diff --git a/Makefile b/Makefile index 69b4a44..67adac3 100644 --- a/Makefile +++ b/Makefile @@ -12,25 +12,26 @@ # See the License for the specific language governing permissions and # limitations under the License. -DOCKER_REGISTRY ?= quay.io -REGION_SUFFIX ?= maas-region -IMG_COMMON_DIR ?= images -REGION_IMG_DIR ?= images/maas-region-controller -RACK_SUFFIX ?= maas-rack -RACK_IMG_DIR ?= images/maas-rack-controller -CACHE_SUFFIX ?= maas-cache -CACHE_IMG_DIR ?= images/sstream-cache -IMAGE_PREFIX ?= airshipit -IMAGE_TAG ?= untagged -PROXY ?= http://proxy.foo.com:8000 -NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local -USE_PROXY ?= false -PUSH_IMAGE ?= false -LABEL ?= commit-id -IMAGE_NAME := maas-rack-controller maas-region-controller sstream-cache -BUILD_DIR := $(shell mktemp -d) -HELM := $(BUILD_DIR)/helm -SSTREAM_IMAGE := "https://images.maas.io/ephemeral-v3/daily/" +DOCKER_REGISTRY ?= quay.io +REGION_SUFFIX ?= maas-region +IMG_COMMON_DIR ?= images +REGION_IMG_DIR ?= images/maas-region-controller +RACK_SUFFIX ?= maas-rack +RACK_IMG_DIR ?= images/maas-rack-controller +CACHE_SUFFIX ?= maas-cache +CACHE_IMG_DIR ?= images/sstream-cache +IMAGE_PREFIX ?= airshipit +IMAGE_TAG ?= untagged +PROXY ?= http://proxy.foo.com:8000 +NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local +USE_PROXY ?= false +PUSH_IMAGE ?= false +LABEL ?= commit-id +IMAGE_NAME := maas-rack-controller maas-region-controller sstream-cache +BUILD_DIR := $(shell mktemp -d) +HELM := $(BUILD_DIR)/helm +SSTREAM_IMAGE := "https://images.maas.io/ephemeral-v3/daily/" +UBUNTU_BASE_IMAGE ?= ubuntu:16.04 .PHONY: images #Build all images in the list @@ -66,16 +67,21 @@ helm-install: .PHONY: build build: ifeq ($(USE_PROXY), true) - docker build -t $(IMAGE) --network=host --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile --build-arg SSTREAM_IMAGE=$(SSTREAM_IMAGE) \ + docker build -t $(IMAGE) --network=host --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile \ + --build-arg FROM=$(UBUNTU_BASE_IMAGE) \ --build-arg http_proxy=$(PROXY) \ --build-arg https_proxy=$(PROXY) \ --build-arg HTTP_PROXY=$(PROXY) \ --build-arg HTTPS_PROXY=$(PROXY) \ --build-arg no_proxy=$(NO_PROXY) \ --build-arg NO_PROXY=$(NO_PROXY) \ + --build-arg SSTREAM_IMAGE=$(SSTREAM_IMAGE) \ $(IMAGE_DIR) else - docker build -t $(IMAGE) --network=host --label $(LABEL) --build-arg SSTREAM_IMAGE=$(SSTREAM_IMAGE) -f $(IMAGE_DIR)/Dockerfile $(IMAGE_DIR) + docker build -t $(IMAGE) --network=host --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile \ + --build-arg FROM=$(UBUNTU_BASE_IMAGE) \ + --build-arg SSTREAM_IMAGE=$(SSTREAM_IMAGE) \ + $(IMAGE_DIR) endif ifeq ($(PUSH_IMAGE), true) docker push $(IMAGE) diff --git a/images/maas-rack-controller/Dockerfile b/images/maas-rack-controller/Dockerfile index 720d2f0..c808df4 100644 --- a/images/maas-rack-controller/Dockerfile +++ b/images/maas-rack-controller/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:16.04 +ARG FROM=ubuntu:16.04 +FROM ${FROM} ENV DEBIAN_FRONTEND noninteractive ENV container docker diff --git a/images/maas-region-controller/Dockerfile b/images/maas-region-controller/Dockerfile index 66f6bd5..4e99704 100644 --- a/images/maas-region-controller/Dockerfile +++ b/images/maas-region-controller/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:16.04 +ARG FROM=ubuntu:16.04 +FROM ${FROM} ENV DEBIAN_FRONTEND noninteractive ENV container docker diff --git a/images/sstream-cache/Dockerfile b/images/sstream-cache/Dockerfile index d1f145a..2e0bdba 100644 --- a/images/sstream-cache/Dockerfile +++ b/images/sstream-cache/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:16.04 +ARG FROM=ubuntu:16.04 +FROM ${FROM} ARG SSTREAM_IMAGE=https://images.maas.io/ephemeral-v3/daily/ ENV IMAGE_SRC ${SSTREAM_IMAGE} diff --git a/tools/gate/playbooks/docker-image-build.yaml b/tools/gate/playbooks/docker-image-build.yaml index 7f4af61..31806f1 100644 --- a/tools/gate/playbooks/docker-image-build.yaml +++ b/tools/gate/playbooks/docker-image-build.yaml @@ -14,6 +14,8 @@ - hosts: primary tasks: + - include_vars: vars.yaml + - name: Debug tag generation inputs block: - debug: @@ -39,16 +41,47 @@ var: image_tags - name: Install Docker (Debian) + when: ansible_os_family == 'Debian' block: + - file: + path: "{{ item }}" + state: directory + with_items: + - /etc/docker/ + - /etc/systemd/system/docker.service.d/ + - /var/lib/docker/ + - mount: + path: /var/lib/docker/ + src: tmpfs + fstype: tmpfs + opts: size=25g + state: mounted + - copy: "{{ item }}" + with_items: + - content: "{{ docker_daemon | to_json }}" + dest: /etc/docker/daemon.json + - src: files/docker-systemd.conf + dest: /etc/systemd/system/docker.service.d/ + - apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + - apt_repository: + repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable - apt: name: "{{ item }}" + allow_unauthenticated: True with_items: - - docker.io + - docker-ce - python-pip - when: ansible_os_family == 'Debian' - pip: name: docker version: 2.7.0 + # NOTE(SamYaple): Allow all connections from containers to host so the + # containers can access the http server for git and wheels + - iptables: + action: insert + chain: INPUT + in_interface: docker0 + jump: ACCEPT become: True - name: Make images diff --git a/tools/gate/playbooks/files/docker-systemd.conf b/tools/gate/playbooks/files/docker-systemd.conf new file mode 100644 index 0000000..6b01af0 --- /dev/null +++ b/tools/gate/playbooks/files/docker-systemd.conf @@ -0,0 +1,8 @@ +# NOTE(SamYaple): CentOS cannot be build with userns-remap enabled. httpd uses +# cap_set_file capability and there is no way to pass that in at build as of +# docker 17.06. +# TODO(SamYaple): Periodically check to see if this is possible in newer +# versions of Docker +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml new file mode 100644 index 0000000..8da189a --- /dev/null +++ b/tools/gate/playbooks/vars.yaml @@ -0,0 +1,20 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +docker_daemon: + group: zuul + registry-mirrors: + - "http://{{ zuul_site_mirror_fqdn }}:8082/" + storage-driver: overlay2 + debug: True