-
Notifications
You must be signed in to change notification settings - Fork 76
/
Dockerfile.satellite
127 lines (99 loc) · 5.94 KB
/
Dockerfile.satellite
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
ARG BUILDER=registry.access.redhat.com/ubi8/ubi
FROM $BUILDER as builder
ENV LINSTOR_VERSION 1.29.2
ARG ARCH=amd64
ENV LINSTOR_TGZNAME linstor-server
ENV LINSTOR_TGZ ${LINSTOR_TGZNAME}-${LINSTOR_VERSION}.tar.gz
USER root
RUN echo "skip_missing_names_on_install=no" >> /etc/yum.conf
RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical # !lbbuild
RUN groupadd makepkg # !lbbuild
RUN useradd -m -g makepkg makepkg # !lbbuild
RUN yum install -y sudo # !lbbuild
RUN usermod -a -G wheel makepkg # !lbbuild
RUN yum install -y rpm-build wget unzip which make git java-1.11.0-openjdk-devel python2 && yum clean all -y # !lbbuild
RUN rpm -e --nodeps fakesystemd && yum install -y systemd && yum clean all -y || true # !lbbuild
# one can not comment COPY
RUN cd /tmp && wget https://pkg.linbit.com/downloads/linstor/$LINSTOR_TGZ # !lbbuild
# =lbbuild COPY /${LINSTOR_TGZ} /tmp/
# =lbbuild COPY /pkgcache/* /tmp/pkgcache/
# link gradle to gradle-wrapper
RUN ln -s /home/makepkg/${LINSTOR_TGZNAME}-${LINSTOR_VERSION}/gradlew /usr/local/bin/gradle # !lbbuild
USER makepkg
RUN cd ${HOME} && \
cp /tmp/${LINSTOR_TGZ} ${HOME} && \
mkdir -p ${HOME}/rpmbuild/SOURCES && \
mkdir -p ${HOME}/rpmbuild/RPMS/noarch && \
cp /tmp/${LINSTOR_TGZ} ${HOME}/rpmbuild/SOURCES && \
tar xvf ${LINSTOR_TGZ}
RUN cd ${HOME}/${LINSTOR_TGZNAME}-${LINSTOR_VERSION} && ./gradlew wrapper -PversionOverride= # !lbbuild
RUN cd ${HOME}/${LINSTOR_TGZNAME}-${LINSTOR_VERSION} && \
( cp /tmp/pkgcache/linstor-common*.rpm ${HOME}/rpmbuild/RPMS/noarch/ && \
cp /tmp/pkgcache/linstor-satellite*.rpm ${HOME}/rpmbuild/RPMS/noarch/ \
) || rpmbuild -bb --define "debug_package %{nil}" linstor.spec
FROM quay.io/linbit/drbd-utils
# this is/needs to be based on registry.access.redhat.com/ubi7/ubi
ENV LINSTOR_VERSION 1.29.2
ARG release=1
ARG ARCH=amd64
LABEL name="linstor-satellite" \
vendor="LINBIT" \
version="$LINSTOR_VERSION" \
release="$release" \
summary="LINSTOR's satellite component" \
description="LINSTOR's satellite component"
