Merge #1486 update container base images to Fedora 31

2026-02-08 15:53:18 +08:00 · 2019-11-04 20:27:39 +00:00
parent f95b665904 e582126106
commit 4eee019791
10 changed files with 30 additions and 42 deletions
--- a/2
+++ b/2
@@ -130,7 +130,7 @@ $script_services = <<SCRIPT_SERVICES
 SCRIPT_SERVICES

 Vagrant.configure("2") do |config|
-  config.vm.box = "fedora/29-cloud-base"
+  config.vm.box = "fedora/31-cloud-base"
  config.vm.synced_folder "./", "/opt/module_build_service"
  # Disable the default share
  config.vm.synced_folder ".", "/vagrant", disabled: true
--- a/docker/Dockerfile-tests-py3
+++ b/docker/Dockerfile-tests-py3
@@ -1,4 +1,4 @@
-FROM fedora:29
+FROM fedora:31

 WORKDIR /build
 RUN dnf -y install \
--- a/module_build_service/builder/KojiModuleBuilder.py
+++ b/module_build_service/builder/KojiModuleBuilder.py
@@ -302,7 +302,7 @@ class KojiModuleBuilder(GenericBuilder):
        name = "module-build-macros"
        version = "0.1"
        release = "1"
-        with set_locale(locale.LC_TIME, "en_US.utf8"):
+        with set_locale(locale.LC_TIME, "C"):
            today = datetime.date.today().strftime("%a %b %d %Y")
        mmd = module_build.mmd()

--- a/openshift/backend/Dockerfile
+++ b/openshift/backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM fedora:29 AS builder
+FROM fedora:31 AS builder

 ARG EXTRA_RPMS=""
 ARG GIT_REPO=""
@@ -24,7 +24,7 @@ RUN flake8 && \
    tox -v -e py3


-FROM fedora:29
+FROM fedora:31
 LABEL \
    org.opencontainers.image.title="Backend for the Module Build Service (MBS)" \
    org.opencontainers.image.description="The MBS coordinates module builds. This image is to serve as the MBS backend." \
@@ -42,13 +42,10 @@ LABEL \
 COPY --from=builder /srv/RPMS /srv/RPMS
 COPY repos/ /etc/yum.repos.d/

-# TODO: Unpin the `python3-libmodulemd` RPM once MBS is released with libmodulemd v2
 RUN $DNF_CMD install \
      python3-psycopg2 \
-      python3-docopt \
      python3-service-identity \
      /srv/*/*/*.rpm \
-      python3-libmodulemd \
      $EXTRA_RPMS && \
    $DNF_CMD clean all && \
    rm -rf /srv/RPMS
--- a/openshift/frontend/Dockerfile
+++ b/openshift/frontend/Dockerfile
@@ -25,10 +25,11 @@ LABEL \
 USER root

 RUN $DNF_CMD install \
-      nss_wrapper httpd mod_ssl mod_auth_gssapi python3-mod_wsgi && \
+      httpd mod_ssl mod_auth_gssapi python3-mod_wsgi && \
    $DNF_CMD clean all

 RUN chmod a+rwx /run/httpd && \
+    chmod a+rw /etc/passwd && \
    sed -i -r -e 's!Listen 80!Listen 8080!' \
              -e 's!^User apache!User default!' \
              -e 's!^Group apache!Group root!' \
@@ -45,10 +46,11 @@ RUN chmod a+rwx /run/httpd && \
              -e 's!^#(SSLCertificateChainFile)\s+\S+!\1 /etc/mbs-certs/frontendca.crt!' \
        /etc/httpd/conf.d/ssl.conf

-COPY openshift/frontend/run-httpd /usr/bin
+COPY openshift/frontend/run /usr/bin

