From 32973dde950c97c1e71791f4f9270a11e3c7ef42 Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Thu, 19 Aug 2021 13:54:29 -0700 Subject: [PATCH] build: add Dockerfile for controller, build with bottlerocket-sdk Build the binaries with the bottlerocket-sdk. Dockerfile: install openssl with musl for controller, test-agent --- Dockerfile.sdk_openssl | 28 +++++++++++++++++++ Makefile | 27 ++++++++++++++---- controller/Dockerfile | 16 +++++++++++ .../examples/example_test_agent/Dockerfile | 19 +++++++++---- 4 files changed, 80 insertions(+), 10 deletions(-) create mode 100644 Dockerfile.sdk_openssl create mode 100644 controller/Dockerfile diff --git a/Dockerfile.sdk_openssl b/Dockerfile.sdk_openssl new file mode 100644 index 000000000..5c2d3fabe --- /dev/null +++ b/Dockerfile.sdk_openssl @@ -0,0 +1,28 @@ +ARG ARCH +FROM public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:v0.22.0 as build +ARG ARCH +ARG OPENSSL_VERSION=1.1.1k +ARG OPENSSL_SHA256SUM=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5 +USER root + +# Build openssl using musl toolchain for openssl-sys crate +RUN yum install -y perl +RUN mkdir /musl && \ + echo "/musl/lib" >> /etc/ld-musl-${ARCH}.path && \ + ln -s /usr/include/${ARCH}-linux-gnu/asm /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm && \ + ln -s /usr/include/asm-generic /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm-generic && \ + ln -s /usr/include/linux /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/linux + +RUN curl -O -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \ + echo "${OPENSSL_SHA256SUM} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum --check && \ + tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && \ + cd openssl-${OPENSSL_VERSION} && \ + ./Configure no-shared no-async -fPIC --prefix=/musl --openssldir=/musl/ssl linux-${ARCH} && \ + env C_INCLUDE_PATH=/musl/include/ make depend 2> /dev/null && \ + make -j$(nproc) && \ + make install && \ + cd .. && rm -rf openssl-${OPENSSL_VERSION} + +ENV PKG_CONFIG_ALLOW_CROSS=1 +ENV OPENSSL_STATIC=true +ENV OPENSSL_DIR=/musl diff --git a/Makefile b/Makefile index b7e288996..5de21e8e5 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,25 @@ -.PHONY: example-test-agent-container +.PHONY: sdk-openssl example-test-agent-image controller-image images -# Build a container image for daemon and tools. -example-test-agent-container: +ARCH=$(shell uname -m) + +images: controller-image + +# Augment the bottlerocket-sdk image with openssl built with the musl toolchain +sdk-openssl: + docker build \ + --build-arg ARCH="$(ARCH)" \ + --tag "bottlerocket-sdk-openssl-$(ARCH)" \ + -f Dockerfile.sdk_openssl . + +# Build the container image for the example test-agent program +example-test-agent-image: sdk-openssl docker build \ - --network=host \ - --tag 'example_test_agent' \ + --build-arg ARCH="$(ARCH)" \ + --tag "example-testsys-agent" \ -f test-agent/examples/example_test_agent/Dockerfile . + +controller-image: sdk-openssl + docker build \ + --build-arg ARCH="$(ARCH)" \ + --tag "testsys-controller" \ + -f controller/Dockerfile . diff --git a/controller/Dockerfile b/controller/Dockerfile new file mode 100644 index 000000000..3274a4fb9 --- /dev/null +++ b/controller/Dockerfile @@ -0,0 +1,16 @@ +ARG ARCH +FROM bottlerocket-sdk-openssl-${ARCH} as build +ARG ARCH +USER root + +ADD ./ /src/ +WORKDIR /src/controller +RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./ + +FROM scratch +# Copy CA certificates store +COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl +COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki +COPY --from=build /src/controller/bin/controller ./ + +ENTRYPOINT ["./controller"] diff --git a/test-agent/examples/example_test_agent/Dockerfile b/test-agent/examples/example_test_agent/Dockerfile index 784254830..9058b00ee 100644 --- a/test-agent/examples/example_test_agent/Dockerfile +++ b/test-agent/examples/example_test_agent/Dockerfile @@ -1,7 +1,16 @@ -# TODO Use Bottlerocket SDK -FROM rust:1.53.0 -WORKDIR /src +ARG ARCH +FROM bottlerocket-sdk-openssl-${ARCH} as build +ARG ARCH +USER root + ADD ./ /src/ WORKDIR /src/test-agent -RUN cargo install --path . --example example_test_agent --root ./ -ENTRYPOINT ["/src/test-agent/bin/example_test_agent"] +RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./ + +FROM scratch +# Copy CA certificates store +COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl +COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki +COPY --from=build /src/test-agent/bin/example_test_agent ./ + +ENTRYPOINT ["./example_test_agent"]