Experimental: CentOS base container #50
Conversation
There was a problem hiding this comment.
Thanks for sharing the experimental CentOS8 StackStorm Docker image!
A lot of interesting work in there 👍
While we can't merge it yet while relying on the Ubuntu images everywhere,
I hope more people would find it interesting too or may even provide their feedback ℹ️
| ## Installs Python3.7 from source - this is for running Packs with Python other than 3.6 | ||
| RUN wget https://www.python.org/ftp/python/3.7.6/Python-3.7.6.tar.xz \ | ||
| && tar -xf ./Python-3.7.6.tar.xz \ | ||
| && cd ./Python-3.7.6 \ | ||
| && ./configure \ | ||
| --enable-optimizations \ | ||
| --with-ensurepip=install \ | ||
| # --enable-loadable-sqlite-extensions \ | ||
| # --enable-shared \ | ||
| # --with-system-expat \ | ||
| # --with-system-ffi \ | ||
| && make -j "$(nproc)" \ | ||
| && cd .. |
There was a problem hiding this comment.
FYI Python 3.7 is not supported by stackstorm, not sure how it behaves even for packs
as we test with python 3.6 and 3.8.
I undersand this happens because there is no py3.6+ in EL8 package available, but building python from sources might be a non-stable approach in this scenario.
There was a problem hiding this comment.
This could really be any version of python. We have been running a separate python since early stackstorm at py2.x; so we built our packs with the 'major' python version at the time, py3.7.
though stackstorm itself runs with the py3.6 that the rpm installs with it.
yes, it would be great if there were updated EL8 packages for python (3.7, 3.8, etc...)
|
|
||
| services: | ||
| stackstorm: | ||
| image: stackstorm/st2/all-in-one-st2:3.5.0-1 |
There was a problem hiding this comment.
FYI we moved away from all-in-one Docker image with systemd and multiple processes inside sometime in the 2019 https://hub.docker.com/r/stackstorm/stackstorm
Won't go that path anymore as current st2-dockerfiles aligns with the docker practices running and configuring one service per container and avoiding systemd.
There was a problem hiding this comment.
I could easily configure this docker-compose like we do with kubernetes, running one container per service. We typically use the docker-compose for local development of packs, one stackstorm container is 'good enough' for us..
| healthcheck: | ||
| test: echo 'db.stats().ok' | mongo --quiet | ||
| interval: 5s | ||
| timeout: 5s | ||
| retries: 5 |
| ### systemd fix | ||
| There are four fixes to allowing systemd to work inside a container. | ||
| 1. Mounting /run as a tmpfs | ||
| 2. Mounting the /sys/fs/cgroup as a read-only volume inside the Container | ||
| 3. Removing all default systemd wants and only enabling services necessary to the application | ||
| 4. Entrypoint is /sbin/init |
There was a problem hiding this comment.
Good info, very helpful to have it all together 👍
In the past, we tried to avoid this path as cgroup mounting is not always an option for the broader use.
There was a problem hiding this comment.
appreciate the comments; I am not beholden to this approach, this is just what we figured out that worked. Open to better ideas.
|
|
||
| # Creates stanley user | ||
| RUN mkdir -p /home/stanley/.ssh && chmod 0700 /home/stanley/.ssh \ | ||
| && ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P "" \ |
There was a problem hiding this comment.
Just a note that generating SSH key for stanley and bundle it in a Docker image would be a dangerous way.
Though fine for a demo image.
There was a problem hiding this comment.
good catch, should do this in a separate built process
| ## Experimental | ||
| Dockerfiles to build and push CentOS/RPM based Stackstorm images | ||
|
|
||
| This builds a "all-in-one" container. Services can be started/stopped for each Stackstorm component. | ||
|
|
||
| This is initially for review, discussion, and verifying an alternative pathway. |
There was a problem hiding this comment.
FYI for someone who wants to try it or may need CentOS8 Docker images and provide feedback ℹ️
| RUN mkdir /opt/stackstorm/packs.dev | ||
|
|
||
| # Update oslo/crudini | ||
| RUN source /opt/stackstorm/st2/bin/activate && pip install --upgrade oslo.config |
There was a problem hiding this comment.
Any more context behind updating the oslo.config?
There was a problem hiding this comment.
I think we needed this for crudini; I'll check again...
| ## Known Issues | ||
|
|
||
| ## Kubernetes Deployments | ||
| Below are Helm Chart snippets to run this container |
There was a problem hiding this comment.
It's nice to have some K8s hints!
| @@ -0,0 +1,112 @@ | |||
| version: '3' | |||
There was a problem hiding this comment.
FYI we keep the Dockerfiles only in this repo.
And so the docker-compose deployment resides in https://github.com/stackStorm/st2-docker and K8s deployment in: https://github.com/stackStorm/stackstorm-ha
But for the feedback/demo purposes this PR includes all the deployment configuration as well from my understanding.
There was a problem hiding this comment.
Agreed; if this PR makes it beyond an experiment, I can work on separating out the other bits.
|
Thank you @armab for taking the time to review, I appreciate your comments. |
|
|
Experimental PR: Do not merge! This is an experimental release of the CentOS container. The container is not guaranteed to be in a stable condition.
This is a fork off of the the StackStorm container (https://github.com/StackStorm/st2-dockerfiles) to change the OS to CentOS instead of Ubuntu. It fixes the systemd errors associated with a CentOS container and runs the container in a non-privileged environment.
Please review and critique - any feedback welcome