GODRIVER-2924 Add docker file support (#352)

* GODRIVER-2924 Add docker file support * add evg test * fix syntax * add to build variant * cleanup * fix orch file * remove interactive flag * clean up and add oidc test * fix handling of tty * update readme * enforce bash * fix handling of python3 * try again * cleanup * Update .evergreen/run-orchestration.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * address review * clean up file permissions and test results * use explicit binary root * move crypt_shared into container * fix echo * fix test file handling * try again * try again * more oidc debug * fix syntax * fix unbound * fix script * more oidc fixes * more oidc fixes * update permissions handling * remove popd * fix entry point usage * better test * add missing file * Update .evergreen/auth_oidc/start_local_server.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * Update .evergreen/start-orchestration.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * Update .evergreen/run-orchestration.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * Update .evergreen/docker/ubuntu20.04/base-entrypoint.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * address review * fix mo-expansion.sh * syntax * fix test entry point * Update .evergreen/config.yml Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * fix handling of python binary * Update .evergreen/run-orchestration.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> * Update .evergreen/run-orchestration.sh Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com> --------- Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com>
mongodb-labs · Sep 29, 2023 · f825f86 · f825f86
1 parent 80a9077
commit f825f86
Show file tree

Hide file tree

Showing 16 changed files with 300 additions and 58 deletions.
diff --git a/.evergreen/auth_oidc/Dockerfile b/.evergreen/auth_oidc/Dockerfile
@@ -1,20 +1,6 @@
-FROM ubuntu:20.04
+FROM drivers-evergreen-tools
 
-RUN apt-get -qq update && apt-get -qqy -o DPkg::Lock::Timeout=-1 install --no-install-recommends \
-  git \
-  ca-certificates \
-  curl \
-  wget \
-  sudo \
-  gnupg \
-  python \
-  python3 \
-  python3-virtualenv \
-  lsof \
-  libsnmp35 \
-  net-tools \
- && rm -rf /var/lib/apt/lists/*
+COPY ./docker_entry.sh /root/docker_entry.sh
+COPY ./docker_entry_base.sh /root/docker_entry_base.sh
 
-COPY ./docker_entry.sh /home/root/docker_entry.sh
-
-ENTRYPOINT ["/bin/bash", "/home/root/docker_entry.sh"]
+ENV TOPOLOGY=replica_set
diff --git a/.evergreen/auth_oidc/docker_entry.sh b/.evergreen/auth_oidc/docker_entry.sh
@@ -3,22 +3,6 @@
 # Entry point for Dockerfile for launching an oidc-enabled server.
 #
 set -eux
-export MONGODB_VERSION=latest
-export TOPOLOGY=replica_set
-export ORCHESTRATION_FILE=auth-oidc.json
-export DRIVERS_TOOLS=$HOME/drivers-evergreen-tools
-export PROJECT_ORCHESTRATION_HOME=$DRIVERS_TOOLS/.evergreen/orchestration
-export MONGO_ORCHESTRATION_HOME=$HOME
-export NO_IPV6=${NO_IPV6:-""}
 
-if [ ! -d $DRIVERS_TOOLS ]; then
-    git clone --branch DRIVERS-2415 https://github.com/blink1073/drivers-evergreen-tools.git $DRIVERS_TOOLS
-fi
-
-cd $DRIVERS_TOOLS/.evergreen/auth_oidc
-. ./activate-authoidcvenv.sh
-python oidc_write_orchestration.py
-
-bash $DRIVERS_TOOLS/.evergreen/run-orchestration.sh
-$DRIVERS_TOOLS/mongodb/bin/mongosh $DRIVERS_TOOLS/.evergreen/auth_oidc/setup_oidc.js
-tail -f $MONGO_ORCHESTRATION_HOME/server.log
+bash /root/docker_entry_base.sh
+tail -f $MONGO_ORCHESTRATION_HOME/server.log
diff --git a/.evergreen/auth_oidc/docker_entry_base.sh b/.evergreen/auth_oidc/docker_entry_base.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Entry point for Dockerfile for launching an oidc-enabled server.
+#
+set -eu
+export ORCHESTRATION_FILE=auth-oidc.json
+
+trap "rm -rf authoidcvenv" EXIT HUP
+
+rm -f $DRIVERS_TOOLS/results.json
+cd $DRIVERS_TOOLS/.evergreen/auth_oidc
+rm -rf authoidcvenv
+. ./activate-authoidcvenv.sh
+python oidc_write_orchestration.py
+
+bash /root/base-entrypoint.sh
+
+$MONGODB_BINARIES/mongosh $DRIVERS_TOOLS/.evergreen/auth_oidc/setup_oidc.js
+
+echo "Server started!"
diff --git a/.evergreen/auth_oidc/oidc_write_orchestration.py b/.evergreen/auth_oidc/oidc_write_orchestration.py
@@ -53,7 +53,7 @@ def azure():
     orch_file = os.path.abspath(os.path.join(HERE, '..', 'orchestration', 'configs', 'servers', 'auth-oidc.json'))
     with open(orch_file, 'w') as fid:
         json.dump(data, fid, indent=4)
-
+    print(f"Wrote OIDC config to {orch_file}")
 
 def main():
     print("Bootstrapping OIDC config")
@@ -126,6 +126,7 @@ def main():
     orch_file = os.path.abspath(os.path.join(HERE, '..', 'orchestration', 'configs', 'replica_sets', 'auth-oidc.json'))
     with open(orch_file, 'w') as fid:
         json.dump(data, fid, indent=4)
+    print(f"Wrote OIDC config to {orch_file}")
 
 
 if __name__ == '__main__':

diff --git a/.evergreen/auth_oidc/start_local_server.sh b/.evergreen/auth_oidc/start_local_server.sh
@@ -5,16 +5,31 @@
 # prequisites and usage.
 #
 set -eux
-if [[ -z "${AWS_ROLE_ARN}" ||  -z "${AWS_ACCESS_KEY_ID}" || -z "${AWS_SECRET_ACCESS_KEY}" ]]; then
-    echo "Missing AWS credentials"
-    exit 1
-fi
 
 DRIVERS_TOOLS=${DRIVERS_TOOLS:-$(readlink -f ../..)}
-echo "Drivers tools: $DRIVERS_TOOLS"
+ENTRYPOINT=${ENTRYPOINT:-/root/docker_entry.sh}
+USE_TTY=""
+VOL="-v ${DRIVERS_TOOLS}:/root/drivers-evergreen-tools"
+AWS_PROFILE=${AWS_PROFILE:-""}
+
+if [ -z "$AWS_PROFILE" ]; then
+    if [[ -z "${AWS_SESSION_TOKEN}" ||  -z "${AWS_ACCESS_KEY_ID}" || -z "${AWS_SECRET_ACCESS_KEY}" ]]; then
+        echo "Please set AWS_PROFILE or set AWS credentials environment variables" 1>&2
+       exit 1
+    fi
+    ENV="-e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
+    ENV="$ENV -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
+else
+    ENV="-e AWS_PROFILE=$AWS_PROFILE"
+    VOL="$VOL -v $HOME/.aws:/root/.aws"
+fi
+
 rm -rf $DRIVERS_TOOLS/.evergreen/auth_oidc/authoidcvenv
-rm -rf $DRIVERS_TOOLS/mongodb
-rm -rf $DRIVERS_TOOLS/legacy-shell-download
-rm -rf $DRIVERS_TOOLS/mongosh
+test -t 1 && USE_TTY="-t"
+
+echo "Drivers tools: $DRIVERS_TOOLS"
+pushd ../docker
+docker build -t drivers-evergreen-tools ./ubuntu20.04
+popd
 docker build -t oidc-test .
-docker run -it -v ${DRIVERS_TOOLS}:/home/root/drivers-evergreen-tools -p 27017:27017 -p 27018:27018 -e HOME=/home/root -e AWS_ROLE_ARN=${AWS_ROLE_ARN} -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -e NO_IPV6=true oidc-test
+docker run --rm -i $USE_TTY $VOL $ENV -p 27017:27017 -p 27018:27018 oidc-test $ENTRYPOINT
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -363,6 +363,38 @@ functions:
           CRYPT_SHARED_LIB_PATH="${CRYPT_SHARED_LIB_PATH}" \
             sh ${PROJECT_DIRECTORY}/.evergreen/run-tests.sh
 
+  "run docker test":
+    - command: shell.exec
+      type: test
+      params:
+        working_dir: "src"
+        script: |
+          ${PREPARE_SHELL}
+          set -ex
+          cd $DRIVERS_TOOLS/.evergreen/docker
+          ENTRYPOINT=/root/test-entrypoint.sh bash run-local.sh
+          # Generate a test results file
+          cd ${PROJECT_DIRECTORY}
+          make test
+
+  "run oidc test":
+    - command: ec2.assume_role
+      params:
+        role_arn: ${aws_test_secrets_role}
+    - command: shell.exec
+      type: test
+      params:
+        include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
+        working_dir: "src"
+        script: |
+          ${PREPARE_SHELL}
+          set -ex
+          cd $DRIVERS_TOOLS/.evergreen/auth_oidc
+          ENTRYPOINT=/root/docker_entry_base.sh bash start_local_server.sh
+          # Generate a test results file
+          cd ${PROJECT_DIRECTORY}
+          make test
+
   "cleanup":
     - command: shell.exec
       params:
@@ -749,6 +781,16 @@ tasks:
       commands:
         - func: "run serverless tests"
 
+    - name: "test-docker"
+      tags: ["latest"]
+      commands:
+        - func: "run docker test"
+
+    - name: "test-oidc"
+      tags: ["latest"]
+      commands:
+        - func: "run oidc test"
+
 # }}}
 
 
@@ -958,6 +1000,8 @@ buildvariants:
      - name: "test-3.6-replica_set"
      - name: "test-3.6-sharded_cluster"
      - name: "test-3.6-standalone"
+     - name: "test-docker"
+     - name: "test-oidc"
 
 - matrix_name: "tests-os-requires-50"
   matrix_spec: {"os-requires-50": "*", auth: "*", ssl: "*" }

diff --git a/.evergreen/docker/README.md b/.evergreen/docker/README.md
@@ -0,0 +1,43 @@
+# Drivers Evergreen Tools Dockerfile
+
+The ``Dockerfile`` and scripts in the subdirector(ies) serve dual purposes.
+
+- Run a local server in docker container.
+- Extend and run a driver test in a docker container.
+
+You will need Docker (or podman aliased to Docker) installed and running
+locally.
+
+# Run Local Server
+
+To run a local server, change to this directory and run:
+
+```bash
+bash ./run-local.sh
+```
+
+This will build the docker image and run it with appropriate settings.
+Note that any of the environment variables used by `run-orchestration`
+will be passed through to the container.
+The appropriate port(s) will be exposed, allowing you to run local test against
+the running docker container.
+
+The default image can be overridden with `IMAGE``, and the entrypoint with `ENTRYPOINT`.
+To use a specific architecture, use `PLATFORM`, e.g. `--platform linux/amd64`.
+
+## Driver Testing in Docker
+
+To extend this image and run against a driver test suite, first build the
+image locally.
+
+```bash
+docker build -t drivers-evergreen-tools .
+```
+
+Then, in your `Dockerfile`, use `FROM drivers-evergreen-tools`.
+
+When running your derived image, use `-v $DRIVERS_TOOLS:/root/drivers-evergreen-tools`
+to use the local checkout.
+
+In your entry point script, run `run-orchestration.sh` before running your test suite.
+Note that you will probably want to expose the environment variables as is done in `run-local.sh`.
diff --git a/.evergreen/docker/run-local.sh b/.evergreen/docker/run-local.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+#
+# Run a local MongoDB orchestration inside a docker container
+#
+set -eu
+
+NAME=drivers-evergreen-tools
+ENTRYPOINT=${ENTRYPOINT:-/root/local-entrypoint.sh}
+IMAGE=${TARGET_IMAGE:-ubuntu20.04}
+PLATFORM=${DOCKER_PLATFORM:-}
+# e.g. --platform linux/amd64
+
+docker build $PLATFORM -t $NAME $IMAGE
+cd ../..
+
+AUTH=${AUTH:-noauth}
+SSL=${SSL:-nossl}
+TOPOLOGY=${TOPOLOGY:-server}
+LOAD_BALANCER=${LOAD_BALANCER:-}
+STORAGE_ENGINE=${STORAGE_ENGINE:-}
+REQUIRE_API_VERSION=${REQUIRE_API_VERSION:-}
+DISABLE_TEST_COMMANDS=${DISABLE_TEST_COMMANDS:-}
+MONGODB_VERSION=${MONGODB_VERSION:-latest}
+MONGODB_DOWNLOAD_URL=${MONGODB_DOWNLOAD_URL:-}
+ORCHESTRATION_FILE=${ORCHESTRATION_FILE:-basic.json}
+
+ENV="-e MONGODB_VERSION=$MONGODB_VERSION"
+ENV+=" -e TOPOLOGY=$TOPOLOGY"
+ENV+=" -e AUTH=$AUTH"
+ENV+=" -e SSL=$SSL"
+ENV+=" -e ORCHESTRATION_FILE=$ORCHESTRATION_FILE"
+ENV+=" -e LOAD_BALANCER=$LOAD_BALANCER"
+ENV+=" -e STORAGE_ENGINE=$STORAGE_ENGINE"
+ENV+=" -e REQUIRE_API_VERSION=$REQUIRE_API_VERSION"
+ENV+=" -e DISABLE_TEST_COMMANDS=$DISABLE_TEST_COMMANDS"
+ENV+=" -e MONGODB_DOWNLOAD_URL=$MONGODB_DOWNLOAD_URL"
+
+if [ "$TOPOLOGY" == "server" ]; then
+    PORT="-p 27017:2017"
+else
+    PORT="-p 27017:2017 -p 27018:2018 -p 27019:2019"
+fi
+USE_TTY=""
+test -t 1 && USE_TTY="-t"
+VOL="-v `pwd`:/root/drivers-evergreen-tools"
+
+docker run $PLATFORM --rm $ENV $PORT $VOL -i $USE_TTY $NAME $ENTRYPOINT
diff --git a/.evergreen/docker/ubuntu20.04/Dockerfile b/.evergreen/docker/ubuntu20.04/Dockerfile
@@ -0,0 +1,33 @@
+FROM ubuntu:20.04
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+  apt-get -qq update && apt-get -qqy install --no-install-recommends \
+  git \
+  ca-certificates \
+  curl \
+  wget \
+  sudo \
+  gnupg \
+  python \
+  python3 \
+  python3.8-venv \
+  lsof \
+  software-properties-common \
+  libsnmp35 \
+  net-tools \
+ && rm -rf /var/lib/apt/lists/*
+
+ARG USER_ID
+ARG GROUP_ID
+
+ENV DRIVERS_TOOLS=/root/drivers-evergreen-tools
+ENV PROJECT_ORCHESTRATION_HOME=/root/drivers-evergreen-tools/.evergreen/orchestration
+ENV MONGODB_BINARIES=/root/mongodb/bin
+ENV MONGODB_BINARY_ROOT=/root
+ENV MONGO_ORCHESTRATION_HOME=/root
+ENV SKIP_LEGACY_SHELL=1
+ENV DOCKER_RUNNING=true
+
+COPY ./local-entrypoint.sh /root/local-entrypoint.sh
+COPY ./base-entrypoint.sh /root/base-entrypoint.sh
+COPY ./test-entrypoint.sh /root/test-entrypoint.sh
diff --git a/.evergreen/docker/ubuntu20.04/base-entrypoint.sh b/.evergreen/docker/ubuntu20.04/base-entrypoint.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -eu
+
+rm -f $DRIVERS_TOOLS/results.json
+cd $DRIVERS_TOOLS/.evergreen
+bash run-orchestration.sh
+
+# Preserve host permissions of files we have created.
+cd $DRIVERS_TOOLS
+files=(results.json uri.txt .evergreen/mongo_crypt_v1.so .evergreen/mo-expansion.yml)
+chown --reference=action.yml "${files[@]}"
+chmod --reference=action.yml "${files[@]}"
+
+echo "Server started!"
diff --git a/.evergreen/docker/ubuntu20.04/local-entrypoint.sh b/.evergreen/docker/ubuntu20.04/local-entrypoint.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -eu
+
+bash /root/base-entrypoint.sh
+tail -f $MONGO_ORCHESTRATION_HOME/server.log
diff --git a/.evergreen/docker/ubuntu20.04/test-entrypoint.sh b/.evergreen/docker/ubuntu20.04/test-entrypoint.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -eu
+
+bash /root/base-entrypoint.sh
+source $DRIVERS_TOOLS/.evergreen/mo-expansion.sh
+$MONGODB_BINARIES/mongosh --eval 'db'
+echo "Test complete!"