fa1deff1ad
This change replaces the homegrown Prometheus aggregation process that runs inside the container with the upstream Prometheus PushGateway.
140 lines
4.9 KiB
Text
140 lines
4.9 KiB
Text
FROM registry.redhat.io/rhel7:7.7
|
|
LABEL maintainer "thomasmckay@redhat.com"
|
|
|
|
ENV OS=linux \
|
|
ARCH=amd64 \
|
|
PYTHON_VERSION=2.7 \
|
|
PATH=$HOME/.local/bin/:$PATH \
|
|
PYTHONUNBUFFERED=1 \
|
|
PYTHONIOENCODING=UTF-8 \
|
|
LC_ALL=en_US.UTF-8 \
|
|
LANG=en_US.UTF-8 \
|
|
PIP_NO_CACHE_DIR=off
|
|
|
|
ENV QUAYDIR /quay-registry
|
|
ENV QUAYCONF /quay-registry/conf
|
|
ENV QUAYPATH "."
|
|
|
|
RUN mkdir $QUAYDIR
|
|
WORKDIR $QUAYDIR
|
|
|
|
RUN INSTALL_PKGS="\
|
|
python27 \
|
|
python27-python-pip \
|
|
rh-nginx112 rh-nginx112-nginx \
|
|
openldap \
|
|
scl-utils \
|
|
gcc-c++ git \
|
|
openldap-devel \
|
|
gpgme-devel \
|
|
dnsmasq \
|
|
memcached \
|
|
openssl \
|
|
skopeo \
|
|
" && \
|
|
yum install -y yum-utils && \
|
|
yum-config-manager --quiet --disable "*" >/dev/null && \
|
|
yum-config-manager --quiet --enable \
|
|
rhel-7-server-rpms \
|
|
rhel-server-rhscl-7-rpms \
|
|
rhel-7-server-optional-rpms \
|
|
rhel-7-server-extras-rpms \
|
|
--save >/dev/null && \
|
|
yum -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False install $INSTALL_PKGS && \
|
|
yum -y update && \
|
|
yum -y clean all
|
|
|
|
COPY . .
|
|
|
|
RUN scl enable python27 "\
|
|
pip install --upgrade setuptools pip && \
|
|
pip install -r requirements.txt --no-cache && \
|
|
pip freeze && \
|
|
mkdir -p $QUAYDIR/static/webfonts && \
|
|
mkdir -p $QUAYDIR/static/fonts && \
|
|
mkdir -p $QUAYDIR/static/ldn && \
|
|
PYTHONPATH=$QUAYPATH python -m external_libraries \
|
|
"
