-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
executable file
·74 lines (57 loc) · 2.56 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# First compile EFI img
FROM debian:bullseye-slim as efi-builder
# Install all necessary packages for compiling the iPXE binary files
RUN apt-get update && apt-get install -y --fix-missing \
gcc binutils genisoimage liblzma-dev mtools isolinux syslinux syslinux-common libssl-dev xorriso \
grub2 grub-common dosfstools grub-efi-amd64-bin grub-efi-ia32-bin && rm -rf /var/lib/apt/lists/*
COPY EFI/ /EFI/
RUN chmod a+x /EFI/mk_efi_img.sh; /EFI/mk_efi_img.sh
# Compile iPXE first using Alpine
FROM python:3.10.5-alpine3.15
ENV PYTHONUNBUFFERED 1
# Install all necessary packages for compiling the iPXE binary files
RUN apk --no-cache add \
bash \
gcc \
binutils \
make \
perl \
xz-dev \
mtools \
xorriso \
syslinux \
musl-dev \
coreutils \
openssl
# Define build argument for iPXE branch to clone/checkout
ARG IPXE_TAG="1.21.1"
# Clone the iPXE repo
ADD https://github.com/ipxe/ipxe/archive/refs/tags/v${IPXE_TAG}.tar.gz .
RUN ls && tar xf v${IPXE_TAG}.tar.gz && mv ipxe-${IPXE_TAG} /ipxe.git && rm -f v${IPXE_TAG}.tar.gz
# Enable Download via HTTPS, FTP, NFS
RUN sed -Ei "s/^#undef([ \t]*DOWNLOAD_PROTO_(HTTPS|FTP|NFS)[ \t]*)/#define\1/" /ipxe.git/src/config/general.h
# Enable SANBoot via iSCSI, AoE, Infiniband SCSI RDMA, Fibre Channel, HTTP SAN
# RUN sed -Ei "s/^\/\/#undef([ \t]*SANBOOT_PROTO_(ISCSI|AOE|IB_SRP|FCP|HTTP)[ \t]*)/#define\1/" /ipxe.git/src/config/general.h
# Enable additional iPXE commands: nslookup, ping, console, ipstat, profstat, ntp, cert
RUN sed -Ei "s/^\/\/(#define[ \t]*(NSLOOKUP|VLAN|REBOOT|POWEROFF|IMAGE_TRUST|PCI|PARAM|PING|CONSOLE|IPSTAT|NTP|CERT)_CMD)/\1/" /ipxe.git/src/config/general.h
WORKDIR /ipxe.git
# Prebuild (mandatory to avoid timeout when building ISO)
RUN make -j 4 -C src/ \
&& make -C src/ bin-x86_64-efi/ipxe.efi \
&& make -C src/ bin/ipxe.iso \
&& chown -R nobody: /ipxe.git
# chown mandatory to build ISO image file inside the container when running
# First stage build
COPY --from=efi-builder /EFI/efi.img /ipxe.git/efi.img
# Python app needs
COPY ./requirements.txt /
RUN python -m pip install --upgrade pip \
&& pip install --no-cache-dir -r /requirements.txt \
&& rm -f /requirements.txt
COPY . /
# Cleanup
RUN mv /EFI/img /ipxe.git/ && chown -R nobody: /ipxe.git/img && chmod -R o+w /ipxe.git/ && rm -rf /EFI
USER nobody
WORKDIR /app
ENV GUNICORN_CMD_ARGS "--bind=0.0.0.0 --log-config /app/logger.ini -c /app/gunicorn.conf.py --workers=4 --timeout=60"
ENTRYPOINT [ "gunicorn","ipsogen:app"]