From fd143c153b5e09f6d84bca8a955e07ffb61588a9 Mon Sep 17 00:00:00 2001 From: Francois Ferrand Date: Mon, 16 Dec 2024 09:23:22 +0100 Subject: [PATCH 1/2] Build federation image from regular image Benefit is to avoid duplicating image, make sure we actually run the build we tested, and reduce dependency on federation. Additionally, switched to `ochinchina/supervisord`, so we can fully remove the python dependency and reduce image size. Differences are very few: - Run as `scality` user - Run supervisord as entrypoint Issue: CLDSRV-597 --- .github/workflows/release.yaml | 40 +++++++++++++------------------- .github/workflows/tests.yaml | 21 +++++++++++++++++ images/federation/Dockerfile | 42 ++++++++++++++++++++++++++++++++++ images/svc-base/Dockerfile | 28 ----------------------- 4 files changed, 79 insertions(+), 52 deletions(-) create mode 100644 images/federation/Dockerfile delete mode 100644 images/svc-base/Dockerfile diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d3df6fe089..f28f5b4f6f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,30 +13,6 @@ env: PROJECT_NAME: ${{ github.event.repository.name }} jobs: - build-federation-image: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} - - name: Build and push image for federation - uses: docker/build-push-action@v5 - with: - push: true - context: . - file: images/svc-base/Dockerfile - tags: | - ghcr.io/${{ github.repository }}:${{ github.event.inputs.tag }}-svc-base - cache-from: type=gha,scope=federation - cache-to: type=gha,mode=max,scope=federation - release: runs-on: ubuntu-latest steps: @@ -69,6 +45,22 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max + - name: Build and push federation image + uses: docker/build-push-action@v5 + with: + push: true + context: images/federation + provenance: false + build-args: + CLOUDSERVER_VERSION=${{ github.event.inputs.tag }} + tags: | + ghcr.io/${{ github.repository }}:${{ github.event.inputs.tag }}-federation + labels: | + git.repository=${{ github.repository }} + git.commit-sha=${{ github.sha }} + cache-from: type=gha,scope=federation + cache-to: type=gha,mode=max,scope=federation + - name: Create Release uses: softprops/action-gh-release@v2 env: diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 7e505a70c0..a9ec504ca8 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -156,14 +156,17 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Login to GitHub Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ github.token }} + - name: Build and push cloudserver image uses: docker/build-push-action@v5 with: @@ -177,6 +180,23 @@ jobs: git.commit-sha=${{ github.sha }} cache-from: type=gha,scope=cloudserver cache-to: type=gha,mode=max,scope=cloudserver + + - name: Build and push federation image + uses: docker/build-push-action@v5 + with: + push: true + context: images/federation + provenance: false + build-args: + CLOUDSERVER_VERSION=${{ github.sha }} + tags: | + ghcr.io/${{ github.repository }}:${{ github.sha }}-federation + labels: | + git.repository=${{ github.repository }} + git.commit-sha=${{ github.sha }} + cache-from: type=gha,scope=federation + cache-to: type=gha,mode=max,scope=federation + - name: Build and push pykmip image uses: docker/build-push-action@v5 with: @@ -189,6 +209,7 @@ jobs: git.commit-sha=${{ github.sha }} cache-from: type=gha,scope=pykmip cache-to: type=gha,mode=max,scope=pykmip + - name: Build and push MongoDB uses: docker/build-push-action@v5 with: diff --git a/images/federation/Dockerfile b/images/federation/Dockerfile new file mode 100644 index 0000000000..f84fd8cc55 --- /dev/null +++ b/images/federation/Dockerfile @@ -0,0 +1,42 @@ +ARG CLOUDSERVER_VERSION=latest +FROM ghcr.io/scality/cloudserver:${CLOUDSERVER_VERSION} AS