Skip to content

Commit

Permalink
Prepare home directories for docker images in a different stage (#20356)
Browse files Browse the repository at this point in the history 
Files included in the home directory of the docker images need some
changes on permissions and ownerships after being copied. If this is
done as a COPY and a RUN, it creates two layers with all the files, that
are included in the final image, increasing its size.

Move the preparation of the home directory to a different stage, so in
the final image it is done as an only COPY operation.
  • Loading branch information
@jsoriano
jsoriano committed Aug 3, 2020
1 parent 43bbf51 commit aaf3d7e
Showing 1 changed file with 21 additions and 15 deletions.
36 changes: 21 additions & 15 deletions dev-tools/packaging/templates/docker/Dockerfile.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,25 @@
{{- $beatBinary := printf "%s/%s" $beatHome .BeatName }}
{{- $repoInfo := repo }}

# Prepare home in a different stage to avoid creating additional layers on
# the final image because of permission changes.
FROM {{ .from }} AS home

COPY beat {{ $beatHome }}

RUN mkdir {{ $beatHome }}/data {{ $beatHome }}/logs && \
chown -R root:root {{ $beatHome }} && \
find {{ $beatHome }} -type d -exec chmod 0750 {} \; && \
find {{ $beatHome }} -type f -exec chmod 0640 {} \; && \
chmod 0750 {{ $beatBinary }} && \
{{- if .linux_capabilities }}
setcap {{ .linux_capabilities }} {{ $beatBinary }} && \
{{- end }}
{{- range $i, $modulesd := .ModulesDirs }}
chmod 0770 {{ $beatHome}}/{{ $modulesd }} && \
{{- end }}
chmod 0770 {{ $beatHome }}/data {{ $beatHome }}/logs

FROM {{ .from }}

RUN yum -y --setopt=tsflags=nodocs update && \
Expand All @@ -23,26 +42,13 @@ LABEL \
ENV ELASTIC_CONTAINER "true"
ENV PATH={{ $beatHome }}:$PATH

COPY beat {{ $beatHome }}
COPY docker-entrypoint /usr/local/bin/docker-entrypoint
RUN chmod 755 /usr/local/bin/docker-entrypoint

RUN groupadd --gid 1000 {{ .BeatName }}

RUN mkdir {{ $beatHome }}/data {{ $beatHome }}/logs && \
chown -R root:root {{ $beatHome }} && \
find {{ $beatHome }} -type d -exec chmod 0750 {} \; && \
find {{ $beatHome }} -type f -exec chmod 0640 {} \; && \
chmod 0750 {{ $beatBinary }} && \
{{- if .linux_capabilities }}
setcap {{ .linux_capabilities }} {{ $beatBinary }} && \
{{- end }}
{{- range $i, $modulesd := .ModulesDirs }}
chmod 0770 {{ $beatHome}}/{{ $modulesd }} && \
{{- end }}
chmod 0770 {{ $beatHome }}/data {{ $beatHome }}/logs
COPY --from=home {{ $beatHome }} {{ $beatHome }}

{{- if ne .user "root" }}
RUN groupadd --gid 1000 {{ .BeatName }}
RUN useradd -M --uid 1000 --gid 1000 --groups 0 --home {{ $beatHome }} {{ .user }}
{{- end }}
USER {{ .user }}
Expand Down

0 comments on commit aaf3d7e

Please sign in to comment.