-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.script.system
155 lines (146 loc) · 7.88 KB
/
Dockerfile.script.system
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Stage 1 - base OS and NSO
# baseimage is a more Docker-friendly Ubuntu for something like NSO w/multiple child processes
FROM phusion/baseimage:focal-1.1.0 as BaseNSO
ARG build_date=unspecified
ARG nso_ver=5.4.4.3
ARG file_server=0.0.0.0:48888
ARG docker_cli=false
ARG openssh_server=false
# Note some NSO packages/NEDs still require Java 8
ARG java_version=11
ARG nso_java_opts='-Xmx2G -Xms1G'
ARG nso_install_type=local
# The UID needs to be unique within the container and should be on the host
ARG ncsuser=ncsadmin
ARG ncsuser_uid=8000
ARG ncsgroup=ncsadmin
ARG ncsgroup_gid=9999
# install_dir has to be absolute (used in sed edit below)
ARG install_dir=/home/${ncsuser}
LABEL org.opencontainers.image.title="Cisco NSO ${nso_ver}" \
org.opencontainers.image.description="Cisco NSO ${nso_ver}, ${nso_install_type} install" \
org.opencontainers.image.vendor="Cisco Systems" \
org.opencontainers.image.created="${build_date}" \
org.opencontainers.image.url="unspecified"
WORKDIR ${install_dir}
EXPOSE 830/tcp 2022/tcp 2024/tcp 8080/tcp
#Uncomment these COPY statements to have the RUN skip some wget operations
#COPY requirements.txt /tmp
#COPY ssh-config ./.ssh/config
#COPY git-credential-helper.sh ./.git-credential-helper.sh
#COPY gitconfig ./.gitconfig
#COPY nso-${nso_ver}.linux.x86_64.installer.bin /tmp
#COPY vimrc ./.vimrc
#COPY vim-syntax-yang.tar.gz /tmp/vim-syntax-yang.tar.gz
#COPY runsv-ncs.sh /tmp/runsv-ncs.sh
#SHELL ["/bin/bash", "-c"]
# Use baseimage's init system
CMD ["/sbin/my_init"]
#CMD ["su", "--whitelist-environment=OAUTH_TOKEN,GIT_USERNAME", "-", "${ncsuser}"]
# Install software
RUN printf "\n======== Updating base OS\n" && \
DEBIAN_FRONTEND=noninteractive apt-get -qq update && \
DEBIAN_FRONTEND=noninteractive apt-get -qq upgrade -o Dpkg::Options::='--force-confold' && \
\
printf "\n======== Installing utilities, Java, Python\n" && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends wget apt-utils openssh-client openjdk-${java_version}-jre-headless python3 tmux && \
if [ ! -e /usr/bin/python ]; then ln -s python3 /usr/bin/python ; fi && \
\
printf "\n======== Installing build tools for NSO packages\n" && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends software-properties-common && \
DEBIAN_FRONTEND=noninteractive add-apt-repository -y ppa:jonathonf/vim && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends sudo vim git make ant libxml2-utils yang-tools xsltproc && \
#DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends pylint yapf3 && \
\
if [ "${docker_cli}" = "true" ]; then \
printf "\n======== Installing Docker CLI for Jenkins + CXTA\n" ; \
DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends curl gnupg-agent software-properties-common ; \
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sh -c 'apt-key add -' ; \
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ; \
DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends docker-ce-cli ; \
fi && \
\
if [ "${openssh_server}" = "true" ]; then \
printf "\n======== Enabling SSH server for remote shell access\n" ; \
rm -f /etc/service/sshd/down ; \
#/etc/my_init.d/00_regen_ssh_host_keys.sh ; \
fi && \
\
if [ ! -e /tmp/requirements.txt ]; then \
printf "\n======== Fetching local files\n" ; \
wget -q --no-proxy http://${file_server}/requirements.txt -O /tmp/requirements.txt ; \
mkdir .ssh ; \
wget -q --no-proxy http://${file_server}/ssh-config -O ./.ssh/config ; \
wget -q --no-proxy http://${file_server}/git-credential-helper.sh -O ./.git-credential-helper.sh ; \
wget -q --no-proxy http://${file_server}/gitconfig -O ./.gitconfig ; \
