This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 57bd680 Add support for Centos8 and optionally including openssl
(#5627)
57bd680 is described below
commit 57bd6800086d6ff97c7c0345a3525d092c4448d9
Author: Jonathan G <[email protected]>
AuthorDate: Mon Mar 15 12:45:04 2021 -0600
Add support for Centos8 and optionally including openssl (#5627)
* Add support for Centos8 and optionally including openssl
Closes #5624
* Remove redundant cp arg
* Fix where cjose and jansson weren't being bundled with ats rpm
* Remove another redundant cp arg
* Added changelog entry
---
CHANGELOG.md | 1 +
traffic_server/_tsb/Dockerfile | 71 +++++++++++++++++++++++++++-------
traffic_server/_tsb/docker-compose.yml | 26 +++++++------
traffic_server/_tsb/run.sh | 30 ++++++++------
traffic_server/_tsb/trafficserver.spec | 18 +++++++++
5 files changed, 109 insertions(+), 37 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b7cb567..e2dedd7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
## [unreleased]
### Added
+- Apache Traffic Server:
[#5627](https://github.com/apache/trafficcontrol/pull/5627) - Added the
creation of Centos8 RPMs for Apache Traffic Server
- Traffic Ops/Traffic Portal:
[#5479](https://github.com/apache/trafficcontrol/issues/5479) - Added the
ability to change a server capability name
- Traffic Ops: [#3577](https://github.com/apache/trafficcontrol/issues/3577) -
Added a query param (server host_name or ID) for servercheck API
- Traffic Portal:
[#5318](https://github.com/apache/trafficcontrol/issues/5318) - Rename server
columns for IPv4 address fields.
diff --git a/traffic_server/_tsb/Dockerfile b/traffic_server/_tsb/Dockerfile
index eb2ec46..7040cf8 100644
--- a/traffic_server/_tsb/Dockerfile
+++ b/traffic_server/_tsb/Dockerfile
@@ -16,21 +16,61 @@
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
-FROM centos:7
+ARG RHEL_VERSION=8
+FROM centos:${RHEL_VERSION} as ats-common-dependencies
+ARG RHEL_VERSION=8
-RUN yum clean all \
- && yum install -y deltarpm epel-release centos-release-scl-rh \
- && yum-config-manager --enable rhel-server-rhscl-7-rpms \
- && yum clean all \
+MAINTAINER [email protected]
+
+### Common for all sub-component builds
+RUN if [[ ${RHEL_VERSION%%.*} -ge 8 ]]; then \
+ rpm_gpg_key=RPM-GPG-KEY-centosofficial; \
+ yum install -y 'dnf-command(config-manager)'; \
+ yum config-manager --set-enabled powertools; \
+ else \
+ rpm_gpg_key="RPM-GPG-KEY-CentOS-${RHEL_VERSION%%.*}"; \
+ yum install -y deltarpm centos-release-scl-rh; \
+ yum-config-manager --enable rhel-server-rhscl-7-rpms; \
+ fi && \
+ rpm --import "/etc/pki/rpm-gpg/${rpm_gpg_key}" && \
+ rpm --import
"https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-${RHEL_VERSION%%.*}"; &&
\
+ yum -y clean all && \
+ yum -y update ca-certificates && \
+ yum -y install \
+ git \
+ rpm-build \
+ rsync \
+ epel-release && \
+ yum -y clean all
+
+### ats specific requirements
+FROM ats-common-dependencies AS build-ats-specific
+ARG RHEL_VERSION=8
+
+RUN if [[ ${RHEL_VERSION%%.*} -ge 8 ]]; then \
+ os_pkgs=( \
+ brotli \
+ brotli-devel \
+ curl \
+ gcc-toolset-9 \
+ gcc-toolset-9-runtime \
+ jansson \
+ jansson-devel \
+ libmaxminddb \
+ libmaxminddb-devel); \
+ os_toolset="gcc-toolset-9"; \
+ else \
+ os_pkgs=(devtoolset-7); \
+ os_toolset="devtoolset-7"; \
+ fi \
&& yum install -y \
+ ${os_pkgs[*]} \
autoconf \
automake \
- devtoolset-7 \
ed \
expat-devel \
flex \
gcc-c++ \
- git \
glibc-devel \
hwloc \
hwloc-devel \
@@ -54,20 +94,23 @@ RUN yum clean all \
perl-URI \
pkgconfig \
python3 \
- rpm-build \
sudo \
tcl-devel \
zlib \
zlib-devel \
&& yum clean all
-
COPY jansson.pic.patch /opt/src/
COPY cjose.pic.patch /opt/src/
-ADD https://bootstrap.pypa.io/pip/2.7/get-pip.py /
-RUN python get-pip.py
-RUN pip install --user Sphinx
-COPY run.sh /
+RUN pip3 install --user Sphinx
+COPY run.sh /run.sh
COPY trafficserver.spec /rpmbuilddir/SPECS/trafficserver.spec
COPY traffic_server_jemalloc /rpmbuilddir/SOURCES/traffic_server_jemalloc
RUN /usr/sbin/useradd -u 176 -r ats -s /sbin/nologin -d /
-CMD set -o pipefail; scl enable devtoolset-7 ./run.sh 2>&1 | tee
/rpmbuilddir/RPMS/x86_64/build.log
+CMD if [[ ${RHEL_VERSION%%.*} -ge 8 ]]; then \
+ os_toolset=gcc-toolset-9; \
+ openssl_included='--without_openssl'; \
+ else \
+ os_toolset=devtoolset-7; \
+ openssl_included='--with_openssl'; \
+ fi \
+ && set -o pipefail; scl enable ${os_toolset} "./run.sh
${openssl_included}" 2>&1 | tee /rpmbuilddir/RPMS/build-trafficserver.log
diff --git a/traffic_server/_tsb/docker-compose.yml
b/traffic_server/_tsb/docker-compose.yml
index e6534c3..88e2cb3 100644
--- a/traffic_server/_tsb/docker-compose.yml
+++ b/traffic_server/_tsb/docker-compose.yml
@@ -17,15 +17,17 @@
---
version: "2.1"
services:
- ats_build:
- build:
- context: .
