diff --git a/Makefile b/Makefile index 81abef2b..4616ad0f 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,8 @@ PROXY ?= http://proxy.foo.com:8000 NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local USE_PROXY ?= false +PYTHON_BASE_IMAGE ?= python:3.5 +UBUNTU_BASE_IMAGE ?= ubuntu:16.04 IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG} IMAGE_DIR:=images/$(IMAGE_NAME) @@ -85,6 +87,7 @@ run: build_airflow: ifeq ($(USE_PROXY), true) docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile \ + --build-arg FROM=$(UBUNTU_BASE_IMAGE) \ --build-arg http_proxy=$(PROXY) \ --build-arg https_proxy=$(PROXY) \ --build-arg HTTP_PROXY=$(PROXY) \ @@ -93,7 +96,9 @@ ifeq ($(USE_PROXY), true) --build-arg NO_PROXY=$(NO_PROXY) \ --build-arg ctx_base=$(BUILD_CTX) . else - docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile --build-arg ctx_base=$(BUILD_CTX) . + docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile \ + --build-arg FROM=$(UBUNTU_BASE_IMAGE) \ + --build-arg ctx_base=$(BUILD_CTX) . endif ifeq ($(PUSH_IMAGE), true) docker push $(IMAGE) @@ -102,15 +107,19 @@ endif .PHONY: build_shipyard build_shipyard: ifeq ($(USE_PROXY), true) - docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile --build-arg ctx_base=$(BUILD_CTX) \ + docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile \ + --build-arg FROM=$(PYTHON_BASE_IMAGE) \ --build-arg http_proxy=$(PROXY) \ --build-arg https_proxy=$(PROXY) \ --build-arg HTTP_PROXY=$(PROXY) \ --build-arg HTTPS_PROXY=$(PROXY) \ --build-arg no_proxy=$(NO_PROXY) \ - --build-arg NO_PROXY=$(NO_PROXY) . + --build-arg NO_PROXY=$(NO_PROXY) \ + --build-arg ctx_base=$(BUILD_CTX) . else - docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile --build-arg ctx_base=$(BUILD_CTX) . + docker build --network host -t $(IMAGE) --label $(LABEL) -f $(IMAGE_DIR)/Dockerfile \ + --build-arg FROM=$(PYTHON_BASE_IMAGE) \ + --build-arg ctx_base=$(BUILD_CTX) . endif ifeq ($(PUSH_IMAGE), true) docker push $(IMAGE) diff --git a/images/airflow/Dockerfile b/images/airflow/Dockerfile index 625f1a87..7f1cf1ad 100644 --- a/images/airflow/Dockerfile +++ b/images/airflow/Dockerfile @@ -13,7 +13,8 @@ # limitations under the License. # Docker image to run Airflow on Kubernetes -FROM ubuntu:16.04 +ARG FROM=ubuntu:16.04 +FROM ${FROM} # Do not prompt user for choices on installation/configuration of packages # Set port 8080 for Airflow Web diff --git a/images/shipyard/Dockerfile b/images/shipyard/Dockerfile index cc2fd85e..1fdb1f4a 100644 --- a/images/shipyard/Dockerfile +++ b/images/shipyard/Dockerfile @@ -12,7 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM python:3.5 +ARG FROM=python:3.5 +FROM ${FROM} ENV container docker ENV PORT 9000 diff --git a/tools/gate/playbooks/run-image.yaml b/tools/gate/playbooks/run-image.yaml index 39854068..3514bdee 100644 --- a/tools/gate/playbooks/run-image.yaml +++ b/tools/gate/playbooks/run-image.yaml @@ -15,6 +15,8 @@ - hosts: all gather_facts: False become: yes + vars_files: + - vars.yaml roles: - build-images tags: diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml index eb6ffae1..c89b7980 100644 --- a/tools/gate/playbooks/vars.yaml +++ b/tools/gate/playbooks/vars.yaml @@ -12,4 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -null: null +docker_daemon: + group: zuul + registry-mirrors: + - "http://{{ zuul_site_mirror_fqdn }}:8082/" + storage-driver: overlay2 diff --git a/tools/gate/roles/build-images/files/docker-systemd.conf b/tools/gate/roles/build-images/files/docker-systemd.conf new file mode 100644 index 00000000..6b01af0f --- /dev/null +++ b/tools/gate/roles/build-images/files/docker-systemd.conf @@ -0,0 +1,8 @@ +# NOTE(SamYaple): CentOS cannot be build with userns-remap enabled. httpd uses +# cap_set_file capability and there is no way to pass that in at build as of +# docker 17.06. +# TODO(SamYaple): Periodically check to see if this is possible in newer +# versions of Docker +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd diff --git a/tools/gate/roles/build-images/tasks/airship-shipyard.yaml b/tools/gate/roles/build-images/tasks/airship-shipyard.yaml index a32cb62a..c5a30863 100644 --- a/tools/gate/roles/build-images/tasks/airship-shipyard.yaml +++ b/tools/gate/roles/build-images/tasks/airship-shipyard.yaml @@ -36,6 +36,50 @@ debug: var: image_tags +- name: Install Docker (Debian) + when: ansible_os_family == 'Debian' + block: + - file: + path: "{{ item }}" + state: directory + with_items: + - /etc/docker/ + - /etc/systemd/system/docker.service.d/ + - /var/lib/docker/ + - mount: + path: /var/lib/docker/ + src: tmpfs + fstype: tmpfs + opts: size=25g + state: mounted + - copy: "{{ item }}" + with_items: + - content: "{{ docker_daemon | to_json }}" + dest: /etc/docker/daemon.json + - src: files/docker-systemd.conf + dest: /etc/systemd/system/docker.service.d/ + - apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + - apt_repository: + repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable + - apt: + name: "{{ item }}" + allow_unauthenticated: True + with_items: + - docker-ce + - python-pip + - pip: + name: docker + version: 2.7.0 + # NOTE(SamYaple): Allow all connections from containers to host so the + # containers can access the http server for git and wheels + - iptables: + action: insert + chain: INPUT + in_interface: docker0 + jump: ACCEPT + become: True + - name: Make images when: not publish block: