Optimized mongodb-agent docker layers

Author: lsierant

docker/mongodb-agent-non-matrix/Dockerfile

@@ -1,6 +1,17 @@
 ARG imagebase
 FROM ${imagebase} as base
 
+FROM registry.access.redhat.com/ubi9/ubi-minimal as builder
+
+RUN microdnf install -y tar gzip && microdnf clean all
+
+COPY --from=base /data/mongodb-agent.tar.gz /data/mongodb-tools.tgz /tmp/
+RUN tar xfz /tmp/mongodb-agent.tar.gz -C /opt && \
+    tar xfz /tmp/mongodb-tools.tgz -C /opt && \
+    rm /tmp/*.tgz /tmp/*.tar.gz
+
+RUN chmod +x /opt/mongodb-mms-automation-agent-*/mongodb-mms-automation-agent
+
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 
 ARG version
@@ -15,46 +26,32 @@ LABEL name="MongoDB Agent" \
 
 # Replace libcurl-minimal and curl-minimal with the full versions
 # https://bugzilla.redhat.com/show_bug.cgi?id=1994521
-RUN  microdnf install -y libssh libpsl libbrotli \
+RUN    microdnf install -y libssh libpsl libbrotli \
     && microdnf download curl libcurl \
     && rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" \
-    && microdnf remove -y libcurl-minimal curl-minimal
-
-RUN microdnf install -y --disableplugin=subscription-manager --setopt=install_weak_deps=0 nss_wrapper
-# Copy-pasted from https://www.mongodb.com/docs/manual/tutorial/install-mongodb-enterprise-on-red-hat-tarball/
-RUN microdnf install -y --disableplugin=subscription-manager \
- cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-plain krb5-libs openldap openssl xz-libs
-# Dependencies for the Agent
-RUN microdnf install -y --disableplugin=subscription-manager  --setopt=install_weak_deps=0 \
-        net-snmp \
-        net-snmp-agent-libs
-RUN microdnf install -y --disableplugin=subscription-manager \
-    hostname tar gzip procps jq \
+    && microdnf remove -y libcurl-minimal curl-minimal \
+    && microdnf install -y --disableplugin=subscription-manager --setopt=install_weak_deps=0 nss_wrapper \
+    && microdnf install -y --disableplugin=subscription-manager \
+    cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-plain krb5-libs openldap openssl xz-libs \
+    && microdnf install -y --disableplugin=subscription-manager  --setopt=install_weak_deps=0 \
+           net-snmp \
+           net-snmp-agent-libs \
+    && microdnf install -y --disableplugin=subscription-manager \
+       hostname tar gzip procps jq \
     && microdnf upgrade -y  \
-    && rm -rf /var/lib/apt/lists/*
+    && microdnf clean all \
+    && mkdir -p /agent \
+             /var/lib/mongodb-mms-automation \
+             /var/log/mongodb-mms-automation \
+             /var/lib/automation/config \
+    && chmod -R +wr /var/log/mongodb-mms-automation/ \
+    && touch /var/log/mongodb-mms-automation/readiness.log \
+    && chmod ugo+rw /var/log/mongodb-mms-automation/readiness.log \
+    && chmod -R +r /var/lib/automation/config
 