- dockerfile: Dockerfile
- image: ats_build
- volumes:
- - ./src/jansson:/opt/src/jansson
- - ./src/cjose:/opt/src/cjose
- - ./src/openssl:/opt/src/openssl
- - ./src/ats:/rpmbuilddir/SOURCES/src
- -
./src/trafficcontrol/traffic_server/plugins/astats_over_http:/opt/src/astats_over_http
- - ./dist:/rpmbuilddir/RPMS/x86_64
+ ats_build:
+ build:
+ context: .
+ dockerfile: Dockerfile
+ args:
+ RHEL_VERSION: ${RHEL_VERSION:-8}
+ image: ats_build
+ volumes:
+ - ./src/jansson:/opt/src/jansson:Z
+ - ./src/cjose:/opt/src/cjose:Z
+ - ./src/openssl:/opt/src/openssl:Z
+ - ./src/ats:/rpmbuilddir/SOURCES/src:Z
+ -
./src/trafficcontrol/traffic_server/plugins/astats_over_http:/opt/src/astats_over_http:Z
+ - ./dist:/rpmbuilddir/RPMS/x86_64:Z
diff --git a/traffic_server/_tsb/run.sh b/traffic_server/_tsb/run.sh
index 8ef67f2..eea8c44 100755
--- a/traffic_server/_tsb/run.sh
+++ b/traffic_server/_tsb/run.sh
@@ -26,19 +26,27 @@ die() {
mkdir /opt/build
cp -fa /opt/{src,build}/jansson
cp -fa /opt/{src,build}/cjose
-cp -fa /opt/{src,build}/openssl
-# Build OpenSSL
-(
- cd /opt/build/openssl && \
- ./config --prefix=/opt/trafficserver/openssl
--openssldir=/opt/trafficserver/openssl zlib && \
- make -j`nproc` && \
- make install_sw
-) || die "Failed to build OpenSSL"
-
+if [ "$1" == "--with_openssl" ]; then
+ cp -fa /opt/{src,build}/openssl
+
+ # Build OpenSSL
+ (
+ cd /opt/build/openssl && \
+ ./config --prefix=/opt/trafficserver/openssl
--openssldir=/opt/trafficserver/openssl zlib && \
+ make -j`nproc` && \
+ make install_sw
+ ) || die "Failed to build OpenSSL"
+ cjose_openssl='--with-openssl=/opt/trafficserver/openssl'
+ rpmbuild_openssl='--with openssl_included'
+else
+ cjose_openssl=''
+ rpmbuild_openssl='--without openssl_included'
+fi
+
(cd /opt/build/jansson && patch -p1 < /opt/src/jansson.pic.patch && autoreconf
-i && ./configure --enable-shared=no && make -j`nproc` && make install) || die
"Failed to install jansson from source."
-(cd /opt/build/cjose && patch -p1 < /opt/src/cjose.pic.patch && autoreconf -i
&& ./configure --enable-shared=no --with-openssl=/opt/trafficserver/openssl &&
make -j`nproc` && make install) || die "Failed to install cjose from source."
+(cd /opt/build/cjose && patch -p1 < /opt/src/cjose.pic.patch && autoreconf -i
&& ./configure --enable-shared=no ${cjose_openssl} && make -j`nproc` && make
install) || die "Failed to install cjose from source."