|
|
|
|
RUN cp -r $QUAYDIR/static/ldn $QUAYDIR/config_app/static/ldn && \
|
|
cp -r $QUAYDIR/static/fonts $QUAYDIR/config_app/static/fonts && \
|
|
cp -r $QUAYDIR/static/webfonts $QUAYDIR/config_app/static/webfonts
|
|
|
|
# Check python dependencies for GPL
|
|
# Due to the following bug, pip results must be piped to a file before grepping:
|
|
# https://github.com/pypa/pip/pull/3304
|
|
# 'docutils' is a setup dependency of botocore required by s3transfer. It's under
|
|
# GPLv3, and so is manually removed.
|
|
RUN rm -Rf /opt/rh/python27/root/usr/lib/python2.7/site-packages/docutils && \
|
|
scl enable python27 "pip freeze" | grep -v '^-e' | awk -F == '{print $1}' | grep -v docutils > piplist.txt && \
|
|
scl enable python27 "xargs -a piplist.txt pip --disable-pip-version-check show" > pipinfo.txt && \
|
|
test -z "$(cat pipinfo.txt | grep GPL | grep -v LGPL)" && \
|
|
rm -f piplist.txt pipinfo.txt
|
|
|
|
# Front-end
|
|
RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - && \
|
|
yum install -y nodejs && \
|
|
curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \
|
|
rpm --import https://dl.yarnpkg.com/rpm/pubkey.gpg && \
|
|
yum install -y yarn && \
|
|
yarn install --ignore-engines && \
|
|
yarn build && \
|
|
yarn build-config-app
|
|
|
|
# TODO: Build jwtproxy in dist-git
|
|
# https://jira.coreos.com/browse/QUAY-1315
|
|
ENV JWTPROXY_VERSION=0.0.3
|
|
RUN curl -fsSL -o /usr/local/bin/jwtproxy "https://github.com/coreos/jwtproxy/releases/download/v${JWTPROXY_VERSION}/jwtproxy-${OS}-${ARCH}" && \
|
|
chmod +x /usr/local/bin/jwtproxy
|
|
|
|
# TODO: Build pushgateway in dist-git
|
|
# https://jira.coreos.com/browse/QUAY-1324
|
|
ENV PUSHGATEWAY_VERSION=1.0.0
|
|
RUN curl -fsSL "https://github.com/prometheus/pushgateway/releases/download/v${PUSHGATEWAY_VERSION}/pushgateway-${PUSHGATEWAY_VERSION}.${OS}-${ARCH}.tar.gz" | \
|
|
tar xz "pushgateway-${PUSHGATEWAY_VERSION}.${OS}-${ARCH}/pushgateway" && \
|
|
mv "pushgateway-${PUSHGATEWAY_VERSION}.${OS}-${ARCH}/pushgateway" /usr/local/bin/pushgateway && \
|
|
rm -rf "pushgateway-${PUSHGATEWAY_VERSION}.${OS}-${ARCH}" && \
|
|
chmod +x /usr/local/bin/pushgateway
|
|
|
|
# Update local copy of AWS IP Ranges.
|
|
RUN curl -fsSL https://ip-ranges.amazonaws.com/ip-ranges.json -o util/ipresolver/aws-ip-ranges.json
|
|
|
|
RUN ln -s $QUAYCONF /conf && \
|
|
mkdir /var/log/nginx && \
|
|
ln -sf /dev/stdout /var/log/nginx/access.log && \
|
|
ln -sf /dev/stdout /var/log/nginx/error.log && \
|
|
chmod -R a+rwx /var/log/nginx
|
|
|
|
# Cleanup
|
|
RUN UNINSTALL_PKGS="\
|
|
gcc-c++ git \
|
|
openldap-devel \
|
|
gpgme-devel \
|
|
optipng \
|
|
kernel-headers \
|
|
" && \
|
|
yum remove -y $UNINSTALL_PKGS && \
|
|
yum clean all && \
|
|
rm -rf /var/cache/yum /tmp/* /var/tmp/* /root/.cache
|
|
|
|
EXPOSE 8080 8443 7443 9091
|
|
|
|
RUN chgrp -R 0 $QUAYDIR && \
|
|
chmod -R g=u $QUAYDIR
|
|
|
|
RUN mkdir /datastorage && chgrp 0 /datastorage && chmod g=u /datastorage && \
|
|
mkdir -p /var/log/nginx && chgrp 0 /var/log/nginx && chmod g=u /var/log/nginx && \
|
|
mkdir -p /conf/stack && chgrp 0 /conf/stack && chmod g=u /conf/stack && \
|
|
mkdir -p /tmp && chgrp 0 /tmp && chmod g=u /tmp && \
|
|
chmod g=u /etc/passwd
|
|
|
|
RUN chgrp 0 /var/opt/rh/rh-nginx112/log/nginx && chmod g=u /var/opt/rh/rh-nginx112/log/nginx
|
|
|
|
VOLUME ["/var/log", "/datastorage", "/tmp", "/conf/stack"]
|
|
|
|
ENTRYPOINT ["/quay-registry/quay-entrypoint.sh"]
|
|
CMD ["registry"]
|
|
|
|
# root required to create and install certs
|
|
# https://jira.coreos.com/browse/QUAY-1468
|
|
# USER 1001
|