Dockerize ova-webserver

installer/build/build-cache.sh

@@ -24,6 +24,10 @@ warrow="\033[0;00;97m=>\033[0m"
 barrow="\033[0;00;94m=>\033[0m"
 yarrow="\033[0;00;93m=>\033[0m"
 
+buildimages=(
+  "vmware/fileserver:${BUILD_OVA_REVISION},fileserver/Dockerfile,."
+)
+
 # cache docker images
 images=(
   vmware/admiral:vic_${BUILD_ADMIRAL_REVISION}
@@ -95,6 +99,26 @@ function cacheOther() {
   timecho "${warrow} saved all downloads"
 }
 
+function buildImages() {
+  timecho "${warrow} building container images"
+  mkdir -p ${CACHE}/docker/
+  for params in "${buildimages[@]}"; do
+    img=$(echo "${params}" | awk -F',' '{print $1}')
+    docker_file=$(echo "${params}" | awk -F',' '{print $2}')
+    context=$(echo "${params}" | awk -F',' '{print $3}')
+    timecho "${barrow} building ${brprpl}${img}${reset}"
+    docker build --no-cache -t ${img} -f ${docker_file} ${context}
+
+    archive="${CACHE}/docker/$(echo "${img##*/}" | tr ':' '-').tar.gz"
+    timecho "${yarrow} saving ${brprpl}${archive##*/}${reset}"
+    docker save "$img" | gzip > "$archive"
+
+    timecho "${warrow} ${img} details \n$(docker images --digests -f "dangling=false" --format "tag: {{.Tag}}, digest: {{.Digest}}, age: {{.CreatedSince}}" $(echo ${img} | cut -d ':' -f1))\n"
+  done
+
+  timecho "${warrow} built all images"
+}
+
 function usage() {
 timecho "Usage: $0 -c cache-directory" 1>&2
 exit 1
@@ -124,3 +148,4 @@ fi
 
 cacheImages
 cacheOther
+buildImages

installer/build/ova-manifest.json

@@ -158,11 +158,6 @@
     "source": "scripts/fileserver/configure_fileserver.sh",
     "destination": "/etc/vmware/fileserver/configure_fileserver.sh"
   },
-  {
-    "type": "file",
-    "source": "scripts/fileserver/start_fileserver.sh",
-    "destination": "/etc/vmware/fileserver/start_fileserver.sh"
-  },
   {
     "type": "file",
     "source": "scripts/verify.py",

installer/build/scripts/fileserver/configure_fileserver.sh

@@ -14,6 +14,5 @@
 # limitations under the License.
 set -uf -o pipefail
 
-mkdir -p "/opt/vmware/fileserver/ca_download"
-
 iptables -w -A INPUT -j ACCEPT -p tcp --dport "${FILESERVER_PORT}"
+echo "Finished fileserver config"

installer/build/scripts/fileserver/fileserver.service

@@ -11,7 +11,8 @@ RestartSec=15
 EnvironmentFile=/etc/vmware/environment
 ExecStartPre=-/usr/bin/systemctl stop landing_server.service
 ExecStartPre=/usr/bin/bash /etc/vmware/fileserver/configure_fileserver.sh
-ExecStart=/etc/vmware/fileserver/start_fileserver.sh
+ExecStart=/usr/bin/docker run --cap-drop ALL --cap-add NET_BIND_SERVICE --rm --name fileserver -v /opt/vmware/fileserver:/opt/vmware/fileserver -v /storage/data/certs:/certs:ro -p 80:80 -p ${FILESERVER_PORT}:9443 vmware/fileserver:ova
+ExecStop=/usr/bin/docker stop fileserver
 
 [Install]
 WantedBy=vic-appliance.target

installer/build/scripts/systemd/scripts/load-docker-images.sh

@@ -43,6 +43,16 @@ if [[ ! -f /etc/vmware/firstboot ]]; then
   echo "admiral=${ADMIRAL_IMAGE} ${ADMIRAL_IMAGE_ID}" >> /storage/data/version
   echo "admiral=${ADMIRAL_IMAGE} ${ADMIRAL_IMAGE_ID}" >> /etc/vmware/version
 
+  echo "Loading file server"
+  # tag fileserver as :ova
+  FILESERVER_IMAGE="vmware/fileserver:${BUILD_OVA_REVISION}"
+  docker tag "$FILESERVER_IMAGE" vmware/fileserver:ova
+  FILESERVER_IMAGE_ID=$(docker images vmware/fileserver:ova -q)
+
+  # Write version files
+  echo "fileserver=${FILESERVER_IMAGE} ${FILESERVER_IMAGE_ID}" >> /storage/data/version
+  echo "fileserver=${FILESERVER_IMAGE} ${FILESERVER_IMAGE_ID}" >> /etc/vmware/version
+
   echo "Loading vic-machine-server"
   # tag vic-machine-server as :ova
   VIC_MACHINE_SERVER_IMAGE="gcr.io/eminent-nation-87317/vic-machine-server:${BUILD_VIC_MACHINE_SERVER_REVISION}"

installer/fileserver/Dockerfile

@@ -0,0 +1,35 @@
+# Building:
+# from installer directory
+# make ova-webserver
+# docker build --no-cache -t vmware/fileserver:ova -f fileserver/Dockerfile .
+
+FROM photon:2.0
+
+RUN set -eux; \
+    tdnf distro-sync --refresh -y; \
+    tdnf install shadow -y; \
+    tdnf info installed; \
+    tdnf clean all
+
+# Default location for TLS - Specify `-v /host/cert/path:/certs` to use defaults
+# Override by providing a volume and values for `-e TLS_CERTIFICATE` and `-e TLS_PRIVATE_KEY`
+ENV TLS_CERTIFICATE=/certs/server.crt
+ENV TLS_PRIVATE_KEY=/certs/server.key
+ENV PORT 80
+ENV TLS_PORT 9443
+
+EXPOSE $PORT
+EXPOSE $TLS_PORT
+
+COPY bin/ova-webserver /usr/local/bin/
+
+RUN setcap cap_net_bind_service=+ep /usr/local/bin/ova-webserver
+
+# Create a VIC  user to run the application.
+RUN groupadd -g 10000 vic && \
+    useradd -u 10000 -g vic -s /sbin/nologin -c "VIC user" vic
+
+# Change to the VIC user.
+USER vic
+
+ENTRYPOINT /usr/local/bin/ova-webserver --addr ":${TLS_PORT}" --cert "${TLS_CERTIFICATE}" --key "${TLS_PRIVATE_KEY}"