

Container Development Guide¶

This document contains instructions for OSG Technology Team members, including:

How to to develop container images that adhere to our container release policy
How to build a new version of an existing image
How to manage tags for images in the OSG DockerHub organization
Tips for container image development

Creating a New Container Image¶

Prepare the GitHub repository¶

Create a Git repository whose name is prefixed with docker-, e.g. docker-frontier-squid
Create a README.md file describing the software provided by the image
Create a LICENSE file containing the Apache 2.0 license text

Create a Dockerfile based off of the OSG Software Base image:

FROM opensciencegrid/software-base:fresh

LABEL maintainer OSG Software <[email protected]>

RUN yum update -y && \
    yum clean all && \
    rm -rf /var/cache/yum/*

RUN yum install -y <PACKAGE> --enablerepo=osg-minefield && \
    yum clean all && \
    rm -rf /var/cache/yum/*

Replacing <PACKAGE> with the name of the RPM you'd like to provide in this container image

Prepare the DockerHub repository¶

Create a Docker Hub repo in the OSG organization.
Go to the permissions tab and give the robots team Read & Write access
Copy over .travis.yml and travis/ from a previous docker build (e.g., https://github.com/opensciencegrid/docker-frontier-squid). Update the docker_repos in build_docker.sh to the name of the Docker Hub repo
Set the +x bit on travis/build_docker.sh
Send the opensciencegrid GitHub repository URL to the Software Manager and ask them to do the following:
1. Enable the repository in Travis-CI
2. Add the OSG Software Docker Hub account credentials to the Travis CI repository as secure variables DOCKER_USERNAME and DOCKER_PASSWORD only available to the master branch. Ensure that Display value in build log remains unset. Escape any special characters with \.
3. Enable weekly cron builds from master and set Always run

Triggering Container Image Builds¶

To build a new version of an existing container image, e.g. for a new RPM version of software in the container, you can kick off a new build in one of two ways:

If there are no changes necessary to the container packaging: go to the repository's latest Travis-CI build off of master, e.g. https://travis-ci.org/opensciencegrid/docker-xcache, and click "Restart build"
If changes need to be made to the container packaging: submit a pull request with your changes to the relevant GitHub repository and request that another team member review it. Once merged into master, a Travis-CI build should start automatically.

If the Travis-CI build completes successfully, you should shortly see new fresh and timestamp tags appear in the DockerHub repository.

Automatic weekly rebuilds

If the repo's Travis-CI is configured as above, container images will automatically rebuild, and therefore pick up new packages available in minefield once per week.

Managing Tags in DockerHub¶

Adding tags¶

Images that have passed acceptance testing should be tagged as stable:

Install the jq utility:
```
yum install jq
```
Get the SHA256 repo digest of the image that the user has tested
Go to the Docker Hub repo (e.g., https://hub.docker.com/r/opensciencegrid/frontier-squid/tags) and find the <TIMESTAMP TAG> (e.g., 20191118-1706) corresponding to the digest in the previous step

Add your Docker Hub user/pass to a file with 600 permissions:

export user=<dockerhub username>
export pass=<dockerhub password>

Run the Docker container image tagging command from release-tools:

./dockerhub-tag-fresh-to-stable.sh <IMAGE NAME> <TIMESTAMP TAG>

Clean up your Docker Hub user/pass file

Removing tags¶

Run the Docker container image pruning command from release-tools:

./dockerhub-prune-tags.py <IMAGE NAME>

Making Slim Containers¶

Here are some resources for creating slim, efficient containers: