sle2docker 0.2.4 → 0.4.0

data/lib/sle2docker/exceptions.rb

@@ -1,9 +1,16 @@
 module Sle2Docker
-
   class TemplateNotFoundError < RuntimeError
   end
 
   class ConfigNotFoundError < RuntimeError
   end
 
+  class PrebuiltImageNotFoundError < RuntimeError
+  end
+
+  class DockerTagError < RuntimeError
+  end
+
+  class PrebuiltImageVerificationError < RuntimeError
+  end
 end

data/lib/sle2docker/prebuilt_image.rb

@@ -0,0 +1,114 @@
+module Sle2Docker
+  # This class takes care of handling the pre-build images for
+  # SUSE Linux Enterprise
+  class PrebuiltImage
+    IMAGES_DIR = '/usr/share/suse-docker-images'
+    DOCKERFILE_TEMPLATE = File.join(
+      File.expand_path('../../templates/docker_build', __FILE__),
+      'dockerfile.erb')
+
+    attr_reader :image_id
+
+    def self.list
+      if File.exist?(PrebuiltImage::IMAGES_DIR)
+        Dir[File.join(IMAGES_DIR, '*.tar.xz')].map do |image|
+          File.basename(image, '.tar.xz')
+        end
+      else
+        []
+      end
+    end
+
+    def initialize(image_name, options)
+      @image_name = image_name
+      @options    = options
+      compute_repository_and_tag
+    end
+
+    def activated?
+      Docker::Image.exist?(image_id)
+    end
+
+    def activate
+      unless File.exist?(File.join(IMAGES_DIR, "#{@image_name}.tar.xz"))
+        fail PrebuiltImageNotFoundError,
+             "Cannot find pre-built image #{@image_name}"
+      end
+
+      verify_image
+
+      tmp_dir = prepare_docker_build_root
+      puts 'Activating image'
+      image = Docker::Image.build_from_dir(tmp_dir)
+      image.tag('repo' =>  @repository, 'tag' => @tag)
+      image.tag('repo' =>  @repository, 'tag' => 'latest')
+    ensure
+      FileUtils.rm_rf(tmp_dir) if tmp_dir && File.exist?(tmp_dir)
+    end
+
+    def prepare_docker_build_root
+      tmp_dir = Dir.mktmpdir("sle2docker-#{@image_name}-dockerfile")
+
+      create_dockerfile(tmp_dir)
+      copy_prebuilt_image(tmp_dir)
+      tmp_dir
+    end
+
+    # rubocop:disable Lint/UselessAssignment
+    def create_dockerfile(tmp_dir)
+      prebuilt_image = @image_name + '.tar.xz'
+
+      template = ERB.new(File.read(DOCKERFILE_TEMPLATE), nil, '<>')
+                 .result(binding)
+
+      File.open(File.join(tmp_dir, 'Dockerfile'), 'w') do |file|
+        file.write(template)
+      end
+    end
+    # rubocop:enable Lint/UselessAssignment
+
+    def copy_prebuilt_image(tmp_dir)
+      prebuilt_image = File.join(IMAGES_DIR, "#{@image_name}.tar.xz")
+      destination = File.join(tmp_dir, "#{@image_name}.tar.xz")
+      FileUtils.cp(prebuilt_image, destination)
+    end
+
+    def rpm_package_name
+      file = File.join(IMAGES_DIR, "#{@image_name}.tar.xz")
+      package_name = `rpm -qf #{file}`
+      if $CHILD_STATUS.exitstatus != 0
+        fail PrebuiltImageVerificationError,
+             "Cannot find rpm package providing #{file}: #{package_name}"
+      end
+      package_name
+    end
+
+    def verify_image
+      puts 'Verifying integrity of the pre-built image'
+      package_name = rpm_package_name
+      verification = `rpm --verify #{package_name}`
+      if $CHILD_STATUS.exitstatus != 0
+        fail PrebuiltImageVerificationError,
+             "Verification of #{package_name} failed: #{verification}"
+      end
+      true
+    end
+
+    private
+
+    def compute_repository_and_tag
+      # example of image name: sles12-docker.x86_64-1.0.0-Build7.2
+      regexp = /\A(?<name>.*)-docker\..*-(?<version>\d+\.\d+\.\d+)/
+      match = regexp.match(@image_name)
+      if match.nil?
+        fail DockerTagError,
+             "Cannot calculate the Docker tag for #{@image_name}"
+      end
+
+      @repository = "suse/#{match['name']}"
+      @tag        = match['version']
+      @image_id   = "#{@repository}:#{@tag}"
+    end
+
+  end
+end

data/lib/sle2docker/version.rb

@@ -1,5 +1,5 @@
-module Sle2Docker
-
-  VERSION = "0.2.4"
+# rubocop:disable Style/Documentation
 
+module Sle2Docker
+  VERSION = '0.4.0'
 end

data/lib/templates/docker_build/dockerfile.erb

@@ -0,0 +1,4 @@
+FROM scratch
+MAINTAINER "Flavio Castelli <fcastelli@suse.com>"
+
+ADD <%= prebuilt_image %> /

data/package/sle2docker.8.ronn

@@ -1,5 +1,5 @@
 sle2docker(8) - Create SLE images for Docker
-=======================================================
+============================================
 
 ## SYNOPSIS
 
@@ -7,98 +7,139 @@ sle2docker(8) - Create SLE images for Docker
 
 ## DESCRIPTION
 
-sle2docker is a convenience tool which creates SUSE Linux Enterprise images for
-Docker.
+sle2docker is a convenience tool which imports the pre-built SUSE Linux Enterprise
+images for Docker.
 
-The tool relies on KIWI and Docker itself to build the images.
+The tool takes advantage of pre-built Docker images distributed by SUSE to
+create the base Docker image that users can later customize using Docker's
+integrated build system. The pre-built images are distributed by SUSE as RPMs.
 
-Packages can be fetched either from SUSE Customer Center (SCC) or from a local
-Subscription Management Tool (SMT).
+Pre-built images do not have repositories configured but zypper will
+automatically have access to the right repositories when the Docker host has a
+SLE subscription that provides access to the product used in the image. For
+more details read the "Customizing the images" section below.
 
-Using DVD sources is currently unsupported.
+Previous versions of the tool built the Docker images from KIWI templates
+distributed by SUSE. This is no longer possible.
 
 ## REQUIREMENTS
 
+Ruby is required to execute the sle2docker program.
+
 Docker must be running on the system and the user invoking sle2docker must
 have the rights to interact with it.
 
 ## USAGE
 
-To build a template use the following command:
+To list the available pre-built images use the following command:
 
-`sle2docker build TEMPLATE`
+`sle2docker list`
 
-A list of the available templates can be obtained by running:
+To activate the pre-built image use the following command:
 
-`sle2docker list`
+`sle2docker activate IMAGE_NAME`
 
-A templated rendered with user provided data can be printed by using the
-following command:
+## Customizing the images
 
-`sle2docker show TEMPLATE`
+To create custom Docker images based on the official ones use
+Docker's integrated build system.
 
-## SUSE CUSTOMER CENTER INTEGRATION
 
-By default sle2docker downloads all the required packages from SUSE
-Customer Center (SCC). Before the build starts sle2docker ask the user
-his credentials. It is possible to start a build in a non interactive way by
-using the following command:
+The pre-built images do not have any repository configured. They
+contain a zypper service(container-suseconnect) that
+contacts either the SUSE Customer Center (SCC) or your Subscription
+Management Tool (SMT) server according to the configuration of the SLE host
+running the Docker container. The service obtains the list of repositories
+available for the product used by the Docker image.
 
-`sle2docker build -u USERNAME -p PASSWORD TEMPLATE_NAME`
+There is no need to add any credential to the Docker image because the machine
+credentials are automatically injected into the container by the docker daemon.
+These are injected inside of the `/run/secrets` directory. The same applies to
+the `/etc/SUSEConnect` file of the host system, which is automatically injected
+into the `/run/secrets`.
 
+The contents of the `/run/secrets` directory are never committed to a Docker
+image, hence there's no risk of leaking your credentials.
 
-## SUBSCRIPTION MANAGEMENT TOOL INTEGRATION
+To obtain the list of repositories invoke:
 
-It is possible to download all the required packages from a local
-Subscription Management Tool (SMT) instance:
+`zypper ref -s`
 
-`sle2docker build -s SMT_SERVER_HOSTNAME TEMPLATE`
+This will automatically add all the repositories to your container. For each
+repository added to the system a new file is going to be created under
+`/etc/zypp/repos.d`. The URLs of these repositories include an access token
+that automatically expires after 12 hours. To renew the token just call the
+`zypper ref -s` command. It is totally fine, and secure, to commit these files
+to a Docker image.
 
-By default sle2docker assumes the contents of the SMT server are served over
-HTTPS. To force the retrieval of the package over plain HTTP use the
-following command:
+If you want to use a different set of credentials, place a custom
+`/etc/zypp/credentials.d/SCCcredentials` with the machine credentials
+having the subscription you want to use inside of the Docker image.
+The same applies to the `SUSEConnect` file: if you want to override the one
+available on the host system running the Docker container you have to add a
+custom `/etc/SUSEConnect` file inside of the Docker image.
 
