diff --git a/hack/infrastructure/docker-ci.rst b/hack/infrastructure/docker-ci.rst index a133a582b5..0be530d302 100644 --- a/hack/infrastructure/docker-ci.rst +++ b/hack/infrastructure/docker-ci.rst @@ -52,18 +52,5 @@ nighthly release ================ The nightly release process is done by buildbot, running a DinD container that downloads -the docker repository and builds the release container. The resulting -docker binary is then tested, and if everything is fine the release is done. - -Building the release DinD Container ------------------------------------ - -# Log into docker-ci -ssh ubuntu@docker-ci.dotcloud.com -cd /data/docker/testing/nightlyrelease -# Add release_credentials.json as specified in ./Dockerfile -cat > release_credentials.json << EOF -EOF -sudo docker build -t dockerbuilder . -# Now that the container is built release_credentials.json is not needed anymore -git checkout release_credentials.json +the docker repository and builds the release container. The resulting docker +binary is then tested, and if everything is fine, the release is done. diff --git a/testing/Vagrantfile b/testing/Vagrantfile index 386e74b4d4..f153c824fd 100644 --- a/testing/Vagrantfile +++ b/testing/Vagrantfile @@ -4,7 +4,7 @@ BOX_NAME = "docker-ci" BOX_URI = "http://files.vagrantup.com/precise64.box" AWS_AMI = "ami-d0f89fb9" -DOCKER_PATH = "/data/docker" +DOCKER_PATH = "/go/src/github.com/dotcloud/docker" CFG_PATH = "#{DOCKER_PATH}/testing/buildbot" on_vbox = File.file?("#{File.dirname(__FILE__)}/.vagrant/machines/default/virtualbox/id") | \ Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty? & \ @@ -18,9 +18,9 @@ Vagrant::Config.run do |config| config.vm.forward_port 8010, 8010 config.vm.share_folder "v-data", DOCKER_PATH, "#{File.dirname(__FILE__)}/.." - # Deploy buildbot and its dependencies if it was not done if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty? + # Add memory limitation capabilities pkg_cmd = 'sed -Ei \'s/^(GRUB_CMDLINE_LINUX_DEFAULT)=.+/\\1="cgroup_enable=memory swapaccount=1 quiet"/\' /etc/default/grub; ' # Install new kernel @@ -31,36 +31,33 @@ Vagrant::Config.run do |config| "dpkg-reconfigure --frontend noninteractive tzdata; " \ "apt-get install -q -y python-dev python-pip supervisor; " \ "pip install -r #{CFG_PATH}/requirements.txt; " \ - "chown #{USER}.#{USER} /data; cd /data; " \ + "mkdir /data; chown #{USER}.#{USER} /data; cd /data; " \ "#{CFG_PATH}/setup.sh #{USER} #{CFG_PATH} #{ENV['BUILDBOT_PWD']} " \ "#{ENV['IRC_PWD']} #{ENV['IRC_CHANNEL']} #{ENV['SMTP_USER']} " \ "#{ENV['SMTP_PWD']} #{ENV['EMAIL_RCP']}; " \ "#{CFG_PATH}/setup_credentials.sh #{USER} " \ "#{ENV['REGISTRY_USER']} #{ENV['REGISTRY_PWD']}; " + # Install docker pkg_cmd << "mkdir /mnt/docker; ln -s /mnt/docker /var/lib/docker; " \ "wget -q -O - https://get.docker.io/gpg | apt-key add -; " \ "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list; " \ "apt-get update -qq; apt-get install -yq lxc-docker; " - # Enable docker host to run docker daemon in containers (dind) - pkg_cmd << "/sbin/stop docker; " - pkg_cmd << "DIND_CMD=\" umount /sys/fs/cgroup/*; umount /sys/fs/cgroup\\n" \ - " mount -t tmpfs none /sys/fs/cgroup; cd /sys/fs/cgroup\\n" \ - " for C in \x5C\x24(awk '{print \x5C\x241}' < /proc/cgroups | grep -v subsys | grep -v memory);\\n" \ - " do mkdir \x5C\x24C; mount -t cgroup none -o \x5C\x24C \x5C\x24C; done;\\n" \ - " /usr/bin/docker -d\"; " - pkg_cmd << "sed -Ei 's~start on filesystem.+~start on filesystem and started lxc-net~' /etc/init/docker.conf; " - pkg_cmd << "sed -Ei 's~ /usr/bin/docker -d~'\"$DIND_CMD\"'~' /etc/init/docker.conf; " + # Install testing dependencies - pkg_cmd << "curl -s https://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz | " \ - " tar -v -C /usr/local -xz; ln -s /usr/local/go/bin/go /usr/bin/go; " \ + pkg_cmd << "wget -O go.tgz http://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz; " \ + " tar -C /usr/local -vxzf go.tgz; ln -s /usr/local/go/bin/go /usr/bin/go; " \ "curl -s https://phantomjs.googlecode.com/files/phantomjs-1.9.1-linux-x86_64.tar.bz2 | " \ " tar jx -C /usr/bin --strip-components=2 phantomjs-1.9.1-linux-x86_64/bin/phantomjs; " \ "DEBIAN_FRONTEND=noninteractive apt-get install -qy lxc git mercurial aufs-tools " \ " make libfontconfig libevent-dev; " \ "export GOPATH=/data/docker-dependencies; go get -d github.com/dotcloud/docker; " \ "rm -rf ${GOPATH}/src/github.com/dotcloud/docker; " - # Activate new kernel options + + # After reboot, build containers and prepare docker to run on dind + pkg_cmd << "cp #{DOCKER_PATH}/testing/buildbot/dockerci_local.sh /etc/rc.local; " \ + + # Activate new kernel pkg_cmd << "shutdown -r +1; " config.vm.provision :shell, :inline => pkg_cmd end @@ -68,6 +65,7 @@ end # Providers were added on Vagrant >= 1.1.0 Vagrant::VERSION >= "1.1.0" and Vagrant.configure("2") do |config| + config.vm.box = "dummy" config.vm.provider :aws do |aws, override| aws.tags = { 'Name' => 'docker-ci' } aws.access_key_id = ENV["AWS_ACCESS_KEY_ID"] diff --git a/testing/buildbot/dockerci_local.sh b/testing/buildbot/dockerci_local.sh new file mode 100644 index 0000000000..8f70a2c11c --- /dev/null +++ b/testing/buildbot/dockerci_local.sh @@ -0,0 +1,15 @@ +#!/bin/sh -e +# This is a one time script to prepare docker-ci + +# Build docker nightly release container +cd /go/src/github.com/dotcloud/docker/testing/nightlyrelease; docker build -t dockerbuilder . + +# Relaunch docker for dind to work (disabling apparmor) +/sbin/stop docker +DIND_CMD=" /etc/init.d/apparmor stop; /etc/init.d/apparmor teardown; /usr/bin/docker -dns=8.8.8.8 -d" +sed -Ei "s~ /usr/bin/docker -d~$DIND_CMD~" /etc/init/docker.conf +/sbin/start docker + +# Self removing +echo -e '#!/bin/sh -e\nexit 0\n' > /etc/rc.local +exit 0 diff --git a/testing/buildbot/master.cfg b/testing/buildbot/master.cfg index 4ce125f6d0..3e3ce83528 100644 --- a/testing/buildbot/master.cfg +++ b/testing/buildbot/master.cfg @@ -20,7 +20,7 @@ TEST_PWD = 'docker' # Credential to authenticate build triggers BUILDER_NAME = 'docker' GITHUB_DOCKER = 'github.com/dotcloud/docker' BUILDBOT_PATH = '/data/buildbot' -DOCKER_PATH = '/data/docker' +DOCKER_PATH = '/go/src/github.com/dotcloud/docker' BUILDER_PATH = '/data/buildbot/slave/{0}/build'.format(BUILDER_NAME) PULL_REQUEST_PATH = '/data/buildbot/slave/pullrequest/build' @@ -52,8 +52,8 @@ c['schedulers'] += [SingleBranchScheduler(name="all", c['schedulers'] += [SingleBranchScheduler(name='pullrequest', change_filter=filter.ChangeFilter(category='github_pullrequest'), treeStableTimer=None, builderNames=['pullrequest'])] -c['schedulers'] += [Nightly(name='daily', branch=None, builderNames=['coverage','nightlyrelease'], - hour=0, minute=30)] +c['schedulers'] += [Nightly(name='daily', branch=None, builderNames=['nightlyrelease'], + hour=7, minute=00)] c['schedulers'] += [Nightly(name='every4hrs', branch=None, builderNames=['registry','index'], hour=range(0,24,4), minute=15)] @@ -110,8 +110,8 @@ c['builders'] += [BuilderConfig(name='index',slavenames=['buildworker'], factory=factory)] # Docker nightly release -nightlyrelease_cmd = ('docker run -i -t -privileged -lxc-conf="lxc.aa_profile = unconfined"' - ' -e AWS_S3_BUCKET="test.docker.io" dockerbuilder') +nightlyrelease_cmd = ('docker run -i -t -privileged -lxc-conf=lxc.aa_profile=unconfined' + ' -e AWS_S3_BUCKET=test.docker.io