|
| 1 | +# -------------------------------------------------------------------- |
| 2 | +# |
| 3 | +# Licensed to the Apache Software Foundation (ASF) under one or more |
| 4 | +# contributor license agreements. See the NOTICE file distributed |
| 5 | +# with this work for additional information regarding copyright |
| 6 | +# ownership. The ASF licenses this file to You under the Apache |
| 7 | +# License, Version 2.0 (the "License"); you may not use this file |
| 8 | +# except in compliance with the License. You may obtain a copy of the |
| 9 | +# License at |
| 10 | +# |
| 11 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | +# |
| 13 | +# Unless required by applicable law or agreed to in writing, software |
| 14 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
| 16 | +# implied. See the License for the specific language governing |
| 17 | +# permissions and limitations under the License. |
| 18 | +# |
| 19 | +# -------------------------------------------------------------------- |
| 20 | +# |
| 21 | +# Apache Cloudberry (Incubating) is an effort undergoing incubation at |
| 22 | +# the Apache Software Foundation (ASF), sponsored by the Apache |
| 23 | +# Incubator PMC. |
| 24 | +# |
| 25 | +# Incubation is required of all newly accepted projects until a |
| 26 | +# further review indicates that the infrastructure, communications, |
| 27 | +# and decision making process have stabilized in a manner consistent |
| 28 | +# with other successful ASF projects. |
| 29 | +# |
| 30 | +# While incubation status is not necessarily a reflection of the |
| 31 | +# completeness or stability of the code, it does indicate that the |
| 32 | +# project has yet to be fully endorsed by the ASF. |
| 33 | +# |
| 34 | +# -------------------------------------------------------------------- |
| 35 | +# Dockerfile for Apache Cloudberry Build Environment |
| 36 | +# -------------------------------------------------------------------- |
| 37 | +# This Dockerfile sets up a Rocky Linux 9-based container for building |
| 38 | +# and developing Apache Cloudberry. It installs necessary system |
| 39 | +# utilities, development tools, and configures the environment for SSH |
| 40 | +# access and systemd support. |
| 41 | +# |
| 42 | +# Key Features: |
| 43 | +# - Locale setup for en_US.UTF-8 |
| 44 | +# - SSH daemon setup for remote access |
| 45 | +# - Essential development tools and libraries installation |
| 46 | +# - User configuration for 'gpadmin' with sudo privileges |
| 47 | +# |
| 48 | +# Usage: |
| 49 | +# docker build -t cloudberry-db-env . |
| 50 | +# docker run -h cdw -it cloudberry-db-env |
| 51 | +# -------------------------------------------------------------------- |
| 52 | + |
| 53 | +# Base image: Rocky Linux 10 |
| 54 | +FROM rockylinux/rockylinux:10 |
| 55 | + |
| 56 | +# Argument for configuring the timezone |
| 57 | +ARG TIMEZONE_VAR="America/Los_Angeles" |
| 58 | + |
| 59 | +# Environment variables for locale and user |
| 60 | +ENV container=docker |
| 61 | +ENV LANG=en_US.UTF-8 |
| 62 | +ENV USER=gpadmin |
| 63 | + |
| 64 | +# -------------------------------------------------------------------- |
| 65 | +# Install Development Tools and Utilities |
| 66 | +# -------------------------------------------------------------------- |
| 67 | +# Install various development tools, system utilities, and libraries |
| 68 | +# required for building and running Apache Cloudberry. |
| 69 | +# - EPEL repository is enabled for additional packages. |
| 70 | +# - Cleanup steps are added to reduce image size after installation. |
| 71 | +# -------------------------------------------------------------------- |
| 72 | +RUN dnf makecache && \ |
| 73 | + dnf install -y \ |
| 74 | + epel-release \ |
| 75 | + git && \ |
| 76 | + dnf makecache && \ |
| 77 | + dnf config-manager --disable epel && \ |
| 78 | + dnf install -y --enablerepo=epel \ |
| 79 | + bat \ |
| 80 | + libssh2-devel \ |
| 81 | + python3-devel \ |
| 82 | + htop && \ |
| 83 | + dnf install -y \ |
| 84 | + bison \ |
| 85 | + cmake3 \ |
| 86 | + ed \ |
| 87 | + file \ |
| 88 | + flex \ |
| 89 | + gcc \ |
| 90 | + gcc-c++ \ |
| 91 | + gdb \ |
| 92 | + glibc-langpack-en \ |
| 93 | + glibc-locale-source \ |
| 94 | + initscripts \ |
| 95 | + iproute \ |
| 96 | + less \ |
| 97 | + lsof \ |
| 98 | + m4 \ |
| 99 | + net-tools \ |
| 100 | + openssh-clients \ |
| 101 | + openssh-server \ |
| 102 | + perl \ |
| 103 | + rpm-build \ |
| 104 | + rpmdevtools \ |
| 105 | + rsync \ |
| 106 | + sudo \ |
| 107 | + tar \ |
| 108 | + unzip \ |
| 109 | + util-linux-ng \ |
| 110 | + wget \ |
| 111 | + sshpass \ |
| 112 | + which && \ |
| 113 | + dnf install -y \ |
| 114 | + apr-devel \ |
| 115 | + bzip2-devel \ |
| 116 | + java-21-openjdk \ |
| 117 | + java-21-openjdk-devel \ |
| 118 | + krb5-devel \ |
| 119 | + libcurl-devel \ |
| 120 | + libevent-devel \ |
| 121 | + libxml2-devel \ |
| 122 | + libuuid-devel \ |
| 123 | + libzstd-devel \ |
| 124 | + lz4 \ |
| 125 | + lz4-devel \ |
| 126 | + openldap-devel \ |
| 127 | + openssl-devel \ |
| 128 | + pam-devel \ |
| 129 | + perl-ExtUtils-Embed \ |
| 130 | + perl-Test-Simple \ |
| 131 | + perl-core \ |
| 132 | + python3-setuptools \ |
| 133 | + readline-devel \ |
| 134 | + zlib-devel && \ |
| 135 | + dnf install -y --enablerepo=crb \ |
| 136 | + liburing-devel \ |
| 137 | + libuv-devel \ |
| 138 | + libyaml-devel \ |
| 139 | + perl-IPC-Run \ |
| 140 | + python3-wheel \ |
| 141 | + protobuf-devel && \ |
| 142 | + dnf clean all && \ |
| 143 | + cd && XERCES_LATEST_RELEASE=3.3.0 && \ |
| 144 | + wget -nv "https://archive.apache.org/dist/xerces/c/3/sources/xerces-c-${XERCES_LATEST_RELEASE}.tar.gz" && \ |
| 145 | + echo "$(curl -sL https://archive.apache.org/dist/xerces/c/3/sources/xerces-c-${XERCES_LATEST_RELEASE}.tar.gz.sha256)" | sha256sum -c - && \ |
| 146 | + tar xf "xerces-c-${XERCES_LATEST_RELEASE}.tar.gz"; rm "xerces-c-${XERCES_LATEST_RELEASE}.tar.gz" && \ |
| 147 | + cd xerces-c-${XERCES_LATEST_RELEASE} && \ |
| 148 | + ./configure --prefix=/usr/local && \ |
| 149 | + make -j$(nproc) && \ |
| 150 | + make install -C ~/xerces-c-${XERCES_LATEST_RELEASE} && \ |
| 151 | + rm -rf ~/xerces-c* && \ |
| 152 | + cd && GO_VERSION="go1.23.4" && \ |
| 153 | + ARCH=$(uname -m) && \ |
| 154 | + if [ "${ARCH}" = "aarch64" ]; then \ |
| 155 | + GO_ARCH="arm64" && \ |
| 156 | + GO_SHA256="16e5017863a7f6071363782b1b8042eb12c6ca4f4cd71528b2123f0a1275b13e"; \ |
| 157 | + elif [ "${ARCH}" = "x86_64" ]; then \ |
| 158 | + GO_ARCH="amd64" && \ |
| 159 | + GO_SHA256="6924efde5de86fe277676e929dc9917d466efa02fb934197bc2eba35d5680971"; \ |
| 160 | + else \ |
| 161 | + echo "Unsupported architecture: ${ARCH}" && exit 1; \ |
| 162 | + fi && \ |
| 163 | + GO_URL="https://go.dev/dl/${GO_VERSION}.linux-${GO_ARCH}.tar.gz" && \ |
| 164 | + wget -nv "${GO_URL}" && \ |
| 165 | + echo "${GO_SHA256} ${GO_VERSION}.linux-${GO_ARCH}.tar.gz" | sha256sum -c - && \ |
| 166 | + tar xf "${GO_VERSION}.linux-${GO_ARCH}.tar.gz" && \ |
| 167 | + mv go "/usr/local/${GO_VERSION}" && \ |
| 168 | + ln -s "/usr/local/${GO_VERSION}" /usr/local/go && \ |
| 169 | + rm -f "${GO_VERSION}.linux-${GO_ARCH}.tar.gz" && \ |
| 170 | + echo 'export PATH=$PATH:/usr/local/go/bin' | tee -a /etc/profile.d/go.sh > /dev/null |
| 171 | + |
| 172 | +# -------------------------------------------------------------------- |
| 173 | +# Copy Configuration Files and Setup the Environment |
| 174 | +# -------------------------------------------------------------------- |
| 175 | +# - Copy custom configuration files from the build context to /tmp/. |
| 176 | +# - Apply custom system limits and timezone. |
| 177 | +# - Create and configure the 'gpadmin' user with sudo privileges. |
| 178 | +# - Set up SSH for password-based authentication. |
| 179 | +# - Generate locale and set the default locale to en_US.UTF-8. |
| 180 | +# -------------------------------------------------------------------- |
| 181 | + |
| 182 | +# Copy configuration files from their respective locations |
| 183 | +COPY ./configs/* /tmp/ |
| 184 | + |
| 185 | +RUN cp /tmp/90-cbdb-limits /etc/security/limits.d/90-cbdb-limits && \ |
| 186 | + sed -i.bak -r 's/^(session\s+required\s+pam_limits.so)/#\1/' /etc/pam.d/* && \ |
| 187 | + cat /usr/share/zoneinfo/${TIMEZONE_VAR} > /etc/localtime && \ |
| 188 | + chmod 777 /tmp/init_system.sh && \ |
| 189 | + /usr/sbin/groupadd gpadmin && \ |
| 190 | + /usr/sbin/useradd gpadmin -g gpadmin -G wheel && \ |
| 191 | + setcap cap_net_raw+ep /usr/bin/ping && \ |
| 192 | + echo 'gpadmin ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/90-gpadmin && \ |
| 193 | + echo -e '\n# Add Cloudberry entries\nif [ -f /usr/local/cbdb/cloudberry-env.sh ]; then\n source /usr/local/cbdb/cloudberry-env.sh\nfi' >> /home/gpadmin/.bashrc && \ |
| 194 | + ssh-keygen -A && \ |
| 195 | + echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config && \ |
| 196 | + localedef -i en_US -f UTF-8 en_US.UTF-8 && \ |
| 197 | + echo "LANG=en_US.UTF-8" | tee /etc/locale.conf && \ |
| 198 | + dnf clean all # Final cleanup to remove unnecessary files |
| 199 | + |
| 200 | +# Install testinfra via pip |
| 201 | +RUN pip3 install pytest-testinfra |
| 202 | + |
| 203 | +# Copying test files into the container |
| 204 | +COPY ./tests /tests |
| 205 | + |
| 206 | +# -------------------------------------------------------------------- |
| 207 | +# Set the Default User and Command |
| 208 | +# -------------------------------------------------------------------- |
| 209 | +# The default user is set to 'gpadmin', and the container starts by |
| 210 | +# running the init_system.sh script. The container also mounts the |
| 211 | +# /sys/fs/cgroup volume for systemd compatibility. |
| 212 | +# -------------------------------------------------------------------- |
| 213 | +USER gpadmin |
| 214 | + |
| 215 | +VOLUME [ "/sys/fs/cgroup" ] |
| 216 | +CMD ["bash","-c","/tmp/init_system.sh"] |
0 commit comments