# Patch astats in so that it builds in-tree.
cp -far /opt/src/astats_over_http
/rpmbuilddir/SOURCES/src/plugins/astats_over_http
@@ -58,4 +66,4 @@ ED
# This includes changing output redirection to traffic.out and adding
udev-settle to wait for disks
(sed -i 's/ExecStart=@exp_bindir@\/traffic_manager
\$TM_DAEMON_ARGS/ExecStart=@exp_bindir@\/traffic_manager --bind_stdout
@exp_logdir@\/traffic.out --bind_stderr @exp_logdir@\/traffic.out
\$TM_DAEMON_ARGS/g' /rpmbuilddir/SOURCES/src/rc/trafficserver.service.in)
(sed -i 's/After=syslog.target
network.target/Wants=systemd-udev-settle.service \nAfter=syslog.target
network.target systemd-udev-settle.service/g'
/rpmbuilddir/SOURCES/src/rc/trafficserver.service.in)
-rpmbuild -bb --define "_topdir /rpmbuilddir"
/rpmbuilddir/SPECS/trafficserver.spec || die "Failed to build rpm."
+rpmbuild -bb ${rpmbuild_openssl} --define "_topdir /rpmbuilddir"
/rpmbuilddir/SPECS/trafficserver.spec || die "Failed to build rpm."
diff --git a/traffic_server/_tsb/trafficserver.spec
b/traffic_server/_tsb/trafficserver.spec
index 1ba82f6..79d71fc 100644
--- a/traffic_server/_tsb/trafficserver.spec
+++ b/traffic_server/_tsb/trafficserver.spec
@@ -26,6 +26,10 @@
%global install_prefix "/opt"
%global api_stats "4096"
%global _find_debuginfo_dwz_opts %{nil}
+%{!?_with_openssl_included: %{!?_without_openssl_included: %define
_without_openssl_included --without-openssl_included}}
+%{?_with_openssl_included: %{?_without_openssl_included: %{error: both
_with_openssl_included and _without_openssl_included}}}
+%{!?_with_openssl_included: %{!?_without_openssl_included: %{error: neither
_with_openssl_included nor _without_openssl_included}}}
+%{?_without_openssl_included:BuildRequires: openssl-devel}
Name: trafficserver
Version: %{tag}
@@ -51,9 +55,17 @@ cp -far %{src}/../traffic_server_jemalloc ..
autoreconf -vfi
%build
+%if %{?_with_openssl_included:1}%{!?_with_openssl_included:0}
./configure --with-openssl=/opt/trafficserver/openssl
--prefix=%{install_prefix}/%{name} --with-user=ats --with-group=ats
--with-build-number=%{release} --enable-experimental-plugins
--with-max-api-stats=%{api_stats} --disable-unwind
+%else
+./configure --prefix=%{install_prefix}/%{name} --with-user=ats
--with-group=ats --with-build-number=%{release} --enable-experimental-plugins
--with-max-api-stats=%{api_stats} --disable-unwind
+%endif
make %{?_smp_mflags}
+%if %{?_with_openssl_included:1}%{!?_with_openssl_included:0}
export
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/trafficserver/openssl/lib:/usr/local/lib
+%else
+export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
+%endif
make %{?_smp_mflags} check || ( cat ./test-suite.log; exit 1 )
%install
@@ -64,8 +76,10 @@ mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system
cp rc/trafficserver.service $RPM_BUILD_ROOT/usr/lib/systemd/system/
cp ../traffic_server_jemalloc $RPM_BUILD_ROOT/opt/trafficserver/bin/
+%if %{?_with_openssl_included:1}%{!?_with_openssl_included:0}
mkdir -p $RPM_BUILD_ROOT/opt/trafficserver/openssl
cp -r /opt/trafficserver/openssl/lib
$RPM_BUILD_ROOT/opt/trafficserver/openssl/lib
+%endif
%clean
rm -rf $RPM_BUILD_ROOT
@@ -102,7 +116,9 @@ fi
%defattr(-,root,root)
%attr(644,-,-) /usr/lib/systemd/system/trafficserver.service
%dir /opt/trafficserver
+%if %{?_with_openssl_included:1}%{!?_with_openssl_included:0}
/opt/trafficserver/openssl
+%endif
/opt/trafficserver/bin
/opt/trafficserver/include
/opt/trafficserver/lib
@@ -133,6 +149,8 @@ fi
%config(noreplace) %attr(644,ats,ats)
/opt/trafficserver/etc/trafficserver/volume.config
%changelog
+* Wed Mar 10 2021 Jonathan Gray <jhg03a(at)apache.org>
+- Modified to support stop bundling openssl with ats
* Wed Aug 26 2020 Chris Lemmons <alficles(at)gmail.com>
- Updated to incorporate new tooling and Apache Traffic Control patches
* Wed Jun 8 2016 John Rushford <john_rushford(at)cable.comcast.com>
