diff --git a/docker-c8/Dockerfile b/docker-c8/Dockerfile index ede7c70..2cc43c1 100644 --- a/docker-c8/Dockerfile +++ b/docker-c8/Dockerfile @@ -1,5 +1,11 @@ FROM rockylinux:8 +# Add labels +LABEL org.opencontainers.image.source=https://github.com/stfc/grid-workernode +LABEL org.opencontainers.image.authors=gstsm@stfc.atlassian.net +LABEL org.opencontainers.image.description="A specialised container image optimised for high-performance batch job execution in RAL's computing environment. \ +It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations." + # Basic dependencies RUN dnf -y install \ zip \ @@ -15,44 +21,49 @@ RUN dnf -y install \ attr \ tcsh \ numactl \ - bc - -# Create all possible pool accounts -RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash - + bc \ + wget && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf # CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version) RUN dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \ - https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_8/noarch/cvmfs-config-egi-2.7-1.8.obs.el8.noarch.rpm -RUN dnf -y install cvmfs + https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_8/noarch/cvmfs-config-egi-2.7-1.8.obs.el8.noarch.rpm && \ + # Install CVMFS + dnf -y install cvmfs && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# EPEL +# Install EPEL repository RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # Install HEP_OSlibs -RUN dnf -y install https://linuxsoft.cern.ch/wlcg/centos8/x86_64/wlcg-repo-1.0.0-1.el8.noarch.rpm -RUN dnf -y install --enablerepo=devel HEP_OSlibs +RUN dnf -y install https://linuxsoft.cern.ch/wlcg/centos8/x86_64/wlcg-repo-1.0.0-1.el8.noarch.rpm && \ + dnf -y install --enablerepo=devel HEP_OSlibs && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf # Boost (need to ensure gfal CLI from CVMFS will work for some VOs) RUN dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \ boost-regex boost-serialization boost-signals boost-system boost-test \ - boost-thread boost-wave - -# Apptainer -RUN dnf -y install apptainer - -# Disable overlay and loop device management in Apptainer -RUN sed -i '/enable overlay/c\enable overlay = no' /etc/apptainer/apptainer.conf && \ - sed -i '/enable underlay/c\enable underlay = yes' /etc/apptainer/apptainer.conf && \ - sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf + boost-thread boost-wave && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# Deny setuid in Apptainer -RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf +# Install Apptainer +RUN dnf -y install apptainer && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# Update & cleanup +# Update OS packages & tidy up RUN dnf -y update && \ dnf clean all && \ rm -rf /var/cache/dnf -LABEL source=https://github.com/stfc/grid-workernode -LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \ -It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations." +# Create all possible pool accounts +RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash - diff --git a/docker-c9/Dockerfile b/docker-c9/Dockerfile index e4195e0..21a9b8b 100644 --- a/docker-c9/Dockerfile +++ b/docker-c9/Dockerfile @@ -1,5 +1,11 @@ FROM rockylinux:9 +# Add labels +LABEL org.opencontainers.image.source=https://github.com/stfc/grid-workernode +LABEL org.opencontainers.image.authors=gstsm@stfc.atlassian.net +LABEL org.opencontainers.image.description="A specialised container image optimised for high-performance batch job execution in RAL's computing environment. \ +It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations." + # Basic dependencies RUN dnf -y install \ zip \ @@ -15,44 +21,49 @@ RUN dnf -y install \ attr \ tcsh \ numactl \ - bc - -# Create all possible pool accounts -RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash - + bc \ + wget && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf # CVMFS (for SUM tests only; install before adding other repos to ensure we have the latest version) RUN dnf -y install https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm \ - https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_9/noarch/cvmfs-config-egi-2.7-1.8.obs.el9.noarch.rpm -RUN dnf -y install cvmfs + https://download.opensuse.org/repositories/home:/cvmfs:/contrib-egi/AlmaLinux_9/noarch/cvmfs-config-egi-2.7-1.8.obs.el9.noarch.rpm && \ + # Install CVMFS + dnf -y install cvmfs && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# EPEL +# Install EPEL repository RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm # Install HEP_OSlibs -RUN dnf -y install https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-repo-1.0.0-1.el9.noarch.rpm -RUN dnf -y install --enablerepo=devel HEP_OSlibs +RUN dnf -y install https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-repo-1.0.0-1.el9.noarch.rpm && \ + dnf -y install --enablerepo=devel HEP_OSlibs && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf # Boost (need to ensure gfal CLI from CVMFS will work for some VOs) RUN dnf -y install boost-date-time boost-filesystem boost-graph boost-iostreams boost-program-options \ boost-regex boost-serialization boost-system boost-test \ - boost-thread boost-wave - -# Apptainer -RUN dnf -y install apptainer - -# Disable overlay and loop device management in Apptainer -RUN sed -i '/enable overlay/c\enable overlay = no' /etc/apptainer/apptainer.conf && \ - sed -i '/enable underlay/c\enable underlay = yes' /etc/apptainer/apptainer.conf && \ - sed -i '/max loop devices/c\max loop devices = 0' /etc/apptainer/apptainer.conf + boost-thread boost-wave && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# Deny setuid in Apptainer -RUN sed -i '/allow setuid/c\allow setuid = no' /etc/apptainer/apptainer.conf +# Install Apptainer +RUN dnf -y install apptainer && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# Update & cleanup +# Update OS packages & tidy up RUN dnf -y update && \ dnf clean all && \ rm -rf /var/cache/dnf -LABEL source=https://github.com/stfc/grid-workernode -LABEL description="A specialised container image optimized for high-performance batch job execution in RAL's computing environment. \ -It includes essential software, libraries, and dependencies, ensuring efficient, and scalable job processing, benefiting researchers and organisations." +# Create all possible pool accounts +RUN curl -s https://raw.githubusercontent.com/stfc/grid-workernode/master/resources/pool_accounts/create.sh | bash - diff --git a/xrootd/Dockerfile b/xrootd/Dockerfile index f5f5874..770d977 100644 --- a/xrootd/Dockerfile +++ b/xrootd/Dockerfile @@ -1,10 +1,18 @@ FROM rockylinux:8 + +# Add labels and arguments ARG XROOTD_VERSION=5.7.3-3 ARG XRDCEPH_VERSION=5.7.3-3 ARG CEPH_VERSION=14.2.22-0 +ARG ARCH=x86_64 +ARG DISTRO=el8 LABEL xrootd-ver=$XROOTD_VERSION LABEL xrdceph-ver=$XRDCEPH_VERSION LABEL ceph-ver=$CEPH_VERSION +LABEL org.opencontainers.image.source=https://github.com/stfc/grid-workernode +LABEL org.opencontainers.image.authors=gstsm@stfc.atlassian.net +LABEL org.opencontainers.image.description="A specialised container image optimised as a local XROOTD gateway in RAL's computing environment. \ +It includes software for XROOTD along with libraries, and dependencies, ensuring efficient, and scalable data staging, benefiting researchers and organisations." # xrootd user - needs to be consistent with the host RUN groupadd --gid 65432 xrootd && \ @@ -13,50 +21,52 @@ RUN groupadd --gid 65432 xrootd && \ # Repositories COPY *.repo /etc/yum.repos.d/ -# install versionlock, and configure versionlocks -RUN dnf -y install python3-dnf-plugin-versionlock -RUN dnf -y versionlock add ceph-${CEPH_VERSION}.el8.x86_64 \ - ceph-base-${CEPH_VERSION}.el8.x86_64 \ - ceph-common-${CEPH_VERSION}.el8.x86_64 \ - ceph-mds-${CEPH_VERSION}.el8.x86_64 \ - ceph-mgr-${CEPH_VERSION}.el8.x86_64 \ - ceph-mon-${CEPH_VERSION}.el8.x86_64 \ - ceph-osd-${CEPH_VERSION}.el8.x86_64 \ - ceph-selinux-${CEPH_VERSION}.el8.x86_64 \ - libcephfs2-${CEPH_VERSION}.el8.x86_64 \ - librados2-${CEPH_VERSION}.el8.x86_64 \ - libradosstriper1-${CEPH_VERSION}.el8.x86_64 \ - librbd1-${CEPH_VERSION}.el8.x86_64 \ - librgw2-${CEPH_VERSION}.el8.x86_64 \ - python-ceph-argparse-${CEPH_VERSION}.el8.x86_64 \ - python-cephfs-${CEPH_VERSION}.el8.x86_64 \ - python-rados-${CEPH_VERSION}.el8.x86_64 \ - python-rbd-${CEPH_VERSION}.el8.x86_64 \ - python-rgw-${CEPH_VERSION}.el8.x86_64 \ - python3-ceph-argparse-${CEPH_VERSION}.el8.x86_64 \ - python3-cephfs-${CEPH_VERSION}.el8.x86_64 \ - python3-rados-${CEPH_VERSION}.el8.x86_64 \ - python3-rbd-${CEPH_VERSION}.el8.x86_64 \ - python3-rgw-${CEPH_VERSION}.el8.x86_64 \ - xrootd-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-client-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-client-libs-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-libs-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-selinux-${XROOTD_VERSION}.el8.noarch \ - xrootd-server-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-server-libs-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-ceph-buffered-${XRDCEPH_VERSION}.el8.x86_64 \ - xrootd-voms-${XROOTD_VERSION}.el8.x86_64 \ - xrootd-scitokens-${XROOTD_VERSION}.el8.x86_64 - -RUN dnf -y versionlock list - +# Install versionlock, and configure versionlocks +RUN dnf -y install python3-dnf-plugin-versionlock && \ + dnf -y versionlock add ceph-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-base-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-common-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-mds-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-mgr-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-mon-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-osd-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + ceph-selinux-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + libcephfs2-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + librados2-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + libradosstriper1-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + librbd1-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + librgw2-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python-ceph-argparse-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python-cephfs-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python-rados-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python-rbd-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python-rgw-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python3-ceph-argparse-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python3-cephfs-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python3-rados-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python3-rbd-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + python3-rgw-${CEPH_VERSION}.${DISTRO}.${ARCH} \ + xrootd-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-client-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-client-libs-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-libs-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-selinux-${XROOTD_VERSION}.${DISTRO}.noarch \ + xrootd-server-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-server-libs-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-ceph-buffered-${XRDCEPH_VERSION}.${DISTRO}.${ARCH} \ + xrootd-voms-${XROOTD_VERSION}.${DISTRO}.${ARCH} \ + xrootd-scitokens-${XROOTD_VERSION}.${DISTRO}.${ARCH} && \ + # For debugging purposes, show the versionlock list + dnf -y versionlock list -# Ceph +# Install CEPH RUN dnf -y install ceph \ - ceph-common + ceph-common && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# xrootd +# Install XROOTD RUN dnf -y install xrootd-ceph-buffered \ xrootd-client \ xrootd-client-libs \ @@ -65,23 +75,34 @@ RUN dnf -y install xrootd-ceph-buffered \ xrootd-server-libs \ xrootd-voms \ xrootd-scitokens \ - jemalloc - + jemalloc && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf # For N2N mapping -RUN dnf -y install http://repos.gridpp.rl.ac.uk/yum/xrootd-cmstfc/el8/xrootd-cmstfc-1.5.2-6.osgroup.el8.x86_64.rpm +RUN dnf -y install http://repos.gridpp.rl.ac.uk/yum/xrootd-cmstfc/${DISTRO}/xrootd-cmstfc-1.5.2-6.osgroup.${DISTRO}.${ARCH}.rpm -# Needed by the health-check scripts -RUN dnf -y install openssl +# Required for health-check scripts +RUN dnf -y install openssl && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# python3 needed for cephsum script +# Python3 required for cephsum script RUN dnf -y install python3 \ - python3-rados + python3-rados && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf # Install netcat for service healthcheck -RUN dnf -y install netcat +RUN dnf -y install netcat && \ + # Clean up cache to keep layer size small + dnf clean all && \ + rm -rf /var/cache/dnf -# Update & cleanup +# Update OS packages & tidy up RUN dnf -y update && \ dnf clean all && \ rm -rf /var/cache/dnf