Google Git
Sign in
apache / cloudberry / HEAD / . / devops / deploy / docker / test / rocky8 / Dockerfile
blob: 5f6858d41aeb6ca7abb77b328e7b621ce6bad45e [file] [log] [blame]
# --------------------------------------------------------------------
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed
# with this work for additional information regarding copyright
# ownership. The ASF licenses this file to You under the Apache
# License, Version 2.0 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of the
# License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing
# permissions and limitations under the License.
#
# --------------------------------------------------------------------
#
# Apache Cloudberry (Incubating) is an effort undergoing incubation at
# the Apache Software Foundation (ASF), sponsored by the Apache
# Incubator PMC.
#
# Incubation is required of all newly accepted projects until a
# further review indicates that the infrastructure, communications,
# and decision making process have stabilized in a manner consistent
# with other successful ASF projects.
#
# While incubation status is not necessarily a reflection of the
# completeness or stability of the code, it does indicate that the
# project has yet to be fully endorsed by the ASF.
#
# --------------------------------------------------------------------
# Dockerfile for Apache Cloudberry Base Environment
# --------------------------------------------------------------------
# This Dockerfile sets up a Rocky Linux 8-based container to serve as
# a base environment for evaluating Apache Cloudberry. It installs
# necessary system utilities, configures the environment for SSH access,
# and sets up a 'gpadmin' user with sudo privileges. The Apache
# Cloudberry RPM can be installed into this container for testing and
# functional verification.
#
# Key Features:
# - Locale setup for en_US.UTF-8
# - SSH daemon setup for remote access
# - Essential system utilities installation
# - Separate user creation and configuration steps
#
# Security Considerations:
# - This Dockerfile prioritizes ease of use for functional testing and
# evaluation. It includes configurations such as passwordless sudo access
# for the 'gpadmin' user and SSH access with password authentication.
# - These configurations are suitable for testing and development but
# should NOT be used in a production environment due to potential security
# risks.
#
# Usage:
# docker build -t cloudberry-db-base-env .
# docker run -h cdw -it cloudberry-db-base-env
# --------------------------------------------------------------------
# Base image: Rocky Linux 8
FROM rockylinux/rockylinux:8
# Argument for configuring the timezone
ARG TIMEZONE_VAR="America/Los_Angeles"
# Environment variables for locale
ENV LANG=en_US.UTF-8
# --------------------------------------------------------------------
# System Update and Installation
# --------------------------------------------------------------------
# Update the system and install essential system utilities required for
# running and testing Apache Cloudberry. Cleanup the DNF cache afterward
# to reduce the image size.
# --------------------------------------------------------------------
RUN dnf install -y \
file \
gdb \
glibc-locale-source \
make \
openssh \
openssh-clients \
openssh-server \
procps-ng \
sudo \
which \
&& \
dnf clean all # Clean up DNF cache after package installations
# --------------------------------------------------------------------
# User Creation and Configuration
# --------------------------------------------------------------------
# - Create the 'gpadmin' user and group.
# - Configure the 'gpadmin' user with passwordless sudo privileges.
# - Add Cloudberry-specific entries to the gpadmin's .bashrc.
# --------------------------------------------------------------------
RUN /usr/sbin/groupadd gpadmin && \
/usr/sbin/useradd gpadmin -g gpadmin -G wheel && \
echo 'gpadmin ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/90-gpadmin && \
echo -e '\n# Add Cloudberry entries\nif [ -f /usr/local/cloudberry/cloudberry-env.sh ]; then\n source /usr/local/cloudberry/cloudberry-env.sh\n export COORDINATOR_DATA_DIRECTORY=/data1/coordinator/gpseg-1\nfi' >> /home/gpadmin/.bashrc
# --------------------------------------------------------------------
# Copy Configuration Files and Setup the Environment
# --------------------------------------------------------------------
# - Copy custom configuration files from the build context to /tmp/.
# - Apply custom system limits and timezone.
# - Set up SSH for password-based authentication.
# - Generate locale and set the default locale to en_US.UTF-8.
# --------------------------------------------------------------------
COPY ./configs/* /tmp/
RUN cp /tmp/90-cbdb-limits /etc/security/limits.d/90-cbdb-limits && \
sed -i.bak -r 's/^(session\s+required\s+pam_limits.so)/#\1/' /etc/pam.d/* && \
cat /usr/share/zoneinfo/${TIMEZONE_VAR} > /etc/localtime && \
chmod 777 /tmp/init_system.sh && \
setcap cap_net_raw+ep /usr/bin/ping && \
ssh-keygen -A && \
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config && \
localedef -i en_US -f UTF-8 en_US.UTF-8 && \
echo "LANG=en_US.UTF-8" | tee /etc/locale.conf
# --------------------------------------------------------------------
# Set the Default User and Command
# --------------------------------------------------------------------
# The default user is set to 'gpadmin', and the container starts by
# running the init_system.sh script. This container serves as a base
# environment, and the Apache Cloudberry RPM can be installed for
# testing and functional verification.
# --------------------------------------------------------------------
USER gpadmin
CMD ["bash","-c","/tmp/init_system.sh"]