 USER 1001

 VOLUME ["/etc/module-build-service", "/etc/fedmsg.d", "/etc/mbs-certs", "/etc/httpd/conf.d"]
 EXPOSE 8080/tcp 8443/tcp
-CMD ["/usr/bin/run-httpd"]
+ENTRYPOINT ["/usr/bin/run"]
+CMD ["httpd", "-D", "FOREGROUND"]
--- a/openshift/frontend/run
+++ b/openshift/frontend/run
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# OpenShift containers run as a user with a random uid. That uid does not appear
+# in /etc/passwd, causing any attempts to look up the username associated with
+# that uid to fail. This script appends an entry to /etc/passwd for the
+# "default" user, using the current uid and gid.
+
+if ! whoami &> /dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-default}:x:$(id -u):$(id -g):${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
+exec "$@"
--- a/openshift/frontend/run-httpd
+++ b/openshift/frontend/run-httpd
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-set -eu
-
-# OpenShift containers run as a user with a random uid, which does not appear in
-# /etc/passwd. httpd tries to look up the uid for the user it is running as
-# (default in this case), and will exit if it cannot find that user in
-# /etc/passwd. This script copies /etc/passwd to /tmp to make it writable, and
-# appends an entry to /etc/passwd for the "default" user, using the current uid
-# and gid. It then uses libnss_wrapper.so to redirect references from
-# /etc/passwd to our modified file in /tmp, so httpd can run as "default".
-
-export USER_ID=$(id -u)
-export GROUP_ID=$(id -g)
-
-cp /etc/passwd /tmp/passwd
-cat >> /tmp/passwd <<EOF
-default:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/sbin/nologin
-EOF
-
-export LD_PRELOAD=libnss_wrapper.so
-export NSS_WRAPPER_PASSWD=/tmp/passwd
-export NSS_WRAPPER_GROUP=/etc/group
-
-exec httpd -D FOREGROUND $@
--- a/openshift/integration/koji/containers/jenkins-slave/Dockerfile
+++ b/openshift/integration/koji/containers/jenkins-slave/Dockerfile
@@ -2,7 +2,7 @@
 # https://github.com/jenkinsci/docker-jnlp-slave/blob/master/Dockerfile
 # https://github.com/jenkinsci/docker-slave/blob/master/Dockerfile

-FROM fedora:29
+FROM fedora:31
 LABEL \
    org.opencontainers.image.title="Jenkins slave for Module Build Service (MBS) pipelines" \
    org.opencontainers.image.description="The MBS coordinates module builds. This image is to serve as the slave for executing build and test pipelines." \
@@ -15,8 +15,8 @@ LABEL \

 ARG USER=jenkins
 ARG UID=10000
-ARG HOME_DIR=/var/lib/jenkins
-ARG SLAVE_VERSION=3.29
+ARG HOME_DIR=/home/jenkins
+ARG REMOTING_VERSION=3.35
 ARG TINI_VERSION=0.18.0
 ARG DNF_CMD="dnf -y --setopt=deltarpm=0 --setopt=install_weak_deps=false --setopt=tsflags=nodocs"
 ARG CA_URLS=""
@@ -56,7 +56,7 @@ RUN chmod g+rw /etc/passwd

 # Retrieve jenkins slave client
 RUN curl --create-dirs -sSLo /usr/share/jenkins/slave.jar \
-    https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${SLAVE_VERSION}/remoting-${SLAVE_VERSION}.jar && \
+    https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${REMOTING_VERSION}/remoting-${REMOTING_VERSION}.jar && \
    chmod 755 /usr/share/jenkins && \
    chmod 644 /usr/share/jenkins/slave.jar

--- a/openshift/integration/koji/pipelines/jobs/mbs-postmerge.env
+++ b/openshift/integration/koji/pipelines/jobs/mbs-postmerge.env
@@ -1,4 +1,4 @@
 NAME=mbs-postmerge
-EXTRA_REPOS=https://copr.fedorainfracloud.org/coprs/mikeb/mbs-messaging-umb/repo/fedora-29/mikeb-mbs-messaging-umb-fedora-29.repo
+EXTRA_REPOS=https://copr.fedorainfracloud.org/coprs/mikeb/mbs-messaging-umb/repo/fedora-31/mikeb-mbs-messaging-umb-fedora-31.repo
 EXTRA_RPMS=mbs-messaging-umb
 MAIL_ADDRESS=pnt-factory2-alerts@redhat.com
--- a/openshift/integration/koji/pipelines/jobs/mbs-premerge.env
+++ b/openshift/integration/koji/pipelines/jobs/mbs-premerge.env
@@ -1,4 +1,4 @@
 NAME=mbs-premerge
-EXTRA_REPOS=https://copr.fedorainfracloud.org/coprs/mikeb/mbs-messaging-umb/repo/fedora-29/mikeb-mbs-messaging-umb-fedora-29.repo
+EXTRA_REPOS=https://copr.fedorainfracloud.org/coprs/mikeb/mbs-messaging-umb/repo/fedora-31/mikeb-mbs-messaging-umb-fedora-31.repo
 EXTRA_RPMS=mbs-messaging-umb
 MAIL_ADDRESS=pnt-factory2-alerts@redhat.com