-
Notifications
You must be signed in to change notification settings - Fork 1
/
base.Dockerfile
85 lines (72 loc) · 3.33 KB
/
base.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
##
## Copyright (c) 2023 The Johns Hopkins University Applied Physics
## Laboratory LLC.
##
## This file is part of the Asynchronous Network Management System (ANMS).
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
## http://www.apache.org/licenses/LICENSE-2.0
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
## This work was performed for the Jet Propulsion Laboratory, California
## Institute of Technology, sponsored by the United States Government under
## the prime contract 80NM0018D0004 between the Caltech and NASA under
## subcontract 1658085.
##
# The base image is just RHEL-9 OS with configuration for all ANMS containers.
#
FROM registry.access.redhat.com/ubi9/ubi:9.2 AS anms-base
# Optional APL network configuration from
# https://aplprod.servicenowservices.com/sp?id=kb_article&sys_id=c0de6fe91b83d85071b143bae54bcb34
RUN ( \
curl -sL http://apllinuxdepot.jhuapl.edu/linux/APL-root-cert/JHUAPL-MS-Root-CA-05-21-2038-B64-text.cer -o /etc/pki/ca-trust/source/anchors/JHUAPL-MS-Root-CA-05-21-2038-B64-text.crt && \
update-ca-trust && \
echo "Root CA added" \
) || true
ENV PIP_CERT=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ENV PIP_DEFAULT_TIMEOUT=300
# Explicit User (top of file to avoid conflicts down the line with IDs)
ENV APP_USER=anms
RUN groupadd -r -g 9999 ${APP_USER} && \
useradd -m -r -g ${APP_USER} -u 9999 ${APP_USER}
# This image uses systemd init process to manage local services.
# Derived image targets choose which servies are enabled.
#
FROM registry.access.redhat.com/ubi9/ubi-init:9.2 AS anms-init
# Optional APL network configuration from
# https://aplprod.servicenowservices.com/sp?id=kb_article&sys_id=c0de6fe91b83d85071b143bae54bcb34
RUN ( \
curl -sL http://apllinuxdepot.jhuapl.edu/linux/APL-root-cert/JHUAPL-MS-Root-CA-05-21-2038-B64-text.cer -o /etc/pki/ca-trust/source/anchors/JHUAPL-MS-Root-CA-05-21-2038-B64-text.crt && \
update-ca-trust && \
echo "Root CA added" \
) || true
ENV PIP_CERT=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ENV PIP_DEFAULT_TIMEOUT=300
RUN dnf -y install container-tools
# Container service config
RUN systemctl disable dnf-makecache.timer
# This image includes common libraries used by the aricodec and anms-core
# containers.
# Sets environment:
# PY_WHEEL_DIR to local PIP wheel search path
#
FROM anms-base AS anms-acelib
# Install System Level Dependencies
RUN --mount=type=cache,target=/root/.cache/pip \
dnf -y install python3 python3-pip python3-wheel python3-setuptools && \
dnf clean all && rm -rf /var/cache/yum && \
pip3 install --upgrade pip pip-tools
# Submodules with dependencies
env PY_WHEEL_DIR=/usr/local/lib/wheels
COPY deps/anms-ace /usr/src/anms-ace
RUN --mount=type=cache,target=/root/.cache/pip \
pip3 wheel /usr/src/anms-ace -w ${PY_WHEEL_DIR} --no-deps
COPY deps/anms-camp /usr/src/anms-camp
RUN --mount=type=cache,target=/root/.cache/pip \
pip3 wheel /usr/src/anms-camp -w ${PY_WHEEL_DIR} --no-deps