-RUN mkdir -p /agent \
-    && mkdir -p /var/lib/mongodb-mms-automation \
-      && mkdir -p /var/log/mongodb-mms-automation/ \
-      && chmod -R +wr /var/log/mongodb-mms-automation/ \
-      # ensure that the agent user can write the logs in OpenShift
-      && touch /var/log/mongodb-mms-automation/readiness.log \
-      && chmod ugo+rw /var/log/mongodb-mms-automation/readiness.log
-
-
-COPY --from=base /data/mongodb-agent.tar.gz /agent
-COPY --from=base /data/mongodb-tools.tgz /agent
 COPY --from=base /data/LICENSE /licenses/LICENSE
-
-RUN tar xfz /agent/mongodb-agent.tar.gz \
-    && mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent /agent/mongodb-agent \
-    && chmod +x /agent/mongodb-agent \
-    && mkdir -p /var/lib/automation/config \
-    && chmod -R +r /var/lib/automation/config \
-    && rm /agent/mongodb-agent.tar.gz \
-    && rm -r mongodb-mms-automation-agent-*
-
-RUN tar xfz /agent/mongodb-tools.tgz --directory /var/lib/mongodb-mms-automation/ && rm /agent/mongodb-tools.tgz
+COPY --from=builder /opt/mongodb-mms-automation-agent-*/mongodb-mms-automation-agent /agent/mongodb-agent
+COPY --from=builder /opt/mongodb-database-tools-*/bin/ /usr/local/bin/
 
 USER 2000
 CMD ["/agent/mongodb-agent", "-cluster=/var/lib/automation/config/automation-config.json"]

docker/mongodb-agent/Dockerfile

@@ -1,5 +1,27 @@
 ARG imagebase
-FROM ${imagebase} as base
+FROM ${imagebase} AS base
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal AS builder
+
+RUN microdnf install -y tar gzip && microdnf clean all
+
+COPY --from=base /data/mongodb_tools_ubi.tgz /data/mongodb_agent_ubi.tgz /tmp/
+
+RUN tar xfz /tmp/mongodb_tools_ubi.tgz -C /opt && \
+    tar xfz /tmp/mongodb_agent_ubi.tgz -C /opt && \
+    rm /tmp/*.tgz
+
+RUN chmod +x /opt/mongodb-mms-automation-agent-*/mongodb-mms-automation-agent
+RUN chmod +x /opt/mongodb-database-tools-*/bin/*
+
+COPY --from=base /data/probe.sh \
+                 /data/readinessprobe \
+                 /data/version-upgrade-hook \
+                 /data/agent-launcher-lib.sh \
+                 /data/agent-launcher.sh \
+                 /opt/scripts/
+
+RUN chmod +x  /opt/scripts/*
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 
@@ -13,51 +35,37 @@ LABEL name="MongoDB Agent" \
       release="1" \
       maintainer="[email protected]"
 
-COPY --from=base /data/probe.sh /opt/scripts/probe.sh
-COPY --from=base /data/readinessprobe /opt/scripts/readinessprobe
-COPY --from=base /data/version-upgrade-hook /opt/scripts/version-upgrade-hook
-COPY --from=base /data/agent-launcher-lib.sh /opt/scripts/agent-launcher-lib.sh
-COPY --from=base /data/agent-launcher.sh /opt/scripts/agent-launcher.sh
-COPY --from=base /data/LICENSE /licenses/LICENSE
-
-# Replace libcurl-minimal and curl-minimal with the full versions
-# https://bugzilla.redhat.com/show_bug.cgi?id=1994521
-RUN  microdnf install -y libssh libpsl libbrotli \
+RUN    microdnf install -y libssh libpsl libbrotli \
     && microdnf download curl libcurl \
     && rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" \
-    && microdnf remove -y libcurl-minimal curl-minimal
-
-RUN microdnf install -y --disableplugin=subscription-manager --setopt=install_weak_deps=0 nss_wrapper
-# Copy-pasted from https://www.mongodb.com/docs/manual/tutorial/install-mongodb-enterprise-on-red-hat-tarball/
-RUN microdnf install -y --disableplugin=subscription-manager \
- cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-plain krb5-libs openldap openssl xz-libs
-# Dependencies for the Agent
-RUN microdnf install -y --disableplugin=subscription-manager  --setopt=install_weak_deps=0 \
-        net-snmp \
-        net-snmp-agent-libs
-RUN microdnf install -y --disableplugin=subscription-manager \
-    hostname tar gzip procps jq \
+    && microdnf remove -y libcurl-minimal curl-minimal \
+    && microdnf install -y --disableplugin=subscription-manager --setopt=install_weak_deps=0 nss_wrapper \
+    && microdnf install -y --disableplugin=subscription-manager \
+    cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-plain krb5-libs openldap openssl xz-libs \
+    && microdnf install -y --disableplugin=subscription-manager  --setopt=install_weak_deps=0 \
+           net-snmp \
+           net-snmp-agent-libs \
+    && microdnf install -y --disableplugin=subscription-manager \
+       hostname tar gzip procps jq \
     && microdnf upgrade -y  \
-    && rm -rf /var/lib/apt/lists/*
+    && microdnf clean all \
+    && mkdir -p /agent \
+             /var/lib/mongodb-mms-automation \
+             /var/log/mongodb-mms-automation \
+             /var/lib/automation/config \
+    && chmod -R +wr /var/log/mongodb-mms-automation/ \
+    && touch /var/log/mongodb-mms-automation/readiness.log \
+    && chmod ugo+rw /var/log/mongodb-mms-automation/readiness.log \
+    && chmod -R +r /var/lib/automation/config
 
+COPY --from=base /data/LICENSE /licenses/LICENSE
 
-COPY --from=base /data/mongodb_tools_ubi.tgz /tools/mongodb_tools.tgz
-COPY --from=base /data/mongodb_agent_ubi.tgz /agent/mongodb_agent.tgz
-
-RUN tar xfz /tools/mongodb_tools.tgz
-RUN mv mongodb-database-tools-*/bin/* /tools
-RUN chmod +x /tools/*
-RUN rm /tools/mongodb_tools.tgz
-RUN rm -rf /mongodb-database-tools-*
-
-RUN tar xfz /agent/mongodb_agent.tgz
-RUN mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent /agent/mongodb-agent
-RUN chmod +x /agent/mongodb-agent
-RUN rm /agent/mongodb_agent.tgz
-RUN rm -rf mongodb-mms-automation-agent-*
+COPY --from=builder /opt/scripts/* /opt/scripts/
+COPY --from=builder /opt/mongodb-database-tools-*/bin /tools
+COPY --from=builder /opt/mongodb-mms-automation-agent-*/mongodb-mms-automation-agent /agent/mongodb-agent
 
-RUN mkdir -p /var/lib/automation/config
-RUN chmod -R +r /var/lib/automation/config
+RUN mkdir -p /var/lib/automation/config \
+    && chmod -R +r /var/lib/automation/config
 
 USER 2000
 

lib/sonar/builders/docker.py

@@ -81,16 +81,28 @@ def docker_build_cli(
     if not dockerfile_path.startswith("/"):
         dockerfile_path = f"{path}/{dockerfile_path}"
 
-    args = get_docker_build_cli_args(
+    cli_command_args = get_docker_build_cli_args(
         path=path, dockerfile=dockerfile_path, tag=tag, buildargs=buildargs, labels=labels, platform=platform
     )
 
-    args_str = " ".join(args)
-    logger.info(f"executing cli docker build: {args_str}")
+    cli_command_args_str = " ".join(cli_command_args)
+    logger.info(f"executing cli docker build: {cli_command_args_str}")
 
-    cp = subprocess.run(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if cp.returncode != 0:
-        raise SonarAPIError(cp.stderr)
+    docker_build_process = subprocess.Popen(
+        cli_command_args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, bufsize=1
+    )
+    collected_output_lines = []
+    if docker_build_process.stdout:
+        for output_stream_line in iter(docker_build_process.stdout.readline, ""):
+            newline_stripped_line = output_stream_line.rstrip()
+            logger.info(newline_stripped_line)
+            collected_output_lines.append(newline_stripped_line)
+        docker_build_process.stdout.close()
+
+    process_exit_code = docker_build_process.wait()
+
+    if process_exit_code != 0:
+        raise SonarAPIError("\n".join(collected_output_lines))
 
 
 def get_docker_build_cli_args(