-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathContainerfile.core.base
108 lines (97 loc) · 4.78 KB
/
Containerfile.core.base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
FROM quay.io/centos/centos:stream9
# https://ryandaniels.ca/blog/docker-dockerfile-arg-from-arg-trouble/
ARG PYTHON_VERSION=3.9
# https://superuser.com/questions/959380/how-do-i-install-generate-all-locales-on-fedora
# This may not be necessary anymore because Fedora 30, unlike CentOS 7, has
# glibc subpackages like glibc-langpack-en.
RUN rm /etc/rpm/macros.image-language-conf
RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US.UTF-8
ENV LC_ALL=en_US.UTF-8
ENV PYTHONUNBUFFERED=0
ENV DJANGO_SETTINGS_MODULE=pulpcore.app.settings
ENV PULP_SETTINGS=/etc/pulp/settings.py
ENV _BUILDAH_STARTED_IN_USERNS=""
ENV BUILDAH_ISOLATION=chroot
ENV PULP_GUNICORN_TIMEOUT=${PULP_GUNICORN_TIMEOUT:-90}
ENV PULP_API_WORKERS=${PULP_API_WORKERS:-2}
# Disable gunicorn worker recycling for API workers by default
ENV PULP_API_WORKERS_MAX_REQUESTS=${PULP_API_WORKERS_MAX_REQUESTS:-0}
ENV PULP_API_WORKERS_MAX_REQUESTS_JITTER=${PULP_API_WORKERS_MAX_REQUESTS_JITTER:-0}
ENV PULP_CONTENT_WORKERS=${PULP_CONTENT_WORKERS:-2}
# Disable gunicorn worker recycling for Content workers by default
ENV PULP_CONTENT_WORKERS_MAX_REQUESTS=${PULP_CONTENT_WORKERS_MAX_REQUESTS:-0}
ENV PULP_CONTENT_WORKERS_MAX_REQUESTS_JITTER=${PULP_CONTENT_WORKERS_MAX_REQUESTS_JITTER:-0}
# Install updates & dnf plugins
RUN dnf -y install dnf-plugins-core && \
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
dnf config-manager --set-enabled crb && \
dnf -y update
RUN dnf -y module enable nginx:1.22
# glibc-langpack-en is needed to provide the en_US.UTF-8 locale, which Pulp
# seems to need.
RUN dnf -y install python${PYTHON_VERSION} python3-cryptography python${PYTHON_VERSION}-devel && \
dnf -y install openssl openssl-devel && \
dnf -y install openldap-devel --exclude selinux* && \
dnf -y install wget git && \
dnf -y install python3-psycopg2 && \
dnf -y install redhat-rpm-config gcc cargo libffi-devel && \
dnf -y install glibc-langpack-en && \
dnf -y install python3-libmodulemd && \
dnf -y install python3-libcomps && \
dnf -y install libpq-devel && \
dnf -y install python3-setuptools && \
dnf -y install podman fuse-overlayfs buildah --exclude container-selinux && \
dnf -y install ostree-libs ostree && \
dnf -y install skopeo && \
dnf -y install sudo && \
dnf -y install zstd && \
dnf -y install jq && \
dnf -y install which && \
dnf -y install rpm-sign && \
dnf -y install lsof && \
getcap /usr/bin/newuidmap | grep cap_setuid || dnf -y reinstall -y shadow-utils && \
dnf clean all
RUN groupadd -g 700 --system pulp
RUN useradd -d /var/lib/pulp --system -u 700 -g pulp pulp
# Rootless podman inside rootless podman/docker
# https://www.redhat.com/sysadmin/podman-inside-container
RUN sed 's|^#mount_program|mount_program|g' -i /etc/containers/storage.conf
# We modified the example so that we have a UID range of upto 65535.
# Because, for example, the image docker.io/library/busybox actually uses the user nobody(65534) for
# /home rather than the traditional nobody/nfsnbody usage (not an owner on a permanent filesystem.)
# This does however mean that a user must have a UID range for the pulp container of at least 75535
# large (UID 0 is in addition), contrary to many examples out there that are only 65536 large.
RUN usermod --add-subuids 10000-75534 --add-subgids 10000-75534 pulp
VOLUME /var/lib/containers
RUN mkdir -p /var/lib/pulp/.local/share/containers && chown -R pulp:pulp /var/lib/pulp/.local
VOLUME /var/lib/pulp/.local/share/containers
RUN mkdir -p /database \
/etc/nginx/pulp \
/etc/pulp/certs \
/etc/ssl/pulp \
/nginx \
/var/lib/operator/static \
/var/lib/pgsql \
/var/lib/pulp/assets \
/var/lib/pulp/media \
/var/lib/pulp/scripts \
/var/lib/pulp/tmp
RUN chown pulp:pulp -R /database \
/var/lib/pulp \
/var/lib/operator/static
COPY images/assets/readyz.py /usr/bin/readyz.py
COPY images/assets/route_paths.py /usr/bin/route_paths.py
COPY images/assets/wait_on_postgres.py /usr/bin/wait_on_postgres.py
COPY images/assets/wait_on_database_migrations.sh /usr/bin/wait_on_database_migrations.sh
COPY images/assets/set_init_password.sh /usr/bin/set_init_password.sh
COPY images/assets/add_signing_service.sh /usr/bin/add_signing_service.sh
COPY images/assets/pulp-api /usr/bin/pulp-api
COPY images/assets/pulp-content /usr/bin/pulp-content
COPY images/assets/pulp-worker /usr/bin/pulp-worker
COPY images/assets/constraints.txt /constraints.txt
# Need to precreate when running pulp as the pulp user
RUN touch /var/log/galaxy_api_access.log && \
chown pulp:pulp /var/log/galaxy_api_access.log && \
chmod u+rw /var/log/galaxy_api_access.log