+ def cmd = dockerBinary + dockerBuildArg + ['-f', dockerFile] + ['-t',
dockerImageName,
project.buildscript.sourceFile.getParentFile().getAbsolutePath()]
retry(cmd, dockerRetries, dockerTimeout)
println("Building '${dockerImageName}' took ${TimeCategory.minus(new
Date(), start)}")
}
