Skip to content

Commit

Permalink
Merge pull request #6100 from planetscale/jacques_ubi
Browse files Browse the repository at this point in the history
vitess/lite images based on Red Hat UBI 7
  • Loading branch information
morgo authored Apr 27, 2020
2 parents 52f48e7 + 14c2f08 commit 00a1f21
Show file tree
Hide file tree
Showing 5 changed files with 412 additions and 0 deletions.
16 changes: 16 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -228,10 +228,18 @@ docker_lite_mysql57:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.mysql57 -t vitess/lite:mysql57 .

docker_lite_ubi7.mysql57:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.ubi7.mysql57 -t vitess/lite:ubi7.mysql57 .

docker_lite_mysql80:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.mysql80 -t vitess/lite:mysql80 .

docker_lite_ubi7.mysql80:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.ubi7.mysql80 -t vitess/lite:ubi7.mysql80 .

docker_lite_mariadb:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.mariadb -t vitess/lite:mariadb .
Expand All @@ -248,10 +256,18 @@ docker_lite_percona57:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.percona57 -t vitess/lite:percona57 .

docker_lite_ubi7.percona57:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.ubi7.percona57 -t vitess/lite:ubi7.percona57 .

docker_lite_percona80:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.percona80 -t vitess/lite:percona80 .

docker_lite_ubi7.percona80:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.ubi7.percona80 -t vitess/lite:ubi7.percona80 .

docker_lite_alpine:
chmod -R o=g *
docker build -f docker/lite/Dockerfile.alpine -t vitess/lite:alpine .
Expand Down
102 changes: 102 additions & 0 deletions docker/lite/Dockerfile.ubi7.mysql57
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
# Copyright 2019 The Vitess Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: We have to build the Vitess binaries from scratch instead of sharing
# a base image because Docker Hub dropped the feature we relied upon to
# ensure images contain the right binaries.

# Use a temporary layer for the build stage.
FROM vitess/bootstrap:mysql57 AS builder

# Allows some docker builds to disable CGO
ARG CGO_ENABLED=0

# Re-copy sources from working tree.
COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess

# Build and install Vitess in a temporary output directory.
USER vitess
RUN make install PREFIX=/vt/install

# Start over and build the final image.
FROM registry.access.redhat.com/ubi7/ubi:latest

# Install keys and dependencies
RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \
&& yum install --setopt=alwaysprompt=no gnupg \
&& ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 \
|| gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 ) \
&& gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \
&& gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \
&& gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \
&& gpg --export --armor A4A9406876FCBD3C456770C88C718D3B5072E1F5 > ${GNUPGHOME}/RPM-GPG-KEY-MySQL \
&& rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 ${GNUPGHOME}/RPM-GPG-KEY-MySQL /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/mysqlrepo.rpm https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \
&& rpmkeys --checksig /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \
&& rpm -Uvh /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \
&& rm -f /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm
RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \
&& rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \
&& rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm
RUN yum update \
&& yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \
jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \
# Can't use alwaysprompt=no here, since we need to pick up deps
# No way to separate key imports and accept deps separately in yum/dnf
&& yum install -y --setopt=tsflags=nodocs --enablerepo mysql57-community --disablerepo mysql80-community \
mysql-community-client mysql-community-server \
# Have to use hacks to ignore conflicts on /etc/my.cnf install
&& mkdir -p /tmp/1 \
&& yum install --setopt=alwaysprompt=no --downloadonly --downloaddir=/tmp/1 --enablerepo mysql57-community --disablerepo mysql80-community percona-xtrabackup-24 \
&& rpm -Uvh --replacefiles /tmp/1/*rpm \
&& rm -rf /tmp/1 \
&& yum clean all \
&& yum clean all --enablerepo mysql57-community --disablerepo mysql80-community \
&& rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug

# Set up Vitess user and directory tree.
RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess
RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt

# Set up Vitess environment (just enough to run pre-built Go binaries)
ENV VTROOT /vt/src/vitess.io/vitess
ENV VTDATAROOT /vt/vtdataroot
ENV PATH $VTROOT/bin:$PATH

