From bdffeea8e904613ee39f771ec5f69c5e3f2b3fc7 Mon Sep 17 00:00:00 2001 From: Nathan Klick Date: Tue, 27 Jun 2023 22:45:37 -0500 Subject: [PATCH] feat: relocates the docker image definition and adds the ubi8-init-java17 image Signed-off-by: Nathan Klick --- .../flow-deploy-release-artifact.yaml | 17 ++- Dockerfile | 89 ------------- docker/ubi8-init-dind/Dockerfile | 48 +++++++ docker/ubi8-init-java17/Dockerfile | 118 ++++++++++++++++++ docker/ubi8-init-java17/entrypoint.sh | 48 +++++++ docker/ubi8-init-java17/network-node.service | 18 +++ 6 files changed, 246 insertions(+), 92 deletions(-) delete mode 100644 Dockerfile create mode 100644 docker/ubi8-init-dind/Dockerfile create mode 100644 docker/ubi8-init-java17/Dockerfile create mode 100755 docker/ubi8-init-java17/entrypoint.sh create mode 100644 docker/ubi8-init-java17/network-node.service diff --git a/.github/workflows/flow-deploy-release-artifact.yaml b/.github/workflows/flow-deploy-release-artifact.yaml index 856553a8e..7e4fec93d 100644 --- a/.github/workflows/flow-deploy-release-artifact.yaml +++ b/.github/workflows/flow-deploy-release-artifact.yaml @@ -82,7 +82,7 @@ jobs: - prepare-tag-release steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v2 @@ -97,11 +97,22 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build and push images - uses: docker/build-push-action@v2 + - name: Build Docker Image (ubi8-init-dind) + uses: docker/build-push-action@v4 with: + context: docker/ubi8-init-dind cache-from: type=gha cache-to: type=gha,mode=max platforms: linux/amd64, linux/arm64 push: true tags: ${{ env.REGISTRY }}/${{ github.repository }}/ubi8-init-dind:${{needs.prepare-tag-release.outputs.version}} + + - name: Build Docker Image (ubi8-init-java17) + uses: docker/build-push-action@v4 + with: + context: docker/ubi8-init-java17 + cache-from: type=gha + cache-to: type=gha,mode=max + platforms: linux/amd64, linux/arm64 + push: true + tags: ${{ env.REGISTRY }}/${{ github.repository }}/ubi8-init-java17:${{needs.prepare-tag-release.outputs.version}} diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 3a68a3ec9..000000000 --- a/Dockerfile +++ /dev/null @@ -1,89 +0,0 @@ -# -# Copyright (C) 2023 Hedera Hashgraph, LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FROM registry.access.redhat.com/ubi8/ubi-init:latest -ENV COMPOSE_VERSION 2.16.0 -ENV GO_VERSION 1.20.2 - -RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ - /usr/bin/crb enable && \ - dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo && \ - dnf -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-buildx-plugin && \ - dnf -y install md5deep jq zip unzip rsync gettext && \ - dnf -y install make gcc gcc-c++ openssl - -RUN dnf -y install sudo && \ - echo >> /etc/sudoers && \ - echo "%hedera ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers - -RUN set -eux; \ - ARCH="$(uname -m)"; \ - case "${ARCH}" in \ - aarch64|arm64) \ - ESUM='78d632915bb75e9a6356a47a42625fd1a785c83a64a643fedd8f61e31b1b3bef'; \ - BINARY_URL='https://go.dev/dl/go1.20.2.linux-arm64.tar.gz'; \ - ;; \ - armhf|arm) \ - ESUM='d79d56bafd6b52b8d8cbe3f8e967caaac5383a23d7a4fa9ac0e89778cd16a076'; \ - BINARY_URL='https://go.dev/dl/go1.20.2.linux-armv6l.tar.gz'; \ - ;; \ - ppc64el|powerpc:common64) \ - ESUM='850564ddb760cb703db63bf20182dc4407abd2ff090a95fa66d6634d172fd095'; \ - BINARY_URL='https://go.dev/dl/go1.20.2.linux-ppc64le.tar.gz'; \ - ;; \ - s390x|s390:64-bit) \ - ESUM='8da24c5c4205fe8115f594237e5db7bcb1d23df67bc1fa9a999954b1976896e8'; \ - BINARY_URL='https://go.dev/dl/go1.20.2.linux-s390x.tar.gz'; \ - ;; \ - amd64|i386:x86-64|x86_64) \ - ESUM='4eaea32f59cde4dc635fbc42161031d13e1c780b87097f4b4234cfce671f1768'; \ - BINARY_URL='https://go.dev/dl/go1.20.2.linux-amd64.tar.gz'; \ - ;; \ - *) \ - echo "Unsupported arch: ${ARCH}"; \ - exit 1; \ - ;; \ - esac; \ - curl -LfsSo /tmp/golang.tar.gz ${BINARY_URL}; \ - echo "${ESUM} */tmp/golang.tar.gz" | sha256sum -c -; \ - mkdir -p /usr/local/go; \ - tar -C /usr/local/go -xzf /tmp/golang.tar.gz --strip-components=1; \ - rm /tmp/golang.tar.gz; \ - echo "export PATH=\"/usr/local/go/bin:\$PATH\"" >> /etc/profile.d/golang.sh; \ - echo "export CGO_ENABLED=1" >> /etc/profile.d/golang.sh; \ - echo "export PATH=\"\$HOME/go/bin:\$PATH\"" >> /etc/profile.d/golang.sh; - -RUN systemctl enable docker && \ - systemctl enable containerd - -# Install Docker Compose -RUN curl -SLo /usr/bin/docker-compose "https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m)" && \ - chmod +x /usr/bin/docker-compose - -# Configure the standard user account -RUN groupadd --gid 2000 hedera && \ - useradd --no-user-group --create-home --uid 2000 --gid 2000 --shell /bin/bash hedera && \ - usermod -aG docker hedera && \ - mkdir -p /opt/hgcapp && \ - chown -R hedera:hedera /opt/hgcapp - -RUN touch /var/run/docker.sock && \ - chown root:docker /var/run/docker.sock - -VOLUME "/staging" - -# Set Final Working Directory and User -WORKDIR "/opt/hgcapp" diff --git a/docker/ubi8-init-dind/Dockerfile b/docker/ubi8-init-dind/Dockerfile new file mode 100644 index 000000000..b4f62b560 --- /dev/null +++ b/docker/ubi8-init-dind/Dockerfile @@ -0,0 +1,48 @@ +# +# Copyright (C) 2023 Hedera Hashgraph, LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM registry.access.redhat.com/ubi8/ubi-init:latest +ENV COMPOSE_VERSION 2.19.0 + +RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ + /usr/bin/crb enable && \ + dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo && \ + dnf -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-buildx-plugin && \ + dnf -y install md5deep jq zip unzip rsync gettext + +RUN dnf -y install sudo && \ + echo >> /etc/sudoers && \ + echo "%hedera ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers + +RUN systemctl enable docker && \ + systemctl enable containerd + +# Install Docker Compose +RUN curl -SLo /usr/bin/docker-compose "https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m)" && \ + chmod +x /usr/bin/docker-compose + +# Configure the standard user account +RUN groupadd --gid 2000 hedera && \ + useradd --no-user-group --create-home --uid 2000 --gid 2000 --shell /bin/bash hedera && \ + usermod -aG docker hedera && \ + mkdir -p /opt/hgcapp && \ + chown -R hedera:hedera /opt/hgcapp + +RUN touch /var/run/docker.sock && \ + chown root:docker /var/run/docker.sock + +# Set Final Working Directory and User +WORKDIR "/opt/hgcapp" diff --git a/docker/ubi8-init-java17/Dockerfile b/docker/ubi8-init-java17/Dockerfile new file mode 100644 index 000000000..8c0faa465 --- /dev/null +++ b/docker/ubi8-init-java17/Dockerfile @@ -0,0 +1,118 @@ +# +# Copyright (C) 2023 Hedera Hashgraph, LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM registry.access.redhat.com/ubi8/ubi-init:latest +# Define Standard Environment Variables +ENV LC_ALL=C.UTF-8 +ENV COMPOSE_VERSION 2.19.0 + +# Define JDK Environment Variables +ENV JAVA_VERSION jdk-17.0.7+7 +ENV JAVA_HOME /opt/java/openjdk +ENV PATH $JAVA_HOME/bin:$PATH + +# Define Application Environment Variables +ENV JAVA_HEAP_MIN="" +ENV JAVA_HEAP_MAX="" +ENV JAVA_OPTS="" + +RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ + /usr/bin/crb enable && \ + dnf -y install binutils libsodium openssl zlib readline tzdata gzip tar ca-certificates curl && \ + dnf clean all + +# Install Java 17 Adoptium JDK +RUN set -eux; \ + ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ + case "${ARCH}" in \ + aarch64|arm64) \ + ESUM='0084272404b89442871e0a1f112779844090532978ad4d4191b8d03fc6adfade'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.7_7.tar.gz'; \ + ;; \ + ppc64el|powerpc:common64) \ + ESUM='8f4366ff1eddb548b1744cd82a1a56ceee60abebbcbad446bfb3ead7ac0f0f85'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.7_7.tar.gz'; \ + ;; \ + s390x|s390:64-bit) \ + ESUM='2d75540ae922d0c4162729267a8c741e2414881a468fd2ce4140b4069ba47ca9'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_s390x_linux_hotspot_17.0.7_7.tar.gz'; \ + ;; \ + amd64|i386:x86-64) \ + ESUM='e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz'; \ + ;; \ + *) \ + echo "Unsupported arch: ${ARCH}"; \ + exit 1; \ + ;; \ + esac; \ + curl -sSLo /tmp/openjdk.tar.gz ${BINARY_URL}; \ + echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ + mkdir -p "$JAVA_HOME"; \ + tar --extract \ + --file /tmp/openjdk.tar.gz \ + --directory "$JAVA_HOME" \ + --strip-components 1 \ + --no-same-owner \ + ; \ + rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; + +RUN dnf -y install sudo && \ + echo >> /etc/sudoers && \ + echo "%hedera ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers + +# Configure the standard user account +RUN groupadd --gid 2000 hedera && \ + useradd --no-user-group --create-home --uid 2000 --gid 2000 --shell /bin/bash hedera && \ + mkdir -p /opt/hgcapp && \ + chown -R hedera:hedera /opt/hgcapp + +# Create Application Folders +RUN mkdir -p "/opt/hgcapp" && \ + mkdir -p "/opt/hgcapp/accountBalances" && \ + mkdir -p "/opt/hgcapp/eventsStreams" && \ + mkdir -p "/opt/hgcapp/recordStreams" && \ + mkdir -p "/opt/hgcapp/services-hedera" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/apps" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/config" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/keys" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/lib" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/stats" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/saved" && \ + mkdir -p "/opt/hgcapp/services-hedera/HapiApp2.0/data/upgrade" + +# Add the entrypoint script and systemd service file +ADD entrypoint.sh /opt/hgcapp/services-hedera/HapiApp2.0/ +ADD network-node.service /usr/lib/systemd/system/ + +# Ensure proper file permissions +RUN chmod -R +x /opt/hgcapp/services-hedera/HapiApp2.0/entrypoint.sh && \ + chown -R 2000:2000 /opt/hgcapp/services-hedera/HapiApp2.0 + +RUN mkdir /etc/network-node && \ + touch /etc/network-node/application.env && \ + echo "JAVA_HOME=\"${JAVA_HOME}\"" >> /etc/network-node/java.env && \ + echo "PATH=\"${PATH}\"" >> /etc/network-node/java.env && \ + chown -R 2000:2000 /etc/network-node + + +# Expose TCP/UDP Port Definitions +EXPOSE 50111/tcp 50211/tcp 50212/tcp + +# Set Final Working Directory and User +WORKDIR "/opt/hgcapp" diff --git a/docker/ubi8-init-java17/entrypoint.sh b/docker/ubi8-init-java17/entrypoint.sh new file mode 100755 index 000000000..e1ea286bf --- /dev/null +++ b/docker/ubi8-init-java17/entrypoint.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +######################################################################################################################## +# Copyright 2016-2022 Hedera Hashgraph, LLC # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +######################################################################################################################## + +set -eo pipefail + +SCRIPT_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +cd "${SCRIPT_PATH}" || exit 64 + +if [[ -z "${JAVA_OPTS}" ]]; then + JAVA_OPTS="" +fi + +JAVA_HEAP_OPTS="" + +if [[ -n "${JAVA_HEAP_MIN}" ]]; then + JAVA_HEAP_OPTS="${JAVA_HEAP_OPTS} -Xms${JAVA_HEAP_MIN}" +fi + +if [[ -n "${JAVA_HEAP_MAX}" ]]; then + JAVA_HEAP_OPTS="${JAVA_HEAP_OPTS} -Xmx${JAVA_HEAP_MAX}" +fi + +if [[ ! -d "${SCRIPT_PATH}/output" ]]; then + mkdir -p "${SCRIPT_PATH}/output" +fi + +echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> BEGIN USER IDENT >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" +id +echo "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< END USER IDENT <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" +echo +set -x +/usr/bin/env java ${JAVA_HEAP_OPTS} ${JAVA_OPTS} -cp "data/lib/*" com.swirlds.platform.Browser +printf "java exit code %s" "${?}\n" diff --git a/docker/ubi8-init-java17/network-node.service b/docker/ubi8-init-java17/network-node.service new file mode 100644 index 000000000..ec0312b42 --- /dev/null +++ b/docker/ubi8-init-java17/network-node.service @@ -0,0 +1,18 @@ +[Unit] +Description=Hedera Network Node +After=network.target + +[Service] +Type=simple +Restart=no +User=hedera +Group=hedera + +EnvironmentFile=/etc/network-node/java.env +EnvironmentFile=/etc/network-node/application.env + +WorkingDirectory=/opt/hgcapp/services-hedera/HapiApp2.0 +ExecStart=/usr/bin/bash /opt/hgcapp/services-hedera/HapiApp2.0/entrypoint.sh + +[Install] +WantedBy=multi-user.target