X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=Dockerfile;h=a3afffe1f39674eb80559e01306418169b771b2b;hb=ecb900c8fcd0cd96c3837a046dccde473d01a9ba;hp=0b49ac7f7d94dbb6b6754a274e3ed1ec79ed57ea;hpb=9407e119792b573a83369608a5187bf957aaf7c0;p=ric-plt%2Fa1.git diff --git a/Dockerfile b/Dockerfile index 0b49ac7..a3afffe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # ================================================================================== -# Copyright (c) 2019 Nokia -# Copyright (c) 2018-2019 AT&T Intellectual Property. +# Copyright (c) 2019-2020 Nokia +# Copyright (c) 2018-2020 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,41 +14,53 @@ # See the License for the specific language governing permissions and # limitations under the License. # ================================================================================== -# TODO: switch to alpine once rmr apk available -FROM python:3.7 -COPY . /tmp -WORKDIR /tmp +# This container uses a 2 stage build! +# Tips and tricks were learned from: https://pythonspeed.com/articles/multi-stage-docker-python/ +FROM python:3.8-alpine AS compile-image +# upgrade pip as root +RUN pip install --upgrade pip +# Gevent needs gcc, make, file, ffi +RUN apk update && apk add gcc musl-dev make file libffi-dev +# create a non-root user. Only really needed in stage 2, +# however this makes the copying easier and straighttforward; +# pip option --user doesn't do the same thing if run as root +RUN addgroup -S a1user && adduser -S -G a1user a1user +# switch to the non-root user for installing site packages +USER a1user +# Speed hack; we install gevent before a1 because when building repeatedly (eg during dev) +# and only changing a1 code, we do not need to keep compiling gevent which takes forever +RUN pip install --user gevent +COPY setup.py /home/a1user/ +COPY a1/ /home/a1user/a1 +RUN pip install --user /home/a1user -# copy NNG out of the CI builder nng -COPY --from=nexus3.o-ran-sc.org:10004/bldr-debian-python-nng:2-py3.7-nng1.1.1 /usr/local/lib/libnng.so /usr/local/lib/libnng.so +########### +# 2nd stage +FROM python:3.8-alpine -# Installs RMr using debian package hosted at packagecloud.io -RUN wget --content-disposition https://packagecloud.io/o-ran-sc/master/packages/debian/stretch/rmr_1.0.36_amd64.deb/download.deb -RUN dpkg -i rmr_1.0.36_amd64.deb +# copy rmr libraries from builder image in lieu of an Alpine package +COPY --from=nexus3.o-ran-sc.org:10002/o-ran-sc/bldr-alpine3-rmr:4.0.5 /usr/local/lib64/librmr* /usr/local/lib64/ -# dir that rmr routing file temp goes into +# copy python modules; this makes the 2 stage python build work +COPY --from=compile-image /home/a1user/.local /home/a1user/.local +# create mount point for dir with rmr routing file as named below RUN mkdir -p /opt/route/ - -# Install RMr python bindings -# this writes into /usr/local, need root -RUN pip install --upgrade pip && pip install rmr==0.10.1 tox - -# Run the unit tests -RUN tox - -# do the actual install -RUN pip install . - -# Switch to a non-root user for security reasons. -# a1 does not currently write into any dirs so no chowns are needed at this time. -# https://stackoverflow.com/questions/27701930/add-user-to-docker-container -RUN adduser --disabled-password --gecos '' a1user +# create a non-root user +RUN addgroup -S a1user && adduser -S -G a1user a1user +# ensure the non-root user can read python files +RUN chown -R a1user:a1user /home/a1user/.local +# switch to the non-root user for security reasons USER a1user - # misc setups EXPOSE 10000 -ENV LD_LIBRARY_PATH /usr/local/lib +ENV LD_LIBRARY_PATH /usr/local/lib/:/usr/local/lib64 ENV RMR_SEED_RT /opt/route/local.rt +# Set to True to run standalone +ENV USE_FAKE_SDL False +ENV PYTHONUNBUFFERED 1 +# pip installs console script to ~/.local/bin so PATH is critical +ENV PATH=/home/a1user/.local/bin:$PATH -CMD run.py +# Run! +CMD run-a1