builder + +#################################################################################################### +FROM ghcr.io/scality/cloudserver:${CLOUDSERVER_VERSION} AS supervisord + +ARG SUPERVISORD_VERSION=0.7.3 +ADD https://github.com/ochinchina/supervisord/releases/download/v${SUPERVISORD_VERSION}/supervisord_${SUPERVISORD_VERSION}_Linux_64-bit.tar.gz /tmp/supervisord.tar.gz +RUN tar -xzvf /tmp/supervisord.tar.gz -C /usr/local/bin --strip-components 1 --wildcards '*/supervisord' + +#################################################################################################### +FROM ghcr.io/scality/cloudserver:${CLOUDSERVER_VERSION} + +# Install external dependencies +COPY --from=supervisord /usr/local/bin/supervisord /usr/local/bin/ + +# Prepare runtime environment +ENV USER="scality" +ENV HOME_DIR="/home/${USER}" \ + LOG_DIR="/logs" \ + CONF_DIR="/conf" \ + DATA_DIR="/data" \ + SUP_RUN_DIR="/var/run/supervisor" + +RUN mv /home/node ${HOME_DIR} && usermod --login ${USER} --shell /bin/bash -d ${HOME_DIR} node +RUN mkdir ${LOG_DIR} && chown ${USER} ${LOG_DIR} && \ + mkdir ${CONF_DIR} && chown ${USER} ${CONF_DIR} && \ + mkdir ${DATA_DIR} && chown ${USER} ${DATA_DIR} && \ + mkdir -m 777 ${SUP_RUN_DIR} && chown ${USER} ${SUP_RUN_DIR} + +USER ${USER} +WORKDIR ${HOME_DIR}/s3 + +# Keep same output as chown command without group (use group 0) +COPY --chown=${USER}:0 --from=builder /usr/src/app ${HOME_DIR}/cloudserver + +ENV S3_CONFIG_FILE=${CONF_DIR}/config.json +ENV S3_LOCATION_FILE=${CONF_DIR}/locationConfig.json +EXPOSE 8000 + +CMD bash -c "source ${CONF_DIR}/env && export && supervisord -c ${CONF_DIR}/supervisord.conf" +ENTRYPOINT [] diff --git a/images/svc-base/Dockerfile b/images/svc-base/Dockerfile deleted file mode 100644 index 55b2531e5b..0000000000 --- a/images/svc-base/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM ghcr.io/scality/federation/nodesvc-base:7.10.6.0 - -ENV S3_CONFIG_FILE=${CONF_DIR}/config.json -ENV S3_LOCATION_FILE=${CONF_DIR}/locationConfig.json - -COPY . ${HOME_DIR}/s3 -RUN chown -R ${USER} ${HOME_DIR} -RUN pip3 install redis===3.5.3 requests==2.27.1 && \ - apt-get install -y git-lfs - -USER ${USER} -WORKDIR ${HOME_DIR}/s3 -RUN rm -f ~/.gitconfig && \ - git config --global --add safe.directory . && \ - git lfs install && \ - GIT_LFS_SKIP_SMUDGE=1 && \ - yarn global add typescript@4.9.5 && \ - yarn install --frozen-lockfile --production --network-concurrency 1 && \ - yarn cache clean --all && \ - yarn global remove typescript - -# run symlinking separately to avoid yarn installation errors -# we might have to check if the symlinking is really needed! -RUN ln -sf /scality-kms node_modules - -EXPOSE 8000 - -CMD bash -c "source ${CONF_DIR}/env && export && supervisord -c ${CONF_DIR}/supervisord.conf" From 1114fa3c0e1b5c6b793c38db7dfd647f54448d56 Mon Sep 17 00:00:00 2001 From: Francois Ferrand Date: Mon, 16 Dec 2024 09:25:20 +0100 Subject: [PATCH 2/2] Fix startup command to propagate OS signals Remove redundant shell command (implicit from using shell form of `CMD`) and use exec to run supervisord. Issue: CLDSRV-597 --- images/federation/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/federation/Dockerfile b/images/federation/Dockerfile index f84fd8cc55..ab383fd28b 100644 --- a/images/federation/Dockerfile +++ b/images/federation/Dockerfile @@ -38,5 +38,5 @@ ENV S3_CONFIG_FILE=${CONF_DIR}/config.json ENV S3_LOCATION_FILE=${CONF_DIR}/locationConfig.json EXPOSE 8000 -CMD bash -c "source ${CONF_DIR}/env && export && supervisord -c ${CONF_DIR}/supervisord.conf" +CMD [ "/bin/bash", "-c", "source ${CONF_DIR}/env && export && exec supervisord -c ${CONF_DIR}/supervisord.conf" ] ENTRYPOINT []