docker: add support for ubi8-minimal

Docker image based on ubi8-minimal are smaller in size than previous
ones built with ubi8 as base. Also, due to proper cleanup of caches, the
final image is about 400MB in size (down from ~630MB using the older
ubi8 builder).

This Dockerfile also uses packages built for RHEL (instead of CentOS),
and updates dependencies so that it can compile latest FRR versions.

Signed-off-by: Juan Vidal Allende <juan.vidal1@ibm.com>

docker/ubi8-minimal/Dockerfile

@@ -0,0 +1,132 @@
+# This stage builds an rpm from the source
+ARG UBI8_MINIMAL_VERSION
+FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI8_MINIMAL_VERSION} as ubi8-minimal-builder
+
+RUN rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8
+
+ADD docker/ubi8-minimal/almalinux.repo /etc/yum.repos.d/almalinux.repo
+
+# ubi8-minimal comes with broken tzdata package installed, so we need to remove them
+# and later reinstall it again: https://bugzilla.redhat.com/show_bug.cgi?id=1668185
+RUN rpm --quiet -e --nodeps tzdata >/dev/null 2>&1
+
+RUN microdnf --disableplugin=subscription-manager --setopt=install_weak_deps=0 install \
+    autoconf \
+    automake \
+    bison \
+    c-ares-devel \
+    flex \
+    git \
+    groff \
+    json-c-devel \
+    libcap-devel \
+    libssh-devel \
+    libtool \
+    make \
+    net-snmp-devel \
+    openssl \
+    pam-devel  \
+    pcre-devel \
+    pkgconfig \
+    platform-python-devel \
+    python3-devel \
+    python3-pytest \
+    python3-sphinx \
+    readline-devel \
+    rpm-build \
+    systemd-devel \
+    texinfo \
+    tzdata \
+    && microdnf --disableplugin=subscription-manager clean all
+
+RUN curl -sSL -o /tmp/libyang2.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-2.0.7-1.el8.x86_64.rpm \
+    && rpm -i /tmp/libyang2.rpm \
+    && rm -f /tmp/libyang2.rpm
+
+RUN curl -sSL -o /tmp/libyang2-devel.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-devel-2.0.7-1.el8.x86_64.rpm \
+    && rpm -i /tmp/libyang2-devel.rpm \
+    && rm -f /tmp/libyang2-devel.rpm
+
+RUN curl -sSL -o /tmp/librtr.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-0.8.0-1.el8.x86_64.rpm \
+    && rpm -i /tmp/librtr.rpm \
+    && rm -f /tmp/librtr.rpm
+
+RUN curl -sSL -o /tmp/librtr-devel.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-devel-0.8.0-1.el8.x86_64.rpm \
+    && rpm -i /tmp/librtr-devel.rpm \
+    && rm -f /tmp/librtr-devel.rpm
+
+COPY . /src
+
+ARG PKGVER
+
+RUN echo '%_smp_mflags %( echo "-j$(/usr/bin/getconf _NPROCESSORS_ONLN)"; )' >> /root/.rpmmacros \
+    && cd /src \
+    && ./bootstrap.sh \
+    && ./configure \
+        --enable-rpki \
+        --enable-snmp=agentx \
+        --enable-numeric-version \
+        --with-pkg-extra-version="_git$PKGVER" \
+    && make dist \
+    && cd / \
+    && mkdir -p /rpmbuild/{SOURCES,SPECS} \
+    && cp /src/frr*.tar.gz /rpmbuild/SOURCES \
+    && cp /src/redhat/frr.spec /rpmbuild/SPECS \
+    && rpmbuild \
+        --define "_topdir /rpmbuild" \
+        -ba /rpmbuild/SPECS/frr.spec
+
+# This stage installs frr from the rpm
+FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI8_MINIMAL_VERSION}
+ARG FRR_IMAGE_TAG
+ARG FRR_RELEASE
+ARG FRR_NAME
+ARG FRR_VENDOR
+LABEL name=$FRR_NAME \
+      vendor=$FRR_VENDOR \
+      version=$FRR_IMAGE_TAG \
+      release=$FRR_RELEASE
+
+ADD docker/ubi8-minimal/almalinux.repo /etc/yum.repos.d/almalinux.repo
+
+RUN rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8
+
+RUN microdnf --disableplugin=subscription-manager --setopt=install_weak_deps=0 install \
+    c-ares \
+    initscripts \
+    net-snmp-agent-libs \
+    net-snmp-libs \
+    openssl \
+    python3 \
+    shadow-utils \
+    systemd \
+    && microdnf --disableplugin=subscription-manager clean all
+
+RUN curl -sSL -o /tmp/libyang2.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-2.0.7-1.el8.x86_64.rpm \
+    && rpm -i /tmp/libyang2.rpm \
+    && rm -f /tmp/libyang2.rpm
+
+RUN curl -sSL -o /tmp/librtr.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-0.8.0-1.el8.x86_64.rpm \
+    && rpm -i /tmp/librtr.rpm \
+    && rm -f /tmp/librtr.rpm
+
+COPY --from=ubi8-minimal-builder /rpmbuild/RPMS/ /pkgs/rpm/
+
+# Install packages and create FRR files and folders. Be sure to own the config / PID files
+RUN rpm -i /pkgs/rpm/x86_64/*.rpm \
+    && rm -rf /pkgs \
+    && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \
+    && mkdir -p /var/run/frr \
+    && chown -R frr:frr /etc/frr /var/run/frr
+
+# There is no package for tini, add it manually
+ENV TINI_VERSION v0.19.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
+RUN chmod +x /sbin/tini
+
+# Simple init manager for reaping processes and forwarding signals
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Default CMD starts watchfrr
+COPY docker/ubi8-minimal/docker-start /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]

docker/ubi8-minimal/almalinux.repo

@@ -0,0 +1,23 @@
+[AlmaLinux - baseos]
+name=AlmaLinux $releasever - BaseOS
+mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
+# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
+enabled=1
+gpgcheck=1
+countme=1
+
+[AlmaLinux - appstream]
+name=AlmaLinux $releasever - AppStream
+mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
+# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
+enabled=1
+gpgcheck=1
+countme=1
+
+[AlmaLinux - powertools]
+name=AlmaLinux $releasever - PowerTools
+mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/powertools
+# baseurl=https://repo.almalinux.org/almalinux/$releasever/PowerTools/$basearch/os/
+enabled=1
+gpgcheck=1
+countme=1

docker/ubi8-minimal/build.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+set -e
+
+##
+# Package version needs to be decimal
+##
+DISTRO=ubi8-minimal
+
+UBI8_MINIMAL_VERSION=$1
+if [ -z "$UBI8_MINIMAL_VERSION" ]; then
+	UBI8_MINIMAL_VERSION="latest"
+fi
+
+GITREV="$2"
+if [ -z "$GITREV" ];then
+	GITREV="$(git rev-parse --short=10 HEAD)"
+fi
+
+FRR_IMAGE_TAG="$3"
+if [ -z $FRR_IMAGE_TAG ];then
+	FRR_IMAGE_TAG="frr:ubi8-minimal-$GITREV"
+fi
+PKGVER="$(printf '%u\n' 0x$GITREV)"
+
+FRR_RELEASE="$4"
+if [ -z $FRR_RELEASE ];then
+	FRR_RELEASE=$(git describe --tags --abbrev=0)
+fi
+
+FRR_NAME=$5
+if [ -z $FRR_NAME ];then
+	FRR_NAME=frr
+fi
+
+FRR_VENDOR=$6
+if [ -z $FRR_VENDOR ];then
+	FRR_VENDOR=frr
+fi
+
+DOCKERFILE_PATH="$(dirname $(realpath $0))/Dockerfile"
+
+docker build \
+	--cache-from="frr:$DISTRO-builder-$GITREV" \
+	--file="$DOCKERFILE_PATH" \
+	--build-arg="UBI8_MINIMAL_VERSION=$UBI8_MINIMAL_VERSION" \
+	--build-arg="PKGVER=$PKGVER" \
+	--build-arg="FRR_IMAGE_TAG=$FRR_IMAGE_TAG" \
+	--build-arg="FRR_RELEASE=$FRR_RELEASE" \
+	--build-arg="FRR_NAME=$FRR_NAME" \
+	--build-arg="FRR_VENDOR=$FRR_VENDOR" \
+	--tag="$FRR_IMAGE_TAG" \
+	.
+

docker/ubi8-minimal/docker-start

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)