Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker: Base the docker image on RedHat UBI #54812

Merged
merged 1 commit into from
Sep 30, 2020
Merged

docker: Base the docker image on RedHat UBI #54812

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 8 additions & 10 deletions build/deploy/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,26 @@
FROM debian:9.12-slim
FROM registry.access.redhat.com/ubi8/ubi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use ubi-minimal instead of the regular ubi? It looks like all the packages we list below are present there (https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8?container-tabs=packages).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had tried ubi-minimal. Cockroach couldn't find the installed tzinfo. I verified the package was installed but didn't dig deeper at the time. I just dug a bit deeper and found that the minimal image gets it's smaller size by excluding documentation and language files for many RPMs. For tzinfo, all the files in /usr/share/zoneinfo are excluded.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops. Sounds like a bug on redhat's side, but when this was reported in rhel-atomic they responded by removing the rest of the tzdata package instead of fixing it. It looks like it's intended to be there since it still shows up in the package list, but the actual contents are missing.

Is there any way to use ubi-minimal and then reinstall the tzdata package? It looks like yum is not present on ubi-minimal and I don't know enough of the redhat ecosystem to know if there's an alternative that is present.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tool to use in ubi-minimal is microdnf. This is the primary page I've been referencing for information on what's in each of the UBI image versions and how they differ from each other. The "Based on RHEL packaging" bullet of section 4.1.2 on that page is where I found the note about what is excluded from the ubi-minimal image. The command rpm -Va shows the excluded files for the installed RPMs.

I tried uninstalling the tzdata package and found it is depended upon by a large number of packages. There doesn't appear to be a way to force uninstallation and I'm not finding a way to install a different version of the file.

It does seem odd that they'd intentionally include a package and remove all the useful information from it. I can put a bug report in for this.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figured out a hack to make the image use the ubi8/ubi-minimal image. See #55467.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This issue says that there's now a microdnf reinstall command: rpm-software-management/microdnf#34

And if that's too recent, it offers a workaround: rpm --erase --nodeps tzdata && microdnf install tzdata

Copy link
Contributor

@bdarnell bdarnell Oct 13, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

~~Ah, I see you're already using microdnf reinstall in #55467. ~~ No, that's dnf reinstall, not microdnf reinstall

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. Nice find. I'm switching to use the rpm erase hack.


# For deployment, we need
# libc6 - dynamically linked by cockroach binary
# For deployment, we need the following installed (they are installed
# by default in RedHat UBI standard):
# glibc - dynamically linked by cockroach binary
# ca-certificates - to authenticate TLS connections for telemetry and
# bulk-io with S3/GCS/Azure
# tzdata - for time zone functions
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y libc6 ca-certificates tzdata && \
rm -rf /var/lib/apt/lists/*
RUN yum update --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos -y && rm -rf /var/cache/yum

# Install GEOS libraries.
RUN mkdir /usr/local/lib/cockroach
COPY libgeos.so libgeos_c.so /usr/local/lib/cockroach/

RUN mkdir -p /cockroach
COPY cockroach.sh cockroach /cockroach/

# Set working directory so that relative paths
# are resolved appropriately when passed as args.
WORKDIR /cockroach/

# Include the directory into the path
# to make it easier to invoke commands
# via Docker
# Include the directory in the path to make it easier to invoke
# commands via Docker
ENV PATH=/cockroach:$PATH

ENV COCKROACH_CHANNEL=official-docker
Expand Down