Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FEATURE: Adapt Dockefiles to use Entrypoint or to only have the static tasks that depends on no variables #235

Closed
3 tasks done
rshad opened this issue Oct 31, 2019 · 1 comment

Comments

@rshad
Copy link
Contributor

rshad commented Oct 31, 2019

Hi all!

Objective
Reduce docker-image build time.

Actual Behavior
Now and for example in https://github.com/wazuh/wazuh-qa/blob/devel/kitchen/wazuh-chef/manager/files/dockerfile, it takes a long time when building the corresponding Docker image due to that we install the mentioned Ruby gems on each time we build the image. We build the image on each pipeline's build because it's dependent on the source and target branch of the targeted PR.

Expected Behavior
Build the image once. We can build the image once, by only executing the general or non--execution-dependent tasks and let the dependent tasks to be executed when a container is started.

For example, to build the image we would only need to import the image ruby for example, install docker and install Ruby gems.

Then we let the tasks like cloning a rep. detecting branch, etc ... to be executed only when starting a new container.

Proposed Tasks to Complete the Required Changes

Making use of docker Entrypoint:

  • Separate the tasks into build-dependent and non-build-dependent.
  • Apply the required change to the Dockerfiles.
  • Test the changes.

Note: This issue's description may be updated in the future if needed.

Kr,

Rshad Zhran

@rshad
Copy link
Contributor Author

rshad commented Oct 31, 2019

Hi all!

To do so, we firstly should determine which of the tasks are build-dependent or not, and those non-build-dependent are characterized to be executed only once, such as:

  • Download the main image FROM ruby.
  • Install Dependencies, such as:
    • Docker apt install docker.io
    • System Packages updated and upgrade apt-get update.
    • Install the required Ruby gems.
    • . . . .

build-dependent tasks are, for example:

  • Cloning target repo.
  • Checking branch.
  • Replace files by templates.
  • Run the tests.
  • etc ...

ENTRYPOINT

We need to use ENTRYPOINT to indicate to Docker the tasks that should be run only when starting a container, and in our case and as the tasks are multiple then we create a Bash script which includes are the build-dependent tasks as follows:

Note
As you can see, the last command we run in entrypoint.sh is a simple

Which is only used to make the container alive once the script execution is finished.

entrypoint.sh

#!/bin/bash
set -e
CHEF_SOURCE_BRANCH=$1
CHEF_TARGET_BRANCH=$2
QA_BRANCH=$3
cd $HOME && git clone https://github.com/wazuh/wazuh-qa.git && \
cd $HOME/wazuh-qa/ && \
git pull --all && \
git checkout $QA_BRANCH && \
git pull
cd $HOME && \
git clone https://github.com/wazuh/wazuh-chef.git && \
cd $HOME/wazuh-chef/ && \
git checkout $CHEF_SOURCE_BRANCH && \
git pull && \
git checkout $CHEF_TARGET_BRANCH && \
git pull && \
git checkout $CHEF_SOURCE_BRANCH && \
git merge $CHEF_SOURCE_BRANCH
cp -rf $HOME/wazuh-qa/kitchen/wazuh-chef/manager/files/* $HOME/wazuh-chef/cookbooks/wazuh_manager/
cp -rf $HOME/wazuh-qa/kitchen/wazuh-chef/manager/test/* $HOME/wazuh-chef/cookbooks/wazuh_manager/test/
cp -rf $HOME/wazuh-qa/kitchen/wazuh-chef/manager/test_environment/* $HOME/wazuh-chef/cookbooks/wazuh_manager/test/environments/
cp -rf $HOME/wazuh-qa/kitchen/wazuh-chef/agent/* $HOME/wazuh-chef/cookbooks/wazuh_agent/test/environments/
cd $HOME/wazuh-chef/cookbooks/wazuh_manager/ && \
mkdir .kitchen
cd $HOME/wazuh-chef/cookbooks/wazuh_manager/ && \
ls -ltrh
chmod +x run.sh && \
chmod +x clean.sh && \
rm .kitchen.yml
tail -f /dev/null

This script takes 3 parameters:

CHEF_SOURCE_BRANCH=$1
CHEF_TARGET_BRANCH=$2
QA_BRANCH=$3

Which take the correponding values in container creation's time, as follows:

docker run --td <image name> <parameter1> <parameter2> <parameter3>

Dockerfile

FROM ruby
CMD tail -f /dev/null
COPY entrypoint.sh /usr/local/bin/
RUN chmod 777 /usr/local/bin/entrypoint.sh \
&& ln -s /usr/local/bin/entrypoint.sh /
ENTRYPOINT ["entrypoint.sh"]
RUN apt-get update && apt install docker.io git curl wget -y
RUN apt-get update
RUN gem install kitchen-docker && \
gem install rbnacl && \
gem install rbnacl-libsodium && \
gem install bcrypt_pbkdf && \
gem install berkshelf && \
gem install httpclient && \
RUN cd $HOME && \
git clone https://github.com/wazuh/wazuh-qa.git && \
cd $HOME/wazuh-qa/kitchen/wazuh-chef/manager/files/ && \
bundle install
RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python get-pip.py
RUN pip install pytest && pip install testinfra && pip install paramiko
# Standard SSH port
EXPOSE 22

As you can see in the docker file we copy the script from our local machine to the "container to create" into the folder /usr/local/bin to be treated as binary.

COPY entrypoint.sh /usr/local/bin/

Then we give it the proper permissions and create a symbolic link.

RUN chmod 777 /usr/local/bin/entrypoint.sh \
&& ln -s /usr/local/bin/entrypoint.sh /

And then we call ENTRYPOINT directive to run the correponding binary or script:

Kr,

Rshad

@rshad rshad changed the title FEATURE: Adapt Dockefiles to use Entrypoint so the image build time would be reduced FEATURE: Adapt Dockefiles to use Entrypoint or to only have the static tasks that depends on no variables Nov 6, 2019
@manuasir manuasir closed this as completed Nov 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants