From 31291ebd3563208afbd40204f1ab74418e05abae Mon Sep 17 00:00:00 2001 From: JohnnySheffield Date: Fri, 24 Aug 2018 05:55:54 +0200 Subject: [PATCH] nonroot CentOS Docker image (#9280) * Updates CentOS Docker image build process * rename build.Dockerfile --- docker/README.md | 41 +++++++++++++++++++++++++++++- docker/centos/Dockerfile | 46 ++++++++++++++-------------------- docker/centos/Dockerfile.build | 25 ++++++++++++++++++ docker/centos/build.sh | 29 +++++++++++++++++++++ 4 files changed, 113 insertions(+), 28 deletions(-) create mode 100644 docker/centos/Dockerfile.build create mode 100755 docker/centos/build.sh diff --git a/docker/README.md b/docker/README.md index 3b79e8dd7..b2f8374b5 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,3 +1,42 @@ -Usage +## Usage ```docker build -f docker/ubuntu/Dockerfile --tag ethcore/parity:branch_or_tag_name .``` + +## Usage - CentOS + +Builds a lightweight non-root Parity docker image: + +``` +git clone https://github.com/paritytech/parity-ethereum.git +cd parity-ethereum +./docker/centos/build.sh +``` + +Fully customised build: +``` +PARITY_IMAGE_REPO=my-personal/parity \ +PARITY_BUILDER_IMAGE_TAG=build-latest \ +PARITY_RUNNER_IMAGE_TAG=centos-parity-experimental \ +./docker/centos/build.sh +``` + + +Default values: +``` +# The image name +PARITY_IMAGE_REPO - parity/parity + +# The tag to be used for builder image, git commit sha will be appended +PARITY_BUILDER_IMAGE_TAG - build + +# The tag to be used for runner image +PARITY_RUNNER_IMAGE_TAG - latest +``` + +All default ports you might use will be exposed: +``` +# secret +# ipfs store ui rpc ws listener discovery +# ↓ ↓ ↓ ↓ ↓ ↓ ↓ +EXPOSE 5001 8082 8083 8180 8545 8546 30303/tcp 30303/udp +``` diff --git a/docker/centos/Dockerfile b/docker/centos/Dockerfile index 7c944001e..22a98c003 100644 --- a/docker/centos/Dockerfile +++ b/docker/centos/Dockerfile @@ -1,36 +1,28 @@ FROM centos:latest -WORKDIR /build -# install tools and dependencies -RUN yum -y update&& \ - yum install -y git make gcc-c++ gcc file binutils cmake +RUN mkdir -p /opt/parity/data && \ + chmod g+rwX /opt/parity/data && \ + mkdir -p /opt/parity/release -# install rustup -RUN curl -sSf https://static.rust-lang.org/rustup.sh -o rustup.sh &&\ -ls&&\ - sh rustup.sh --disable-sudo +COPY parity/parity /opt/parity/release -# show backtraces -ENV RUST_BACKTRACE 1 +WORKDIR /opt/parity/data -# set compiler -ENV CXX g++ -ENV CC gcc +# exposing default ports +# +# secret +# ipfs store ui rpc ws listener discovery +# ↓ ↓ ↓ ↓ ↓ ↓ ↓ +EXPOSE 5001 8082 8083 8180 8545 8546 30303/tcp 30303/udp -# show tools -RUN rustc -vV && \ -cargo -V && \ -gcc -v &&\ -g++ -v +# switch to non-root user +USER 1001 -# build parity -ADD . /build/parity -RUN cd parity&&\ - cargo build --release --verbose && \ - ls /build/parity/target/release/parity && \ - strip /build/parity/target/release/parity +#if no base path provided, assume it's current workdir +CMD ["--base-path","."] +ENTRYPOINT ["/opt/parity/release/parity"] + + + -RUN file /build/parity/target/release/parity -EXPOSE 8080 8545 8180 -ENTRYPOINT ["/build/parity/target/release/parity"] diff --git a/docker/centos/Dockerfile.build b/docker/centos/Dockerfile.build new file mode 100644 index 000000000..454af403a --- /dev/null +++ b/docker/centos/Dockerfile.build @@ -0,0 +1,25 @@ +FROM centos:latest + +WORKDIR /build + +ADD . /build/parity-ethereum + +RUN yum -y update && \ + yum install -y systemd-devel git make gcc-c++ gcc file binutils && \ + curl -L "https://cmake.org/files/v3.12/cmake-3.12.0-Linux-x86_64.tar.gz" -o cmake.tar.gz && \ + tar -xzf cmake.tar.gz && \ + cp -r cmake-3.12.0-Linux-x86_64/* /usr/ && \ + curl https://sh.rustup.rs -sSf | sh -s -- -y && \ + PATH=/root/.cargo/bin:$PATH && \ + RUST_BACKTRACE=1 && \ + rustc -vV && \ + cargo -V && \ + gcc -v && \ + g++ -v && \ + cmake --version && \ + cd parity-ethereum && \ + cargo build --verbose --release --features final && \ + strip /build/parity-ethereum/target/release/parity && \ + file /build/parity-ethereum/target/release/parity + + diff --git a/docker/centos/build.sh b/docker/centos/build.sh new file mode 100755 index 000000000..7215e745f --- /dev/null +++ b/docker/centos/build.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + +# The image name +PARITY_IMAGE_REPO=${PARITY_IMAGE_REPO:-parity/parity} +# The tag to be used for builder image +PARITY_BUILDER_IMAGE_TAG=${PARITY_BUILDER_IMAGE_TAG:-build} +# The tag to be used for runner image +PARITY_RUNNER_IMAGE_TAG=${PARITY_RUNNER_IMAGE_TAG:-latest} + +echo Building $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H") +docker build --no-cache -t $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H") . -f docker/centos/Dockerfile.build + +echo Creating $PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H"), extracting binary +docker create --name extract $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H") +mkdir docker/centos/parity +docker cp extract:/build/parity-ethereum/target/release/parity docker/centos/parity + +echo Building $PARITY_IMAGE_REPO:$PARITY_RUNNER_IMAGE_TAG +docker build --no-cache -t $PARITY_IMAGE_REPO:$PARITY_RUNNER_IMAGE_TAG docker/centos/ -f docker/centos/Dockerfile + +echo Cleaning up ... +rm -rf docker/centos/parity +docker rm -f extract +docker rmi -f $PARITY_IMAGE_REPO:$PARITY_BUILDER_IMAGE_TAG-$(git log -1 --format="%H") + +echo Echoing Parity version: +docker run $PARITY_IMAGE_REPO:$PARITY_RUNNER_IMAGE_TAG --version + +echo Done.