Add ARM64 support for buildbox docker image (#9572)

* Update buildbox to use Python3. * Remove non default rust targets from arm64 image. * Add ETCD_UNSUPPORTED_ARCH for arm64 to etcd script to allow running etcd on arm64.
gravitational · Dec 29, 2021 · e9450e3 · e9450e3
1 parent d35da05
commit e9450e3
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 23 deletions.
diff --git a/build.assets/Dockerfile b/build.assets/Dockerfile
@@ -17,8 +17,13 @@ ENV LANGUAGE="en_US.UTF-8" \
     LC_CTYPE="en_US.UTF-8" \
     DEBIAN_FRONTEND="noninteractive"
 
+# BUILDARCH is automatically set by DOCKER when building the image with Build Kit (MacOS by deafult).
+# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+ARG BUILDARCH
+
 # Install packages.
 # We install curl first to allow setting up the Google SDK as part of the same layer.
+# NOTE: gcc-multilib is not available on ARM, so ony amd64 version includes it.
 RUN apt-get update -y --fix-missing && \
     apt-get -q -y upgrade && \
     apt-get install -y --no-install-recommends apt-utils ca-certificates curl gnupg && \
@@ -31,7 +36,7 @@ RUN apt-get update -y --fix-missing && \
         clang-format-10 \
         curl \
         gcc \
-        gcc-multilib \
+        `if [ "$BUILDARCH" = "amd64" ] ; then echo gcc-multilib; fi`  \
         git \
         google-cloud-sdk \
         google-cloud-sdk-firestore-emulator \
@@ -48,7 +53,9 @@ RUN apt-get update -y --fix-missing && \
         net-tools \
         openssh-client \
         osslsigncode \
-        python-pip \
+        python3-pip \
+        python3-setuptools \
+        python3-wheel \
         pkg-config \
         shellcheck \
         softhsm2 \
@@ -58,7 +65,7 @@ RUN apt-get update -y --fix-missing && \
         zip \
         zlib1g-dev \
         && \
-    pip --no-cache-dir install yamllint && \
+    pip3 --no-cache-dir install yamllint && \
     dpkg-reconfigure locales && \
     apt-get -y clean && \
     rm -rf /var/lib/apt/lists/*
@@ -69,12 +76,12 @@ RUN (groupadd ci --gid=$GID -o && useradd ci --uid=$UID --gid=$GID --create-home
      mkdir -p -m0700 /var/lib/teleport && chown -R ci /var/lib/teleport)
 
 # Install etcd.
-RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz | tar -xz && \
-     cp etcd-v3.3.9-linux-amd64/etcd* /bin/)
+RUN (curl -L https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-${BUILDARCH}.tar.gz | tar -xz && \
+     cp etcd-v3.3.9-linux-${BUILDARCH}/etcd* /bin/)
 
 # Install Go.
 ARG RUNTIME
-RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$RUNTIME.linux-amd64.tar.gz | tar xz && \
+RUN mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/$RUNTIME.linux-${BUILDARCH}.tar.gz | tar xz && \
     mkdir -p /go/src/github.com/gravitational/teleport && \
     chmod a+w /go && \
     chmod a+w /var/lib && \
@@ -111,13 +118,11 @@ RUN (curl -L https://github.com/bats-core/bats-core/archive/v1.2.1.tar.gz | tar
 
 # Install protobuf and grpc build tools.
 ARG PROTOC_VER
-ARG PROTOC_PLATFORM
 ARG GOGO_PROTO_TAG
-
-ENV PROTOC_TARBALL protoc-${PROTOC_VER}-${PROTOC_PLATFORM}.zip
 ENV GOGOPROTO_ROOT ${GOPATH}/src/github.com/gogo/protobuf
 
-RUN (curl -L -o /tmp/${PROTOC_TARBALL} https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VER}/${PROTOC_TARBALL} && \
+RUN (export PROTOC_TARBALL=protoc-${PROTOC_VER}-linux-$(if [ "$BUILDARCH" = "amd64" ]; then echo "x86_64"; else echo "aarch_64"; fi).zip && \
+     curl -L -o /tmp/${PROTOC_TARBALL} https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VER}/${PROTOC_TARBALL} && \
      cd /tmp && unzip /tmp/${PROTOC_TARBALL} -d /usr/local && \
      chmod -R a+r /usr/local/include/google/protobuf && \
      rm /tmp/${PROTOC_TARBALL})
@@ -148,15 +153,15 @@ RUN mkdir -p $RUSTUP_HOME && chmod a+w $RUSTUP_HOME && \
 
