diff --git a/.zuul.yaml b/.zuul.yaml index 73586c6e..3ec04d00 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -23,17 +23,20 @@ - airship-shipyard-chart-build-gate - airship-shipyard-chart-build-latest-htk - airship-shipyard-whitespace-lint-gate - - airship-shipyard-image-gate - airship-shipyard-airskiff-deployment + - airship-shipyard-image-gate-ubuntu + - airship-shipyard-image-gate-opensuse gate: jobs: - openstack-tox-pep8 - airship-shipyard-chart-build-gate - airship-shipyard-whitespace-lint-gate - - airship-shipyard-image-gate + - airship-shipyard-image-gate-ubuntu + - airship-shipyard-image-gate-opensuse post: jobs: - - airship-shipyard-docker-build-post + - airship-shipyard-docker-build-post-ubuntu + - airship-shipyard-docker-build-post-opensuse - nodeset: name: airship-shipyard-single-node @@ -78,12 +81,13 @@ - ^releasenotes/.*$ - job: - name: airship-shipyard-image-gate + name: airship-shipyard-image-gate-ubuntu description: | - Run shipyard-image build. + Run shipyard-image build for ubuntu. parent: airship-shipyard-image-base vars: publish: false + distro: ubuntu_xenial tags: dynamic: patch_set: true @@ -114,7 +118,19 @@ - ^releasenotes/.*$ - job: - name: airship-shipyard-docker-build-post + name: airship-shipyard-image-gate-opensuse + description: | + Run shipyard-image build for opensuse. + parent: airship-shipyard-image-base + vars: + publish: false + distro: opensuse_15 + tags: + dynamic: + patch_set: true + +- job: + name: airship-shipyard-docker-build-post-ubuntu timeout: 1800 run: tools/gate/playbooks/run-image.yaml nodeset: airship-shipyard-single-node @@ -126,6 +142,28 @@ - airship_shipyard_quay_creds vars: publish: true + distro: ubuntu_xenial + tags: + dynamic: + branch: true + commit: true + static: + - latest + +- job: + name: airship-shipyard-docker-build-post-opensuse + timeout: 1800 + run: tools/gate/playbooks/run-image.yaml + nodeset: airship-shipyard-single-node + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^releasenotes/.*$ + secrets: + - airship_shipyard_quay_creds + vars: + publish: true + distro: opensuse_15 tags: dynamic: branch: true diff --git a/Makefile b/Makefile index 314db722..b8290676 100644 --- a/Makefile +++ b/Makefile @@ -31,9 +31,10 @@ PROXY ?= http://proxy.foo.com:8000 NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local USE_PROXY ?= false -UBUNTU_BASE_IMAGE ?= +DISTRO_BASE_IMAGE ?= +DISTRO ?= ubuntu_xenial -IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG} +IMAGE:=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$(IMAGE_NAME):${IMAGE_TAG}-${DISTRO} IMAGE_DIR:=images/$(IMAGE_NAME) .PHONY: images @@ -45,8 +46,8 @@ images: $(IMAGE_NAME) $(IMAGE_NAME): @echo @echo "===== Processing [$@] image =====" - @make build IMAGE=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$@:${IMAGE_TAG} IMAGE_DIR=images/$@ IMAGE_NAME=$@ - @make run IMAGE=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$@:${IMAGE_TAG} SCRIPT=./tools/$@_image_run.sh + @make build IMAGE=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$@:${IMAGE_TAG}-${DISTRO} IMAGE_DIR=images/$@ IMAGE_NAME=$@ + @make run IMAGE=${DOCKER_REGISTRY}/${IMAGE_PREFIX}/$@:${IMAGE_TAG}-${DISTRO} SCRIPT=./tools/$@_image_run.sh # Build all docker images for this project @@ -81,7 +82,7 @@ tests: run: USE_PROXY=$(USE_PROXY) PROXY=$(PROXY) $(SCRIPT) $(IMAGE) -_BASE_IMAGE_ARG := $(if $(UBUNTU_BASE_IMAGE),--build-arg FROM="${UBUNTU_BASE_IMAGE}" ,) +_BASE_IMAGE_ARG := $(if $(DISTRO_BASE_IMAGE),--build-arg FROM="${DISTRO_BASE_IMAGE}" ,) .PHONY: build build: @@ -90,7 +91,7 @@ ifeq ($(USE_PROXY), true) --label "org.opencontainers.image.revision=$(COMMIT)" \ --label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \ --label "org.opencontainers.image.title=$(IMAGE_NAME)" \ - -f $(IMAGE_DIR)/Dockerfile \ + -f $(IMAGE_DIR)/Dockerfile.$(DISTRO) \ $(_BASE_IMAGE_ARG) \ --build-arg http_proxy=$(PROXY) \ --build-arg https_proxy=$(PROXY) \ @@ -104,7 +105,7 @@ else --label "org.opencontainers.image.revision=$(COMMIT)" \ --label "org.opencontainers.image.created=$(shell date --rfc-3339=seconds --utc)" \ --label "org.opencontainers.image.title=$(IMAGE_NAME)" \ - -f $(IMAGE_DIR)/Dockerfile \ + -f $(IMAGE_DIR)/Dockerfile.$(DISTRO) \ $(_BASE_IMAGE_ARG) \ --build-arg ctx_base=$(BUILD_CTX) . endif diff --git a/doc/source/client-user-guide.rst b/doc/source/client-user-guide.rst index 7fb6a900..8b0ff179 100644 --- a/doc/source/client-user-guide.rst +++ b/doc/source/client-user-guide.rst @@ -184,7 +184,7 @@ command. In this example we will execute the ``get actions`` command:: -e 'OS_PASSWORD=password' -e 'OS_PROJECT_DOMAIN_NAME=default' \ -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' \ -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' \ - --rm --net=host airshipit/shipyard:latest get actions + --rm --net=host airshipit/shipyard:latest-ubuntu_xenial get actions The output will resemble the following:: diff --git a/doc/source/index.rst b/doc/source/index.rst index 8b9bec97..d763312f 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -32,6 +32,7 @@ control plane life-cycle management, and is part of the `Airship`_ platform. client-user-guide deployment-guide policy-enforcement + multi-distro-support Building this Documentation --------------------------- diff --git a/doc/source/multi-distro-support.rst b/doc/source/multi-distro-support.rst new file mode 100644 index 00000000..c40e715d --- /dev/null +++ b/doc/source/multi-distro-support.rst @@ -0,0 +1,95 @@ +.. + Copyright 2019 SUSE LLC + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + + +Multiple Distro Support +======================= + +This project builds images for Shipyard and Airflow components. Currently, it +supports building images for ubuntu and opensuse ( leap 15.0 as base image). + +By default, Ubuntu images are built and are published to public registry +server. Recently support for publishing opensuse image has also been added. + +If you need to build opensuse images locally, the following parameters +can be passed to the *make* command in shipyard repository's root +directory with *images* as target:: + + DISTRO: opensuse_15 + DISTRO_BASE_IMAGE: "opensuse/leap:15.0" + DOCKER_REGISTRY: { your_docker_registry } + IMAGE_TAG: latest + IMAGE_NAME: airflow + PUSH_IMAGE: false + +Following is an example in command format to build and publish images locally. +Command is run in shipyard repository's root directory. + + DISTRO=opensuse_15 DOCKER_REGISTRY={ your_docker_registry } \ + IMAGE_NAME=airflow IMAGE_TAG=latest PUSH_IMAGE=true make images + + +Following parameters need to be passed as environment/shell variable to make +command: + +DISTRO + parameter to identify distro specific Dockerfile, ubuntu_xenial (Default) + +DISTRO_BASE_IMAGE + parameter to use different base image other than what's used in DISTRO + specific Dockerfile (optional) + +DOCKER_REGISTRY + parameter to specify local/internal docker registry if