Add Dockerfile for multi-stage build of oracle/database:18.3.0-se2

[elygre]

Add a new Dockerfile that uses the multi-stage build feature of
Docker 17.05 (or newer), to avoid having the installation source
file as part of the final image. This reduces the size of the
built image from 18GB to 9GB.

Issue #945 exists for this problem. This merge request implements multi-stage build only for a single docker image (oracle/database:18.3.0-se2), and if successful, should probably also be implemented for (many) other images.

Using the new feature requires using the "-m" option when running buildDockerImage.sh.

[Djelibeybi]

@gvenzl can you test this to see if the permissions are correct and that the resulting image actually works (and is smaller)?

[gvenzl]

On it, I see already a very interesting option in the COPY instruction that wasn't there when introduced: COPY --chown=oracle:dba

Seems like it got added with 17.09-ce:

17.09.0-ce (2017-09-26)
Builder
Add --chown flag to ADD/COPY commands in Dockerfile moby/moby#34263
Fix cloning unneeded files while building from git repositories moby/moby#33704

[elygre]

Ah, yes, my version numbering was off. I referenced 17.05, but indeed, 17.09 is needed.

(Incidentally, there is a proposal for a further improvement to the COPY command on moby/moby#37123, where copying between layers should be able to retain ownership fully, not just being defined. That would solve the possible case of a file tree having multiple owners in multiple places, and would make the Dockerfile more resilient to subtle changes in the runInstaller script)

[gvenzl]

That would be indeed an awesome change, and a long waited for one!

[gvenzl]

The PR works fine and is verified.

@elygre, this is a great addition to the build files and once again, thanks for making me aware that multi-stage builds have been enhanced to fix these file ownership issue.

I would like to go ahead and replicate this PR against all the Dockerfiles, not just the SE2 18c image. Furthermore, I want to make this the default, as soon as Oracle Linux ships with Docker 18.03 (right now only 17.06), and repurpose the -m option to build slim images instead (which remove some files that are not always needed).

The thing is, I really want to accept your PR and contribution to the repo. But, I don't want to ask you to put all that effort in that I'm planning above.

So my question to you is: are you fine if I reject this PR but still am going to implement multi-stage build based on what you have provided? Or, and I fully understand if, do you want to have this PR merged but then I will have to ask you to make changes on top of it and wait for 18.03 on OL?

Btw, I think we have to rerun yum again in the new image, otherwise some packages aren't copied over in /lib64, etc. Unless you have a good way to get them over as well, maybe just a COPY /lib, etc but at that point it becomes cumbersome.

[elygre]

I'm happy that this may have been helpful, and don't mind at all if you want to reject this pull request in favor of a more complete solution. Go with the solution that will bring the best results!

[Djelibeybi]

FYI, Oracle Container Runtime for Docker 18.03-1 was released last week which includes support for multi-stage builds, including the --chown option.

PR superseded by PR #979

[gvenzl]

@elygre, as before discussed, now that the other PR got merged, are you ok with closing this one?

[gvenzl]

Closing this PR as the functionality has been provided and merged via superseding PR #979