dockerbuilder') factory = BuildFactory() factory.addStep(ShellCommand(description='NightlyRelease',logEnviron=False,usePTY=True, command=nightlyrelease_cmd)) diff --git a/testing/buildbot/setup.sh b/testing/buildbot/setup.sh index 99e4f7f104..7410fe545d 100755 --- a/testing/buildbot/setup.sh +++ b/testing/buildbot/setup.sh @@ -13,7 +13,6 @@ SMTP_USER=$6 SMTP_PWD=$7 EMAIL_RCP=$8 BUILDBOT_PATH="/data/buildbot" -DOCKER_PATH="/data/docker" SLAVE_NAME="buildworker" SLAVE_SOCKET="localhost:9989" export PATH="/bin:sbin:/usr/bin:/usr/sbin:/usr/local/bin" diff --git a/testing/buildbot/setup_credentials.sh b/testing/buildbot/setup_credentials.sh index f093815d60..76201bdb65 100755 --- a/testing/buildbot/setup_credentials.sh +++ b/testing/buildbot/setup_credentials.sh @@ -8,7 +8,7 @@ REGISTRY_USER=$2 REGISTRY_PWD=$3 BUILDBOT_PATH="/data/buildbot" -DOCKER_PATH="/data/docker" +DOCKER_PATH="/go/src/github.com/dotcloud/docker" function run { su $USER -c "$1"; } diff --git a/testing/nightlyrelease/Dockerfile b/testing/nightlyrelease/Dockerfile index 1cf95aacdc..2ff43976c3 100644 --- a/testing/nightlyrelease/Dockerfile +++ b/testing/nightlyrelease/Dockerfile @@ -1,5 +1,5 @@ -# VERSION: 1.0 -# DOCKER-VERSION 0.6.1 +# VERSION: 1.1 +# DOCKER-VERSION 0.6.2 # AUTHOR: Daniel Mizyrycki # DESCRIPTION: Build docker nightly release using Docker in Docker. # REFERENCES: This code reuses the excellent implementation of docker in docker @@ -10,26 +10,18 @@ # "AWS_SECRET_KEY='Test_docker_AWS_S3_bucket_key' # "GPG_PASSPHRASE='Test_docker_GPG_passphrase_signature' # "INDEX_AUTH='Encripted_index_authentication' } -# When releasing: Docker in Docker requires cgroups mounted the same way in -# the host and containers: -# stop docker -# umount /sys/fs/cgroup/*; umount /sys/fs/cgroup; mount -t tmpfs none /sys/fs/cgroup -# cd /sys/fs/cgroup; for C in $(awk '{print $1}' < /proc/cgroups | grep -v subsys | grep -v memory) ; do mkdir $C ; mount -t cgroup none -o $C $C ; done -# docker -d & # TO_BUILD: docker build -t dockerbuilder . # TO_RELEASE: docker run -i -t -privileged -lxc-conf="lxc.aa_profile = unconfined" -e AWS_S3_BUCKET="test.docker.io" dockerbuilder from ubuntu:12.04 maintainer Daniel Mizyrycki -# Add docker dependencies +# Add docker dependencies and downloading packages run echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list -run apt-get update; apt-get install -y -q iptables ca-certificates bzip2 python lxc curl git mercurial -run curl -s https://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz | tar -v -C /usr/local -xz -run ln -s /usr/local/go/bin/go /usr/bin +run apt-get update; apt-get install -y -q lxc bzip2 iptables ca-certificates git wget python2.7 # Add production docker binary -run curl http://get.docker.io/builds/Linux/x86_64/docker-latest >/usr/bin/docker; chmod +x /usr/bin/docker +run wget -O /usr/bin/docker http://get.docker.io/builds/Linux/x86_64/docker-latest; chmod +x /usr/bin/docker # Add proto docker builder add ./dockerbuild /usr/bin/dockerbuild @@ -38,9 +30,8 @@ run chmod +x /usr/bin/dockerbuild # Add release credentials add ./release_credentials.json /root/release_credentials.json -# Make /tmp and /var/lib/docker inside the container addressable by other containers. -# This is done to ensure /tmp and /var/lib/docker has AUFS support needed by the inner docker server -volume /tmp +# Make /var/lib/docker inside the container addressable by other containers. +# This is done to ensure /var/lib/docker has AUFS support needed by the inner docker server volume /var/lib/docker # Launch build process in a container diff --git a/testing/nightlyrelease/dockerbuild b/testing/nightlyrelease/dockerbuild index 683008a607..797d25b7a4 100644 --- a/testing/nightlyrelease/dockerbuild +++ b/testing/nightlyrelease/dockerbuild @@ -1,41 +1,34 @@ #!