-
Notifications
You must be signed in to change notification settings - Fork 76
/
Copy pathDockerfile.controller
106 lines (79 loc) · 4.4 KB
/
Dockerfile.controller
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
ARG BUILDER=registry.access.redhat.com/ubi8/ubi
FROM $BUILDER as builder
ENV LINSTOR_VERSION 1.30.2
ENV LINSTOR_TGZNAME linstor-server
ENV LINSTOR_TGZ ${LINSTOR_TGZNAME}-${LINSTOR_VERSION}.tar.gz
USER root
RUN echo "skip_missing_names_on_install=no" >> /etc/yum.conf
RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical # !lbbuild
RUN groupadd makepkg # !lbbuild
RUN useradd -m -g makepkg makepkg # !lbbuild
RUN yum install -y sudo # !lbbuild
RUN usermod -a -G wheel makepkg # !lbbuild
RUN yum install -y rpm-build wget unzip which make git java-1.11.0-openjdk-devel python2 && yum clean all -y # !lbbuild
# one can not comment COPY
RUN cd /tmp && wget https://pkg.linbit.com/downloads/linstor/$LINSTOR_TGZ # !lbbuild
# =lbbuild COPY /${LINSTOR_TGZ} /tmp/
# =lbbuild COPY /pkgcache/* /tmp/pkgcache/
# link gradle to gradle-wrapper
RUN ln -s /home/makepkg/${LINSTOR_TGZNAME}-${LINSTOR_VERSION}/gradlew /usr/local/bin/gradle # !lbbuild
USER makepkg
RUN cd ${HOME} && \
cp /tmp/${LINSTOR_TGZ} ${HOME} && \
mkdir -p ${HOME}/rpmbuild/SOURCES && \
mkdir -p ${HOME}/rpmbuild/RPMS/noarch && \
cp /tmp/${LINSTOR_TGZ} ${HOME}/rpmbuild/SOURCES && \
tar xvf ${LINSTOR_TGZ}
RUN cd ${HOME}/${LINSTOR_TGZNAME}-${LINSTOR_VERSION} && ./gradlew wrapper -PversionOverride= # !lbbuild
RUN cd ${HOME}/${LINSTOR_TGZNAME}-${LINSTOR_VERSION} && \
( cp /tmp/pkgcache/linstor-common*.rpm ${HOME}/rpmbuild/RPMS/noarch/ && \
cp /tmp/pkgcache/linstor-controller*.rpm ${HOME}/rpmbuild/RPMS/noarch/ \
) || rpmbuild -bb --define "debug_package %{nil}" linstor.spec
FROM registry.access.redhat.com/ubi8/ubi
MAINTAINER Roland Kammerer <roland.kammerer@linbit.com>
RUN echo "skip_missing_names_on_install=no" >> /etc/yum.conf
# ENV can not be shared between builder and "main"
ENV LINSTOR_VERSION 1.30.2
ARG release=1
LABEL name="linstor-controller" \
vendor="LINBIT" \
version="$LINSTOR_VERSION" \
release="$release" \
summary="LINSTOR's controller component" \
description="LINSTOR's controller component"
COPY COPYING /licenses/gpl-3.0.txt
COPY --from=builder /home/makepkg/rpmbuild/RPMS/noarch/*.rpm /tmp/
# PACKAGES:
# which: the autogenerated start script uses it
# openssl: the start script uses it to generate LINSTOR compatible keys and certificates.
# linstor-client: nice in container scenarios where you can jump into the container and execute 'linstor' commands
# linstor-gui: Graphical interface in customer containers.
RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical && \
yum install -y which openssl && \
yum install -y /tmp/linstor-common*.rpm /tmp/linstor-controller*.rpm && \
rm /tmp/*.rpm && yum clean all -y
ENV PSK=https://packages.linbit.com/package-signing-pubkey.asc
RUN curl "$PSK" >/tmp/psk.asc && rpm --import /tmp/psk.asc && rm /tmp/psk.asc
ENV INTERNAL_REPO=/etc/yum.repos.d/linbit-internal.repo
# keep on long lines
# =lbbuild RUN printf '[linbit-internal]\nname=LINBIT Internal - $basearch\nbaseurl=https://nexus.at.linbit.com/repository/packages-linbit-com/yum/rhel8/drbd-9/$basearch\nenabled=1\ngpgcheck=1\ngpgkey=%s\n' "$PSK" | tee "$INTERNAL_REPO"
# =lbbuild RUN yum install -y linstor-gui linstor-client && yum clean all -y && rm "$INTERNAL_REPO"
ARG ARCH=amd64
ARG K8S_AWAIT_ELECTION_VERSION=v0.4.1
RUN curl --fail --location "https://github.com/LINBIT/k8s-await-election/releases/download/${K8S_AWAIT_ELECTION_VERSION}/k8s-await-election-${K8S_AWAIT_ELECTION_VERSION}-linux-${ARCH}.tar.gz" | tar -xvz -C /usr/local/bin/
RUN curl --fail --location "https://dl.k8s.io/$(curl --fail --location https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl" -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl
RUN groupadd linstor
RUN useradd -m -g linstor linstor
RUN mkdir /var/log/linstor-controller
RUN chown -R root:linstor /etc/linstor /var/lib/linstor /var/log/linstor-controller
RUN chmod g+w /etc/linstor /var/lib/linstor /var/log/linstor-controller
# Ensure we log to files in containers, otherwise SOS reports won't show any logs at all
RUN sed -i 's#<!-- <appender-ref ref="FILE" /> -->#<appender-ref ref="FILE" />#' /usr/share/linstor-server/lib/conf/logback.xml
# PORTS:
# 3370: LINSTOR REST API / GUI
# 3371: LINSTOR HTTPS REST API / GUI
EXPOSE 3370/tcp 3371/tcp
COPY scripts/entry.sh /
USER linstor
CMD ["startController"]
ENTRYPOINT ["/usr/local/bin/k8s-await-election", "/entry.sh"]