wget -q --no-proxy http://${file_server}/nso-${nso_ver}.linux.x86_64.installer.bin -O /tmp/nso-${nso_ver}.linux.x86_64.installer.bin ; \
wget -q --no-proxy http://${file_server}/runsv-ncs.sh -O /tmp/runsv-ncs.sh ; \
wget -q --no-proxy http://${file_server}/runsv-ncs-stop.sh -O /tmp/runsv-ncs-stop.sh ; \
wget -q --no-proxy http://${file_server}/vimrc -O ./.vimrc ; \
wget -q --no-proxy http://${file_server}/vim-syntax-yang.tar.gz -O /tmp/vim-syntax-yang.tar.gz ; \
fi && \
if [ -f /tmp/vim-syntax-yang.tar.gz ]; then \
tar xzf /tmp/vim-syntax-yang.tar.gz ; \
fi && \
\
printf "\n======== Installing pip and requirements\n" && \
DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends python3-pip python3-venv && \
pip3 install --no-cache --upgrade pip && \
if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && \
if [ "${nso_install_type}" = "local" ]; then \
python3 -m venv /venv ; \
. /venv/bin/activate ; \
fi && \
pip3 install --no-cache setuptools wheel && \
pip3 install --no-cache -r /tmp/requirements.txt && \
\
printf "\n======== Installing NSO ${nso_ver} - ${nso_install_type} install\n" && \
if [ "${nso_install_type}" = "local" ]; then \
sh /tmp/nso-${nso_ver}.linux.x86_64.installer.bin ${install_dir}/nso-install --local-install ; \
# Normally these keys should be RW only for user, but may need R for group/other in Jenkins pipeline with potentially random user
chmod 0644 ${install_dir}/nso-install/netsim/confd/etc/confd/ssh/ssh_host_rsa_key ; \
chmod 0644 ${install_dir}/nso-install/etc/ncs/ssh/ssh_host_ed25519_key ; \
rm -rf ${install_dir}/nso-install/{doc,examples.ncs,man,packages,src/ncs/pyapi/doc} ; \
else \
sh /tmp/nso-${nso_ver}.linux.x86_64.installer.bin --system-install ; \
groupadd -g ${ncsgroup_gid} ${ncsgroup} && \
rm -rf /opt/ncs/current/{doc,man} ; \
fi && \
\
printf "======== Creating local ${ncsuser} user\n" && \
useradd -MNg users -u ${ncsuser_uid} -d ${install_dir} -s /bin/bash ${ncsuser} && \
printf "${ncsuser}:ncsadmin\n" | chpasswd && \
echo "${ncsuser} ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/${ncsuser} && \
chmod 0440 /etc/sudoers.d/${ncsuser} && \
echo "alias ll=\"ls -l\"" >> .bashrc && \
if [ "${nso_install_type}" = "local" ]; then \
echo "PATH=/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >> .profile ; \
printf "if [ -f ~/.bashrc ]; then\n . ~/.bashrc\nfi\n" >> .profile ; \
echo "source /venv/bin/activate" >> .bashrc && \
echo "source ${install_dir}/nso-install/ncsrc" >> .bashrc ; \
echo "export NCS_JAVA_VM_OPTIONS=\"${nso_java_opts}\"" >> .bashrc ; \
else \
usermod -a -G ${ncsgroup} ${ncsuser} ; \
echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >> .profile ; \
printf "if [ -f ~/.bashrc ]; then\n . ~/.bashrc\nfi\n" >> .profile ; \
echo "source /opt/ncs/current/ncsrc" >> .bashrc ; \
# This edit is somewhat fragile given the off chance the init script changes
sed -i -E "s/ export (.*)/ export \1 NCS_JAVA_VM_OPTIONS=\"${nso_java_opts}\"/" /etc/init.d/ncs ; \
# Set up for runsv
mkdir -p /etc/service/ncs/control ; \
# Another fragile assumption if the init script changes
sed "/^case/Q" /etc/init.d/ncs | tee /etc/service/ncs/run > /etc/service/ncs/control/t ; \
cat /tmp/runsv-ncs.sh >> /etc/service/ncs/run ; \
cat /tmp/runsv-ncs-stop.sh >> /etc/service/ncs/control/t ; \
chmod 755 /etc/service/ncs/run /etc/service/ncs/control/t ; \
fi && \
\
printf "======== OS cleanup\n" && \
apt-get -qq autoremove && \
apt-get -qq clean autoclean && \
rm -rf /var/lib/apt/lists/{apt,cache,dpkg,log} /usr/share/man /tmp/* /var/tmp/* && \
\
printf "======== Finishing up\n" && \
chown -R ${ncsuser}:users ${install_dir} && \
chmod 644 /etc/container_environment.sh && \
sed -i "s,INSTALL_DIR,\\${install_dir}," .gitconfig