Merge pull request #2065 from dnephin/use-dind-image

Use dockerswarm/dind image for ci

Dockerfile

@@ -10,15 +10,16 @@ RUN set -ex; \
         zlib1g-dev \
         libssl-dev \
         git \
-        apt-transport-https \
         ca-certificates \
         curl \
-        lxc \
-        iptables \
         libsqlite3-dev \
     ; \
     rm -rf /var/lib/apt/lists/*
 
+RUN curl https://get.docker.com/builds/Linux/x86_64/docker-latest \
+        -o /usr/local/bin/docker && \
+    chmod +x /usr/local/bin/docker
+
 # Build Python 2.7.9 from source
 RUN set -ex; \
     curl -LO https://www.python.org/ftp/python/2.7.9/Python-2.7.9.tgz; \
@@ -66,33 +67,20 @@ RUN set -ex; \
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
 ENV LANG en_US.UTF-8
 
-ENV ALL_DOCKER_VERSIONS 1.7.1 1.8.2-rc1
-
-RUN set -ex; \
-    curl https://get.docker.com/builds/Linux/x86_64/docker-1.7.1 -o /usr/local/bin/docker-1.7.1; \
-    chmod +x /usr/local/bin/docker-1.7.1; \
-    curl https://test.docker.com/builds/Linux/x86_64/docker-1.8.2-rc1 -o /usr/local/bin/docker-1.8.2-rc1; \
-    chmod +x /usr/local/bin/docker-1.8.2-rc1
-
-# Set the default Docker to be run
-RUN ln -s /usr/local/bin/docker-1.7.1 /usr/local/bin/docker
-
 RUN useradd -d /home/user -m -s /bin/bash user
 WORKDIR /code/
 
-RUN pip install tox
-
-ADD requirements.txt /code/
-RUN pip install -r requirements.txt
-
-ADD requirements-dev.txt /code/
-RUN pip install -r requirements-dev.txt
-
 RUN pip install tox==2.1.1
 
-ADD . /code/
-RUN pip install --no-deps -e /code
+ADD requirements.txt /code/
+ADD requirements-dev.txt /code/
+ADD .pre-commit-config.yaml /code/
+ADD setup.py /code/
+ADD tox.ini /code/
+ADD compose /code/compose/
+RUN tox --notest
 
+ADD . /code/
 RUN chown -R user /code/
 
-ENTRYPOINT ["/usr/local/bin/docker-compose"]
+ENTRYPOINT ["/code/.tox/py27/bin/docker-compose"]

script/build-linux

@@ -6,8 +6,4 @@ set -ex
 
 TAG="docker-compose"
 docker build -t "$TAG" .
-docker run \
-  --rm \
-  --volume="$(pwd):/code" \
-  --entrypoint="script/build-linux-inner" \
-  "$TAG"
+docker run --rm --entrypoint="script/build-linux-inner" "$TAG"

script/build-linux-inner

@@ -3,11 +3,12 @@
 set -ex
 
 TARGET=dist/docker-compose-Linux-x86_64
+VENV=/code/.tox/py27
 
 mkdir -p `pwd`/dist
 chmod 777 `pwd`/dist
 
-pip install -r requirements-build.txt
-su -c "pyinstaller docker-compose.spec" user
+$VENV/bin/pip install -r requirements-build.txt
+su -c "$VENV/bin/pyinstaller docker-compose.spec" user
 mv dist/docker-compose $TARGET
 $TARGET version

