-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathirods_runner.ubuntu20.Dockerfile
More file actions
166 lines (152 loc) · 5.36 KB
/
irods_runner.ubuntu20.Dockerfile
File metadata and controls
166 lines (152 loc) · 5.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# syntax=docker/dockerfile:1.5
#
# iRODS Runner
#
ARG runner_base=ubuntu:20.04
FROM ${runner_base} as irods-runner
SHELL [ "/bin/bash", "-c" ]
ENV DEBIAN_FRONTEND=noninteractive
# Re-enable apt caching for RUN --mount
RUN rm -f /etc/apt/apt.conf.d/docker-clean && \
echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
# Make sure we're starting with an up-to-date image
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get upgrade -y && \
apt-get autoremove -y --purge && \
rm -rf /tmp/*
# To mark all installed packages as manually installed:
#apt-mark showauto | xargs -r apt-mark manual
# Let's get some basics first. Makes it easy to add package repos early.
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
mkdir -p /etc/apt/keyrings \
apt-get update && \
apt-get install -y \
apt-transport-https \
ca-certificates \
gnupg \
lsb-release \
wget \
&& \
rm -rf /tmp/*
# Add main iRODS apt repository
RUN wget -qO - https://packages.irods.org/irods-signing-key.asc | \
gpg \
--no-options \
--no-default-keyring \
--no-auto-check-trustdb \
--homedir /dev/null \
--no-keyring \
--import-options import-export \
--output /etc/apt/keyrings/renci-irods-archive-keyring.pgp \
--import \
&& \
echo "deb [signed-by=/etc/apt/keyrings/renci-irods-archive-keyring.pgp arch=amd64] https://packages.irods.org/apt/ $(lsb_release -sc) main" | \
tee /etc/apt/sources.list.d/renci-irods.list
# Add core-dev iRODS apt repository
RUN wget -qO - https://core-dev.irods.org/irods-core-dev-signing-key.asc | \
gpg \
--no-options \
--no-default-keyring \
--no-auto-check-trustdb \
--homedir /dev/null \
--no-keyring \
--import-options import-export \
--output /etc/apt/keyrings/renci-irods-core-dev-archive-keyring.pgp \
--import \
&& \
echo "deb [signed-by=/etc/apt/keyrings/renci-irods-core-dev-archive-keyring.pgp arch=amd64] https://core-dev.irods.org/apt/ $(lsb_release -sc) main" | \
tee /etc/apt/sources.list.d/renci-irods-core-dev.list
# Install updates from new repositories.
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get upgrade -y && \
apt-get autoremove -y --purge && \
rm -rf /tmp/*
# More dependencies
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get install --no-install-recommends -y \
systemd \
dbus \
dbus-user-session \
libnss-systemd \
&& \
apt-get install -y \
sudo \
procps \
python3 \
python3-psutil \
python3-requests \
python3-jsonschema \
python3-pyodbc \
python3-distro \
libssl1.1 \
super \
lsof \
postgresql \
odbc-postgresql \
libjson-perl \
&& \
rm -rf /tmp/*
# install and configure rsyslog
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get install -y \
rsyslog \
&& \
rm -rf /tmp/*
COPY irods.rsyslog /etc/rsyslog.d/00-irods.conf
COPY irods.logrotate /etc/logrotate.d/irods
# Install some useful utilities
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get install -y \
git \
vim \
nano \
&& \
rm -rf /tmp/*
# Install irods externals
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get install -y \
'irods-externals*' \
&& \
rm -rf /tmp/*
# irodsauthuser required for some tests
# UID and GID ranges picked to hopefully not overlap with anything
RUN useradd \
--key UID_MIN=40050 \
--key UID_MAX=49000 \
--key GID_MIN=40050 \
--key GID_MAX=49000 \
--create-home \
--shell /bin/bash \
irodsauthuser && \
echo 'irodsauthuser:;=iamnotasecret' | chpasswd
# Disable unwanted systemd units, set default target
RUN find /etc/systemd/system \
/lib/systemd/system \
\( -path '*.wants/*' -or -path '*.requires/*' -or -path '*.upholds/*' \) \
-not -name '*journald*' \
-not -name '*dbus*' \
-not -name '*rsyslog*' \
-not -name '*systemd-journal*' \
-not -name '*systemd-tmpfiles*' \
-not -name '*systemd-user-sessions*' \
-not -name '*systemd-sysext*' \
-delete && \
rm -rf /lib/systemd/system/timers.target.wants/systemd-tmpfiles-clean.timer && \
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# Note that the patterns passed to find above are being *excluded* from the delete command
COPY ICAT.sql /
COPY --chmod=755 keep_alive.sh /keep_alive.sh
ENTRYPOINT ["/keep_alive.sh"]