From 64ad4e2a977e04df86e1794eab77db352794a3e5 Mon Sep 17 00:00:00 2001 From: Jacques Grove Date: Tue, 21 Apr 2020 15:49:53 -0700 Subject: [PATCH 1/3] Create vitess/lite images based on Red Hat UBI 7 Signed-off-by: Jacques Grove --- Makefile | 16 +++++ docker/lite/Dockerfile.ubi7.mysql57 | 87 ++++++++++++++++++++++++++ docker/lite/Dockerfile.ubi7.mysql80 | 88 +++++++++++++++++++++++++++ docker/lite/Dockerfile.ubi7.percona57 | 78 ++++++++++++++++++++++++ docker/lite/Dockerfile.ubi7.percona80 | 83 +++++++++++++++++++++++++ 5 files changed, 352 insertions(+) create mode 100644 docker/lite/Dockerfile.ubi7.mysql57 create mode 100644 docker/lite/Dockerfile.ubi7.mysql80 create mode 100644 docker/lite/Dockerfile.ubi7.percona57 create mode 100644 docker/lite/Dockerfile.ubi7.percona80 diff --git a/Makefile b/Makefile index 887dc72b3ae..25c04f3c8d0 100644 --- a/Makefile +++ b/Makefile @@ -244,10 +244,18 @@ docker_lite_mysql57: chmod -R o=g * docker build -f docker/lite/Dockerfile.mysql57 -t vitess/lite:mysql57 . +docker_lite_ubi7.mysql57: + chmod -R o=g * + docker build -f docker/lite/Dockerfile.ubi7.mysql57 -t vitess/lite:ubi7.mysql57 . + docker_lite_mysql80: chmod -R o=g * docker build -f docker/lite/Dockerfile.mysql80 -t vitess/lite:mysql80 . +docker_lite_ubi7.mysql80: + chmod -R o=g * + docker build -f docker/lite/Dockerfile.ubi7.mysql80 -t vitess/lite:ubi7.mysql80 . + docker_lite_mariadb: chmod -R o=g * docker build -f docker/lite/Dockerfile.mariadb -t vitess/lite:mariadb . @@ -264,10 +272,18 @@ docker_lite_percona57: chmod -R o=g * docker build -f docker/lite/Dockerfile.percona57 -t vitess/lite:percona57 . +docker_lite_ubi7.percona57: + chmod -R o=g * + docker build -f docker/lite/Dockerfile.ubi7.percona57 -t vitess/lite:ubi7.percona57 . + docker_lite_percona80: chmod -R o=g * docker build -f docker/lite/Dockerfile.percona80 -t vitess/lite:percona80 . +docker_lite_ubi7.percona80: + chmod -R o=g * + docker build -f docker/lite/Dockerfile.ubi7.percona80 -t vitess/lite:ubi7.percona80 . + docker_lite_alpine: chmod -R o=g * docker build -f docker/lite/Dockerfile.alpine -t vitess/lite:alpine . diff --git a/docker/lite/Dockerfile.ubi7.mysql57 b/docker/lite/Dockerfile.ubi7.mysql57 new file mode 100644 index 00000000000..7a2f028f859 --- /dev/null +++ b/docker/lite/Dockerfile.ubi7.mysql57 @@ -0,0 +1,87 @@ +# Copyright 2019 The Vitess Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: We have to build the Vitess binaries from scratch instead of sharing +# a base image because Docker Hub dropped the feature we relied upon to +# ensure images contain the right binaries. + +# Use a temporary layer for the build stage. +FROM vitess/bootstrap:mysql57 AS builder + +# Allows some docker builds to disable CGO +ARG CGO_ENABLED=0 + +# Re-copy sources from working tree. +COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess + +# Build and install Vitess in a temporary output directory. +USER vitess +RUN make install PREFIX=/vt/install + +# Start over and build the final image. +FROM registry.access.redhat.com/ubi7/ubi:latest + +# Install keys and dependencies +RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \ + && yum install --setopt=alwaysprompt=no gnupg \ + && ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 \ + || gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 ) \ + && gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \ + && gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \ + && gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \ + && gpg --export --armor A4A9406876FCBD3C456770C88C718D3B5072E1F5 > ${GNUPGHOME}/RPM-GPG-KEY-MySQL \ + && rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 ${GNUPGHOME}/RPM-GPG-KEY-MySQL /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/mysqlrepo.rpm https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \ + && rpmkeys --checksig /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \ + && rpm -Uvh /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \ + && rm -f /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm +RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \ + && rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \ + && rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm +RUN yum update \ + && yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \ + jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \ +# Can't use alwaysprompt=no here, since we need to pick up deps +# No way to separate key imports and accept deps separately in yum/dnf + && yum install -y --setopt=tsflags=nodocs --enablerepo mysql57-community --disablerepo mysql80-community \ + mysql-community-client mysql-community-server \ +# Have to use hacks to ignore conflicts on /etc/my.cnf install + && mkdir -p /tmp/1 \ + && yum install --setopt=alwaysprompt=no --downloadonly --downloaddir=/tmp/1 --enablerepo mysql57-community --disablerepo mysql80-community percona-xtrabackup-24 \ + && rpm -Uvh --replacefiles /tmp/1/*rpm \ + && rm -rf /tmp/1 \ + && yum clean all \ + && yum clean all --enablerepo mysql57-community --disablerepo mysql80-community \ + && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug + +# Set up Vitess user and directory tree. +RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt + +# Set up Vitess environment (just enough to run pre-built Go binaries) +ENV VTROOT /vt/src/vitess.io/vitess +ENV VTDATAROOT /vt/vtdataroot +ENV PATH $VTROOT/bin:$PATH + +# Copy artifacts from builder layer. +COPY --from=builder --chown=vitess:vitess /vt/install /vt + +# Create mount point for actual data (e.g. MySQL data dir) +VOLUME /vt/vtdataroot +USER vitess diff --git a/docker/lite/Dockerfile.ubi7.mysql80 b/docker/lite/Dockerfile.ubi7.mysql80 new file mode 100644 index 00000000000..74d4d954a8a --- /dev/null +++ b/docker/lite/Dockerfile.ubi7.mysql80 @@ -0,0 +1,88 @@ +# Copyright 2019 The Vitess Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: We have to build the Vitess binaries from scratch instead of sharing +# a base image because Docker Hub dropped the feature we relied upon to +# ensure images contain the right binaries. + +# Use a temporary layer for the build stage. +FROM vitess/bootstrap:mysql80 AS builder + +# Allows some docker builds to disable CGO +ARG CGO_ENABLED=0 + +# Re-copy sources from working tree. +COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess + +# Build and install Vitess in a temporary output directory. +USER vitess +RUN make install PREFIX=/vt/install + +# Start over and build the final image. +FROM registry.access.redhat.com/ubi7/ubi:latest + +# Install keys and dependencies +RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \ + && yum install --setopt=alwaysprompt=no gnupg \ + && ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 \ + || gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 ) \ + && gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \ + && gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \ + && gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \ + && gpg --export --armor A4A9406876FCBD3C456770C88C718D3B5072E1F5 > ${GNUPGHOME}/RPM-GPG-KEY-MySQL \ + && rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 ${GNUPGHOME}/RPM-GPG-KEY-MySQL /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/mysqlrepo.rpm https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \ + && rpmkeys --checksig /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \ + && rpm -Uvh /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \ + && rm -f /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm +RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \ + && rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \ + && rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm +RUN yum update \ + && yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \ + jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \ +# Can't use alwaysprompt=no here, since we need to pick up deps +# No way to separate key imports and accept deps separately in yum/dnf + && yum install -y --setopt=tsflags=nodocs --enablerepo mysql80-community --disablerepo mysql57-community \ + mysql-community-client mysql-community-server \ +# Have to use hacks to ignore conflicts on /etc/my.cnf install + && mkdir -p /tmp/1 \ + && yum install --setopt=alwaysprompt=no --downloadonly --downloaddir=/tmp/1 --enablerepo mysql80-community --disablerepo mysql57-community percona-xtrabackup-80 \ + && rpm -Uvh --replacefiles /tmp/1/*rpm \ + && rm -rf /tmp/1 \ + && yum clean all \ + && yum clean all --enablerepo mysql80-community --disablerepo mysql57-community \ + && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug + +# Set up Vitess user and directory tree. +RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt + +# Set up Vitess environment (just enough to run pre-built Go binaries) +ENV VTROOT /vt/src/vitess.io/vitess +ENV VTDATAROOT /vt/vtdataroot +ENV PATH $VTROOT/bin:$PATH +ENV MYSQL_FLAVOR MySQL80 + +# Copy artifacts from builder layer. +COPY --from=builder --chown=vitess:vitess /vt/install /vt + +# Create mount point for actual data (e.g. MySQL data dir) +VOLUME /vt/vtdataroot +USER vitess diff --git a/docker/lite/Dockerfile.ubi7.percona57 b/docker/lite/Dockerfile.ubi7.percona57 new file mode 100644 index 00000000000..d95a1b78def --- /dev/null +++ b/docker/lite/Dockerfile.ubi7.percona57 @@ -0,0 +1,78 @@ +# Copyright 2019 The Vitess Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: We have to build the Vitess binaries from scratch instead of sharing +# a base image because Docker Hub dropped the feature we relied upon to +# ensure images contain the right binaries. + +# Use a temporary layer for the build stage. +FROM vitess/bootstrap:percona57 AS builder + +# Allows some docker builds to disable CGO +ARG CGO_ENABLED=0 + +# Re-copy sources from working tree. +COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess + +# Build and install Vitess in a temporary output directory. +USER vitess +RUN make install PREFIX=/vt/install + +# Start over and build the final image. +FROM registry.access.redhat.com/ubi7/ubi:latest + +# Install keys and dependencies +RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \ + && yum install --setopt=alwaysprompt=no gnupg \ + && ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 \ + || gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 ) \ + && gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \ + && gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \ + && gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \ + && rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \ + && rpmkeys --checksig /tmp/perconarepo.rpm \ + && rpm -Uvh /tmp/perconarepo.rpm \ + && rm -f /tmp/perconarepo.rpm +RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \ + && rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \ + && rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm +RUN yum update \ + && yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \ + jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \ +# Can't use alwaysprompt=no here, since we need to pick up deps +# No way to separate key imports and accept deps separately in yum/dnf + && yum install -y --setopt=tsflags=nodocs Percona-Server-server-57 percona-xtrabackup-24 \ + && yum clean all \ + && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug + +# Set up Vitess user and directory tree. +RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt + +# Set up Vitess environment (just enough to run pre-built Go binaries) +ENV VTROOT /vt/src/vitess.io/vitess +ENV VTDATAROOT /vt/vtdataroot +ENV PATH $VTROOT/bin:$PATH + +# Copy artifacts from builder layer. +COPY --from=builder --chown=vitess:vitess /vt/install /vt + +# Create mount point for actual data (e.g. MySQL data dir) +VOLUME /vt/vtdataroot +USER vitess diff --git a/docker/lite/Dockerfile.ubi7.percona80 b/docker/lite/Dockerfile.ubi7.percona80 new file mode 100644 index 00000000000..74358b5d7ac --- /dev/null +++ b/docker/lite/Dockerfile.ubi7.percona80 @@ -0,0 +1,83 @@ +# Copyright 2019 The Vitess Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: We have to build the Vitess binaries from scratch instead of sharing +# a base image because Docker Hub dropped the feature we relied upon to +# ensure images contain the right binaries. + +# Use a temporary layer for the build stage. +FROM vitess/bootstrap:percona80 AS builder + +# Allows some docker builds to disable CGO +ARG CGO_ENABLED=0 + +# Re-copy sources from working tree. +COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess + +# Build and install Vitess in a temporary output directory. +USER vitess +RUN make install PREFIX=/vt/install + +# Start over and build the final image. +FROM registry.access.redhat.com/ubi7/ubi:latest + +# Install keys and dependencies +RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \ + && yum install --setopt=alwaysprompt=no gnupg \ + && ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 \ + || gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 ) \ + && gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \ + && gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \ + && gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \ + && rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \ + && rpmkeys --checksig /tmp/perconarepo.rpm \ + && rpm -Uvh /tmp/perconarepo.rpm \ + && rm -f /tmp/perconarepo.rpm +RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \ + && curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \ + && rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \ + && rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm +RUN yum update \ + && yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \ + jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \ + && percona-release setup ps80 \ +# Without this pause, the subsequent yum install fails downloads +# regularly + && sleep 5 \ +# Can't use alwaysprompt=no here, since we need to pick up deps +# No way to separate key imports and accept deps separately in yum/dnf + && yum install -y --setopt=tsflags=nodocs percona-server-server percona-xtrabackup-80 \ + && yum clean all \ + && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug + +# Set up Vitess user and directory tree. +RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt + +# Set up Vitess environment (just enough to run pre-built Go binaries) +ENV VTROOT /vt/src/vitess.io/vitess +ENV VTDATAROOT /vt/vtdataroot +ENV PATH $VTROOT/bin:$PATH +ENV MYSQL_FLAVOR MySQL80 + +# Copy artifacts from builder layer. +COPY --from=builder --chown=vitess:vitess /vt/install /vt + +# Create mount point for actual data (e.g. MySQL data dir) +VOLUME /vt/vtdataroot +USER vitess From 8542b2ddd343fe93bd2f94efe57ce774edc4fd72 Mon Sep 17 00:00:00 2001 From: Jacques Grove Date: Tue, 21 Apr 2020 16:23:40 -0700 Subject: [PATCH 2/3] Regularize the UID/GID to 1001, i.e. >= 1000, as per RH recommendations. Signed-off-by: Jacques Grove --- docker/lite/Dockerfile.ubi7.mysql57 | 2 +- docker/lite/Dockerfile.ubi7.mysql80 | 2 +- docker/lite/Dockerfile.ubi7.percona57 | 2 +- docker/lite/Dockerfile.ubi7.percona80 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/lite/Dockerfile.ubi7.mysql57 b/docker/lite/Dockerfile.ubi7.mysql57 index 7a2f028f859..7a1cf3d3f9c 100644 --- a/docker/lite/Dockerfile.ubi7.mysql57 +++ b/docker/lite/Dockerfile.ubi7.mysql57 @@ -71,7 +71,7 @@ RUN yum update \ && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug # Set up Vitess user and directory tree. -RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt # Set up Vitess environment (just enough to run pre-built Go binaries) diff --git a/docker/lite/Dockerfile.ubi7.mysql80 b/docker/lite/Dockerfile.ubi7.mysql80 index 74d4d954a8a..77951699d19 100644 --- a/docker/lite/Dockerfile.ubi7.mysql80 +++ b/docker/lite/Dockerfile.ubi7.mysql80 @@ -71,7 +71,7 @@ RUN yum update \ && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug # Set up Vitess user and directory tree. -RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt # Set up Vitess environment (just enough to run pre-built Go binaries) diff --git a/docker/lite/Dockerfile.ubi7.percona57 b/docker/lite/Dockerfile.ubi7.percona57 index d95a1b78def..f7cdc9effaf 100644 --- a/docker/lite/Dockerfile.ubi7.percona57 +++ b/docker/lite/Dockerfile.ubi7.percona57 @@ -62,7 +62,7 @@ RUN yum update \ && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug # Set up Vitess user and directory tree. -RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt # Set up Vitess environment (just enough to run pre-built Go binaries) diff --git a/docker/lite/Dockerfile.ubi7.percona80 b/docker/lite/Dockerfile.ubi7.percona80 index 74358b5d7ac..24f853f8f4e 100644 --- a/docker/lite/Dockerfile.ubi7.percona80 +++ b/docker/lite/Dockerfile.ubi7.percona80 @@ -66,7 +66,7 @@ RUN yum update \ && rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug # Set up Vitess user and directory tree. -RUN groupadd -r vitess && useradd -r -g vitess vitess +RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt # Set up Vitess environment (just enough to run pre-built Go binaries) From 14c2f08c404b05ab8c0200f0d59d23c20d92c66c Mon Sep 17 00:00:00 2001 From: Jacques Grove Date: Sat, 25 Apr 2020 12:10:02 -0700 Subject: [PATCH 3/3] Add licenses and labeling to the UBI images to conform to the RH container catalog requirements. Signed-off-by: Jacques Grove --- docker/lite/Dockerfile.ubi7.mysql57 | 15 +++++++++++++++ docker/lite/Dockerfile.ubi7.mysql80 | 15 +++++++++++++++ docker/lite/Dockerfile.ubi7.percona57 | 15 +++++++++++++++ docker/lite/Dockerfile.ubi7.percona80 | 15 +++++++++++++++ 4 files changed, 60 insertions(+) diff --git a/docker/lite/Dockerfile.ubi7.mysql57 b/docker/lite/Dockerfile.ubi7.mysql57 