moby/Dockerfile

202 lines
7.4 KiB
Text
Raw Normal View History

# This file describes the standard way to build Docker, using docker
#
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run -e DOCKER_GITCOMMIT=foo --privileged docker hack/make.sh test-unit test-integration test-docker-py
#
# # Publish a release:
# docker run --privileged \
# -e AWS_S3_BUCKET=baz \
# -e AWS_ACCESS_KEY=foo \
# -e AWS_SECRET_KEY=bar \
# -e GPG_PASSPHRASE=gloubiboulga \
# docker hack/release.sh
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
FROM debian:stretch
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
apt-utils \
aufs-tools \
automake \
bash-completion \
binutils-mingw-w64 \
bsdmainutils \
btrfs-tools \
build-essential \
cmake \
createrepo \
curl \
dpkg-sig \
gcc-mingw-w64 \
git \
iptables \
jq \
less \
libapparmor-dev \
libcap-dev \
libdevmapper-dev \
libnet-dev \
libnl-3-dev \
libprotobuf-c0-dev \
libprotobuf-dev \
libseccomp-dev \
libsystemd-dev \
libtool \
libudev-dev \
mercurial \
net-tools \
pigz \
Add log reading to the journald log driver If a logdriver doesn't register a callback function to validate log options, it won't be usable. Fix the journald driver by adding a dummy validator. Teach the client and the daemon's "logs" logic that the server can also supply "logs" data via the "journald" driver. Update documentation and tests that depend on error messages. Add support for reading log data from the systemd journal to the journald log driver. The internal logic uses a goroutine to scan the journal for matching entries after any specified cutoff time, formats the messages from those entries as JSONLog messages, and stuffs the results down a pipe whose reading end we hand back to the caller. If we are missing any of the 'linux', 'cgo', or 'journald' build tags, however, we don't implement a reader, so the 'logs' endpoint will still return an error. Make the necessary changes to the build setup to ensure that support for reading container logs from the systemd journal is built. Rename the Jmap member of the journald logdriver's struct to "vars" to make it non-public, and to make it easier to tell that it's just there to hold additional variable values that we want journald to record along with log data that we're sending to it. In the client, don't assume that we know which logdrivers the server implements, and remove the check that looks at the server. It's redundant because the server already knows, and the check also makes using older clients with newer servers (which may have new logdrivers in them) unnecessarily hard. When we try to "logs" and have to report that the container's logdriver doesn't support reading, send the error message through the might-be-a-multiplexer so that clients which are expecting multiplexed data will be able to properly display the error, instead of tripping over the data and printing a less helpful "Unrecognized input header" error. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
2015-07-23 15:02:56 +00:00
pkg-config \
protobuf-compiler \
protobuf-c-compiler \
Dockerfiles: fix test-docker-py Presumably after switch to debian-stretch as a base, the following errors happens in Jenkins: 10:48:03 ---> Making bundle: test-docker-py (in bundles/17.06.0-dev/test-docker-py) 10:48:03 ---> Making bundle: .integration-daemon-start (in bundles/17.06.0-dev/test-docker-py) 10:48:03 Using test binary docker 10:48:03 # DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! 10:48:03 /etc/init.d/apparmor: 130: /etc/init.d/apparmor: systemd-detect-virt: not found 10:48:03 Starting AppArmor profiles:Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin 10:48:03 Warning failed to create cache: (null) 10:48:03 . 10:48:03 INFO: Waiting for daemon to start... 10:48:03 Starting dockerd 10:48:05 . 10:48:06 Traceback (most recent call last): 10:48:06 File "/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line 320, in _importconftest 10:48:06 mod = conftestpath.pyimport() 10:48:06 File "/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line 662, in pyimport 10:48:06 __import__(modname) 10:48:06 File "/docker-py/tests/integration/conftest.py", line 6, in <module> 10:48:06 import docker.errors 10:48:06 File "/docker-py/docker/__init__.py", line 2, in <module> 10:48:06 from .api import APIClient 10:48:06 File "/docker-py/docker/api/__init__.py", line 2, in <module> 10:48:06 from .client import APIClient 10:48:06 File "/docker-py/docker/api/client.py", line 6, in <module> 10:48:06 import requests 10:48:06 ImportError: No module named requests 10:48:06 ERROR: could not load /docker-py/tests/integration/conftest.py 10:48:06 and 00:38:55 File "/docker-py/docker/transport/ssladapter.py", line 21, in <module> 00:38:55 from backports.ssl_match_hostname import match_hostname 00:38:55 ImportError: No module named backports.ssl_match_hostname 00:38:55 ERROR: could not load /docker-py/tests/integration/conftest.py To fix, install the missing python modules. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-08-22 12:10:55 +00:00
python-backports.ssl-match-hostname \
python-dev \
python-mock \
python-pip \
Dockerfiles: fix test-docker-py Presumably after switch to debian-stretch as a base, the following errors happens in Jenkins: 10:48:03 ---> Making bundle: test-docker-py (in bundles/17.06.0-dev/test-docker-py) 10:48:03 ---> Making bundle: .integration-daemon-start (in bundles/17.06.0-dev/test-docker-py) 10:48:03 Using test binary docker 10:48:03 # DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! 10:48:03 /etc/init.d/apparmor: 130: /etc/init.d/apparmor: systemd-detect-virt: not found 10:48:03 Starting AppArmor profiles:Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin 10:48:03 Warning failed to create cache: (null) 10:48:03 . 10:48:03 INFO: Waiting for daemon to start... 10:48:03 Starting dockerd 10:48:05 . 10:48:06 Traceback (most recent call last): 10:48:06 File "/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line 320, in _importconftest 10:48:06 mod = conftestpath.pyimport() 10:48:06 File "/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line 662, in pyimport 10:48:06 __import__(modname) 10:48:06 File "/docker-py/tests/integration/conftest.py", line 6, in <module> 10:48:06 import docker.errors 10:48:06 File "/docker-py/docker/__init__.py", line 2, in <module> 10:48:06 from .api import APIClient 10:48:06 File "/docker-py/docker/api/__init__.py", line 2, in <module> 10:48:06 from .client import APIClient 10:48:06 File "/docker-py/docker/api/client.py", line 6, in <module> 10:48:06 import requests 10:48:06 ImportError: No module named requests 10:48:06 ERROR: could not load /docker-py/tests/integration/conftest.py 10:48:06 and 00:38:55 File "/docker-py/docker/transport/ssladapter.py", line 21, in <module> 00:38:55 from backports.ssl_match_hostname import match_hostname 00:38:55 ImportError: No module named backports.ssl_match_hostname 00:38:55 ERROR: could not load /docker-py/tests/integration/conftest.py To fix, install the missing python modules. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-08-22 12:10:55 +00:00
python-requests \
python-setuptools \
python-websocket \
Dockerfiles: fix test-docker-py Presumably after switch to debian-stretch as a base, the following errors happens in Jenkins: 10:48:03 ---> Making bundle: test-docker-py (in bundles/17.06.0-dev/test-docker-py) 10:48:03 ---> Making bundle: .integration-daemon-start (in bundles/17.06.0-dev/test-docker-py) 10:48:03 Using test binary docker 10:48:03 # DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! 10:48:03 /etc/init.d/apparmor: 130: /etc/init.d/apparmor: systemd-detect-virt: not found 10:48:03 Starting AppArmor profiles:Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin 10:48:03 Warning failed to create cache: (null) 10:48:03 . 10:48:03 INFO: Waiting for daemon to start... 10:48:03 Starting dockerd 10:48:05 . 10:48:06 Traceback (most recent call last): 10:48:06 File "/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line 320, in _importconftest 10:48:06 mod = conftestpath.pyimport() 10:48:06 File "/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line 662, in pyimport 10:48:06 __import__(modname) 10:48:06 File "/docker-py/tests/integration/conftest.py", line 6, in <module> 10:48:06 import docker.errors 10:48:06 File "/docker-py/docker/__init__.py", line 2, in <module> 10:48:06 from .api import APIClient 10:48:06 File "/docker-py/docker/api/__init__.py", line 2, in <module> 10:48:06 from .client import APIClient 10:48:06 File "/docker-py/docker/api/client.py", line 6, in <module> 10:48:06 import requests 10:48:06 ImportError: No module named requests 10:48:06 ERROR: could not load /docker-py/tests/integration/conftest.py 10:48:06 and 00:38:55 File "/docker-py/docker/transport/ssladapter.py", line 21, in <module> 00:38:55 from backports.ssl_match_hostname import match_hostname 00:38:55 ImportError: No module named backports.ssl_match_hostname 00:38:55 ERROR: could not load /docker-py/tests/integration/conftest.py To fix, install the missing python modules. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-08-22 12:10:55 +00:00
python-wheel \
tar \
thin-provisioning-tools \
vim \
vim-common \
xfsprogs \
zip \
--no-install-recommends \
&& pip install awscli==1.10.15
# Install Go
# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
# will need updating, to avoid errors. Ping #docker-maintainers on IRC
# with a heads-up.
# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
ENV GO_VERSION 1.9.4
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go
# Install CRIU for checkpoint/restore support
ENV CRIU_VERSION 3.6
RUN mkdir -p /usr/src/criu \
&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
&& cd /usr/src/criu \
&& make \
&& make install-criu
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -buildmode=pie -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -buildmode=pie -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary and notary-server
ENV NOTARY_VERSION v0.5.0
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -buildmode=pie -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
go build -buildmode=pie -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT 1d6b5b203222ba5df7dedfcd1ee061a452f99c8a
# To run integration tests docker-pycreds is required.
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install docker-pycreds==0.2.1 \
&& pip install -r test-requirements.txt
# Install yamllint for validating swagger.yaml
RUN pip install yamllint==1.5.0
# Install go-swagger for validating swagger.yaml
ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \
&& (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \
&& go build -o /usr/local/bin/swagger github.com/go-swagger/go-swagger/cmd/swagger \
&& rm -rf "$GOPATH"
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Add integration helps to bashrc
RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
# TODO: when issue #35963 fixed, we can upgrade the busybox to multi-arch
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
busybox:latest@sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f \
debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
# Install tomlv, vndr, runc, containerd, tini, docker-proxy dockercli
# Please edit hack/dockerfile/install-binaries.sh to update them.
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli gometalinter
ENV PATH=/usr/local/cli:$PATH
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
# Options for hack/validate/gometalinter
ENV GOMETALINTER_OPTS="--deadline=2m"
# Upload docker source
COPY . /go/src/github.com/docker/docker