testing, issue #1766: Upgrade tooling for Docker nightly release

hack/infrastructure/docker-ci.rst

@@ -52,18 +52,5 @@ nighthly release
 ================
 
 The nightly release process is done by buildbot, running a DinD container that downloads
-the docker repository and builds the release container. The resulting
-docker binary is then tested, and if everything is fine the release is done.
-
-Building the release DinD Container
------------------------------------
-
-# Log into docker-ci
-ssh ubuntu@docker-ci.dotcloud.com
-cd /data/docker/testing/nightlyrelease
-# Add release_credentials.json as specified in ./Dockerfile
-cat  > release_credentials.json << EOF
-EOF
-sudo docker build -t dockerbuilder .
-# Now that the container is built release_credentials.json is not needed anymore
-git checkout release_credentials.json
+the docker repository and builds the release container. The resulting docker
+binary is then tested, and if everything is fine, the release is done.

testing/Vagrantfile

@@ -4,7 +4,7 @@
 BOX_NAME = "docker-ci"
 BOX_URI = "http://files.vagrantup.com/precise64.box"
 AWS_AMI = "ami-d0f89fb9"
-DOCKER_PATH = "/data/docker"
+DOCKER_PATH = "/go/src/github.com/dotcloud/docker"
 CFG_PATH = "#{DOCKER_PATH}/testing/buildbot"
 on_vbox = File.file?("#{File.dirname(__FILE__)}/.vagrant/machines/default/virtualbox/id") | \
   Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty? & \
@@ -18,9 +18,9 @@ Vagrant::Config.run do |config|
   config.vm.forward_port 8010, 8010
   config.vm.share_folder "v-data", DOCKER_PATH, "#{File.dirname(__FILE__)}/.."
 
-
   # Deploy buildbot and its dependencies if it was not done
   if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
+
     # Add memory limitation capabilities
     pkg_cmd = 'sed -Ei \'s/^(GRUB_CMDLINE_LINUX_DEFAULT)=.+/\\1="cgroup_enable=memory swapaccount=1 quiet"/\' /etc/default/grub; '
     # Install new kernel
@@ -31,36 +31,33 @@ Vagrant::Config.run do |config|
       "dpkg-reconfigure --frontend noninteractive tzdata; " \
       "apt-get install -q -y python-dev python-pip supervisor; " \
       "pip install -r #{CFG_PATH}/requirements.txt; " \
-      "chown #{USER}.#{USER} /data; cd /data; " \
+      "mkdir /data; chown #{USER}.#{USER} /data; cd /data; " \
       "#{CFG_PATH}/setup.sh #{USER} #{CFG_PATH} #{ENV['BUILDBOT_PWD']} " \
         "#{ENV['IRC_PWD']} #{ENV['IRC_CHANNEL']} #{ENV['SMTP_USER']} " \
         "#{ENV['SMTP_PWD']} #{ENV['EMAIL_RCP']}; " \
       "#{CFG_PATH}/setup_credentials.sh #{USER} " \
         "#{ENV['REGISTRY_USER']} #{ENV['REGISTRY_PWD']}; "
+
     # Install docker
     pkg_cmd << "mkdir /mnt/docker; ln -s /mnt/docker /var/lib/docker; " \
       "wget -q -O - https://get.docker.io/gpg | apt-key add -; " \
       "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list; " \
       "apt-get update -qq; apt-get install -yq lxc-docker; "
-    # Enable docker host to run docker daemon in containers (dind)
-    pkg_cmd << "/sbin/stop docker; "
-    pkg_cmd << "DIND_CMD=\"  umount /sys/fs/cgroup/*; umount /sys/fs/cgroup\\n" \
-      "  mount -t tmpfs none /sys/fs/cgroup; cd /sys/fs/cgroup\\n" \
-      "  for C in \x5C\x24(awk '{print \x5C\x241}' < /proc/cgroups | grep -v subsys | grep -v memory);\\n" \
-      "    do mkdir \x5C\x24C; mount -t cgroup none -o \x5C\x24C \x5C\x24C; done;\\n" \
-      "  /usr/bin/docker -d\"; "
-    pkg_cmd << "sed -Ei 's~start on filesystem.+~start on filesystem and started lxc-net~' /etc/init/docker.conf; "
-    pkg_cmd << "sed -Ei 's~    /usr/bin/docker -d~'\"$DIND_CMD\"'~' /etc/init/docker.conf; "
+
     # Install testing dependencies
-    pkg_cmd << "curl -s https://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz | " \
-      "  tar -v -C /usr/local -xz; ln -s /usr/local/go/bin/go /usr/bin/go; " \
+    pkg_cmd << "wget -O go.tgz http://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz; " \
+      "  tar -C /usr/local -vxzf go.tgz; ln -s /usr/local/go/bin/go /usr/bin/go; " \
       "curl -s https://phantomjs.googlecode.com/files/phantomjs-1.9.1-linux-x86_64.tar.bz2 | " \
       "  tar jx -C /usr/bin --strip-components=2 phantomjs-1.9.1-linux-x86_64/bin/phantomjs; " \
       "DEBIAN_FRONTEND=noninteractive apt-get install -qy lxc git mercurial aufs-tools " \
       " make libfontconfig libevent-dev; " \
       "export GOPATH=/data/docker-dependencies; go get -d github.com/dotcloud/docker; " \
       "rm -rf ${GOPATH}/src/github.com/dotcloud/docker; "
-    # Activate new kernel options
+
+    # After reboot, build containers and prepare docker to run on dind
+    pkg_cmd << "cp #{DOCKER_PATH}/testing/buildbot/dockerci_local.sh /etc/rc.local; " \
+
+    # Activate new kernel
     pkg_cmd << "shutdown -r +1; "
     config.vm.provision :shell, :inline => pkg_cmd
   end
@@ -68,6 +65,7 @@ end
 