need + to publish image (optional), quay.io (Default) + +IMAGE_TAG + tag to be used for image built, untagged (Default) + +PUSH_IMAGE + flag to indicate if images needs to be pushed to a docker + registry, false (Default) + + +This work is done as per approved spec `multi_distro_support`_. Currently only image +building logic is enhanced to support multiple distro. + + +Adding New Distro Support +-------------------------- + +To add support for building images for a new distro, following steps can be +followed. + + #. Shipyard uses images for shipyard and airflow. So to build images for those + components, two Dockerfiles are required, one for each component. + + #. Add distro specific Dockerfile for each component which will have steps to include + necessary packages and run environment configuration. Use existing Dockerfile as + sample to identify needed packages and environment information. + + #. New dockerfile can be named as Dockefile.{DISTRO} where DISTRO is expected to be + distro identifier which is passed to makefile. + + #. Respective dockerfile should be placed in {shipyard_root}/images/airflow and + {shipyard_root}/images/shipyard + + #. Add check, gate, and post jobs for building, testing and publishing images. These + entries need to be added in {shipyard_root}/.zuul.yaml file. Please refer to + existing zuul file for better existing opensuse support. + + #. Add any relevant information to this document. + +.. _multi_distro_support: https://airship-specs.readthedocs.io/en/latest/specs/approved/airship_multi_linux_distros.html diff --git a/images/airflow/Dockerfile.opensuse_15 b/images/airflow/Dockerfile.opensuse_15 new file mode 100644 index 00000000..68b4a07c --- /dev/null +++ b/images/airflow/Dockerfile.opensuse_15 @@ -0,0 +1,137 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Docker image to run Airflow on Kubernetes +ARG FROM=opensuse/leap:15.0 +FROM ${FROM} + +LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' +LABEL org.opencontainers.image.url='https://airshipit.org' +LABEL org.opencontainers.image.documentation='https://airship-shipyard.readthedocs.org' +LABEL org.opencontainers.image.source='https://opendev.org/airship/shipyard' +LABEL org.opencontainers.image.vendor='The Airship Authors' +LABEL org.opencontainers.image.licenses='Apache-2.0' + +# Do not prompt user for choices on installation/configuration of packages +# Set port 8080 for Airflow Web +# Set port 5555 for Airflow Flower +# Set port 8793 for Airflow Worker +ENV container docker +ENV WEB_PORT 8080 +ENV FLOWER_PORT 5555 +ENV WORKER_PORT 8793 +ENV SLUGIFY_USES_TEXT_UNIDECODE yes + +# Expose port for applications +EXPOSE $WEB_PORT +EXPOSE $FLOWER_PORT +EXPOSE $WORKER_PORT + +# Set ARG for usage during build +ARG AIRFLOW_HOME=/usr/local/airflow +ARG ctx_base=src/bin + +# Kubectl version +ARG KUBECTL_VERSION=1.10.2 + +RUN set -ex && \ + zypper -q update -y ;\ + zypper --non-interactive install --no-recommends \ + ca-certificates \ + curl \ + git-core \ + gcc-c++ \ + libffi-devel \ + libopenssl-devel \ + libpqxx-devel \ + gcc-locale \ + netcat-openbsd \ + netcfg \ + which \ + python3 \ + python3-setuptools \ + python3-pip \ + python3-devel \ + python3-python-dateutil \ + make \ + && python3 -m pip install -U pip \ + && zypper clean -a \ + && rm -rf \ + /tmp/* \ + /var/tmp/* \ + /var/log/* \ + /usr/share/man \ + /usr/share/doc \ + /usr/share/doc-base + +# Explicitly need to create usergroup with same name in