# Copy artifacts from builder layer.
COPY --from=builder --chown=vitess:vitess /vt/install /vt

RUN mkdir -p /licenses
COPY LICENSE /licenses

# Create mount point for actual data (e.g. MySQL data dir)
VOLUME /vt/vtdataroot
USER vitess

LABEL name="Vitess Lite image - MySQL Community Server 5.7" \
io.k8s.display-name="Vitess Lite image - MySQL Community Server 5.7" \
maintainer="[email protected]" \
vendor="CNCF" \
version="6.0.0" \
release="1" \
summary="Vitess base container image, containing Vitess components along with MySQL Community Server 5.7" \
description="Vitess base container image, containing Vitess components along with MySQL Community Server 5.7" \
io.k8s.description="Vitess base container image, containing Vitess components along with MySQL Community Server 5.7" \
distribution-scope="public" \
url="https://vitess.io"
103 changes: 103 additions & 0 deletions docker/lite/Dockerfile.ubi7.mysql80
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# Copyright 2019 The Vitess Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: We have to build the Vitess binaries from scratch instead of sharing
# a base image because Docker Hub dropped the feature we relied upon to
# ensure images contain the right binaries.

# Use a temporary layer for the build stage.
FROM vitess/bootstrap:mysql80 AS builder

# Allows some docker builds to disable CGO
ARG CGO_ENABLED=0

# Re-copy sources from working tree.
COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess

# Build and install Vitess in a temporary output directory.
USER vitess
RUN make install PREFIX=/vt/install

# Start over and build the final image.
FROM registry.access.redhat.com/ubi7/ubi:latest

# Install keys and dependencies
RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \
&& yum install --setopt=alwaysprompt=no gnupg \
&& ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 \
|| gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 A4A9406876FCBD3C456770C88C718D3B5072E1F5 ) \
&& gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \
&& gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \
&& gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \
&& gpg --export --armor A4A9406876FCBD3C456770C88C718D3B5072E1F5 > ${GNUPGHOME}/RPM-GPG-KEY-MySQL \
&& rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 ${GNUPGHOME}/RPM-GPG-KEY-MySQL /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/mysqlrepo.rpm https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \
&& rpmkeys --checksig /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \
&& rpm -Uvh /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm \
&& rm -f /tmp/mysqlrepo.rpm /tmp/perconarepo.rpm
RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \
&& rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \
&& rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm
RUN yum update \
&& yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \
jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \
# Can't use alwaysprompt=no here, since we need to pick up deps
# No way to separate key imports and accept deps separately in yum/dnf
&& yum install -y --setopt=tsflags=nodocs --enablerepo mysql80-community --disablerepo mysql57-community \
mysql-community-client mysql-community-server \
# Have to use hacks to ignore conflicts on /etc/my.cnf install
&& mkdir -p /tmp/1 \
&& yum install --setopt=alwaysprompt=no --downloadonly --downloaddir=/tmp/1 --enablerepo mysql80-community --disablerepo mysql57-community percona-xtrabackup-80 \
&& rpm -Uvh --replacefiles /tmp/1/*rpm \
&& rm -rf /tmp/1 \
&& yum clean all \
&& yum clean all --enablerepo mysql80-community --disablerepo mysql57-community \
&& rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug

# Set up Vitess user and directory tree.
RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess
RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt

# Set up Vitess environment (just enough to run pre-built Go binaries)
ENV VTROOT /vt/src/vitess.io/vitess
ENV VTDATAROOT /vt/vtdataroot
ENV PATH $VTROOT/bin:$PATH
ENV MYSQL_FLAVOR MySQL80

# Copy artifacts from builder layer.
COPY --from=builder --chown=vitess:vitess /vt/install /vt

RUN mkdir -p /licenses
COPY LICENSE /licenses

# Create mount point for actual data (e.g. MySQL data dir)
VOLUME /vt/vtdataroot
USER vitess

LABEL name="Vitess Lite image - MySQL Community Server 8.0" \
io.k8s.display-name="Vitess Lite image - MySQL Community Server 8.0" \
maintainer="[email protected]" \
vendor="CNCF" \
version="6.0.0" \
release="1" \
summary="Vitess base container image, containing Vitess components along with MySQL Community Server 8.0" \
description="Vitess base container image, containing Vitess components along with MySQL Community Server 8.0" \
io.k8s.description="Vitess base container image, containing Vitess components along with MySQL Community Server 8.0" \
distribution-scope="public" \
url="https://vitess.io"
93 changes: 93 additions & 0 deletions docker/lite/Dockerfile.ubi7.percona57
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# Copyright 2019 The Vitess Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: We have to build the Vitess binaries from scratch instead of sharing
# a base image because Docker Hub dropped the feature we relied upon to
# ensure images contain the right binaries.

