From 37357cebfa26a9f47d1a7ca17a431040a37b4957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Sun, 10 Nov 2024 01:29:00 +0100 Subject: [PATCH] Update Dockerfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update Dockerfile, add basic labels and speed-up the build process: - use curl instead of git for repository download - use build-time bash shell with '-exo pipefail' for error catching - add proper labeling of resulting image - further improve image size by reducing layers number using one RUN command. - other minor improvements Signed-off-by: Miłosz Linkiewicz --- Dockerfile | 51 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 54ff66876..d7f1f5b18 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -ARG BASE_IMAGE=quay.io/centos/centos:stream9 +# syntax=docker/dockerfile:1 + +ARG BASE_IMAGE=quay.io/centos/centos:stream9@sha256:e5fdd83894773a25f22fbdf0b5253c63677d0cbaf8d3a8366b165a3ef5902964 ## Build iPXE w/ IPv6 Support ## Note: we are pinning to a specific commit for reproducible builds. @@ -7,25 +9,33 @@ ARG BASE_IMAGE=quay.io/centos/centos:stream9 FROM $BASE_IMAGE AS ironic-builder ARG IPXE_COMMIT_HASH=119c415ee47aaef2717104fea493377aa9a65874 +ARG MAKEFLAGS="-j100" -RUN dnf install -y gcc git make xz-devel +SHELL ["/bin/bash", "-ex", "-o", "pipefail", "-c"] +RUN dnf install -y gcc make xz-devel -WORKDIR /tmp +WORKDIR /tmp/ipxe/src -RUN git clone https://github.com/ipxe/ipxe.git && \ - cd ipxe && \ - git reset --hard $IPXE_COMMIT_HASH && \ - cd src && \ - ARCH=$(uname -m | sed 's/aarch/arm/') && \ - # NOTE(elfosardo): warning should not be treated as errors by default - NO_WERROR=1 make bin/undionly.kpxe "bin-$ARCH-efi/snponly.efi" +RUN curl -Lf https://github.com/ipxe/ipxe/archive/${IPXE_COMMIT_HASH}.tar.gz | \ + tar -zx --strip-components=1 -C /tmp/ipxe && \ + ARCH=$(uname -m | sed 's/aarch/arm/') && \ + # NOTE(elfosardo): warning should not be treated as errors by default + NO_WERROR=1 make bin/undionly.kpxe "bin-$ARCH-efi/snponly.efi" COPY prepare-efi.sh /bin/ RUN prepare-efi.sh centos FROM $BASE_IMAGE -ENV PKGS_LIST=main-packages-list.txt +LABEL org.opencontainers.image.url="https://github.com/metal3-io/ironic-image" +LABEL org.opencontainers.image.title="Metal3 Ironic Container" +LABEL org.opencontainers.image.description="Container image to run OpenStack Ironic as part of Metal³" +LABEL org.opencontainers.image.documentation="https://github.com/metal3-io/ironic-image/blob/main/README.md" +LABEL org.opencontainers.image.version="v26.0.1" +LABEL org.opencontainers.image.vendor="Metal3-io" +LABEL org.opencontainers.image.licenses="Apache License 2.0" + +ARG PKGS_LIST=main-packages-list.txt ARG EXTRA_PKGS_LIST ARG PATCH_LIST @@ -40,9 +50,6 @@ COPY sources /sources/ COPY ${UPPER_CONSTRAINTS_FILE} ironic-packages-list ${PKGS_LIST} ${EXTRA_PKGS_LIST:-$PKGS_LIST} ${PATCH_LIST:-$PKGS_LIST} /tmp/ COPY prepare-image.sh patch-image.sh configure-nonroot.sh /bin/ -RUN prepare-image.sh && \ - rm -f /bin/prepare-image.sh - COPY scripts/ /bin/ # IRONIC # @@ -61,11 +68,17 @@ COPY ironic-config/httpd-modules.conf /etc/httpd/conf.modules.d/ COPY ironic-config/apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2 COPY ironic-config/apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2 +SHELL ["/bin/bash", "-ex", "-o", "pipefail", "-c"] +WORKDIR /var/lib/ironic +RUN prepare-image.sh && \ # DATABASE -RUN mkdir -p /var/lib/ironic && \ sqlite3 /var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \ - dnf remove -y sqlite - # configure non-root user and set relevant permissions -RUN configure-nonroot.sh && \ - rm -f /bin/configure-nonroot.sh + configure-nonroot.sh && \ + dnf remove -y sqlite && \ + dnf clean all && \ + rm -rf /bin/configure-nonroot.sh /bin/prepare-image.sh /var/cache/{yum,dnf}/* + +USER ironic +WORKDIR / +ENTRYPOINT ["/bin/bash"]