-`sle2docker build -s SMT_SERVER_HOSTNAME --disable-https TEMPLATE`
+### Creating a custom SLE12 image
 
-By default sle2docker expects the SMT instance to not require any form of
-authentication. However it is possible to specify the access credentials by
-using the following command:
+This Dockerfile creates a simple Docker image based on SLE12:
 
-`sle2docker build -s SMT_SERVER_HOSTNAME -u USERNAME -p PASSWORD TEMPLATE`
+```
+FROM suse/sles12:latest
 
+RUN zypper --gpg-auto-import-keys ref -s
+RUN zypper -n in vim
+```
 
-## EXIT CODES
-  sle2docker sets the following exit codes:
+When the Docker host machine is registered against an internal SMT
+server the Docker image requires the ssl certificate used by SMT:
+
+```
+FROM suse/sles12:latest
+
+# Import the crt file of our private SMT server
+ADD http://smt.test.lan/smt.crt /etc/pki/trust/anchors/smt.crt
+RUN update-ca-certificates
 
-  * 0: Build successful
-  * 1: Build failure
+RUN zypper --gpg-auto-import-keys ref -s
+RUN zypper -n in vim
+```
 
+### Creating a custom SLE11SP3 image
 
-## IMPLEMENTATION
+This Dockerfile creates a simple Docker image based on SLE12:
 
-sle2docker gem comes with a set of supported SLE templates. These are KIWI
-source files which are filled with the informations provided by the user at
-runtime.
+```
+FROM suse/sles11sp3:latest
 
-The image creation happens inside of the `opensuse/kiwi` Docker image. This has
-to be done because on recent systems (like SLE12) KIWI cannot create SLE11
-images. That happens because building a SLE11 systems requires the
-`db45-utils` package to be installed on the host system; this
-package is obsolete and is not available on SLE12.
+RUN zypper --gpg-auto-import-keys ref -s
+RUN zypper -n in vim
+```
 
-The Docker image used by sle2docker is based on openSUSE and it's freely
-downloadable from the Docker Hub. The image is built using Docker's build system
-by starting from the official openSUSE image.
-The `Dockerfile` used to create this image can be found inside of
-the https://github.com/openSUSE/docker-containers repository.
+When the Docker host machine is registered against an internal SMT
+server the Docker image requires the ssl certificate used by SMT:
 
-sle2docker automatically fetches the `opensuse/kiwi` image if not found on the
-system.
+```
+FROM suse/sles11sp3:latest
 
+# Import the crt file of our private SMT server
+ADD http://smt.test.lan/smt.crt /etc/ssl/certs/smt.pem
+RUN c_rehash /etc/ssl/certs
+
+RUN zypper --gpg-auto-import-keys ref -s
+RUN zypper -n in vim
+```
+
+## EXIT CODES
+  sle2docker sets the following exit codes:
+
+  * 0: Success
+  * 1: Failure
 
 ## AUTHOR
   Flavio Castelli <fcastelli@suse.com>
 
 ## LINKS
   Project on GitHub: https://github.com/SUSE/sle2docker
-
+  SUSE documentation: https://www.suse.com/documentation/sles-12/dockerquick/data/dockerquick.html
+  Docker's integrated build system: http://docs.docker.com/reference/builder/
+  container-suseconnect: https://github.com/SUSE/container-suseconnect

data/sle2docker.gemspec

@@ -1,35 +1,45 @@
 # -*- encoding: utf-8 -*-
 
-require File.expand_path("../lib/sle2docker/version", __FILE__)
+require File.expand_path('../lib/sle2docker/version', __FILE__)
 
 Gem::Specification.new do |s|
-  s.name        = "sle2docker"
+  s.name        = 'sle2docker'
   s.version     = Sle2Docker::VERSION
   s.platform    = Gem::Platform::RUBY
   s.authors     = ['Flavio Castelli']
   s.email       = ['fcastelli@suse.com']
-  s.homepage    = "https://github.com/SUSE/sle2docker"
-  s.summary     = "Create SLE images for Docker"
+  s.homepage    = 'https://github.com/SUSE/sle2docker'
+  s.summary     = 'Create SLE images for Docker'
 
   s.description = <<EOD
-sle2docker is a convenience tool which creates SUSE Linux Enterprise images for Docker.
+sle2docker is a convenience tool which creates SUSE Linux Enterprise images
+for Docker.
 
 The tool relies on KIWI and Docker itself to build the images.
 
