Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F24985307
D4023.id10501.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
8 KB
Referenced Files
None
Subscribers
None
D4023.id10501.diff
View Options
diff --git a/.gitignore b/.gitignore
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,7 @@
# Autogenerated content
roles/webserver-core/nginx/files/ocsp-ca-certs.pem
+
+# Docker
+utils/docker/.image-built
+utils/docker/requirements.txt
diff --git a/utils/docker/Dockerfile b/utils/docker/Dockerfile
new file mode 100644
--- /dev/null
+++ b/utils/docker/Dockerfile
@@ -0,0 +1,34 @@
+# -------------------------------------------------------------
+# Docker image for Jenkins agent and local run
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+FROM nasqueron/jenkins-agent-barebone
+
+COPY requirements.txt /opt/
+
+RUN apt-get update && apt-get install -y \
+ bats \
+ curl \
+ git \
+ gpg \
+ knot-dnssecutils \
+ make \
+ python3 \
+ --no-install-recommends && \
+ mkdir -m 755 -p /etc/apt/keyrings && \
+ curl -fsSL https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public | gpg --dearmor | tee /etc/apt/keyrings/salt-archive-keyring.pgp > /dev/null && \
+ curl -fsSL https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources | tee /etc/apt/sources.list.d/salt.sources && \
+ apt-get update && apt-get install -y salt-common=3006.23 --no-install-recommends && \
+ rm -r /var/lib/apt/lists/* && \
+ ln -s /opt/saltstack/salt/bin/python3 /usr/bin/python && \
+ /opt/saltstack/salt/bin/pip3 install --upgrade pip --root-user-action=ignore && \
+ /opt/saltstack/salt/bin/pip3 install -r /opt/requirements.txt --root-user-action=ignore && \
+ ln -s /opt/saltstack/salt/bin/jdiff /usr/bin/jdiff && \
+ groupadd -r app -g 433 && \
+ mkdir /home/app && \
+ useradd -u 431 -r -g app -d /home/app -s /bin/sh -c "Default application account" app && \
+ chown -R app:app /home/app && \
+ chmod 711 /home/app
diff --git a/utils/docker/Makefile b/utils/docker/Makefile
new file mode 100644
--- /dev/null
+++ b/utils/docker/Makefile
@@ -0,0 +1,44 @@
+# -------------------------------------------------------------
+# Docker image for Jenkins agent and local run
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+CP=cp
+DOCKER_BUILD=docker build
+RM=rm -f
+
+REPO_ROOT=../..
+
+.PHONY=build clean run run-tests
+
+# -------------------------------------------------------------
+# Image build
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+build: requirements.txt .image-built
+
+.image-built:
+ ${DOCKER_BUILD} -t nasqueron/operations .
+ touch .image-built
+
+requirements.txt:
+ ${CP} ${REPO_ROOT}/requirements.txt .
+
+# -------------------------------------------------------------
+# Run
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+run: build
+ ./run.sh
+
+run-tests: build
+ ./run.sh test
+
+# -------------------------------------------------------------
+# Clean
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+clean:
+ ${RM} requirements.txt .image-built
diff --git a/utils/docker/README.md b/utils/docker/README.md
new file mode 100644
--- /dev/null
+++ b/utils/docker/README.md
@@ -0,0 +1,72 @@
+## Nasqueron Operations Docker Image
+
+### Overview
+
+This Docker image is used for:
+
+ - running tests locally
+ - serving as a Jenkins agent
+
+It bundles all the necessary dependencies to run operations tests:
+ - Salt from upstream package
+ - Python from requirements.txt
+ - bats test framework
+ - extra required tools like KnotDNS kzonecheck
+
+As it's based on our Jenkins agent barebone image, it can also act as an agent.
+
+### Run locally
+
+You can use the Makefile script to build and run the image locally:
+
+ $ make build
+ $ make run
+
+If you're only interested in running tests:
+
+ $ make run-tests
+
+#### Under the hood
+
+A wrapper to run the image is provided in the `run.sh` script.
+It's called by the Makefile.
+
+At the first run, it will create a custom image for your uid/gid,
+so the container can be run unprivileged and without conflict if
+you edit files both in the host and in the container.