suse +RUN useradd -U -ms /bin/bash -d ${AIRFLOW_HOME} airflow + +# Things that change mostly infrequently +RUN curl -L -o /usr/local/bin/kubectl \ + https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \ + && chmod +x /usr/local/bin/kubectl + +# Dependency requirements +# Note - removing snakebite (python 2 vs. 3). See: +# https://github.com/puckel/docker-airflow/issues/77 +COPY images/airflow/requirements.txt /tmp/ +RUN pip3 install -r /tmp/requirements.txt --no-cache-dir \ + && pip3 uninstall -y snakebite || true + +# Copy scripts used in the container: +COPY images/airflow/script/*.sh ${AIRFLOW_HOME}/ + +# Copy configuration (e.g. logging config for Airflow): +COPY images/airflow/config/*.py ${AIRFLOW_HOME}/config/ + +# Change permissions +RUN chown -R airflow:airflow ${AIRFLOW_HOME} + +# Setting the version explicitly for PBR +ENV PBR_VERSION 0.1a1 + +# Shipyard +# +# Shipyard provides core functionality used by the Airflow plugins/operators +# Since Shipyard and Airflow are built together as images, this should prevent +# stale or out-of-date code between these parts. +# Shipyard requirements, source and installation +COPY ${ctx_base}/shipyard_airflow/requirements.txt /tmp/api_requirements.txt +RUN pip3 install -r /tmp/api_requirements.txt --no-cache-dir + +COPY ${ctx_base}/shipyard_airflow /tmp/shipyard/ +RUN cd /tmp/shipyard \ + && python3 setup.py install + +# Note: The value for the dags and plugins directories that are sourced +# from the values.yaml of the Shipyard Helm chart need to align with these +# directories. If they do not, airflow will not find the intended dags and +# plugins. +# +# Note: In the case of building images using the provided Makefile, a test is +# run against the built-in dags provided with Airflow. Since there is no Helm +# chart to reconfigure the airflow.cfg with these directories, these dags and +# plugins are not known to Airflow during the image test. +# +# Copy the plugins and dags that will be used by this Airflow image: +COPY ${ctx_base}/shipyard_airflow/shipyard_airflow/plugins ${AIRFLOW_HOME}/plugins/ +COPY ${ctx_base}/shipyard_airflow/shipyard_airflow/dags ${AIRFLOW_HOME}/dags/ + +# Set work directory +USER airflow +WORKDIR ${AIRFLOW_HOME} + +# Execute entrypoint +ENTRYPOINT ["./entrypoint.sh"] diff --git a/images/airflow/Dockerfile b/images/airflow/Dockerfile.ubuntu_xenial similarity index 97% rename from images/airflow/Dockerfile rename to images/airflow/Dockerfile.ubuntu_xenial index 4656d3f3..985d7026 100644 --- a/images/airflow/Dockerfile +++ b/images/airflow/Dockerfile.ubuntu_xenial @@ -19,7 +19,7 @@ FROM ${FROM} LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' LABEL org.opencontainers.image.url='https://airshipit.org' LABEL org.opencontainers.image.documentation='https://airship-shipyard.readthedocs.org' -LABEL org.opencontainers.image.source='https://git.openstack.org/openstack/airship-shipyard' +LABEL org.opencontainers.image.source='https://opendev.org/airship/shipyard' LABEL org.opencontainers.image.vendor='The Airship Authors' LABEL org.opencontainers.image.licenses='Apache-2.0' diff --git a/images/shipyard/Dockerfile.opensuse_15 b/images/shipyard/Dockerfile.opensuse_15 new file mode 100644 index 00000000..b1255ccc --- /dev/null +++ b/images/shipyard/Dockerfile.opensuse_15 @@ -0,0 +1,103 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG FROM=opensuse/leap:15.0 +FROM ${FROM} + +LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' +LABEL org.opencontainers.image.url='https://airshipit.org' +LABEL org.opencontainers.image.documentation='https://airship-shipyard.readthedocs.org' +LABEL org.opencontainers.image.source='https://git.openstack.org/openstack/airship-shipyard' +LABEL org.opencontainers.image.vendor='The Airship Authors' +LABEL org.opencontainers.image.licenses='Apache-2.0' + +ENV container docker +ENV PORT 9000 +ENV LC_ALL C.UTF-8 +ENV LANG C.UTF-8 +# Setting the version explicitly for PBR +ENV PBR_VERSION 0.1a1 + +ARG ctx_base=src/bin + +# Expose port 9000 for application +EXPOSE $PORT + +RUN set -ex && \ + zypper --gpg-auto-import-keys refresh && \ + zypper -q update -y && \ + zypper --non-interactive install --no-recommends \ + ca-certificates \ + curl \ + netcfg \ + python3-devel \ + python3-setuptools \ + && zypper clean -a \ + && rm -rf \ + /tmp/* \ + /var/tmp/* \ + /usr/share/man \ + /usr/share/doc \ + /usr/share/doc-base + +# Create shipyard user +RUN useradd -ms /bin/bash shipyard \ + && mkdir -p /home/shipyard/shipyard \ + && mkdir -p /home/shipyard/shipyard_client + +# Copy entrypoint.sh to /home/shipyard +COPY ${ctx_base}/shipyard_airflow/entrypoint.sh /home/shipyard/entrypoint.sh +# Change permissions and set up directories +RUN chown -R shipyard: /home/shipyard \ + && chmod +x /home/shipyard/entrypoint.sh + +# Requirements and Shipyard source +COPY ${ctx_base}/shipyard_airflow/requirements.txt /home/shipyard/api_requirements.txt +COPY ${ctx_base}/shipyard_client/requirements.txt /home/shipyard/client_requirements.txt +COPY ${ctx_base}/shipyard_client /home/shipyard/shipyard_client/ +COPY ${ctx_base}/shipyard_airflow /home/shipyard/shipyard/ + +# Build + RUN set -ex \ + && buildDeps=' \ + gcc \ + git-core \ + libopenssl-devel \ + make \ + python3-pip \ + ' \ + && zypper -q update -y \ + && zypper --non-interactive install --no-recommends $buildDeps \ + && python3 -m pip install -U pip \ + && pip3 install -r /home/shipyard/client_requirements.txt --no-cache-dir \ + && cd /home/shipyard/shipyard_client \ + && python3 setup.py install \ + && pip3 install -r /home/shipyard/api_requirements.txt --no-cache-dir \ + && cd /home/shipyard/shipyard \ + && python3 setup.py install \ + && zypper remove -y --clean-deps $buildDeps \ + && zypper clean -a \ + && rm -rf \ + /tmp/* \ + /var/tmp/* \ + /var/log/* \ + /usr/share/man \ + /usr/share/doc \ + /usr/share/doc-base + +# Entrypoint +ENTRYPOINT ["/home/shipyard/entrypoint.sh"] +CMD ["server"] +# Set user to shipyard +USER shipyard diff --git a/images/shipyard/Dockerfile b/images/shipyard/Dockerfile.ubuntu_xenial similarity index 100% rename from images/shipyard/Dockerfile rename to images/shipyard/Dockerfile.ubuntu_xenial diff --git a/tools/gate/roles/build-images/tasks/airship-shipyard.yaml b/tools/gate/roles/build-images/tasks/airship-shipyard.yaml index 6a15e313..56656957 100644 --- a/tools/gate/roles/build-images/tasks/airship-shipyard.yaml +++ b/tools/gate/roles/build-images/tasks/airship-shipyard.yaml @@ -16,6 +16,8 @@ block: - debug: var: publish + - debug: + var: distro - debug: var: tags - debug: @@ -85,6 +87,7 @@ target: images params: IMAGE_TAG: "{{ item }}" + DISTRO: "{{ distro }}" with_items: "{{ image_tags.stdout_lines }}" - shell: "docker images" @@ -113,6 +116,7 @@ IMAGE_TAG: "{{ item }}" COMMIT: "{{ zuul.newrev | default('') }}" PUSH_IMAGE: "true" + DISTRO: "{{ distro }}" with_items: "{{ image_tags.stdout_lines }}" - shell: "docker images"