 # Providers were added on Vagrant >= 1.1.0
 Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config|
+  config.vm.box = "dummy"
   config.vm.provider :aws do |aws, override|
     aws.tags = { 'Name' => 'docker-ci' }
     aws.access_key_id = ENV["AWS_ACCESS_KEY_ID"]

testing/buildbot/dockerci_local.sh

@@ -0,0 +1,15 @@
+#!/bin/sh -e
+# This is a one time script to prepare docker-ci
+
+# Build docker nightly release container
+cd /go/src/github.com/dotcloud/docker/testing/nightlyrelease; docker build -t dockerbuilder .
+
+# Relaunch docker for dind to work (disabling apparmor)
+/sbin/stop docker
+DIND_CMD="    /etc/init.d/apparmor stop; /etc/init.d/apparmor teardown; /usr/bin/docker -dns=8.8.8.8 -d"
+sed -Ei "s~    /usr/bin/docker -d~$DIND_CMD~" /etc/init/docker.conf
+/sbin/start docker
+
+# Self removing
+echo -e '#!/bin/sh -e\nexit 0\n' > /etc/rc.local
+exit 0

testing/buildbot/master.cfg

@@ -20,7 +20,7 @@ TEST_PWD = 'docker'     # Credential to authenticate build triggers
 BUILDER_NAME = 'docker'
 GITHUB_DOCKER = 'github.com/dotcloud/docker'
 BUILDBOT_PATH = '/data/buildbot'
-DOCKER_PATH = '/data/docker'
+DOCKER_PATH = '/go/src/github.com/dotcloud/docker'
 BUILDER_PATH = '/data/buildbot/slave/{0}/build'.format(BUILDER_NAME)
 PULL_REQUEST_PATH = '/data/buildbot/slave/pullrequest/build'
 
@@ -52,8 +52,8 @@ c['schedulers'] += [SingleBranchScheduler(name="all",
 c['schedulers'] += [SingleBranchScheduler(name='pullrequest',
     change_filter=filter.ChangeFilter(category='github_pullrequest'), treeStableTimer=None,
     builderNames=['pullrequest'])]
-c['schedulers'] += [Nightly(name='daily', branch=None, builderNames=['coverage','nightlyrelease'],
-    hour=0, minute=30)]
+c['schedulers'] += [Nightly(name='daily', branch=None, builderNames=['nightlyrelease'],
+    hour=7, minute=00)]
 c['schedulers'] += [Nightly(name='every4hrs', branch=None, builderNames=['registry','index'],
     hour=range(0,24,4), minute=15)]
 
@@ -110,8 +110,8 @@ c['builders'] += [BuilderConfig(name='index',slavenames=['buildworker'],
     factory=factory)]
 
