feat(compute,api,update-server): Move system configs out of Dockerfile

[sfoster1]

overview

Overhaul of the container configuration and initialization to remove as much as
possible from the Dockerfile and the volatile storage, preferring instead to
live in files that are included in the api server wheel and unpacked to /data
during initialization.

Most configuration and setup scripts are no longer COPYd into /usr/local/bin.
Instead, they are packed into the api server’s wheel (opentrons) in a
/resources subdirectory. This resources subdirectory is recursive-included
into the manifest, so putting a file into the directory will include it in the
wheel.

Because wheels do not run arbitrary code when they are installed, there is some
external tooling to get the files out of wheel/resources and into their eventual
home in /data/system.

• Provisioning

The compute/find_module_path.py is an executable python script that uses
importlib to find the location of the opentrons module as Python would do (so it
always gets the right one) without importing opentrons, which has significant
side effects.

The opentrons/api/opentrons/resources/scripts/provision-api-resources script
uses find_module_path to find the current opentrons module and copy everything
in /resources in the package to /data/system (the OT_CONFIG_DIR). This includes
all the system configurations and scripts that were previously in compute/.

The provision script is designed to be invoked during updates. This happens
during the first boot of the container (more on this later) and during a
software update via the update server.

In the case of the update-server driven update, because we assume a user is
never updating to 3.3 from 3.0 on a 3.0 Dockerfile, we can assume the provision
script is in /data/system/scripts and is therefore in the path. The update
server therefore invokes the provision script after installing a new api server,
the provision script finds the right (newly-installed) opentrons module, and
updates /data/resources with the new scripts.

In the case of the first container boot, we rely on the one piece of
initialization left in compute/. compute/container_setup.sh does the first-boot
check that setup.sh used to do, and in addition to removing old api server
installations and updating the cached container ID it runs the provision script

• this time from the module installed in /usr/local/lib.

• Container Initialization

The Dockerfile CMD has been slightly simplified by symlinking the environment
file into /etc/profile.d. This requires the use of bash’s -l flag to get a login
shell in the docker container.

Because the symlinks to the environment must be present when the shell starts,
the environment script (opentrons/api/opentrons/resources/ot-environ.sh) is
linked into /etc/profile.d by the Dockerfile (the rest of the configuration file
symlinks are in opentrons/api/opentrons/resources/scripts/setup.sh). It is also
linked twice - once from /data/system, which will be empty when the container
boots for the first time; and once from the system installation of the api
server in /usr/local/lib, as a fallback. The one-time environment variables
ensure it is only executed once.

Then, the container setup script runs. In most cases it doesn’t do much, but see
above for the behavior during the first container boot.

Since /data/system/scripts is in the path, we still call setup.sh and start.sh.
In addition to what it used to do, setup.sh now makes symlinks for most of the
configuration files we had been COPYing into Docker. These are now in
/data/system. start.sh is pretty similar to before.

• Container Building

The Dockerfile is now parameterized to make building a local container slightly
easier. Invoking docker build with no arguments builds a container for the
pi (it has to, since this is what Resin does). Invoking docker build with the
arguments to change the base image and clear RUNNING_ON_PI will build a
container for local machines. To make this easier, there is a new top-level
Makefile target, api-local-container, that invokes docker build with the correct
arguments. Note that the local container still doesn’t 100% work; it needs more
love to get over things like not having a dbus socket on all hosts.

changelog

• Move container configuration and initialization to opentrons/api/opentrons/resources as much as possible
• Copy the data in /resources to /data/system on first container boot and during update (in the update server)
• Sweet new motd
• Removed some of the nmcli commands used for janitoring the static ipv6 routes
• Removed the nginx root server block and deleted the static files it was
• serving
• hardcoded some ports to get away from infinite env vars we can’t trust
• Fixed an issue in the update server where it was sending the repr() of
  tracebacks in 500 messages for /server/update. Now it sends the result of traceback.format_tb()

Note that Dockerfiles without these changes will not get the new configuration and startup, even if an api server is properly installed and provisioned, since the environment script won't be sourced.

review requests

Test:

• A robot that is on 3.0.0 and has its resin-updates.lock file deleted successfully downloads this container from resin, boots, and has all its old config data from the usb driver
• A robot that has this docker file, update server, and api server can successfully be updated (by run app) to a new version, including provisioning (usually check by modifying eg /data/system/ot-environ.sh and check that the modifications are reverted after update)
• Unless specifically erased by updating, changes in /data/system should persist and take effect after a reboot. For instance, a change to /data/system/ot-environ.sh should be present even after a reboot. Note that the resin.io web shell doesn't actually use a login shell, so it may appear as if configurations are erased. To see the correct environment, do bash -l in the resin webshell (ssh and make term do this by default)
• Also that everything still works:
  • the api and update server respond
  • Jupyter works
  • it connects to wifi
  • it connects via usb

@andySigler Would you mind double-checking ot-environ.sh and the contents of api/opentrons/resources and making sure that the stuff you need for the factory is OK?

Everybody else Let me know if there's more testing I should be doing.

[mcous]

Not in the office so can't personally test until, but here are my thoughts on the code

[mcous]

[Style nitpick] All the other paths in this file have a leading ./

[mcous]

Is it ok to remove these lines entirely?

[mcous]

Unused import

[mcous]

Are we sure we want to do this? Running on a machine that isn't a Pi that is still connected to a real smoothie board seems like a valid dev use-case

[sfoster1]

Sure

[mcous]

This variable doesn't appear to be used

[mcous]

This PR might not be the time, but should we consider either ditching the Unix socket or aligning everything to use Unix sockets? At the very least, this is a really unhelpful socket name that we've been using

[mcous]

[Nitpick, no change requested] Any reason to use ! -z $RUNNING_ON_PI here over -n "$RUNNING_ON_PI"?

[sfoster1]

Slowly re-remembering bash conditionals, mostly.

[mcous]

Out of curiosity, why disable mDNS advertisements on non-Pis?

[sfoster1]

This is one of a category of things in the container that only work at the very least on linux hosts and quite possibly only on the pi. I haven't been consistent with the rest of them, I think what we should do is create an issue to actually get a container running well on (osx, windows) docker.

[mcous]

We should probably use the OT_SERVER_UNIX_SOCKET_PATH environment variable here

[mcous]

[Nice to have] While we're at improving documentation, does the top-level file RESIN_README.md mean anything anymore? If not, might be nice to ditch it in this PR

[sfoster1]

Will do

[codecov]

Codecov Report

Merging #2073 into edge will increase coverage by 2.98%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             edge    #2073      +/-   ##
==========================================
+ Coverage   32.86%   35.84%   +2.98%     
==========================================
  Files         453      453              
  Lines        7312     7802     +490     
==========================================
+ Hits         2403     2797     +394     
- Misses       4909     5005      +96

Impacted Files	Coverage Δ
app-shell/src/discovery.js	88.88% <0%> (-1.12%)	⬇️
discovery-client/src/service.js	100% <0%> (ø)	⬆️
discovery-client/src/cli.js	0% <0%> (ø)	⬆️
components/src/deck/Labware.js	0% <0%> (ø)	⬆️
...rotocol-designer/src/components/SelectablePlate.js	0% <0%> (ø)	⬆️
app/src/components/LostConnectionAlert/index.js	0% <0%> (ø)	⬆️
...rotocol-designer/src/containers/SelectablePlate.js	0% <0%> (ø)	⬆️
components/src/deck/Tip.js	0% <0%> (ø)	⬆️
app/src/rpc/message-types.js	100% <0%> (ø)	⬆️
discovery-client/src/index.js	99.29% <0%> (+0.37%)	⬆️
... and 6 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f42ae1b...ee3872c. Read the comment docs.

[btmorr]

🤖 Code revision looks great, and the Run App works as expected on both the old Dockerfile and the one from this PR. Only issue observed during testing was the bug in troughs that is being addressed by #2023