COPY COPYING /licenses/gpl-3.0.txt
RUN echo "skip_missing_names_on_install=no" >> /etc/yum.conf
# packages
COPY --from=builder /home/makepkg/rpmbuild/RPMS/noarch/*.rpm /tmp/linstorpkgs/
# Required packages:
# which: the autogenerated start script uses it
# openssl: the start script uses it to generate LINSTOR compatible keys and certificates.
# lvm2: obvious as most of our pools are LVM based
# util-linux: we had a use-case where having nsenter was nice (keep it, does not hurt)
# socat: used with thin-send-recv to send snapshots to another LINSTOR cluster
# procps-ng: used to find orphaned thin-send-recv processes
# Convenient packages for debugging:
# diffutils (diff), file, hostname, iputils (ping), jq, less
RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical && \
yum install -y which openssl lvm2 util-linux socat procps-ng && \
yum install -y diffutils file hostname iputils jq less && \
yum install -y /tmp/linstorpkgs/linstor-common*.rpm /tmp/linstorpkgs/linstor-satellite*.rpm && \
yum clean all -y
# PACKAGES:
# thin-send-recv: snapshot shipping. like 'zfs send' but for LVM
# ktls-utils: userspace utilities to use TLS encryption with DRBD
ENV PSK=https://packages.linbit.com/package-signing-pubkey.asc
RUN curl "$PSK" >/tmp/psk.asc && rpm --import /tmp/psk.asc && rm /tmp/psk.asc
ENV INTERNAL_REPO=/etc/yum.repos.d/linbit-internal.repo
# =lbbuild RUN printf '[linbit-internal]\nname=LINBIT Internal - $basearch\nbaseurl=https://nexus.at.linbit.com/repository/packages-linbit-com/yum/rhel8/drbd-9/$basearch\nenabled=1\ngpgcheck=1\ngpgkey=%s\n' "$PSK" | tee "$INTERNAL_REPO"
# =lbbuild RUN yum install -y thin-send-recv ktls-utils && yum clean all -y && rm "$INTERNAL_REPO"
# extra tools not in UBI images
# PACKAGES:
# cryptsetup: luks layer
# nvme-cli: nvme layer
# zstd: used with thin-send-recv to send snapshots to another LINSTOR cluster
# xfsprogs: LINSTOR can create file systems; xfs deps
# e2fsprogs e2fsprogs-libs: LINSTOR can create file systems; ext4 deps
# device-mapper-multipath device-mapper-multipath-libs: exos layer
# lsscsi: exos layer
# =lbbuild RUN curl -fsSL https://nexus.at.linbit.com/repository/lbbuild/from_rhel_repos.sh | bash -s -- cryptsetup nvme-cli zstd xfsprogs e2fsprogs device-mapper-multipath lsscsi
# zfs ("tools"): zfs layer
# =lbbuild RUN if [ "$(uname -m)" = "x86_64" ]; then dnf install -y https://zfsonlinux.org/epel/zfs-release-2-2$(rpm --eval "%{dist}").noarch.rpm && dnf config-manager --disable zfs && dnf config-manager --enable zfs-kmod && dnf repoquery --requires --resolve -q --archlist $(uname -m),noarch zfs | grep -v ^kmod-zfs | xargs dnf install -y && mkdir /tmp/zfs && cd /tmp/zfs && dnf download zfs && rpm -Uvh --nodeps ./zfs*.rpm && cd / && rm -rf /tmp/zfs; fi
# custom tools
# losetup-container: fixes an edge case when reporting the backing file for a loop device
ARG LOSETUP_CONTAINER_VERSION=v1.0.1
RUN curl -fsSL "https://github.com/LINBIT/losetup-container/releases/download/${LOSETUP_CONTAINER_VERSION}/losetup-container-$(uname -m)-unknown-linux-gnu.tar.gz" | tar -xvz -C /usr/local/sbin && \
printf '#!/bin/sh\nLOSETUP_CONTAINER_ORIGINAL_LOSETUP=%s exec /usr/local/sbin/losetup-container "$@"\n' $(command -v losetup) > /usr/local/sbin/losetup && \
chmod +x /usr/local/sbin/losetup
# package post inst config
RUN lvmconfig --type current --mergedconfig --config 'activation { udev_sync = 0 udev_rules = 0 monitoring = 0 } devices { global_filter = [ "r|^/dev/drbd|" ] }' > /etc/lvm/lvm.conf.new && mv /etc/lvm/lvm.conf.new /etc/lvm/lvm.conf
# Ensure we log to files in containers, otherwise SOS reports won't show any logs at all
RUN sed -i 's#<!-- <appender-ref ref="FILE" /> -->#<appender-ref ref="FILE" />#' /usr/share/linstor-server/lib/conf/logback.xml
# PORTS:
# 3366: controller <-> satellite
# 3367: controller <-SSL-> satellite
EXPOSE 3366/tcp 3367/tcp
COPY scripts/entry.sh /
CMD ["startSatellite"]
ENTRYPOINT ["/entry.sh"]