 # Docker nightly release
-nightlyrelease_cmd = ('docker run -i -t -privileged -lxc-conf="lxc.aa_profile = unconfined"'
-    ' -e AWS_S3_BUCKET="test.docker.io" dockerbuilder')
+nightlyrelease_cmd = ('docker run -i -t -privileged -lxc-conf=lxc.aa_profile=unconfined'
+    ' -e AWS_S3_BUCKET=test.docker.io dockerbuilder')
 factory = BuildFactory()
 factory.addStep(ShellCommand(description='NightlyRelease',logEnviron=False,usePTY=True,
     command=nightlyrelease_cmd))

testing/buildbot/setup.sh

@@ -13,7 +13,6 @@ SMTP_USER=$6
 SMTP_PWD=$7
 EMAIL_RCP=$8
 BUILDBOT_PATH="/data/buildbot"
-DOCKER_PATH="/data/docker"
 SLAVE_NAME="buildworker"
 SLAVE_SOCKET="localhost:9989"
 export PATH="/bin:sbin:/usr/bin:/usr/sbin:/usr/local/bin"

testing/buildbot/setup_credentials.sh

@@ -8,7 +8,7 @@ REGISTRY_USER=$2
 REGISTRY_PWD=$3
 
 BUILDBOT_PATH="/data/buildbot"
-DOCKER_PATH="/data/docker"
+DOCKER_PATH="/go/src/github.com/dotcloud/docker"
 
 function run { su $USER -c "$1"; }
 

testing/nightlyrelease/Dockerfile

@@ -1,5 +1,5 @@
-# VERSION:        1.0
-# DOCKER-VERSION  0.6.1
+# VERSION:        1.1
+# DOCKER-VERSION  0.6.2
 # AUTHOR:         Daniel Mizyrycki <daniel@dotcloud.com>
 # DESCRIPTION:    Build docker nightly release using Docker in Docker.
 # REFERENCES:     This code reuses the excellent implementation of docker in docker
@@ -10,26 +10,18 @@
 #         "AWS_SECRET_KEY='Test_docker_AWS_S3_bucket_key'
 #         "GPG_PASSPHRASE='Test_docker_GPG_passphrase_signature'
 #         "INDEX_AUTH='Encripted_index_authentication' }
-#   When releasing:  Docker in Docker requires cgroups mounted the same way in
-#   the host and containers:
-#       stop docker
-#       umount /sys/fs/cgroup/*; umount /sys/fs/cgroup; mount -t tmpfs none /sys/fs/cgroup
-#       cd /sys/fs/cgroup; for C in $(awk '{print $1}' < /proc/cgroups | grep -v subsys | grep -v memory) ; do mkdir $C ; mount -t cgroup none -o $C $C ; done
-#       docker -d &
 # TO_BUILD:       docker build -t dockerbuilder .
 # TO_RELEASE:     docker run -i -t -privileged -lxc-conf="lxc.aa_profile = unconfined" -e AWS_S3_BUCKET="test.docker.io" dockerbuilder
 
 from ubuntu:12.04
 maintainer Daniel Mizyrycki <daniel@dotcloud.com>
 
-# Add docker dependencies
+# Add docker dependencies and downloading packages
 run echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list
-run apt-get update; apt-get install -y -q iptables ca-certificates bzip2 python lxc curl git mercurial
-run curl -s https://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz | tar -v -C /usr/local -xz
-run ln -s /usr/local/go/bin/go /usr/bin
+run apt-get update; apt-get install -y -q lxc bzip2 iptables ca-certificates git wget python2.7
 
 # Add production docker binary
-run curl http://get.docker.io/builds/Linux/x86_64/docker-latest >/usr/bin/docker; chmod +x /usr/bin/docker
+run wget -O /usr/bin/docker http://get.docker.io/builds/Linux/x86_64/docker-latest; chmod +x /usr/bin/docker
 
 # Add proto docker builder
 add ./dockerbuild /usr/bin/dockerbuild
@@ -38,9 +30,8 @@ run chmod +x /usr/bin/dockerbuild
 # Add release credentials
 add ./release_credentials.json /root/release_credentials.json
 
-# Make /tmp and /var/lib/docker inside the container addressable by other containers.
-# This is done to ensure /tmp and /var/lib/docker has AUFS support needed by the inner docker server
-volume /tmp
+# Make /var/lib/docker inside the container addressable by other containers.
+# This is done to ensure /var/lib/docker has AUFS support needed by the inner docker server
 volume /var/lib/docker
 