# Use a temporary layer for the build stage.
FROM vitess/bootstrap:percona57 AS builder

# Allows some docker builds to disable CGO
ARG CGO_ENABLED=0

# Re-copy sources from working tree.
COPY --chown=vitess:vitess . /vt/src/vitess.io/vitess

# Build and install Vitess in a temporary output directory.
USER vitess
RUN make install PREFIX=/vt/install

# Start over and build the final image.
FROM registry.access.redhat.com/ubi7/ubi:latest

# Install keys and dependencies
RUN mkdir /tmp/gpg && chmod 700 /tmp/gpg && export GNUPGHOME=/tmp/gpg \
&& yum install --setopt=alwaysprompt=no gnupg \
&& ( gpg --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 \
|| gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 4D1BB29D63D98E422B2113B19334A25F8507EFA5 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 ) \
&& gpg --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 \
&& gpg --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 \
&& gpg --export --armor 6341AB2753D78A78A7C27BB124C6A8A7F4A80EB5 > ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 \
&& rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona.1 ${GNUPGHOME}/RPM-GPG-KEY-Percona.2 ${GNUPGHOME}/RPM-GPG-KEY-CentOS-7 /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/perconarepo.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm \
&& rpmkeys --checksig /tmp/perconarepo.rpm \
&& rpm -Uvh /tmp/perconarepo.rpm \
&& rm -f /tmp/perconarepo.rpm
RUN curl -L --retry-delay 10 --retry 3 -o /tmp/libev.rpm http://mirror.centos.org/centos/7/extras/x86_64/Packages/libev-4.15-7.el7.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/gperf.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/gperftools-libs-2.6.1-1.el7.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/numactl.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/numactl-libs-2.0.12-3.el7_7.1.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/sysstat.rpm http://mirror.centos.org/centos/7/updates/x86_64/Packages/sysstat-10.1.5-18.el7_7.1.x86_64.rpm \
&& curl -L --retry-delay 10 --retry 3 -o /tmp/strace.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/strace-4.12-9.el7.x86_64.rpm \
&& rpm -i --nodeps /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm \
&& rm -f /tmp/libev.rpm /tmp/gperf.rpm /tmp/numactl.rpm /tmp/sysstat.rpm /tmp/strace.rpm
RUN yum update \
&& yum install --setopt=alwaysprompt=no --setopt=tsflags=nodocs bzip2 ca-certificates gnupg libaio libcurl \
jemalloc gperftools-libs procps-ng rsync wget openssl hostname curl tzdata make \
# Can't use alwaysprompt=no here, since we need to pick up deps
# No way to separate key imports and accept deps separately in yum/dnf
&& yum install -y --setopt=tsflags=nodocs Percona-Server-server-57 percona-xtrabackup-24 \
&& yum clean all \
&& rm -rf /etc/my.cnf /var/lib/mysql /tmp/gpg /sbin/mysqld-debug

# Set up Vitess user and directory tree.
RUN groupadd -g 1001 -r vitess && useradd -r -u 1001 -g vitess vitess
RUN mkdir -p /vt/vtdataroot && chown -R vitess:vitess /vt

# Set up Vitess environment (just enough to run pre-built Go binaries)
ENV VTROOT /vt/src/vitess.io/vitess
ENV VTDATAROOT /vt/vtdataroot
ENV PATH $VTROOT/bin:$PATH

# Copy artifacts from builder layer.
COPY --from=builder --chown=vitess:vitess /vt/install /vt

RUN mkdir -p /licenses
COPY LICENSE /licenses

# Create mount point for actual data (e.g. MySQL data dir)
VOLUME /vt/vtdataroot
USER vitess

LABEL name="Vitess Lite image - Percona Server 5.7" \
io.k8s.display-name="Vitess Lite image - Percona Server 5.7" \
maintainer="[email protected]" \
vendor="CNCF" \
version="6.0.0" \
release="1" \
summary="Vitess base container image, containing Vitess components along with Percona Server 5.7" \
description="Vitess base container image, containing Vitess components along with Percona Server 5.7" \
io.k8s.description="Vitess base container image, containing Vitess components along with Percona Server 5.7" \
distribution-scope="public" \
url="https://vitess.io"
Loading

0 comments on commit 00a1f21

Please sign in to comment.