+
+If you modify the Dockerfile or the requirements.txt file,
+you'll need to rebuild the image:
+
+ $ make clean build
+ $ ./run.sh update
+
+#### Editing repository files
+
+The image is not intended to be an integrated development environment,
+so it doesn't provide all the tools you'd expect to comfortably edit files.
+
+You can still edit files in the host instead.
+
+### Run as Jenkins agent
+
+On Nasqueron infrastructure, deployment of Jenkins agent containers is handled
+by the `roles/paas-docker/containers/jenkins_agent.sls` file.
+
+This section describes how to run the image locally for your own Jenkins server.
+
+First, prepare the home directory for the Jenkins agent,
+with SSH credentials.
+
+You can then run the image passing that directory as a volume:
+
+ $ AGENT_HOME=/srv/jenkins/operations
+ $ AGENT_DOCKER_NETWORK=jenkins
+ $ docker run -dt --network=$AGENT_DOCKER_NETWORK \
+ --name operations-agent
+ -v $AGENT_HOME:/home/app nasqueron/operations
+
+Usually, you'll want to run the container with a network alias,
+to be able to connect to it from the host, on the same network as Jenkins.
+
+It will run with the sshd process listening inside the container on port 22.
diff --git a/utils/docker/run.sh b/utils/docker/run.sh
new file mode 100755
--- /dev/null
+++ b/utils/docker/run.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+# -------------------------------------------------------------
+# Docker image for Jenkins agent and local run
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# If copyright eligible, BSD-2-Clause
+# -------------------------------------------------------------
+
+BASE_IMAGE=nasqueron/operations
+
+# -------------------------------------------------------------
+# Determine repository path
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+REPO_PATH=$(git rev-parse --show-toplevel)
+
+# -------------------------------------------------------------
+# Parse arguments
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+UPDATE_MODE=0
+
+if [ "$1" = "shell" ] || [ "$1" = "" ]; then
+ COMMAND=bash
+elif [ "$1" = "test" ] || [ "$1" = "tests" ]; then
+ COMMAND="make test"
+elif [ "$1" = "update" ]; then
+ UPDATE_MODE=1
+else
+ echo "Usage: $(basename "$0") <shell|test|update>" >&2
+ exit 1
+fi
+
+# -------------------------------------------------------------
+# Build image
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+build_user_image () {
+ BUILD_DIR=$(mktemp -d -t ops-build-XXXXXXXXXX)
+ pushd "$BUILD_DIR" > /dev/null || exit 1
+ >&2 echo "🔨 Building user-specific image $IMAGE for $USER"
+ echo "FROM $BASE_IMAGE" > Dockerfile
+ echo "RUN groupadd -r $USER -g $GID && mkdir /home/$USER && useradd -u $UID -r -g $USER -d /home/$USER -s /bin/bash $USER && chown -R $USER:$USER /home/$USER" >> Dockerfile
+ docker build -t "$IMAGE" .
+ popd > /dev/null
+ rm -rf "$BUILD_DIR"
+}
+
+test -v $UID && UID=$(id -u)
+test -v $GID && GID=$(id -g)
+
+if [ $UPDATE_MODE -eq 1 ]; then
+ docker pull $BASE_IMAGE
+
+ # Rebuild user image
+ IMAGE=$BASE_IMAGE:$UID-$GID
+ test $UID -eq 0 || build_user_image
+
+ exit
+fi
+
+if [ $UID -eq 0 ]; then
+ IMAGE=$BASE_IMAGE
+ CONTAINER_USER_HOME=/root
+else
+ IMAGE=$BASE_IMAGE:$UID-$GID
+ test ! -z $(docker images -q "$IMAGE") || build_user_image
+ CONTAINER_USER_HOME="/home/$USER"
+fi
+
+# -------------------------------------------------------------
+# Run container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker run --rm -it --user "$UID:$GID" \
+ -v "$REPO_PATH:$CONTAINER_USER_HOME/operations:Z" \
+ "$IMAGE" sh -c "(cd ~/operations && $COMMAND)"
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Mar 24, 10:41 (11 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3557169
Default Alt Text
D4023.id10501.diff (8 KB)
Attached To
Mode
D4023: Provide a Docker image able to run tests
Attached
Detach File
Event Timeline
Log In to Comment