 # Launch build process in a container

testing/nightlyrelease/dockerbuild

@@ -1,41 +1,34 @@
 #!/bin/bash
 
 # Variables AWS_ACCESS_KEY, AWS_SECRET_KEY, PG_PASSPHRASE and INDEX_AUTH
-# are decoded from /root/release_credentials.json and passed to the environment
+# are decoded from /root/release_credentials.json
 # Variable AWS_S3_BUCKET is passed to the environment from docker run -e
 
 # Enable debugging
 set -x
 
-# Prepare container environment to run docker in docker
-# Mount cgroups
-mount -t tmpfs none /tmp; mount -t tmpfs none /sys/fs/cgroup; cd /sys/fs/cgroup
-for C in $(awk "{print \$1}" < /proc/cgroups | grep -v subsys | grep -v memory) ; do mkdir $C ; mount -t cgroup none -o $C $C ; done
-pushd /proc/self/fd >/dev/null; for FD in *; do case "$FD" in [012]) ;; *) eval exec "$FD>&-" ;; esac done; popd >/dev/null
-
-# Launch docker daemon inside the container
-docker -d &
-
-# fetch docker master branch
-export GOPATH=/go
-rm -rf $GOPATH; mkdir -p $GOPATH
-go get -d github.com/dotcloud/docker
+# Fetch docker master branch
+git clone http://github.com/dotcloud/docker /go/src/github.com/dotcloud/docker
 cd /go/src/github.com/dotcloud/docker
 
+# Launch docker daemon using dind inside the container
+./hack/dind /usr/bin/docker -dns=8.8.8.8 -d &
+sleep 5
+
 # Add an uncommitted change to generate a timestamped release
 date > timestamp
 
-# Build the docker package and extract docker binary
-docker build -t releasedocker .
-docker run releasedocker sh -c 'cat /go/src/github.com/dotcloud/docker/bundles/*/binary/docker*'  >/docker
-chmod +x /docker
+# Build the docker package using /Dockerfile
+docker build -t docker .
 
-# Swap docker production daemon with new docker binary for testing
-kill $(pgrep '^docker$')
-sleep 15
-mv /docker /usr/bin
-docker -d &
-sleep 15
+# Run Docker unittests
+docker run -privileged docker go test -v || exit 1
+
+# Create Docker binary and Ubuntu package
+docker run -privileged docker hack/make.sh binary ubuntu
+
+# Freeze the container to upload the release
+docker commit -run '{"Env": ["PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin"], "WorkingDir": "/go/src/github.com/dotcloud/docker"}' $(docker ps -l -q)  release
 
 # Turn debug off to load credentials in the environment and
 # to authenticate to the index
@@ -47,7 +40,17 @@ exec("""for k in d: print "export {0}=\\"{1}\\"".format(k,d[k])""")')
 echo '{"https://index.docker.io/v1/":{"auth":"'$INDEX_AUTH'","email":"engineering@dotcloud.com"}}' > /.dockercfg
 set -x
 
-# Test docker nightly
+# Extract docker binary
+docker cp $(docker ps -l -q):/go/src/github.com/dotcloud/docker/bundles /tmp
+
+# Swap docker production daemon with new docker binary for testing
+kill $(pgrep '^docker$')
+sleep 15
+cp /tmp/bundles/*/binary/* /usr/bin/docker
+./hack/dind /usr/bin/docker -dns=8.8.8.8 -d &
+sleep 15
+
+# Run Docker functional tests
 # Generate unique image name
 export DIMAGE=testimage`date +'%Y%m%d%H%M%S'`
 
@@ -66,6 +69,6 @@ docker push test/$DIMAGE
 docker search $DIMAGE | grep -q $DIMAGE || exit 1
 
 # Push docker nightly
-echo docker run -i -t -e AWS_S3_BUCKET="$AWS_S3_BUCKET" -e AWS_ACCESS_KEY="XXXXX" -e AWS_SECRET_KEY="XXXXX" -e GPG_PASSPHRASE="XXXXX" releasedocker
+echo docker run -i -t -privileged -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=XXXXX -e AWS_SECRET_KEY=XXXXX -e GPG_PASSPHRASE=XXXXX release  hack/release.sh
 set +x
-docker run -i -t -e AWS_S3_BUCKET="$AWS_S3_BUCKET" -e AWS_ACCESS_KEY="$AWS_ACCESS_KEY" -e AWS_SECRET_KEY="$AWS_SECRET_KEY" -e GPG_PASSPHRASE="$GPG_PASSPHRASE" releasedocker
+docker run -i -t -privileged -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE  release  hack/release.sh