/bin/bash # Variables AWS_ACCESS_KEY, AWS_SECRET_KEY, PG_PASSPHRASE and INDEX_AUTH -# are decoded from /root/release_credentials.json and passed to the environment +# are decoded from /root/release_credentials.json # Variable AWS_S3_BUCKET is passed to the environment from docker run -e # Enable debugging set -x -# Prepare container environment to run docker in docker -# Mount cgroups -mount -t tmpfs none /tmp; mount -t tmpfs none /sys/fs/cgroup; cd /sys/fs/cgroup -for C in $(awk "{print \$1}" < /proc/cgroups | grep -v subsys | grep -v memory) ; do mkdir $C ; mount -t cgroup none -o $C $C ; done -pushd /proc/self/fd >/dev/null; for FD in *; do case "$FD" in [012]) ;; *) eval exec "$FD>&-" ;; esac done; popd >/dev/null - -# Launch docker daemon inside the container -docker -d & - -# fetch docker master branch -export GOPATH=/go -rm -rf $GOPATH; mkdir -p $GOPATH -go get -d github.com/dotcloud/docker +# Fetch docker master branch +git clone http://github.com/dotcloud/docker /go/src/github.com/dotcloud/docker cd /go/src/github.com/dotcloud/docker +# Launch docker daemon using dind inside the container +./hack/dind /usr/bin/docker -dns=8.8.8.8 -d & +sleep 5 + # Add an uncommitted change to generate a timestamped release date > timestamp -# Build the docker package and extract docker binary -docker build -t releasedocker . -docker run releasedocker sh -c 'cat /go/src/github.com/dotcloud/docker/bundles/*/binary/docker*' >/docker -chmod +x /docker +# Build the docker package using /Dockerfile +docker build -t docker . -# Swap docker production daemon with new docker binary for testing -kill $(pgrep '^docker$') -sleep 15 -mv /docker /usr/bin -docker -d & -sleep 15 +# Run Docker unittests +docker run -privileged docker go test -v || exit 1 + +# Create Docker binary and Ubuntu package +docker run -privileged docker hack/make.sh binary ubuntu + +# Freeze the container to upload the release +docker commit -run '{"Env": ["PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin"], "WorkingDir": "/go/src/github.com/dotcloud/docker"}' $(docker ps -l -q) release # Turn debug off to load credentials in the environment and # to authenticate to the index @@ -47,7 +40,17 @@ exec("""for k in d: print "export {0}=\\"{1}\\"".format(k,d[k])""")') echo '{"https://index.docker.io/v1/":{"auth":"'$INDEX_AUTH'","email":"engineering@dotcloud.com"}}' > /.dockercfg set -x -# Test docker nightly +# Extract docker binary +docker cp $(docker ps -l -q):/go/src/github.com/dotcloud/docker/bundles /tmp + +# Swap docker production daemon with new docker binary for testing +kill $(pgrep '^docker$') +sleep 15 +cp /tmp/bundles/*/binary/* /usr/bin/docker +./hack/dind /usr/bin/docker -dns=8.8.8.8 -d & +sleep 15 + +# Run Docker functional tests # Generate unique image name export DIMAGE=testimage`date +'%Y%m%d%H%M%S'` @@ -66,6 +69,6 @@ docker push test/$DIMAGE docker search $DIMAGE | grep -q $DIMAGE || exit 1 # Push docker nightly -echo docker run -i -t -e AWS_S3_BUCKET="$AWS_S3_BUCKET" -e AWS_ACCESS_KEY="XXXXX" -e AWS_SECRET_KEY="XXXXX" -e GPG_PASSPHRASE="XXXXX" releasedocker +echo docker run -i -t -privileged -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=XXXXX -e AWS_SECRET_KEY=XXXXX -e GPG_PASSPHRASE=XXXXX release hack/release.sh set +x -docker run -i -t -e AWS_S3_BUCKET="$AWS_S3_BUCKET" -e AWS_ACCESS_KEY="$AWS_ACCESS_KEY" -e AWS_SECRET_KEY="$AWS_SECRET_KEY" -e GPG_PASSPHRASE="$GPG_PASSPHRASE" releasedocker +docker run -i -t -privileged -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE release hack/release.sh