nonroot CentOS Docker image (#9280)

* Updates CentOS Docker image build process * rename build.Dockerfile
2018-08-24 05:55:54 +02:00 · 2018-08-24 05:55:54 +02:00 · 31291ebd35
parent e8e0b08f17
commit 31291ebd35
4 changed files with 113 additions and 28 deletions
--- a/docker/README.md
+++ b/docker/README.md
@ -1,3 +1,42 @@
-Usage
+## Usage

 ```docker build -f docker/ubuntu/Dockerfile --tag ethcore/parity:branch_or_tag_name .```
+
+## Usage - CentOS
+
+Builds a lightweight non-root Parity docker image:
+
+```
+git clone https://github.com/paritytech/parity-ethereum.git
+cd parity-ethereum
+./docker/centos/build.sh
+```
+
+Fully customised build:
+```
+PARITY_IMAGE_REPO=my-personal/parity \
+PARITY_BUILDER_IMAGE_TAG=build-latest \
+PARITY_RUNNER_IMAGE_TAG=centos-parity-experimental \
+./docker/centos/build.sh
+```
+
+
+Default values:
+```
+# The image name
+PARITY_IMAGE_REPO - parity/parity
+
+# The tag to be used for builder image, git commit sha will be appended
+PARITY_BUILDER_IMAGE_TAG - build
+
+# The tag to be used for runner image
+PARITY_RUNNER_IMAGE_TAG - latest
+```
+
+All default ports you might use will be exposed:
+```
+#           secret
+#      ipfs store     ui   rpc  ws   listener  discovery
+#      ↓    ↓         ↓    ↓    ↓    ↓         ↓
+EXPOSE 5001 8082 8083 8180 8545 8546 30303/tcp 30303/udp
+```
--- a/docker/centos/Dockerfile
+++ b/docker/centos/Dockerfile
@ -1,36 +1,28 @@
 FROM centos:latest
-WORKDIR /build

-# install tools and dependencies
-RUN yum -y update&& \
-    yum install -y git make gcc-c++ gcc file binutils cmake
+RUN mkdir -p /opt/parity/data && \
+    chmod g+rwX /opt/parity/data && \
+    mkdir -p /opt/parity/release

-# install rustup
-RUN curl -sSf https://static.rust-lang.org/rustup.sh -o rustup.sh &&\
-ls&&\
- sh rustup.sh --disable-sudo
+COPY parity/parity /opt/parity/release

-# show backtraces
-ENV RUST_BACKTRACE 1
+WORKDIR /opt/parity/data

-# set compiler
-ENV CXX g++
-ENV CC gcc
+# exposing default ports
+#
+#           secret
+#      ipfs store     ui   rpc  ws   listener  discovery
+#      ↓    ↓         ↓    ↓    ↓    ↓         ↓
+EXPOSE 5001 8082 8083 8180 8545 8546 30303/tcp 30303/udp

-# show tools
-RUN rustc -vV && \
-cargo -V && \
-gcc -v &&\
-g++ -v
+# switch to non-root user
+USER 1001

-# build parity
-ADD . /build/parity
-RUN cd parity&&\
-    cargo build --release --verbose && \
-	ls /build/parity/target/release/parity &&	\
-	strip /build/parity/target/release/parity
+#if no base path provided, assume it's current workdir
+CMD ["--base-path","."]
+ENTRYPOINT ["/opt/parity/release/parity"]  
+
+
+   

-RUN file /build/parity/target/release/parity

-EXPOSE 8080 8545 8180
-ENTRYPOINT ["/build/parity/target/release/parity"]
--- a/docker/centos/Dockerfile.build
+++ b/docker/centos/Dockerfile.build
@ -0,0 +1,25 @@
+FROM centos:latest
+
+WORKDIR /build
+
+ADD . /build/parity-ethereum
+
+RUN yum -y update && \
+    yum install -y systemd-devel git make gcc-c++ gcc file binutils && \
+    curl -L "https://cmake.org/files/v3.12/cmake-3.12.0-Linux-x86_64.tar.gz" -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cp -r cmake-3.12.0-Linux-x86_64/* /usr/ && \
+    curl https://sh.rustup.rs -sSf | sh -s -- -y && \
+    PATH=/root/.cargo/bin:$PATH && \
+    RUST_BACKTRACE=1 && \
+    rustc -vV && \
+    cargo -V && \
+    gcc -v && \
+    g++ -v && \
+    cmake --version && \
+    cd parity-ethereum && \
+    cargo build --verbose --release --features final && \
+    strip /build/parity-ethereum/target/release/parity && \
+    file /build/parity-ethereum/target/release/parity
+
+
--- a/docker/centos/build.sh
+++ b/docker/centos/build.sh
@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+
+# The image name
+PARITY_IMAGE_REPO=${PARITY_IMAGE_REPO:-parity/parity}
+# The tag to be used for builder image
+PARITY_BUILDER_IMAGE_TAG=${PARITY_BUILDER_IMAGE_TAG:-build}
+# The tag to be used for runner image
+PARITY_RUNNER_IMAGE_TAG=${PARITY_RUNNER_IMAGE_TAG:-latest}
+
+echo Building $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H")
+docker build --no-cache -t $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H") . -f docker/centos/Dockerfile.build
+
+echo Creating $PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H"), extracting binary
+docker create --name extract $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H") 
+mkdir docker/centos/parity
+docker cp extract:/build/parity-ethereum/target/release/parity docker/centos/parity
+
+echo Building $PARITY_IMAGE_REPO:$PARITY_RUNNER_IMAGE_TAG
+docker build --no-cache -t $PARITY_IMAGE_REPO:$PARITY_RUNNER_IMAGE_TAG docker/centos/ -f docker/centos/Dockerfile
+
+echo Cleaning up ...
+rm -rf docker/centos/parity
+docker rm -f extract
+docker rmi -f $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H")
+
+echo Echoing Parity version:
+docker run $PARITY_IMAGE_REPO:$PARITY_RUNNER_IMAGE_TAG --version
+
+echo Done.