zuul
/
zuul
Code Issues Proposed changes

Build zuul containers with dockerfile not pbrx 

While pbrx is nice and all, it's quite the divergence from how
the rest of the container ecosystem works. Switch to using
Dockerfile and the python-builder image.

Bind mount ld.so.cache into bwrap context

When using images based on the python:slim base image, python
is installed in /usr/local and the linker needs to know to look
in /usr/local/lib for shared libraries.

Depends-On: https://review.openstack.org/632187
Change-Id: I84f6dd2a8e3222f7807103dcbb61bdadedfdd22d
This commit is contained in:
Monty Taylor 2019-01-18 16:03:46 +00:00
parent 8a38ee711f
commit 7fe0e780cf
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
5 changed files with 161 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
.zuul.yaml
View File

@ -65,11 +65,109 @@
post-run: playbooks/quick-start/post.yaml
roles:
- zuul: openstack-infra/zuul-jobs
vars:
docker_images:
- context: .
repository: zuul/zuul
target: zuul
- context: .
repository: zuul/zuul-executor
target: zuul-executor
- context: .
repository: zuul/zuul-fingergw
target: zuul-fingergw
- context: .
repository: zuul/zuul-merger
target: zuul-merger
- context: .
repository: zuul/zuul-scheduler
target: zuul-scheduler
- context: .
repository: zuul/zuul-web
target: zuul-web
- context: ../nodepool
repository: zuul/nodepool
target: nodepool
- context: ../nodepool
repository: zuul/nodepool-launcher
target: nodepool-launcher
- context: ../nodepool
repository: zuul/nodepool-builder
target: nodepool-builder
required-projects:
- openstack/pbrx
- openstack-infra/nodepool
- openstack-infra/zuul
# Image building jobs
- secret:
name: zuul-dockerhub
data:
username: zuulzuul
password: !encrypted/pkcs1-oaep
- DFlbrDM5eUMptMGIVMXV1g455xOJLi92UYF08Z2/JlIGu3t6v052o9FKlVyj1ZmpXs5+2
JTa5jHkLTvTsYs9fCaNcQc2nmViCyWNlbOMzjB17uiZOaYFNs1sMqZcUZbGEz7Y8ds6Qq
NBXI10jWFPTah4QxUuBvUbT3vmjnUToCzexl5ZGhKgijcnROWfUsnlCdugpgoNIcPsUki
zty5FotDihnrC8n8vIomVK6EClY38ty97pLrADzFDd+Cos/OUlvi2xooUhzx8Bn020rJA
lqEU5v8LGXp5QkHx0MSDx6JY6KppJ/4p/yM+4By6l+A20zdcimxmgiNc9rMWPwDj7xsao
m7NAZWmWqOO0Xkhgt6WOfugwgt9X46sgs2+yDEfbnI5ok8uRbAB/4FWj/KdpyXwhcf+O2
wEfhxLwDbAoGONQPjb4YcZmCXtmR7Qe5t+n2jyczWXvrbaBDUQP5a+YtVNN/xhmQ7D740
POlxv7bLxJAixzqaQ3d8Rz9ZEv6zzRuhWph32UQtZ1JxSNww+EvmXm2eEi2Q2z6pT1Cx/
j2OrFyA2GL/UJOVb15VHKF6bgHPHWJtpjPFhqdcvBhVute4BWB+KPcWH+y+apHN1enK3H
tNJO9iqm34nKwSuj5ExmFw50LtwR5/9FyRuRPq/vBL+8y82v8FDmeYsBeobn5M=
- job:
name: zuul-build-image
parent: build-docker-image
description: Build Docker images.
allowed-projects: openstack-infra/zuul
vars: &zuul_image_vars
docker_images:
- context: .
repository: zuul/zuul-base
target: zuul-base
- context: .
repository: zuul/zuul
target: zuul
- context: .
repository: zuul/zuul-executor
target: zuul-executor
- context: .
repository: zuul/zuul-fingergw
target: zuul-fingergw
- context: .
repository: zuul/zuul-merger
target: zuul-merger
- context: .
repository: zuul/zuul-scheduler
target: zuul-scheduler
- context: .
repository: zuul/zuul-web
target: zuul-web
- job:
name: zuul-upload-image
parent: upload-docker-image
description: Build Docker images and upload to Docker Hub.
allowed-projects: openstack-infra/zuul
secrets:
name: docker_credentials
secret: zuul-dockerhub
pass-to-parent: true
vars: *zuul_image_vars
- job:
name: zuul-promote-image
parent: promote-docker-image
description: Promote previously uploaded Docker images.
allowed-projects: openstack-infra/zuul
secrets:
name: docker_credentials
secret: zuul-dockerhub
pass-to-parent: true
nodeset:
nodes: []
vars: *zuul_image_vars
- project:
check:
jobs:
@ -100,11 +198,9 @@
- zuul-stream-functional
- zuul-tox-remote
- zuul-quick-start
- pbrx-build-container-images:
vars:
pbrx_prefix: zuul
- nodepool-zuul-functional:
voting: false
- zuul-build-image
gate:
jobs:
- tox-docs
@ -133,9 +229,7 @@
- zuul-stream-functional
- zuul-tox-remote
- zuul-quick-start
- pbrx-build-container-images:
vars:
pbrx_prefix: zuul
- zuul-upload-image
post:
jobs:
- publish-zuul-docs
@ -145,10 +239,9 @@
node_version: 8
zuul_work_dir: "{{ zuul.project.src_dir }}/web"
create_tarball_directory: build
- openstackzuul-pbrx-push-container-images:
vars:
pbrx_prefix: zuul
promote:
jobs:
- zuul-promote-image
release:
jobs:
- release-zuul-python

