HYRAX-1964: Build images from bes base docker image (bes_core) instead of bes and libdap rpms#107
HYRAX-1964: Build images from bes base docker image (bes_core) instead of bes and libdap rpms#107hannahilea wants to merge 50 commits intomasterfrom
bes_core) instead of bes and libdap rpms#107Conversation
ndp-opendap
left a comment
ndp-opendap
left a comment
There was a problem hiding this comment.
Really the only substantive thing is the bit where the bes user_name gets set to root. YMMV - I think the BES will throw a rod at start up if we do that.
el8-builds/besd/Dockerfile
Outdated
| # -e 's:=/full/path/to/serverside/key/file.pem:=/etc/pki/bes/public/file.pem:' \ | ||
| # -e 's:=/full/path/to/clientside/certificate/file.pem:=/etc/pki/bes/cacerts/file.pem:' \ | ||
| # -e 's:=/full/path/to/clientside/key/file.pem:=/etc/pki/bes/public/file.pem:' \ | ||
| -e 's:=user_name:='"$USER"':' \ |
There was a problem hiding this comment.
I notice here that the USER on line 53 is set to root. But the BES should never run as root. The system needs a user for the BES to run s that is not root.
There was a problem hiding this comment.
I think that I already handled this at the bes_core image layer, where we create a new user + user group
https://github.com/OPENDAP/bes/blob/793740a991f057312806cff80afc15b69f568fc9/Dockerfile#L6
https://github.com/OPENDAP/bes/blob/793740a991f057312806cff80afc15b69f568fc9/Dockerfile#L13
and set that as the owner of the BES and bes daemon:
https://github.com/OPENDAP/bes/blob/793740a991f057312806cff80afc15b69f568fc9/Dockerfile#L52
If that isn't sufficient (or isn't what you mean), let's talk about it more!
I should probably have used a different variable name than USER at the bes_core level. Here at the hyrax-docker level I just renamed the USER variable to BES_USER to attempt to make clear what user we're referring to in various places (ENV BES_USER ${USER:-"bes_user"}).
|
Okay. I tested this change on SIT with hyrax500, and it seemed to be behaving normally (no errors, same response times as usual). Are there any special things we should be looking for on SIT, before deeming this good to go and merging? @ndp-opendap, probably a question for you. Otherwise I think this is ready to merge, pending any further discussion around the user id that ndp commented on above. |
|
...to prevent temporarily breaking el9 builds on master, we may want to consider reviewing and merging #120 into this branch before merging this branch down. |
|
|
…Ms (#120) * Update el-9 shared and besd build * update el9 hyrax * udpate el9 ngap * clean up * update helper functions * update .travis.yml to run CI on branch * i suppose equals signs are important * OLFS: Triggering hyrax-docker image production for el8. Build Version Matrix: TARGET_OS: el8 libdap4-3.21.1-390 2026-03-04T03:14:01+0000 bes-3.21.1-1096 2026-03-04T23:14:34+0000 olfs-1.18.15-726 2026-03-04T23:29:26+0000 hyrax-1.17.1-726 2026-03-04T23:29:26+0000 * OLFS: Triggering hyrax-docker image production for el9. Build Version Matrix: TARGET_OS: el9 TOMCAT_MAJOR_VERSION: 11 libdap4-3.21.1-390 2026-03-04T03:14:01+0000 bes-3.21.1-1096 2026-03-04T23:14:34+0000 olfs-1.18.15-727 2026-03-05T00:05:12+0000 hyrax-1.17.1-727 2026-03-05T00:05:12+0000 * OLFS: Triggering hyrax-docker image production for el8. Build Version Matrix: TARGET_OS: el8 libdap4-3.21.1-390 2026-03-04T03:14:01+0000 bes-3.21.1-1096 2026-03-04T23:14:34+0000 olfs-1.18.15-730 2026-03-05T17:35:18+0000 hyrax-1.17.1-730 2026-03-05T17:35:18+0000 * OLFS: Triggering hyrax-docker image production for el8. Build Version Matrix: TARGET_OS: el8 libdap4-3.21.1-390 2026-03-04T03:14:01+0000 bes-3.21.1-1101 2026-03-05T17:25:18+0000 olfs-1.18.15-731 2026-03-05T17:37:19+0000 hyrax-1.17.1-731 2026-03-05T17:37:19+0000 * OLFS: Triggering hyrax-docker image production for el9. Build Version Matrix: TARGET_OS: el9 TOMCAT_MAJOR_VERSION: 11 libdap4-3.21.1-390 2026-03-04T03:14:01+0000 bes-3.21.1-1101 2026-03-05T17:25:18+0000 olfs-1.18.15-732 2026-03-05T18:13:42+0000 hyrax-1.17.1-732 2026-03-05T18:13:42+0000 * install chkconfig for el9 * fix spelling bork * rearrange * update chkconfig install * tweaks from code review --------- Co-authored-by: Hannah Robertson <1076701+hannahilea@users.noreply.github.com> Co-authored-by: The-Robot-Travis <npotter@opendap.org>
|
Current sizes, calculated via running the below script [1] on my EC2 instance:
[1] I first cleaned out all images on my machine ( #!/bin/sh
set -e
function pull_images_for_tag(){
local prefix=$1
local tag=$2
local besd_tag=$3
echo "$prefix: Pulling images with version tag '$tag'"
docker pull opendap/hyrax:${tag}
docker pull opendap/besd:${besd_tag}
docker pull opendap/hyrax:ngap-${tag}
docker pull opendap/hyrax_ncwms:${tag}
}
docker image ls
# Build 3133: https://app.travis-ci.com/github/OPENDAP/hyrax-docker/builds/277628480
pull_images_for_tag "Master-el8" "1.17.1-733-el8" "3.21.1-1106-el8"
# Build 3136: https://app.travis-ci.com/github/OPENDAP/hyrax-docker/builds/277629035
pull_images_for_tag "New-el8" "1.17.1-733-el8-test-deploy" "3.21.1-1106-el8-test-deploy"
# Build 3134: https://app.travis-ci.com/github/OPENDAP/hyrax-docker/builds/277628568
pull_images_for_tag "Master-el9" "1.17.1-734-el9" "3.21.1-1106-el9"
# Build 3137: https://app.travis-ci.com/github/OPENDAP/hyrax-docker/builds/277629062
pull_images_for_tag "New-el9" "1.17.1-734-el9-test-deploy" "3.21.1-1106-el9-test-deploy"
docker image ls |
|
I was having a hard time interpreting the table, so I turned it into a couple charts. 
|
2 participants
Images to update (all for rhel8):
Before merge:
Note: does NOT update the rhel9 builds to build from this bes_core base image. That work will need to happen in another branch.