Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor and optimisation of Dockerfiles #64

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Refactor and optimisation of Dockerfiles #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9ded043
Refactor Dockerfile RUN statements to reduce image size
jnc74743 Jan 3, 2025
8da6774
Make consistent use of LABEL's for images and add "author" information
jnc74743 Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 30 additions & 34 deletions docker-c8/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
FROM rockylinux:8

# Add labels
LABEL org.opencontainers.image.source=https://github.com/stfc/grid-workernode
LABEL [email protected]
LABEL org.opencontainers.image.description="A specialised container image optimised for high-performance batch job execution in RAL's computing environment. \
It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."

# Basic dependencies
RUN dnf -y install \
zip \
Expand All @@ -15,44 +21,34 @@ RUN dnf -y install \
attr \
tcsh \
numactl \
bc
bc && \
# CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version)
dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \
https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_8/noarch/cvmfs-config-egi-2.7-1.8.obs.el8.noarch.rpm && \
# Install CVMFS
dnf -y install cvmfs && \
# Install EPEL repository
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
# Install HEP_OSlibs
dnf -y install https://linuxsoft.cern.ch/wlcg/centos8/x86_64/wlcg-repo-1.0.0-1.el8.noarch.rpm && \
dnf -y install --enablerepo=devel HEP_OSlibs && \
# Boost (need to ensure gfal CLI from CVMFS will work for some VOs)
dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \
boost-regex boost-serialization boost-signals boost-system boost-test \
boost-thread boost-wave && \
# Install Apptainer
dnf -y install apptainer && \
# Update & tidy up
dnf -y update && \
dnf clean all && \
rm -rf /var/cache/dnf

# Create all possible pool accounts
RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash -

# CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version)
RUN dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \
https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_8/noarch/cvmfs-config-egi-2.7-1.8.obs.el8.noarch.rpm
RUN dnf -y install cvmfs

# EPEL
RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

# Install HEP_OSlibs
RUN dnf -y install https://linuxsoft.cern.ch/wlcg/centos8/x86_64/wlcg-repo-1.0.0-1.el8.noarch.rpm
RUN dnf -y install --enablerepo=devel HEP_OSlibs

# Boost (need to ensure gfal CLI from CVMFS will work for some VOs)
RUN dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \
boost-regex boost-serialization boost-signals boost-system boost-test \
boost-thread boost-wave

# Apptainer
RUN dnf -y install apptainer

# Disable overlay and loop device management in Apptainer
RUN sed -i '/enable overlay/c\enable overlay = no' /etc/apptainer/apptainer.conf && \
sed -i '/enable underlay/c\enable underlay = yes' /etc/apptainer/apptainer.conf && \
sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf

# Deny setuid in Apptainer
RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf

# Update & cleanup
RUN dnf -y update && \
dnf clean all && \
rm -rf /var/cache/dnf

LABEL source=https://github.com/stfc/grid-workernode
LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \
It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."
sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf && \
# Deny setuid in Apptainer
sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf
64 changes: 30 additions & 34 deletions docker-c9/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
FROM rockylinux:9

# Add labels
LABEL org.opencontainers.image.source=https://github.com/stfc/grid-workernode
LABEL [email protected]
LABEL org.opencontainers.image.description="A specialised container image optimised for high-performance batch job execution in RAL's computing environment. \
It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."

# Basic dependencies
RUN dnf -y install \
zip \
Expand All @@ -15,44 +21,34 @@ RUN dnf -y install \
attr \
tcsh \
numactl \
bc
bc && \
# CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version)
dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \
https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_9/noarch/cvmfs-config-egi-2.7-1.8.obs.el9.noarch.rpm && \
# Install CVMFS
dnf -y install cvmfs && \
# Install EPEL repository
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
# Install HEP_OSlibs
dnf -y install https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-repo-1.0.0-1.el9.noarch.rpm && \
dnf -y install --enablerepo=devel HEP_OSlibs && \
# Boost (need to ensure gfal CLI from CVMFS will work for some VOs)
dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \
boost-regex boost-serialization boost-system boost-test \
boost-thread boost-wave && \
# Install Apptainer
dnf -y install apptainer && \
# Update & tidy up
dnf -y update && \
dnf clean all && \
rm -rf /var/cache/dnf

# Create all possible pool accounts
RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash -

# CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version)
RUN dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \
https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_9/noarch/cvmfs-config-egi-2.7-1.8.obs.el9.noarch.rpm
RUN dnf -y install cvmfs

# EPEL
RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

# Install HEP_OSlibs
RUN dnf -y install https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-repo-1.0.0-1.el9.noarch.rpm
RUN dnf -y install --enablerepo=devel HEP_OSlibs

# Boost (need to ensure gfal CLI from CVMFS will work for some VOs)
RUN dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \
boost-regex boost-serialization boost-system boost-test \
boost-thread boost-wave

# Apptainer
RUN dnf -y install apptainer

# Disable overlay and loop device management in Apptainer
RUN sed -i '/enable overlay/c\enable overlay = no' /etc/apptainer/apptainer.conf && \
sed -i '/enable underlay/c\enable underlay = yes' /etc/apptainer/apptainer.conf && \
sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf

# Deny setuid in Apptainer
RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf

# Update & cleanup
RUN dnf -y update && \
dnf clean all && \
rm -rf /var/cache/dnf

LABEL source=https://github.com/stfc/grid-workernode
LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \
It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations."
sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf && \
# Deny setuid in Apptainer
sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf
121 changes: 59 additions & 62 deletions xrootd/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
FROM rockylinux:8

# Add labels and arguments
ARG XROOTD_VERSION=5.7.1-3
ARG XRDCEPH_VERSION=5.7.1-3
ARG CEPH_VERSION=14.2.22-0
LABEL xrootd-ver=$XROOTD_VERSION
LABEL xrdceph-ver=$XRDCEPH_VERSION
LABEL ceph-ver=$CEPH_VERSION
LABEL org.opencontainers.image.source=https://github.com/stfc/grid-workernode
LABEL [email protected]
LABEL org.opencontainers.image.description="A specialised container image optimised as a local XROOTD gateway in RAL's computing environment. \
It includes software for XROOTD along with libraries, and dependencies, ensuring efficient, and scalable data staging, benefiting researchers and organisations."

# xrootd user - needs to be consistent with the host
RUN groupadd --gid 65432 xrootd && \
Expand All @@ -14,75 +20,66 @@ RUN groupadd --gid 65432 xrootd && \
COPY *.repo /etc/yum.repos.d/

# install versionlock, and configure versionlocks
RUN dnf -y install python3-dnf-plugin-versionlock
RUN dnf -y versionlock add ceph-${CEPH_VERSION}.el8.x86_64 \
ceph-base-${CEPH_VERSION}.el8.x86_64 \
ceph-common-${CEPH_VERSION}.el8.x86_64 \
ceph-mds-${CEPH_VERSION}.el8.x86_64 \
ceph-mgr-${CEPH_VERSION}.el8.x86_64 \
ceph-mon-${CEPH_VERSION}.el8.x86_64 \
ceph-osd-${CEPH_VERSION}.el8.x86_64 \
ceph-selinux-${CEPH_VERSION}.el8.x86_64 \
libcephfs2-${CEPH_VERSION}.el8.x86_64 \
librados2-${CEPH_VERSION}.el8.x86_64 \
libradosstriper1-${CEPH_VERSION}.el8.x86_64 \
librbd1-${CEPH_VERSION}.el8.x86_64 \
librgw2-${CEPH_VERSION}.el8.x86_64 \
python-ceph-argparse-${CEPH_VERSION}.el8.x86_64 \
python-cephfs-${CEPH_VERSION}.el8.x86_64 \
python-rados-${CEPH_VERSION}.el8.x86_64 \
python-rbd-${CEPH_VERSION}.el8.x86_64 \
python-rgw-${CEPH_VERSION}.el8.x86_64 \
python3-ceph-argparse-${CEPH_VERSION}.el8.x86_64 \
python3-cephfs-${CEPH_VERSION}.el8.x86_64 \
python3-rados-${CEPH_VERSION}.el8.x86_64 \
python3-rbd-${CEPH_VERSION}.el8.x86_64 \
python3-rgw-${CEPH_VERSION}.el8.x86_64 \
xrootd-${XROOTD_VERSION}.el8.x86_64 \
xrootd-client-${XROOTD_VERSION}.el8.x86_64 \
xrootd-client-libs-${XROOTD_VERSION}.el8.x86_64 \
xrootd-libs-${XROOTD_VERSION}.el8.x86_64 \
xrootd-selinux-${XROOTD_VERSION}.el8.noarch \
xrootd-server-${XROOTD_VERSION}.el8.x86_64 \
xrootd-server-libs-${XROOTD_VERSION}.el8.x86_64 \
xrootd-ceph-buffered-${XRDCEPH_VERSION}.el8.x86_64 \
xrootd-voms-${XROOTD_VERSION}.el8.x86_64 \
xrootd-scitokens-${XROOTD_VERSION}.el8.x86_64

RUN dnf -y versionlock list


# Ceph
RUN dnf -y install ceph \
ceph-common

# xrootd
RUN dnf -y install xrootd-ceph-buffered \
RUN dnf -y install python3-dnf-plugin-versionlock && \
dnf -y versionlock add ceph-${CEPH_VERSION}.el8.x86_64 \
ceph-base-${CEPH_VERSION}.el8.x86_64 \
ceph-common-${CEPH_VERSION}.el8.x86_64 \
ceph-mds-${CEPH_VERSION}.el8.x86_64 \
ceph-mgr-${CEPH_VERSION}.el8.x86_64 \
ceph-mon-${CEPH_VERSION}.el8.x86_64 \
ceph-osd-${CEPH_VERSION}.el8.x86_64 \
ceph-selinux-${CEPH_VERSION}.el8.x86_64 \
libcephfs2-${CEPH_VERSION}.el8.x86_64 \
librados2-${CEPH_VERSION}.el8.x86_64 \
libradosstriper1-${CEPH_VERSION}.el8.x86_64 \
librbd1-${CEPH_VERSION}.el8.x86_64 \
librgw2-${CEPH_VERSION}.el8.x86_64 \
python-ceph-argparse-${CEPH_VERSION}.el8.x86_64 \
python-cephfs-${CEPH_VERSION}.el8.x86_64 \
python-rados-${CEPH_VERSION}.el8.x86_64 \
python-rbd-${CEPH_VERSION}.el8.x86_64 \
python-rgw-${CEPH_VERSION}.el8.x86_64 \
python3-ceph-argparse-${CEPH_VERSION}.el8.x86_64 \
python3-cephfs-${CEPH_VERSION}.el8.x86_64 \
python3-rados-${CEPH_VERSION}.el8.x86_64 \
python3-rbd-${CEPH_VERSION}.el8.x86_64 \
python3-rgw-${CEPH_VERSION}.el8.x86_64 \
xrootd-${XROOTD_VERSION}.el8.x86_64 \
xrootd-client-${XROOTD_VERSION}.el8.x86_64 \
xrootd-client-libs-${XROOTD_VERSION}.el8.x86_64 \
xrootd-libs-${XROOTD_VERSION}.el8.x86_64 \
xrootd-selinux-${XROOTD_VERSION}.el8.noarch \
xrootd-server-${XROOTD_VERSION}.el8.x86_64 \
xrootd-server-libs-${XROOTD_VERSION}.el8.x86_64 \
xrootd-ceph-buffered-${XRDCEPH_VERSION}.el8.x86_64 \
xrootd-voms-${XROOTD_VERSION}.el8.x86_64 \
xrootd-scitokens-${XROOTD_VERSION}.el8.x86_64 && \
# For debugging purposes, show the versionlock list
dnf -y versionlock list && \
# Install CEPH
dnf -y install ceph \
ceph-common && \
# Install XROOTD
dnf -y install xrootd-ceph-buffered \
xrootd-client \
xrootd-client-libs \
xrootd-libs \
xrootd-server \
xrootd-server-libs \
xrootd-voms \
xrootd-scitokens \
jemalloc


# For N2N mapping
RUN dnf -y install http://repos.gridpp.rl.ac.uk/yum/xrootd-cmstfc/el8/xrootd-cmstfc-1.5.2-6.osgroup.el8.x86_64.rpm

# Needed by the health-check scripts
RUN dnf -y install openssl

# python3 needed for cephsum script
RUN dnf -y install python3 \
python3-rados

# Install netcat for service healthcheck
RUN dnf -y install netcat

# Update & cleanup
RUN dnf -y update && \
jemalloc && \
# For N2N mapping
dnf -y install http://repos.gridpp.rl.ac.uk/yum/xrootd-cmstfc/el8/xrootd-cmstfc-1.5.2-6.osgroup.el8.x86_64.rpm && \
# Required for health-check scripts
dnf -y install openssl && \
# Python3 required for cephsum script
dnf -y install python3 \
python3-rados && \
# Install netcat for service healthcheck
dnf -y install netcat && \
# Update & tidy up
dnf -y update && \
dnf clean all && \
rm -rf /var/cache/dnf

Expand Down
Loading