script/dind

@@ -1,88 +0,0 @@
-#!/bin/bash
-set -e
-
-# DinD: a wrapper script which allows docker to be run inside a docker container.
-# Original version by Jerome Petazzoni <jerome@docker.com>
-# See the blog post: http://blog.docker.com/2013/09/docker-can-now-run-within-docker/
-#
-# This script should be executed inside a docker container in privilieged mode
-# ('docker run --privileged', introduced in docker 0.6).
-
-# Usage: dind CMD [ARG...]
-
-# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
-export container=docker
-
-# First, make sure that cgroups are mounted correctly.
-CGROUP=/cgroup
-
-mkdir -p "$CGROUP"
-
-if ! mountpoint -q "$CGROUP"; then
-	mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
-		echo >&2 'Could not make a tmpfs mount. Did you use --privileged?'
-		exit 1
-	}
-fi
-
-if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
-	mount -t securityfs none /sys/kernel/security || {
-		echo >&2 'Could not mount /sys/kernel/security.'
-		echo >&2 'AppArmor detection and -privileged mode might break.'
-	}
-fi
-
-# Mount the cgroup hierarchies exactly as they are in the parent system.
-for SUBSYS in $(cut -d: -f2 /proc/1/cgroup); do
-	mkdir -p "$CGROUP/$SUBSYS"
-	if ! mountpoint -q $CGROUP/$SUBSYS; then
-		mount -n -t cgroup -o "$SUBSYS" cgroup "$CGROUP/$SUBSYS"
-	fi
-
-	# The two following sections address a bug which manifests itself
-	# by a cryptic "lxc-start: no ns_cgroup option specified" when
-	# trying to start containers withina container.
-	# The bug seems to appear when the cgroup hierarchies are not
-	# mounted on the exact same directories in the host, and in the
-	# container.
-
-	# Named, control-less cgroups are mounted with "-o name=foo"
-	# (and appear as such under /proc/<pid>/cgroup) but are usually
-	# mounted on a directory named "foo" (without the "name=" prefix).
-	# Systemd and OpenRC (and possibly others) both create such a
-	# cgroup. To avoid the aforementioned bug, we symlink "foo" to
-	# "name=foo". This shouldn't have any adverse effect.
-	name="${SUBSYS#name=}"
-	if [ "$name" != "$SUBSYS" ]; then
-		ln -s "$SUBSYS" "$CGROUP/$name"
-	fi
-
-	# Likewise, on at least one system, it has been reported that
-	# systemd would mount the CPU and CPU accounting controllers
-	# (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu"
-	# but on a directory called "cpu,cpuacct" (note the inversion
-	# in the order of the groups). This tries to work around it.
-	if [ "$SUBSYS" = 'cpuacct,cpu' ]; then
-		ln -s "$SUBSYS" "$CGROUP/cpu,cpuacct"
-	fi
-done
-
-# Note: as I write those lines, the LXC userland tools cannot setup
-# a "sub-container" properly if the "devices" cgroup is not in its
-# own hierarchy. Let's detect this and issue a warning.
-if ! grep -q :devices: /proc/1/cgroup; then
-	echo >&2 'WARNING: the "devices" cgroup should be in its own hierarchy.'
-fi
-if ! grep -qw devices /proc/1/cgroup; then
-	echo >&2 'WARNING: it looks like the "devices" cgroup is not mounted.'
-fi
-
-# Mount /tmp
-mount -t tmpfs none /tmp
-
-if [ $# -gt 0 ]; then
-	exec "$@"
-fi
-
-echo >&2 'ERROR: No command specified.'
-echo >&2 'You probably want to run hack/make.sh, or maybe a shell?'

script/test-versions

@@ -10,22 +10,41 @@ docker run --rm \
   --entrypoint="tox" \
   "$TAG" -e pre-commit
 
+ALL_DOCKER_VERSIONS="1.7.1 1.8.2"
+DEFAULT_DOCKER_VERSION="1.8.2"
+
 if [ "$DOCKER_VERSIONS" == "" ]; then
-  DOCKER_VERSIONS="default"
+  DOCKER_VERSIONS="$DEFAULT_DOCKER_VERSION"
 elif [ "$DOCKER_VERSIONS" == "all" ]; then
   DOCKER_VERSIONS="$ALL_DOCKER_VERSIONS"
 fi
 
+
+BUILD_NUMBER=${BUILD_NUMBER-$USER}
+
 for version in $DOCKER_VERSIONS; do
   >&2 echo "Running tests against Docker $version"
+
+  daemon_container="compose-dind-$version-$BUILD_NUMBER"
+  trap "docker rm -vf $daemon_container" EXIT
+
+  # TODO: remove when we stop testing against 1.7.x
+  daemon=$([[ "$version" == "1.7"* ]] && echo "-d" || echo "daemon")
+
   docker run \
-    --rm \
+    -d \
+    --name "$daemon_container" \
     --privileged \
     --volume="/var/lib/docker" \
-    --volume="${COVERAGE_DIR:-$(pwd)/coverage-html}:/code/coverage-html" \
-    -e "DOCKER_VERSION=$version" \
-    -e "DOCKER_DAEMON_ARGS" \
-    --entrypoint="script/dind" \
+    dockerswarm/dind:$version \
+    docker $daemon -H tcp://0.0.0.0:2375 $DOCKER_DAEMON_ARGS \
+
+  docker run \
+    --rm \
+    --link="$daemon_container:docker" \
+    --env="DOCKER_HOST=tcp://docker:2375" \
+    --entrypoint="tox" \
     "$TAG" \
-    script/wrapdocker tox -e py27,py34 -- "$@"
+    -e py27,py34 -- "$@"
+
 done

script/wrapdocker

@@ -1,27 +0,0 @@
-#!/bin/bash
-
-if [ "$DOCKER_VERSION" != "" ] && [ "$DOCKER_VERSION" != "default" ]; then
-    ln -fs "/usr/local/bin/docker-$DOCKER_VERSION" "/usr/local/bin/docker"
-fi
-
-# If a pidfile is still around (for example after a container restart),
-# delete it so that docker can start.
-rm -rf /var/run/docker.pid
-docker_command="docker -d $DOCKER_DAEMON_ARGS"
->&2 echo "Starting Docker with: $docker_command"
-$docker_command &>/var/log/docker.log &
-docker_pid=$!
-
->&2 echo "Waiting for Docker to start..."
-while ! docker ps &>/dev/null; do
-    if ! kill -0 "$docker_pid" &>/dev/null; then
-        >&2 echo "Docker failed to start"
-        cat /var/log/docker.log
-        exit 1
-    fi
-
-    sleep 1
-done
-
->&2 echo ">" "$@"
-exec "$@"

tox.ini

@@ -5,6 +5,7 @@ envlist = py27,py34,pre-commit
 usedevelop=True
 passenv =
     LD_LIBRARY_PATH
+    DOCKER_HOST
 setenv =
     HOME=/tmp
 deps =