index 7a1cf3d3f9c..d4dbe1df4f1 100644 --- a/docker/lite/Dockerfile.ubi7.mysql57 +++ b/docker/lite/Dockerfile.ubi7.mysql57 @@ -82,6 +82,21 @@ ENV PATH $VTROOT/bin:$PATH # Copy artifacts from builder layer. COPY --from=builder --chown=vitess:vitess /vt/install /vt +RUN mkdir -p /licenses +COPY LICENSE /licenses + # Create mount point for actual data (e.g. MySQL data dir) VOLUME /vt/vtdataroot USER vitess + +LABEL name="Vitess Lite image - MySQL Community Server 5.7" \ + io.k8s.display-name="Vitess Lite image - MySQL Community Server 5.7" \ + maintainer="cncf-vitess-maintainers@lists.cncf.io" \ + vendor="CNCF" \ + version="6.0.0" \ + release="1" \ + summary="Vitess base container image, containing Vitess components along with MySQL Community Server 5.7" \ + description="Vitess base container image, containing Vitess components along with MySQL Community Server 5.7" \ + io.k8s.description="Vitess base container image, containing Vitess components along with MySQL Community Server 5.7" \ + distribution-scope="public" \ + url="https://vitess.io" diff --git a/docker/lite/Dockerfile.ubi7.mysql80 b/docker/lite/Dockerfile.ubi7.mysql80 index 77951699d19..9da03ca65a6 100644 --- a/docker/lite/Dockerfile.ubi7.mysql80 +++ b/docker/lite/Dockerfile.ubi7.mysql80 @@ -83,6 +83,21 @@ ENV MYSQL_FLAVOR MySQL80 # Copy artifacts from builder layer. COPY --from=builder --chown=vitess:vitess /vt/install /vt +RUN mkdir -p /licenses +COPY LICENSE /licenses + # Create mount point for actual data (e.g. MySQL data dir) VOLUME /vt/vtdataroot USER vitess + +LABEL name="Vitess Lite image - MySQL Community Server 8.0" \ + io.k8s.display-name="Vitess Lite image - MySQL Community Server 8.0" \ + maintainer="cncf-vitess-maintainers@lists.cncf.io" \ + vendor="CNCF" \ + version="6.0.0" \ + release="1" \ + summary="Vitess base container image, containing Vitess components along with MySQL Community Server 8.0" \ + description="Vitess base container image, containing Vitess components along with MySQL Community Server 8.0" \ + io.k8s.description="Vitess base container image, containing Vitess components along with MySQL Community Server 8.0" \ + distribution-scope="public" \ + url="https://vitess.io" diff --git a/docker/lite/Dockerfile.ubi7.percona57 b/docker/lite/Dockerfile.ubi7.percona57 index f7cdc9effaf..c05e8150cfc 100644 --- a/docker/lite/Dockerfile.ubi7.percona57 +++ b/docker/lite/Dockerfile.ubi7.percona57 @@ -73,6 +73,21 @@ ENV PATH $VTROOT/bin:$PATH # Copy artifacts from builder layer. COPY --from=builder --chown=vitess:vitess /vt/install /vt +RUN mkdir -p /licenses +COPY LICENSE /licenses + # Create mount point for actual data (e.g. MySQL data dir) VOLUME /vt/vtdataroot USER vitess + +LABEL name="Vitess Lite image - Percona Server 5.7" \ + io.k8s.display-name="Vitess Lite image - Percona Server 5.7" \ + maintainer="cncf-vitess-maintainers@lists.cncf.io" \ + vendor="CNCF" \ + version="6.0.0" \ + release="1" \ + summary="Vitess base container image, containing Vitess components along with Percona Server 5.7" \ + description="Vitess base container image, containing Vitess components along with Percona Server 5.7" \ + io.k8s.description="Vitess base container image, containing Vitess components along with Percona Server 5.7" \ + distribution-scope="public" \ + url="https://vitess.io" diff --git a/docker/lite/Dockerfile.ubi7.percona80 b/docker/lite/Dockerfile.ubi7.percona80 index 24f853f8f4e..828b0a79db6 100644 --- a/docker/lite/Dockerfile.ubi7.percona80 +++ b/docker/lite/Dockerfile.ubi7.percona80 @@ -78,6 +78,21 @@ ENV MYSQL_FLAVOR MySQL80 # Copy artifacts from builder layer. COPY --from=builder --chown=vitess:vitess /vt/install /vt +RUN mkdir -p /licenses +COPY LICENSE /licenses + # Create mount point for actual data (e.g. MySQL data dir) VOLUME /vt/vtdataroot USER vitess + +LABEL name="Vitess Lite image - Percona Server 8.0" \ + io.k8s.display-name="Vitess Lite image - Percona Server 8.0" \ + maintainer="cncf-vitess-maintainers@lists.cncf.io" \ + vendor="CNCF" \ + version="6.0.0" \ + release="1" \ + summary="Vitess base container image, containing Vitess components along with Percona Server 8.0" \ + description="Vitess base container image, containing Vitess components along with Percona Server 8.0" \ + io.k8s.description="Vitess base container image, containing Vitess components along with Percona Server 8.0" \ + distribution-scope="public" \ + url="https://vitess.io"