53
Dockerfile Normal file
View File

@ -0,0 +1,53 @@
# Copyright (c) 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM opendevorg/python-builder as builder
COPY . /tmp/src
RUN /tmp/src/tools/install-js-tools.sh
RUN assemble
FROM opendevorg/python-base as zuul-base
COPY --from=builder /output/ /output
RUN echo "deb http://ftp.debian.org/debian stretch-backports main" >> /etc/apt/sources.list \
&& apt-get update \
&& apt-get install -t stretch-backports -y bubblewrap \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN /output/install-from-bindep \
&& pip install --cache-dir=/output/wheels -r /output/zuul_base/requirements.txt \
&& rm -rf /output
FROM zuul-base as zuul
CMD ["/usr/local/bin/zuul"]
FROM zuul-base as zuul-executor
COPY --from=builder /output/ /output
RUN pip install --cache-dir=/output/wheels -r /output/zuul_executor/requirements.txt \
&& rm -rf /output
CMD ["/usr/local/bin/zuul-executor"]
FROM zuul-base as zuul-fingergw
CMD ["/usr/local/bin/zuul-fingergw"]
FROM zuul-base as zuul-merger
CMD ["/usr/local/bin/zuul-merger"]
FROM zuul-base as zuul-scheduler
CMD ["/usr/local/bin/zuul-scheduler"]
FROM zuul-base as zuul-web
CMD ["/usr/local/bin/zuul-web"]

2
playbooks/quick-start/main.yaml
View File

@ -9,6 +9,8 @@
shell:
cmd: docker-compose up -d
chdir: ../../doc/source/admin/examples
- name: Print list of images
command: docker image ls
- name: Wait for Gerrit to start
wait_for:
host: localhost

11
playbooks/quick-start/run.yaml
View File

@ -5,17 +5,8 @@
roles:
- name: install-docker
use_upstream_docker: false
- build-docker-image
tasks:
- name: Install pbrx software
command: python3 -m pip install src/git.openstack.org/openstack/pbrx
become: yes
- name: Build container images
command: 'pbrx --debug build-images --prefix=zuul'
args:
chdir: '{{ zuul.projects[item].src_dir }}'
loop:
- git.openstack.org/openstack-infra/nodepool
- git.openstack.org/openstack-infra/zuul
- name: Install docker-compose and git-review
package:
name:

1
zuul/driver/bubblewrap/__init__.py
View File

@ -193,6 +193,7 @@ class BubblewrapDriver(Driver, WrapperInterface):
'--ro-bind', '/lib', '/lib',
'--ro-bind', '/bin', '/bin',
'--ro-bind', '/sbin', '/sbin',
'--ro-bind', '/etc/ld.so.cache', '/etc/ld.so.cache',
'--ro-bind', '/etc/resolv.conf', '/etc/resolv.conf',
'--ro-bind', '/etc/hosts', '/etc/hosts',
'--ro-bind', '/etc/localtime', '/etc/localtime',