From f1010717c7d09a4e55fceeface747f49fcb4f446 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Fri, 5 Mar 2021 10:32:37 -0500 Subject: [PATCH] fix for tb.sh dies on rmdir /var/lib/mock tb.sh create might fail to create the builder docker image. Yum install of the mock package failed, but yum did not report the failure because other packages in the instalation set succeeded. A subsequent command in the dockerfile fails when it tries to remove/relocate /var/lib/mock, but failes because it is not present. The yum error reporting was corrected in a recent update. But this does not address cached copies of old and broken yum install steps that pre-date the fix. The mock package is paricularly sensitive as it has cengn as the only source, where as other packages have multiple sources. One option is to force docker to not use the cache at all, which is slow. The second option is to change the docker file, placing the yum command to install mock under a seperate docker RUN command. The altered build instructions ensure that the docker cache with the broken install can't be used. While we are at it, move the user/project customization steps as far down as possible to improve cache usage. This change implements both. Closes-Bug: 1917901 Signed-off-by: Scott Little Change-Id: I28041bb44af53384c00a750b7162c6c6808c4e2d --- Dockerfile | 123 ++++++++++++++++++++++++++++------------------------- tb.sh | 13 +++++- 2 files changed, 75 insertions(+), 61 deletions(-) diff --git a/Dockerfile b/Dockerfile index df4b420f..7d80671b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,10 +59,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* && \ VOLUME /run /tmp # Download required dependencies by mirror/build processes. -RUN groupadd -g 751 cgts && \ - echo "mock:x:751:root" >> /etc/group && \ - echo "mockbuild:x:9001:" >> /etc/group && \ - yum install -y anaconda \ +RUN yum install -y \ + anaconda \ anaconda-runtime \ autoconf-archive \ autogen \ @@ -90,8 +88,6 @@ RUN groupadd -g 751 cgts && \ lighttpd-mod_geoip \ net-tools \ mkisofs \ - http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-1.4.16-1.el7.noarch.rpm \ - http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-core-configs-31.6-1.el7.noarch.rpm \ mongodb \ mongodb-server \ pax \ @@ -123,21 +119,26 @@ RUN groupadd -g 751 cgts && \ vim-enhanced \ wget -# This image requires a set of scripts and helpers -# for working correctly, in this section they are -# copied inside the image. -COPY toCOPY/finishSetup.sh /usr/local/bin -COPY toCOPY/populate_downloads.sh /usr/local/bin -COPY toCOPY/generate-local-repo.sh /usr/local/bin -COPY toCOPY/generate-centos-repo.sh /usr/local/bin -COPY toCOPY/lst_utils.sh /usr/local/bin -COPY toCOPY/.inputrc /home/$MYUNAME/ -COPY toCOPY/builder-constraints.txt /home/$MYUNAME/ +# Finally install a locked down version of mock +RUN groupadd -g 751 cgts && \ + echo "mock:x:751:root" >> /etc/group && \ + echo "mockbuild:x:9001:" >> /etc/group && \ + yum install -y \ + http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-1.4.16-1.el7.noarch.rpm \ + http://mirror.starlingx.cengn.ca/mirror/centos/epel/dl.fedoraproject.org/pub/epel/7/x86_64/Packages/m/mock-core-configs-31.6-1.el7.noarch.rpm + +# mock custumizations +# forcing chroots since a couple of packages naughtily insist on network access and +# we dont have nspawn and networks happy together. +RUN useradd -s /sbin/nologin -u 9001 -g 9001 mockbuild && \ + rmdir /var/lib/mock && \ + ln -s /localdisk/loadbuild/mock /var/lib/mock && \ + rmdir /var/cache/mock && \ + ln -s /localdisk/loadbuild/mock-cache /var/cache/mock && \ + echo "config_opts['use_nspawn'] = False" >> /etc/mock/site-defaults.cfg && \ + echo "config_opts['rpmbuild_networking'] = True" >> /etc/mock/site-defaults.cfg && \ + echo >> /etc/mock/site-defaults.cfg -# Thes are included for backward compatibility, and -# should be removed after a reasonable time. -COPY toCOPY/generate-cgcs-tis-repo /usr/local/bin -COPY toCOPY/generate-cgcs-centos-repo.sh /usr/local/bin # cpan modules, installing with cpanminus to avoid stupid questions since cpan is whack RUN cpanm --notest Fatal && \ @@ -146,10 +147,6 @@ RUN cpanm --notest Fatal && \ cpanm --notest XML::Parser && \ cpanm --notest XML::Simple -# pip installs -RUN pip install -c /home/$MYUNAME/builder-constraints.txt python-subunit junitxml --upgrade && \ - pip install -c /home/$MYUNAME/builder-constraints.txt tox --upgrade - # Install repo tool RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \ chmod a+x /usr/local/bin/repo @@ -161,17 +158,34 @@ RUN yum install -y golang && \ mkdir -p ${GOPATH}/bin && \ curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -# mock time -# forcing chroots since a couple of packages naughtily insist on network access and -# we dont have nspawn and networks happy together. -RUN useradd -s /sbin/nologin -u 9001 -g 9001 mockbuild && \ - rmdir /var/lib/mock && \ - ln -s /localdisk/loadbuild/mock /var/lib/mock && \ - rmdir /var/cache/mock && \ - ln -s /localdisk/loadbuild/mock-cache /var/cache/mock && \ - echo "config_opts['use_nspawn'] = False" >> /etc/mock/site-defaults.cfg && \ - echo "config_opts['rpmbuild_networking'] = True" >> /etc/mock/site-defaults.cfg && \ - echo >> /etc/mock/site-defaults.cfg +# Uprev git, git-review, repo +RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel asciidoc xmlto docbook2X && \ + cd /tmp && \ + wget https://github.com/git/git/archive/v2.29.2.tar.gz -O git-2.29.2.tar.gz && \ + tar xzvf git-2.29.2.tar.gz && \ + cd git-2.29.2 && \ + make configure && \ + ./configure --prefix=/usr/local && \ + make all doc && \ + make install install-doc && \ + cd /tmp && \ + rm -rf git-2.29.2.tar.gz git-2.29.2 && \ + pip install git-review --upgrade + +# Systemd Enablement +RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/* + +# pip installs +COPY toCOPY/builder-constraints.txt /home/$MYUNAME/ +RUN pip install -c /home/$MYUNAME/builder-constraints.txt python-subunit junitxml --upgrade && \ + pip install -c /home/$MYUNAME/builder-constraints.txt tox --upgrade # Inherited tools for mock stuff # we at least need the mock_cache_unlock tool @@ -181,6 +195,21 @@ RUN cd /opt/mock_overlay && \ make && \ make install +# This image requires a set of scripts and helpers +# for working correctly, in this section they are +# copied inside the image. +COPY toCOPY/finishSetup.sh /usr/local/bin +COPY toCOPY/populate_downloads.sh /usr/local/bin +COPY toCOPY/generate-local-repo.sh /usr/local/bin +COPY toCOPY/generate-centos-repo.sh /usr/local/bin +COPY toCOPY/lst_utils.sh /usr/local/bin +COPY toCOPY/.inputrc /home/$MYUNAME/ + +# Thes are included for backward compatibility, and +# should be removed after a reasonable time. +COPY toCOPY/generate-cgcs-tis-repo /usr/local/bin +COPY toCOPY/generate-cgcs-centos-repo.sh /usr/local/bin + # ENV setup RUN echo "# Load stx-builder configuration" >> /etc/profile.d/stx-builder-conf.sh && \ echo "if [[ -r \${HOME}/buildrc ]]; then" >> /etc/profile.d/stx-builder-conf.sh && \ @@ -232,30 +261,6 @@ RUN echo "$MYUNAME ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers && \ sed -i "s/dir-listing.activate/#dir-listing.activate/g" /etc/lighttpd/conf.d/dirlisting.conf && \ echo "dir-listing.activate = \"enable\"" >> /etc/lighttpd/conf.d/dirlisting.conf -# Uprev git, git-review, repo -RUN yum install -y dh-autoreconf curl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel asciidoc xmlto docbook2X && \ - cd /tmp && \ - wget https://github.com/git/git/archive/v2.29.2.tar.gz -O git-2.29.2.tar.gz && \ - tar xzvf git-2.29.2.tar.gz && \ - cd git-2.29.2 && \ - make configure && \ - ./configure --prefix=/usr/local && \ - make all doc && \ - make install install-doc && \ - cd /tmp && \ - rm -rf git-2.29.2.tar.gz git-2.29.2 && \ - pip install git-review --upgrade - -# Systemd Enablement -RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ - rm -f /lib/systemd/system/multi-user.target.wants/*;\ - rm -f /etc/systemd/system/*.wants/*;\ - rm -f /lib/systemd/system/local-fs.target.wants/*; \ - rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ - rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ - rm -f /lib/systemd/system/basic.target.wants/*;\ - rm -f /lib/systemd/system/anaconda.target.wants/* - RUN useradd -r -u $MYUID -g cgts -m $MYUNAME && \ ln -s /home/$MYUNAME/.ssh /mySSH && \ rsync -av /etc/skel/ /home/$MYUNAME/ diff --git a/tb.sh b/tb.sh index 151981cc..e1b86ef5 100755 --- a/tb.sh +++ b/tb.sh @@ -24,12 +24,17 @@ CMD=$1 TC_CONTAINER_NAME=${MYUNAME}-centos-builder TC_CONTAINER_TAG=local/${MYUNAME}-stx-builder:7.8 TC_DOCKERFILE=Dockerfile +NO_CACHE=0 function create_container { local EXTRA_ARGS="" if [ ! -z ${MY_EMAIL} ]; then - EXTRA_ARGS="--build-arg MY_EMAIL=${MY_EMAIL}" + EXTRA_ARGS+="--build-arg MY_EMAIL=${MY_EMAIL}" + fi + + if [ $NO_CACHE -eq 1 ]; then + EXTRA_ARGS+=" --no-cache" fi docker build \ @@ -87,7 +92,7 @@ function clean_container { } function usage { - echo "$0 [create|run|exec|env|stop|kill|clean]" + echo "$0 [create|create_no_cache|run|exec|env|stop|kill|clean]" } case $CMD in @@ -109,6 +114,10 @@ case $CMD in create) create_container ;; + create_no_cache) + NO_CACHE=1 + create_container + ;; exec) exec_container ;;