 # Install Rust using the ci user, as that is the user that
 # will run builds using the Rust toolchains we install here.
+# Cross-compilation targets are only installed on amd64, as
+# this image doesn't contain gcc-multilib.
 USER ci
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION && \
     rustup --version && \
     cargo --version && \
     rustc --version && \
-    rustup component add --toolchain $RUST_VERSION-x86_64-unknown-linux-gnu rustfmt clippy && \
-    rustup target add i686-unknown-linux-gnu && \
-    rustup target add arm-unknown-linux-gnueabihf && \
-    rustup target add aarch64-unknown-linux-gnu && \
+    rustup component add rustfmt clippy && \
+    if [ "$BUILDARCH" = "amd64" ]; then rustup target add i686-unknown-linux-gnu arm-unknown-linux-gnueabihf aarch64-unknown-linux-gnu; fi && \
     cargo install cbindgen
 
 USER root

diff --git a/build.assets/Makefile b/build.assets/Makefile
@@ -25,9 +25,9 @@ UID := $$(id -u)
 GID := $$(id -g)
 
 HOST_ARCH := $(shell uname -m)
-DEVBOX_RUNTIME_ARCH_x86_64 := amd64
-DEVBOX_RUNTIME_ARCH_arm64 := arm64
-DEVBOX_RUNTIME_ARCH := $(DEVBOX_RUNTIME_ARCH_$(HOST_ARCH))
+RUNTIME_ARCH_x86_64 := amd64
+RUNTIME_ARCH_arm64 := arm64
+RUNTIME_ARCH := $(RUNTIME_ARCH_$(HOST_ARCH))
 
 DEVBOX_BASE_IMAGE_x86_64 = ubuntu:20.04
 DEVBOX_BASE_IMAGE_arm64 = arm64v8/ubuntu:20.04
@@ -39,7 +39,6 @@ DEVBOX_PROTOC_PLATFORM := $(DEVBOX_PROTOC_PLATFORM_$(HOST_ARCH))
 
 PROTOC_VER ?= 3.6.1
 GOGO_PROTO_TAG ?= v1.3.2
-PROTOC_PLATFORM := linux-x86_64
 
 BUILDBOX=quay.io/gravitational/teleport-buildbox:$(RUNTIME)
 BUILDBOX_FIPS=quay.io/gravitational/teleport-buildbox-fips:$(RUNTIME)
@@ -115,19 +114,20 @@ build-binaries-fips: buildbox-fips
 # If running in CI and there is no image with the buildbox name:tag combination present locally,
 # the image is pulled from the Docker repository. If this pull fails (i.e. when a new Go runtime is
 # first used), the error is ignored and the buildbox is built using the Dockerfile.
+# BUILDARCH is set explicitly, so it's set with and without BuildKit enabled.
 #
 .PHONY:buildbox
 buildbox:
 	if [[ "$(BUILDBOX_NAME)" == "$(BUILDBOX)" ]]; then \
 		if [[ $${DRONE} == "true" ]] && ! docker inspect --type=image $(BUILDBOX) 2>&1 >/dev/null; then docker pull $(BUILDBOX) || true; fi; \
-		docker build --platform=linux/amd64 \
+		docker build --platform=linux/$(RUNTIME_ARCH) \
 			--build-arg UID=$(UID) \
 			--build-arg GID=$(GID) \
+			--build-arg BUILDARCH=$(RUNTIME_ARCH) \
 			--build-arg RUNTIME=$(RUNTIME) \
 			--build-arg RUST_VERSION=$(RUST_VERSION) \
 			--build-arg PROTOC_VER=$(PROTOC_VER) \
 			--build-arg GOGO_PROTO_TAG=$(GOGO_PROTO_TAG) \
-			--build-arg PROTOC_PLATFORM=$(PROTOC_PLATFORM) \
 			--build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) \
 			--cache-from $(BUILDBOX) \
 			--tag $(BUILDBOX) . ; \
@@ -138,7 +138,7 @@ devbox:
 	docker build \
 	    --build-arg BASE_IMAGE=$(DEVBOX_BASE_IMAGE) \
 		--build-arg RUNTIME=$(RUNTIME) \
-		--build-arg RUNTIME_ARCH=$(DEVBOX_RUNTIME_ARCH) \
+		--build-arg RUNTIME_ARCH=$(RUNTIME_ARCH) \
 		--build-arg PROTOC_VER=$(PROTOC_VER) \
 		--build-arg GOGO_PROTO_TAG=$(GOGO_PROTO_TAG) \
 		--build-arg PROTOC_PLATFORM=$(DEVBOX_PROTOC_PLATFORM) \

diff --git a/examples/etcd/start-etcd.sh b/examples/etcd/start-etcd.sh
@@ -7,8 +7,15 @@
 # NOTE: this file is also used to run etcd tests.
 #
 
-HERE=$(readlink -f $0)
-cd "$(dirname $HERE)" || exit
+set -e
+
+# Etcd before v3.5.0 requires ETCD_UNSUPPORTED_ARCH to be set in order to run on arm64.
+if [ "$(uname -m)" = "aarch64" ]; then
+export ETCD_UNSUPPORTED_ARCH=arm64
+fi
+
+HERE=$(readlink -f "$0")
+cd "$(dirname "$HERE")" || exit
 
 mkdir -p data
 etcd --name teleportstorage \