-Packages can be fetched either from Novell Customer Center (NCC) or from a local Subscription Management Tool (SMT).
+Packages can be fetched either from Novell Customer Center (NCC) or from a
+local Subscription Management Tool (SMT).
 
 Using DVD sources is currently unsupported.
 EOD
   s.licenses    = ['MIT']
 
-  s.required_rubygems_version = ">= 1.3.6"
-  s.rubyforge_project         = "sle2docker"
-
-  s.add_runtime_dependency "thor"
-  s.add_development_dependency "bundler"
-  s.add_development_dependency "yard"
-  s.add_development_dependency "fakefs"
+  s.required_rubygems_version = '>= 1.3.6'
+  s.rubyforge_project         = 'sle2docker'
+
+  s.add_runtime_dependency 'docker-api'
+  s.add_runtime_dependency 'thor'
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'fakefs'
+  s.add_development_dependency 'minitest'
+  s.add_development_dependency 'mocha'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'ronn'
+  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'yard'
   s.files        = `git ls-files`.split("\n")
-  s.executables  = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
+  s.executables  = `git ls-files`.split("\n").map do |f|
+    f =~ /^bin\/(.*)/ ? $1 : nil
+  end.compact
   s.require_path = 'lib'
 end

data/test/prebuilt_image_test.rb

@@ -0,0 +1,91 @@
+require_relative 'test_helper'
+
+# rubocop:disable Metrics/ClassLength, Style/Documentation, Metrics/LineLength, Style/MethodCallParentheses:
+class PrebuiltImageTest < MiniTest::Test
+  describe 'PrebuiltImage' do
+    before do
+      @options = { password: '' }
+    end
+
+    after do
+      FakeFS::FileSystem.clear
+    end
+
+    describe 'listing' do
+      it 'works when no pre-built image is available' do
+        actual = Sle2Docker::PrebuiltImage.list
+        expected = []
+        assert_equal expected, actual
+      end
+
+      it 'lists the names of the available images' do
+        FakeFS do
+          expected = [
+            'sles11sp3-docker.x86_64-1.0.0-Build1.3',
+            'sles12-docker.x86_64-1.0.0-Build7.2'
+          ]
+
+          FileUtils.mkdir_p(Sle2Docker::PrebuiltImage::IMAGES_DIR)
+          expected.each do |image|
+            FileUtils.touch(
+              File.join(
+                Sle2Docker::PrebuiltImage::IMAGES_DIR,
+                "#{image}.tar.xz"
+              )
+            )
+          end
+
+          actual = Sle2Docker::PrebuiltImage.list
+          assert_equal expected, actual
+        end
+      end
+    end
+
+    describe 'activation' do
+      it 'creates a Dockerfile and builds the image' do
+        begin
+          image = 'sles12-docker.x86_64-1.0.0-Build7.2'
+          prebuilt_image = Sle2Docker::PrebuiltImage.new(image, @options)
+          expected = <<EOF
+FROM scratch
+MAINTAINER "Flavio Castelli <fcastelli@suse.com>"
+
+ADD sles12-docker.x86_64-1.0.0-Build7.2.tar.xz /
+EOF
+
+          tmp_dir = Dir.mktmpdir('sle2docker-test')
+          prebuilt_image.create_dockerfile(tmp_dir)
+          dockerfile = File.join(tmp_dir, 'Dockerfile')
+
+          assert File.exist?(dockerfile)
+          assert_equal(expected, File.read(dockerfile))
+        ensure
+          FileUtils.rm_rf(tmp_dir) if File.exist?(tmp_dir)
+        end
+      end
+
+      it 'triggers docker build' do
+        File.stubs(:exist?).returns(true)
+        tmp_dir = '/foo'
+        mocked_image = mock()
+        mocked_image.expects(:tag)
+          .with('repo' => 'suse/sles12', 'tag' => '1.0.0')
+          .once
+        mocked_image.expects(:tag)
+          .with('repo' => 'suse/sles12', 'tag' => 'latest')
+          .once
+
+        prebuilt_image = Sle2Docker::PrebuiltImage.new(
+          'sles12-docker.x86_64-1.0.0-Build7.2',
+          @options
+        )
+        prebuilt_image.expects(:prepare_docker_build_root).once.returns(tmp_dir)
+        prebuilt_image.expects(:verify_image).once
+        Docker::Image.expects(:build_from_dir).with(tmp_dir).once.returns(mocked_image)
+        FileUtils.expects(:rm_rf).with(tmp_dir).once
+
+        prebuilt_image.activate
+      end
+    end
+  end
+end