Add Linux Build Box

Prerequisites for adding the Linux Container Build Box to create the Linux containers¶

Recommended resource requirements¶

Preferred operating systems¶

Operating System	Version
Ubuntu	16+
RHEL	7.6+, 8.x

Hardware requirements¶

Resource	CPU	RAM	/opt	docker partition ( typically /var/lib/docker/ )
Requirement	4 cores	16 GB	100 GB	200 GB

CHAI™ uses /opt partition to copy the files from Host to Build Box. Verify it as follows on the Build Box.

[ssh-user@Build Box ~]$ df -lh
Filesystem      Size  Used Avail Use%  Mounted on
/dev/sda1       440G   34G  406G   8%  /      <- "/opt is part of /" and "406GB > 100GB"

Tip : You have an option on the CHAI™ UI to delete the files copied at /opt partition once the docker container is successfully built. You can use this option to make sure that the required space is always available.

CHAI™ uses /opt partition for its operation. Please allow the executable permissions to the folder. Verify it as follows on the Build Box.

[ssh-user@Build Box ~]$ ls -ltr /opt
drwxr-xr-x  9 root         testdir  288 Sep 27  2016 X11    

"x" is required which ensures the execute permission.
"d" is required which ensures that it is a directory.

Privilege Access¶

You account used for connection between CHAI™/Host machine and Build Box ( 'ubuntu' for example ) must have privilege access.

Below line can be added to /etc/sudoers for allowing connecting user to communicate without password certain commands. Please update the path for system commands like env, md5sum, etc.

ubuntu ALL=(ALL) NOPASSWD: /usr/bin/env, /usr/bin/md5sum, /usr/bin/cp, /usr/bin/mv, /opt/.ch-tools/*/*, /usr/bin/docker, /usr/bin/echo, /usr/bin/cat, /usr/bin/base64, /usr/bin/mkdir, /usr/bin/chmod -R 775 /opt/.ch-tools, /bin/chmod -R 775 /opt/.ch-tools/data, /bin/chown -R ubuntu\: /home/ubuntu/.ch-*,/bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*/*/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*/*,/bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*, /bin/chown -R ubuntu\: /opt/.ch-tools, /bin/chown -R ubuntu\: /opt/.ch-tools/data, /bin/chown ubuntu\: /home/ubuntu/.ch-*,/opt/.ch-tools/*/*/*/*/*/*/*/*, /bin/chmod -R 775 /opt/.ch-tools/*, /bin/chmod 755 /opt/.ch-tools/*/*

SSHD server¶

The ssh server (sshd) must be running on the Build Box. Verify it as follows on the Build Box.

[ssh-user@host ~]$ ps ax | grep <sshd or openssh or equivalent>

Connection Method¶

CHAI™ and Host machine authenticates with the Build Box using the following 2 methods over ssh,

Username and ssh key
Username and password

The data transfer between Host machine and Build Box is over ssh using rsync.

Docker¶

Docker community edition version 18 or higher must be installed on Build Box. Verify it as follows on the Build Box.

[ssh-user@Build Box ~]$ docker version
Client: Docker Engine - Community
 Version:           19.03.1

If not, you can refer to Docker's Official Documentation.

For reference, visit the link to install the Docker.

Docker Overlay setting¶

'Native Overlay Diff' flag must be set as true for the images to be created properly. Verify it as follows on the Build Box.

docker info | grep Diff
Native Overlay Diff: true

If it is set as false, please run the following command as root and set it as true. Please note the docker deamon needs to be restarted for this to take effect (already included in the command)

modprobe -r overlay && modprobe overlay redirect_dir=on && systemctl restart docker

Disable SELinux¶

Make sure SELinux is disabled on the Build Box. To disable please follow the below command.

$ sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux && cat /etc/sysconfig/selinux
$ setenforce 0
$ sestatus

RequireTTY¶

Disable requiretty for connecting user from remote machine to Build Box. If set, sudo will only run when You is logged in to a real terminal and not via other means such as cron, cgi-bin or ssh scripts. Since CHAI™ connects to the build Box remotely without a real terminal, this flag must be disabled. This flag is off by default. Below line can be added to /etc/sudoers file.

Defaults:ubuntu    !requiretty

Base Container Images Availability¶

The application container images are built using the standard images (e.g Ubuntu) as base. These base images are fetched from either the public/private docker repository over internet at run time or used from the locally available images on the build box. Please ensure that

The public/private docker repository is accessible from Build Box to download the base container image at run time without any authentication.
Or Pre-download the base container image on Build Box in case of public/private repository requires authentication.

Uploading Docker Containers To Container Repository¶

If the docker container images are to be uploaded to publc repository like ECR, DockerHub please make sure that the internet access is enabled between Build Box and container repository.

Uploading to AWS ECR¶

If the image is to be pushed to ECR, aws-cli should be installed. Install the aws cli version 1 using the Link. After successful installation verify it as follows on the Build Box.

[ssh-user@Build Box ~]$ sudo su -
[ssh-user@Build Box ~]$ aws --version
aws-cli/1.18.100 Python/2.7.17 Linux/4.18.0-193.el8.x86_64 botocore/1.17.23

Tip : If you cannot fetch the output of above command then, add the below line to "~/.bashrc" file and save it. It will get aws binary in the path.

export PATH=$PATH:$HOME/bin:/usr/local/bin

Tip : Please make sure that repository to which docker images are be pushed is already pre-created on AWS ECR.