Skip to content

Container Development Guide

This document contains instructions for OSG Technology Team members, including:

Creating a New Container Image

Prepare the GitHub repository

  1. Create a Git repository whose name is prefixed with docker-, e.g. docker-frontier-squid
  2. Create a README.md file describing the software provided by the image
  3. Create a LICENSE file containing the Apache 2.0 license text
  4. Create a Dockerfile based off of the OSG Software Base image:

    FROM opensciencegrid/software-base:fresh
    
    LABEL maintainer OSG Software <[email protected]>
    
    RUN yum update -y && \
        yum clean all && \
        rm -rf /var/cache/yum/*
    
    RUN yum install -y <PACKAGE> --enablerepo=osg-minefield && \
        yum clean all && \
        rm -rf /var/cache/yum/*
    

    Replacing <PACKAGE> with the name of the RPM you'd like to provide in this container image

Prepare the DockerHub repository

  1. Create a Docker Hub repo in the OSG organization.
  2. Go to the permissions tab and give the robots team Read & Write access
  3. Copy over .travis.yml and travis/ from a previous docker build (e.g., https://github.com/opensciencegrid/docker-frontier-squid). Update the docker_repos in build_docker.sh to the name of the Docker Hub repo
  4. Set the +x bit on travis/build_docker.sh
  5. Send the opensciencegrid GitHub repository URL to the Software Manager and ask them to do the following:
    1. Enable the repository in Travis-CI
    2. Add the OSG Software Docker Hub account credentials to the Travis CI repository as secure variables DOCKER_USERNAME and DOCKER_PASSWORD. Ensure that Display value in build log remains unset. Escape any special characters with \.
    3. Enable weekly cron builds from master and set Always run

Triggering Container Image Builds

To build a new version of an existing container image, e.g. for a new RPM version of software in the container, you can kick off a new build in one of two ways:

  • If there are no changes necessary to the container packaging: go to the repository's latest Travis-CI build off of master, e.g. https://travis-ci.org/opensciencegrid/docker-xcache, and click "Restart build"
  • If changes need to be made to the container packaging: submit a pull request with your changes to the relevant GitHub repository and request that another team member review it. Once merged into master, a Travis-CI build should start automatically.

If the Travis-CI build completes successfully, you should shortly see new fresh and timestamp tags appear in the DockerHub repository.

Automatic weekly rebuilds

If the repo's Travis-CI is configured as above, container images will automatically rebuild, and therefore pick up new packages available in minefield once per week.

Managing Tags in DockerHub

Adding tags

Images that have passed acceptance testing should be tagged as stable:

  1. Install the jq utility:

    yum install jq
    
  2. Get the SHA256 repo digest of the image that the user has tested

  3. Go to the Docker Hub repo (e.g., https://hub.docker.com/r/opensciencegrid/frontier-squid/tags) and find the <TIMESTAMP TAG> (e.g., 20191118-1706) corresponding to the digest in the previous step
  4. Add your Docker Hub user/pass to a file with 600 permissions:

    export user=<dockerhub username>
    export pass=<dockerhub password>
    
  5. Run the Docker container image tagging command from release-tools:

    ./dockerhub-tag-fresh-to-stable.sh <IMAGE NAME> <TIMESTAMP TAG>
    
  6. Clean up your Docker Hub user/pass file

Removing tags

Run the Docker container image pruning command from release-tools:

./dockerhub-prune-tags.py <IMAGE NAME>

Making Slim Containers

Here are some resources for creating slim, efficient containers: