Define a base Docker image and config-engine docker image based on De…

…bian Stretch (sonic-net#2076)

* Build a Docker base image based on Debian Stretch

* Build a config-engine Docker image based on Stretch

* Do not install socat from Debian repo

* Add changes that were made to docker-base since this PR was opened

.gitignore

@@ -47,7 +47,9 @@ src/thrift/*
 
 # Autogenerated Dockerfiles
 dockers/docker-base/Dockerfile
+dockers/docker-base-stretch/Dockerfile
 dockers/docker-config-engine/Dockerfile
+dockers/docker-config-engine-stretch/Dockerfile
 dockers/docker-database/Dockerfile
 dockers/docker-dhcp-relay/Dockerfile
 dockers/docker-fpm-frr/Dockerfile

dockers/docker-base-stretch/Dockerfile.j2

@@ -0,0 +1,79 @@
+FROM debian:stretch
+
+# Clean documentation in FROM image
+RUN find /usr/share/doc -depth \( -type f -o -type l \) ! -name copyright | xargs rm || true
+
+# Clean doc directories that are empty or only contain empty directories
+RUN while [ -n "$(find /usr/share/doc -depth -type d -empty -print -exec rmdir {} +)" ]; do :; done
+RUN rm -rf               \
+    /usr/share/man/*     \
+    /usr/share/groff/*   \
+    /usr/share/info/*    \
+    /usr/share/lintian/* \
+    /usr/share/linda/*   \
+    /var/cache/man/*     \
+    /usr/share/locale/*
+
+# Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Configure data sources for apt/dpkg
+COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"]
+COPY ["sources.list", "/etc/apt/sources.list"]
+COPY ["no_install_recommend_suggest", "/etc/apt/apt.conf.d"]
+RUN apt-get update
+
+# Pre-install fundamental packages
+RUN apt-get -y install \
+    less               \
+    perl               \
+    procps             \
+    python             \
+    rsyslog            \
+    vim-tiny
+
+COPY ["etc/rsyslog.conf", "/etc/rsyslog.conf"]
+COPY ["etc/rsyslog.d/*", "/etc/rsyslog.d/"]
+COPY ["root/.vimrc", "/root/.vimrc"]
+
+# Install dependencies of supervisor
+RUN apt-get -y install python-pkg-resources python-meld3
+
+RUN mkdir -p /etc/supervisor
+RUN mkdir -p /var/log/supervisor
+
+COPY ["etc/supervisor/supervisord.conf", "/etc/supervisor/"]
+
+RUN apt-get -y purge   \
+    exim4              \
+    exim4-base         \
+    exim4-config       \
+    exim4-daemon-light
+
+{% if docker_base_stretch_debs.strip() -%}
+# Copy built Debian packages
+{%- for deb in docker_base_stretch_debs.split(' ') %}
+COPY debs/{{ deb }} debs/
+{%- endfor %}
+
+# Install built Debian packages and implicitly install their dependencies
+{%- for deb in docker_base_stretch_debs.split(' ') %}
+RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt debs/{{ deb }}
+{%- endfor %}
+{%- endif %}
+
+{% if docker_base_stretch_dbgs.strip() -%}
+# Install common debug-packages
+{%- for dbg_pkg in docker_base_stretch_dbgs.split(' ') %}
+RUN apt-get -y install {{ dbg_pkg }}
+{%- endfor %}
+{% else %}
+RUN ln /usr/bin/vim.tiny /usr/bin/vim
+{%- endif %}
+
+# Clean up apt
+# Remove /var/lib/apt/lists/*, could be obsoleted for derived images
+RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
+RUN rm -rf /var/lib/apt/lists/*
+
+RUN rm -rf /tmp/*

dockers/docker-base-stretch/LICENSE

@@ -0,0 +1,13 @@
+Copyright 2016 Microsoft, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

dockers/docker-base-stretch/dpkg_01_drop

@@ -0,0 +1,22 @@
+## Drop unnecessary files
+## ref: https://wiki.ubuntu.com/ReducingDiskFootprint
+
+## Documentation
+path-exclude /usr/share/doc/*
+# we need to keep copyright files for legal reasons
+path-include /usr/share/doc/*/copyright
+path-exclude /usr/share/man/*
+path-exclude /usr/share/groff/*
+path-exclude /usr/share/info/*
+# lintian stuff is small, but really unnecessary
+path-exclude /usr/share/lintian/*
+path-exclude /usr/share/linda/*
+
+## Translations
+path-exclude /usr/share/locale/*
+
+## Landscape
+path-exclude /usr/share/pyshared/twisted/test*
+path-exclude /usr/lib/python*/dist-packages/twisted/test*
+path-exclude /usr/share/pyshared/twisted/*/test*
+path-exclude /usr/lib/python*/dist-packages/twisted/*/test*

dockers/docker-base-stretch/etc/rsyslog.conf

@@ -0,0 +1,69 @@
+#
+#  /etc/rsyslog.conf    Configuration file for rsyslog.
+#
+#                       For more information see
+#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+#$ModLoad imklog  # provides kernel logging support
+#$ModLoad immark  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+# Set remote syslog server
+template (name="ForwardFormatInContainer" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%")
+*.* action(type="omfwd" target="127.0.0.1" port="514" protocol="udp" Template="ForwardFormatInContainer")
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Define a custom template
+$template SONiCFileFormat,"%TIMESTAMP%.%timestamp:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+$ActionFileDefaultTemplate SONiCFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+#
+# Suppress duplicate messages and report "message repeated n times"
+#
+$RepeatedMsgReduction on
+
+###############
+#### RULES ####
+###############

dockers/docker-base-stretch/etc/rsyslog.d/supervisor.conf

@@ -0,0 +1,9 @@
+$ModLoad imfile
+
+$InputFileName /var/log/supervisor/supervisord.log
+$InputFileTag supervisord
+$InputFileStateFile state-supervisor
+$InputFileSeverity info
+$InputFileFacility local0
+$InputFilePersistStateInterval 1
+$InputRunFileMonitor

dockers/docker-base-stretch/etc/supervisor/supervisord.conf

@@ -0,0 +1,33 @@
+; supervisor config file
+
+[unix_http_server]
+file=/var/run/supervisor.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+username=dummy
+password=dummy
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+user=root
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket
+username=dummy
+password=dummy
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

dockers/docker-base-stretch/no_install_recommend_suggest

@@ -0,0 +1,5 @@
+# Instruct apt-get to NOT install "recommended" or "suggested" packages by
+# default when installing a package.
+
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";

dockers/docker-base-stretch/root/.vimrc

@@ -0,0 +1,2 @@
+" enable vim features
+set nocompatible

dockers/docker-base-stretch/sources.list

@@ -0,0 +1,8 @@
+## Debian mirror on Microsoft Azure
+## Ref: http://debian-archive.trafficmanager.net/
+
+deb http://debian-archive.trafficmanager.net/debian/ stretch main contrib non-free
+deb-src http://debian-archive.trafficmanager.net/debian/ stretch main contrib non-free
+deb http://debian-archive.trafficmanager.net/debian-security/ stretch/updates main contrib non-free
+deb-src http://debian-archive.trafficmanager.net/debian-security/ stretch/updates main contrib non-free
+deb http://debian-archive.trafficmanager.net/debian/ stretch-backports main contrib non-free

dockers/docker-config-engine-stretch/Dockerfile.j2

@@ -0,0 +1,47 @@
+FROM docker-base-stretch
+
+## Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update
+
+# Dependencies for sonic-cfggen
+RUN apt-get install -y python-lxml python-yaml python-bitarray python-pip python-dev python-natsort python-setuptools
+
+RUN pip install --upgrade pip
+
+RUN pip install netaddr ipaddr jinja2 pyangbind==0.5.10
+
+{% if docker_config_engine_stretch_debs.strip() %}
+COPY \
+{% for deb in docker_config_engine_stretch_debs.split(' ') -%}
+debs/{{ deb }}{{' '}}
+{%- endfor -%}
+debs/
+{%- endif -%}
+
+{% if docker_config_engine_stretch_debs.strip() %}
+RUN dpkg -i \
+{% for deb in docker_config_engine_stretch_debs.split(' ') -%}
+debs/{{ deb }}{{' '}}
+{%- endfor %}
+{%- endif -%}
+
+{% if docker_config_engine_stretch_whls.strip() %}
+COPY \
+{% for whl in docker_config_engine_stretch_whls.split(' ') -%}
+python-wheels/{{ whl }}{{' '}}
+{%- endfor -%}
+python-wheels/
+{%- endif -%}
+
+{% if docker_config_engine_stretch_whls.strip() %}
+RUN pip install \
+{% for whl in docker_config_engine_stretch_whls.split(' ') -%}
+python-wheels/{{ whl }}{{' '}}
+{%- endfor %}
+{%- endif -%}
+
+## Clean up
+RUN apt-get remove -y python-pip python-dev; apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
+RUN rm -rf /debs /python-wheels

rules/docker-base-stretch.mk

@@ -0,0 +1,18 @@
+# Docker base image (based on Debian Stretch)
+
+DOCKER_BASE_STRETCH = docker-base-stretch.gz
+$(DOCKER_BASE_STRETCH)_PATH = $(DOCKERS_PATH)/docker-base-stretch
+$(DOCKER_BASE_STRETCH)_DEPENDS += $(SUPERVISOR)
+$(DOCKER_BASE_STRETCH)_DEPENDS += $(SOCAT)
+
+ifeq ($(INSTALL_DEBUG_TOOLS),y)
+GDB = gdb
+GDBSERVER = gdbserver
+VIM = vim
+OPENSSH = openssh-client
+SSHPASS = sshpass
+STRACE = strace
+$(DOCKER_BASE_STRETCH)_DBG_PACKAGES += $(GDB) $(GDBSERVER) $(VIM) $(OPENSSH) $(SSHPASS) $(STRACE)
+endif
+
+SONIC_DOCKER_IMAGES += $(DOCKER_BASE_STRETCH)

rules/docker-config-engine-stretch.mk

@@ -0,0 +1,8 @@
+# docker image for sonic config engine
+
+DOCKER_CONFIG_ENGINE_STRETCH = docker-config-engine-stretch.gz
+$(DOCKER_CONFIG_ENGINE_STRETCH)_PATH = $(DOCKERS_PATH)/docker-config-engine-stretch
+$(DOCKER_CONFIG_ENGINE_STRETCH)_PYTHON_WHEELS += $(SWSSSDK_PY2)
+$(DOCKER_CONFIG_ENGINE_STRETCH)_PYTHON_WHEELS += $(SONIC_CONFIG_ENGINE)
+$(DOCKER_CONFIG_ENGINE_STRETCH)_LOAD_DOCKERS += $(DOCKER_BASE_STRETCH)
+SONIC_DOCKER_IMAGES += $(DOCKER_CONFIG_ENGINE_STRETCH)